共查询到19条相似文献,搜索用时 140 毫秒
1.
2.
3.
身份认证是云计算安全应用的挑战之一。针对Hadoop医学影像数据平台,提出改进的双服务器模型,并采用基于三角形原则的密码存储方法存储口令。其次,在该模型的基础上提出基于可信第三方的云存储架构。安全分析表明:基于双服务器模型的身份认证机制能够一定程度上改善口令认证的不足,加强口令存储安全,基于可信第三方的云存储架构能够实现用户信息管理和数据存储的分离,保护用户隐私。两者有机结合加强了医学影像平台的身份认证安全,防止攻击者访问云平台,窃取Dicom数据用于非法途径。 相似文献
4.
为了提高移动网络中心云计算存储数据访问和安全监测能力,提出一种基于深度学习和交叉编译控制的移动网络中心云计算存储数据访问安全自动监测系统设计方法。采用混合属性数据模糊加权聚类方法进行移动网络中心云计算存储数据的优化访问控制模型设计,根据云计算存储数据之间的属性相似度进行离散化数值属性分解,提取移动网络中心云计算存储数据的混合属性特征量,根据最小化云存储数据访问成本为代价进行移动网络中心云计算存储数据访问的安全监测。结合深度学习方法进行数据访问的自适应控制,在交叉编译环境下实现云计算存储数据访问安全自动监测系统开发设计。测试结果表明,采用该方法进行移动网络中心云计算存储数据访问的安全性较好,自动化控制能力较强。 相似文献
5.
随着云计算技术的广泛应用,人们越来越关注安全和隐私问题。由于云端是第三方服务器,并非完全可信,数据属主需要将数据加密后再托管云存储。如何实现对加密数据的高效访问控制是云计算技术亟需解决的问题。结合Hadoop云平台、基于属性与固定密文长度的加密方案提出并实现了一种在Hadoop云环境下基于属性和固定密文长度的层次化访问控制模型。该模型不仅具有固定密文长度、层次化授权结构、减少双线性对计算量的特点;同时经过实验验证,该模型能够实现云计算环境下对加密数据的高效访问控制,并解决了云存储空间有限的问题。 相似文献
6.
针对基于Hadoop的遥感影像数据云存储平台存在的认证机制不完善、访问控制过于简单等安全问题,采用Kerberos认证结合令牌认证的身份认证机制,提出了基于用户属性与遥感影像数据属性的多维细粒度访问控制策略,达到了完善平台认证机制和增强平台访问控制的目的.实验结果证明,提出的身份认证机制和访问控制策略能有效增强遥感影像数据云存储平台的安全防护能力,且对平台性能影响很小. 相似文献
7.
梁爽 《计算机测量与控制》2019,27(8):276-280
摘 要: 针对云计算环境中的数据访问,不仅要确保合法用户能快速访问到数据资源,而且要保证非法用户的访问权限受限,合理解决信任域内部的威胁以解决云计算技术带来的数据安全等问题,提出了一种能有效实现数据跨域访问的CDSSM模型,通过设置代理者Agent,首先区分首次跨域安全身份认证和重复跨域安全认证,巧妙优化了数据跨域安全身份认证的流程,然后通过充分利用身份认证中消息加密的密钥,将数据分块加密存储,最后有效的解决了域内的安全威胁,保证了用户数据的安全性。最后,笔者实现了CDSSM模型,实验表明本方案中的密钥不可伪造,可有效避免重放攻击,重复跨域身份认证的效率在50%以上,100MB以下文件的读写性能较好,大大提高了数据存储在云端的可靠性和安全认证的有效性。 相似文献
8.
9.
10.
11.
云存储是未来存储业务的发展方向,数据安全是云存储客户的首要关切.密文策略属性加密(CP-ABE)算法允许数据拥有者将访问策略嵌入密文中,并结合数据访问者的密钥实施访问控制,特别适合云存储环境,但CP-ABE不支持与时间相关的访问控制.本文提出基于时释性加密的CP-ABE方案,通过在CP-ABE中融入时释性加密(TRE)机制来实现带有时间控制的密文共享,允许数据拥有者基于用户属性和访问时间制定更加灵活的访问策略.论文通过安全分析表明,该方案能够抵抗来自用户、云存储平台和授权机构的非法访问、非法用户的串谋攻击以及选择明文攻击. 相似文献
12.
13.
Cloud computing is a collection of distributed storage Network which can provide various services and store the data in the efficient manner. The advantages of cloud computing is its remote access where data can accessed in real time using Remote Method Innovation (RMI). The problem of data security in cloud environment is a major concern since the data can be accessed by any time by any user. Due to the lack of providing the efficient security the cloud computing they fail to achieve higher performance in providing the efficient service. To improve the performance in data security, the block chains are used for securing the data in the cloud environment. However, the traditional block chain technique are not suitable to provide efficient security to the cloud data stored in the cloud. In this paper, an efficient user centric block level Attribute Based Encryption (UCBL-ABE) scheme is presented to provide the efficient security of cloud data in cloud environment. The proposed approach performs data transaction by employing the block chain. The proposed system provides efficient privacy with access control to the user access according to the behavior of cloud user using Data Level Access Trust (DLAT). Based on DLAT, the user access has been restricted in the cloud environment. The proposed protocol is implemented in real time using Java programming language and uses IBM cloud. The implementation results justifies that the proposed system can able to provide efficient security to the data present in and cloud and also enhances the cloud performance. 相似文献
14.
15.
移动云计算对于移动应用程序来说是一种革命性的计算模式,其原理是把数据存储及计算能力从移动终端设备转移到资源丰富及计算能力强的云服务器.但是这种转移也引起了一些安全问题,例如,数据的安全存储、细粒度访问控制及用户的匿名性.虽然已有的多授权机构属性基加密云存储数据的访问控制方案,可以实现云存储数据的保密性及细粒度访问控制;但其在加密和解密阶段要花费很大的计算开销,不适合直接应用于电力资源有限的移动设备;另外,虽然可以通过外包解密的方式,减少解密计算的开销,但其通常是把解密外包给不完全可信的第三方,其并不能完全保证解密的正确性.针对以上挑战,本文提出了一种高效的可验证的多授权机构属性基加密方案,该方案不仅可以降低加密解密的计算开销,同时可以验证外包解密的正确性并且保护用户隐私.最后,安全分析和仿真实验表明了方案的安全性和高效性. 相似文献
16.
针对现有云存储的数据和访问控制的安全性不高,从而造成用户存储的敏感信息被盗取的现象,结合现有的基于密文策略属性加密(CP-ABE)方案和数据分割的思想,提出了一个基于混合云的高效数据隐私保护模型。首先根据用户数据的敏感程度将数据合理分割成不同敏感级别的数据块,将分割后的数据存储在不同的云平台上,再根据数据的安全级别,进行不同强度的加密技术进行数据加密。同时在敏感信息解密阶段采取“先匹配后解密”的方法,并对算法进行了优化,最后用户进行一个乘法运算解密得到明文。在公有云中对1 Gb数据进行对称加密,较单节点提高了效率一倍多。实验结果表明:该方案可以有效保护云存储用户的隐私数据,同时降低了系统的开销,提高了灵活性。 相似文献
17.
为确保当前区块链数据共享机制中的隐私保护及数据安全,受属性基加密技术能够有效实现云上数据安全共享与访问控制的启发,提出了基于属性基加密的区块链数据共享模型.该模型基于Waters所提出的密文策略属性基加密(CP-ABE)方案,首先,在私钥生成阶段,数据使用方委托多个节点参与联合计算并存储部分私钥,其他数据使用者则不可获取完整密钥,从而提升了私钥的生成效率;其次,为防止密钥滥用及算法中参数的管理,定义了一种密钥传递事务数据结构,实现了CP-ABE算法的可追责性;最后,通过构建具有链上链下协同计算与存储功能的共享链,实现了属性基加密与区块链系统的有效融合.安全性分析和实验仿真结果表明,所提模型在密钥生成计算效率和实际业务场景方面有一定的优化,满足工程应用的需要. 相似文献
18.
Cloud storage is an incipient technology in today’s world. Lack of security in cloud environment is one of the primary challenges faced these days. This scenario poses new security issues and it forms the crux of the current work. The current study proposes Secure Interactional Proof System (SIPS) to address this challenge. This methodology has a few key essential components listed herewith to strengthen the security such as authentication, confidentiality, access control, integrity and the group of components such as AVK Scheme (Access List, Verifier and Key Generator). It is challenging for every user to prove their identity to the verifier who maintains the access list. Verification is conducted by following Gulliou-Quisquater protocol which determines the security level of the user in multi-step authentication process. Here, RSA algorithm performs the key generation process while the proposed methodology provides data integrity as well as confidentiality using asymmetric encryption. Various methodological operations such as time consumption have been used as performance evaluators in the proposed SIPS protocol. The proposed solution provides a secure system for firm data sharing in cloud environment with confidentiality, authentication and access control. Stochastic Timed Petri (STPN) Net evaluation tool was used to verify and prove the formal analysis of SIPS methodology. This evidence established the effectiveness of the proposed methodology in secure data sharing in cloud environment. 相似文献
19.
Cloud computing belongs to a set of policies, protocols, technologies through which one can access shared resources such as storage, applications, networks, and services at relatively low cost. Despite the tremendous advantages of cloud computing, one big threat which must be taken care of is data security in the cloud. There are a dozen of threats that we are being exposed to while availing cloud services. Insufficient identity and access management, insecure interfaces and Applications interfaces (APIs), hijacking, advanced persistent threats, data threats, and many more are certain security issues with the cloud platform. APIs and service providers face a huge challenge to ensure the security and integrity of both network and data. To overcome these challenges access control mechanisms are employed. Traditional access control mechanisms fail to monitor the user operations on the cloud platform and are prone to attacks like IP spoofing and other attacks that impact the integrity of the data. For ensuring data integrity on cloud platforms, access control mechanisms should go beyond authentication, identification, and authorization. Thus, in this work, a trust-based access control mechanism is proposed that analyzes the data of the user behavior, network behavior, demand behavior, and security behavior for computing trust value before granting user access. The method that computes the final trust value makes use of the fuzzy logic algorithm. The trust value-based policies are defined for the access control mechanism and based on the trust value outcome the access control is granted or denied. 相似文献