Secure and reliable data communication in developing regions and rural areas

Nowadays, despite the ever increasing need of people for staying “connected” at any time and everywhere, in many areas of the world data connection is extremely expensive or even absent. The Global System for Mobile Communication (GSM) network virtually covers all the populated areas of the world and on average, the entire world population have a handheld device capable of accessing at least the GSM services. Therefore, it makes sense to consider the Short Message Service (SMS) as the most popular wireless data service for such devices. In this work, we exploit the SMS as mechanism for data transfer, especially in scenarios where there is no other network coverage than GSM, such as in rural areas and developing regions. In particular, we propose a framework, based on the SMS as transport facility, which enables secure end-to-end data communication in a ubiquitous and pervasive manner. Moreover, we investigated how, by using compression techniques, the overall processing and transmission efforts needed for secure data communication can be effectively reduced, with the obvious consequences also in terms of energy consumption on the involved devices. Finally, we successfully tested the effectiveness of the proposed framework within the context of a proof of concept implementation.     

网络安全威胁因素及其常见网络安全技术分析

社会经济的快速发展促进了科学技术水平的显著提升，社会生产生活各个领域当中对计算机网络的应用程度不断提升，当前，网络已经成为了人们日常生活与工作的重要组成部分。为此，加强对网络安全等因素影响研究就显得格外重要。网络环境关系着用户的使用质量，更加影响人们的工作效率，加强对网络安全技术的研究时解决相关问题的核心内容。本文针对网络安全威胁因素以及常见的网络安全技术进行了简要分析。     

A Privacy-Preserving Attribute-Based Reputation System in Online Social Networks

Online social networks (OSNs) have revolutionarily changed the way people connect with each other. One of the main factors that help achieve this success is reputation systems that enable OSN users to ...     

Low complexity quantum private queries protocol

Private information retrieval(PIR) is an important privacy protection issue of secure multi-party computation, but the PIR protocols based on classical cryptography are vulnerable because of new technologies,such as quantum computing and cloud computing. The quantum private queries(QPQ) protocols available, however, has a high complexity and is inefficient in the face of large database. This paper, based on the QKD technology which is mature now, proposes a novel QPQ protocol utilizing the key dilution and auxiliary parameter. Only N quits are required to be sent in the quantum channel to generate the raw key, then the straight k bits in the raw key are added bitwise to dilute the raw key, and a final key is consequently obtained to encrypt the database. By flexible adjusting of auxiliary parameters θ and k, privacy is secured and the query success ratio is improved. Feasibility and performance analyses indicate that the protocol has a high success ratio in first-trial query and is easy to implement, and that the communication complexity of O(N) is achieved.     

Compensation paradox: the influence of monetary rewards on user behaviour

Many e-commerce companies collect users’ personal data for marketing purposes despite privacy concerns. Information-collecting companies often offer a monetary reward to users to alleviate privacy concerns and ease the collection of personal information. This study focused on the negative effects of monetary rewards on both information privacy concerns (IPC) and information disclosure. A survey approach was used to collect data and 370 final responses were analysed using a two-way analysis of variance and a binomial logistic regression model. The results show that monetary rewards increase IPC when an information-collecting company requires sensitive information. Additional results indicate that building trust is a more effective way of collecting personal data. This study identifies how organisations can best execute information-collection activities and contributes additional insights for academia and practitioners.     

PMU based voltage security assessment of power systems exploiting principal component analysis and decision trees

The need for feature selection and dimension reduction is felt as a fundamental step in security assessment of large power systems in which the number of features representing the state of power grids dramatically increases. These large amounts of attributes are not proper to be used for computational intelligence (CI) techniques as inputs, because it may lead to a time consuming procedure with insufficient results and they are not suitable for on-line purposes and updates.This paper proposes a combined method for an online voltage security assessment in which the dimension of the token data from phasor measurement units (PMUs) is reduced by principal component analysis (PCA). Then, the features with different stability indices are put into several categories and feature selection is done by correlation analysis in each category. These selected features are then given to decision trees (DTs) for classification and security assessment of power systems.The method is applied to 39-bus test system and a part of Iran power grid. It is seen from the results that the DTs with reduced data have simpler splitting rules, better performance in saving time, reasonable DT error and they are more suitable for constant updates.     

Integrated smart grid systems security threat model

The smart grid (SG) integrates the power grid and the Information and Communication Technology (ICT) with the aim of achieving more reliable and safe power transmission and distribution to the customers. Integrating the power grid with the ICT exposes the SG to systems security threats and vulnerabilities that could be compromised by malicious users and attackers. This paper presents a SG systems threats analysis and integrated SG Systems Security Threat Model (SSTM). The reference architecture of the SG, with its components and communication interfaces used to exchange the energy-related information, is integrated with the results of SG systems security threat analysis to produce a comprehensive, integrated SG SSTM. The SG SSTM in this paper helps better depict and understand the vulnerabilities exploited by attackers to compromise the components and communication links of the SG. The SG SSTM provides a reference of the systems security threats for industrial security practitioners, and can be used for design and implementation of SG systems security controls and countermeasures.     

电信运营商信息安全管控架构及集中策略研究

本文对运营商信息安全集中管控架构演进和信息安全管控策略面临的问题进行了深入分析，提出了信息安全集中管控架构的演进方向建议及对信息安全监控策略工作优化的若干意见。     

面向云计算应用层演化的隐私保护方法研究

云计算应用层中的组合服务具有演化属性,因此,隐私数据在服务组合过程中,用户的隐私数据可能会因为服务或服务流程的演化而暴露。根据服务演化的特征,以描述逻辑为基础,提出了一种面向云计算应用层演化的隐私保护方法。对隐私协议进行形式化描述;根据服务的演化特征,对服务的演化进行监控,保证满足用户的隐私需求;利用实例研究证明该方法的正确性与可行性。     

基于边缘和局部熵融合的视觉安全性评估方法

针对基于局部熵进行加密图像视觉安全性评估存在块效应的局限性，引入图像的边缘特征，通过共有边缘来衡量加密图像与原始图像的边缘相似度，消除了块效应。由于局部熵对加密等级低的图像不敏感，边缘相似度对加密等级高的图像不敏感，将两个评估方法进行自适应融合，提出[SLEES]（Local Entropy and Edge Similarity，[SLEES]）指标。通过改变图像像素位置和图像像素值的加密方式处理图像和视频帧进行测试，实验结果表明，[SLEES]指标相比传统评估指标有更好的鲁棒性，评估范围更广。