Cybersecurity through the lens of Digital Identity and Data Protection: Issues and Trends

The use of a secure and robust digital identification system that is capable of protecting privacy is an essential, reliable and user-friendly element for a strong cyber resilience strategy and is a source of new business opportunities and applications for banks, private sector with a return on their investment.The march towards Digital Identity is well underway therefore, focus should be on both adoption and adaption of the new structures and regulations. These are needed to govern the associated services and transactions as well as establishing laws that enforce penalties for violations.There is no doubt then that more and more entities and institutions would move to the cloud. Security challenges affecting the cloud may not be new but the mode of addressing them would be different. The authors develop a Data Colouring technique for securing data processed or stored on both cloud and non-cloud platforms. The technique combines Public Key Infrastructure (PKI), concatenated fingerprints and digital watermarking. Using this technique, data can be secured at creation or during storage and remains secure during processing.     

基于可信计算构筑物联网安全边界

近年来，中国物联网政策支持力度不断加大，技术创新成果接连涌现，各领域应用持续深化，产业规模保持快速增长。本论文以物联网接入边界为切入点，探讨了物联网安全接入问题的解决方案。设计了基于可信计算3.0的物联网可信网关，以及安全管理中心，构建了可信的物联网安全边界接入系统。为各种异构物联网终端设备提供了安全屏障，隔绝了针对于物联网设备的网络安全威胁。     

Secure lightweight password authenticated key exchange for heterogeneous wireless sensor networks

Several three-party password authenticated key exchange (3-PAKE) protocols have recently been proposed for heterogeneous wireless sensor networks (HWSN). These are efficient and designed to address security concerns in ad-hoc sensor network applications for a global Internet of Things framework, where a user may request access to sensitive information collected by resource-constrained sensors in clusters managed by gateway nodes. In this paper we first analyze three recently proposed 3-PAKE protocols and discuss their vulnerabilities. Then, based on Radio Frequency Identification technologies we propose a novel 3-PAKE protocol for HWSN applications, with two extensions for additional security features, that is provably secure, efficient and flexible.     

A blockchain-based audit approach for encrypted data in federated learning

The development of data-driven artificial intelligence technology has given birth to a variety of big data applications. Data has become an essential factor to improve these applications. Federated learning, a privacy-preserving machine learning method, is proposed to leverage data from different data owners. It is typically used in conjunction with cryptographic methods, in which data owners train the global model by sharing encrypted model updates. However, data encryption makes it difficult to identify the quality of these model updates. Malicious data owners may launch attacks such as data poisoning and free-riding. To defend against such attacks, it is necessary to find an approach to audit encrypted model updates. In this paper, we propose a blockchain-based audit approach for encrypted gradients. It uses a behavior chain to record the encrypted gradients from data owners, and an audit chain to evaluate the gradients’ quality. Specifically, we propose a privacy-preserving homomorphic noise mechanism in which the noise of each gradient sums to zero after aggregation, ensuring the availability of aggregated gradient. In addition, we design a joint audit algorithm that can locate malicious data owners without decrypting individual gradients. Through security analysis and experimental evaluation, we demonstrate that our approach can defend against malicious gradient attacks in federated learning.     

Development of highly photoluminescent electrospun nanofibers for dual-mode secure authentication

The photochromic phenomenon has been recently used as a fascinating technology in the development of highly efficient anti-counterfeiting materials with dual-mode security encoding of concurrent photochromism and fluorescence emission. Herein, we successfully developed lanthanide-doped aluminate nanoparticles (LAN)/polystyrene (PS) electrospun nanofibers as novel secure authentication films. Different ratios of lanthanide-doped aluminate nanoparticles were mixed with polystyrene-based copolymer solutions in N,N-dimethylformamide (DMF) and subjected to electrospinning to afford photochromic and fluorescent nanofibers. The generated electrospun nanofibers demonstrated a narrow diameter distribution, a smooth surface and well-defined morphological properties. The produced smart nanofibers were applied onto cellulose paper sheets to demonstrate a dual-mode secure strategy with a simple and rapid authentication. LAN was prepared in the nano-scale for better dispersion in PS, which guarantee the formation of transparent films. LAN was studied by transmission electron microscope (TEM) and X-ray diffraction (XRD). LAN displayed diameters of 5–12 nm. On the other hand, the fibrous diameters of LAN-PS samples were studied by scanning electron microscopy (SEM) to indicate diameters of 200–300 nm. The induced security marking was invisible (363 nm) under visible daylight turning into visible green (520 nm) color under ultraviolet irradiation demonstrating a bathochromic shift. Both excitation and emission displayed high intensities. The security marking was fully reversible under ultraviolet/visible irradiation cycles without fatigue. Those advantageous properties could be attributed to the high surface area of the chromogenic nanofibrous films to result in high absorption of light leading to strong optical dual-mode photo-responsiveness. The generated LAN-PS hybrid films showed improved hydrophobic properties with increasing LAN. The nanofibers showed transparency, stretchability and flexibility. The present strategy can be reported as an efficient technology to develop many anti-counterfeiting products toward a better market with social and economic values to avoid fake products.     

基于SM4算法的移动终端接入车间信息系统的安全性设计与验证

网络化的车间信息远程控制带给用户便捷的同时伴随着安全隐患,为了杜绝移动终端接入车间信息系统通信过程可能存在的潜在威胁,针对移动终端接入车间信息系统可能存在的安全问题,设计了身份认证、访问控制、异常行为检测、黑白名单过滤和接入审核的安全机制,并建立一个3层信息安全控制系统。经测试结果表明,设计的安全机制有效地提高了车间信息系统移动终端接入的安全性,可阻止针对移动终端接入车间信息系统可能存在的恶意攻击。     

基于信息熵抑制的大数据特征隐匿性加密仿真

针对传统大数据特征加密方法中大数据精度较差、加密耗时较长的问题,提出基于信息熵抑制的大数据特征隐匿性加密方法。分析信息熵抑制相关理论,采用信息熵映射函数对大数据分类,将信息熵抑制过程转化为计算2个文件相似性的过程,并根据余弦相似度公式以及Hamming距离值计算数据相似度,完成数据消冗。在完成数据消冗的基础上,分析分组密码方法和ECC加密方法,结合两种方法得到大数据特征隐匿性加密处理计算公式,实现基于信息熵抑制的大数据特征隐匿性加密。实验研究结果表明,所提方法能够有效去除冗余数据,提升大数据精度,加快数据加密的处理速度,高效完成大数据加密过程。     

基于Simhash的安全密文排序检索方案

针对密文检索中存在的计算量大、检索效率不高的问题，提出一种基于Simhash的安全密文排序检索方案。该方案基于Simhash的降维思想构建安全多关键词密文排序检索索引（SMRI），将文档处理成指纹和向量，利用分段指纹和加密向量构建B+树，并采用"过滤-精化"策略进行检索和排序，首先通过分段指纹的匹配进行快速检索，得到候选结果集；然后通过计算候选结果集与查询陷门的汉明距离和向量内积进行排序，带密钥的Simhash算法和安全k近邻（SkNN）算法保证了检索过程的安全性。实验结果表明，与基于向量空间模型（VSM）的方案相比，基于SMRI的排序检索方案计算量小，能节约时间和空间成本，检索效率高，适用于海量加密数据的快速安全检索。     

Secure searching on cloud storage enhanced by homomorphic indexing

Enterprise cloud tenants would store their outsourced cloud data in encrypted form for data privacy and security. However, flexible data access functions such as data searching is usually sacrificed as a result. Thus, enterprise tenants demand secure data retrieval and computation solution from the cloud provider, which will allow them to utilize cloud services without the risks of leaking private data to outsiders and even service providers.In this paper, we propose an exclusive-or (XOR) homomorphism encryption scheme to support secure keyword searching on encrypted data for cloud storage. First, this scheme specifies a new data protection method by encrypting the keyword and randomizing it by performing XOR operation with a random bit-string for each session to protect access pattern leakage; Secondly, the homomorphic evaluation key enables the searching evaluation to be on-demand calculated, thus it removes the dependency of key storage on cloud and enhance protection against cloud’s violability; Thirdly, this scheme can effectively protect data-in-transit against passive attack such as access pattern analysis due to the randomization. This scheme also can reduce data leakage to service provider because the homomorphism-key solution instead of key storage on cloud. The above three features have been proved by the experiments and further tested out at Email service which can support secure subject searching. The execution time of one searching process is just in the order of milliseconds. We could get 2–3 times speedup compared to default utility grep with the concern of expensive one-time indexing which can be built off-line in advance.     

Efficient and secure identity-based encryption scheme with equality test in cloud computing

Efficient searching on encrypted data outsourced to the cloud remains a research challenge. Identity-based encryption with equality test (IBEET) scheme has recently been identified as a viable solution, in which users can delegate a trapdoor to the server and the server then searches on user outsourced encrypted data to determine whether two different ciphertexts are encryptions of the same plaintext. Such schemes are, unfortunately, inefficient particularly for deployment on mobile devices (with limited power/battery life and computing capacity). In this paper, we propose an efficient IBEET scheme with bilinear pairing, which reduces the need for time-consuming HashToPoint function. We then prove the security of our scheme for one-way secure against chosen identity and chosen ciphertext attacks (OW–ID–CCA) in the random oracle model (ROM). The performance evaluation of our scheme demonstrates that in comparison to the scheme of Ma (2016), our scheme achieves a reduction of 36.7% and 39.24% in computation cost during the encryption phase and test phase, respectively, and that our scheme is suitable for (mobile) cloud deployment.