Secure and privacy preserving keyword searching for cloud storage services

Cloud storage services enable users to remotely access data in a cloud anytime and anywhere, using any device, in a pay-as-you-go manner. Moving data into a cloud offers great convenience to users since they do not have to care about the large capital investment in both the deployment and management of the hardware infrastructures. However, allowing a cloud service provider (CSP), whose purpose is mainly for making a profit, to take the custody of sensitive data, raises underlying security and privacy issues. To keep user data confidential against an untrusted CSP, a natural way is to apply cryptographic approaches, by disclosing the data decryption key only to authorized users. However, when a user wants to retrieve files containing certain keywords using a thin client, the adopted encryption system should not only support keyword searching over encrypted data, but also provide high performance. In this paper, we investigate the characteristics of cloud storage services and propose a secure and privacy preserving keyword searching (SPKS) scheme, which allows the CSP to participate in the decipherment, and to return only files containing certain keywords specified by the users, so as to reduce both the computational and communication overhead in decryption for users, on the condition of preserving user data privacy and user querying privacy. Performance analysis shows that the SPKS scheme is applicable to a cloud environment.     

Split keyword fuzzy and synonym search over encrypted cloud data

Multimedia Tools and Applications - A substitute solution for various organizations of data owners to store their data in the cloud using storage as a service(SaaS). The outsourced sensitive data...     

面向企业私有云的数据安全保护方法研究

针对现有企业私有云面临的数据安全存储和完整性校验问题,提出一种新的数据线性加扰混合加密保护方法。首先在数据加密之前进行数据细粒度和线性分割线划分;其次,分别对分割后的子数据块进行数据加扰处理;最后使用国产密码算法对加扰数据块进行混合加密和完整性校验。将所提出的算法与SM4和SM2加密算法进行比较,并通过实验分别对算法的正确性、加密文件类型、加/解密效率和安全性进行评估。实验结果表明,相对于另外两种加密算法,提出的算法在兼顾加/解密效率的同时安全性得到大幅度提升。     

云存储中基于属性的关键词搜索加密方案研究

为保证云端敏感数据安全性的同时提高数据共享效率,提出了一种安全、灵活、高效的基于属性的关键词搜索加密方案。方案中设计了一种需要数据拥有者私钥参与的索引生成机制抵抗关键词猜测攻击,基于线性秘密共享访问结构描述用户的搜索权限,支持一对多应用场景,借鉴连接子集关键词搜索技术和在线/离线思想提高搜索的灵活性和效率。理论分析与实验评估结果表明,该方案具有较高的效率。     

基于私有云和物理机的混合型大数据平台设计及实现

大数据分析技术的广泛应用离不开大数据平台的支撑,构建大数据平台已经是很多企业和机构的重要需求。构建大数据平台需要复杂的系统性的技术,特别是需要考虑系统性能和可扩展性两方面需求。随着数据体量不断增大、用户需求不断增多,规划时的数据平台规模很可能不能满足不断变化的需求。因此,设计了一种混合的大数据平台架构:混合使用物理服务器和私有云云主机的大数据平台。这样就兼顾了性能和可扩展性:由于物理服务器性能一般要高于云上的虚拟机,所以构建在物理服务器上的大数据平台,性能一般要好于构建在私有云上大数据平台;从私有云上启动云服务器非常方便、快捷,所以大数据平台的计算和存储结点可以动态弹性地扩容到私有云上,从而保证高峰期的时候大数据平台仍然可以有充足的处理能力。在生产环境实现了这种混合型设计,在生产环境中的测试也表明了这种设计的有效性。     

基于云计算的定向搜索监控研究

传统的搜索引擎不能代替用户实行实时监控,为了解决这个问题,提出了定向搜索监控技术,用户可以根据自己的需求定制任务,包括指定搜索范围和搜索主题,系统按用户定义周期监控,并将结果及时主动地反馈给用户。以Google云平台Google App Engine作为开发平台,利用其提供的多项云服务,有效地解决了计划任务管理、多任务触发以及高并发等问题。重写了通用网络爬虫,通过算法改进提出了定向网络爬虫模型,定向网络爬虫与云端强大的服务器相结合,极大地缩短了爬行时间,提高了搜索监控效率。云平台和搜索监控技术的结合是平台即服务思想的一次成功实验。     

基于整合概率数据关联的最优传感器序列研究

研究多传感器跟踪系统中传感器处理序列优化问题．首先根据多传感器跟踪系统中多传感器信息的处理特点,提出了基于有限随机集的序列整合概率数据关联（IPDA）滤波算法;然后,通过分析序列IPDA算法中目标生存概率的均值函数,证明了在不同传感器检测概率的多传感器系统中,目标生存概率仅依赖于传感器序列中第1个传感器,并随其检测概率的增大而增大．仿真实验验证了所得结论．     

Privacy-preserving conjunctive keyword search on encrypted data with enhanced fine-grained access control

Cloud storage over the internet gives opportunities for easy data sharing. To preserve the privacy of sharing data, the outsourced data is usually encrypted. The searchable encryption technique provides a solution to find the target data in the encrypted form. And the public-key encryption with keyword search is regarded as a major approach for the searchable encryption technique. However, there are still several privacy leakage challenges for the further adoption of these major schemes. One is how to resist the keyword guessing attack which still leaks data user’s keywords privacy. Another is how to construct the access control policy to prevent illegal access of outsourced data sharing since illegal access always leak the privacy of user’s attribute. In our paper, we firstly try to design a novel secure keyword index to resist the keyword guessing attack from access pattern and search pattern. Second, we propose an attribute-based encryption scheme which supports an enhanced fine-grained access control search. This allows the authenticated users to access different data although their searching request contains the same queried keywords, and meanwhile unauthenticated users cannot get any attribute privacy information. Third, we give security proofs to show that the construction of keyword index is against keyword guessing attack from the access pattern and search pattern, and our scheme is proved to be IND-CPA secure (the indistinguishability under chosen plaintext attack) under the standard model. Finally, theoretical analyses and a series of experiments are conducted to demonstrate the efficiency of our scheme.

     

Determination of ice cloud models using MODIS and MISR data

Representation of ice clouds in radiative transfer simulations is subject to uncertainties associated with the shapes and sizes of ice crystals within cirrus clouds. In this study, we examined several ice cloud models consisting of smooth, roughened, homogeneous and inhomogeneous hexagonal ice crystals with various aspect ratios. The sensitivity of the bulk scattering properties and solar reflectances of cirrus clouds to specific ice cloud models is investigated using the improved geometric optics method (IGOM) and the discrete ordinates radiative transfer (DISORT) model. The ice crystal habit fractions in the ice cloud model may significantly affect the simulations of cloud reflectances. A new algorithm was developed to help determine an appropriate ice cloud model for application to the satellite-based retrieval of ice cloud properties. The ice cloud particle size retrieved from Moderate Resolution Imaging Spectroradiometer (MODIS) data, collocated with Multi-angle Imaging Spectroradiometer (MISR) observations, is used to infer the optical thicknesses of ice clouds for nine MISR viewing angles. The relative differences between view-dependent cloud optical thickness and the averaged value over the nine MISR viewing angles can vary from??0.5 to 0.5 and are used to evaluate the ice cloud models. In the case for 2 July 2009, the ice cloud model with mixed ice crystal habits is the best fit to the observations (the root mean square (RMS) error of cloud optical thickness reaches 0.365). This ice cloud model also produces consistent cloud property retrievals for the nine MISR viewing configurations within the measurement uncertainties.     

Optimizing bag-of-tasks scheduling on cloud data centers using hybrid swarm-intelligence meta-heuristic

The Journal of Supercomputing - Usually, a large number of concurrent bag-of-tasks (BoTs) application execution requests are submitted to cloud data centers (CDCs), which needs to be optimally...     

基于NAS的私有云存储平台的设计与实现

随着大数据时代的到来与高速网络建设的快速推进,数据化网络资源共享已渗透到人们的日常工作、学习、生活当中。数据网络化储存、多人资源共享成为现代信息传播与保存的重要方式。但是,网络储存平台的安全性一直令使用者担忧。因此,各种各样的私有云储存平台孕育而生,为使用者提供相对独立的个人使用空间。经过长期的使用发现,传统的私有云存储平台虽然可以达到一定的安全性,但是,安全性只相对公共开放网盘而言。同时,存在多用户瞬时访问下协议拥堵、大数据交互节点回馈延迟高的问题。针对传统私有云的架构特点与问题产生原因,提出基于NAS的私有云存储平台的设计与实现方法。采用基于NAS的协议加密技术、多路访问优化单元、数据压缩单元对传统私有云存在的问题进行针对性解决。通过仿真实验证明,提出的基于NAS的私有云存储平台的设计与实现方法,具有数据储存安全性高、峰值状态下访问点网络畅通性好、数据网络传输交互率高、延迟小等优点。     

Multi-target tracking with hierarchical data association using main-parts and spatial-temporal feature models

Multimedia Tools and Applications - Multi-target tracking in complex scenes is challenging because target appearance features generate partial or significant variations frequently. In order to...     

云环境下一种基于数据分割的CP-ABE隐私保护方案

针对云计算隐私安全保护,提出了一种基于数据分割的CP-ABE(密文策略的基于属性的加密方案)隐私保护方案,克服了云环境下不可信第三方、安全性和性能开销的三大难题。本方案利用数据分割思想将数据分为大数据块和小数据块,通过分割策略对大数据块再进行分块,并用CP-ABE算法对小数据块进行加密。经理论分析及实验仿真表明,在云环境下,此方案在安全问题、开销问题及扩展问题上都有很大优势。     

Bounds on the sample complexity for private learning and private data release

Learning is a task that generalizes many of the analyses that are applied to collections of data, in particular, to collections of sensitive individual information. Hence, it is natural to ask what can be learned while preserving individual privacy. Kasiviswanathan et al. (in SIAM J. Comput., 40(3):793–826, 2011) initiated such a discussion. They formalized the notion of private learning, as a combination of PAC learning and differential privacy, and investigated what concept classes can be learned privately. Somewhat surprisingly, they showed that for finite, discrete domains (ignoring time complexity), every PAC learning task could be performed privately with polynomially many labeled examples; in many natural cases this could even be done in polynomial time. While these results seem to equate non-private and private learning, there is still a significant gap: the sample complexity of (non-private) PAC learning is crisply characterized in terms of the VC-dimension of the concept class, whereas this relationship is lost in the constructions of private learners, which exhibit, generally, a higher sample complexity. Looking into this gap, we examine several private learning tasks and give tight bounds on their sample complexity. In particular, we show strong separations between sample complexities of proper and improper private learners (such separation does not exist for non-private learners), and between sample complexities of efficient and inefficient proper private learners. Our results show that VC-dimension is not the right measure for characterizing the sample complexity of proper private learning. We also examine the task of private data release (as initiated by Blum et al. in STOC, pp. 609–618, 2008), and give new lower bounds on the sample complexity. Our results show that the logarithmic dependence on size of the instance space is essential for private data release.     

基于在线机制设计的私有云资源分配研究

针对企业内部处于随时来也可以随时走(coming on-the-fly)的动态环境中的私有云用户资源分配问题,首先构建了一个在线私有云拍卖框架,支持能够随来随走的不同用户的工作任务要求;其次提出了一个能保证参与用户能够报真实类型的在线机制,理论分析证明了该机制的占优策略激励兼容性质(DSIC),计算了该机制的竞争比;最后通过实验仿真表明了本机制的有效性。     

Privacy preserving and data transpiration in multiple cloud using secure and robust data access management algorithm

Nowadays, privacy preserving is playing important role in cloud computing where content based privacy is challengeable task in un-trusted cloud environment. Based on literature studies, the method has key complexities and access polices authentication issues. The system need to concentrate to bring strong encryption function and efficient key distribution polices to meet future challenges. The method need to address the real time application in cloud environments minimal computation cost, inherent defects in key management and flexible access control policy. Current approaches have still believe in user identity, mutual privacy and key agreement session wise among content owner, Trusted client, and cloud service provider. The Proposed work focused on designing a framework named Secure and Robust Data Access Management (SRDAM) Algorithm proposed to maintain enhanced privacy, secure data transportation, and data access managements. Proposed algorithm consolidates validating cloud service providers and after that considers the property necessity of cloud user and cloud service provider (CSP).Proposed SRDAM Algorithm reduces the 1.79 s Data uploading time (DUT), Data 1.80 s Downloading Time (DDT) and 11.02 s Communication Overhead (CO) for document, images and video for conventional methodologies.