共查询到20条相似文献,搜索用时 656 毫秒
1.
Service clouds built on cloud infrastructures and service-oriented architecture provide users with a novel pattern of composing basic services to achieve complicated tasks. However, in multiple clouds environment, outsourcing data and applications pose a great challenge to information flow security for the composite services, since sensitive data may be leaked to unauthorized attackers during service composition. Although model checking has been considered as a promising approach to enforce information flow security precisely, its high complexity on modeling and the heavy cost on verification cause great burdens to the process of service composition. In this paper, we propose a distributed approach to composing services securely with information flow control. In our approach, each service component is first verified through model checking, and then a compositional verification procedure is executed to ensure the information flow security along with the composition of these services. The experimental results indicate that our approach can reduce the cost of verification compared with the global verification approach. 相似文献
2.
随着云计算技术的迅猛发展,越来越多的企业和个人青睐使用私有云和公有云相结合的混合云环境,用于外包存储和管理其私有数据。为了保护外包数据的私密性,数据加密是一种常用的隐私保护手段,但这同时也使得针对加密数据的搜索成为一个具有挑战性的问题。文中提出了面向混合云的可并行的多关键词Top-k密文检索方案。该方案通过对文档、关键词分组进行向量化处理,并引入对称加密和同态矩阵加密机制,保护外包数据的私密性,同时支持多关键词密文检索;通过引入MapReduce计算模式,使得公有云和私有云合作完成的密文检索过程能够按照并行化方式执行,从而能够支持针对大规模加密数据的并行化检索。安全分析和实验结果表明,提出的检索方案能够保护外包数据的隐私,且其检索效率优于现有的同类方案。 相似文献
3.
4.
5.
云存储服务的出现可将文件上传至云服务器,节约了本地的信息存储空间以及管理开销。文件以明文的形式存储显然无法满足隐私保护和安全需求,但若将加密后的文件上传至云服务器,将失去搜索原文件的能力。因此,可搜索加密技术的出现解决了用户如何在文件不解密的情况下搜索加密数据。目前现有的单关键字可搜索加密方案会产生许多与检索内容不符合的信息,没有考虑数据用户细粒度搜索权限和搜索效率,以及因云存储的集中化带来的数据安全和隐私保护等问题。针对以上问题,该文提出了基于区块链的多关键字属性基可搜索加密方案。该方案使用多关键字可搜索加密技术实现了加密数据的有效搜索;利用基于属性的加密技术实现加密数据的细粒度访问控制;结合区块链的智能合约技术,经过多笔交易获得搜索结果。并且利用区块链的不可篡改性,满足了方案中相关性质的公平性,保证了在方案中三方的公平性和安全性并进行了相关分析。在随机预言机模型下,基于困难问题假设证明了方案的关键字安全及陷门安全,即所提方案满足在选择关键字攻击下的关键字密文不可区分性安全和陷门不可区分性安全。最后通过数值分析表明该方案在关键字密文生成阶段和关键字搜索阶段具有较高的效率。并展望了在未... 相似文献
6.
在大数据的分析中,当前方法对信息进行加密存储时,主要以线性微分求解对混合加密存储方法进行优化。在对密钥进行扩展的过程中,信息链路加密存储的信息出现非线性的突变,造成加密存储的信息安全性较低。鉴于此,提出一种基于超带宽的用户信息多重加密存储方法。利用混沌映射给用户信息增加反破解的保护外壳,以 达到大数据分析下用户信息多重加密的目的,克服了当前方法存在的弊端,降低了加密信息存储产生的非线性突变。利用超带宽多重加密存储技术对用户信息进行多重加密存储,有效地增强了加密存储信息的抗攻击性,提高了用户信息多重加密存储的安全性,完成了对基于大数据分析的用户信息多重加密存储技术的研究。实验结果表明,利用该方法进行信息的多重加密存储提高了信息的安全性。 相似文献
7.
丁璇 《计算机测量与控制》2021,29(3):252-257
由于现有智能机器人多传感信息加密控制方法多传感信息加密效率较高,导致安全时间较短;为了解决上述问题,基于区块链技术,研究了一种新的智能机器人多传感信息加密控制方法;通过信息位置源备份设置陷阱、信息路径伪装、网络匿名和信息通信控制实现位置传感信息加密,应用封装处理和二次验证加密数据传感信息;设置定位传感器结构控制位置传感信息,利用区块链技术获得加密有效区域,针对智能机器人的眼睛、腕关节、胸部和手部进行控制;实验结果表明,基于区块链的智能机器人多传感信息加密控制方法能够有效提高多传感信息加密效率,安全时间更长。 相似文献
8.
对称可搜索加密(symmetric searchable encryption, SSE)能实现密文数据的检索而不泄露用户隐私, 在云存储领域得到了广泛的研究与应用. 然而, 在SSE方案中, 半诚实或者不诚实的服务器可能篡改文件中的数据, 返回给用户不可信的文件, 因此对这些文件进行验证是十分必要的. 现有的可验证SSE方案大多是用户本地进行验证, 恶意用户可能会伪造验证结果, 无法保证验证的公平性. 基于以上考虑, 提出一种基于区块链的动态可验证对称可搜索加密方案(verifiable dynamic symmetric searchable encryption, VDSSE); VDSSE采用对称加密实现动态更新过程中的前向安全; 在此基础上, 利用区块链实现搜索结果的验证, 验证过程中, 提出一种新的验证标签——Vtag, 利用Vtag的累积性实现验证信息的压缩存储, 降低验证信息在区块链上的存储开销, 并能够有效支持SSE方案的动态验证. 由于区块链具有不可篡改的性质, 验证的公平性得以保证. 最后, 对VDSSE进行实验评估和安全性分析, 验证方案的可行性和安全性. 相似文献
9.
杨亮 《计算机测量与控制》2021,29(6):119-122
针对传统方法机器人数据加密传输缺少信息交互步骤,信息置换过程出现失误,导致加密效果较差的问题,提出了基于区块链技术的机器人数据加密传输控制系统设计;设计机器人硬件结构,在Ts-210型号可信存储器、NoSQL数据库、X86服务器上完成信息存储、操作与分析;基于区块链技术进行机器人数据去中心化和抗篡改信息交互,分解机器人数据客户端传输信息,经信息编码处理后,可获取信息加密矩阵;以原始信息矩阵为依据,选择加密信息初始密钥,使用区块链技术设计机器人数据加密传输控制系统软件加密流程;引入信息签名验证机制,提取机器人上传加密信息,通过SHA-256哈希算法控制加密流程;由实验结果可知,该方法置乱结果与理想结果一致,数据吞吐量平均值为0.95 Gbps,为机器人高效率加密传输信息提供帮助. 相似文献
10.
Encrypted control has been introduced to protect controller data by encryption at the stage of computation and communication, by performing the computation directly on encrypted data. In this article, we first review and categorize recent relevant studies on encrypted control. Approaches based on homomorphic encryption, multi-party computation, and secret sharing are introduced, compared, and then discussed with respect to computational complexity, communication load, enabled operations, security, and research directions. We proceed to discuss a current challenge in the application of homomorphic encryption to dynamic systems, where arithmetic operations other than integer addition and multiplication are limited. We also introduce a Learning With Errors based homomorphic cryptosystem called “Gentry-Sahai-Waters” scheme and discuss its benefits that allow for recursive multiplication of encrypted dynamic systems, without use of computationally expensive bootstrapping techniques. 相似文献
11.
12.
A data security communications interface unit has been developed to allow data transfer between Apple terminals in either plain or encrypted format under user control. The unit employs the Data Encryption Standard algorithm and has a degree of sophistication sufficient to meet most user needs. The unit uses the 6502 microprocessor to control encryption, decryption and communications. In addition to the transfer of encrypted data, the interface also provides a facility for storing encrypted program and data files locally in the Apple disc system. Further, the encryption system has been designed to allow storage and retrieval of completely encrypted or partly encrypted frames of information on the Prestel database. The interface has been tested extensively using several DES modes of operation. 相似文献
13.
针对现有企业私有云面临的数据安全存储和完整性校验问题,提出一种新的数据线性加扰混合加密保护方法。首先在数据加密之前进行数据细粒度和线性分割线划分;其次,分别对分割后的子数据块进行数据加扰处理;最后使用国产密码算法对加扰数据块进行混合加密和完整性校验。将所提出的算法与SM4和SM2加密算法进行比较,并通过实验分别对算法的正确性、加密文件类型、加/解密效率和安全性进行评估。实验结果表明,相对于另外两种加密算法,提出的算法在兼顾加/解密效率的同时安全性得到大幅度提升。 相似文献
14.
15.
随着高校毕业生规模的不断扩大,学位信息安全和共享方法都面临新的挑战。提出一种用户可控、多部门协同的电子学位证照数据保护及共享方法。基于权威证明共识算法,给出一种权威身份评估机制,实现权威用户身份的动态调整与更新,使得系统具有自适应的信誉调节能力,保证节点的可信性与学位信息的真实性。构建面向学位管理的智能合约架构,允许不同功能的合约相互调用,建立符合学位授予流程的访问控制方案,并提出一种批量电子学位证照的共享与审核方法,在加密环境下实现数据可信共享。利用哈希加密、数字签名等密码学技术结合智能合约实现高度自动化的学位授予、审核与验证功能,并基于以太坊的gas机制设计一种智能合约复杂度分析方法,有效衡量并分析学位授予各环节的功能复杂度,为实现各部门间的数据互通,提高学位证书的隐私性、安全性和可信性提供解决方案。实验结果表明,该方法具有一定的鲁棒性与高效性,提出的权威身份评估机制能够有效避免隐藏性恶意行为的发生。 相似文献
16.
Predicate encryption is a cryptographic primitive that provides fine-grained control over access to encrypted data. It is often used for encrypted data search in a cloud storage environment. In this paper, we propose an enabled/disabled predicate encryption scheme, which is the first work that provides timed-release services and data self-destruction (they correspond to the terms “enabled” and “disabled,” respectively). Owing to these properties, the sender can set the readable/unreadable time of the files to be sent to the receiver. The receiver can read the sent file only after the readable time. After the unreadable time, the structure of the file will be destroyed and the file will become unreadable. Furthermore, for practical usage purposes, the extended scheme, which is based on the proposed scheme, provides not only timed-release services and data self-destruction but also long message encryption and undecryptable search. In the extended scheme, the length of encrypted messages does not depend on the order of the group. Moreover, the cloud server can obtain only the matched ciphertexts after the search. 相似文献
17.
Bharat S. Rawal 《International Journal of Parallel, Emergent and Distributed Systems》2020,35(3):219-235
Internet-based online cloud services provide enormous volumes of storage space, tailor-made computing resources and eradicate the obligation of native machines for data maintenance as well. Cloud storage service providers claim to offer the ability of secure and elastic data-storage services that can adapt to various storage necessities. Most of the security tools have a finite rate of failure, and intrusion comes with more complex and sophisticated techniques; the security failure rates are skyrocketing. Once we upload our data into the cloud, we lose control of our data, which certainly carries new security hazards toward integrity and privacy of our information. In this paper, we discuss a secure file sharing mechanism for the cloud with proxy re-encryption (PRE). PRE-scheme is implemented with the Disintegration Protocol to secure storage data in storage and in the flight. The paper introduces a new contribution of a seamless file sharing technique among different clouds without sharing an encryption key. 相似文献
18.
Due to the advantages of pay-on-demand, expand-on-demand and high availability, cloud databases (CloudDB) have been widely used in information systems. However, since a CloudDB is distributed on an untrusted cloud side, it is an important problem how to effectively protect massive private information in the CloudDB. Although traditional security strategies (such as identity authentication and access control) can prevent illegal users from accessing unauthorized data, they cannot prevent internal users at the cloud side from accessing and exposing personal privacy information. In this paper, we propose a client-based approach to protect personal privacy in a CloudDB. In the approach, privacy data before being stored into the cloud side, would be encrypted using a traditional encryption algorithm, so as to ensure the security of privacy data. To execute various kinds of query operations over the encrypted data efficiently, the encrypted data would be also augmented with additional feature index, so that as much of each query operation as possible can be processed on the cloud side without the need to decrypt the data. To this end, we explore how the feature index of privacy data is constructed, and how a query operation over privacy data is transformed into a new query operation over the index data so that it can be executed on the cloud side correctly. The effectiveness of the approach is demonstrated by theoretical analysis and experimental evaluation. The results show that the approach has good performance in terms of security, usability and efficiency, thus effective to protect personal privacy in the CloudDB. 相似文献
19.
Yuxi Li Fucai Zhou Yuhai Qin Muqing Lin Zifeng Xu 《International Journal of Information Security》2018,17(5):549-568
Conjunctive searchable encryption is an efficient way to perform multi-keyword search over encrypted data in cloud storage. However, most existing methods do not take into account the integrity verification of the search result. Moreover, existing integrity verification methods can only verify the integrity of single-keyword search results, which cannot meet the requirements of conjunctive search. To address this problem, we proposed a conjunctive keyword searchable encryption scheme with an authentication mechanism that can efficiently verify the integrity of search results. The proposed scheme is based on the dynamic searchable symmetric encryption and adopts the Merkle tree and bilinear map accumulator to prove the correctness of set operations. It supports conjunctive keyword as input for conjunctive search and gives the server the ability to prove the integrity of the search result to the user. Formal proofs and extensive experiments show that the proposed scheme is efficient, unforgeable and adaptive secure against chosen-keyword attacks. 相似文献
20.
云计算的快速发展在给人们带来便利的同时,其 隐私安全问题也备受关注。结合全同态加密算法,实现直接对密文的运算,是解决隐私安全问题的一种可行方案。但目前大多同态算法支持的数据类型有限,难以有效应用于实际环境。鉴于此,提出一种支持浮点运算的全同态加密算法,以及基于Spark环境的并行算法,并分析了算法的安全性和实际性能。实验结果表明,基于Spark的并行浮点数全同态加密算法支持整数和浮点同态运算,在4节点16核心的集群中 能够达到3.9的整体加速比,能有效减少数据加密和密文运算的时间,满足云计算环境中对大规模浮点数据进行高效同态加密的需求。 相似文献