A Proxy Re-Encryption with Keyword Search Scheme in Cloud Computing

With the widespread use of cloud computing technology, more and more users and enterprises decide to store their data in a cloud server by outsourcing. However, these huge amounts of data may contain personal privacy, business secrets and other sensitive information of the users and enterprises. Thus, at present, how to protect, retrieve, and legally use the sensitive information while preventing illegal accesses are security challenges of data storage in the cloud environment. A new proxy re-encryption with keyword search scheme is proposed in this paper in order to solve the problem of the low retrieval efficiency of the encrypted data in the cloud server. In this scheme, the user data are divided into files, file indexes and the keyword corresponding to the files, which are respectively encrypted to store. The improved scheme does not need to re-encrypt partial file cipher-text as in traditional schemes, but re-encrypt the cipher-text of keywords corresponding to the files. Therefore the scheme can improve the computational efficiency as well as resist chosen keyword attack. And the scheme is proven to be indistinguishable under Hash Diffie-Hellman assumption. Furthermore, the scheme does not need to use any secure channels, making it more effective in the cloud environment.     

Towards Privacy-Preserving Cloud Storage: A Blockchain Approach

With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a self-service manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.     

基于云计算的印刷企业供应物流信息系统

目的研究基于云计算的中小型印刷企业供应物流管理中的采购管理和库存管理系统,实现按需付费的供应物流管理服务。方法首先采用基于BPMN(业务流程建模与标注)的业务流程和用例图对系统进行分析,构建系统的业务流程和数据流程模型;其次采用类图实现系统的数据库设计,采用标准化的服务语义定义系统的服务接口;最后在本地计算机上开发测试系统,并将系统部署到GAE(Google App Engine)平台上。结果基于云计算的中小型印刷企业供应物流管理系统可满足中小型印刷企业拿来即用、按需付费的低成本信息化需求。结论该系统将供应物流管理系统和云计算技术结合起来,提高了中小型印刷企业的信息化水平,降低了企业信息化的成本。     

智慧停车场在线计量云平台分析与设计研究

为提高停车场电子计时收费装置的检定效率和解决其在技术监督管理现状中存在的问题,提出运用现代云计算理念和大数据技术,建立以在线监测和校准系统为核心应用的停车场智能管理系统公共监管和服务云平台。在可行性研究的基础上,提出该系统的设计架构;在需求分析的基础上,提出智慧停车场客户端单元、在线检测单元、信息发布单元和行政管理单元等功能模块的概要设计方案;详细描述云平台的核心应用——在线计量检测的实现原理与过程。该系统用互联网技术来实现停车场计时收费系统的在线计量检定,经实践证明其改变传统停车场电子计时收费系统的计量检测模式,根据云端虚拟服务器的网络并发响应能力,检测效率理论上可以提高数千倍;实现停车信息、安全、检测和监督等综合服务集成到平台上,最大限度为管理部门和公众提供多个层面的信息服务。     

Cloud Security Service for Identifying Unauthorized User Behaviour

Recently, an innovative trend like cloud computing has progressed quickly in Information Technology. For a background of distributed networks, the extensive sprawl of internet resources on the Web and the increasing number of service providers helped cloud computing technologies grow into a substantial scaled Information Technology service model. The cloud computing environment extracts the execution details of services and systems from end-users and developers. Additionally, through the system’s virtualization accomplished using resource pooling, cloud computing resources become more accessible. The attempt to design and develop a solution that assures reliable and protected authentication and authorization service in such cloud environments is described in this paper. With the help of multi-agents, we attempt to represent Open-Identity (ID) design to find a solution that would offer trustworthy and secured authentication and authorization services to software services based on the cloud. This research aims to determine how authentication and authorization services were provided in an agreeable and preventive manner. Based on attack-oriented threat model security, the evaluation works. By considering security for both authentication and authorization systems, possible security threats are analyzed by the proposed security systems.     

Blockchain-Based Trusted Electronic Records Preservation in Cloud Storage

Cloud storage represents the trend of intensive, scale and specialization of information technology, which has changed the technical architecture and implementation method of electronic records management. Moreover, it will provide a convenient way to generate more advanced and efficient management of the electronic data records. However, in cloud storage environment, it is difficult to guarantee the trustworthiness of electronic records, which results in a series of severe challenges to electronic records management. Starting from the definition and specification of electronic records, this paper firstly analyzes the requirements of the trustworthiness in cloud storage during their long-term preservation according to the information security theory and subdivides the trustworthiness into the authenticity, integrity, usability, and reliability of electronic records in cloud storage. Moreover, this paper proposes the technology framework of preservation for trusted electronic records. Also, the technology of blockchain, proofs of retrievability, the open archival information system model and erasure code are adopted to protect these four security attributes, to guarantee the credibility of the electronic record.     

基于Google的云计算技术

介绍了云计算技术.云计算技术可实现并行计算、分布式计算和网格计算等.以Google云计算平台为例,阐述了云计算三大关键技术:GFS分布式文件、BigTable分布式数据库以及Map-Reduce编程模型.基于Apache的Hadoop-0.20.2平台,通过WordCount实例,分析了云计算的实现机制与工作过程,并讨论了云计算技术的发展问题.     

Research and Measures on the Security of Internet of Things

With the development of intelligent perception,recognition technology and pervasive computing,Internet of things( IoT) is widely used,the security problem is also concerned by more and more researchers. IoT is a double-edged sword. On the one hand,it has great potential in simplifying the business process and provides an effective way for the enterprise to interact with the customers. But on the other hand,it also provides convenience for cyber crimes and hackers.First of all,Three layers logic architecture of IoT is introduced,and the security problems at each level and the key points of the research are expounded,and then the security requirements are analyzed. The main causes of security problems are summarized and analyzed: physical attack and the threat of equipment and malware,file attack and hacker attack. Finally,through the application of the existing technology in IoT environment,the exploration of new technology and the security of the hardware related to IoT,the security of the software and the security team,the future research direction of the security of IoT is pointed out.     

Multilayer Self-Defense System to Protect Enterprise Cloud

A data breach can seriously impact organizational intellectual property, resources, time, and product value. The risk of system intrusion is augmented by the intrinsic openness of commonly utilized technologies like TCP/IP protocols. As TCP relies on IP addresses, an attacker may easily trace the IP address of the organization. Given that many organizations run the risk of data breach and cyber-attacks at a certain point, a repeatable and well-developed incident response framework is critical to shield them. Enterprise cloud possesses the challenges of security, lack of transparency, trust and loss of controls. Technology eases quickens the processing of information but holds numerous risks including hacking and confidentiality problems. The risk increases when the organization outsources the cloud storage services through the vendor and suffers from security breaches and need to create security systems to prevent data networks from being compromised. The business model also leads to insecurity issues which derail its popularity. An attack mitigation system is the best solution to protect online services from emerging cyber-attacks. This research focuses on cloud computing security, cyber threats, machine learning-based attack detection, and mitigation system. The proposed SDN-based multilayer machine learning-based self-defense system effectively detects and mitigates the cyber-attack and protects cloud-based enterprise solutions. The results show the accuracy of the proposed machine learning techniques and the effectiveness of attack detection and the mitigation system.     

基于云计算的标准化资源共享服务平台构建研究

云计算架构是实现标准资源信息共享的有效手段之一。本文通过对标准化资源共享服务平台的建设方案调查,结合云计算环境下的标准化资源共享服务平台构建研究,构建基于云计算的标准化资源共享服务平台。在介绍了标准化资源服务技术的发展现状基础上,阐述了云计算、标准化资源共享服务平台的概念、内涵及特点,设计出标准化资源共享服务平台的体系架构,并基于该平台设计了资源检索、管理、分析等多种云服务。实现政府、行业、机构、企业、专家、公众等标准化资源数字信息资源的共知共建共享,按需为用户提供个性化标准化数字资源（如查询、阅读、下载、分享等等）服务。     

A Novel Anonymous Authentication Scheme Based on Edge Computing in Internet of Vehicles

The vehicular cloud computing is an emerging technology that changes vehicle communication and underlying traffic management applications. However, cloud computing has disadvantages such as high delay, low privacy and high communication cost, which can not meet the needs of real-time interactive information of Internet of vehicles. Ensuring security and privacy in Internet of Vehicles is also regarded as one of its most important challenges. Therefore, in order to ensure the user information security and improve the real-time of vehicle information interaction, this paper proposes an anonymous authentication scheme based on edge computing. In this scheme, the concept of edge computing is introduced into the Internet of vehicles, which makes full use of the redundant computing power and storage capacity of idle edge equipment. The edge vehicle nodes are determined by simple algorithm of defining distance and resources, and the improved RSA encryption algorithm is used to encrypt the user information. The improved RSA algorithm encrypts the user information by reencrypting the encryption parameters . Compared with the traditional RSA algorithm, it can resist more attacks, so it is used to ensure the security of user information. It can not only protect the privacy of vehicles, but also avoid anonymous abuse. Simulation results show that the proposed scheme has lower computational complexity and communication overhead than the traditional anonymous scheme.     

基于区块链技术的空调产品电子病历共享方案

随着空调领域大数据和智能化的飞速发展,良好的数据管理模式变得十分重要.本文首次提出一种将区块链作为底层技术的空调产品电子病历共享方案,旨在构建一个去中心化和第三方信任的空调病历信息共享平台.通过运用哈希计算、非对称加密和全网共识等技术,达到对空调故障病历数据的全网可信,突破个人、企业之间的信任壁垒.研究表明:基于区块链...     

Mobile Internet Mobile Agent System Dynamic Trust Model for Cloud Computing

In mobile cloud computing, trust is a very important parameter in mobile cloud computing security because data storage and data processing are performed remotely in the cloud. Aiming at the security and trust management of mobile agent system in mobile cloud computing environment, the Human Trust Mechanism (HTM) is used to study the subjective trust formation, trust propagation and trust evolution law, and the subjective trust dynamic management algorithm (MASTM) is proposed. Based on the interaction experience between the mobile agent and the execution host and the third-party recommendation information to collect the basic trust data, the public trust host selection algorithm is given. The isolated malicious host algorithm and the integrated trust degree calculation algorithm realize the function of selecting the trusted cluster and isolating the malicious host, so as to enhance the security interaction between the mobile agent and the host. Given algorithm simulation and verification were carried out to prove its feasibility and effectiveness.     

保序加密在海洋环境信息云存储密文检索系统中的应用研究

云计算因其经济、便利、高可扩展性等诸多优势已成为当今信息技术领域的热门话题,受到研究者的广泛关注和重视。安全性是限制云计算发展的重要因素,由于云存储在海洋云计算中占有重要地位,海洋环境信息的云存储系统中的安全问题成为海洋云计算研究的重要问题之一。本文在结合海洋环境信息的特点下研究保序加密在海洋环境信息云存储检索系统的应用,为海洋环境信息的云存储密文检索提供了一种可行方法。     

Optimal services for content delivery based on business priority

In a content-delivery system, connections are viewed as resources for sending files. However, the growing business needs of large-scale networks require an effective content-delivery service for transferring files. Since connections are sparse resources, prioritizing connections is essential for efficiently delivering urgent files and regular files based on various business priorities. This study presents a loss function as a performance index for a content-delivery service. The proposed loss function was applied to a sample content-delivery system to derive the average number of regular files in the retry group, the probability of failure to transfer a regular file in the first attempt, and the probability of failure to transmit urgent files. Additionally, the loss was associated with the decreased number of reserve connections under regular hours and peak hours. The experimental results show that the proposed model finds the optimal number of reserve connections for sending high- and low-priority files, and a manager can increase the service rate to ensure that losses are tolerable when delivering urgent files. Finally, the relative probabilities of blocked urgent files and blocked regular files are used as an indicator of efficiency in reserving connections.     

Network Security Situation Awareness Framework based on Threat Intelligence

Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.     

电力系统安全韧性评价标准化研究

通过分析电力系统安全韧性内涵和特征,针对电力系统安全管理中的风险点和防控技术,以公共安全三角形为基础,结合安全管理系统四要素,参考相关规范性文件内容,提出电力系统安全韧性的评价内容和评价指标,初步建立了电力系统安全韧性评价方法,为电力系统安全韧性评价标准的研制奠定了前期基础。     

A New Task Scheduling Scheme Based on Genetic Algorithm for Edge Computing

With the continuous evolution of smart grid and global energy interconnection technology, amount of intelligent terminals have been connected to power grid, which can be used for providing resource services as edge nodes. Traditional cloud computing can be used to provide storage services and task computing services in the power grid, but it faces challenges such as resource bottlenecks, time delays, and limited network bandwidth resources. Edge computing is an effective supplement for cloud computing, because it can provide users with local computing services with lower latency. However, because the resources in a single edge node are limited, resource-intensive tasks need to be divided into many subtasks and then assigned to different edge nodes by resource cooperation. Making task scheduling more efficient is an important issue. In this paper, a two-layer resource management scheme is proposed based on the concept of edge computing. In addition, a new task scheduling algorithm named GA-EC(Genetic Algorithm for Edge Computing) is put forth, based on a genetic algorithm, that can dynamically schedule tasks according to different scheduling goals. The simulation shows that the proposed algorithm has a beneficial effect on energy consumption and load balancing, and reduces time delay.     

On the Privacy-Preserving Outsourcing Scheme of Reversible Data Hiding over Encrypted Image Data in Cloud Computing

Advanced cloud computing technology provides cost saving and flexibility of services for users. With the explosion of multimedia data, more and more data owners would outsource their personal multimedia data on the cloud. In the meantime, some computationally expensive tasks are also undertaken by cloud servers. However, the outsourced multimedia data and its applications may reveal the data owner’s private information because the data owners lose the control of their data. Recently, this thought has aroused new research interest on privacy-preserving reversible data hiding over outsourced multimedia data. In this paper, two reversible data hiding schemes are proposed for encrypted image data in cloud computing: reversible data hiding by homomorphic encryption and reversible data hiding in encrypted domain. The former is that additional bits are extracted after decryption and the latter is that extracted before decryption. Meanwhile, a combined scheme is also designed. This paper proposes the privacy-preserving outsourcing scheme of reversible data hiding over encrypted image data in cloud computing, which not only ensures multimedia data security without relying on the trustworthiness of cloud servers, but also guarantees that reversible data hiding can be operated over encrypted images at the different stages. Theoretical analysis confirms the correctness of the proposed encryption model and justifies the security of the proposed scheme. The computation cost of the proposed scheme is acceptable and adjusts to different security levels.     

Fuzzy Search for Multiple Chinese Keywords in Cloud Environment

With the continuous development of cloud computing and big data technology, the use of cloud storage is more and more extensive, and a large amount of data is outsourced for public cloud servers, and the security problems that follow are gradually emerging. It can not only protect the data privacy of users, but also realize efficient retrieval and use of data, which is an urgent problem for cloud storage. Based on the existing fuzzy search and encrypted data fuzzy search schemes, this paper uses the characteristics of fuzzy sounds and polysemy that are unique to Chinese, and realizes the synonym construction of keywords through Chinese Pinyin and Chinese-English translation, and establishes the fuzzy word and synonym set of keywords. This paper proposes a Chinese multi-keyword fuzzy search scheme in a cloud environment, which realizes the fuzzy search of multiple Chinese keywords and protects the private key by using a pseudo-random function. Finally, the safety analysis and system experiments verify that the scheme has high security, good practicability, and high search success rate.