A Secure Method for Data Storage and Transmission in Sustainable Cloud Computing

Cloud computing is a technology that provides secure storage space for the customer’s massive data and gives them the facility to retrieve and transmit their data efficiently through a secure network in which encryption and decryption algorithms are being deployed. In cloud computation, data processing, storage, and transmission can be done through laptops and mobile devices. Data Storing in cloud facilities is expanding each day and data is the most significant asset of clients. The important concern with the transmission of information to the cloud is security because there is no perceivability of the client’s data. They have to be dependent on cloud service providers for assurance of the platform’s security. Data security and privacy issues reduce the progression of cloud computing and add complexity. Nowadays; most of the data that is stored on cloud servers is in the form of images and photographs, which is a very confidential form of data that requires secured transmission. In this research work, a public key cryptosystem is being implemented to store, retrieve and transmit information in cloud computation through a modified Rivest-Shamir-Adleman (RSA) algorithm for the encryption and decryption of data. The implementation of a modified RSA algorithm results guaranteed the security of data in the cloud environment. To enhance the user data security level, a neural network is used for user authentication and recognition. Moreover; the proposed technique develops the performance of detection as a loss function of the bounding box. The Faster Region-Based Convolutional Neural Network (Faster R-CNN) gets trained on images to identify authorized users with an accuracy of 99.9% on training.     

Game-Oriented Security Strategy Against Hotspot Attacks for Internet of Vehicles

With the rapid development of mobile communication technology, the application of internet of vehicles (IoV) services, such as for information services, driving safety, and traffic efficiency, is growing constantly. For businesses with low transmission delay, high data processing capacity and large storage capacity, by deploying edge computing in the IoV, data processing, encryption and decision-making can be completed at the local end, thus providing real-time and highly reliable communication capability. The roadside unit (RSU), as an important part of edge computing in the IoV, fulfils an important data forwarding function and provides an interactive communication channel for vehicles and server providers. Additional computing resources can be configured to accommodate the computing requirements of users. In this study, a virtual traffic defense strategy based on a differential game is proposed to solve the security problem of user-sensitive information leakage when an RSU is attacked. An incentive mechanism encourages service vehicles within the hot range to send virtual traffic to another RSU. By attracting the attention of attackers, it covers the target RSU and protects the system from attack. Simulation results show that the scheme provides the optimal strategy for intelligent vehicles to transmit virtual data, and ensures the maximization of users’ interests.     

Towards Privacy-Preserving Cloud Storage: A Blockchain Approach

With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a self-service manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.     

A Proxy Re-Encryption with Keyword Search Scheme in Cloud Computing

With the widespread use of cloud computing technology, more and more users and enterprises decide to store their data in a cloud server by outsourcing. However, these huge amounts of data may contain personal privacy, business secrets and other sensitive information of the users and enterprises. Thus, at present, how to protect, retrieve, and legally use the sensitive information while preventing illegal accesses are security challenges of data storage in the cloud environment. A new proxy re-encryption with keyword search scheme is proposed in this paper in order to solve the problem of the low retrieval efficiency of the encrypted data in the cloud server. In this scheme, the user data are divided into files, file indexes and the keyword corresponding to the files, which are respectively encrypted to store. The improved scheme does not need to re-encrypt partial file cipher-text as in traditional schemes, but re-encrypt the cipher-text of keywords corresponding to the files. Therefore the scheme can improve the computational efficiency as well as resist chosen keyword attack. And the scheme is proven to be indistinguishable under Hash Diffie-Hellman assumption. Furthermore, the scheme does not need to use any secure channels, making it more effective in the cloud environment.     

Building a Trust Model for Secure Data Sharing (TM-SDS) in Edge Computing Using HMAC Techniques

With the rapid growth of Internet of Things (IoT) based models, and the lack amount of data makes cloud computing resources insufficient. Hence, edge computing-based techniques are becoming more popular in present research domains that makes data storage, and processing effective at the network edges. There are several advanced features like parallel processing and data perception are available in edge computing. Still, there are some challenges in providing privacy and data security over networks. To solve the security issues in Edge Computing, Hash-based Message Authentication Code (HMAC) algorithm is used to provide solutions for preserving data from various attacks that happens with the distributed network nature. This paper proposed a Trust Model for Secure Data Sharing (TM-SDS) with HMAC algorithm. Here, data security is ensured with local and global trust levels with the centralized processing of cloud and by conserving resources effectively. Further, the proposed model achieved 84.25% of packet delivery ratio which is better compared to existing models in the resulting phase. The data packets are securely transmitted between entities in the proposed model and results showed that proposed TM-SDS model outperforms the existing models in an efficient manner.     

Connected Vehicles Computation Task Offloading Based on Opportunism inCooperative Edge Computing

The traditional multi-access edge computing (MEC) capacity is overwhelmed by the increasing demand for vehicles, leading to acute degradation in task offloading performance. There is a tremendous number of resource-rich and idle mobile connected vehicles (CVs) in the traffic network, and vehicles are created as opportunistic ad-hoc edge clouds to alleviate the resource limitation of MEC by providing opportunistic computing services. On this basis, a novel scalable system framework is proposed in this paper for computation task offloading in opportunistic CV-assisted MEC. In this framework, opportunistic ad-hoc edge cloud and fixed edge cloud cooperate to form a novel hybrid cloud. Meanwhile, offloading decision and resource allocation of the user CVs must be ascertained. Furthermore, the joint offloading decision and resource allocation problem is described as a Mixed Integer Nonlinear Programming (MINLP) problem, which optimizes the task response latency of user CVs under various constraints. The original problem is decomposed into two subproblems. First, the Lagrange dual method is used to acquire the best resource allocation with the fixed offloading decision. Then, the satisfaction-driven method based on trial and error (TE) learning is adopted to optimize the offloading decision. Finally, a comprehensive series of experiments are conducted to demonstrate that our suggested scheme is more effective than other comparison schemes.     

A Fair Blind Signature Scheme to Revoke Malicious Vehicles in VANETs

With the rapid development of IoT (Internet of Things), VANETs (Vehicular Ad-Hoc Networks) have become an attractive ad-hoc network that brings convenience into people’s lives. Vehicles can be informed of the position, direction, speed and other real-time information of nearby vehicles to avoid traffic jams and accidents. However, VANET environments could be dangerous in the absence of security protection. Because of the openness and self-organization of VANETs, there are plenty of malicious pathways. To guarantee vehicle security, the research aims to provide an effective VANET security mechanism that can track malicious vehicles as necessary. Therefore, this work focuses on malicious vehicles and proposes an anonymous authentication scheme in VANETs based on the fair blind signature to protect vehicle security.     

Edge Computing-Based Tasks Offloading and Block Caching for Mobile Blockchain

Internet of Things (IoT) technology is rapidly evolving, but there is no trusted platform to protect user privacy, protect information between different IoT domains, and promote edge processing. Therefore, we integrate the blockchain technology into constructing trusted IoT platforms. However, the application of blockchain in IoT is hampered by the challenges posed by heavy computing processes. To solve the problem, we put forward a blockchain framework based on mobile edge computing, in which the blockchain mining tasks can be offloaded to nearby nodes or the edge computing service providers and the encrypted hashes of blocks can be cached in the edge computing service providers. Moreover, we model the process of offloading and caching to ensure that both edge nodes and edge computing service providers obtain the maximum profit based on game theory and auction theory. Finally, the proposed mechanism is compared with the centralized mode, mode A (all the miners offload their tasks to the edge computing service providers), and mode B (all the miners offload their tasks to a group of neighbor devices). Simulation results show that under our mechanism, mining networks obtain more profits and consume less time on average.     

Verifiable Diversity Ranking Search Over Encrypted Outsourced Data

Data outsourcing has become an important application of cloud computing. Driven by the growing security demands of data outsourcing applications, sensitive data have to be encrypted before outsourcing. Therefore, how to properly encrypt data in a way that the encrypted and remotely stored data can still be queried has become a challenging issue. Searchable encryption scheme is proposed to allow users to search over encrypted data. However, most searchable encryption schemes do not consider search result diversification, resulting in information redundancy. In this paper, a verifiable diversity ranking search scheme over encrypted outsourced data is proposed while preserving privacy in cloud computing, which also supports search results verification. The goal is that the ranked documents concerning diversification instead of reading relevant documents that only deliver redundant information. Extensive experiments on real-world dataset validate our analysis and show that our proposed solution is effective for the diversification of documents and verification.     

On the Privacy-Preserving Outsourcing Scheme of Reversible Data Hiding over Encrypted Image Data in Cloud Computing

Advanced cloud computing technology provides cost saving and flexibility of services for users. With the explosion of multimedia data, more and more data owners would outsource their personal multimedia data on the cloud. In the meantime, some computationally expensive tasks are also undertaken by cloud servers. However, the outsourced multimedia data and its applications may reveal the data owner’s private information because the data owners lose the control of their data. Recently, this thought has aroused new research interest on privacy-preserving reversible data hiding over outsourced multimedia data. In this paper, two reversible data hiding schemes are proposed for encrypted image data in cloud computing: reversible data hiding by homomorphic encryption and reversible data hiding in encrypted domain. The former is that additional bits are extracted after decryption and the latter is that extracted before decryption. Meanwhile, a combined scheme is also designed. This paper proposes the privacy-preserving outsourcing scheme of reversible data hiding over encrypted image data in cloud computing, which not only ensures multimedia data security without relying on the trustworthiness of cloud servers, but also guarantees that reversible data hiding can be operated over encrypted images at the different stages. Theoretical analysis confirms the correctness of the proposed encryption model and justifies the security of the proposed scheme. The computation cost of the proposed scheme is acceptable and adjusts to different security levels.     

Lattice-Based Searchable Encryption Scheme against Inside Keywords Guessing Attack

To save the local storage, users store the data on the cloud server who offers convenient internet services. To guarantee the data privacy, users encrypt the data before uploading them into the cloud server. Since encryption can reduce the data availability, public-key encryption with keyword search (PEKS) is developed to achieve the retrieval of the encrypted data without decrypting them. However, most PEKS schemes cannot resist quantum computing attack, because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers. Besides, the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack (KGA). In this attack, a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords. In the paper, we propose a lattice-based PEKS scheme that can resist quantum computing attacks. To resist inside KGA, this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext. Finally, some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.     

Security Requirement Management for Cloud-Assisted and Internet of Things—Enabled Smart City

The world is rapidly changing with the advance of information technology. The expansion of the Internet of Things (IoT) is a huge step in the development of the smart city. The IoT consists of connected devices that transfer information. The IoT architecture permits on-demand services to a public pool of resources. Cloud computing plays a vital role in developing IoT-enabled smart applications. The integration of cloud computing enhances the offering of distributed resources in the smart city. Improper management of security requirements of cloud-assisted IoT systems can bring about risks to availability, security, performance, confidentiality, and privacy. The key reason for cloud- and IoT-enabled smart city application failure is improper security practices at the early stages of development. This article proposes a framework to collect security requirements during the initial development phase of cloud-assisted IoT-enabled smart city applications. Its three-layered architecture includes privacy preserved stakeholder analysis (PPSA), security requirement modeling and validation (SRMV), and secure cloud-assistance (SCA). A case study highlights the applicability and effectiveness of the proposed framework. A hybrid survey enables the identification and evaluation of significant challenges.     

A Secure Rotation Invariant LBP Feature Computation in Cloud Environment

In the era of big data, outsourcing massive data to a remote cloud server is a promising approach. Outsourcing storage and computation services can reduce storage costs and computational burdens. However, public cloud storage brings about new privacy and security concerns since the cloud servers can be shared by multiple users. Privacy-preserving feature extraction techniques are an effective solution to this issue. Because the Rotation Invariant Local Binary Pattern (RILBP) has been widely used in various image processing fields, we propose a new privacy-preserving outsourcing computation of RILBP over encrypted images in this paper (called PPRILBP). To protect image content, original images are encrypted using block scrambling, pixel circular shift, and pixel diffusion when uploaded to the cloud server. It is proved that RILBP features remain unchanged before and after encryption. Moreover, the server can directly extract RILBP features from encrypted images. Analyses and experiments confirm that the proposed scheme is secure and effective, and outperforms previous secure LBP feature computing methods.     

Pipeline Defect Detection Cloud System Using Role Encryption and Hybrid Information

Pipeline defect detection systems collect the videos from cameras of pipeline robots, however the systems always analyzed these videos by offline systems or humans to detect the defects of potential security threats. The existing systems tend to reach the limit in terms of data access anywhere, access security and video processing on cloud. There is in need of studying on a pipeline defect detection cloud system for automatic pipeline inspection. In this paper, we deploy the framework of a cloud based pipeline defect detection system, including the user management module, pipeline robot control module, system service module, and defect detection module. In the system, we use a role encryption scheme for video collection, data uploading, and access security, and propose a hybrid information method for defect detection. The experimental results show that our approach is a scalable and efficient defection detection cloud system.     

Efficient Authentication Scheme for UAV-Assisted Mobile Edge Computing

Preserving privacy is imperative in the new unmanned aerial vehicle (UAV)-assisted mobile edge computing (MEC) architecture to ensure that sensitive information is protected and kept secure throughout the communication. Simultaneously, efficiency must be considered while developing such a privacy-preserving scheme because the devices involved in these architectures are resource constrained. This study proposes a lightweight and efficient authentication scheme for the UAV-assisted MEC environment. The proposed scheme is a hardware-based password-less authentication mechanism that is based on the fact that temporal and memory-related efficiency can be significantly improved while maintaining the data security by adopting a hardware-based solution with a simple implementation. The proposed scheme works in four stages: system initialization, EU registration, EU authentication, and session establishment. It is implemented as a single hardware chip comprising registers and XOR gates, and it can run the entire process in one clock cycle. Consequently, the proposed scheme has significantly higher efficiency in terms of runtime and memory consumption compared to other prevalent methods in the area. Simulations are conducted to evaluate the proposed authentication algorithm. The results show that the scheme has an average execution time of 0.986 ms and consumes average memory of 34 KB. The hardware execution time is approximately 0.39 ns, which is a significantly less than the prevalent schemes, whose execution times range in milliseconds. Furthermore, the security of the proposed scheme is examined, and it is resistant to brute-force attacks. Around 1.158 × 10⁷⁷ trials are required to overcome the system’s security, which is not feasible using fastest available processors.     

Multi-dimensional Security Range Query for Industrial IoT

The Internet of Things (IoT) has allowed for significant advancements in applications not only in the home, business, and environment, but also in factory automation. Industrial Internet of Things (IIoT) brings all of the benefits of the IoT to industrial contexts, allowing for a wide range of applications ranging from remote sensing and actuation to decentralization and autonomy. The expansion of the IoT has been set by serious security threats and obstacles, and one of the most pressing security concerns is the secure exchange of IoT data and fine-grained access control. A privacy-preserving multi-dimensional secure query technique for fog-enhanced IIoT was proposed in light of the fact that most existing range query schemes for fog-enhanced IoT cannot provide both multi-dimensional query and privacy protection. The query matrix was then decomposed using auxiliary vectors, and the auxiliary vector was then processed using BGN homomorphic encryption to create a query trapdoor. Finally, the query trapdoor may be matched to its sensor data using the homomorphic computation used by an IoT device terminal. With the application of particular auxiliary vectors, the spatial complexity might be efficiently decreased. The homomorphic encryption property might ensure the security of sensor data and safeguard the privacy of the user's inquiry mode. The results of the experiments reveal that the computing and communication expenses are modest.     

Message Authentication with a New Quantum Hash Function

To ensure the security during the communication, we often adopt different ways to encrypt the messages to resist various attacks. However, with the computing power improving, the existing encryption and authentication schemes are being faced with big challenges. We take the message authentication as an example into a careful consideration. Then, we proposed a new message authentication scheme with the Advanced Encryption Standard as the encryption function and the new quantum Hash function as the authentication function. Firstly, the Advanced Encryption Standard algorithm is used to encrypt the result of the initial message cascading the corresponding Hash values, which ensures that the initial message can resist eavesdropping attack. Secondly, utilizing the new quantum Hash function with quantum walks can be much more secure than traditional classical Hash functions with keeping the common properties, such as one-wayness, resisting different collisions and easy implementation. Based on these two points, the message authentication scheme can be much more secure than previous ones. Finally, it is a new way to design the message authentication scheme, which provides a new thought for other researchers in the future. Our works will contribute to the study on the new encryption and authentication functions and the combination of quantum computing with traditional cryptology in the future.     

保序加密在海洋环境信息云存储密文检索系统中的应用研究

云计算因其经济、便利、高可扩展性等诸多优势已成为当今信息技术领域的热门话题,受到研究者的广泛关注和重视。安全性是限制云计算发展的重要因素,由于云存储在海洋云计算中占有重要地位,海洋环境信息的云存储系统中的安全问题成为海洋云计算研究的重要问题之一。本文在结合海洋环境信息的特点下研究保序加密在海洋环境信息云存储检索系统的应用,为海洋环境信息的云存储密文检索提供了一种可行方法。     

Secure Cloud Data Storage System Using Hybrid Paillier–Blowfish Algorithm

Cloud computing utilizes enormous clusters of serviceable and manageable resources that can be virtually and dynamically reconfigured in order to deliver optimum resource utilization by exploiting the pay-per-use model. However, concerns around security have been an impediment in the extensive adoption of the cloud computing model. In this regard, advancements in cryptography, accelerated by the wide usage of the internet worldwide, has emerged as a key area in addressing some of these security concerns. In this document, a hybrid cryptographic protocol deploying Blowfish and Paillier encryption algorithms has been presented and its strength compared with the existing hybrid Advanced Encryption Standard (AES) and Rivest Shamir Adleman (RSA) techniques. Algorithms for secure data storage protocol in two phases have been presented. The proposed hybrid protocol endeavors to improve the power of cloud storage through a decrease in computation time and cipher-text size. Simulations have been carried out with Oracle Virtual Box and Fog server used on an Ubuntu 16.04 platform. This grouping of asymmetric and homomorphic procedures has demonstrated enhanced security. Compression usage has helped in decreasing the storage space and computation time. Performance analysis in terms of computation overhead and quality of service parameters like loads of parameters with and without attacks, throughput, and stream length for different modes of block cipher mode has been carried out. Security analysis has been carried out by utilizing the Hardening Index as an audit parameter using Lynis 2.7.1. Similarly, for halting the aforementioned approaches and for regulating traffic, firewall protection has been generated in the chosen hybrid algorithms. Finally, enhancements in the performance of the Paillier and Blowfish hybrid scheme with and without compression compared to the existing schemes using RSA and AES procedures have been demonstrated.     

一个新的类FEISTEL密码方案

分析了RSA和DES的算法优点和安全弱点，设计了一个新的密码算法方案。该方案以类FEISTEL结构为基础增强了左右两半部分结构的安全设计，利用了RSA进行密钥分配，并以序列密码算法的生成原理改变了固定密钥的缺点。该新方案具有一次一密的特点，给破译者获得大量的明密文对造成了很大的困难，可较好地抵抗差分分析与线性分析，是一种安全性较强的加密方案。