Novel dynamic load balancing algorithm for cloud-based big data analytics

Big data analytics in cloud environments introduces challenges such as real-time load balancing besides security, privacy, and energy efficiency. This paper proposes a novel load balancing algorithm in cloud environments that performs resource allocation and task scheduling efficiently. The proposed load balancer reduces the execution response time in big data applications performed on clouds. Scheduling, in general, is an NP-hard problem. Our proposed algorithm provides solutions to reduce the search area that leads to reduced complexity of the load balancing. We recommend two mathematical optimization models to perform dynamic resource allocation to virtual machines and task scheduling. The provided solution is based on the hill-climbing algorithm to minimize response time. We evaluate the performance of proposed algorithms in terms of response time, turnaround time, throughput metrics, and request distribution with some of the existing algorithms that show significant improvements.

     

Blockchain assisted encryption scheme for intellectual share estimation using medical research data

Recently, blockchain utilization with advanced encryption and decryption has gained improved attention over diverse applications. Especially in the medical field, big data storage requires an effective medium for managing user data with high confidentiality. The existing research presents diverse encryption algorithms, but certain drawbacks include sensitive information leakage, ineffective data integrity verification, and increased computational cost and time. The proposed work develops an effective blockchain mechanism for secured data storage to conquer these limitations. This article secures the medical research data from different team members for intellectual share estimation. Initially, the registration process involves user details such as name, contact number, age and so on. Next, a digital signature is generated for every registered user using the SHA-256 hash algorithm. During data uploading, the data is encrypted using elliptic curve Diffie Hellman encryption scheme to promote security. The audio and video files are stored in inter planetary file system, and texts are stored in the blockchain. The users can retrieve the stored data from the blockchain using the encryption key. The identities and associated public keys are verified using a smart contract to validate the user certificate. Next, a decision form is made to show the polling mechanism using item preference ranking for other users viewing the data. The proposed mechanism ensures intellectual shares for all the users associated with a specified project. The performances are analyzed using PYTHON, and the encryption time obtained in the proposed model is 0.85 s at 140 security bit level.     

Fingerprint Agreement Using Enhanced Kerberos Authentication Protocol on M-Health

Cloud computing becomes an important application development platform for processing user data with high security. Service providers are accustomed to providing storage centers outside the trusted location preferred by the data owner. Thus, ensuring the security and confidentiality of the data while processing in the centralized network is very difficult. The secured key transmission between the sender and the receiver in the network is a huge challenge in managing most of the sensitive data transmission among the cloud network. Intruders are very active over the network like real authenticated user to hack the personal sensitive data, such as bank balance, health data, personal data, and confidential documents over the cloud network. In this research, a secured key agreement between the sender and the receiver using Kerberos authentication protocol with fingerprint is proposed to ensure security in M-Healthcare. Conditions of patients are monitored using wireless sensor devices and are then transferred to the server. Kerberos protocol helps in avoiding unnecessary communication of authenticated data over the cloud network. Biometric security process is a procedure with the best security in most of the authentication field. Trust node is responsible in carrying data packets from the sender to the receiver in the cloud network. The Kerberos protocol is used in trust node to ensure security. Secured communication between the local health center and the healthcare server is ensured by using a fingerprint feature called minutiae form, which refers to the fingerprint image of both sender and receiver. The computational and communicational cost of the proposed system is lesser when compared with other existing authentication methods.     

A policy-oriented secured service for the e-commerce applications in cloud

The communication process is very easy today due to the rapid growth of information technology. In addition, the development of cloud computing technology makes it easier than earlier days by facilitating the large volume of data exchange anytime and from anywhere in the world. E-businesses are successfully running today due to the development of cloud computing technology. Specifically in cloud computing, cloud services are providing enormous support to share the resources and data in an efficient way with less cost expenses for businessmen. However, security is an essential issue for cloud users and services. For this purpose, many security policies have been introduced by various researchers for enhancing the security in e-commerce applications. However, the available security policies are also failing to provide the secured services in the society and e-commerce applications. To overcome this disadvantage, we propose a new policy-oriented secured service model for providing the security of the services in the cloud. The proposed model is the combination of a trust aware policy scheduling algorithm and an effective and intelligent re-encryption scheme. Here, the dynamic trust aware policy-oriented service for allocating the cloud user’s request by the cloud service provider and an effective and re-encryption scheme is used that uses intelligent agent for storing the data in the cloud database securely. The proposed model assures the scalability, reliability, and security for the stored e-commerce data and service access.     

On the Characterization and Risk Assessment of AI-Powered Mobile Cloud Applications

Ultra-reliable low-latency communication supports powerful mission-critical applications such as artificial intelligence-enabled mobile cloud applications designed to deliver the quality of service and quality of experience to their users. However, whether existing security mechanisms are ready to address the risks emerging from these applications operating over ultra-fast 5G and 6G infrastructures is an open question. The complexity of finding answers to this question is partly due to the lack of means to measure software applications’ intelligence levels and partly due to the limitations of existing risk assessment approaches. In this paper, first, we propose an ability-based scale to characterize intelligent software applications. After that, we propose a semi-quantitative approach for threat modeling and risk analysis of intelligent software applications. Focusing on Android, we define three intelligent mobile cloud applications’ scenarios and demonstrate the feasibility of the proposed scale and approach. We perform their risk analyses for assessing the readiness of Android security mechanisms to mitigate their risks and identify open problems. We propose to rethink intelligent mobile cloud computing applications’ characterization and warn security experts to redesign their security mechanisms to serve evolving privacy, security, and trust requirements.     

User Centric Block-Level Attribute Based Encryption in Cloud Using Blockchains

Cloud computing is a collection of distributed storage Network which can provide various services and store the data in the efficient manner. The advantages of cloud computing is its remote access where data can accessed in real time using Remote Method Innovation (RMI). The problem of data security in cloud environment is a major concern since the data can be accessed by any time by any user. Due to the lack of providing the efficient security the cloud computing they fail to achieve higher performance in providing the efficient service. To improve the performance in data security, the block chains are used for securing the data in the cloud environment. However, the traditional block chain technique are not suitable to provide efficient security to the cloud data stored in the cloud. In this paper, an efficient user centric block level Attribute Based Encryption (UCBL-ABE) scheme is presented to provide the efficient security of cloud data in cloud environment. The proposed approach performs data transaction by employing the block chain. The proposed system provides efficient privacy with access control to the user access according to the behavior of cloud user using Data Level Access Trust (DLAT). Based on DLAT, the user access has been restricted in the cloud environment. The proposed protocol is implemented in real time using Java programming language and uses IBM cloud. The implementation results justifies that the proposed system can able to provide efficient security to the data present in and cloud and also enhances the cloud performance.     

基于信息流控制的HDFS敏感数据安全增强

云服务及mapreduce计算环境下数据安全问题日益突显,针对HDFS已有保护方法如认证授权,数据加密,访问控制和审计方法都不能保证敏感数据端到端的安全性,首先,提出了一个用于HDFS的安全代数语言SALH(Security Algebra Language for HDFS),给出了SALH的语义和语法。其次,采用SALH形式化描述了HDFS信息流跟踪和控制模型并证明了模型的无干扰安全性。最后,给出了原型系统IF-HDFS设计与实现关键技术,原型系统的功能和性能测试结果表明IF-HDFS可实时、有效、准确地实现信息流跟踪与控制。     

A New Data Layout Scheme for Energy-Efficient MapReduce Processing Tasks

Yet Another Resource Negotiator (YARN) is a framework to manage and allocate resource requests from applications that process big data stored in HDFS. However, dynamic power management methods are not efficient when YARN manage applications to process big data stored in the default data layout of HDFS. In this paper, we propose a new data layout scheme that can be implemented for HDFS. A comparison between our proposal and the existing HDFS data layout scheme shows that the new data layout algorithm significantly reduces the energy consumption at the slight expense of the mean response time of jobs.     

基于决策树挖掘算法的气象大数据云平台设计

大数据、云计算技术的迅猛发展为挖掘气象数据丰富的科研和经济价值提供了技术支撑,促进了Hadoop及其包含的文件存储系统(HDFS,Hadoop Distributed File System)和分布式计算模型在气象数据处理领域广泛应用。由于气象数据具有大数据的4V特征,还需要引入新的数据处理算法来提高气象数据处理效率。通过对决策树算法原理的研究,基于Hadoop云平台,创建随机森林模型,为数据挖掘算法在云平台上的应用提供一种新的可能性。基于决策树(CART,Classification And Regression Trees)挖掘算法的气象大数据云平台设计,采用Hadoop系统架构和MapReduce工作流程,对气象大数据云平台采用集群部署。平台总体架构分为基础设施层、数据管理与处理层、应用层,减少了决策树建立的时间,实现了气象数据高效加工和挖掘分析等平台功能。     

基于混合云的企业信息平台架构研究

本文基于混合云,探索企业信息平台的架构问题。由于私有云的处理能力有限,在遇到季节性的峰值需求时难以应对;此时,公有云是一种很好的选择,其处理能力远远超出私有云,由于其规模效应,短期而言,成本也低于私有云。然而,将敏感的数据存放到公有云上存在一定的安全隐患,而且,将应用系统部署到公有云上,跨云的负载均衡也存在一定的技术复杂度。本文结合私有云与公有云的优势,给出一种企业信息平台的参考架构,并进行应用系统的负载均衡、数据的安全和混合云互操作性的探讨。     

基于NAS的私有云存储平台的设计与实现

随着大数据时代的到来与高速网络建设的快速推进,数据化网络资源共享已渗透到人们的日常工作、学习、生活当中。数据网络化储存、多人资源共享成为现代信息传播与保存的重要方式。但是,网络储存平台的安全性一直令使用者担忧。因此,各种各样的私有云储存平台孕育而生,为使用者提供相对独立的个人使用空间。经过长期的使用发现,传统的私有云存储平台虽然可以达到一定的安全性,但是,安全性只相对公共开放网盘而言。同时,存在多用户瞬时访问下协议拥堵、大数据交互节点回馈延迟高的问题。针对传统私有云的架构特点与问题产生原因,提出基于NAS的私有云存储平台的设计与实现方法。采用基于NAS的协议加密技术、多路访问优化单元、数据压缩单元对传统私有云存在的问题进行针对性解决。通过仿真实验证明,提出的基于NAS的私有云存储平台的设计与实现方法,具有数据储存安全性高、峰值状态下访问点网络畅通性好、数据网络传输交互率高、延迟小等优点。     

A privacy preserving three-factor authentication protocol for e-Health clouds

E-Health clouds are gaining increasing popularity by facilitating the storage and sharing of big data in healthcare. However, such an adoption also brings about a series of challenges, especially, how to ensure the security and privacy of highly sensitive health data. Among them, one of the major issues is authentication, which ensures that sensitive medical data in the cloud are not available to illegal users. Three-factor authentication combining password, smart card and biometrics perfectly matches this requirement by providing high security strength. Recently, Wu et al. proposed a three-factor authentication protocol based on elliptic curve cryptosystem which attempts to fulfill three-factor security and resist various existing attacks, providing many advantages over existing schemes. However, we first show that their scheme is susceptible to user impersonation attack in the registration phase. In addition, their scheme is also vulnerable to offline password guessing attack in the login and password change phase, under the condition that the mobile device is lost or stolen. Furthermore, it fails to provide user revocation when the mobile device is lost or stolen. To remedy these flaws, we put forward a robust three-factor authentication protocol, which not only guards various known attacks, but also provides more desired security properties. We demonstrate that our scheme provides mutual authentication using the Burrows–Abadi–Needham logic.     

电力营销信息系统数据安全防护

近年来,随着云计算、物联网、大数据、移动互联网等新技术的快速发展和日趋成熟,传统的电力营销系统也开展了大数据平台的建设。在对数据的挖掘和应用中,数据安全问题逐渐显露出来。电力营销系统中的数据涉及大量保密性较高的信息,信息泄露会给电力公司带来巨大损失,也会威胁到用户安全。因此,如何在不影响数据正常使用的情况下,保证数据的安全成为当下研究的热点。本文通过对可应用于电力营销系统中的数据安全防护措施进行研究,在数据层面进行变换,消除原始数据中的敏感信息,加强了数据保密性,保障了数据安全。     

在云和大数据中开发的安全策略

云计算和大数据使信息世界变得更加丰富,但与之相关的安全开发问题也随之而来。安全问题往往是一个应用企业的首要考虑因素。介绍了安全开发流程、云计算和大数据技术的相应组成部分,在此基础上提出了整合云和大数据的安全策略,以减轻这些风险。     

Security-Preserving Live Migration of Virtual Machines in the Cloud

Hypervisor-based process protection is a novel approach that provides isolated execution environments for applications running on untrusted commodity operating systems. It is based on off-the-shelf hardware and trusted hypervisors while it meets the requirement of security and trust for many cloud computing models, especially third-party data centers and a multi-tenant public cloud, in which sensitive data are out of the control of the users. However, as the hypervisor extends semantic protection to the process granularity, such a mechanism also breaks the platform independency of virtual machines and thus prohibits live migration of virtual machines, which is another highly desirable feature in the cloud. In this paper, we extend hypervisor-based process protection systems with live migration capabilities by migrating the protection-related metadata maintained in the hypervisor together with virtual machines and protecting sensitive user contents using encryption and hashing. We also propose a security-preserving live migration protocol that addresses several security threats during live migration procedures including timing-related attacks, replay attacks and resumption order attacks. We implement a prototype system base on Xen and Linux. Evaluation results show that performance degradation in terms of both total migration time and downtime are reasonably low compared to the unmodified Xen live migration system.     

基于Hadoop的大数据信息安全监控云平台设计与研究

针对传统的大数据信息监控云平台模式单一、虚拟化程度不高,容易导致信息泄露的问题,为了提高对大数据的信息安全溯源能力,提出基于Hadoop的大数据信息安全监控云平台设计方法。在信息资源云体系下构建大数据信息安全融合模型,通过信息挖掘与匹配方法把云平台中的数据资源、物理资源进行关联性整合,方便数据安全溯源,在Hadoop平台下构建多源信息资源云,建立用户接口注册机制,采用虚拟化技术进行信息保护,实现在云平台下进行信息安全溯源。实验结果表明,采用该方法进行大数据信息安全溯源,大数据信息分类存储性能较好,对异常数据挖掘精度较高。具有较好的信息安全保护能力,确保了信息安全。     

Reducing the network overhead of user mobility–induced virtual machine migration in mobile edge computing

With the popularity of mobile devices (such as smartphones and tablets) and the development of the Internet of Things, mobile edge computing is envisioned as a promising approach to improving the computation capabilities and energy efficiencies of mobile devices. It deploys cloud data centers at the edge of the network to lower service latency. To satisfy the high latency requirement of mobile applications, virtual machines (VMs) have to be correspondingly migrated between edge cloud data centers because of user mobility. In this paper, we try to minimize the network overhead resulting from constantly migrating a VM to cater for the movement of its user. First, we elaborate on two simple migration algorithms (M-All and M-Edge), and then, two optimized algorithms are designed by classifying user mobilities into two categories (certain and uncertain moving trajectories). Specifically, a weight-based algorithm (M-Weight) and a mobility prediction–based heuristic algorithm (M-Predict) are proposed for the two types of user mobilities, respectively. Numerical results demonstrate that the two optimized algorithms can significantly lower the network overhead of user mobility–induced VM migration in mobile edge computing environments.     

A Cloud-Manager-Based Re-Encryption Scheme for Mobile Users in Cloud Environment: a Hybrid Approach

Cloud computing is an emerging computing paradigm that offers on-demand, flexible, and elastic computational and storage services for the end-users. The small and medium-sized business organization having limited budget can enjoy the scalable services of the cloud. However, the migration of the organizational data on the cloud raises security and privacy issues. To keep the data confidential, the data should be encrypted using such cryptography method that provides fine-grained and efficient access for uploaded data without affecting the scalability of the system. In mobile cloud computing environment, the selected scheme should be computationally secure and must have capability for offloading computational intensive security operations on the cloud in a trusted mode due to the resource constraint mobile devices. The existing manager-based re-encryption and cloud-based re-encryption schemes are computationally secured and capable to offload the computationally intensive data access operations on the trusted entity/cloud. Despite the offloading of the data access operations in manager-based re-encryption and cloud-based re-encryption schemes, the mobile user still performs computationally intensive paring-based encryption and decryption operations using limited capabilities of mobile device. In this paper, we proposed Cloud-Manager-based Re-encryption Scheme (CMReS) that combines the characteristics of manager-based re-encryption and cloud-based re-encryption for providing the better security services with minimum processing burden on the mobile device. The experimental results indicate that the proposed cloud-manager-based re-encryption scheme shows significant improvement in turnaround time, energy consumption, and resources utilization on the mobile device as compared to existing re-encryption schemes.     

面向服务的云数据挖掘引擎的研究

数据挖掘算法处理海量数据时,扩展性受到制约。在商业和科学研究的各个领域,知识发现的过程和需求差异较大,需要有效的机制来设计和运行各种类型的分布式数据挖掘应用。提出了一种面向服务的云数据挖掘引擎的框架CloudDM。不同于基于网格的分布式数据挖掘框架,CloudDM利用开源云计算平台Hadoop处理海量数据的能力,以面向服务的形式支持分布式数据挖掘应用的设计和运行,并描述面向服务的云数据挖掘引擎系统的关键部件和实现技术。依据面向服务的软件体系结构和基于云平台的数据挖掘引擎,可以有效解决海量数据挖掘中的海量数据存储、数据处理和数据挖掘算法互操作性等问题。     

面向HDFS的可证明安全的单点登录协议

针对Hadoop Distributed File System（HDFS）的安全机制中密钥管理复杂、用户需进行多次身份认证的问题,提出一个适合HDFS的基于身份的单点登录协议。协议采用了基于身份的密码技术实现了用户的单点登录,同时根据各个节点上一次为用户提供服务的情况对用户登录票据的流转过程进行了优化,并且运用Capser形式化证明工具对协议的安全性进行了证明。协议降低了HDFS在密钥管理上的开销,解决了用户访问HDFS可能需要频繁认证的问题,提高了登录票据流转的效率,同时协议还具有较高的安全性。理论分析和安全性验证表明,本协议对HDFS的安全高效运行有较大的帮助。