共查询到20条相似文献,搜索用时 0 毫秒
1.
Lack of widely available Internet security has discouraged some commercial users. The author describes efforts to make cryptographic security more widely available and looks at efforts to secure the Internet infrastructure. Security capabilities must continue to evolve to meet increasingly sophisticated threats. The Internet community is now more aware of the importance of security. This awareness, coupled with new technology, should produce a much more secure Internet that is appropriate for widespread commercial use 相似文献
2.
3.
4.
In recent years, the cloud has emerged as an attractive means for hosting and delivering services over the Internet. This has resulted in a renewed focus on information security in the case where data is stored in the virtual space of the cloud and is not physically accessible to the customer. This paper addresses the increasing security concerns of migrating to the cloud and utilising it for data storage, focusing on securing data in an untrusted cloud environment and ensuring detailed data access control in the cloud. Two Conceptual designs have been devised by exploring and extending the boundaries of existing secure data-storage schemes, and then combining these with well-known security principles and cutting-edge research within the field of cryptography. To further validate the conceptual designs, proof of concept prototypes have been constructed. 相似文献
5.
6.
Geri Georg Indrakshi Ray Kyriakos Anastasakis Behzad Bordbar Manachai Toahchoodee Siv Hilde Houmb 《Information and Software Technology》2009,51(5):846-864
We propose a methodology, based on aspect-oriented modeling (AOM), for incorporating security mechanisms in an application. The functionality of the application is described using the primary model and the attacks are specified using aspects. The attack aspect is composed with the primary model to obtain the misuse model. The misuse model describes how much the application can be compromised. If the results are unacceptable, then some security mechanism must be incorporated into the application. The security mechanism, modeled as security aspect, is composed with the primary model to obtain the security-treated model. The security-treated model is analyzed to give assurance that it is resilient to the attack. 相似文献
7.
Nikos Mavrogiannopoulos Andreas Pashalidis Bart Preneel 《International Journal of Information Security》2014,13(3):217-228
Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user’s card enables an adversary to impersonate that user for an indefinite period of time, even after the adversary’s access to the card is revoked. In this paper, we extend Shoup’s key exchange security model to the smart card setting and examine PKINIT in this model. Using this formalization, we show that PKINIT is indeed flawed, propose a fix, and provide a proof that this fix leads to a secure protocol. 相似文献
8.
Sheng-Cheng Yeh Ming-Yang Su Hui-Hui Chen Chun-Yuen Lin 《Journal of Network and Computer Applications》2013,36(6):1632-1641
The demand for cloud-based collaborative editing service is rising along with the tremendously increased popularity in cloud computing. In the cloud-based collaborative editing environment, the data are stored in the cloud and able to be accessed from everywhere through every compatible device with the Internet. The information is shared with every accredited user in a group. In other words, multiple authorized users of the group are able to work on the same document and edit the document collaboratively and synchronously online. Meanwhile, during the whole collaborative editing process, the encryption technique is eventually applied to protect and secure the data. The encryption for the collaborative editing, however, could require much time to operate. To elevate the efficiency of the encryption, this study first analyzes the text editing in the collaborative service and presents a framework of the Red–Black tree, named as rbTree-Doc. The rbTree-Doc can reduce the amount of data to be encrypted. Although the trade-off for creating the Red–Black tree introduces extra cost, the experimental results of using rbTree-Doc in text editing operations, such as insertion and removal, show improved efficiency compared with other whole-document encryption strategy. Using rbTree-Doc, the efficiency is improved by 31.04% compared to that 3DES encryption is applied and by 23.94% compared to that AES encryption is applied. 相似文献
9.
On designing usable and secure recognition-based graphical authentication mechanisms 总被引:1,自引:0,他引:1
In this article we present the development of a new, web-based, graphical authentication mechanism called ImagePass. The authentication mechanism introduces a novel feature based on one-time passwords that increases the security of the system without compromising its usability. Regarding usability, we explore the users’ perception of recognition-based, graphical authentication mechanisms in a web environment. Specifically, we investigate whether the memorability of recognition-based authentication keys is influenced by image content. We also examine how the frequency of use affects the usability of the system and whether user training via mnemonic instructions improves the graphical password recognition rate. The design and development process of the proposed system began with a study that assessed how the users remember abstract, face or single-object images, and showed that single-object images have a higher memorability rate. We then proceeded with the design and development of a recognition-based graphical authentication mechanism, ImagePass, which uses single-objects as the image content and follows usable security guidelines. To conclude the research, in a follow-up study we evaluated the performance of 151 participants under different conditions. We discovered that the frequency of use had a great impact on users’ performance, while the users’ gender had a limited task-specific effect. In contrast, user training through mnemonic instructions showed no differences in the users’ authentication metrics. However, a post-study, focus-group analysis revealed that these instructions greatly influenced the users’ perception for memorability and the usability of the graphical authentication. In general, the results of these studies suggest that single-object graphical authentication can be a complementary replacement for traditional passwords, especially in ubiquitous environments and mobile devices. 相似文献
10.
The Personal Cloud paradigm has emerged as a solution that allows individuals to manage under their control the collection, usage and sharing of their data. However, by regaining the full control over their data, the users also inherit the burden of protecting it against all forms of attacks and abusive usages. The Secure Personal Cloud architecture relieves the individual from this security task by employing a secure token (i.e., a tamper-resistant hardware device) to control all the sensitive information (e.g., encryption keys, metadata, indexes) and operations (e.g., authentication, data encryption/decryption, access control, and query processing). However, secure tokens are usually equipped with extremely low RAM but have significant Flash storage capacity (Gigabytes), which raises important barriers for embedded data management. This paper presents a new embedded search engine specifically designed for secure tokens, which applies to the important use-case of managing and securing documents in the Personal Cloud context. Conventional search engines privilege either insertion or query scalability but cannot meet both requirements at the same time. Moreover, very few solutions support data deletions and updates in this context. In this paper, we introduce three design principles, namely Write-Once Partitioning, Linear Pipelining and Background Linear Merging, and show how they can be combined to produce an embedded search engine matching the hardware constraints of secure tokens and reconciling high insert/delete/update rate and query scalability. Our experimental results, obtained with a prototype running on a representative hardware platform, demonstrate the scalability of the approach on large datasets and its superiority compared to state of the art methods. Finally, we also discuss the integration of our solution in another important real use-case related to performing information retrieval in smart objects. 相似文献
11.
云计算是互联网发展的趋势,也是物联网应用的重要技术支撑。随着云计算的深入应用,云计算安全问题成为最引人关注的焦点之一。在分析云计算一般框架结构的基础上,根据云计算服务器可统一管理的特点,针对云内部的通信安全问题设计了一种云内部简单安全通信模型(SSCMIC),通过同步密钥流实现密文通信,以增强云的安全性。 相似文献
12.
13.
Feng Zhu Matt Mutka Anish Bivalkar Abdullah Demir Yue Lu Chockalingam Chidambarm 《Frontiers of Computer Science in China》2010,4(3):311-323
With the advances in and convergence of Internet technologies, embedded computers, and wireless communication, computing devices
have become part of our daily life. Hand-held devices and sensors with wireless connections create opportunities for many
new nomadic applications. Service discovery is an essential component for cognitive science to discover existing network services
just-in-time. Unlike many other approaches, we propose a service discovery model supporting nomadic users and services in
public environments. Our model emphasizes secure and private service discovery in such environments. Location sensing is integrated
for location dependent service discovery and is used to lessen service discovery network infrastructure requirements. We analyze
the system performance and show our formal verification of the protocols. Our implementation shows that our model is feasible. 相似文献
14.
Feng ZHU Anish BIVALKAR Abdullah DEMIR Yue LU Chockalingam CHIDAMBARM Matt MUTKA 《Frontiers of Computer Science》2010,4(3):311
With the advances in and convergence of Internet technologies, embedded computers, and wireless communication, computing devices have become part of our daily life. Hand-held devices and sensors with wireless connections create opportunities for many new nomadic applications. Service discovery is an essential component for cognitive science to discover existing network services just-in-time. Unlike many other approaches, we propose a service discovery model supporting nomadic users and services in public environments. Our model emphasizes secure and private service discovery in such environments. Location sensing is integrated for location dependent service discovery and is used to lessen service discovery network infrastructure requirements. We analyze the system performance and show our formal verification of the protocols. Our implementation shows that our model is feasible. 相似文献
15.
16.
International Journal of Information Security - Cloud communication is an intrinsic aspect of cloud architecture. It is an internet-based communication that enables access to millions of cloud... 相似文献
17.
18.
Xuan Li Jin Li Faliang Huang 《Soft Computing - A Fusion of Foundations, Methodologies and Applications》2016,20(4):1437-1448
Deduplication is an important technology in the cloud storage service. For protecting user privacy, sensitive data usually have to be encrypted before outsourcing. This makes secure data deduplication a challenging task. Although convergent encryption is used to securely eliminate duplicate copies on the encrypted data, these secure deduplication techniques support only exact data deduplication. That is, there is no tolerance of differences in traditional deduplication schemes. This requirement is too strict for multimedia data including image. For images, typical modifications such as resizing and compression only change their binary presentation but maintain human visual perceptions, which should be eliminated as duplicate copies. Those perceptual similar images occupy a lot of storage space on the remote server and greatly affect the efficiency of deduplication system. In this paper, we first formalize and solve the problem of effective fuzzy image deduplication while maintaining user privacy. Our solution eliminates duplicated images based on the measurement of image similarity over encrypted data. The robustness evaluation is given and demonstrates that this fuzzy deduplication system is able to duplicate perceptual similar images, which optimizes the storage and bandwidth overhead greatly in cloud storage service. 相似文献
19.
Hammami Hamza Yahia Sadok Ben Obaidat Mohammad S. 《The Journal of supercomputing》2021,77(2):1693-1713
The Journal of Supercomputing - Cloud computing represents the latest technology that has revolutionized the world of business. It is a promising solution giving companies the possibility of... 相似文献
20.
Cloud computing is a novel computing model that enables convenient and on-demand access to a shared pool of configurable computing resources. Auditing services are highly essential to make sure that the data is correctly hosted in the cloud. In this paper, we investigate the active adversary attacks in three auditing mechanisms for shared data in the cloud, including two identity privacy-preserving auditing mechanisms called Oruta and Knox, and a distributed storage integrity auditing mechanism. We show that these schemes become insecure when active adversaries are involved in the cloud storage. Specifically, an active adversary can arbitrarily alter the cloud data without being detected by the auditor in the verification phase. We also propose a solution to remedy the weakness without sacrificing any desirable features of these mechanisms. 相似文献