A scalable Cloud-based system for data-intensive spatial analysis

Advances in Cloud computing technology and the availability of affordable and easy to use Cloud services are enabling a multitude of scientific applications to use these resources as primary or secondary computing infrastructure. The urban and built environment research domain is one area that can benefit greatly from Cloud computing. The global population growth and increase in the size and population of cities raise many challenges for governments, planners and researchers alike. The Australian Urban Research Infrastructure Network (AURIN—http://www.aurin.org.au) project has been tasked with developing an advanced platform (e-Infrastructure) across Australia to tackle these challenges. The platform leverages large-scale Cloud resources to provide federated data access to, at present over 1100 data sets from major and often definitive government and industry data-rich organisations, and for scalable data processing and visualisation. The original AURIN tools were developed using the object modelling system (OMS) and supported integrated workflows to define and enact/re-enact scientific processes. More recently the work has evolved to focus more on delivery of a workbench offering a rich range of tools delivered through an extensible workflow environment. In this paper, we provide the background to AURIN including the scientific drivers that are shaping the work and the realisation of the Cloud-based AURIN environment. We focus in particular on the workflow environment and show how it seamlessly utilizes the Cloud for urban research processes focused especially on data-intensive spatial analysis. We illustrate the utilisation of this workflow environment across a range of case studies reflecting urban research activities.     

数据库服务——安全与隐私保护

主要从数据的机密性、数据的完整性、数据的完备性、查询隐私保护以及访问控制策略这5 个关键技 术,综述国际上在数据库服务——安全与隐私保护方面的研究进展.数据的机密性主要从基于加密和基于数据分布 展开分析;数据的完整性和完备性主要从基于签名、基于挑战-响应和基于概率的方法展开分析;查询隐私保护和访 问控制策略主要从目前存在的问题展开分析.最后展望了数据库服务——安全与隐私保护领域未来的研究方向、存 在的问题及面临的挑战.     

Scalable and Privacy-Preserving Data Sharing Based on Blockchain

With the development of network technology and cloud computing, data sharing is becoming increasingly popular, and many scholars have conducted in-depth research to promote its flourish. As the scale of data sharing expands, its privacy protection has become a hot issue in research. Moreover, in data sharing, the data is usually maintained in multiple parties, which brings new challenges to protect the privacy of these multi-party data. In this paper, we propose a trusted data sharing scheme using blockchain. We use blockchain to prevent the shared data from being tampered, and use the Paillier cryptosystem to realize the confidentiality of the shared data. In the proposed scheme, the shared data can be traded, and the transaction information is protected by using the (p, t)-threshold Paillier cryptosystem. We conduct experiments in cloud storage scenarios and the experimental results demonstrate the efficiency and effectiveness of the proposed scheme.     

An effective data placement strategy for IIoT applications

With the rapid development of the Internet of things (IoT) and mobile communication technology, the amount of data related to industrial Internet of things (IIoT) applications has shown a trend of explosive growth, and hence edge-cloud collaborative environment becomes one of the most popular paradigms to place the IIoT applications data. However, edge servers are often heterogeneous and capacity limited while having lower access delay, so there is a contradiction between capacity and latency while using edge storage. Additionally, when IIoT applications deployed crossing edge regions, the impact of data replication and data privacy should not be ignored. These factors often pose challenges to proposing an effective data placement strategy to take full advantage of edge storage. To address these challenges, an effective data placement strategy for IIoT applications is designed in this article. We first analyze the data access time and data placement cost in an edge-cloud collaborative environment, with the consideration of data replication and data privacy. Then, we design a data placement strategy based on $$-constraint and Lagrangian relaxation, to reduce the data access time and meanwhile limit the data placement cost to an ideal level. As a result, our proposed data placement strategy can effectively reduce data access time and control data placement costs. Simulation and comparative analysis results have demonstrated the validity of our proposed strategy.     

Resource allocation in cooperative cognitive radio networks towards secure communications for maritime big data systems

In this paper, an innovative framework labeled as cooperative cognitive maritime big data systems (CCMBDSs) on the sea is developed to provide opportunistic channel access and secure communication. A two-phase frame structure is applied to let Secondary users (SUs) entirely utilize the transmission opportunities for a portion of time as the reward by cooperation with Primary users (PUs). Amplify-and-forward (AF) relaying mode is exploited in SU nodes, and Backward induction method based Stackelberg game is employed to achieve optimal determination of SU, power consumption and time portion of cooperation both for non-secure communication scenario and secure communication. Specifically, a jammer-based secure communications scheme is developed to maximize the secure utility of PU, to confront of the situation that the eavesdropper could overheard the signals from SU _i and the jammer. Close-form solutions for the best access time portion as well as the power for SU _i and jammer are derived to realize the Nash Equilibrium. Simulation results validate the effectiveness of our proposed strategy.     

A Privacy-Preserving Compression Storage Method for Large Trajectory Data in Road Network

The prevalence of GPS applications and other mobile devices has led to the accumulation of a large amount of trajectory data that contains valuable information for intelligent transportation, route planning, city computing etc. However, massive data not only brings new challenges to data storage and retrieval but also leads to serious privacy risks because of the abundant spatiotemporal information. In this paper, we propose a storage scheme that strikes a balance between the compression ratio and precision. We then introduce a road segment generalization method to address privacy issues stemming from sensitive places. Next, we design a two-layer index mechanism to provide an effective retrieval. Furthermore, a privacy preserving storage system PP-TrajStore is implemented. It provides efficient storage based on a road segment compression scheme, preserves privacy by employing sensitive segment generalization technologies, and achieves rapid retrieval by a two-layer index strategy. Finally, a realworld dataset is utilized to demonstrate the performance of PP-TrajStore     

Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography

Radio frequency identification (RFID) is a wireless technology for automatic identification and data capture. Security and privacy issues in the RFID systems have attracted much attention. Many approaches have been proposed to achieve the security and privacy goals. One of these approaches is RFID authentication protocols by which a server and tags can authorize each other through an intracity process. Recently, Chou proposed a RFID authentication protocol based on elliptic curve cryptography. However, this paper demonstrates that the Chou’s protocol does not satisfy tag privacy, forward privacy and authentication, and server authentication. Based on these security and privacy problems, we also show that Chou’s protocol is defenseless to impersonation attacks, tag cloning attacks and location tracking attacks. Therefore, we propose a more secure and efficient scheme, which does not only cover all the security flaws and weaknesses of related previous protocols, but also provides more functionality. We prove the security of the proposed improved protocol in the random oracle model.     

数据库服务——安全与隐私保护

主要从数据的机密性、数据的完整性、数据的完备性、查询隐私保护以及访问控制策略这5个关键技术,综述国际上在数据库服务--安全与隐私保护方面的研究进展.数据的机密性主要从基于加密和基于数据分布展开分析;数据的完整性和完备性主要从基于签名、基于挑战-响应和基于概率的方法展开分析;查询隐私保护和访问控制策略主要从目前存在的问题展开分析.最后展望了数据库服务--安全与隐私保护领域未来的研究方向、存在的问题及面临的挑战.     

Would you mind being watched by machines? Privacy concerns in data mining

Data mining is not an invasion of privacy because access to data is only by machines, not by people: this is the argument that is investigated here. The current importance of this problem is developed in a case study of data mining in the USA for counterterrorism and other surveillance purposes. After a clarification of the relevant nature of privacy, it is argued that access by machines cannot warrant the access to further information, since the analysis will have to be made either by humans or by machines that understand. It concludes that the current data mining violates the right to privacy and should be subject to the standard legal constraints for access to private information by people.

---

Privacy-preserving conjunctive keyword search on encrypted data with enhanced fine-grained access control

Cloud storage over the internet gives opportunities for easy data sharing. To preserve the privacy of sharing data, the outsourced data is usually encrypted. The searchable encryption technique provides a solution to find the target data in the encrypted form. And the public-key encryption with keyword search is regarded as a major approach for the searchable encryption technique. However, there are still several privacy leakage challenges for the further adoption of these major schemes. One is how to resist the keyword guessing attack which still leaks data user’s keywords privacy. Another is how to construct the access control policy to prevent illegal access of outsourced data sharing since illegal access always leak the privacy of user’s attribute. In our paper, we firstly try to design a novel secure keyword index to resist the keyword guessing attack from access pattern and search pattern. Second, we propose an attribute-based encryption scheme which supports an enhanced fine-grained access control search. This allows the authenticated users to access different data although their searching request contains the same queried keywords, and meanwhile unauthenticated users cannot get any attribute privacy information. Third, we give security proofs to show that the construction of keyword index is against keyword guessing attack from the access pattern and search pattern, and our scheme is proved to be IND-CPA secure (the indistinguishability under chosen plaintext attack) under the standard model. Finally, theoretical analyses and a series of experiments are conducted to demonstrate the efficiency of our scheme.

     

Building a high-performance,programmable secure coprocessor

Secure coprocessors enable secure distributed applications by providing safe havens where an application program can execute (and accumulate state), free of observation and interference by an adversary with direct physical access to the device. However, for these coprocessors to be effective, participants in such applications must be able to verify that they are interacting with an authentic program on an authentic, untampered device. Furthermore, secure coprocessors that support general-purpose computation and will be manufactured and distributed as commercial products must provide these core sanctuary and authentication properties while also meeting many additional challenges, including:

• •the applications, operating system, and underlying security management may all come from different, mutually suspicious authorities;
• •configuration and maintenance must occur in a hostile environment, while minimizing disruption of operations;
• •the device must be able to recover from the vulnerabilities that inevitably emerge in complex software;
• •physical security dictates that the device itself can never be opened and examined; and
• •ever-evolving cryptographic requirements dictate that hardware accelerators be supported by reloadable on-card software.

This paper summarizes the hardware, software, and cryptographic architecture we developed to address these problems. Furthermore, with our colleagues, we have implemented this solution, into a commercially available product.     

LESPP: lightweight and efficient strong privacy preserving authentication scheme for secure VANET communication

Authentication in vehicular ad-hoc network (VANET) is still a research challenge, as it requires not only secure and efficient authentication, but also privacy preservation. In this paper, we proposed a lightweight and efficient authentication scheme (LESPP) with strong privacy preservation for secure VANET communication. The proposed scheme utilizes self-generated pseudo identity to guarantee both privacy preservation and conditional traceability, and it only requires a lightweight symmetric encryption and message authentication code (MAC) generation for message signing and a fast MAC re-generation for verification. Compared with currently existing public key based schemes, the proposed scheme significantly reduces computation cost by \(10^2\)–\(10^3\) times and decreases communication overhead by 41.33–77.60 %, thus achieving resilience to denial of service (DoS) attack. In LESPP, only key management center can expose a vehicle’s real identity from its pseudo identity, therefore, LESPP provides strong privacy preservation so that the adversaries cannot trace any vehicles, even if all roadside units are compromised. Furthermore, vehicles in LESPP need not maintain certificate revocation list (CRL), so any CRL related overhead is avoided. Extensive simulations reveal that the novel scheme is feasible and has an outstanding performance of nearly 0 ms network delay and 0 % packet loss ratio, which are especially appropriate for realtime emergency event reporting applications.     

RaumComputer

The RoomComputer is an embedded system and as such offers unprecedented chances to manage buildings. Several RoomComputers can be networked via the Intra-/Internet, which makes it possible to monitor, control, and manage rooms and buildings on a unified worldwide accessible platform, irrespective of any particular local technology. It can be easily installed in any building and gives access to a full set of services. It implements a distributed system, which provides secure and controlled access to services like

1. control of light, heating, ventilation, air and climate
2. communication facilities like unified messaging, telephone, fax, etc.
3. reservation of rooms and required resources
4. localization of persons and equipment within rooms and buildings
5. entrance control (i.e. locking/unlocking doors)
6. organization of maintenance and house keeping, and
7. charging and billing.

     

Enhancing data utility in differential privacy via microaggregation-based k-anonymity

It is not uncommon in the data anonymization literature to oppose the “old” \(k\) -anonymity model to the “new” differential privacy model, which offers more robust privacy guarantees. Yet, it is often disregarded that the utility of the anonymized results provided by differential privacy is quite limited, due to the amount of noise that needs to be added to the output, or because utility can only be guaranteed for a restricted type of queries. This is in contrast with \(k\) -anonymity mechanisms, which make no assumptions on the uses of anonymized data while focusing on preserving data utility from a general perspective. In this paper, we show that a synergy between differential privacy and \(k\) -anonymity can be found: \(k\) -anonymity can help improving the utility of differentially private responses to arbitrary queries. We devote special attention to the utility improvement of differentially private published data sets. Specifically, we show that the amount of noise required to fulfill \(\varepsilon \) -differential privacy can be reduced if noise is added to a \(k\) -anonymous version of the data set, where \(k\) -anonymity is reached through a specially designed microaggregation of all attributes. As a result of noise reduction, the general analytical utility of the anonymized output is increased. The theoretical benefits of our proposal are illustrated in a practical setting with an empirical evaluation on three data sets.     

基于CP-ABE和XACML多权限安全云存储访问控制方案

为了保护云存储系统中用户数据的机密性和用户隐私,提出了一种基于属性加密结合XACML框架的多权限安全云存储访问控制方案。通过CP-ABE加密来保证用户数据的机密性,通过XACML框架实现基于属性细粒度访问控制。云存储系统中的用户数据通过对称加密机制进行加密,对称密钥采用CP-ABE加密。仿真实验表明,该方案是高效灵活并且安全的。安全性分析表明,该方案能够抵抗共谋攻击,具有数据机密性以及后向前向保密性。     

Secure and efficient anonymization of distributed confidential databases

Let us consider the following situation: \(t\) entities (e.g., hospitals) hold different databases containing different records for the same type of confidential (e.g., medical) data. They want to deliver a protected version of this data to third parties (e.g., pharmaceutical researchers), preserving in some way both the utility and the privacy of the original data. This can be done by applying a statistical disclosure control (SDC) method. One possibility is that each entity protects its own database individually, but this strategy provides less utility and privacy than a collective strategy where the entities cooperate, by means of a distributed protocol, to produce a global protected dataset. In this paper, we investigate the problem of distributed protocols for SDC protection methods. We propose a simple, efficient and secure distributed protocol for the specific SDC method of rank shuffling. We run some experiments to evaluate the quality of this protocol and to compare the individual and collective strategies for solving the problem of protecting a distributed database. With respect to other distributed versions of SDC methods, the new protocol provides either more security or more efficiency, as we discuss through the paper.     

BlindIdM: A privacy-preserving approach for identity management as a service

Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time, it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper, we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data confidentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.     

If you haven’t read the book…

If you do not have the time to read that excellent book Implementing IPsec, Making Security Work on VPNs, Intranets and Extranets (Kaufman, E. and Newman, A., Wiley, 1999), perhaps you do have time to fine hone your learning curve and access a more potted version at http://csrc.nist.gov/ipsec. Firstly, let us remind ourselves about the security services that Ipsec provides: data origin authentication, connectionless integrity, replay protection, data confidentiality, limited traffic flow confidentiality and key negotiation and management.     

An online platform for conducting spatial-statistical analyses of national census data across Australia

In recent years there have been significant advances in online planning and decision support systems that encompass spatial and statistical analysis and visualisation services. In this paper we provide an analysis and evaluation of one particular online spatial-statistical platform, known as the Australian Urban Research Infrastructure Network (AURIN) portal. By adopting the Statistical Data and Metadata Exchange (SMDX) format, more than 500 socio-economic data products can be dynamically searched, browsed, accessed and analysed via the AURIN portal. The significance of this approach is that urban geographers can access both the datasets and statistical analysis tools via the same online Portal and thus in theory, conduct their research more efficiently.In conducting our research we specifically focus on three practical use cases which utilise machine-to-machine access from the AURIN portal to the national census data maintained by the Australian Bureau of Statistics (ABS). The first use case involves location quotient analysis in New South Wales to analyse the financial sector. The second use case focuses on understanding economic growth across industry sectors across Queensland using shift-share analysis. The third use case aims to identify spatial autocorrelation between low income and other spatial variables in South Australia. Through this in-depth case study approach we have identified there are some strengths and weaknesses with the AURIN portal. We have demonstrated that the portal can successfully search, interrogate and visualise spatial-statistical data from across Australia. We have also demonstrated that the AURIN portal can successfully conduct simple spatial-statistical analysis all via a single online platform. However, we have also found there remains significant challenges in manipulating and visualising complex multi-dimensional datasets through the portal. Yet these challenges are not considered insurmountable and further research should endeavour to address them. In conclusion, it is important to highlight that online platforms such as the AURIN portal hold significant promise as effective planning and decision support systems which can be used to better shape our cities.     

Outlier-eliminated k-means clustering algorithm based on differential privacy preservation

Individual privacy may be compromised during the process of mining for valuable information, and the potential for data mining is hindered by the need to preserve privacy. It is well known that k-means clustering algorithms based on differential privacy require preserving privacy while maintaining the availability of clustering. However, it is difficult to balance both aspects in traditional algorithms. In this paper, an outlier-eliminated differential privacy (OEDP) k-means algorithm is proposed that both preserves privacy and improves clustering efficiency. The proposed approach selects the initial centre points in accordance with the distribution density of data points, and adds Laplacian noise to the original data for privacy preservation. Both a theoretical analysis and comparative experiments were conducted. The theoretical analysis shows that the proposed algorithm satisfies ε-differential privacy. Furthermore, the experimental results show that, compared to other methods, the proposed algorithm effectively preserves data privacy and improves the clustering results in terms of accuracy, stability, and availability.