A lightweight anonymous authentication scheme for secure cloud computing services

The Journal of Supercomputing - Cloud computing represents the latest technology that has revolutionized the world of business. It is a promising solution giving companies the possibility of...     

An identity authentication scheme based on cloud computing environment

In order to solve the shortcomings of traditional identity authentication technology, such as low security, low efficiency, a mobile terminal identity authentication scheme based on cloud computing environment is proposed in this paper. In addition, the two-dimensional code technology is used for identity authentication in the cloud computing environment, and the QR coding technology is also used. The dynamic authentication of the mobile terminal is realized by using the two-dimensional code as the information transmission carrier. According to the security analysis, the scheme has simple structure and no need to use the third party equipment, which has high security and adaptability. Finally, the two fusion of two-dimensional code proposed in this paper provides a new way of thinking for the identity authentication based on the cloud environment, and also promotes the development of the Internet of things.     

基于Bloom Filter的加密数据库字段认证方案

为保证数据库中敏感数据的机密性与完整性,提出了一种新的基于Bloom Filter的加密数据库字段认证方案。该方案利用Bloom Filter的优良特性,为每一条记录生成一个认证向量和辅助更新向量,从而在保证敏感数据机密性和完整性的前提下,极大地降低了密文数据库的存储空间,并进一步提高了在密文数据库中查询和字段更新的效率。给出了在使用本方案形成的加密数据库上进行查询的方法,通过与已有方案的对比,进一步验证了该方案的可行性和高效性。     

Identity based secure authentication scheme based on quantum key distribution for cloud computing

Identity theft is the most recurrent twenty-first century cybercrime. Thus, authentication is of utmost significance as the number of hackers who seek to intrigue into legitimate user’s account to obtain sensitive information is increasing. Identity based authentication operates to corroborate the identity of the user so that only the legitimate user gets access to the service. This paper proposes a quantum identity based authentication and key agreement scheme for cloud server architecture. Quantum cryptography based on the laws of quantum physics is a vital technology for securing privacy and confidentiality in the field of network security. A formal security analysis has been performed using AVISPA tool that confirms the security of the proposed scheme. The security analysis of the proposed protocol proves that it is robust against all security attacks. To confirm applicability of quantum key distribution in cloud computing, a practical long-distance entanglement-based QKD experiment has been proposed. This experiment confirms successful generation of shifted keys over distance of 100 km of optical fiber with a key rate of 4.11 bit/s and an error rate of 9.21 %.     

云计算身份认证模型研究

云计算是在继承和融合众多技术基础上的一个突破性创新,已成为当前应用和研究的重点与热点。其中,云用户与云服务之间以及云平台中不同系统之间的身份认证与资源授权是确保云计算安全性的前提。在简要介绍云计算信息基础架构的基础上,针对云计算统一身份认证的特点和要求,综合分析了SAML2.0、OAuth2.0和Open ID2.0等技术规范的功能特点,提出了一种开放标准的云计算身份认证模型,为云计算中逻辑安全域的形成与管理提供了参考。     

A trustworthy agent-based encrypted access control method for mobile cloud computing environment

To strengthen the security of access control protocols for mobile cloud environment, dynamic attributes of mobile devices are used. The weak or disconnection issue of the mobile network is a critical task to deal with. The proposed approach provides access control as well as data confidentiality using dynamic attributes encryption. The pairs of mobile agents are used to deal with the issue of network connection. The secret key is distributed using the anonymous key-issuing protocol which preserves the anonymity of the user. The approach is implemented in a real mobile cloud environment, and the performance under various parameters is evaluated.     

A novel user-participating authentication scheme

When utilizing services over public networks, a remote user authentication mechanism forms a first line of defense by rejecting illegal logins from unauthorized users. On-line applications over the Internet such as E-learning, on-line games, etc. are ever more common; remote user participation via networks plays a vital role in security and should be guaranteed. Without this countermeasure, malicious users are likely to enable agents to communicate with remote on-line systems. While existing remote user authentication schemes rarely address this issue, this paper highlights the problem of guaranteeing remote user participation. This proposed user authentication scheme benefits from combining CAPTCHA techniques and visual secret sharing to ensure deliberate human interaction. This scheme provides mutual authentication and is secure against certain known attacks, as well as low in computation cost.     

用于云计算数据访问的多阶段身份认证

为有效解决云计算数据访问服务的隐私性和安全性问题,提出一种基于多阶段身份认证的云计算隐私保护数据访问算法.在注册阶段基于抑制方法将用户的个人信息存贮在云服务器中,在认证阶段采用口令、一次性令牌和条件属性来高效验证客户端的身份,在数据访问阶段使用数据加密/解密以便在云端实现更高的数据安全级别.将仿真结果与其它算法进行比较,验证了所提算法在隐私保护率、计算复杂度和身份认证精度方面均优于其它方法.     

A homomorphic encrypted reversible information hiding scheme for integrity authentication and piracy tracing

Reversible information hiding plays an important roles in the field of privacy protection. In this paper, a new reversible information hiding scheme is proposed which supports the direct operation in homomorphic encrypted domain. The proposed “Joint Hiding and Tracing, JHT” tactics and the “3 Level Integrity Authentication Scheme” devote to piracy tracing and integrity authentication. To enhance security, the Paillier homomorphic encryption and Arnold technology are employed. Furthermore, we present the dual region division tactics including Data/Signature region division and Texture/Smooth region division. Data/Signature region division is to circumvent conflicts, and Texture/Smooth region division is fit well with the human visual characteristics. Besides, neighboring quadratic optimization approach is presented to eliminate the smooth/texture isolated islands in the texture/smooth regions. In addition, Extended Integer Transform and position image are developed to achieve reversibility and circumvent overflow/underflow problems. Experimental results confirm the efficient of the proposed scheme, and demonstrate it not only realizes privacy protection, integrity authentication and piracy tracing, but also holds the characteristics of higher security, larger capacity and better restoration quality.     

Efficient multi-keyword ranked query over encrypted data in cloud computing

Cloud computing infrastructure is a promising new technology and greatly accelerates the development of large scale data storage, processing and distribution. However, security and privacy become major concerns when data owners outsource their private data onto public cloud servers that are not within their trusted management domains. To avoid information leakage, sensitive data have to be encrypted before uploading onto the cloud servers, which makes it a big challenge to support efficient keyword-based queries and rank the matching results on the encrypted data. Most current works only consider single keyword queries without appropriate ranking schemes. In the current multi-keyword ranked search approach, the keyword dictionary is static and cannot be extended easily when the number of keywords increases. Furthermore, it does not take the user behavior and keyword access frequency into account. For the query matching result which contains a large number of documents, the out-of-order ranking problem may occur. This makes it hard for the data consumer to find the subset that is most likely satisfying its requirements. In this paper, we propose a flexible multi-keyword query scheme, called MKQE to address the aforementioned drawbacks. MKQE greatly reduces the maintenance overhead during the keyword dictionary expansion. It takes keyword weights and user access history into consideration when generating the query result. Therefore, the documents that have higher access frequencies and that match closer to the users’ access history get higher rankings in the matching result set. Our experiments show that MKQE presents superior performance over the current solutions.     

MASHED: Security and privacy-aware mutual authentication scheme for heterogeneous and distributed mobile cloud computing services

ABSTRACT

Rapid development in mobile devices and cloud computing technologies has increased the number of mobile services from different vendors on the cloud platform. However, users of these services are facing different security and access control challenges due to the nonexistence of security solutions capable of providing secure access to these services, which are from different vendors, using a single key. An effective security solution for heterogeneous Mobile Cloud Computing (MCC) services should be able to guarantee confidentiality and integrity through single key-based authentication scheme. Meanwhile, a few of the existing authentication schemes for MCC services require different keys to access different services from different vendors on a cloud platform, thus increases complexity and overhead incurred through generation and storage of different keys for different services.

In this paper, an efficient mutual authentication scheme for accessing heterogeneous MCC services is proposed. The proposed scheme combines the user’s voice signature with cryptography operations to evolve efficient mutual authentication scheme devoid of key escrow problem and allows authorized users to use single key to access the heterogeneous MCC services at a reduced cost.     

云计算架构下的动态副本管理策略

为有效管理云计算环境中的数据副本,减少系统带宽消耗、最小化响应时间和平衡负载,提出了一种动态副本管理策略.通过建立文件可用性和副本数量间的关系模型来计算系统应维持的最小副本数量;基于数据被请求访问的次数和传输花费进行副本放置;数据被请求时结合节点间带宽和节点效用选择副本.实验结果表明了该策略的正确性有效性.     

面向云计算服务的鉴权协议研究

5G通信技术的快速落地,面向云计算服务的系统迎来了全新机遇与挑战,用户通过移动泛在网络可在任何时间、任何地点远程登录该系统获取所需的云计算服务。面向云计算服务的系统的鉴权协议能够实现用户远程服务过程中身份认证与数据保护密钥生成,可抵御一系列潜在的网络攻击威胁,确保个人服务数据机密性与隐私性。基于生物特征验证技术提出了一个新的面向云计算服务系统鉴权协议。在该协议中,服务器与用户能够在交互流程中完成相互之间的身份鉴别,确保两者间协商的会话工作密钥的机密性,并通过BAN-逻辑形式化证明了该鉴权协议的完整性与正确性。与近期提出的相关协议相比,新提出的面向云计算服务系统鉴权协议在安全性能上优势较为突出。     

云计算中加密数据的模糊关键字搜索方法

传统的可搜索加密方案仅支持精确匹配的搜索,在效率和性能上都不能适应云计算环境。用支持多种字符串相似性操作的R+树构建索引,实现了云计算中对加密数据的模糊关键字搜索;用编辑距离来量化关键字的相似度,提出了一种可以返回与关键字更接近的文件检索方法。通过字符串聚类提高了模糊关键字搜索的效率。     

A privacy-preserving multi-keyword ranked retrieval scheme in cloud computing

ABSTRACT

Big data and cloud computing could bring security problems. In order to ensure data security and user privacy, people would choose to store data in the cloud with ciphertext. How to search data efficiently and comprehensively without decryption has become the focus of this paper. In this paper, we propose an efficient privacy protection scheme. In this scheme, Elliptic Curve Cryptography (ECC) is adopted to encrypt the data. It can reduce the computing cost of encryption and decryption uploading the encrypted files and indexes to the cloud server. Then it can authorize users to generate trap door using hash conflict function, and send it to Cloud Service Provider (CSP) for searching for matched ciphertext. The CSP uses the Apriori algorithm to extend keywords and search index to match the ciphertext. In this paper, we will use the Apriori algorithm to extend the keywords’ semantics, match the index list based on these keywords, and return the requested file-set which is more consistent with the user’s search. Experiments show that compared with traditional methods, files can be encrypted, decrypted, and recovered more quickly when we use this method. It can also ensure the privacy of data and reduce the communication overhead.     

Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card

The Journal of Supercomputing - The password-based authentication mechanism is considered as the oldest and the most used method. It is easy to implement, and it does not require any particular...     

云环境下基于秘密共享的海洋遥感影像认证方案

云存储模式的出现为海量海洋遥感影像的存储和管理带来了机遇,越来越多的用户选择将海洋遥感影像数据移植到云中,但云存储环境的开放性对海洋遥感影像数据的安全性提出了挑战。以保障云环境下海洋遥感敏感数据的安全性为前提,提出一种影像认证方案,将哈希函数与(k,n)门限秘密共享方法相结合,检测敏感区影像信息变化,并对加密前和恢复后的影像进行一致性验证,保护加密影像数据的机密性。同时,为避免n个子秘密中,因多于n-k个子秘密的篡改或丢失,造成敏感区影像不可恢复情况的发生,采用对敏感区影像进行分块的策略,对每个子影像块做进一步的秘密共享处理,以保证部分影像的无损恢复。实验对比分析表明,所提出的安全认证方案可以有效防止秘密恢复过程中的欺诈行为,同时可获得比传统方法更高的遥感影像云存储安全性。     

A user requirements-oriented privacy policy self-adaption scheme in cloud computing

In an ever-changing environment, Software as a Service (SaaS) can rarely protect users’ privacy. Being able to manage and control the privacy is therefore an important goal for SaaS. Once the participant of composite service is substituted, it is unclear whether the composite service satisfy user privacy requirement or not. In this paper, we propose a privacy policies automatic update method to enhance user privacy when a service participant change in the composite service. Firstly, we model the privacy policies and service variation rules. Secondly, according to the service variation rules, the privacy policies are automatically generated through the negotiation between user and service composer. Thirdly, we prove the feasibility and applicability of our method with the experiments. When the service quantity is 50, ratio that the services variations are successfully checked by monitor is 81%. Moreover, ratio that the privacy policies are correctly updated is 93.6%.