Research on technology of data encryption and search based on access broker

Broker executed searchable encryption (BESE) scheme was proposed for the confidentiality issues of cloud application data.The scheme did not need to modify the cloud application or user habits,thus had strong applicability.Firstly,systematic and quantitative analysis on BESE scheme was conducted in terms of query expressiveness,performance and security.Then,the main challenges of BESE scheme including securely sharing index and encrypted data between brokers were pointed out,and corresponding schemes were proposed to address the above challenges.The experimental results show that the BESE scheme can effectively protect the user data in the cloud,achieve a variety of search functions,and has high efficiency and security.     

基于大数据视角下的数据加密技术研究

本文系统性的对大数据视角下数据加密技术方面易出现的的问题进行了详细阐述,力求做到发现问题、了解问题,并高效的解决一切已经出现或可能出现的新难题,并同时做到防患于未然.结果采用了有效的数据加密技术,的确是面对和解决大数据安全问题行之有效的方法,并对改进大数据视角下的数据加密技术进行了总结,提出了更加有用的建议.     

云存储中的数据持有性证明研究综述

数据的持有性证明允许用户随时知道其数据是否仍然有效地保存在云存储平台中,以及是否可以随时、随地获取到该数据,这是云存储安全中的一个重要的挑战性问题。介绍了数据持有性证明的模型和衡量指标体系,分析了3种证明方案,并全面比较了6种常见的方法,最后给出了未来需要注意的研究方向。     

云存储环境下的密文安全共享机制

With the convenient of storing and sharing data in cloud storage environment,the concerns about data security arised as well.To achieve data security on untrusted servers,user usually stored the encrypted data on the cloud storage environment.How to build a cipertext-based access control scheme became a pot issue.For the access control problems of ciphertext in cloud storage environment,a CP-ABE based data sharing scheme was proposed.Novel key generation and distribution strategies were proposed to reduce the reliance on a trusted third party.Personal information was added in decryption key to resistant conclusion attacks at the same time.Moreover,key revocation scheme was proposed to provide the data backward secrecy.The security and implement analysis proves that proposed scheme is suit for the real application environment.     

基于云计算的作战数据存储系统研究

为了解决部队战斗时产生的海量数据的存储问题,做了一种基于云计算的作战数据存储系统的实验。通过实际的应用,该方案可以很好地克服现行的存储方式存在的不足,有效提高部队战斗效率。     

数据加密技术在计算机安全中的应用分析

计算机网络应用广泛,不仅提高了人们的学习效率与工作效率,还可以提高人们查阅信息的速度,为人们提供便捷,同时,也实现了网络信息的公开化.因此,网络安全成为一个重要的问题,在实际运用中,了解计算机病毒以及网络黑客对网络的威胁性,分析计算机安全中存在的安全隐患,根据算法的结构、步骤,了解计算机加密技术在计算机安全中的应用,发挥数据加密技术在计算机安全中的作用具有重要价值.     

云环境下基于属性加密体制算法加速方案

云计算为租户提供存储、计算和网络服务,数据安全保护和租户间的数据共享与访问控制是其必不可少的能力。基于属性的加密体制是一种一对多的加密体制,可以根据用户属性实现细粒度访问控制,适用于云计算环境多租户数据共享。但现有的基于属性加密体制的算法效率较低,难以在实际环境中应用。分析了基于属性的加密体制的两种类型及其应用场景,提出一个基于属性加密体制算法的加速方案。通过实验表明,提出的方案可提高基于属性加密体制的密钥生成算法、加密算法和解密算法的效率。     

Differential data update scheme on network-coding-based cloud storage system

In order to solve the problem that the communication overhead of date update was too large on network-coding-based cloud storage system,a new differential data update scheme was proposed.By encoding and compressing the updated part of file,the communication overhead was reduced significantly.A network-coding-based storage prototype system was designed and implemented,and update scheme was deployed in the real network settings.Experimental results show that the proposed scheme has less communication overhead and better scalability than the existing schemes.     

Research on cloud storage systems supporting secure sharing

A practical scheme for the cloud storage system was proposed to ensure security and efficiency during data sharing.The scheme which combine attribute-based encryption,proxy encryption with symmetric encryption,could integrate access control,efficient search with encryption well together.The scheme archived conjunctive-keyword non-field subset search by using bilinear mapping and polynomial equation.The scheme reduced the cost of decryption by outsourcing most of the decryption operations from the terminal to the cloud.At last,the performance was analyzed and an experiment was made for verification.     

基于云计算环境下的数据安全保护技术分析

文中主要以目前云计算环境下数据安全现状为切入点,通过基于虚拟化架构的可信云计算平台、数据备份策略及基于矩阵乱序的数据部分加密方案措施探讨安全保护技术,研究结果显示用户数据安全相当于以往提升至70％,安全系数的增长说明本文研究的数据安全保护技术方案完全可行.尤其虚拟化架构的可信云计算平台在建立用户与虚拟机关联后,仅使用数字信封便能封存虚拟机,用户访问或使用资源时通过PKI中间件使用用户的私钥解密虚拟机中的数字信封,最大程度保证数据完整性和安全性.     

A based on blinded CP‐ABE searchable encryption cloud storage service scheme

Cloud computing has great economical advantages and wide application, more and more data owners store their data in the cloud storage server (CSS) to avoid tedious local data management and insufficient storage resources. But the privacy of data owners faces enormous challenges. The most recent searchable encryption technology adopts the ciphertext‐policy attribute‐based encryption (CP‐ABE), which is one good method to deal with this security issue. However, the access attributes of the users are transmitted and assigned in plaintext form. In this paper, we propose a based on blinded CP‐ABE searchable encryption cloud storage service (BCP‐ABE‐SECSS) scheme, which can blind the access attributes of the users in order to prevent the collusion attacks of the CSS and the users. Data encryption and keyword index generation are performed by the data owners; meanwhile, we construct that CSS not only executes the access control policy of the data but also performs the pre‐decryption operation about the encrypted data to solve higher time cost of decryption calculation to the data users. Security proof results show that this scheme has access attribute security, data confidentiality, indistinguishable security against chosen keyword attack, and resisting the collusion attack between the data user and the CSS. Performance analysis and the experimental results show that this scheme can effectively reduce the computation time cost of the data owners and the data users.     

Dynamic searchable encryption with privacy protection for cloud computing

The dynamic searchable encryption schemes generate search tokens for the encrypted data on a cloud server periodically or on a demand. With such search tokens, a user can query the encrypted data whiles preserving the data's privacy; ie, the cloud server can retrieve the query results to the user but do not know the content of the encrypted data. A framework DSSE with Forward Privacy (dynamic symmetric searchable encryption [DSSE] with forward privacy), which consists of Internet of Things and Cloud storage, with the attributes of the searchable encryption and the privacy preserving are proposed. Compared with the known DSSE schemes, our approach supports the multiusers query. Furthermore, our approach successfully patched most of the security flaws related to the sensitive information's leakage in the DSSE schemes. Both security analysis and simulations show that our approach outperforms other DSSE schemes with respect to both effectiveness and efficiency.     

XML加密技术与XML签名技术的研究

基于XML数据安全的新要求，国际标准化组织提出了一系列XML安全规范研究。分析了目前XML安全技术的两个最为核心的技术：XML加密技术和XML签名技术，并具体研究了XML加密和XML签名技术的目标、语法以及它们的分类。     

Attribute-based encryption scheme supporting attribute revocation in cloud storage environment

Attribute-based encryption (ABE) scheme is widely used in the cloud storage due to its fine-grained access control.Each attribute in ABE may be shared by multiple users at the same time.Therefore,how to achieve attribute-level user revocation is currently facing an important challenge.Through research,it has been found that some attribute-level user revocation schemes currently can’t resist the collusion attack between the revoked user and the existing user.To solve this problem,an attribute-based encryption scheme that supported the immediate attribute revocation was proposed.The scheme could achieve attribute-level user revocation and could effectively resist collusion attacks between the revoked users and the existing users.At the same time,this scheme outsourced complex decryption calculations to cloud service providers with powerful computing ability,which reduced the computational burden of the data user.The scheme was proved secure based on computational Diffie-Hellman assumption in the standard model.Finally,the functionality and efficiency of the proposed scheme were analyzed and verified.The experimental results show that the proposed scheme can safely implement attribute-level user revocation and has the ability to quickly decrypt,which greatly improves the system efficiency.     

企业私有云平台安全技术研究

云计算作为一种新兴的计算机网络应用技术,近几年飞速发展,主要IT企业如Google,Microsoft,IBM,Amazon等纷纷推出其云计算解决方案,学术界也不断对云计算平台进行深入研究,取得了大量研究成果和实用技术,但是安全问题始终困扰着云计算的发展。这里主要讨论的是云安全的问题,借助企业私有云平台,开展云安全研究,重点在于研究如何结合企业现有的网络安全措施补充提高云平台安全性和可靠性,包括身份认证、访问控制、数据存储和入侵检测等方面的。提出了切合实际的云安全方案,形成满足企业安全需求的安全体系,实现安全和经济效益的双赢。     

浅谈云计算技术在计算机数据处理中的应用与发展策略

本文主要阐述了云计算技术的内涵和在计算机数据处理过程中的应用,包括保障数据安全、为数据处理提供平台,同时,提出了云计算技术的发展策略,包括研发混合云计算、积极发展移动云服务.通过说明以上方法,为相关技术人员提供一些参考.     

基于CP-ABE算法的云存储数据访问控制

针对云存储服务网络特性和数据共享特性安全问题,提出一种基于CP-ABE算法的密文访问控制机制。从访问权限控制及访问控制体系结构2个方面对上述访问控制机制进行研究。给出相应的安全算法数据结构,并对其进行了仿真和性能分析。该安全机制在服务提供商不可信的前提下,保证在开放环境下云存储系统中数据的安全性,并通过属性管理降低权限管理的复杂度。     

民间艺术资源的云存储技术研究

我国民间艺术资源平台的建设和研究是当前文化艺术领域面临的一项重要而紧迫的课题,存在着诸多挑战。在大数据时代背景下,采用云计算和云存储技术是一个必然的趋势。文中介绍了Hadoop云计算与云存储技术,提出了基于Hadoop的民间艺术资源云存储平台建设方案。构建基于Hadoop的民间艺术资源云存储平台具有可行性和有效性。     

Enhanced security‐aware technique and ontology data access control in cloud computing

Nowadays, security and data access control are some of the major concerns in the cloud storage unit, especially in the medical field. Therefore, a security‐aware mechanism and ontology‐based data access control (SA‐ODAC) has been developed to improve security and access control in cloud computing. The model proposed in this research work is based on two operational methods, namely, secure awareness technique (SAT) and ontology‐based data access control (ODAC), to improve security and data access control in cloud computing. The SAT technique is developed to provide security for medical data in cloud computing, based on encryption, splitting and adding files, and decryption. The ODAC ontology is launched to control unauthorized persons accessing data from storage and create owner and administrator rules to allow access to data and is proposed to improve security and restrict access to data. To manage the key of the SAT technique, the secret sharing scheme is introduced in the proposed framework. The implementation of the algorithm is performed by MATLAB, and its performance is verified in terms of delay, encryption time, encryption time, and ontology processing time and is compared with role‐based access control (RBAC), context‐aware RBAC and context‐aware task RBAC, and security analysis of advanced encryption standard and data encryption standard. Ultimately, the proposed data access control and security scheme in SA‐ODAC have achieved better performance and outperform the conventional technique.     

浅析大数据信息安全的密码技术

信息的繁荣已经给人们带来了很大的便利,但是相应的也带来了新的威胁,信息的安全问题已经变得和信息的发展同样重要,对于信息的保护最直接最有效的还是设置密码,而且密码技术随着科技的进步也在不断的更新,但还是有一些没有被攻克的难题。因此,密码技术的研究依然要加大力度,以此提高信息安全。本文则对大数据环境下信息安全的密码技术探讨。