Energy efficient distributed steganography for secure communication in wireless multimedia sensor networks

A secure communication mechanism is necessary in the applications of Wireless Multimedia Sensor Networks (WMSNs), which is more vulnerable to security attacks due to the presence of multimedia data. Additionally, given the limited technological resources (in term of energy, computation, bandwidth, and storage) of sensor nodes, security and privacy policies have to be combined with energy-aware algorithms and distributed processing of multimedia contents in WMSNs. To solve these problems in this paper, an energy efficient distributed steganography scheme, which combines steganography technique with the concept of distributed computing, is proposed for secure communication in WMSNs. The simulation results show that the proposed method can achieve considerable energy efficiency while assuring the communication security simultaneously.     

基于深度强化学习的云边协同计算迁移研究

基于单一边缘节点计算、存储资源的有限性及大数据场景对高效计算服务的需求,本文提出了一种基于深度强化学习的云边协同计算迁移机制.具体地,基于计算资源、带宽和迁移决策的综合性考量,构建了一个最小化所有用户任务执行延迟与能耗权重和的优化问题.基于该优化问题提出了一个异步云边协同的深度强化学习算法,该算法充分利用了云边双方的计...     

Internet of things intrusion detection model and algorithm based on cloud computing and multi-feature extraction extreme learning machine

With the rapid development of the Internet of Things (IoT), there are several challenges pertaining to security in IoT applications. Compared with the characteristics of the traditional Internet, the IoT has many problems, such as large assets, complex and diverse structures, and lack of computing resources. Traditional network intrusion detection systems cannot meet the security needs of IoT applications. In view of this situation, this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance. Usually, traditional intrusion detection algorithms require considerable time for training, and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes; therefore, it is necessary to study intrusion detection algorithms with low weights, short training time, and high detection accuracy for deployment and application on cloud nodes. An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats. This paper discusses the problems related to IoT intrusion prevention in cloud computing environments. Based on the analysis of cloud computing security threats, this study extensively explores IoT intrusion detection, cloud node monitoring, and intrusion response in cloud computing environments by using cloud computing, an improved extreme learning machine, and other methods. We use the Multi-Feature Extraction Extreme Learning Machine (MFE-ELM) algorithm for cloud computing, which adds a multi-feature extraction process to cloud servers, and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes. In our simulation experiments, a classical dataset for intrusion detection is selected as a test, and test steps such as data preprocessing, feature engineering, model training, and result analysis are performed. The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes. Furthermore, it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time, so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.     

Authenticated key agreement scheme for fog-driven IoT healthcare system

The convergence of cloud computing and Internet of Things (IoT) is partially due to the pragmatic need for delivering extended services to a broader user base in diverse situations. However, cloud computing has its limitation for applications requiring low-latency and high mobility, particularly in adversarial settings (e.g. battlefields). To some extent, such limitations can be mitigated in a fog computing paradigm since the latter bridges the gap between remote cloud data center and the end devices (via some fog nodes). However, fog nodes are often deployed in remote and unprotected places. This necessitates the design of security solutions for a fog-based environment. In this paper, we investigate the fog-driven IoT healthcare system, focusing only on authentication and key agreement. Specifically, we propose a three-party authenticated key agreement protocol from bilinear pairings. We introduce the security model and present the formal security proof, as well as security analysis against common attacks. We then evaluate its performance, in terms of communication and computation costs.

     

Secure VM Migration in Cloud: Multi-Criteria Perspective with Improved Optimization Model

Distributed computing has risen as a well-known worldview for facilitating an assortment of online applications and services. The present business distributed computing stages utilize a semi concentrated design, where cloud resources, such as servers and storage are hosted in a few large global data centers. Virtualization in computing is a creation of virtual (not real) of something such as hardware, software, platform or an operating system or storage, or a network device. Further, Virtual Machine (VM) technology has recently emerged as an essential building block for data centers and cluster systems, mainly due to its capabilities of isolating, consolidating, and migrating workload. Migration of VM seeks to improve the manageability, performance, and fault tolerance of systems. In a virtual cloud computing environment, a set of submitted tasks from different users are scheduled on a set of Virtual Machines (VMs), and load balancing has become a critical issue for achieving energy efficiency. Thus to solve this issue and to achieve a good load balance, a new improved optimization algorithm is introduced namely Dual Conditional Moth Flame Algorithm (DC-MFA) that takes into account of proposed multi-objective functions defining the multi-constraints like CPU utilization, energy consumption, security, make span, migration cost, and resource cost. The performance of the proposed model will be analyzed by determining migration cost, energy consumption, and response time, and security analysis as well.

     

Provable data possession scheme with authentication

To satisfy the requirements of identity authentication and data possession proven in the cloud application scenarios,a provable data possession scheme with authentication was proposed.Based on data tag signature and randomness reusing,the proposed scheme could accomplish several issues with three interactions,including the possession proof of cloud data,the mutual authentication between user and cloud computing server,the session key agreement and confirmation.Compared to the simple combination of authentication key agreement and provable data possession schemes,the proposed scheme has less computation and interactions,and better provable securities.In the random oracle model,the security proof of the proposed scheme is given under the computational Diffie-Hellman assumption.     

Highly Secure Mobile Devices Assisted with Trusted Cloud Computing Environments

Mobile devices have been widespread and become very popular with connectivity to the Internet, and a lot of desktop PC applications are now aggressively ported to them. Unfortunately, mobile devices are often vulnerable to malicious attacks due to their common usage and connectivity to the Internet. Therefore, the demands on the development of mobile security systems increase in accordance with advances in mobile computing. However, it is very hard to run a security program on a mobile device all of the time due the device's limited computational power and battery life. To overcome these problems, we propose a novel mobile security scheme that migrates heavy computations on mobile devices to cloud servers. An efficient data transmission scheme for reducing data traffic between devices and servers over networks is introduced. We have evaluated the proposed scheme with a mobile device in a cloud environment, whereby it achieved a maximum speedup of 13.4 compared to a traditional algorithm.     

ID-Based User Authentication Scheme for Cloud Computing

In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an identity-based (ID-based) authentication scheme to deal with the user login problem for cloud computing. However, Wang et al.'s scheme is insecure against message alteration and impersonation attacks. Besides, their scheme has large computation costs for cloud users. Therefore, we propose a novel ID-based user authentication scheme to solve the above mentioned problems. The proposed scheme provides anonymity and security for the user who accesses different cloud servers. Compared with the related schemes, the proposed scheme has less computation cost so it is very efficient for cloud computing in practice.     

云计算安全对高校云服务的影响探讨

云计算的应用将数据存储、网络服务由用户桌面推向了Web,实现了高校各项事务的快速高效运行,也降低了硬件资源成本.但同时,随着云计算的拓展,其安全问题越来越受到关注.如用户信息在云端更易受到黑客攻击、蓄意窃取等非法利用.为此,基于云计算安全现状,探讨高校云计算安全性分析及参考模型,并从相关技术来提出解决云计算安全的对策和思路.     

Cloud data secure deduplication scheme via role-based symmetric encryption

The rapid development of cloud computing and big data technology brings prople to enter the era of big data,more and more enterprises and individuals outsource their data to the cloud service providers.The explosive growth of data and data replicas as well as the increasing management overhead bring a big challenge to the cloud storage space.Meanwhile,some serious issues such as the privacy disclosure,authorized access,secure deduplication,rekeying and permission revocation should also be taken into account.In order to address these problems,a role-based symmetric encryption algorithm was proposed,which established a mapping relation between roles and role keys.Moreover,a secure deduplication scheme was proposed via role-based symmetric encryption to achieve both the privacy protection and the authorized deduplication under the hierarchical architecture in the cloud computing environment.Furthermore,in the proposed scheme,the group key agreement protocol was utilized to achieve rekeying and permission revocation.Finally,the security analysis shows that the proposed role-based symmetric encryption algorithm is provably secure under the standard model,and the deduplication scheme can meet the security requirements.The performance analysis and experimental results indicate that the proposed scheme is effective and efficient.     

Secure personal data sharing in cloud computing using attribute-based broadcast encryption

The ciphertext-policy (CP) attribute-based encryption (ABE) (CP-ABE) emergings as a promising technology for allowing users to conveniently access data in cloud computing. Unfortunately, it suffers from several drawbacks such as decryption overhead, user revocation and privacy preserving. The authors proposed a new efficient and privacy-preserving attribute-based broadcast encryption (BE) (ABBE) named EP-ABBE, that can reduce the decryption computation overhead by partial decryption, and protect user privacy by obfuscating access policy of ciphertext and user's attributes. Based on EP-ABBE, a secure and flexible personal data sharing scheme in cloud computing was presented, in which the data owner can enjoy the flexibly of encrypting personal data using a specified access policy together with an implicit user index set. With the proposed scheme, efficient user revocation is achieved by dropping revoked user's index from the user index set, which is with very low computation cost. Moreover, the privacy of user can well be protected in the scheme. The security and performance analysis show that the scheme is secure, efficient and privacy-preserving.     

Cloud Dynamic Scheduling for Multimedia Data Encryption Using Tabu Search Algorithm

The cloud computing is interlinked with recent and out-dated technology. The cloud data storage industry is earning billion and millions of money through this technology. The cloud remote server storage is on-demand technology. The cloud users are expecting higher quality in minimal cost. The quality of service is playing a vital role in any latest technology. The cloud user always depends on thirty party service providers. This service provider is facing higher competition. The customer is choosing a service based on two parameters one is security and another one is cost. The reason behind this is all our personal data is stored on some third party server. The customer is expecting higher security level. The service provider is choosing many techniques for data security, best one is encryption mechanism. This encryption method is having many algorithms. Then again one problem is raised, that is which algorithm is best for encryption. The prediction of algorithm is one of major task. Each and every algorithm is having unique advantage. The algorithm performance is varying depends on file type. The proposed method of this article is to solve this encryption algorithm selection problem by using tabu search concept. The proposed method is to ensure best encryption method to reducing the average encode and decode time in multimedia data. The local search scheduling concept is to schedule the encryption algorithm and store that data in local memory table. The quality of service is improved by using proposed scheduling technique.

     

一种NTRU格上基于身份全同态加密体制设计

全同态加密可以用来解决云计算环境中的隐私保护问题,然而现有体制具有系统参数大、效率低的缺点.针对现有攻击技术,首先设计了一种高效的NTRU格上的基于身份公钥加密体制,无需借助额外的安全性假设,具有更高的安全性和更小的系统参数.之后,基于近似特征向量技术,构造了一种高效的全同态加密转化方式.通过将以上两种方法结合,给出了一种高效的基于身份全同态加密体制.和现有体制相比,除了不需要计算密钥、实现了真正意义上的基于身份特性以外,还减小了密钥、密文尺寸,提高了计算和传输效率.     

TCCL:secure and efficient development of desktop cloud structure

A secure and efficient development of desktop cloud structure:TCCL (transparent computing-based cloud),which was designed under the guidance of transparent computing,was proposed.TCCL applied the method,separating calculation and storage,loading in a block streaming way which was proposed in the transparent computing theory,to the cloud desktop system,and deployed the defense module of security threats under the cloud VM (virtual machine).As a result,the TCCL could improve the security level on the cloud VMs’ system files and data files,and could optimize the cloud virtual machines' storage efficiency.     

Lightweight authentication protocol for e-health clouds in IoT-based applications through 5G technology

Modern information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities. In this context, the emergence of e-Health clouds offers novel opportunities, like easy and remote accessibility of medical data. However, this achievement produces plenty of new risks and challenges like how to provide integrity, security, and confidentiality to the highly susceptible e-Health data. Among these challenges, authentication is a major issue that ensures that the susceptible medical data in clouds is not available to illegal participants. The smart card, password and biometrics are three factors of authentication which fulfill the requirement of giving high security. Numerous three-factor ECC-based authentication protocols on e-Health clouds have been presented so far. However, most of the protocols have serious security flaws and produce high computation and communication overheads. Therefore, we introduce a novel protocol for the e-Health cloud, which thwarts some major attacks, such as user anonymity, offline password guessing, impersonation, and stolen smart card attacks. Moreover, we evaluate our protocol through formal security analysis using the Random Oracle Model (ROM). The analysis shows that our proposed protocol is more efficient than many existing protocols in terms of computation and communication costs. Thus, our proposed protocol is proved to be more efficient, robust and secure.     

云计算中数据隐私保护研究进展

由于社会分工和资源共享的必然,公共云平台必将成为和电网、互联网等同等重要的国家基础设施。云计算面临的安全问题制约着云计算的广泛使用。数据安全在云计算中尤为重要,如何保证数据的安全性是云计算安全的核心。从数据的隐私保护计算、数据处理结果的完整性认证、数据访问权限控制以及数据的物理安全4个方面对已有研究工作进行了分类和总结,为后续云计算中数据的安全性研究提供参照。     

Secured data offloading using reinforcement learning and Markov decision process in mobile edge computing

Mobile Internet services are developing rapidly for several applications based on computational ability such as augmented/virtual reality, vehicular networks, etc. The mobile terminals are enabled using mobile edge computing (MEC) for offloading the task at the edge of the cellular networks, but offloading is still a challenging issue due to the dynamism, and uncertainty of upcoming IoT requests and wireless channel state. Moreover, securing the offloading data enhanced the challenges of computational complexities and required a secure and efficient offloading technique. To tackle the mentioned issues, a reinforcement learning-based Markov decision process offloading model is proposed that optimized energy efficiency, and mobile users' time by considering the constrained computation of IoT devices, moreover guarantees efficient resource sharing among multiple users. An advanced encryption standard is employed in this work to fulfil the requirements of data security. The simulation outputs reveal that the proposed approach surpasses the existing baseline models for offloading overhead and service cost QoS parameters ensuring secure data offloading.     

SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation

An efficient cryptography mechanism should enforce an access control policy over the encrypted data to provide flexible, fine‐grained, and secure data access control for secure sharing of data in cloud storage. To make a secure cloud data sharing solution, we propose a ciphertext‐policy attribute‐based proxy re‐encryption scheme. In the proposed scheme, we design an efficient fine‐grained revocation mechanism, which enables not only efficient attribute‐level revocation but also efficient policy‐level revocation to achieve backward secrecy and forward secrecy. Moreover, we use a multiauthority key attribute center in the key generation phase to overcome the single‐point performance bottleneck problem and the key escrow problem. By formal security analysis, we illustrate that our proposed scheme achieves confidentiality, secure key distribution, multiple collusions resistance, and policy‐ or attribute‐revocation security. By comprehensive performance and implementation analysis, we illustrate that our proposed scheme improves the practical efficiency of storage, computation cost, and communication cost compared to the other related schemes.     

Layered data aggregation with efficient privacy preservation for fog‐assisted IIoT

The emergence of fog computing facilitates industrial Internet of Things (IIoT) to be more real‐time and efficient; in order to achieve secure and efficient data collection and applications in fog‐assisted IIoT, it usually sacrifices great computation and bandwidth resources. From the low computation and communication overheads perspective, this paper proposes a layered data aggregation scheme with efficient privacy preservation (LDA‐EPP) for fog‐assisted IIoT by integrating the Chinese remainder theorem (CRT), modified Paillier encryption, and hash chain technology. In LDA‐EPP scheme, the entire network is divided into several subareas; the fog node and cloud are responsible for local and global aggregations, respectively. Specially, the cloud is able to obtain not only the global aggregation result but also the fine‐grained aggregation results of subareas, which enables that can provide fine‐grained data services. Meanwhile, the LDA‐EPP realizes data confidentiality by the modified Paillier encryption, ensures that both outside attackers and internal semi‐trusted nodes (such as, fog node and cloud) are unable to know the privacy data of individual device, and guarantees data integrity by utilizing simply hash chain to resist tempering and polluting attacks. Moreover, the fault tolerance is also supported in our scheme; ie, even though some IIoT devices or channel links are failure, the cloud still can decrypt incomplete aggregation ciphertexts and derive expected aggregation results. Finally, the performance evaluation indicates that our proposed LDA‐EPP has less computation and communication costs.     

Encrypted Storage and Retrieval in Cloud Storage Applications

Problems with data security impede the widespread application of cloud computing. Although data can be protected through encryption, effective retrieval of encrypted data is difficult to achieve using traditional methods. This paper analyzes encrypted storage and retrieval technologies in cloud storage applications. A ranking method based on fully homomorphic encryption is proposed to meet demands of encrypted storage. Results show this method can improve efficiency.