共查询到20条相似文献,搜索用时 0 毫秒
1.
Deterministic SkipNet 总被引:1,自引:0,他引:1
We present a deterministic scalable overlay network. In contrast, most previous overlay networks use randomness or hashing (pseudo-randomness) to achieve a uniform distribution of data and routing traffic. 相似文献
2.
Hossein Ghodosi 《Information Processing Letters》2007,104(5):179-182
This paper analyses the security of Naor-Pinkas' distributed oblivious transfer [M. Naor, B. Pinkas, Distributed oblivious transfer, in: Advances in Cryptology—Proceedings of ASIACRYPT'00, Lecture Notes in Computer Science, vol. 1976, Springer-Verlag, 2000]. It is shown that the schemes presented in the paper do not protect the chooser/sender in the information theoretic sense. 相似文献
3.
Ad hoc networks are self-configurable networks with dynamic topologies. All involved nodes in the network share the responsibility for routing, access, and communications. The mobile ad hoc network can be considered as a short-lived collection of mobile nodes communicating with each other. Such networks are more vulnerable to security threats than traditional wireless networks because of the absence of the fixed infrastructure. For providing secure communications in such networks, lots of mechanisms have been proposed since the early 1990s, which also have to deal with the limitations of the mobile ad hoc networks, including high power saving and low bandwidth. Besides, public key infrastructure (PKI) is a well-known method for providing confidential communications in mobile ad hoc networks. In 2004, Varadharajan et al. proposed a secure communication scheme for cluster-based ad hoc networks based on PKI. Since the computation overheads of the PKI cryptosystem are heavy for each involved communicating node in the cluster, we propose an ID-based version for providing secure communications in ad hoc networks. Without adopting PKI cryptosystems, computation overheads of involved nodes in our scheme can be reduced by 25% at least. 相似文献
4.
5.
由于云计算的诸多优势,用户倾向于将数据挖掘和数据分析等业务外包到专业的云服务提供商,然而随之而来的是用户的隐私不能得到保证.目前,众多学者关注云环境下敏感数据存储的隐私保护,而隐私保护数据分析的相关研究还比较少.但是如果仅仅为了保护数据隐私,而不对大数据进行挖掘分析,大数据也就失去了其潜在的巨大价值.本文提出了一种云计算环境下基于格的隐私保护数据发布方法,利用格加密构建隐私数据的安全同态运算方法,并且在此基础上实现了支持隐私保护的云端密文数据聚类分析数据挖掘服务.为保护用户数据隐私,用户将数据加密之后发布到云服务提供商,云服务提供商利用基于格的同态加密算法实现隐私保护的k-means、隐私保护层次聚类以及隐私保护DBSCAN数据挖掘服务,但云服务提供商并不能直接访问用户数据破坏用户隐私.与现有的隐私数据发布方法相比,论文的隐私数据发布基于格的最接近向量困难问题(CVP)和最短向量困难问题(SVP),具有很高的安全性.同时算法有效保持了密文数据间距离的精确性,与现有研究相比挖掘结果也具有更高的精确性和可用性.论文对方法的安全性进行了理论分析并设计实验对提出的隐私保护数据挖掘方法效率进行评估,实验结果表明本文提出的基于格的隐私保护数据挖掘算法与现有的方法相比具有更高的数据分析精确性和更高的计算效率. 相似文献
6.
7.
Privacy-preserving Naïve Bayes classification 总被引:1,自引:0,他引:1
Jaideep Vaidya Murat Kantarcıoğlu Chris Clifton 《The VLDB Journal The International Journal on Very Large Data Bases》2008,17(4):879-898
Privacy-preserving data mining—developing models without seeing the data – is receiving growing attention. This paper assumes a privacy-preserving distributed data mining scenario: data sources collaborate to develop a global model, but must not disclose their data to others. The problem of secure distributed classification is an important one. In many situations, data is split between multiple organizations. These organizations may want to utilize all of the data to create more accurate predictive models while revealing neither their training data/databases nor the instances to be classified. Naïve Bayes is often used as a baseline classifier, consistently providing reasonable classification performance. This paper brings privacy-preservation to that baseline, presenting protocols to develop a Naïve Bayes classifier on both vertically as well as horizontally partitioned data. 相似文献
8.
Automotive systems have become powerful computing platforms with an increasing demand for secure communication. The hyperconnectivity of the Vehicle-to-Everything (V2X) environment drastically increases the attack surface and the need for crypto-agility. In addition, the long lifecycle of automotive products demands that not only current but also future attacks are considered. Thus, empowering automotive devices with efficient, robust, and long-term security solutions is challenging. The foreseeable breakthrough of quantum computers and their threat to traditional cryptography requires that automotive devices are able to efficiently implement quantum secure cryptographic mechanisms, also known as Post-Quantum Cryptography (PQC). One of the most promising PQC approaches is lattice-based cryptography. Among the seven finalists of the NIST third round post-quantum standardization process, five algorithms (three KEM/encryption and two signature algorithms) belong to the category of lattice-based cryptography. While lattice-based cryptography has been previously integrated in general-purpose microcontrollers, their impact on automotive environments has been neglected. To this end, this work presents two contributions. As a first contribution, we provide a performance exploration of four lattice-based KEM/encryption algorithms implemented on the automotive microcontroller AURIX. The exploration includes the three finalists CRYSTALS-KYBER, NTRU, and Saber, together with ThreeBears. Despite ThreeBears was not selected as a PQC finalist, NIST recommended further investigations in this direction due to interesting security and performance characteristics of the algorithm. Our analysis has shown that all of these algorithms can be implemented on the AURIX microcontroller while achieving a competitive performance. As a second contribution, we explore the improvement of the security level of ThreeBears by extending its error correction capability. 相似文献
9.
Data processing complexity, partitionability, locality and provenance play a crucial role in the effectiveness of distributed data processing. Dynamics in data processing necessitates effective modeling which allows the understanding and reasoning of the fluidity of data processing. Through virtualization, resources have become scattered, heterogeneous, and dynamic in performance and networking. In this paper, we propose a new distributed data processing model based on automata where data processing is modeled as state transformations. This approach falls within a category of declarative concurrent paradigms which are fundamentally different than imperative approaches in that communication and function order are not explicitly modeled. This allows an abstraction of concurrency and thus suited for distributed systems. Automata give us a way to formally describe data processing independent from underlying processes while also providing routing information to route data based on its current state in a P2P fashion around networks of distributed processing nodes. Through an implementation, named Pumpkin, of the model we capture the automata schema and routing table into a data processing protocol and show how globally distributed resources can be brought together in a collaborative way to form a processing plane where data objects are self-routable on the plane. 相似文献
10.
LHL门限群签名方案的安全缺陷 总被引:4,自引:0,他引:4
门限群签名是群签名的推广,其中只有群体中的授权子集才能代表整个群体进行剑名;一旦发生纠纷,签名成员的身份可以被追查出来,所以对门限群签名的一个重要安全要求就是防伪造性,即一个授权子集不能冒充其它授权子集进行签名,该文指出了LHL门限群签名方案的两个安全缺陷;存在签名伪造攻击和匿名性与可追查性不能同时具备,在伪造攻击中,通过控制群秘密密钥,部分成员合谋可以伪造看似来自于其他成员的有效门限群签名,而所有诚实成员仍可正常使用签名系统,所以他们感觉不到欺骗的存在。 相似文献
11.
为了适应当前信息传输环境的多样性及多变性,保证传输信息的机密性及权威性,通过借鉴签密方案的优势并结合广播加密模型,提出一种新的身份型广播签密方案。该方案使用哈希运算、环和运算、双线性对运算等多种运算形式,使得新方案中公、私钥长度保持不变,密文长度等于接收用户的个数加1,签密过程与解签密过程均无需双线性对运算,因此具有较低的运算代价及存储代价。详细的安全性证明显示该方案的机密性可归约为弱的BCDH问题,不可伪造性可归约为PSG签名问题,从而使该方案能应用于安全性和实用性要求较高的环境。 相似文献
12.
如何保证数据安全,是当前信息领域亟待解决的突出问题.作为数据安全的基础和核心,密码技术的发展及应用是推动信息化不断发展的重中之重.综合分析现代密码技术的发展,深入研究其在传统数据安全及云计算平台下的数据安全中所发挥的重大作用,为信息安全的持续发展奠定基础. 相似文献
13.
Generalized signcryption is a new cryptographic primitive, which provides separate or joint encryption and signature as per need. It is more suitable for some storage constrained environments, e.g. smart card, WSN (Wireless Sensor Networks) etc. In this paper, we propose an efficient identity based generalized signcryption scheme. We also simplify the security notions for identity based generalized signcryption and prove the security of the proposed scheme under the new security model. 相似文献
14.
15.
Edge computing pushes application logic and the underlying data to the edge of the network, with the aim of improving availability and scalability. As the edge servers are not necessarily secure, there must be provisions for users to validate the results—that values in the result tuples are not tampered with, that no qualifying data are left out, that no spurious tuples are introduced, and that a query result is not actually the output from a different query. This paper aims to address the challenges of ensuring data integrity in edge computing. We study three schemes that enable users to check the correctness of query results produced by the edge servers. Two of the schemes are our original contributions, while the third is an adaptation of existing work. Our study shows that each scheme offers different security features, and imposes different demands on the edge servers, user machines, and interconnecting network. In other words, all three schemes are useful for different application requirements and resource configurations. 相似文献
16.
17.
Privacy preserving clustering on horizontally partitioned data 总被引:3,自引:0,他引:3
Data mining has been a popular research area for more than a decade due to its vast spectrum of applications. However, the popularity and wide availability of data mining tools also raised concerns about the privacy of individuals. The aim of privacy preserving data mining researchers is to develop data mining techniques that could be applied on databases without violating the privacy of individuals. Privacy preserving techniques for various data mining models have been proposed, initially for classification on centralized data then for association rules in distributed environments. In this work, we propose methods for constructing the dissimilarity matrix of objects from different sites in a privacy preserving manner which can be used for privacy preserving clustering as well as database joins, record linkage and other operations that require pair-wise comparison of individual private data objects horizontally distributed to multiple sites. We show communication and computation complexity of our protocol by conducting experiments over synthetically generated and real datasets. Each experiment is also performed for a baseline protocol, which has no privacy concern to show that the overhead comes with security and privacy by comparing the baseline protocol and our protocol. 相似文献
18.
分布式环境下关联规则的安全挖掘算法 总被引:4,自引:0,他引:4
提出了分布式数据库的关联规则的安全挖掘算法PPDMA,通过应用密码学方法对站点间传送的用于挖掘全局频繁项集的被约束子树及其它信息进行加密,增加“干扰”信息,在接收站点对加密信息进行解密,达到不披露用户信息的目的,起到保护用户隐私的作用,以进行关联规则的安全挖掘。分析表明,该算法是正确可行的。 相似文献
19.
数字签名算法对于网络安全基础设施有至关重要的作用,目前的数字签名方案大多是基于Rivest-Shamir-Adleman(RSA)和椭圆曲线密码学(ECC)实现的.随着量子计算技术的快速发展,基于传统的公钥密码体系的数字签名方案将面临安全性风险,研究和部署能够抵抗量子攻击的新型密码方案成为了重要的研究方向.经过多轮评估分析,美国国家标准研究院(National Institute of Standards and Technology,NIST)于2024年8月公布了后量子数字签名标准方案ML-DSA,其核心算法是Dilithium.本文针对格基数字签名算法Dilithum高维多项式矩阵运算的特点,基于FPGA平台提出了多种优化实现方法,具体包括可配置参数的多功能脉动阵列运算单元、专用型多项式并行采样模块、针对多参数集的可重构存储单元设计、针对复杂多模块的高并行度时序状态机,旨在突破性能瓶颈以实现更高的签名运算效率,并最终实现了可同时支持三种安全等级的数字签名硬件架构.本文的设计方案在Xilinx Artix-7 FPGA平台上进行了实际的部署和运行,并且和已有的同类型工作进行了对比.结果表明,与最新的文献相比,本文的设计方案在三种安全等级下的签名运算效率分别提升了7.4倍、8.3倍和5.6倍,为抗量子安全的数字签名运算服务提供了性能基础,并且对于推进格密码方案的工程化和实用化进程提供了一定的借鉴意义和参考价值. 相似文献
20.
A General Model for Authenticated Data Structures 总被引:6,自引:0,他引:6
Charles Martel Glen Nuckolls Premkumar Devanbu Michael Gertz April Kwong Stuart G. Stubblebine 《Algorithmica》2004,39(1):21-41
Query answers from on-line databases can easily be corrupted by
hackers or malicious database publishers. Thus it is
important to provide mechanisms which allow clients to trust the
results from on-line queries. Authentic publication
allows untrusted publishers to answer securely queries
from clients on behalf of trusted off-line data owners. Publishers
validate answers using hard-to-forge verification
objects VOs), which clients can check efficiently. This approach
provides greater scalability, by making it easy to add more publishers, and better
security, since on-line publishers do not need to be trusted.
To make authentic publication attractive, it is important for the
VOs to be small, efficient to compute, and efficient to verify.
This has lead researchers to
develop independently
several different schemes for
efficient VO computation based on specific data structures.
Our goal is to develop a unifying framework for these disparate results,
leading to a generalized security result.
In this paper we characterize
a broad class of data structures which we call Search DAGs, and
we develop a generalized algorithm for the construction of VOs for
Search DAGs. We prove that the VOs thus constructed are secure,
and that they are efficient to compute and verify.
We demonstrate how this approach easily captures existing work on
simple structures such as binary trees, multi-dimensional range trees,
tries, and skip lists. Once these are shown to be Search DAGs, the
requisite security and efficiency results immediately
follow from our general theorems.
Going further, we also use Search DAGs to produce
and prove the security of authenticated
versions of two complex data models for efficient
multi-dimensional range searches.
This allows efficient VOs to be computed (size O(log N + T))
for typical one- and two-dimensional range queries, where the query answer
is of size
T and the database is of size N.
We also show
I/O-efficient schemes to construct the VOs. For a system with disk
blocks of size B, we answer one-dimensional and three-sided range queries and compute
the VOs with O(logB N + T/B) I/O operations using linear size
data structures. 相似文献