面向公有云的数据完整性公开审计方案

针对云数据完整性公开审计中隐私泄漏给第三方审计者（TPA）以及云存储服务器（CSS）发起替代攻击的问题,提出一种面向公有云的数据完整性公开审计方案。该方案首先利用哈希值混淆方法,模糊化云存储服务器返回的证据,以防止TPA分析证据计算出原始数据;然后,在审计过程中,由TPA自行计算出文件Merkle哈希树（MHT）对应挑战请求所选数据块的覆盖树,并与CSS返回的覆盖树作结构匹配,以防止云存储服务器用其他已有数据响应审计挑战。实验结果表明,该方案解决了现有方案隐私问题及攻击问题后,在计算开销、存储开销和通信开销方面的性能不会有数量级变化。     

Privacy-preserving public auditing for educational multimedia data in cloud computing

Nowadays, as distance learning is being widly used, multimedia data becomes an effective way for delivering educational contents in online educational systems. To handle the educational multimedia data efficiently, many distance learning systems adopt a cloud storage service. Cloud computing and storage services provide a secure and reliable access to the outsourced educational multimedia contents for users. However, it brings challenging security issues in terms of data confidentiality and integrity. The straightforward way for the integrity check is to make the user download the entire data for verifying them. But, it is inefficient due to the large size of educational multimedia data in the cloud. Recently many integrity auditing protocols have been proposed, but most of them do not consider the data privacy for the cloud service provider. Additionally, the previous schemes suffer from dynamic management of outsourced data. In this paper, we propose a public auditing protocol for educational multimedia data outsourced in the cloud storage. By using random values and a homomorphic hash function, our proposed protocol ensures data privacy for the cloud and the third party auditor (TPA). Also, it is secure against lose attack and temper attack. Moreover, our protocol is able to support fully dynamic auditing. Security and performance analysis results show that the proposed scheme is secure while guaranteeing minimum extra computation costs.     

NaEPASC: a novel and efficient public auditing scheme for cloud data

Cloud computing is deemed the next-generation information technology （IT） platform, in which a data center is crucial for providing a large amount of computing and storage resources for various service applications with high quality guaranteed. However, cloud users no longer possess their data in a local data storage infrastructure, which would result in auditing for the integrity of outsourced data being a challenging problem, especially for users with constrained computing resources. Therefore, how to help the users complete the verification of the integrity of the outsourced data has become a key issue. Public verification is a critical technique to solve this problem, from which the users can resort to a third-party auditor （TPA） to check the integrity of outsourced data. Moreover, an identity-based （ID-based） public key cryptosystem would be an efficient key management scheme for certificatebased public key setting. In this paper, we combine ID-based aggregate signature and public verification to construct the protocol of provable data integrity. With the proposed mechanism, the TPA not only verifies the integrity of outsourced data on behalf of cloud users, but also alleviates the burden of checking tasks with the help of users＇ identity. Compared to previous research, the proposed scheme greatly reduces the time of auditing a single task on the TPA side. Security analysis and performance evaluation results show the high efficiency and security of the proposed scheme.     

基于物联网的公共安全云计算平台

将物联网技术引入到公共安全领域,重点研究了分布式计算和虚拟化存储及云计算的技术特点和应用,针对目前公共安全平台的不足,设计了5层的物联网公共安全平台架构,为以后警用物联网的建设提供了新的思路,同时结合该架构,提出了一种基于云计算的数据支撑平台,为该公共安全平台提供虚拟化的数据存储和管理,以实现各业务数据的共享和安全,提高了物联网应用的安全和计算能力。     

Secure and efficient privacy-preserving public auditing scheme for cloud storage

Cloud computing poses many challenges on integrity and privacy of users’ data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.     

云存储中利用TPA的数据隐私保护公共审计方案

针对云存储中用户数据完整性和私密性易受破坏的问题,提出了一种能够保证云数据完整性和私密性的高效方法。首先定义了隐私保护公共审计算法,然后采用第三方审计方法为用户进行数据审计,最后在随机oracle模型上验证了方案具有较高的安全性和隐私性。计算开销分析表明,相比其他审计方案,所提出方案在服务计算方面更加高效。     

BB-tree based secure and dynamic public auditing convergence for cloud storage

Cloud computing is a current phrase in marketing for an idea which has been recognized for years: Outsourcing. Cloud computing provides a large amount of gratuities for each customer and enterprise agency. “Cloud model” is a more of a notion in which the data are hosted online and accessed in a time-anywhere manner, on a pay-per-use model. However, the users may not fully trust the cloud service providers (CSPs) in that environment. So, it is hard to decide whether the CSP meet their expectations to provide the proper secrecy to shared data. Moreover, in the environment of outsourcing, users have no longer control and ownership of data which may cause serious major issues related to data integrity. Previously, many researchers have committed themselves to draft auditing protocols for attaining proper public verification schemes through third-party auditor (TPA). On the other hand, these schemes may leak identity or data value to the third-party auditor. Therefore, to deal with these problems, we introduce an efficient public auditing protocol by constructing binary binomial tree (BBT)-like data structure with Boneh–Lynn–Shacham signature-based Homomorphic Verifiable Authenticator (BLS-HVA). This model also consists an index hash table (IHT), situated at TPA to record the information about the data block’s properties for auditing procedure. This model supports sampling blockless verification, batch auditing, and dynamic updating operations. Moreover, with such novel dynamic data structure, the proposed model guarantees that user’s group can easily trace any type of data changes through the designated BBT. Along with this, the users can also easily recover the accurate data blocks whenever the current data blocks are corrupted. The experimental results demonstrate that the proposed auditing model efficiently attains secure auditing for the cloud environment and outperforms the existing models in terms of communication and computation overhead.

     

Intelligent multimedia big data computing for internet of things

Multimedia Tools and Applications -     

Multimedia cloud transmission and storage system based on internet of things

For the issues of large space and storage security of multimedia files, we analyzed the impact of access control and cloud storage on multimedia file, and proposed a mixed security cloud storage framework based on Internet of Things. This paper introduced the concept of multimedia protection into the method based on role access control. Moreover, we also adopted a scheme based on the combination of multimedia data state and role access control. At the same time, all input and output devices were connected to this system. Internet of Things is used to judge whether circuits are connected and whether the devices are normally operated, so as to improve the access efficiency. On this basis, we also described in detail the complete process of registration, role assignment, multimedia file owner’s request for data encryption, and user login and access to multimedia file. According to the result, this scheme can be used to resist the known attacks. It guarantees security of multimedia files.     

Smart city information processing under internet of things and cloud computing

The Journal of Supercomputing - This study is to explore the smart city information (SCI) processing technology based on the Internet of Things (IoT) and cloud computing, promoting the construction...     

Cryptanalysis and improvement of nonrepudiable threshold multi-proxy multi-signature scheme with shared verification

Recently, Tzeng et al. proposed a nonrepudiable threshold multi-proxy multi-signature scheme with shared verification. In their scheme, a subset of original signers can delegate the signing power to a group of the designated proxy signers in such a way that: (i) A valid proxy signature can only be generated by a subset of these proxy signers for a group of the designated verifiers. (ii) The validity of the generated proxy signature can only be verified by a subset of the designated verifiers. This article, however, will demonstrate a security leak inherent in Tzeng et al.’s scheme that any verifier can check the validity of the proxy signature by himself with no help of other verifiers. That is, Tzeng et al.’s scheme cannot achieve their claimed security requirement. Finally, we will propose an improvement to eliminate the pointed out security leak.     

Efficient data integrity auditing for storage security in mobile health cloud

Cloud storage services can enable data owners to eliminate the need for the initial investment of expensive infrastructure setup and also minimize development and maintenance costs. Outsourcing the health data to e-health cloud storage server is very beneficial. Nonetheless, storing the health data on cloud servers also brings serious security challenges. In this paper, we propose a highly efficient data integrity auditing scheme for cloud storage for mobile health applications. The authentication tag for each data block generated by biosensor nodes is minimal in our scheme due to the use of hash operation. Moreover, in data integrity checking phase, message-locked encryption scheme is utilized to encrypt and transport the auditing information of the checked data blocks, which significantly reduces the required amount of calculation and communication resources. Compared with the conventional third party auditing schemes, the presented scheme speeds up the tag generation and tag checking process by more than one thousand times.     

A secure and efficient public auditing scheme using RSA algorithm for cloud storage

Cloud storage is widely used by both individual and organizational users due to the many benefits, such as scalability, ubiquitous access, and low maintenance cost (and generally free for individual users). However, there are known security and privacy issues in migrating data to the cloud. To ensure or verify data integrity, a number of cloud data integrity checking schemes with different properties have been presented in the literature. Most existing schemes were subsequently found to be insecure or have high computation and communication costs. More recently in 2016, Yu et al. (Future Gener Comput Syst 62:85–91, 2016) proposed an identity-based auditing scheme for checking the integrity of cloud data. However, in this paper, we reveal that the scheme is vulnerable to data recovery attack. We also present a new identity-based public auditing scheme and formally prove the security of the scheme under the RSA assumption with large public exponents in the random oracle model. We then evaluate the performance of our proposed scheme and demonstrate that in comparison with Yu et al.’s scheme, our proposal is more practical in real-world applications.     

Data error locations reported by public auditing in cloud storage service

Public auditing is an important issue in cloud storage service because a cloud service provider may try to hide management mistakes and system errors from users or even steal or tamper with a user’s data for monetary reasons. Without the protection of a proper auditing mechanism, cloud users would have to run high risks of having their legal rights and interests spoiled without their knowledge. Therefore, many data integrity, assurance, and correctness schemes have been proposed for data auditing. Most of these schemes work by randomly sampling and aggregating signatures from bilinear maps (for more efficiency) to check whether the cloud storage service is honest and whether the data stored in the cloud is correct. Although aggregating signatures can reduce the auditor’s computing overhead and time, unfortunately, none of these schemes have offered any workable solution to giving detailed information on where the errors are when the cloud data as a whole fails the auditing. To fix this problem, we shall propose a new public auditing scheme with a mechanism integrated into it especially to locate the problematic data blocks when they exist. With efficiency, the proposed scheme is capable not only of giving an accurate pass/fail report but also providing detailed information on the locations of the errors detected.     

Futuristic CRISPR-based biosensing in the cloud and internet of things era: an overview

Multimedia Tools and Applications - Biosensors-based devices are transforming medical diagnosis of diseases and monitoring of patient signals. The development of smart and automated molecular...     

Dynamic proof of retrievability based on public auditing for coded secure cloud storage

Multimedia Tools and Applications - Cloud storage represents a cloud delivered-service model which draws the attention of organizations and individuals due to its uncounted attractive advantages....     

Bidirectional self-adaptive resampling in internet of things big data learning

Multimedia Tools and Applications - This paper focuses on the problem of low learning algorithm accuracy caused by serious imbalance of big data in Internet of Things, and proposes a bidirectional...     

Cryptographic system for data applications,in the context of internet of things

With each passing day, Internet of Things (IoT), has the potential to transform our society to a more digital way. In this paper, a cryptographic system is proposed, which has been designed and implemented, following the IoT optimized technologies. As the benefits of IoT are numerous, the need for a privacy platform is more than necessary to be developed. This work aims to demonstrate this by, firstly, implementing efficient and flexible, the fundamentals primitives of cryptography and privacy. Secondly, this is achieved, by introducing applied cryptography, in a more interactive and flexible approach. The proposed system and the incorporation of this platform is scrutinized. In the context of this work, an application of symmetric cryptography is introduced, based on the Advanced Encryption Standard (AES) in Electronic Code Book (ECB), Cipher Block Chaining (CBC) and Counter (CTR) modes of operation, for both encryption and decryption of texts, images and electronic data applications. In addition two other security schemes are supported by the proposed system: AES Galois/Counter Mode (GCM) and AES Galois Message Authentication Code (GMAC). The GCM proposed integration, in an authentication scheme, designed to provide authenticity and confidentiality, at the same time. On the other hand, GMAC, can be applied as message authentication code. Both operations, are optimized in sense of implementation resources, since the major cost is targeted to AES core. In addition, based on the integrated hardware modules, user registration and validation is proposed and implemented, with no additional cost, and with no performance penalty. Furthermore, two factor authentication has been designed and proposed, based on One Time Passwords (OTP), which can been produced with a random procedure. After these, a reference to the security levels, as regards to the communication between the IoT layers of the architecture, is presented. IoT hardware platforms are facing lack of security level and this brings the opportunity to use advanced security mechanisms. Implementation comparison results emphasize the importance of testing and measuring the performance of the alternative encryption algorithms, supported by hardware platforms.     

基于共有区块链的物联网分布式身份验证方法

为在计算能力和存储能力非常有限的物联网(IoT)上进行高效的集中式身份验证,借助于区块链,提出一种基于共有区块链的分布式物联网身份验证方法.基于共有区块链提供的安全特性,创建安全的虚拟区,相同虚拟区内的物品可识别并信任其它物品.所提方法确保了设备的正确识别和认证,保护了数据的完整性和可用性.实验结果表明,该方法能够满足...