基于同态加密的智能电表数据聚合方案

针对多个智能电表实时采集数据聚合上传过程中所存在的用户隐私泄露和计算效率不高的问题,提出了一个基于同态加密的智能电表数据聚合方案。该聚合方案使得多个智能电表数据能够聚合传输至电力系统,而电力系统却无法得到单个智能电表的用电数据。仿真结果表明,该方案在智能电表侧和聚合器侧均可有效降低计算成本和通信成本。     

基于区块链的车辆到电网隐私保护方案

<正>车辆到电网（Vehicle to Grid,V2G）是智能电网中新兴的重要技术,它通过电动汽车和智能电网间的电力双向流动,增加了电网的灵活性和弹性。然而,由于大量的电力双向交互,V2G网络面临着严峻的隐私和安全挑战。针对上述挑战,本文提出了一种基于区块链的V2G隐私保护方案,通过构建双层区块链,实现电力交互信息的安全存储与共享;引入车辆假名机制实现电动汽车身份隐私保护;利用无证书聚合签密技术保证数据安全和密文的高效验证。安全性分析表明,本文所提方案具有公开验证性和不可伪造性。     

支持第三方仲裁的智能电网数据安全聚合方案

智能电网作为新一代的电力系统,显著提高了电力服务的效率、可靠性和可持续性,但用户侧信息安全问题也日渐突出.本文针对智能电网系统中用户数据信息泄露的问题,提出了一个具有隐私保护的数据安全采集方案.收集器能够对采集到的电表数据进行验证,聚合为一个新的数据包,发送给电力服务中心解密和存储,且第三方仲裁机构能够解决用户端智能电表与电力服务中心发生的纠纷.同时,本方案支持收集器,电力服务中心和第三方仲裁机构执行批量验证操作,以提升验证效率.本文的理论分析与实验比较表明,该方案比同类型方案具有更高的运算效率和通信效率.     

智能电网中面向隐私保护的数据聚合算法

随着智能电网(SG)的迅速发展,其安全和效率受到广泛关注。在SG中,居住区域内多个智能电表(SM)设备将感测数据传输至控制中心,使得用户数据需经过一些中间节点才到达控制中心。而通过挖掘用户相关数据(URD),攻击者能够窃取用户的习惯和行为,因此,需要保护用户的隐私。为此,提出面向隐私保护的数据聚合(PPDA)算法。PPDA算法利用群位置隐私(GLP)掩饰由SM产生的数据,并利用Paillier加密系统对用户数据进行保护。此外,PPDA算法无需任何安全信道。仿真结果表明,提出的PPDA算法能够防御偷听攻击和勾结攻击,并控制了计算开销。     

基于零知识证明的跨链隐私智能合约

针对跨链智能合约的代码和数据在跨链交易中公开披露用户隐私信息的情景,设计具有隐私保护功能的跨链智能合约,该合约中每一个函数所涉及的用户隐私信息,将被用户加密后作为函数参数输入,同时引入零知识证明电路,用于证明用户输入密文的正确性。在合约执行过程中,合约调用者通过输入公共参数和隐私参数密文发起合约调用请求,跨链隐私智能合约的验证节点使用零知识证明电路来验证用户输入信息的正确性并执行智能合约,从而在保护用户隐私信息的同时确保智能合约的正确执行。     

雾计算中细粒度属性更新的外包计算访问控制方案

针对基于密文策略的属性加密(CP-ABE)在低时延需求较高的雾计算环境中,存在加解密开销大、属性更新效率低的问题,提出了一种雾计算中细粒度属性更新的外包计算访问控制方案,使用模加法一致性秘密(密钥)分享技术构建访问控制树,将加解密计算操作外包给雾节点,降低用户加解密开销;结合重加密机制,在雾节点建立组密钥二叉树对密文进行重加密,实现对用户属性的灵活更新。安全性分析表明,所提方案在决策双线性Diffie-Hellman假设下是安全的。仿真实验结果表明,所提方案中用户加解密时间开销相比其他方案更小,属性更新效率更高。     

新的具有隐私保护功能的异构聚合签密方案

异构聚合签密方案不仅可以保证异构密码系统之间数据的机密性和不可伪造性,而且可以提供多个密文批量验证。该文分析了一个具有隐私保护功能的异构聚合签密方案的安全性,指出该方案不能抵挡恶意密钥生成中心(KGC)攻击,恶意KGC可以伪造有效的单密文和聚合密文。为了提高原方案的安全性,该文提出一种新的具有隐私保护功能的异构聚合签密方案。该方案克服了原方案存在的安全性问题,实现了无证书密码环境到身份密码环境之间的数据安全传输,在随机预言机模型下证明新方案的安全性。效率分析表明新方案与原方案效率相当。     

基于异构数据的电力短期负荷大数据预测方案

随着多种可再生能源电力的接入,电力系统正在向更智能、更灵活、交互性更高的系统过渡。负荷预测,特别是针对单个电力客户的短期负荷预测在未来电网规划和运行中发挥着越来越重要的作用。提出了一个基于异构数据的电力短期负荷大数据预测方案,该方案收集来自智能电表和天气预报的数据,预处理后将其加载到非关系型数据库中进行存储并做进一步的异构数据处理;设计并实现了一个长短期记忆递归神经网络模型,用于确定负荷分布并预测未来24 h的住宅小区用电量;最后利用一个住宅小区的智能电表数据集对提出的短期负荷预测框架进行了测试,并使用均方根误差和平均绝对百分比误差两个指标,对比了预测模型与两种经典算法的性能,验证了所提模型的有效性。     

移动社交网络多密钥混淆的交友隐私保护方案研究

在移动社交网络中,为保证交友匹配过程中用户的隐私,提出多密钥混淆隐私保护方案.利用代理重加密技术,对用户密钥密文进行重新加密,实现了以扩充交友访问策略条件的交友匹配,并保证密文转换过程中用户的隐私不被泄露;利用随机密文组件加密技术,实现了对真实明文对应加密文件的信息隐藏,提高了攻击者的破解难度;利用数据摘要签名技术,解决了以往方案未考虑的多加密文件对应的文件解密问题.安全和实验分析表明,本文方案可以达到CPA（Chosen Plaintext Attack）安全,可以保证交友用户的隐私不被泄露,并且比既有的方案更有效.     

智慧医疗中基于属性加密的云存储数据共享

在电子病历系统中,为了实现多用户环境下的数据搜索,该文提出一种属性基可搜索加密方案。该文将密文和安全索引存储在医疗云,当用户请求医疗数据时,利用属性基可搜索加密算法进行数据搜索,实现了细粒度访问控制。同时方案引入了密文验证算法,解决了半诚实且好奇的云服务器模型下搜索结果不正确的问题。利用数据去重技术实现了重复数据的消除,减少占用医疗云的存储空间。方案同时实现了访问策略的隐藏,保证了数据用户的隐私安全。安全性分析表明,所提方案能很好地保护用户的隐私以及数据的安全。性能分析表明,该方案具有较好的性能,更加适用于智慧医疗等多对多应用场景,有效实现了医生和第三方数据用户在不侵犯患者隐私的前提下共享患者电子病历。     

Privacy-preserving cloud-fog–based traceable road condition monitoring in VANET

With the development of intelligent vehicles, the research on road condition monitoring has attracted much attention in the vehicular ad hoc network (VANET). The combination of VANET, cloud computing, and fog computing provides on-demand computational resources while creating a lot of new challenges. In this paper, we propose an efficient privacy-preserving cloud-fog–based traceable road surface condition monitoring scheme. We use certificateless aggregate signcryption technology to implement multiple messages aggregation verification, which greatly saves computing resources and bandwidth. Moreover, we also use a traceable vehicle pseudo identity generated by a trace authority (TRA) to achieve identity privacy protection. To ensure the privacy of the fog and cloud server, the road condition information is reported in ciphertext format. In addition, the cloud server can perform ciphertext equivalence test operation to distinguish different road condition information of the same area without compromising the confidentiality. The ciphertext, which exceeds the set threshold, is uploaded to the blockchain. It can be stored permanently and never be tampered with or deleted. Finally, we demonstrate the correctness of the proposed scheme and show that the proposed scheme has higher efficiency.     

Multiuser access control searchable privacy‐preserving scheme in cloud storage

Searchable encryption scheme‐based ciphertext‐policy attribute‐based encryption (CP‐ABE) is a effective scheme for providing multiuser to search over the encrypted data on cloud storage environment. However, most of the existing search schemes lack the privacy protection of the data owner and have higher computation time cost. In this paper, we propose a multiuser access control searchable privacy‐preserving scheme in cloud storage. First, the data owner only encrypts the data file and sets the access control list of multiuser and multiattribute for search data file. And the computing operation, which generates the attribute keys of the users' access control and the keyword index, is given trusted third party to perform for reducing the computation time of the data owner. Second, using CP‐ABE scheme, trusted third party embeds the users' access control attributes into their attribute keys. Only when those embedded attributes satisfy the access control list, the ciphertext can be decrypted accordingly. Finally, when the user searches data file, the keyword trap door is no longer generated by the user, and it is handed to the proxy server to finish. Also, the ciphertext is predecrypted by the proxy sever before the user performs decryption. In this way, the flaw of the client's limited computation resource can be solved. Security analysis results show that this scheme has the data privacy, the privacy of the search process, and the collusion‐resistance attack, and experimental results demonstrate that the proposed scheme can effectively reduce the computation time of the data owner and the users.     

Secure personal data sharing in cloud computing using attribute-based broadcast encryption

The ciphertext-policy (CP) attribute-based encryption (ABE) (CP-ABE) emergings as a promising technology for allowing users to conveniently access data in cloud computing. Unfortunately, it suffers from several drawbacks such as decryption overhead, user revocation and privacy preserving. The authors proposed a new efficient and privacy-preserving attribute-based broadcast encryption (BE) (ABBE) named EP-ABBE, that can reduce the decryption computation overhead by partial decryption, and protect user privacy by obfuscating access policy of ciphertext and user's attributes. Based on EP-ABBE, a secure and flexible personal data sharing scheme in cloud computing was presented, in which the data owner can enjoy the flexibly of encrypting personal data using a specified access policy together with an implicit user index set. With the proposed scheme, efficient user revocation is achieved by dropping revoked user's index from the user index set, which is with very low computation cost. Moreover, the privacy of user can well be protected in the scheme. The security and performance analysis show that the scheme is secure, efficient and privacy-preserving.     

云环境下基于环签密的用户身份属性保护方案

身份属性泄漏是最严重的云计算安全威胁之一,为解决该问题,提出了一种基于环签密的身份属性保护方案.该方案以云服务的数字身份管理为研究对象,论述了去中心化的用户密钥分割管理机制,用户自主选择算子在本地生成并存储密钥,从而令注册管理者(registrar)无法获得用户完全私钥,达到消除证书管理负载的目的.另外,本方案以用户访问权限为中心设计身份属性盲环签密验证机制,令用户和CSP组成环,基于环和自身属性用户可对消息子线性盲签密以及非交互公开密文验证,用以阻止多个CSP共谋导致的身份属性泄露场景,从而保护身份属性的完整性和机密性.最后,给出密文和属性强不可伪造、盲性机制的证明结果,在DBDH困难问题假设和适应性选择密文攻击下,方案中的用户可生成3个完全私钥组件,成功阻止环成员身份伪装.为验证系统有效性,围绕身份属性保护方案的综合负载问题对盲环签密算法进行性能评估,并对比同类算法以证实系统优化结果.     

抗关键词猜测的授权可搜索加密方案

大多数可搜索加密方案仅支持对单关键词集的搜索,且数据使用者不能迅速对云服务器返回的密文进行有效性判断,同时考虑到云服务器具有较强的计算能力,可能会对关键词进行猜测,且没有对数据使用者的身份进行验证。针对上述问题,该文提出一个对数据使用者身份验证的抗关键词猜测的授权多关键词可搜索加密方案。方案中数据使用者与数据属主给授权服务器进行授权,从而验证数据使用者是否为合法用户;若验证通过,则授权服务器利用授权信息协助数据使用者对云服务器返回的密文进行有效性检测;同时数据使用者利用服务器的公钥和伪关键词对关键词生成陷门搜索凭证,从而保证关键词的不可区分性。同时数据属主在加密时,利用云服务器的公钥、授权服务器的公钥以及数据使用者的公钥,可以防止合谋攻击。最后在随机预言机模型下证明了所提方案的安全性,并通过仿真实验验证,所提方案在多关键词环境下具有较好的效率。     

一种新型无线传感器网络安全研究

物联网作为网络延伸的新拓展,广泛应用于社会各领域。无线传感器网络作为物联网的重要组成部分,基于无线传感器网络安全研究已成为目前物联网安全研究的重点。针对无线传感器网络计算能力较小、难以完成复杂计算的问题,设计了一种无线传感器网络安全架构方案。方案将无线传感器网络划分为若干个以中心节点作为信息传输端的节点网络,中心节点传递该节点网络搜集的信息到数据中心进行处理。采用可搜索加密技术,使得管理员可以直接获取所需信息对应的密文,而不用对整体密文解密后再搜集,提高了无线传感器网络的效率。     

Attribute-based fully homomorphic encryption scheme over rings

The fully homomorphic encryption has important applications in the area of data security and privacy security of cloud computing,but the size of secret keys and ciphertext in most of current homomorphic encryption schemes were too large,which restricted its practical.To improve these drawbacks,a recoding scheme and a attribute-based encryption scheme based on learning with errors problem over rings were provided,then a attribute-based fully homomorphic encryption was constructed.The new scheme overcame the above mentioned drawbacks,because it did't need public key certificate,meanwhile,it can achieve the fine-grained access control to the ciphertext.Compared with similar results,proposed method decreases the size of keys and ciphertext greatly.     

Slight Homomorphic Signature for Access Controlling in Cloud Computing

With the popularity of cloud computing, how to securely authenticate a user while not releasing user’s sensitive information becomes a challenge. In this paper, we introduce a slight homomorphic signature, which is suitable to implement an access controlling service in cloud computing. In slight homomorphic signature, each user in cloud computing who have a set of identity attributes, firstly computes a full signature on all his identity attributes, and sends it to a semi-trusted access controlling server. The access controlling server verifies the full signature for all identity attributes. After then, if the user wants to require a cloud service, which may have a special requirement on one of the identity attributes, the user only needs to securely send the cloud service’s name to the access controlling server. The access controlling server which does not know the secret key can compute a partial signature on this special identity attribute, and then sends it to the cloud server for authentication. In the paper, we give a formal secure definition of this slight homomorphic signature, and construct a scheme from Boneh–Boyen signature. We prove that our scheme is secure under q-SDH problem with a weak adversary.     

WSN低功耗低时延路径式协同计算方法

针对云计算应用于无线传感器网络(Wireless Sensor Network,WSN)时延敏感型业务时存在的高传输时延问题,提出了一种WSN低功耗低时延路径式协同计算方法.该方法基于一种云雾网络架构开展研究,该架构利用汇聚节点组成雾计算层;在数据传输过程中基于雾计算层的计算能力分步骤完成任务计算,降低任务处理时延;由...