社交网络中具有可传递性的细粒度访问控制方案

针对社交网络中隐私保护的需求,基于属性基加密(ABE)算法,提出了一种权限可传递性的细粒度访问控制方案。在方案中通过属性的设置实现了社交网络成员不同粒度的刻画,为细粒度加密和访问提供了基础;同时在方案中引入了代理服务器,对非授权成员与授权成员之间的关系进行分析,从而判定非授权成员的访问权限。若该成员可以获得访问权限,密钥生成中心依据授权成员的属性为其生成解密密钥,进而实现访问权限的传递性。与其他基于访问控制或加密技术的隐私保护方案相比,所提方案将对数据的访问控制和加密保护相统一,在实现数据加密的同时,提供细粒度的访问控制;并结合社交网络的特点实现了访问权限的传递性。     

基于区块链的多关键字细粒度可搜索加密方案

密文策略下基于属性的关键字搜索(CP-ABKS)技术可以对加密的数据实现细粒度控制和检索.现有CP-ABKS方案较少考虑云服务器的恶意行为和搜索过程的公平支付,且通常只支持单关键字密文检索.对此,文章提出基于区块链的多关键字细粒度可搜索加密方案.利用密文策略下基于属性的加密技术满足多用户检索,实现了细粒度访问控制和访问...     

云计算环境下支持属性撤销的外包解密DRM方案

数字版权管理(digital rights management, DRM)是我国信息化建设的重要内容.但高昂的投资成本和欠佳的用户体验是其进一步推广的瓶颈.而已有的采用云计算解决DRM瓶颈问题的研究大都只着眼于云计算的存储服务功能,较少关注云计算的计算优势.提出了一种云计算环境下支持属性撤销的外包解密DRM方案.考虑到DRM中用户隐私保护的问题,提出用户通过匿名标签购买许可证.此外,为了充分发挥云计算在计算上的优势以及可以灵活、细粒度地撤销用户的属性,提出了一种支持属性撤销的外包解密CP-ABE(ciphertext-policy attribute-based encryption)机制.与已有的基于云计算的数字版权保护方案相比,提出的方案在保护内容和用户隐私的同时,支持灵活的访问控制机制和细粒度的用户属性撤销,并且支持CP-ABE的解密外包计算,方案具有较好的实用性.     

Exploring C-to-G and A-to-Y Base Editing in Rice by Using New Vector Tools

CRISPR/Cas9-based cytosine base editors (CBEs) and adenine base editors (ABEs) can efficiently mediate C-to-T/G-to-A and A-to-G/T-to-C substitutions, respectively; however, achieving base transversions (C-to-G/C-to-A and A-to-T/A-to-C) is challenging and has been rarely studied in plants. Here, we constructed new plant C-to-G base editors (CGBEs) and new A-to-Y (T/C) base editors and explored their base editing characteristics in rice. First, we fused the highly active cytidine deaminase evoFENRY and the PAM-relaxed Cas9-nickase variant Cas9n-NG with rice and human uracil DNA N-glycosylase (rUNG and hUNG), respectively, to construct CGBE-rUNG and CGBE-hUNG vector tools. The analysis of five NG-PAM target sites showed that these CGBEs achieved C-to-G conversions with monoallelic editing efficiencies of up to 27.3% in T₀ rice, with major byproducts being insertion/deletion mutations. Moreover, for the A-to-Y (C or T) editing test, we fused the highly active adenosine deaminase TadA8e and the Cas9-nickase variant SpGn (with NG-PAM) with Escherichia coli endonuclease V (EndoV) and human alkyladenine DNA glycosylase (hAAG), respectively, to generate ABE8e-EndoV and ABE8e-hAAG vectors. An assessment of five NG-PAM target sites showed that these two vectors could efficiently produce A-to-G substitutions in a narrow editing window; however, no A-to-Y editing was detected. Interestingly, the ABE8e-EndoV also generated precise small fragment deletions in the editing window from the 5′-deaminated A base to the SpGn cleavage site, suggesting its potential value in producing predictable small-fragment deletion mutations. Overall, we objectively evaluated the editing performance of CGBEs in rice, explored the possibility of A-to-Y editing, and developed a new ABE8e-EndoV tool, thus providing a valuable reference for improving and enriching base editing tools in plants.     

Correction of Fanconi Anemia Mutations Using Digital Genome Engineering

Fanconi anemia (FA) is a rare genetic disease in which genes essential for DNA repair are mutated. Both the interstrand crosslink (ICL) and double-strand break (DSB) repair pathways are disrupted in FA, leading to patient bone marrow failure (BMF) and cancer predisposition. The only curative therapy for the hematological manifestations of FA is an allogeneic hematopoietic cell transplant (HCT); however, many (>70%) patients lack a suitable human leukocyte antigen (HLA)-matched donor, often resulting in increased rates of graft-versus-host disease (GvHD) and, potentially, the exacerbation of cancer risk. Successful engraftment of gene-corrected autologous hematopoietic stem cells (HSC) circumvents the need for an allogeneic HCT and has been achieved in other genetic diseases using targeted nucleases to induce site specific DSBs and the correction of mutated genes through homology-directed repair (HDR). However, this process is extremely inefficient in FA cells, as they are inherently deficient in DNA repair. Here, we demonstrate the correction of FANCA mutations in primary patient cells using ‘digital’ genome editing with the cytosine and adenine base editors (BEs). These Cas9-based tools allow for C:G > T:A or A:T > C:G base transitions without the induction of a toxic DSB or the need for a DNA donor molecule. These genetic corrections or conservative codon substitution strategies lead to phenotypic rescue as illustrated by a resistance to the alkylating crosslinking agent Mitomycin C (MMC). Further, FANCA protein expression was restored, and an intact FA pathway was demonstrated by downstream FANCD2 monoubiquitination induction. This BE digital correction strategy will enable the use of gene-corrected FA patient hematopoietic stem and progenitor cells (HSPCs) for autologous HCT, obviating the risks associated with allogeneic HCT and DSB induction during autologous HSC gene therapy.     

适合移动云存储的基于属性的关键词搜索加密方案

近年来,随着移动设备性能的不断提升和移动互联网的迅猛发展,越来越多的移动终端参与云端数据存储与共享.为了更好地解决资源受限的移动设备参与云端数据共享的安全和效率问题,基于支持通配符的与门访问结构,提出了一种高效的基于属性的关键词搜索加密方案,并证明了其在标准模型下满足选择关键词明文攻击的不可区分安全性和关键词安全性.该方案采用韦达定理使得每个属性仅需用一个元素表示,方案中索引长度固定,陷门和密钥的长度及陷门算法和搜索算法的计算复杂度与访问结构中可使用的通配符数量上限成正比,同时,移除了索引和陷门传输过程中的安全信道,进一步降低了开销.效率分析表明：与其他方案相比,该方案的计算开销和通信开销较小,更加适用于移动云存储环境.     

基于跨链的医疗数据安全共享方案

医疗机构之间的医疗数据共享对于实现跨医院诊断并促进医学研究发展有着举足轻重的作用.为了解决医疗机构之间医疗数据共享困难的问题,我们提出了一种基于跨链的医疗数据安全共享方案.采用中继链、跨链网关和数据链结合的跨链架构,结合AES和CP-ABE加密算法进行细粒度的医疗数据访问控制.同时利用可搜索加密技术实现医疗数据的安全搜索.为缓解区块链的计算存储开销,将IPFS和区块链相结合,链下存储密文,链上存储密文地址和密钥.通过安全性分析和实验证明,该方案在医疗数据安全共享方面具有可行性.     

面向边缘计算的属性加密方案

传统云环境下的属性加密方案在判定用户访问权限时通常仅依据年龄和职业等用户常规属性,而忽视了访问时间和位置的约束问题。为较好满足边缘计算的实时性和移动性需求,提出一种支持时间与位置约束的多授权外包属性加密方案。通过将时间域与位置域信息同时引入属性加密过程,实现更细粒度的访问控制。采用多授权机构共同管理属性信息,解决单授权机构的性能瓶颈问题,满足用户跨域访问需求。针对边缘计算中移动终端资源受限问题,将大部分解密计算外包至边缘节点,减轻移动终端设备负担。分析结果表明,在边缘计算环境下,该方案以较低的计算和存储开销实现了具有时间和位置约束的访问控制,并且可有效保障用户数据安全。