With the development of cloud computing, virtualization technology has been widely used in our life. Meanwhile, it became one of the key targets for some attackers. The integrity measurement in virtual machine has bec...With the development of cloud computing, virtualization technology has been widely used in our life. Meanwhile, it became one of the key targets for some attackers. The integrity measurement in virtual machine has become an urgent problem. Some of the existing virtualization platform integrity measurement mechanism introduces the trusted computing technology, according to a trusted chain that the Trusted Platform Module(TPM) established for trusted root to measure the integrity of process in static. But this single chain static measurement cannot ensure the dynamic credible in platform running. To solve the problem that the virtual trusted platform can not guarantee the dynamic credibility, this paper put forward Dynamic Integrity Measurement Model(DIMM) based on virtual Trusted Platform Module(v TPM) which had been implemented with typical virtual machine monitor Xen as an example. DIMM combined with virtual machine introspection and event capture technology to ensure the security of the entire user domain. Based on the framework, this paper put forward Self-modify dynamic measurement strategy which can effectively reduce the measurement frequency and improve the measurement performance. Finally, it is proved that the validity and feasibility of the proposed model with comparison experiments.展开更多
While users enjoy the convenience of data outsourcing in the cloud,they also face the risks of data modification and private information leakage.Searchable encryption technology can perform keyword searches over encry...While users enjoy the convenience of data outsourcing in the cloud,they also face the risks of data modification and private information leakage.Searchable encryption technology can perform keyword searches over encrypted data while protecting their privacy and guaranteeing the integrity of the data by verifying the search results.However,some associated problems are still encountered,such as the low efficiency of verification and uncontrollable query results.Accordingly,this paper proposes a Privacy-Preserving Searchable Encryption(PPSE)scheme based on public and private blockchains.First,we store an encrypted index in a private blockchain while outsourcing corresponding encrypted documents to a public blockchain.The encrypted documents are located through the encrypted index.This method can reduce the storage overhead on the blockchains,and improve the efficiency of transaction execution and the security of stored data.Moreover,we adopt a smart contract to introduce a secondary verification access control mechanism and restrict data users’access to the private blockchain through authorization for the purpose of guaranteeing data privacy and the correctness of access control verification.Finally,the security analysis and experimental results indicate that compared with existing schemes,the proposed scheme can not only improve the security of encrypted data but also guarantee the efficiency of the query.展开更多
Attribute-Based Encryption (ABE) has been widely used for ciphertext retrieval in the cloud environment.However,bi-flexible attribute control and privacy keywords are difficult problems that have yet to be solved.In t...Attribute-Based Encryption (ABE) has been widely used for ciphertext retrieval in the cloud environment.However,bi-flexible attribute control and privacy keywords are difficult problems that have yet to be solved.In this paper,we introduce the denial of access policy and the mutual matching algorithm of a dataset used to realize bidirectional control of attributes in the cloud server.To solve the problem of keyword privacy,we construct a security trapdoor by adding random numbers that effectively resist keyword guessing attacks from cloud servers and external attackers.System security is reduced to the Deterministic Bilinear Diffie-Hellman (DBDH) hypothesis problem.We validate our scheme through theoretical security analysis and experimental verification.Experiments are conducted on a real dataset,and results show that the scheme has higher security and retrieval efficiency than previous methods.展开更多
基金supported by National Natural Science Foundation of China (61170254,61379116), Hebei Natural Science Foundation Project (F2016201244)Hebei Province Science and Technology Research Project of Higher Education (ZD2016043)Hebei Engineering Technology Research Center for IOT Data Acquisition & Processing, North China Insitute of Science and Technology, Hebei 065201,China
文摘With the development of cloud computing, virtualization technology has been widely used in our life. Meanwhile, it became one of the key targets for some attackers. The integrity measurement in virtual machine has become an urgent problem. Some of the existing virtualization platform integrity measurement mechanism introduces the trusted computing technology, according to a trusted chain that the Trusted Platform Module(TPM) established for trusted root to measure the integrity of process in static. But this single chain static measurement cannot ensure the dynamic credible in platform running. To solve the problem that the virtual trusted platform can not guarantee the dynamic credibility, this paper put forward Dynamic Integrity Measurement Model(DIMM) based on virtual Trusted Platform Module(v TPM) which had been implemented with typical virtual machine monitor Xen as an example. DIMM combined with virtual machine introspection and event capture technology to ensure the security of the entire user domain. Based on the framework, this paper put forward Self-modify dynamic measurement strategy which can effectively reduce the measurement frequency and improve the measurement performance. Finally, it is proved that the validity and feasibility of the proposed model with comparison experiments.
基金supported by the National Natural Science Foundation of China (No.61972073)the Key Program of Natural Science Foundation of Hebei Province of China (No.F2019201290)the Natural Science Foundation of Hebei Province of China (No.F2018201153).
文摘While users enjoy the convenience of data outsourcing in the cloud,they also face the risks of data modification and private information leakage.Searchable encryption technology can perform keyword searches over encrypted data while protecting their privacy and guaranteeing the integrity of the data by verifying the search results.However,some associated problems are still encountered,such as the low efficiency of verification and uncontrollable query results.Accordingly,this paper proposes a Privacy-Preserving Searchable Encryption(PPSE)scheme based on public and private blockchains.First,we store an encrypted index in a private blockchain while outsourcing corresponding encrypted documents to a public blockchain.The encrypted documents are located through the encrypted index.This method can reduce the storage overhead on the blockchains,and improve the efficiency of transaction execution and the security of stored data.Moreover,we adopt a smart contract to introduce a secondary verification access control mechanism and restrict data users’access to the private blockchain through authorization for the purpose of guaranteeing data privacy and the correctness of access control verification.Finally,the security analysis and experimental results indicate that compared with existing schemes,the proposed scheme can not only improve the security of encrypted data but also guarantee the efficiency of the query.
文摘Attribute-Based Encryption (ABE) has been widely used for ciphertext retrieval in the cloud environment.However,bi-flexible attribute control and privacy keywords are difficult problems that have yet to be solved.In this paper,we introduce the denial of access policy and the mutual matching algorithm of a dataset used to realize bidirectional control of attributes in the cloud server.To solve the problem of keyword privacy,we construct a security trapdoor by adding random numbers that effectively resist keyword guessing attacks from cloud servers and external attackers.System security is reduced to the Deterministic Bilinear Diffie-Hellman (DBDH) hypothesis problem.We validate our scheme through theoretical security analysis and experimental verification.Experiments are conducted on a real dataset,and results show that the scheme has higher security and retrieval efficiency than previous methods.