Data Integrity is a critical component of Data lifecycle management. Its importance increases even more in a complex and dynamic landscape. Actions like unauthorized access, unauthorized modifications, data manipulati...Data Integrity is a critical component of Data lifecycle management. Its importance increases even more in a complex and dynamic landscape. Actions like unauthorized access, unauthorized modifications, data manipulations, audit tampering, data backdating, data falsification, phishing and spoofing are no longer restricted to rogue individuals but in fact also prevalent in systematic organizations and states as well. Therefore, data security requires strong data integrity measures and associated technical controls in place. Without proper customized framework in place, organizations are prone to high risk of financial, reputational, revenue losses, bankruptcies, and legal penalties which we shall discuss further throughout this paper. We will also explore some of the improvised and innovative techniques in product development to better tackle the challenges and requirements of data security and integrity.展开更多
Nowadays,numerous applications are associated with cloud and user data gets collected globally and stored in cloud units.In addition to shared data storage,cloud computing technique offers multiple advantages for the ...Nowadays,numerous applications are associated with cloud and user data gets collected globally and stored in cloud units.In addition to shared data storage,cloud computing technique offers multiple advantages for the user through different distribution designs like hybrid cloud,public cloud,community cloud and private cloud.Though cloud-based computing solutions are highly con-venient to the users,it also brings a challenge i.e.,security of the data shared.Hence,in current research paper,blockchain with data integrity authentication technique is developed for an efficient and secure operation with user authentica-tion process.Blockchain technology is utilized in this study to enable efficient and secure operation which not only empowers cloud security but also avoids threats and attacks.Additionally,the data integrity authentication technique is also uti-lized to limit the unwanted access of data in cloud storage unit.The major objec-tive of the projected technique is to empower data security and user authentication in cloud computing environment.To improve the proposed authentication pro-cess,cuckoofilter and Merkle Hash Tree(MHT)are utilized.The proposed meth-odology was validated using few performance metrics such as processing time,uploading time,downloading time,authentication time,consensus time,waiting time,initialization time,in addition to storage overhead.The proposed method was compared with conventional cloud security techniques and the outcomes establish the supremacy of the proposed method.展开更多
Data protection in databases is critical for any organization,as unauthorized access or manipulation can have severe negative consequences.Intrusion detection systems are essential for keeping databases secure.Advance...Data protection in databases is critical for any organization,as unauthorized access or manipulation can have severe negative consequences.Intrusion detection systems are essential for keeping databases secure.Advancements in technology will lead to significant changes in the medical field,improving healthcare services through real-time information sharing.However,reliability and consistency still need to be solved.Safeguards against cyber-attacks are necessary due to the risk of unauthorized access to sensitive information and potential data corruption.Dis-ruptions to data items can propagate throughout the database,making it crucial to reverse fraudulent transactions without delay,especially in the healthcare industry,where real-time data access is vital.This research presents a role-based access control architecture for an anomaly detection technique.Additionally,the Structured Query Language(SQL)queries are stored in a new data structure called Pentaplet.These pentaplets allow us to maintain the correlation between SQL statements within the same transaction by employing the transaction-log entry information,thereby increasing detection accuracy,particularly for individuals within the company exhibiting unusual behavior.To identify anomalous queries,this system employs a supervised machine learning technique called Support Vector Machine(SVM).According to experimental findings,the proposed model performed well in terms of detection accuracy,achieving 99.92%through SVM with One Hot Encoding and Principal Component Analysis(PCA).展开更多
Since a sensor node handles wireless communication in data transmission and reception and is installed in poor environment, it is easily exposed to certain attacks such as data transformation and sniffing. Therefore, ...Since a sensor node handles wireless communication in data transmission and reception and is installed in poor environment, it is easily exposed to certain attacks such as data transformation and sniffing. Therefore, it is necessary to verify data integrity to properly respond to an adversary's ill-intentioned data modification. In sensor network environment, the data integrity verification method verifies the final data only, requesting multiple communications. An energy-efficient private information retrieval(PIR)-based data integrity verification method is proposed. Because the proposed method verifies the integrity of data between parent and child nodes, it is more efficient than the existing method which verifies data integrity after receiving data from the entire network or in a cluster. Since the number of messages for verification is reduced, in addition, energy could be used more efficiently. Lastly, the excellence of the proposed method is verified through performance evaluation.展开更多
Cyber-physical systems(CPS)have been widely deployed in critical infrastructures and are vulnerable to various attacks.Data integrity attacks manipulate sensor measurements and cause control systems to fail,which are ...Cyber-physical systems(CPS)have been widely deployed in critical infrastructures and are vulnerable to various attacks.Data integrity attacks manipulate sensor measurements and cause control systems to fail,which are one of the prominent threats to CPS.Anomaly detection methods are proposed to secure CPS.However,existing anomaly detection studies usually require expert knowledge(e.g.,system model-based)or are lack of interpretability(e.g.,deep learning-based).In this paper,we present DEEPNOISE,a deep learning-based anomaly detection method for CPS with interpretability.Specifically,we utilize the sensor and process noise to detect data integrity attacks.Such noise represents the intrinsic characteristics of physical devices and the production process in CPS.One key enabler is that we use a robust deep autoencoder to automatically extract the noise from measurement data.Further,an LSTM-based detector is designed to inspect the obtained noise and detect anomalies.Data integrity attacks change noise patterns and thus are identified as the root cause of anomalies by DEEPNOISE.Evaluated on the SWaT testbed,DEEPNOISE achieves higher accuracy and recall compared with state-of-the-art model-based and deep learningbased methods.On average,when detecting direct attacks,the precision is 95.47%,the recall is 96.58%,and F_(1) is 95.98%.When detecting stealthy attacks,precision,recall,and F_(1) scores are between 96% and 99.5%.展开更多
Data outsourcing through cloud storage enables the users to share on-demand resources with cost effective IT services but several security issues arise like confidentiality, integrity and authentication. Each of them ...Data outsourcing through cloud storage enables the users to share on-demand resources with cost effective IT services but several security issues arise like confidentiality, integrity and authentication. Each of them plays an important role in the successful achievement of the other. In cloud computing data integrity assurance is one of the major challenges because the user has no control over the security mechanism to protect the data. Data integrity insures that data received are the same as data stored. It is a result of data security but data integrity refers to validity and accuracy of data rather than protect the data. Data security refers to protection of data against unauthorized access, modification or corruption and it is necessary to ensure data integrity. This paper proposed a new approach using Matrix Dialing Method in block level to enhance the performance of both data integrity and data security without using Third Party Auditor (TPA). In this approach, the data are partitioned into number of blocks and each block converted into a square matrix. Determinant factor of each matrix is generated dynamically to ensure data integrity. This model also implements a combination of AES algorithm and SHA-1 algorithm for digital signature generation. Data coloring on digital signature is applied to ensure data security with better performance. The performance analysis using cloud simulator shows that the proposed scheme is highly efficient and secure as it overcomes the limitations of previous approaches of data security using encryption and decryption algorithms and data integrity assurance using TPA due to server computation time and accuracy.展开更多
Cloud computing has emerged as a viable alternative to traditional computing infrastructures,offering various benefits.However,the adoption of cloud storage poses significant risks to data secrecy and integrity.This a...Cloud computing has emerged as a viable alternative to traditional computing infrastructures,offering various benefits.However,the adoption of cloud storage poses significant risks to data secrecy and integrity.This article presents an effective mechanism to preserve the secrecy and integrity of data stored on the public cloud by leveraging blockchain technology,smart contracts,and cryptographic primitives.The proposed approach utilizes a Solidity-based smart contract as an auditor for maintaining and verifying the integrity of outsourced data.To preserve data secrecy,symmetric encryption systems are employed to encrypt user data before outsourcing it.An extensive performance analysis is conducted to illustrate the efficiency of the proposed mechanism.Additionally,a rigorous assessment is conducted to ensure that the developed smart contract is free from vulnerabilities and to measure its associated running costs.The security analysis of the proposed system confirms that our approach can securely maintain the confidentiality and integrity of cloud storage,even in the presence of malicious entities.The proposed mechanism contributes to enhancing data security in cloud computing environments and can be used as a foundation for developing more secure cloud storage systems.展开更多
Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when ...Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when users perform file operations,the semantic integrity of the data can be compromised.Ensuring both data integrity and semantic correctness has become a critical issue that requires attention.We introduce a pioneering solution called Sec-Auditor,the first of its kind with the ability to verify data integrity and semantic correctness simultaneously,while maintaining a constant communication cost independent of the audited data volume.Sec-Auditor also supports public auditing,enabling anyone with access to public information to conduct data audits.This feature makes Sec-Auditor highly adaptable to open data environments,such as the cloud.In Sec-Auditor,users are assigned specific rules that are utilized to verify the accuracy of data semantic.Furthermore,users are given the flexibility to update their own rules as needed.We conduct in-depth analyses of the correctness and security of Sec-Auditor.We also compare several important security attributes with existing schemes,demonstrating the superior properties of Sec-Auditor.Evaluation results demonstrate that even for time-consuming file upload operations,our solution is more efficient than the comparison one.展开更多
With the rapid development of information technology,IoT devices play a huge role in physiological health data detection.The exponential growth of medical data requires us to reasonably allocate storage space for clou...With the rapid development of information technology,IoT devices play a huge role in physiological health data detection.The exponential growth of medical data requires us to reasonably allocate storage space for cloud servers and edge nodes.The storage capacity of edge nodes close to users is limited.We should store hotspot data in edge nodes as much as possible,so as to ensure response timeliness and access hit rate;However,the current scheme cannot guarantee that every sub-message in a complete data stored by the edge node meets the requirements of hot data;How to complete the detection and deletion of redundant data in edge nodes under the premise of protecting user privacy and data dynamic integrity has become a challenging problem.Our paper proposes a redundant data detection method that meets the privacy protection requirements.By scanning the cipher text,it is determined whether each sub-message of the data in the edge node meets the requirements of the hot data.It has the same effect as zero-knowledge proof,and it will not reveal the privacy of users.In addition,for redundant sub-data that does not meet the requirements of hot data,our paper proposes a redundant data deletion scheme that meets the dynamic integrity of the data.We use Content Extraction Signature(CES)to generate the remaining hot data signature after the redundant data is deleted.The feasibility of the scheme is proved through safety analysis and efficiency analysis.展开更多
Genome-wide association mapping studies(GWAS)based on Big Data are a potential approach to improve marker-assisted selection in plant breeding.The number of available phenotypic and genomic data sets in which medium-s...Genome-wide association mapping studies(GWAS)based on Big Data are a potential approach to improve marker-assisted selection in plant breeding.The number of available phenotypic and genomic data sets in which medium-sized populations of several hundred individuals have been studied is rapidly increasing.Combining these data and using them in GWAS could increase both the power of QTL discovery and the accuracy of estimation of underlying genetic effects,but is hindered by data heterogeneity and lack of interoperability.In this study,we used genomic and phenotypic data sets,focusing on Central European winter wheat populations evaluated for heading date.We explored strategies for integrating these data and subsequently the resulting potential for GWAS.Establishing interoperability between data sets was greatly aided by some overlapping genotypes and a linear relationship between the different phenotyping protocols,resulting in high quality integrated phenotypic data.In this context,genomic prediction proved to be a suitable tool to study relevance of interactions between genotypes and experimental series,which was low in our case.Contrary to expectations,fewer associations between markers and traits were found in the larger combined data than in the individual experimental series.However,the predictive power based on the marker-trait associations of the integrated data set was higher across data sets.Therefore,the results show that the integration of medium-sized to Big Data is an approach to increase the power to detect QTL in GWAS.The results encourage further efforts to standardize and share data in the plant breeding community.展开更多
Plant morphogenesis relies on precise gene expression programs at the proper time and position which is orchestrated by transcription factors(TFs)in intricate regulatory networks in a cell-type specific manner.Here we...Plant morphogenesis relies on precise gene expression programs at the proper time and position which is orchestrated by transcription factors(TFs)in intricate regulatory networks in a cell-type specific manner.Here we introduced a comprehensive single-cell transcriptomic atlas of Arabidopsis seedlings.This atlas is the result of meticulous integration of 63 previously published scRNA-seq datasets,addressing batch effects and conserving biological variance.This integration spans a broad spectrum of tissues,including both below-and above-ground parts.Utilizing a rigorous approach for cell type annotation,we identified 47 distinct cell types or states,largely expanding our current view of plant cell compositions.We systematically constructed cell-type specific gene regulatory networks and uncovered key regulators that act in a coordinated manner to control cell-type specific gene expression.Taken together,our study not only offers extensive plant cell atlas exploration that serves as a valuable resource,but also provides molecular insights into gene-regulatory programs that varies from different cell types.展开更多
With the popularization of the Internet and the development of technology,cyber threats are increasing day by day.Threats such as malware,hacking,and data breaches have had a serious impact on cybersecurity.The networ...With the popularization of the Internet and the development of technology,cyber threats are increasing day by day.Threats such as malware,hacking,and data breaches have had a serious impact on cybersecurity.The network security environment in the era of big data presents the characteristics of large amounts of data,high diversity,and high real-time requirements.Traditional security defense methods and tools have been unable to cope with the complex and changing network security threats.This paper proposes a machine-learning security defense algorithm based on metadata association features.Emphasize control over unauthorized users through privacy,integrity,and availability.The user model is established and the mapping between the user model and the metadata of the data source is generated.By analyzing the user model and its corresponding mapping relationship,the query of the user model can be decomposed into the query of various heterogeneous data sources,and the integration of heterogeneous data sources based on the metadata association characteristics can be realized.Define and classify customer information,automatically identify and perceive sensitive data,build a behavior audit and analysis platform,analyze user behavior trajectories,and complete the construction of a machine learning customer information security defense system.The experimental results show that when the data volume is 5×103 bit,the data storage integrity of the proposed method is 92%.The data accuracy is 98%,and the success rate of data intrusion is only 2.6%.It can be concluded that the data storage method in this paper is safe,the data accuracy is always at a high level,and the data disaster recovery performance is good.This method can effectively resist data intrusion and has high air traffic control security.It can not only detect all viruses in user data storage,but also realize integrated virus processing,and further optimize the security defense effect of user big data.展开更多
Integrated data and energy transfer(IDET)enables the electromagnetic waves to transmit wireless energy at the same time of data delivery for lowpower devices.In this paper,an energy harvesting modulation(EHM)assisted ...Integrated data and energy transfer(IDET)enables the electromagnetic waves to transmit wireless energy at the same time of data delivery for lowpower devices.In this paper,an energy harvesting modulation(EHM)assisted multi-user IDET system is studied,where all the received signals at the users are exploited for energy harvesting without the degradation of wireless data transfer(WDT)performance.The joint IDET performance is then analysed theoretically by conceiving a practical time-dependent wireless channel.With the aid of the AO based algorithm,the average effective data rate among users are maximized by ensuring the BER and the wireless energy transfer(WET)performance.Simulation results validate and evaluate the IDET performance of the EHM assisted system,which also demonstrates that the optimal number of user clusters and IDET time slots should be allocated,in order to improve the WET and WDT performance.展开更多
Building model data organization is often programmed to solve a specific problem,resulting in the inability to organize indoor and outdoor 3D scenes in an integrated manner.In this paper,existing building spatial data...Building model data organization is often programmed to solve a specific problem,resulting in the inability to organize indoor and outdoor 3D scenes in an integrated manner.In this paper,existing building spatial data models are studied,and the characteristics of building information modeling standards(IFC),city geographic modeling language(CityGML),indoor modeling language(IndoorGML),and other models are compared and analyzed.CityGML and IndoorGML models face challenges in satisfying diverse application scenarios and requirements due to limitations in their expression capabilities.It is proposed to combine the semantic information of the model objects to effectively partition and organize the indoor and outdoor spatial 3D model data and to construct the indoor and outdoor data organization mechanism of“chunk-layer-subobject-entrances-area-detail object.”This method is verified by proposing a 3D data organization method for indoor and outdoor space and constructing a 3D visualization system based on it.展开更多
Cloud computing and storage services allow clients to move their data center and applications to centralized large data centers and thus avoid the burden of local data storage and maintenance.However,this poses new ch...Cloud computing and storage services allow clients to move their data center and applications to centralized large data centers and thus avoid the burden of local data storage and maintenance.However,this poses new challenges related to creating secure and reliable data storage over unreliable service providers.In this study,we address the problem of ensuring the integrity of data storage in cloud computing.In particular,we consider methods for reducing the burden of generating a constant amount of metadata at the client side.By exploiting some good attributes of the bilinear group,we can devise a simple and efficient audit service for public verification of untrusted and outsourced storage,which can be important for achieving widespread deployment of cloud computing.Whereas many prior studies on ensuring remote data integrity did not consider the burden of generating verification metadata at the client side,the objective of this study is to resolve this issue.Moreover,our scheme also supports data dynamics and public verifiability.Extensive security and performance analysis shows that the proposed scheme is highly efficient and provably secure.展开更多
Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a pu...Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.展开更多
Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data s...Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data security threats,even more complex.When a user quit its group,remaining data block signatures must be re-signed to ensure security.Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side.However,considering the privacy and security need of group auditing,there still lacks a comprehensive solution to implement secure group user revocation,supporting identity privacy preserving and collusion attack resistance.Aiming at this target,we construct a concrete scheme based on ring signature and smart contracts.We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification.And the new meta data supports secure revocation.Meanwhile,smart contracts are using for resisting possible collusion attack and malicious re-signing computation.Under the combined effectiveness of both signature method and blockchain smart contracts,our proposal supports reliable user revocation and signature re-signing,without revealing any user identity in the whole process.Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.展开更多
With the rapidly developing of Internet of Things (IoT), the volume ofdata generated by IoT systems is increasing quickly. To release the pressure ofdata management and storage, more and more enterprises and individua...With the rapidly developing of Internet of Things (IoT), the volume ofdata generated by IoT systems is increasing quickly. To release the pressure ofdata management and storage, more and more enterprises and individuals preferto integrate cloud service with IoT systems, in which the IoT data can be outsourced to cloud server. Since cloud service provider (CSP) is not fully trusted,a variety of methods have been proposed to deal with the problem of data integritychecking. In traditional data integrity audition schemes, the task of data auditing isusually performed by Third Party Auditor (TPA) which is assumed to be trustful.However, in real-life TPA is not trusted as people thought. Therefore, theseschemes suffer from the underlying problem of single-point failure. Moreover,most of the traditional schemes are designed by RSA or bilinear map techniqueswhich consume heavy computation and communication cost. To overcome theseshortcomings, we propose a novel data integrity checking scheme for cloud-IoTdata based on blockchain technique and homomorphic hash. In our scheme, thetags of all data blocks are computed by a homomorphic hash function and storedin blockchain. Moreover, each step within the process of data integrity checking issigned by the performer, and the signatures are stored in blockchain through smartcontracts. As a result, each behavior for data integrity checking in our scheme canbe traced and audited which improves the security of the scheme greatly. Furthermore, batch-audition for multiple data challenges is also supported in our scheme.We formalize the system model of our scheme and give the concrete construction.Detailed performance analyses demonstrate that our proposed scheme is efficientand practical without the trust-assumption of TPA.展开更多
Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checkin...Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checking based on Intel Processor Trace(Intel PT),the instruction tracing facility on x86 processors.We incorporate software instrumentation and hardware instruction tracing to guarantee fine-grained data integrity without frequently switching the processor mode.We incorporate the idea in a system named DTrace which provides primitives to instruct Intel PT to capture the data load and store events,even current Intel PT implementations only record control transfers.The trace is analyzed before the program makes security-sensitive operations.We apply DTrace in several case studies to show that the primitives that DTrace provides are easy to use and help to enhance data integrity in applications.We further evaluate DTrace with several microbenchmarks to show the time cost that DTrace’s data tracing operation incurs.We also evaluate DTrace on Nginx to show the performance impact when Nginx is enhanced in security to provide the integrity during the runtime execution for programmer-defined security sensitive data.We find the performance overhead that DTrace incurs for the data tracing is moderate.展开更多
Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checkin...Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checking based on Intel Processor Trace(Intel PT),the instruction tracing facility on x86 processors.We incorporate software instrumentation and hardware instruction tracing to guarantee fine-grained data integrity without frequently switching the processor mode.We incorporate the idea in a system named DTrace which provides primitives to instruct Intel PT to capture the data load and store events,even current Intel PT implementations only record control transfers.The trace is analyzed before the program makes security-sensitive operations.We apply DTrace in several case studies to show that the primitives that DTrace provides are easy to use and help to enhance data integrity in applications.We further evaluate DTrace with several microbenchmarks to show the time cost that DTrace’s data tracing operation incurs.We also evaluate DTrace on Nginx to show the performance impact when Nginx is enhanced in security to provide the integrity during the runtime execution for programmer-defined security sensitive data.We find the performance overhead that DTrace incurs for the data tracing is moderate.展开更多
文摘Data Integrity is a critical component of Data lifecycle management. Its importance increases even more in a complex and dynamic landscape. Actions like unauthorized access, unauthorized modifications, data manipulations, audit tampering, data backdating, data falsification, phishing and spoofing are no longer restricted to rogue individuals but in fact also prevalent in systematic organizations and states as well. Therefore, data security requires strong data integrity measures and associated technical controls in place. Without proper customized framework in place, organizations are prone to high risk of financial, reputational, revenue losses, bankruptcies, and legal penalties which we shall discuss further throughout this paper. We will also explore some of the improvised and innovative techniques in product development to better tackle the challenges and requirements of data security and integrity.
文摘Nowadays,numerous applications are associated with cloud and user data gets collected globally and stored in cloud units.In addition to shared data storage,cloud computing technique offers multiple advantages for the user through different distribution designs like hybrid cloud,public cloud,community cloud and private cloud.Though cloud-based computing solutions are highly con-venient to the users,it also brings a challenge i.e.,security of the data shared.Hence,in current research paper,blockchain with data integrity authentication technique is developed for an efficient and secure operation with user authentica-tion process.Blockchain technology is utilized in this study to enable efficient and secure operation which not only empowers cloud security but also avoids threats and attacks.Additionally,the data integrity authentication technique is also uti-lized to limit the unwanted access of data in cloud storage unit.The major objec-tive of the projected technique is to empower data security and user authentication in cloud computing environment.To improve the proposed authentication pro-cess,cuckoofilter and Merkle Hash Tree(MHT)are utilized.The proposed meth-odology was validated using few performance metrics such as processing time,uploading time,downloading time,authentication time,consensus time,waiting time,initialization time,in addition to storage overhead.The proposed method was compared with conventional cloud security techniques and the outcomes establish the supremacy of the proposed method.
基金thankful to the Dean of Scientific Research at Najran University for funding this work under the Research Groups Funding Program,Grant Code(NU/RG/SERC/12/6).
文摘Data protection in databases is critical for any organization,as unauthorized access or manipulation can have severe negative consequences.Intrusion detection systems are essential for keeping databases secure.Advancements in technology will lead to significant changes in the medical field,improving healthcare services through real-time information sharing.However,reliability and consistency still need to be solved.Safeguards against cyber-attacks are necessary due to the risk of unauthorized access to sensitive information and potential data corruption.Dis-ruptions to data items can propagate throughout the database,making it crucial to reverse fraudulent transactions without delay,especially in the healthcare industry,where real-time data access is vital.This research presents a role-based access control architecture for an anomaly detection technique.Additionally,the Structured Query Language(SQL)queries are stored in a new data structure called Pentaplet.These pentaplets allow us to maintain the correlation between SQL statements within the same transaction by employing the transaction-log entry information,thereby increasing detection accuracy,particularly for individuals within the company exhibiting unusual behavior.To identify anomalous queries,this system employs a supervised machine learning technique called Support Vector Machine(SVM).According to experimental findings,the proposed model performed well in terms of detection accuracy,achieving 99.92%through SVM with One Hot Encoding and Principal Component Analysis(PCA).
基金supported by the Sharing and Diffusion of National R&D Outcome funded by the Korea Institute of Science and Technology Information
文摘Since a sensor node handles wireless communication in data transmission and reception and is installed in poor environment, it is easily exposed to certain attacks such as data transformation and sniffing. Therefore, it is necessary to verify data integrity to properly respond to an adversary's ill-intentioned data modification. In sensor network environment, the data integrity verification method verifies the final data only, requesting multiple communications. An energy-efficient private information retrieval(PIR)-based data integrity verification method is proposed. Because the proposed method verifies the integrity of data between parent and child nodes, it is more efficient than the existing method which verifies data integrity after receiving data from the entire network or in a cluster. Since the number of messages for verification is reduced, in addition, energy could be used more efficiently. Lastly, the excellence of the proposed method is verified through performance evaluation.
基金National Natural Science Foundation of China(No.62172308,U1626107,61972297,62172144)。
文摘Cyber-physical systems(CPS)have been widely deployed in critical infrastructures and are vulnerable to various attacks.Data integrity attacks manipulate sensor measurements and cause control systems to fail,which are one of the prominent threats to CPS.Anomaly detection methods are proposed to secure CPS.However,existing anomaly detection studies usually require expert knowledge(e.g.,system model-based)or are lack of interpretability(e.g.,deep learning-based).In this paper,we present DEEPNOISE,a deep learning-based anomaly detection method for CPS with interpretability.Specifically,we utilize the sensor and process noise to detect data integrity attacks.Such noise represents the intrinsic characteristics of physical devices and the production process in CPS.One key enabler is that we use a robust deep autoencoder to automatically extract the noise from measurement data.Further,an LSTM-based detector is designed to inspect the obtained noise and detect anomalies.Data integrity attacks change noise patterns and thus are identified as the root cause of anomalies by DEEPNOISE.Evaluated on the SWaT testbed,DEEPNOISE achieves higher accuracy and recall compared with state-of-the-art model-based and deep learningbased methods.On average,when detecting direct attacks,the precision is 95.47%,the recall is 96.58%,and F_(1) is 95.98%.When detecting stealthy attacks,precision,recall,and F_(1) scores are between 96% and 99.5%.
文摘Data outsourcing through cloud storage enables the users to share on-demand resources with cost effective IT services but several security issues arise like confidentiality, integrity and authentication. Each of them plays an important role in the successful achievement of the other. In cloud computing data integrity assurance is one of the major challenges because the user has no control over the security mechanism to protect the data. Data integrity insures that data received are the same as data stored. It is a result of data security but data integrity refers to validity and accuracy of data rather than protect the data. Data security refers to protection of data against unauthorized access, modification or corruption and it is necessary to ensure data integrity. This paper proposed a new approach using Matrix Dialing Method in block level to enhance the performance of both data integrity and data security without using Third Party Auditor (TPA). In this approach, the data are partitioned into number of blocks and each block converted into a square matrix. Determinant factor of each matrix is generated dynamically to ensure data integrity. This model also implements a combination of AES algorithm and SHA-1 algorithm for digital signature generation. Data coloring on digital signature is applied to ensure data security with better performance. The performance analysis using cloud simulator shows that the proposed scheme is highly efficient and secure as it overcomes the limitations of previous approaches of data security using encryption and decryption algorithms and data integrity assurance using TPA due to server computation time and accuracy.
文摘Cloud computing has emerged as a viable alternative to traditional computing infrastructures,offering various benefits.However,the adoption of cloud storage poses significant risks to data secrecy and integrity.This article presents an effective mechanism to preserve the secrecy and integrity of data stored on the public cloud by leveraging blockchain technology,smart contracts,and cryptographic primitives.The proposed approach utilizes a Solidity-based smart contract as an auditor for maintaining and verifying the integrity of outsourced data.To preserve data secrecy,symmetric encryption systems are employed to encrypt user data before outsourcing it.An extensive performance analysis is conducted to illustrate the efficiency of the proposed mechanism.Additionally,a rigorous assessment is conducted to ensure that the developed smart contract is free from vulnerabilities and to measure its associated running costs.The security analysis of the proposed system confirms that our approach can securely maintain the confidentiality and integrity of cloud storage,even in the presence of malicious entities.The proposed mechanism contributes to enhancing data security in cloud computing environments and can be used as a foundation for developing more secure cloud storage systems.
基金This research was supported by the Qinghai Provincial High-End Innovative and Entrepreneurial Talents Project.
文摘Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when users perform file operations,the semantic integrity of the data can be compromised.Ensuring both data integrity and semantic correctness has become a critical issue that requires attention.We introduce a pioneering solution called Sec-Auditor,the first of its kind with the ability to verify data integrity and semantic correctness simultaneously,while maintaining a constant communication cost independent of the audited data volume.Sec-Auditor also supports public auditing,enabling anyone with access to public information to conduct data audits.This feature makes Sec-Auditor highly adaptable to open data environments,such as the cloud.In Sec-Auditor,users are assigned specific rules that are utilized to verify the accuracy of data semantic.Furthermore,users are given the flexibility to update their own rules as needed.We conduct in-depth analyses of the correctness and security of Sec-Auditor.We also compare several important security attributes with existing schemes,demonstrating the superior properties of Sec-Auditor.Evaluation results demonstrate that even for time-consuming file upload operations,our solution is more efficient than the comparison one.
基金sponsored by the National Natural Science Foundation of China under grant number No. 62172353, No. 62302114, No. U20B2046 and No. 62172115Innovation Fund Program of the Engineering Research Center for Integration and Application of Digital Learning Technology of Ministry of Education No.1331007 and No. 1311022+1 种基金Natural Science Foundation of the Jiangsu Higher Education Institutions Grant No. 17KJB520044Six Talent Peaks Project in Jiangsu Province No.XYDXX-108
文摘With the rapid development of information technology,IoT devices play a huge role in physiological health data detection.The exponential growth of medical data requires us to reasonably allocate storage space for cloud servers and edge nodes.The storage capacity of edge nodes close to users is limited.We should store hotspot data in edge nodes as much as possible,so as to ensure response timeliness and access hit rate;However,the current scheme cannot guarantee that every sub-message in a complete data stored by the edge node meets the requirements of hot data;How to complete the detection and deletion of redundant data in edge nodes under the premise of protecting user privacy and data dynamic integrity has become a challenging problem.Our paper proposes a redundant data detection method that meets the privacy protection requirements.By scanning the cipher text,it is determined whether each sub-message of the data in the edge node meets the requirements of the hot data.It has the same effect as zero-knowledge proof,and it will not reveal the privacy of users.In addition,for redundant sub-data that does not meet the requirements of hot data,our paper proposes a redundant data deletion scheme that meets the dynamic integrity of the data.We use Content Extraction Signature(CES)to generate the remaining hot data signature after the redundant data is deleted.The feasibility of the scheme is proved through safety analysis and efficiency analysis.
基金funding within the Wheat BigData Project(German Federal Ministry of Food and Agriculture,FKZ2818408B18)。
文摘Genome-wide association mapping studies(GWAS)based on Big Data are a potential approach to improve marker-assisted selection in plant breeding.The number of available phenotypic and genomic data sets in which medium-sized populations of several hundred individuals have been studied is rapidly increasing.Combining these data and using them in GWAS could increase both the power of QTL discovery and the accuracy of estimation of underlying genetic effects,but is hindered by data heterogeneity and lack of interoperability.In this study,we used genomic and phenotypic data sets,focusing on Central European winter wheat populations evaluated for heading date.We explored strategies for integrating these data and subsequently the resulting potential for GWAS.Establishing interoperability between data sets was greatly aided by some overlapping genotypes and a linear relationship between the different phenotyping protocols,resulting in high quality integrated phenotypic data.In this context,genomic prediction proved to be a suitable tool to study relevance of interactions between genotypes and experimental series,which was low in our case.Contrary to expectations,fewer associations between markers and traits were found in the larger combined data than in the individual experimental series.However,the predictive power based on the marker-trait associations of the integrated data set was higher across data sets.Therefore,the results show that the integration of medium-sized to Big Data is an approach to increase the power to detect QTL in GWAS.The results encourage further efforts to standardize and share data in the plant breeding community.
基金supported by the National Natural Science Foundation of China (No.32070656)the Nanjing University Deng Feng Scholars Program+1 种基金the Priority Academic Program Development (PAPD) of Jiangsu Higher Education Institutions,China Postdoctoral Science Foundation funded project (No.2022M711563)Jiangsu Funding Program for Excellent Postdoctoral Talent (No.2022ZB50)
文摘Plant morphogenesis relies on precise gene expression programs at the proper time and position which is orchestrated by transcription factors(TFs)in intricate regulatory networks in a cell-type specific manner.Here we introduced a comprehensive single-cell transcriptomic atlas of Arabidopsis seedlings.This atlas is the result of meticulous integration of 63 previously published scRNA-seq datasets,addressing batch effects and conserving biological variance.This integration spans a broad spectrum of tissues,including both below-and above-ground parts.Utilizing a rigorous approach for cell type annotation,we identified 47 distinct cell types or states,largely expanding our current view of plant cell compositions.We systematically constructed cell-type specific gene regulatory networks and uncovered key regulators that act in a coordinated manner to control cell-type specific gene expression.Taken together,our study not only offers extensive plant cell atlas exploration that serves as a valuable resource,but also provides molecular insights into gene-regulatory programs that varies from different cell types.
基金This work was supported by the National Natural Science Foundation of China(U2133208,U20A20161).
文摘With the popularization of the Internet and the development of technology,cyber threats are increasing day by day.Threats such as malware,hacking,and data breaches have had a serious impact on cybersecurity.The network security environment in the era of big data presents the characteristics of large amounts of data,high diversity,and high real-time requirements.Traditional security defense methods and tools have been unable to cope with the complex and changing network security threats.This paper proposes a machine-learning security defense algorithm based on metadata association features.Emphasize control over unauthorized users through privacy,integrity,and availability.The user model is established and the mapping between the user model and the metadata of the data source is generated.By analyzing the user model and its corresponding mapping relationship,the query of the user model can be decomposed into the query of various heterogeneous data sources,and the integration of heterogeneous data sources based on the metadata association characteristics can be realized.Define and classify customer information,automatically identify and perceive sensitive data,build a behavior audit and analysis platform,analyze user behavior trajectories,and complete the construction of a machine learning customer information security defense system.The experimental results show that when the data volume is 5×103 bit,the data storage integrity of the proposed method is 92%.The data accuracy is 98%,and the success rate of data intrusion is only 2.6%.It can be concluded that the data storage method in this paper is safe,the data accuracy is always at a high level,and the data disaster recovery performance is good.This method can effectively resist data intrusion and has high air traffic control security.It can not only detect all viruses in user data storage,but also realize integrated virus processing,and further optimize the security defense effect of user big data.
基金supported in part by the MOST Major Research and Development Project(Grant No.2021YFB2900204)the National Natural Science Foundation of China(NSFC)(Grant No.62201123,No.62132004,No.61971102)+3 种基金China Postdoctoral Science Foundation(Grant No.2022TQ0056)in part by the financial support of the Sichuan Science and Technology Program(Grant No.2022YFH0022)Sichuan Major R&D Project(Grant No.22QYCX0168)the Municipal Government of Quzhou(Grant No.2022D031)。
文摘Integrated data and energy transfer(IDET)enables the electromagnetic waves to transmit wireless energy at the same time of data delivery for lowpower devices.In this paper,an energy harvesting modulation(EHM)assisted multi-user IDET system is studied,where all the received signals at the users are exploited for energy harvesting without the degradation of wireless data transfer(WDT)performance.The joint IDET performance is then analysed theoretically by conceiving a practical time-dependent wireless channel.With the aid of the AO based algorithm,the average effective data rate among users are maximized by ensuring the BER and the wireless energy transfer(WET)performance.Simulation results validate and evaluate the IDET performance of the EHM assisted system,which also demonstrates that the optimal number of user clusters and IDET time slots should be allocated,in order to improve the WET and WDT performance.
文摘Building model data organization is often programmed to solve a specific problem,resulting in the inability to organize indoor and outdoor 3D scenes in an integrated manner.In this paper,existing building spatial data models are studied,and the characteristics of building information modeling standards(IFC),city geographic modeling language(CityGML),indoor modeling language(IndoorGML),and other models are compared and analyzed.CityGML and IndoorGML models face challenges in satisfying diverse application scenarios and requirements due to limitations in their expression capabilities.It is proposed to combine the semantic information of the model objects to effectively partition and organize the indoor and outdoor spatial 3D model data and to construct the indoor and outdoor data organization mechanism of“chunk-layer-subobject-entrances-area-detail object.”This method is verified by proposing a 3D data organization method for indoor and outdoor space and constructing a 3D visualization system based on it.
基金the National Natural Science Foundation of China,the National Basic Research Program of China ("973" Program) the National High Technology Research and Development Program of China ("863" Program)
文摘Cloud computing and storage services allow clients to move their data center and applications to centralized large data centers and thus avoid the burden of local data storage and maintenance.However,this poses new challenges related to creating secure and reliable data storage over unreliable service providers.In this study,we address the problem of ensuring the integrity of data storage in cloud computing.In particular,we consider methods for reducing the burden of generating a constant amount of metadata at the client side.By exploiting some good attributes of the bilinear group,we can devise a simple and efficient audit service for public verification of untrusted and outsourced storage,which can be important for achieving widespread deployment of cloud computing.Whereas many prior studies on ensuring remote data integrity did not consider the burden of generating verification metadata at the client side,the objective of this study is to resolve this issue.Moreover,our scheme also supports data dynamics and public verifiability.Extensive security and performance analysis shows that the proposed scheme is highly efficient and provably secure.
基金Supported by the Applied Basic and Advanced Technology Research Programs of Tianjin(15JCYBJC15900)the National Natural Science Foundation of China(51378350)
文摘Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.
基金The work is supported by the National Key Research and Development Program of China(No.2018YFC1604002)the National Natural Science Foundation of China(No.U1836204,No.U1936208,No.U1936216,No.62002197).
文摘Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data security threats,even more complex.When a user quit its group,remaining data block signatures must be re-signed to ensure security.Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side.However,considering the privacy and security need of group auditing,there still lacks a comprehensive solution to implement secure group user revocation,supporting identity privacy preserving and collusion attack resistance.Aiming at this target,we construct a concrete scheme based on ring signature and smart contracts.We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification.And the new meta data supports secure revocation.Meanwhile,smart contracts are using for resisting possible collusion attack and malicious re-signing computation.Under the combined effectiveness of both signature method and blockchain smart contracts,our proposal supports reliable user revocation and signature re-signing,without revealing any user identity in the whole process.Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.
基金supported by Program for Scientific Research Foundation for Talented Scholars of Jinling Institute of Technology(No.JIT-B-202031)H.Yan received it and the URLs is www.jit.edu.cn.H.Yan also received the Opening Foundation of Fujian Provincial Key Laboratory of Network Security and Cryptology Research Fund of Fujian Normal University(NSCL-KF2021-02)and the URLs is www.fjnu.edu.cn.Y.Liu received the funding of the National Natural Science Foundation of China(No.61902163,)the URLs is www.nsfc.gov.cn.S.Hu received the funding of the Science and Technology Project of Education Department in Jiangxi Province(No.GJJ201402)and the URLs is www.gnnu.cn.
文摘With the rapidly developing of Internet of Things (IoT), the volume ofdata generated by IoT systems is increasing quickly. To release the pressure ofdata management and storage, more and more enterprises and individuals preferto integrate cloud service with IoT systems, in which the IoT data can be outsourced to cloud server. Since cloud service provider (CSP) is not fully trusted,a variety of methods have been proposed to deal with the problem of data integritychecking. In traditional data integrity audition schemes, the task of data auditing isusually performed by Third Party Auditor (TPA) which is assumed to be trustful.However, in real-life TPA is not trusted as people thought. Therefore, theseschemes suffer from the underlying problem of single-point failure. Moreover,most of the traditional schemes are designed by RSA or bilinear map techniqueswhich consume heavy computation and communication cost. To overcome theseshortcomings, we propose a novel data integrity checking scheme for cloud-IoTdata based on blockchain technique and homomorphic hash. In our scheme, thetags of all data blocks are computed by a homomorphic hash function and storedin blockchain. Moreover, each step within the process of data integrity checking issigned by the performer, and the signatures are stored in blockchain through smartcontracts. As a result, each behavior for data integrity checking in our scheme canbe traced and audited which improves the security of the scheme greatly. Furthermore, batch-audition for multiple data challenges is also supported in our scheme.We formalize the system model of our scheme and give the concrete construction.Detailed performance analyses demonstrate that our proposed scheme is efficientand practical without the trust-assumption of TPA.
文摘Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checking based on Intel Processor Trace(Intel PT),the instruction tracing facility on x86 processors.We incorporate software instrumentation and hardware instruction tracing to guarantee fine-grained data integrity without frequently switching the processor mode.We incorporate the idea in a system named DTrace which provides primitives to instruct Intel PT to capture the data load and store events,even current Intel PT implementations only record control transfers.The trace is analyzed before the program makes security-sensitive operations.We apply DTrace in several case studies to show that the primitives that DTrace provides are easy to use and help to enhance data integrity in applications.We further evaluate DTrace with several microbenchmarks to show the time cost that DTrace’s data tracing operation incurs.We also evaluate DTrace on Nginx to show the performance impact when Nginx is enhanced in security to provide the integrity during the runtime execution for programmer-defined security sensitive data.We find the performance overhead that DTrace incurs for the data tracing is moderate.
基金supported in part by National Key Research and Development Program of Chinaa research grant from Huawei Technologies,Inc.
文摘Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checking based on Intel Processor Trace(Intel PT),the instruction tracing facility on x86 processors.We incorporate software instrumentation and hardware instruction tracing to guarantee fine-grained data integrity without frequently switching the processor mode.We incorporate the idea in a system named DTrace which provides primitives to instruct Intel PT to capture the data load and store events,even current Intel PT implementations only record control transfers.The trace is analyzed before the program makes security-sensitive operations.We apply DTrace in several case studies to show that the primitives that DTrace provides are easy to use and help to enhance data integrity in applications.We further evaluate DTrace with several microbenchmarks to show the time cost that DTrace’s data tracing operation incurs.We also evaluate DTrace on Nginx to show the performance impact when Nginx is enhanced in security to provide the integrity during the runtime execution for programmer-defined security sensitive data.We find the performance overhead that DTrace incurs for the data tracing is moderate.