A distributed authentication and authorization scheme for in-network big data sharing

Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking （ICN） is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography （IBC） to propose a Distributed Authentication and Authorization Scheme （DAAS）, where an identity-based signature （IBS） is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption （CP-ABE） is used to enable the distributed and fine-grained authorization. DAAS consists of three phases： initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest （NOAM） dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest （AM） distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.

A Secure Visual Secret Sharing Scheme with Authentication Based on QR Code

With the rise of the Internet of Things(IoT),various devices in life and industry are closely linked.Because of its high payload,stable error correction capability,and convenience in reading and writing,Quick Response(QR)code has been widely researched in IoT.However,the security of privacy data in IoT is also a very important issue.At the same time,because IoT is developing towards low-power devices in order to be applied to more fields,the technology protecting the security of private needs to have the characteristics of low computational complexity.Visual Secret Sharing(VSS),with its features of safety and low computational cost,can fully meet the requirements of communication security in IoT.Therefore,a VSS scheme with QR code(VSS-QR)was proposed and has been applied to some extent.In VSS-QR,the secret is shared into a series of shares.These shares are usually common QR codes,which cannot cause the attention of the attacker.However,if there is dishonesty among participants,the secret cannot be recovered,which will lead to VSS-QR cannot be widely used due to its inadequate security.In this paper,we propose a visual secret sharing scheme with authentication based on QR code(VSSA-QR).Both the reconstructed secret QR code and shares can be verified whether they are forged by attackers.The above-mentioned operations conveniently are performed on low-power QR scanning devices.Not only does the proposed scheme prevent some dishonest participants or attackers from cheating,but also prevent all participants from conspiring.In addition,the payload is the QR code itself,which is higher than other schemes.Theoretical analysis and experiments prove that the proposed scheme is effective.

Authentication Mechanism for Secret Sharing Using Boolean Operation

A lossless image secret sharing using a simple Boolean operation is proposed. The concept of visual cryptography in the secret sharing scheme is used to redesign a lossless secret sharing scheme. To ensure that the reconstructed image is the true secret image, an authentication mechanism is imported into the proposed scheme to verify whether the shadows are authentic before reconstructing the secret image. The proposed scheme delivers much more effective performance than Chen and Wu＇s scheme.

Blockchain-Based Secure Authentication Scheme for Medical Data Sharing

Data security is vital for medical cyber physical system (MCPS). The decentralization feature of blockchain is helpful to solve the problem that the secure authentication process is highly dependent on the trusted third party and implement data security transmission. In this paper, the blockchain technology is used to describe the security requirements in authentication process. A network model of MCPS based on blockchain is proposed. Through analysis of medical data storage architecture, data was ensured not to be tampered and trackable. The security threat was eliminated by bilinear mapping in the authentication process of medical data providers and users. The credibility problem of the trusted third party was avoided and the two-way authentication was realized between the hospital and blockchain node. The security analysis and performance test were carried out to verify the security and related performance of the authentication protocol. The results show that the MCPS based on blockchain realizes medical treatment data sharing, and meets safety requirements in the security authentication phase.

Blockchain-Based Secured IPFS-Enable Event Storage Technique With Authentication Protocol in VANET

In recent decades,intelligent transportation systems(ITS)have improved drivers’safety and have shared information(such as traffic congestion and accidents)in a very efficient way.However,the privacy of vehicles and the security of event information is a major concern.The problem of secure sharing of event information without compromising the trusted third party(TTP)and data storage is the main issue in ITS.Blockchain technologies can resolve this problem.A work has been published on blockchain-based protocol for secure sharing of events and authentication of vehicles.This protocol addresses the issue of the safe storing of event information.However,authentication of vehicles solely depends on the cloud server.As a result,their scheme utilizes the notion of partially decentralized architecture.This paper proposes a novel decentralized architecture for the vehicular ad-hoc network(VANET)without the cloud server.This work also presents a protocol for securing event information and vehicle authentication using the blockchain mechanism.In this protocol,the registered user accesses the event information securely from the interplanetary file system(IPFS).We incorporate the IPFS,along with blockchain,to store the information in a fully distributed manner.The proposed protocol is compared with the state-of-the-art.The comparison provides desirable security at a reasonable cost.The evaluation of the proposed smart contract in terms of cost(GAS)is also discussed.

Fine-Grained and Fair Identity Authentication Scheme for Mobile Networks Based on Blockchain

With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional centralized authentication scheme,identity information such as the user's private key is generated,stored,and managed by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair identity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret sharing(SUSS),which allows users to update the trapdoor and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bitcoin,the redactable blockchain in our identity authentication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.

Bipartite Threshold Multi-Secret Sharing Scheme Based on Hypersphere

To address the problem that existing bipartite secret sharing scheme is short of dynamic characteristic, and to solve the problem that each participant can only use secret share once, this paper proposed a bipartite (n1+n2, m1+m2)-threshold multi-secret sharing scheme which combined cryptography and hypersphere geometry. In this scheme, we introduced a bivariate function and a coordinate function over finite field Zp to calculate the derived points of secret share, which can reconstruct the shared secrets by producing the intersection point of hypernormal plane and normal line on the hypertangent plane. At the initial stage the secret dealer distributes to each participant a secret share that can be kept secret based on the intractability of discrete logarithm problem and need not be changed with updating the shared secrets.Each cooperative participant only needs to submit a derived point calculated from the secret share without exposing this secret share during the process of reconstructing the shared secret. Analyses indicate that the proposed scheme is not only sound and secure because of hypersphere geometric properties and the difficulty of discrete logarithm problem, but also efficient because of its well dynamic behavior and the invariant secret share. Therefore, this bipartite threshold multi-secret sharing scheme is easy to implement and is applicable in practical settings.

A Verifiable Multi-Secret Sharing Scheme Based on Hermite Interpolation

A threshold scheme, which is introduced by Shamir in 1979, is very famous as a secret sharing scheme. We can consider that this scheme is based on Lagrange＇s interpolation formula. A secret sharing scheme has one key. On the other hand, a multi-secret sharing scheme has more than one key, that is, a multi-secret sharing scheme has p （〉_ 2） keys. Dealer distribute shares of keys among n participants. Gathering t （〈 n） participants, keys can be reconstructed. Yang et al. （2004） gave a scheme of a （t, n） multi-secret sharing based on Lagrange＇s interpolation. Zhao et al. （2007） gave a scheme of a （t, n） verifiable multi-secret sharing based on Lagrange＇s interpolation. Recently, Adachi and Okazaki give a scheme of a （t, n） multi-secret sharing based on Hermite interpolation, in the case ofp 〈 t. In this paper, we give a scheme ofa （t, n） verifiable multi-secret sharing based on Hermite interpolation.

知识分享社区中的社交互动对用户隐私信息披露的影响

研究围绕用户隐私披露意愿和披露水平,探索了知识分享社区中的社交互动行为对用户隐私信息披露的影响机制。基于刺激-有机体-反应(Stimulus-Organism-Response,S-O-R)理论研究用户社交互动中的外界刺激如何影响隐私信息披露者的内在状态,进而影响其隐私信息披露意愿。采用问卷调查收集数据,验证提出模型及假设,并借助知识分享社区中的用户行为数据探究用户间的社交互动对其信息披露水平的影响。结果表明,社交互动对用户的自我效能、用户间信任和社会认同均产生显著促进作用,进而影响用户的隐私信息披露意愿。社交互动在一定程度上影响用户的信息披露水平,且账户信息认证起到一定的正向调节作用。研究结论能够为促进知识分享社区中用户信息的合理披露行为提供建议。

FDSN服务鉴权的设计与实现

随着地震学研究的不断深入及数据共享需求的持续增长,国际数字地震台网联盟(FDSN)标准的Web服务接口在地震数据中心的应用日益普及。采用HTTP摘要认证鉴权模式,通过优化FDSN相关源码,设计实现鉴权模块并进行验证。结果表明,该模式可以达到地震波形数据获取的访问控制,对于提升地震数据安全访问具有重要意义。

真实型领导如何影响教师知识共享——基于自我决定理论的实证分析

教师知识共享不仅能够帮助教师形成互惠发展的合力,而且有助于提升学校公共知识的质量,最终惠及学生。如何促进教师的知识共享是现代学校管理的一大难题。从自我决定理论的视角出发,采用量化研究方法,对真实型领导如何影响教师知识共享进行研究,结果表明:校长真实型领导对教师知识共享行为具有正向预测作用;内部人身份感知和社会情感能力在校长真实型领导与教师知识共享之间发挥着单独中介作用;内部人身份感知和社会情感能力在校长真实型领导与教师知识共享之间发挥着链式中介作用;教师工作自主能够正向调节链式中介机制的后半段,即教师感知工作自主性越高,其社会情感能力对知识共享的正向预测作用越强烈。因此,需要从提高校长真实型领导水平,激发教师知识共享;培养内部人身份感,提升社会情感能力;构建增权赋能机制,重视教师工作自主等方面促进学校管理变革。

抵抗不诚实参与者欺骗攻击的可验证渐进式秘密图像分享

当前渐进式秘密图像分享方案中并没有考虑不诚实参与者的作弊攻击,这使得不诚实的参与者可以利用虚假阴影图像进行欺骗攻击.为了防止后续渐进式重建失败,本文通过将像素的位平面划分为两部分,并使用拉格朗日插值算法以及视觉密码学方案来解决这个问题.通过伪随机数来确定像素位平面的滑动窗口,并通过筛选操作将认证信息嵌入到该滑动窗口中来实现认证能力.除此之外,不同的位平面划分策略可以产生不同的渐进式重建效果,可以实现更加灵活的渐进式重建.理论分析和实验结果表明方案的有效性.

基于区块链的区域医疗主数据平台设计

目的:解决区域医疗机构在基础数据和标准字典交互与整合过程中带来的问题。方法:基于区块链的身份鉴权和数据共享机制实现基础数据和标准字典交互,合理阐述主数据平台在区域医疗管理中的运行机制。结果:实现了基于区块链的区域医疗主数据平台设计,消除了不同医疗机构间基础数据和标准字典的差异性。结论:基于区块链的区域医疗主数据平台可实现区域内资源共享、资源整合和资源分配。

基于格的最优轮数口令认证秘密共享协议

口令认证秘密共享将口令认证和秘密共享相结合,是一个贴合实际用户需求的分布式方案。该协议允许一个用户在多个服务器间共享秘密,并且只需要记忆一个简短口令即可在后续同时完成身份验证以及秘密恢复。协议安全性保证只要敌手控制的服务器不超过阈值,敌手就不能从协议中窃取任何有关口令和秘密的信息。口令认证秘密共享方案最初基于离散对数及其变体的假设,不能抵抗量子攻击,因此找到量子安全的构造成为亟需解决的问题。ROY等人提出一种恶意安全且量子安全的构造,但其通信轮数并非最优,在有恶意敌手干扰的情况下,轮数甚至不再是常数。针对轮数优化问题,文章利用可验证不经意伪随机函数原语,给出了基于格的最优轮数的量子安全构造并严格证明了其安全性。此外,协议保证多数诚实服务器场景时,诚实用户一定能在最优轮数内成功恢复正确的秘密,具有很强的鲁棒性。

A Cloud-Fog Enabled and Privacy-Preserving IoT Data Market Platform Based on Blockchain

The dynamic landscape of the Internet of Things(IoT)is set to revolutionize the pace of interaction among entities,ushering in a proliferation of applications characterized by heightened quality and diversity.Among the pivotal applications within the realm of IoT,as a significant example,the Smart Grid(SG)evolves into intricate networks of energy deployment marked by data integration.This evolution concurrently entails data interchange with other IoT entities.However,there are also several challenges including data-sharing overheads and the intricate establishment of trusted centers in the IoT ecosystem.In this paper,we introduce a hierarchical secure data-sharing platform empowered by cloud-fog integration.Furthermore,we propose a novel non-interactive zero-knowledge proof-based group authentication and key agreement protocol that supports one-to-many sharing sets of IoT data,especially SG data.The security formal verification tool shows that the proposed scheme can achieve mutual authentication and secure data sharing while protecting the privacy of data providers.Compared with previous IoT data sharing schemes,the proposed scheme has advantages in both computational and transmission efficiency,and has more superiority with the increasing volume of shared data or increasing number of participants.

Public key based bidirectional shadow image authentication without pixel expansion in image secret sharing

Image secret sharing(ISS)is gaining popularity due to the importance of digital images and its wide application to cloud-based distributed storage and multiparty secure computing.Shadow image authentication generally includes shadow image detection and identification,and plays an important role in ISS.However,traditional dealer-participatory methods,which suffer from significant pixel expansion or storing auxiliary information,authenticate the shadow image mainly during the decoding phase,also known as unidirectional authentication.The authentication of the shadow image in the distributing(encoding)phase is also important for the participant.In this study,we introduce a public key based bidirectional shadow image authentication method in ISS without pixel expansion for a(k,n)threshold.When the dealer distributes each shadow image to a corresponding participant,the participant can authenticate the received shadow image with his/her private key.In the decoding phase,the dealer can authenticate each received shadow image with a secret key;in addition,the dealer can losslessly decode the secret image with any k or more shadow images.The proposed method is validated using theoretical analyses,illustrations,and comparisons.

结合区块链的车联网可信认证与激励机制综述

随着车联网数据共享需求的日益增长,安全可靠的身份认证协议与科学合理的激励机制成为保障车联网络稳定运行的首要条件。区块链作为去中心化的分布式账本为车联网提供了技术完善的数据共享平台,结合区块链技术的车联网成为切实可行的数据共享新思路。该研究总结车联网需求,梳理分析基于区块链的车联网架构并将其分为云端层、机制层与边缘层。对相关文献进行归纳总结,分析现有基于区块链的车联网中认证协议与激励机制存在的问题,对其相应的解决方案进行分类比较。从分布式与集中式两种认证架构总结分析现有的可信认证机制的工作流程与实现方案,梳理现有的激励机制工作并将其归纳为基于价值的激励机制、基于信任的激励机制与基于个体决策的激励机制。从隐私保护与典型攻击两方面总结可信认证与激励机制的现存问题与解决方法,在数据共享、多车辆协同与结合6G技术方面对基于区块链的车联网的未来研究方向作出展望。

寻求者注视方向及面部表情对建议者建议提出的影响

基于共享信号假说,本研究关注建议寻求者的注视方向和表情对建议提出的影响及机制。结果发现:(1)微笑条件下,建议者对于寻求者的斜视或正视面孔的建议倾向没有显著差异;相较于正视悲伤的面孔,面对寻求者斜视悲伤的面孔,建议者更倾向于提出建议。(2)建议提出者感知到的真实性和其状态性亲社会动机在其中起到中介作用。结果证实了特定注视方向和表情的不同组合对建议提出的不同影响,对建议行为研究具有重要意义。

基于PKG信任网关的信息共享密钥安全性检测

入侵行为种类的不断增加对网络安全造成了严重威胁,故在建立PKG信任网关模型后,针对信息共享密钥提出了一种安全性检测方法。对数据做预处理操作后,分析了两种不同入网方式下,PKG信任网关对节点的认证方式,节点只有在通过认证后才能入网。PKG信任网关与新入网的节点之间通过密钥链发送共享密钥和校验值,通过比对校验值判断共享密钥是否被篡改或攻击,校验值不同说明共享密钥被攻击,需要向PKG信任网关汇报被攻击的密钥;校验值相同说明共享密钥没有被攻击,可以解密后获得会话密钥。根据相关实验可知,所提方法可针对不同种类入侵行为实现精准检测,同时保证最高的检测效率和最低的误检率。

Protected Fair Secret Sharing Based Bivariate Asymmetric Polynomials in Satellite Network

Verifiable secret sharing mainly solves the cheating behavior between malicious participants and the ground control center in the satellite network.The verification stage can verify the effectiveness of secret shares issued by the ground control center to each participant and verify the effectiveness of secret shares shown by participants.We use a lot of difficult assumptions based on mathematical problems in the verification stage,such as solving the difficult problem of the discrete logarithm,large integer prime factorization,and so on.Compared with other verifiable secret sharing schemes designed for difficult problems under the same security,the verifiable secret sharing scheme based on the Elliptic Curve Cryptography(ECC)system has the advantages of less computational overhead and shorter key.At present,the binary polynomial is a single secret scheme and cannot provide effective verification.Therefore,based on a Protected Verifiable Synchronous Multi Secret Sharing(PVS-MSS)scheme,this paper is designed based on bivariate asymmetric polynomials.The advanced verifiable attribute is introduced into the Protected Secret Sharing(PSS)scheme.This paper extends the protected synchronous multi-secret sharing scheme based on bivariate polynomial design.The ECC system constructs the security channel between the ground control center and participants and constructs the verification algorithm.Through the verification algorithm,any participant can verify the consistency and effectiveness of the secret shadow and secret share received from other participants or presented by the secret distribution center.Therefore,no additional key agreement protocol is required;participants do not need to negotiate the session key for encryption;the secret share polynomial can generate the session key between participants and speed up the secret reconstruction process.The verification stage has lower computational complexity than the verifiable scheme constructed by Rivest Shamir Adleman (RSA) and other encryption methods. Chinese Remainder Theorem (CRT)is used to update the secret shadow. The secret shadow does not need to beupdated with the change of the scheme shared secret, and the public valueupdate efficiency is higher. Reduce the complexity of sharing secret updatesin a synchronous multi-secret sharing scheme.