The recent and unprecedented surge of public interest in peer-to-peer (P2P) file-sharing systems has led to a variety of interesting research questions. How to minimize threats in such an open community is an impor-ta...The recent and unprecedented surge of public interest in peer-to-peer (P2P) file-sharing systems has led to a variety of interesting research questions. How to minimize threats in such an open community is an impor-tant research topic. Trust models have been widely used in estimating the trustworthiness of peers in P2P file-sharing systems where peers can transact with each other without prior experience. However, current P2P trust models almost take no consideration for the nature of trust, fuzzy, complex and dynamic, which results in low efficiency in resisting the attacks of malicious nodes. In this paper, a new trust model named NatureTrust that can alleviate the shortage brought by the nature of trust is proposed. In order to cope with the fuzzy characteristic of trust, linguistic terms are used to express trust. Additionally, fuzzy inference rules are employed to evaluate trust of each transaction so as to handle the complex characteristic of trust. Fur-thermore, risk factor is deployed into NatureTrust to represent and reason with the dynamic characteristic of trust. Both risk and trust factors are considered in evaluating the trustworthiness of each peer. Experimental results show that the trust model analyzed here thus stands against malicious act effectively.展开更多
Many enterprises and personals are inclining to outsource their data to public clouds, but security and privacy are two critical problems cannot be ignored. The door of cloud provider may be broken, and the data may a...Many enterprises and personals are inclining to outsource their data to public clouds, but security and privacy are two critical problems cannot be ignored. The door of cloud provider may be broken, and the data may also be dug into by providers to find valuable information. In this paper, a secure and efficient storage file (SES FS) system is proposed to distribute files in several clouds and allows users to search the files securely and efficiently. In the proposed system, keywords were transformed into integers and secretly shared in a defined finite field, then the shares were mapped to random numbers in specified random domain in each cloud. Files were encrypted with distinct secret key and scattered within different clouds. Information about keyword/file was secretly shared among cloud providers. Legal users can search in the clouds to find correct encrypted files and reconstruct corresponding secret key. No adversary can find or detect the real file information even they can collude all the servers. Manipulation on shares by one or more clouds can be detected with high probability. The system can also detect malicious servers through introduced virtual points. One interesting property for the scheme is that new keywords can be added easily, which is difficult and usually not efficient for many searchable symmetric encryption systems. Detailed experimental result shows, with tolerable uploading delay, the scheme exhibits excellent performance on data retrieving aspect.展开更多
With the development of information technology,cloud computing technology has brought many conveniences to all aspects of work and life.With the continuous promotion,popularization and vigorous development of e-govern...With the development of information technology,cloud computing technology has brought many conveniences to all aspects of work and life.With the continuous promotion,popularization and vigorous development of e-government and e-commerce,the number of documents in electronic form is getting larger and larger.Electronic document is an indispensable main tool and real record of e-government and business activities.How to scientifically and effectively manage electronic documents?This is an important issue faced by governments and enterprises in improving management efficiency,protecting state secrets or business secrets,and reducing management costs.This paper discusses the application of cloud computing technology in the construction of electronic file management system,proposes an architecture of electronic file management system based on cloud computing,and makes a more detailed discussion on key technologies and implementation.The electronic file management system is built on the cloud architecture to enable users to upload,download,share,set security roles,audit,and retrieve files based on multiple modes.An electronic file management system based on cloud computing can make full use of cloud storage,cloud security,and cloud computing technologies to achieve unified,reliable,and secure management of electronic files.展开更多
An interactive network security measure and a description of its function as well as its principle are presented. Based on the existing security loopholes and bugs in operating systems, this measure focuses on the res...An interactive network security measure and a description of its function as well as its principle are presented. Based on the existing security loopholes and bugs in operating systems, this measure focuses on the restrictive condition of security and the establishment of configuration files. Under the control and administration of the secure management of configuration files, each system module brings much flexibility, adaptability and high-level security. The security detecting and managing software used in UNIX based on this measure has obtained good results, achieving the goal of automatically detecting and handling inner and outer system-violation and system abuse.展开更多
Forefront Server Security Management Console(FSSMC)是Forefront Server Security产品家族的成员之一,它的使用让企业IT部门得以更有效和简便地部署、配置、升级和报告整个企业内部网络中的Forefront Server Security部署。
为解决数据混合存储导致精准查找速度慢、数据未分类分级管理造成安全治理难等问题,构建基于主从多链的数据分类分级访问控制模型,实现数据的分类分级保障与动态安全访问。首先,构建链上链下混合式可信存储模型,以平衡区块链面临的存储...为解决数据混合存储导致精准查找速度慢、数据未分类分级管理造成安全治理难等问题,构建基于主从多链的数据分类分级访问控制模型,实现数据的分类分级保障与动态安全访问。首先,构建链上链下混合式可信存储模型,以平衡区块链面临的存储瓶颈问题;其次,提出主从多链架构,并设计智能合约,将不同隐私程度的数据自动存储于从链;最后,以基于角色的访问控制为基础,构建基于主从多链与策略分级的访问控制(MCLP-RBAC)机制并给出具体访问控制流程设计。在分级访问控制策略下,所提模型的吞吐量稳定在360 TPS(Transactions Per Second)左右。与BC-BLPM方案相比,发送速率与吞吐量之比达到1∶1,具有一定优越性;与无访问策略相比,内存消耗降低35.29%;与传统单链结构相比,内存消耗平均降低52.03%;与数据全部上链的方案相比,平均存储空间缩小36.32%。实验结果表明,所提模型能有效降低存储负担,实现分级安全访问,具有高扩展性,适用于多分类数据的管理。展开更多
Various organizations store data online rather than on physical servers.As the number of user’s data stored in cloud servers increases,the attack rate to access data from cloud servers also increases.Different resear...Various organizations store data online rather than on physical servers.As the number of user’s data stored in cloud servers increases,the attack rate to access data from cloud servers also increases.Different researchers worked on different algorithms to protect cloud data from replay attacks.None of the papers used a technique that simultaneously detects a full-message and partial-message replay attack.This study presents the development of a TKN(Text,Key and Name)cryptographic algorithm aimed at protecting data from replay attacks.The program employs distinct ways to encrypt plain text[P],a user-defined Key[K],and a Secret Code[N].The novelty of the TKN cryptographic algorithm is that the bit value of each text is linked to another value with the help of the proposed algorithm,and the length of the cipher text obtained is twice the length of the original text.In the scenario that an attacker executes a replay attack on the cloud server,engages in cryptanalysis,or manipulates any data,it will result in automated modification of all associated values inside the backend.This mechanism has the benefit of enhancing the detectability of replay attacks.Nevertheless,the attacker cannot access data not included in any of the papers,regardless of how effective the attack strategy is.At the end of paper,the proposed algorithm’s novelty will be compared with different algorithms,and it will be discussed how far the proposed algorithm is better than all other algorithms.展开更多
文摘The recent and unprecedented surge of public interest in peer-to-peer (P2P) file-sharing systems has led to a variety of interesting research questions. How to minimize threats in such an open community is an impor-tant research topic. Trust models have been widely used in estimating the trustworthiness of peers in P2P file-sharing systems where peers can transact with each other without prior experience. However, current P2P trust models almost take no consideration for the nature of trust, fuzzy, complex and dynamic, which results in low efficiency in resisting the attacks of malicious nodes. In this paper, a new trust model named NatureTrust that can alleviate the shortage brought by the nature of trust is proposed. In order to cope with the fuzzy characteristic of trust, linguistic terms are used to express trust. Additionally, fuzzy inference rules are employed to evaluate trust of each transaction so as to handle the complex characteristic of trust. Fur-thermore, risk factor is deployed into NatureTrust to represent and reason with the dynamic characteristic of trust. Both risk and trust factors are considered in evaluating the trustworthiness of each peer. Experimental results show that the trust model analyzed here thus stands against malicious act effectively.
基金Demonstration on the Construction of Guangdong Survey and Geomatics Industry Technology Innovation Alliance (2017B090907030)The Demonstration of Big Data Application for Land Resource Management and Service (2015B010110006)+3 种基金Qiong Huang is supported by Guangdong Natural Science Funds for Distinguished Young Scholar (No. 2014A030306021)Guangdong Program for Special Support of Top-notch Young Professionals (No. 2015TQ01X796)Pearl River Nova Program of Guangzhou (No. 201610010037)and the National Natural Science Foundation of China (Nos. 61472146, 61672242).
文摘Many enterprises and personals are inclining to outsource their data to public clouds, but security and privacy are two critical problems cannot be ignored. The door of cloud provider may be broken, and the data may also be dug into by providers to find valuable information. In this paper, a secure and efficient storage file (SES FS) system is proposed to distribute files in several clouds and allows users to search the files securely and efficiently. In the proposed system, keywords were transformed into integers and secretly shared in a defined finite field, then the shares were mapped to random numbers in specified random domain in each cloud. Files were encrypted with distinct secret key and scattered within different clouds. Information about keyword/file was secretly shared among cloud providers. Legal users can search in the clouds to find correct encrypted files and reconstruct corresponding secret key. No adversary can find or detect the real file information even they can collude all the servers. Manipulation on shares by one or more clouds can be detected with high probability. The system can also detect malicious servers through introduced virtual points. One interesting property for the scheme is that new keywords can be added easily, which is difficult and usually not efficient for many searchable symmetric encryption systems. Detailed experimental result shows, with tolerable uploading delay, the scheme exhibits excellent performance on data retrieving aspect.
基金research Grants from the National Social Science Foundation of China(Grant No.18FTQ005).The author of the grant is Shi Jin.The URL of the sponsor site is http://www.npopss-cn.gov.cn/.
文摘With the development of information technology,cloud computing technology has brought many conveniences to all aspects of work and life.With the continuous promotion,popularization and vigorous development of e-government and e-commerce,the number of documents in electronic form is getting larger and larger.Electronic document is an indispensable main tool and real record of e-government and business activities.How to scientifically and effectively manage electronic documents?This is an important issue faced by governments and enterprises in improving management efficiency,protecting state secrets or business secrets,and reducing management costs.This paper discusses the application of cloud computing technology in the construction of electronic file management system,proposes an architecture of electronic file management system based on cloud computing,and makes a more detailed discussion on key technologies and implementation.The electronic file management system is built on the cloud architecture to enable users to upload,download,share,set security roles,audit,and retrieve files based on multiple modes.An electronic file management system based on cloud computing can make full use of cloud storage,cloud security,and cloud computing technologies to achieve unified,reliable,and secure management of electronic files.
基金Supported by the China Academy of Engineering Physics Fundation (No.20020605)
文摘An interactive network security measure and a description of its function as well as its principle are presented. Based on the existing security loopholes and bugs in operating systems, this measure focuses on the restrictive condition of security and the establishment of configuration files. Under the control and administration of the secure management of configuration files, each system module brings much flexibility, adaptability and high-level security. The security detecting and managing software used in UNIX based on this measure has obtained good results, achieving the goal of automatically detecting and handling inner and outer system-violation and system abuse.
文摘Forefront Server Security Management Console(FSSMC)是Forefront Server Security产品家族的成员之一,它的使用让企业IT部门得以更有效和简便地部署、配置、升级和报告整个企业内部网络中的Forefront Server Security部署。
文摘为解决数据混合存储导致精准查找速度慢、数据未分类分级管理造成安全治理难等问题,构建基于主从多链的数据分类分级访问控制模型,实现数据的分类分级保障与动态安全访问。首先,构建链上链下混合式可信存储模型,以平衡区块链面临的存储瓶颈问题;其次,提出主从多链架构,并设计智能合约,将不同隐私程度的数据自动存储于从链;最后,以基于角色的访问控制为基础,构建基于主从多链与策略分级的访问控制(MCLP-RBAC)机制并给出具体访问控制流程设计。在分级访问控制策略下,所提模型的吞吐量稳定在360 TPS(Transactions Per Second)左右。与BC-BLPM方案相比,发送速率与吞吐量之比达到1∶1,具有一定优越性;与无访问策略相比,内存消耗降低35.29%;与传统单链结构相比,内存消耗平均降低52.03%;与数据全部上链的方案相比,平均存储空间缩小36.32%。实验结果表明,所提模型能有效降低存储负担,实现分级安全访问,具有高扩展性,适用于多分类数据的管理。
基金Deanship of Scientific Research at Majmaah University for supporting this work under Project Number R-2023-811.
文摘Various organizations store data online rather than on physical servers.As the number of user’s data stored in cloud servers increases,the attack rate to access data from cloud servers also increases.Different researchers worked on different algorithms to protect cloud data from replay attacks.None of the papers used a technique that simultaneously detects a full-message and partial-message replay attack.This study presents the development of a TKN(Text,Key and Name)cryptographic algorithm aimed at protecting data from replay attacks.The program employs distinct ways to encrypt plain text[P],a user-defined Key[K],and a Secret Code[N].The novelty of the TKN cryptographic algorithm is that the bit value of each text is linked to another value with the help of the proposed algorithm,and the length of the cipher text obtained is twice the length of the original text.In the scenario that an attacker executes a replay attack on the cloud server,engages in cryptanalysis,or manipulates any data,it will result in automated modification of all associated values inside the backend.This mechanism has the benefit of enhancing the detectability of replay attacks.Nevertheless,the attacker cannot access data not included in any of the papers,regardless of how effective the attack strategy is.At the end of paper,the proposed algorithm’s novelty will be compared with different algorithms,and it will be discussed how far the proposed algorithm is better than all other algorithms.
