Grid security infrastructure (GSI) provides the security in grids by using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using c...Grid security infrastructure (GSI) provides the security in grids by using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using certificate revocation list (CRL) and the other is giving the certificate a short period of validity. However, when a lot of certifications are revoked, CRL will be the burden in the system. If the certificate has a short period of validity, entities should be often updating the certificate. In this paper, we propose a scheme for proxy certificate revocation using hash tree. Our scheme only needs hash value comparisons to achieve the purpose of certificate revocation. Previous two methods have to wait the expiration of the certificate. Therefore, our scheme is more flexible than previous methods.展开更多
Many organizations apply cloud computing to store and effectively process data for various applications.The user uploads the data in the cloud has less security due to the unreliable verification process of data integ...Many organizations apply cloud computing to store and effectively process data for various applications.The user uploads the data in the cloud has less security due to the unreliable verification process of data integrity.In this research,an enhanced Merkle hash tree method of effective authentication model is proposed in the multi-owner cloud to increase the security of the cloud data.Merkle Hash tree applies the leaf nodes with a hash tag and the non-leaf node contains the table of hash information of child to encrypt the large data.Merkle Hash tree provides the efficient mapping of data and easily identifies the changesmade in the data due to proper structure.The developed model supports privacy-preserving public auditing to provide a secure cloud storage system.The data owners upload the data in the cloud and edit the data using the private key.An enhanced Merkle hash tree method stores the data in the cloud server and splits it into batches.The data files requested by the data owner are audit by a third-party auditor and the multiowner authentication method is applied during the modification process to authenticate the user.The result shows that the proposed method reduces the encryption and decryption time for cloud data storage by 2–167 ms when compared to the existing Advanced Encryption Standard and Blowfish.展开更多
The trustworthiness of virtual machines is a big security issue in cloud computing. In this paper, we aimed at designing a practical trustworthiness mechanism in virtual environment. With the assist of a third certifi...The trustworthiness of virtual machines is a big security issue in cloud computing. In this paper, we aimed at designing a practical trustworthiness mechanism in virtual environment. With the assist of a third certificate agent, the cloud user generates a trust base and extends it to its VMs. For each service running on the VM, a hash value is generated from all the necessary modules, and these hash values are organized and maintained with a specially designed hash tree whose root is extended from the user's trust base. Before the VM loads a service, the hash tree is verified from the coordinated hash value to check the trustworthiness of the service.展开更多
在Cross-Product算法的基础上,结合哈希树(HashTree)数据结构,综合二者的优点,提出了一种新的IP分类算法CPHTIT(Cross-Product and HashTree with index table)。仿真结果表明CPHTIT在时间和空间上都达到了高速IP分类的要求,与现有经典...在Cross-Product算法的基础上,结合哈希树(HashTree)数据结构,综合二者的优点,提出了一种新的IP分类算法CPHTIT(Cross-Product and HashTree with index table)。仿真结果表明CPHTIT在时间和空间上都达到了高速IP分类的要求,与现有经典算法Grid of Tries和Modular比较,其综合性能有所改进。展开更多
Recently,bionic signals have been used to achieve covert underwater acoustic communication(UWAC)with high signal-to-noise ratios(SNRs)over transmission systems.A high SNR allows the attackers to proceed with their mis...Recently,bionic signals have been used to achieve covert underwater acoustic communication(UWAC)with high signal-to-noise ratios(SNRs)over transmission systems.A high SNR allows the attackers to proceed with their mischievous goals and makes transmission systems vulnerable against malicious attacks.In this paper we propose an improved Merkle hash tree based secure scheme that can resist current underwater attacks,i.e.,replay attack,fabricated message attack,message-altering attack,and analyst attack.Security analysis is performed to prove that the proposed scheme can resist these types of attacks.Performance evaluations show that the proposed scheme can meet UWAC limitations due to its efficiency regarding energy consumption,communication overhead,and computation cost.展开更多
j-lanes tree hashing is a tree mode that splits an input message into?j?slices, computes?j?independent digests of each slice, and outputs the hash value of their concatenation.?j-pointers tree hashing is a similar tre...j-lanes tree hashing is a tree mode that splits an input message into?j?slices, computes?j?independent digests of each slice, and outputs the hash value of their concatenation.?j-pointers tree hashing is a similar tree mode that receives, as input,?j?pointers to?j?messages (or slices of a single message), computes their digests and outputs the hash value of their concatenation. Such modes expose parallelization opportunities in a hashing process that is otherwise serial by nature. As a result, they have a performance advantage on modern processor architectures. This paper provides precise specifications for these hashing modes, proposes appropriate IVs, and demonstrates their performance on the latest processors. Our hope is that it would be useful for standardization of these modes.展开更多
j-lanes hashing is a tree mode that splits an input message to j slices, computes j independent digests of each slice, and outputs the hash value of their concatenation. We demonstrate the performance advantage of j-l...j-lanes hashing is a tree mode that splits an input message to j slices, computes j independent digests of each slice, and outputs the hash value of their concatenation. We demonstrate the performance advantage of j-lanes hashing on SIMD architectures, by coding a 4-lanes-SHA-256 implementation and measuring its performance on the latest 3rd Generation IntelR CoreTM. For messages whose lengths range from 2 KB to 132 KB, we show that the 4-lanes SHA-256 is between 1.5 to 1.97 times faster than the fastest publicly available implementation that we are aware of, and between ~2 to ~2.5 times faster than the OpenSSL 1.0.1c implementation. For long messages, there is no significant performance difference between different choices of j. We show that the 4-lanes SHA-256 is faster than the two SHA3 finalists (BLAKE and Keccak) that have a published tree mode implementation. Finally, we explain why j-lanes hashing will be faster on the coming AVX2 architecture that facilitates using 256 bits registers. These results suggest that standardizing a tree mode for hash functions (SHA-256 in particular) could be useful for performance hungry applications.展开更多
基金supported by the National Science Council under Grant No. NSC100-2410-H-005-046
文摘Grid security infrastructure (GSI) provides the security in grids by using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using certificate revocation list (CRL) and the other is giving the certificate a short period of validity. However, when a lot of certifications are revoked, CRL will be the burden in the system. If the certificate has a short period of validity, entities should be often updating the certificate. In this paper, we propose a scheme for proxy certificate revocation using hash tree. Our scheme only needs hash value comparisons to achieve the purpose of certificate revocation. Previous two methods have to wait the expiration of the certificate. Therefore, our scheme is more flexible than previous methods.
基金The Universiti Kebangsaan Malaysia(UKM)Research Grant Scheme FRGS/1/2020/ICT03/UKM/02/6 and GGPM-2020-028 funded this research.
文摘Many organizations apply cloud computing to store and effectively process data for various applications.The user uploads the data in the cloud has less security due to the unreliable verification process of data integrity.In this research,an enhanced Merkle hash tree method of effective authentication model is proposed in the multi-owner cloud to increase the security of the cloud data.Merkle Hash tree applies the leaf nodes with a hash tag and the non-leaf node contains the table of hash information of child to encrypt the large data.Merkle Hash tree provides the efficient mapping of data and easily identifies the changesmade in the data due to proper structure.The developed model supports privacy-preserving public auditing to provide a secure cloud storage system.The data owners upload the data in the cloud and edit the data using the private key.An enhanced Merkle hash tree method stores the data in the cloud server and splits it into batches.The data files requested by the data owner are audit by a third-party auditor and the multiowner authentication method is applied during the modification process to authenticate the user.The result shows that the proposed method reduces the encryption and decryption time for cloud data storage by 2–167 ms when compared to the existing Advanced Encryption Standard and Blowfish.
基金supported by the National Natural Science Foundation of China(No.6127249261572521)+1 种基金Natural Science Foundation of Shaanxi Provence(No.2013JM8012)Fundamental Research Project of CAPF(No.WJY201520)
文摘The trustworthiness of virtual machines is a big security issue in cloud computing. In this paper, we aimed at designing a practical trustworthiness mechanism in virtual environment. With the assist of a third certificate agent, the cloud user generates a trust base and extends it to its VMs. For each service running on the VM, a hash value is generated from all the necessary modules, and these hash values are organized and maintained with a specially designed hash tree whose root is extended from the user's trust base. Before the VM loads a service, the hash tree is verified from the coordinated hash value to check the trustworthiness of the service.
文摘在Cross-Product算法的基础上,结合哈希树(HashTree)数据结构,综合二者的优点,提出了一种新的IP分类算法CPHTIT(Cross-Product and HashTree with index table)。仿真结果表明CPHTIT在时间和空间上都达到了高速IP分类的要求,与现有经典算法Grid of Tries和Modular比较,其综合性能有所改进。
文摘Recently,bionic signals have been used to achieve covert underwater acoustic communication(UWAC)with high signal-to-noise ratios(SNRs)over transmission systems.A high SNR allows the attackers to proceed with their mischievous goals and makes transmission systems vulnerable against malicious attacks.In this paper we propose an improved Merkle hash tree based secure scheme that can resist current underwater attacks,i.e.,replay attack,fabricated message attack,message-altering attack,and analyst attack.Security analysis is performed to prove that the proposed scheme can resist these types of attacks.Performance evaluations show that the proposed scheme can meet UWAC limitations due to its efficiency regarding energy consumption,communication overhead,and computation cost.
文摘j-lanes tree hashing is a tree mode that splits an input message into?j?slices, computes?j?independent digests of each slice, and outputs the hash value of their concatenation.?j-pointers tree hashing is a similar tree mode that receives, as input,?j?pointers to?j?messages (or slices of a single message), computes their digests and outputs the hash value of their concatenation. Such modes expose parallelization opportunities in a hashing process that is otherwise serial by nature. As a result, they have a performance advantage on modern processor architectures. This paper provides precise specifications for these hashing modes, proposes appropriate IVs, and demonstrates their performance on the latest processors. Our hope is that it would be useful for standardization of these modes.
文摘j-lanes hashing is a tree mode that splits an input message to j slices, computes j independent digests of each slice, and outputs the hash value of their concatenation. We demonstrate the performance advantage of j-lanes hashing on SIMD architectures, by coding a 4-lanes-SHA-256 implementation and measuring its performance on the latest 3rd Generation IntelR CoreTM. For messages whose lengths range from 2 KB to 132 KB, we show that the 4-lanes SHA-256 is between 1.5 to 1.97 times faster than the fastest publicly available implementation that we are aware of, and between ~2 to ~2.5 times faster than the OpenSSL 1.0.1c implementation. For long messages, there is no significant performance difference between different choices of j. We show that the 4-lanes SHA-256 is faster than the two SHA3 finalists (BLAKE and Keccak) that have a published tree mode implementation. Finally, we explain why j-lanes hashing will be faster on the coming AVX2 architecture that facilitates using 256 bits registers. These results suggest that standardizing a tree mode for hash functions (SHA-256 in particular) could be useful for performance hungry applications.
