基于CP-ABE的云计算改进属性加密安全访问控制策略设计

针对云计算存储中心由于数据和访问控制的安全性无法得到有效保障,从而可能造成用户存储的敏感数据被盗取的问题,现有的解决方法往往通过加密数据密钥,并通过对数据加密来解决安全性问题,但这些方法没有对访问控制的整个过程进行全面的定义和描述,同时仍然具有较大的时空开销。为此,在对CP-ABE(eiphertext-policy attribute-based encryption)进行深入分析的基础上提出了一种基于改进属性加密访问控制模型,然后对CP-ABE进行改进,并对公钥和主密钥的生成、数据所有者加密文件、访问用户解密文件以及用户权限的全面管理过程均进行了详尽的定义和描述,从而设计了一种通用的安全访问机制。在仿真工具Ubuntu中进行实验,结果表明文中方法能有效地实现云计算环境下的安全访问控制,与其它方法相比,具有计算和存储开销低优点,具有较大的优越性。     

基于Hadoop和双密钥的云计算数据安全存储策略设计

针对原有的Hadoop平台仅通过CRC-32循环冗余校验保证数据存储的安全性,设计了一种基于双密钥和混沌信号的云计算安全存储策略;首先,介绍了原有的Hadoop框架下的数据存储对应的文件读写过程,并基于加密机制设计了改进的Hadoop数据存储模型,然后根据云存储数据量大和响应要求及时的特点,设计了一种基于双密钥的改进对称密钥算法,在传统的私钥的基础上加入动态公钥,并作为敏感函数的输入获得最终的密钥,从而实现明文的加密和密文的解密,最终定义了具体的基于Hadoop和改进双密钥对称加密算法的云计算安全存储算法;通过搭建Hadoop仿真实验平台进行实验,结果表明文中方法能有效地实现云计算环境下的安全存储,存储时间与其它方法相比少15%以上,具有安全性高和存储效率高的优点,具有一定的优越性。     

网络信息安全中DES数据加密技术研究

网络信息安全关系到数据存储安全和数据通信安全,为了提高网络信息安全管理能力,需要进行数据优化加密设计,提出一种基于前向纠错编码的DES数据公钥加密技术,采用Gram-Schmidt正交化向量量化方法构建DES数据的Turbo码模型,通过三次重传机制产生密文序列,对密文序列进行前向纠错编码设计,结合差分演化方法进行频数检验,实现网络信息安全中DES数据加密密钥构造,选择二进制编码的公钥加密方案有效抵抗密文攻击。仿真结果表明,采用该加密技术进行DES数据加密的抗攻击能力较强,密钥置乱性较好,具有很高的安全性和可行性。     

基于混沌系统的SM4密钥扩展算法

分组密码是一类广泛使用的加密方法.在网络数据加密体系中,为提高信息的安全性,需要保证初始密钥具有足够大的密钥空间.为克服量子计算机对短密钥的威胁,一种基于混沌映射的新型密钥扩展算法被提出.该算法将混沌映射融入到原SM4密钥扩展算法中,有效增大了密钥空间,提高了破译难度.     

基于Markov性质的一阶安全算术编码及应用

基于压缩编码的加密方式能够同时完成加密和压缩的功能,通过压缩减少了信息的冗余,同时引入加密使对试图推测出明文信息和找到密钥的攻击具有非常好的鲁棒性.本文提出了一种基于一阶Markov模型的安全算术编码,在编码过程中通过随机密钥保证图像压缩编码的安全性,且显著提高编码的压缩效率,使其方便在网络中安全传输.实验结果和安全性分析表明,算法能够抵抗现有的各种基于算术编码的安全性攻击和其他密码学分析。     

基于压缩感知的光学图像加密技术研究

提出了一种基于压缩感知的光学数字图像加密方案,利用压缩感知理论及特点,借助双随机相位编码技术,实现了对数字图像的多重加密。通过压缩感知使用随机测量矩阵作为密钥对原始图像加密,然后对加密图像利用Arnold变换置乱二次加密,并通过4f光学系统进行双随机相位编码再次对图像加密,从而实现了对图像的多次加密。考虑实际应用中传输过程的安全性,将加密图像融合于载体图像。在接收端,对加密图像进行解密重构。实验结果表明,该加密方案能够有效降低采样数据量,具有高稳健性,对密钥响应敏感并可以抵御较强的攻击。     

基于数值分析的匿名大数据访问最优控制算法

为了降低大数据访问对人们生活的影响,减少因数据访问带来的一系列问题,更好地保护用户的隐私,需要对匿名大数据访问进行控制。当前算法是利用Purpose建立匿名大数据访问模型,在原来的K-匿名算法基础上为Purpose匿名数据访问模型构建算法,该算法对公开信息隐私安全涉及较少,对分布式数据隐私的安全保障效果不理想。为此,提出一种基于数值分析的匿名大数据访问最优控制算法。该算法利用MapReduce编程框架对匿名大数据用户的公钥和私钥进行初始化,将计算代理权授权,用户把需要保存的数据以及授权传送给第三方,也就是代理方签名,实现匿名大数据的审计。根据属性群对匿名大数据访问进行控制,系统管理员构建一棵二叉树,通过对称加密算法与属性群路径密钥,加密的群密钥,产生报头消息,根据上述所获结果,管理员对属性群密钥进行生成、更新和分发。实验结果证明,所提算法计算开销、存储开销以及通信开销较低,匿名大数据访问控制的效率高,具有较强的可实践性,为该领域的研究发展提供了支撑。     

压缩图像的三维混沌加密算法

为保证数字图像的安全性,提出了一种压缩图像的三维混沌加密算法。该算法是通过对已压缩的数据流进行加密而实现的。首先采用基于小波的Contourlet变换的类等级树集合分割(SPIHT)编码算法对明文图像进行压缩,得到压缩数据流,然后将压缩数据流映射为一个三维位矩阵;利用Lorenz混沌映射产生混沌序列,并对其进行预处理得到比特值序列,根据比特值序列对上述三维位矩阵进行置乱和替代操作;将置乱和替代后的位矩阵重新映射为数据流,并对其进行解码和反变换操作,得到加密后的压缩图像。实验结果表明,产生的比特值序列具有较好的随机性,加密算法的密钥空间很大,对密钥非常敏感,子密钥和明文有关,能有效抵抗已知明文攻击,结合压缩技术,能有效提高存储和传输效率。     

基于云存储的混合加密算法研究

近些年来,云存储技术得到了高速发展,对云存储的安全也提出了更高的要求。针对目前云存储的数据安全问题,通过对传统加密算法的研究与分析,提出了一种适合云存储的线性AES-ECC混合加密算法。算法综合了AES适应于大块数据加密且加解密速度快而ECC加密强度高的特点,使用交叉加密的方式,极大的提高了云存储的安全性,并从多个角度对算法进行了安全性分析。最后在Hadoop平台上用不同算法对多种文件类型进行加密、解密实验,并对比其加密解密时间。实验结果表明,算法在云存储中相比传统加密算法有显著优势。     

基于光学全息"指纹锁"的设计与仿真

本文提出了一种基于光学全息的“指纹锁”,将其放置在智能卡的IC芯片前面,用于对用户的个人识别号(PIN码)进行预先加密和认证,和智能卡原有的数字加密算法相结合,可进一步提高信息存储和提取的安全性.该指纹锁是以指纹图像和随机相位板为密钥,记录在光折变晶体材料内的一组角度复用加密全息图.这种光学加密全息图与传统的角度复用全息图不同,其参考光兼有指纹密钥的振幅调制和随机相位调制,具有私密性好、携带方便、安全性高等优点.     

CADF-CSE: Chaotic map-based authenticated data access/sharing framework for IoT-enabled cloud storage environment

Data is an essential asset of an organization or individual in this information age. Secure and resource-efficient data communication has become paramount in the IoT-enabled cloud storage environment. The users must communicate with the cloud storage servers to access, store, and share the data utilizing the public communication channel, which is exposed to various security threats. Moreover, various security frameworks have been presented to render secure data access, storage, and sharing functionalities for the cloud storage environment. Most of them are complicated and incapacitated of resisting various security attacks. Thus, it is imperative to design a secure and resource-efficient data access, storage, and sharing framework for the cloud storage environment. This paper presents a chaotic map-based authenticated data access/sharing framework for the IoT-enabled cloud storage environment (CADF-CSE). CADF-CSE is designed using the chaotic map, authenticated encryption scheme (AEGIS), and one-way hash function (Esch256). The proposed CADF-CSE comprises three significant phases user access control, data storage, and data sharing. The user access control phase enables the user and cloud server to attain mutual authentication followed by the secret session key establishment. Using the established SK during the access control phase user and cloud server exchange information securely across the public Internet. The data storage phase facilitates the data owner to store the data on a cloud server in encrypted form, where encryption is performed with a secret key derived from the user’s biometric. The data-sharing phase enables users to access the data from the cloud server after acquiring mutual permission from the cloud server and the data owner. In addition, an explication of the CADF-CSE through formal and informal analysis shows its resilience to various security attacks. Finally, the performance comparison explicates that CADF-CSE renders better security features while requiring lower computational and communication costs than the related security frameworks.     

A Quantum Private Query Protocol for Enhancing both User and Database Privacy

In order to protect the privacy of query user and database, some QKD-based quantum private query(QPQ)protocols were proposed. Unfortunately some of them cannot resist internal attack from database perfectly; some others can ensure better user privacy but require a reduction of database privacy. In this paper, a novel two-way QPQ protocol is proposed to ensure the privacy of both sides of communication. In our protocol, user makes initial quantum states and derives the key bit by comparing initial quantum state and outcome state returned from database by ctrl or shift mode instead of announcing two non-orthogonal qubits as others which may leak part secret information. In this way,not only the privacy of database be ensured but also user privacy is strengthened. Furthermore, our protocol can also realize the security of loss-tolerance, cheat-sensitive, and resisting JM attack etc.     

基于分数阶Fourier变换的数字图像实值加密方法

构造了一种新的保实化的分数阶Fourier变换,提出了一种基于该变换的数字图像实值加密方法。利用保实分数阶Fourier变换的保实特性和阶数可加性等完成了数字图像的加密与解密,明文和密文分别位于空域和由密钥决定的保实分数阶Fourier变换域中,具有较强的抗统计破译能力。密图是一个实值图像,便于显示和存储。仿真实验结果表明,该加密方法密钥简单,无数据膨胀,对参数敏感度高,具有一定的鲁棒性和安全性。在信息安全领域具有良好的研究前景和实用价值。     

Provably Secure Symmetric Private Information Retrieval with Quantum Cryptography

Private information retrieval (PIR) is a database query protocol that provides user privacy in that the user can learn a particular entry of the database of his interest but his query would be hidden from the data centre. Symmetric private information retrieval (SPIR) takes PIR further by additionally offering database privacy, where the user cannot learn any additional entries of the database. Unconditionally secure SPIR solutions with multiple databases are known classically, but are unrealistic because they require long shared secret keys between the parties for secure communication and shared randomness in the protocol. Here, we propose using quantum key distribution (QKD) instead for a practical implementation, which can realise both the secure communication and shared randomness requirements. We prove that QKD maintains the security of the SPIR protocol and that it is also secure against any external eavesdropper. We also show how such a classical-quantum system could be implemented practically, using the example of a two-database SPIR protocol with keys generated by measurement device-independent QKD. Through key rate calculations, we show that such an implementation is feasible at the metropolitan level with current QKD technology.     

虚拟光学信息隐藏理论及并行硬件实现

基于光学信息处理的多维数据加／解密方法作为一种新的“非数学”数据加密技术,因其具有实时的数据传递速度、密级高、密钥设计灵活且自由度大等优点．已成为研究的又一热点。在虚拟光学信息隐藏理论模型的基础上,使用数字信号处理器芯片的并行策略实现了一种具有多重锁、多重密钥的高密级多媒体信息隐藏系统。对系统性能的评估结果表明,该系统可以实时完成对多种数字媒体信息的加／解密．且系统性能优良。这在一定程度上弥补了虚拟光学多维数据隐藏技术所丧失的信息光学固有的并行处理能力。系统的实现为虚拟光学加密方法在现实信息加密中的应用开辟了一条有效的途径。     

Attacks on practical quantum key distribution systems (and how to prevent them)

With the emergence of an information society, the idea of protecting sensitive data is steadily gaining importance. Conventional encryption methods may not be sufficient to guarantee data protection in the future. Quantum key distribution (QKD) is an emerging technology that exploits fundamental physical properties to guarantee perfect security in theory. However, it is not easy to ensure in practice that the implementations of QKD systems are exactly in line with the theoretical specifications. Such theory–practice deviations can open loopholes and compromise security. Several such loopholes have been discovered and investigated in the last decade. These activities have motivated the proposal and implementation of appropriate countermeasures, thereby preventing future attacks and enhancing the practical security of QKD. This article introduces the so-called field of quantum hacking by summarising a variety of attacks and their prevention mechanisms.     

Information security system based on virtual-optics imaging methodology and public key infrastructure

In this paper, we present a virtual-optical based information security system model with the aid of public-key-infrastructure (PKI) techniques. The proposed model employs a hybrid architecture in which our previously published encryption algorithm based on virtual-optics imaging methodology (VOIM) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). For an asymmetric system, given an encryption key, it is computationally infeasible to determine the decryption key and vice versa. The whole information security model is run under the framework of PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOIM security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network.     

混沌参数调制下RSA数据加密算法研究

随着网络信息通讯技术的发展,信息数据的通讯安全成为信息化网络信息数据通讯过程中的重要问题。面对大量侵入程序与数据漏洞的威胁,一套强有效的数据加密算法成为数据研究领域的研究方向。RSA数据加密算法作为如今常用的安全性最高的算法,在大数据动态数据节点混沌排列的条件下,无法有效保证数据的加密安全。混沌参数下,出现加密逻辑断裂、溢出、数列逆排等严重的算法漏洞。对此,提出混沌参数调制下RSA数据加密算法研究,采用混沌参数特征处理单元、特征序列逻辑控制单元与混沌FIE-RSA算法,对传统RSA加密算法存在的问题进行针对性解决。通过仿真实验证明,提出的混沌参数调制下RSA数据加密算法研究中,采用的一系列方法具有加密处理响应速度快、处理运算时间短、加密安全度高、反破解性能强等特点。