Fan Rong,Ping Lingdi,Fu Jianqing,Pan Xuezeng

DOI: https://doi.org/10.3969/j.issn.1000-0801.2010.10.015

2010-01-01

Abstract:In the applications of unattended wireless sensor networks(UWSN),sensor nodes always are deployed in hostile area and are difficult to communicate with each other.Besides,the network user need abstract sensed data not real time data in some scene.Thus the sensor nodes need to store the sensed data until receiving the request of data.However,the distributed architecture makes it challenging to build a secure and efficient data storage system due to the resource-constrained nature of sensor node.Besides,due to the lack of physical protection,WBAN are vulnerable to attacks when deployed in hostile environments.In order to address the challenges,we propose a novel secure and efficient data storage scheme with dynamic integrity checking in this paper.Based on the policies of multiple secret sharing,we first propose secure and efficient patient-related data storage and access scheme for UWSN.Furthermore,to dynamically check the integrity of the distributed data shares,we then propose an efficient data integrity verification scheme based on orthonormal vectors.Finally,the security and performance analysis shows that the proposed scheme is secure and practical for UWSN.

MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

Rong Fan,Ling-di Ping,Jian-Qing Fu,Xue-zeng Pan

DOI: https://doi.org/10.1109/wcsp.2010.5633690

2010-01-01

Abstract:Recently, Wireless Body Area Networks (WBANs) have been an attractive platform for pervasive computing and communication. Since the patient-related data is significance for medical diagnosis and patients' health-care, the security of distributed data storage is critical need for applications. However, the distributed architecture makes it challenging to build a secure and efficient data storage system due to the resource-constrained nature of sensor node. Besides, due to the lack of physical protection, WBANs are vulnerable to attacks when deployed in hostile environments. In order to address the challenges, we propose a novel secure and efficient data storage scheme with dynamic integrity checking in this paper. Based on the policies of multiple secret sharing, we first propose a secure and efficient patient-related data storage and access scheme for WBANs. Furthermore, to dynamically check the integrity of the distributed data shares, we then propose an efficient data integrity verification scheme based on orthonormal vectors. Finally, the security and performance analysis shows that the proposed scheme is secure and practical for WBANs.

Arastoo Bozorgi,Mahya Soleimani Jadidi,Jonathan Anderson

DOI: https://doi.org/10.5220/0012306600003648

2024-03-24

Abstract:Strong confidentiality, integrity, user control, reliability and performance are critical requirements in privacy-sensitive applications. Such applications would benefit from a data storage and sharing infrastructure that provides these properties even in decentralized topologies with untrusted storage backends, but users today are forced to choose between systemic security properties and system reliability or performance. As an alternative to this status quo we present UPSS: the user-centric private sharing system, a cryptographic storage system that can be used as a conventional filesystem or as the foundation for security-sensitive applications such as redaction with integrity and private revision control. We demonstrate that both the security and performance properties of UPSS exceed that of existing cryptographic filesystems and that its performance is comparable to mature conventional filesystems - in some cases, even superior. Whether used directly via its Rust API or as a conventional filesystem, UPSS provides strong security and practical performance on untrusted storage.

Cryptography and Security,Operating Systems

Yuchen Liu,Aixin Zhang,Shenghong Li,Junhua Tang,Jianhua Li

DOI: https://doi.org/10.1002/sat.1179

2016-01-01

International Journal of Satellite Communications and Networking

Abstract:The security of space information network (SIN) is getting more and more important now. Because of the special features of SIN (e.g., the dynamic and unstable topology, the highly exposed links, the restricted computation power, the flexible networking methods, and so on), the security protocol for SIN should have a balance between security properties and computation/storage overhead. Although a lot of security protocols have been proposed recently, few can provide overall attacks resistance power with low computation and storage cost. To solve this problem, in this paper we propose a lightweight authentication scheme for space information network. It is mainly based on the self‐updating strategy for user's temporary identity. The scheme consists of two phases, namely, the registration phase and the authentication phase. All the computing operations involved are just hash function (h), the bit‐wise exclusive‐or operation (⊕), and the string concatenation operation (||), which are of low computation cost. The security properties discussion and the attacks–resistance power analysis show that the proposed authentication scheme can defend against various typical attacks, especially denial of service attacks. It is sufficiently secure with the lowest computation and storage costs. Furthermore, the formal security proof in SVO logic also demonstrates that the scheme can satisfy the security goals very well. Copyright © 2016 John Wiley & Sons, Ltd.

Yin Sheng Zhang

DOI: https://doi.org/10.24018/ejece.2020.4.4.236

2020-01-01

European Journal of Electrical Engineering and Computer Science

Abstract:This study is to explore a newly configured data management system of Internet of Things and other intelligent technologies in ubiquitous computing based on semi-network OS architecture. Modern Internet of Things and other intelligent technologies have increasingly shown a trend of diversification and ubiquitous computing, and the usual mobile devices characterized by “single-task”, “stable”, “oriented”, and “immutable” are also bound to face the pressure and motion of reform and innovation. The advancement of merger of single-task mobile devices will be unstoppable, and the operating system rightfully needs to be divided into “base portion” and “expanded portion”, which just fits the concept of semi-network operating system architecture; the “base portion” is similar to existing “embedded operating system”, and the “expanded portion” is network resources. Today, the merger of single-task mobile devices and the formation of multi-task mobile devices have become general trend, and architecture of semi-network operating system can lay a new foundation for this wave of merger. The multi-task mobile device formed by merger of single-task mobile devices based on architecture of semi-network operating system has its special computing system: co-mobile computing system, where including a data management system. Multi-task mobile devices form a so-called co-mobile computing system, and also form a newly configured secure data management system, which is like a universal key to form a new working system for opening a lot of unspecified locks based on new principle and security mechanism.

Yin Sheng Zhang

DOI: https://doi.org/10.5539/cis.v12n1p93

2019-01-01

Abstract:Innovation of computing technology is either to improve the security and performance, or to improve  the convenience of user operation of system, networking and device, but sometimes it’s hard to get a very good balance between the two, in particular, the traditional localized OS and computing devices are inherently incompatible  in some respects with today's network environment,  therefore, although many innovations help to improve the safety, autonomy and controllability of system and device, but they are still always lacking the trustworthiness of users, one of the reasons is that their performance is lower than  user's expectation, but their operation become more complicated than before. The semi-network operating system is designed according to user's actual experience, which not only utilizes the shared attributes of network to increase the flexibility of OS, but also utilizes the stability and user-autonomy attributes of local platform ensure the base functions of OS, in addition, it can greatly reduce the burden on user’s operation and maintenance of computing system, so which will be a trustworthy system architecture for users.

Liwei Xu,Han Wu,Jianguo Xie,Qiong Yuan,Ying Sun,Guozhen Shi,Shoushan Luo

DOI: https://doi.org/10.3390/e25050760

IF: 2.738

2023-05-07

Entropy

Abstract:The Space–Air–Ground Integrated Network (SAGIN) expands cyberspace greatly. Dynamic network architecture, complex communication links, limited resources, and diverse environments make SAGIN's authentication and key distribution much more difficult. Public key cryptography is a better choice for terminals to access SAGIN dynamically, but it is time-consuming. The semiconductor superlattice (SSL) is a strong Physical Unclonable Function (PUF) to be the hardware root of security, and the matched SSL pairs can achieve full entropy key distribution through an insecure public channel. Thus, an access authentication and key distribution scheme is proposed. The inherent security of SSL makes the authentication and key distribution spontaneously achieved without a key management burden and solves the assumption that excellent performance is based on pre-shared symmetric keys. The proposed scheme achieves the intended authentication, confidentiality, integrity, and forward security, which can defend against masquerade attacks, replay attacks, and man-in-the-middle attacks. The formal security analysis substantiates the security goal. The performance evaluation results confirm that the proposed protocols have an obvious advantage over the elliptic curve or bilinear pairings-based protocols. Compared with the protocols based on the pre-distributed symmetric key, our scheme shows unconditional security and dynamic key management with the same level performance.

physics, multidisciplinary

Xinbin Zuo,Xue Pang,Pengping Zhang,Junsan Zhang,Tao Dong,Peiying Zhang

DOI: https://doi.org/10.1109/comcomap51192.2020.9398887

2020-01-01

Abstract:With the improvement of people’s living standards, more and more network users access the network, including a large number of infrastructure, these devices constitute the Internet of things(IoT). With the rapid expansion of devices in the IoT, the data transmission between the IoT has become more complex, and the security issues are facing greater challenges. SDN as a mature network architecture, its security has been affirmed by the industry, it separates the data layer from the control layer, thus greatly improving the security of the network. In this paper, we apply the SDN to the IoT, and propose a IoT network architecture based on SDN. In this architecture, we not only make use of the security features of SDN, but also deploy different security modules in each layer of SDN to integrate, analyze and plan various data through the IoT, which undoubtedly improves the security performance of the network. In the end, we give a comprehensive introduction to the system and verify its performance.

Youhui Zhang,Weimin Zheng

DOI: https://doi.org/10.1007/978-3-540-30102-8_44

2004-01-01

Abstract:This paper presents a cluster-based storage platform--OStorage that employs Network-Attached Object Storage Device (NAOSD) as the low-level storage device. Owing to some features of NAOSD, including object-like access interface, simple computing abilities and self-management, OStorage supports structured-data directly to eliminate the data- model-mismatch problem of conventional storage systems. In addition, the OStorage prototype implements distributed data access, distributed transaction, some query functions and can simplify the building of scalable Internet services. The performance analysis shows that its access time increases with the system scale logarithmically, which is better than the conventional systems. And experiments show that its scalability is fairly satisfying.

Fang Miao,Wenjie Fan,Wenhui Yang,Yan Xie

DOI: https://doi.org/10.1145/3309074.3309093

2019-01-01

Abstract:DOSA (Data-Oriented Security Architecture, or Data Ownership-based Security Architecture) is an architecture for data protection and application in an open Internet environment. DOSA combines data with ownership by using digital certification authentication (CA) and public key infrastructure (PKI). The DOSA is simply described as one body with two wings. The one body is that the data must be combined with ownership. The one wing is that the data should be innately registered. Another wing is that the data should be innately encrypted with the data owner's public key. To share data and make data applicable, DOSA also establishes the authorization of data ownership for data sharing, the recording of data operation for data history tracing, the data behaviour analysis for the discovery of illegal use of data, and the data usage statistics for the assessment of data value, etc. Therefore, data can be securely shared and used in an open environment with ownership authorization. At the same time, data ownership is clarified; the interests of the data owner can be guaranteed.

Qian Wang,Kui Ren,Wenjing Lou,Yanchao Zhang

DOI: https://doi.org/10.1145/1993042.1993051

2011-01-01

ACM Transactions on Sensor Networks

Abstract:Recently, distributed data storage has gained increasing popularity for efficient and robust data management in wireless sensor networks (WSNs). The distributed architecture makes it challenging to build a highly secure and dependable yet lightweight data storage system. On the one hand, sensor data are subject to not only Byzantine failures, but also dynamic pollution attacks, as along the time the adversary may modify/pollute the stored data by compromising individual sensors. On the other hand, the resource-constrained nature of WSNs precludes the applicability of heavyweight security designs. To address the challenge, in this article we propose a novel dependable and secure data storage scheme with dynamic integrity assurance. Based on the principle of secret sharing and erasure coding, we first propose a hybrid share generation and distribution scheme to achieve reliable and fault-tolerant initial data storage by providing redundancy for original data components. To further dynamically ensure the integrity of the distributed data shares, we then propose an efficient data integrity verification scheme exploiting the techniques of algebraic signature and spot-checking. The proposed scheme enables individual sensors to verify in one protocol execution the correctness of all the pertaining data shares simultaneously in the absence of the original data. Extensive security analysis shows that the proposed scheme has strong resistance against various data pollution attacks. The efficiency of the scheme is demonstrated by experiments on sensor platforms Tmote Sky and iMote2.

Lin Qinying,Gui Xiaolin,Shi Deqin,Wang Xiaoping

2011-01-01

Journal of Computer Research and Development

Abstract:Cloud storage is a future ideal way of information storage,it provides user-friendly outsourced storage space to alleviate the explosive growth of information on the mass storage needs.However,due to cloud storage users worried about their loss of data,lack of confidence in cloud storage,leading to cloud storage popularizing difficult.In this paper,we first presents a safety model for cloud storage and the storage and access strategies to solve the confidential information stored in the data security and user anonymity.And its security is analyzed.Last we point out the key technology that this system must solve.

Qingni Shen,Yahui Yang,Zhonghai Wu,Dandan Wang,Min Long

DOI: https://doi.org/10.1504/ijguc.2013.057118

2013-01-01

International Journal of Grid and Utility Computing

Abstract:With the growth of business, an enterprise would like to make its PSC private storage cloud approach an infrastructure service in a partner/public cloud. In such PSCs, there are some new data security issues, First, how to keep the data rest in the PSC isolated from internal and external attackers; second, how to make secure intra-cloud data migration within the enterprise; third, how to secure inter-cloud data migrating between the PSC and the partner/public cloud. In this paper, we propose an architecture design for enforcing data security services on the layer of HDFS in the PSC, including secure data isolation service, secure intra-cloud data migration service, and secure inter-cloud data migration service. Finally, it gives the prototype implemented as pluggable security modules in accord with our custom security policies through AOP Aspect-Oriented Programming method. The time cost is given and evaluated efficiently.

Meikang Qiu,Lei Zhang,Zhong Ming,Zhi Chen,Xiao Qin,Laurence T. Yang

DOI: https://doi.org/10.1016/j.jcss.2012.11.002

IF: 1.043

2012-01-01

Journal of Computer and System Sciences

Abstract:For ubiquitous computing systems, security has become a new metric that designers should consider throughout the design process, along with other metrics such as performance and energy consumption. A combination of selected cryptographic algorithms for required security services forms a security strategy for the application. In this paper, we propose methods to generate security strategies to achieve the maximal overall security strength while meeting the real-time constraint. In order to express security requirements of an application, we propose a novel graph model called Security-Aware Task (SEAT) graph model to represent real-time constraints and precedence relationships among tasks. Based on the SEAT graph approach, we propose an optimal algorithm, Integer Linear Programming Security Optimization (ILP-SOP). For the special structures such as simple path graph and tree, we propose two dynamic programming based algorithms (DPSOP-path/tree) to generate the optimal security strategy. Experiment results demonstrate the correctness and efficiency of our proposed method. The experimental results show that, by using our proposed techniques, the security strength can be improved by 44.3% on average.

Dongdong Liu,Tiantian Ji

DOI: https://doi.org/10.1038/s41598-024-73480-y

IF: 4.6

2024-10-27

Scientific Reports

Abstract:The Internet of Things technology allows you to transfer data to any asset through communication networks such as the Internet or intranet. One of the most important problems is security, which includes confidentiality, authenticity validation, and completeness. Among security problems, the most important ones are ensuring authenticity and protecting privacy. The elliptic curve encryption algorithm is famous protocols for maintaining privacy and verifying authenticity. Despite the capabilities they have and provide good security against network attacks, they face challenges such as response time, delay in the authentication and authentication process, as well as the amount of memory consumed. Two-factor authentication (2FA) is a security process where users provide two different authentication factors to authenticate themselves. It also provides a higher level of security than authentication methods that rely on single-factor authentication (SFA). This article presents two novel methods for 2FA that use encryption techniques, scramble architecture, and chord architecture. These methods allow for the authentication process to be initiated by both parties involved in the communication. Three scenarios and three metrics of reaction time, memory usage, and connection latency were used to assess the efficacy of the suggested approach. The average reaction time is improved and is 0.012 s when the lengths of the finger table in the chord structure are increased to 10, 15, and 20. The findings show that the suggested approach reduces computing complexity, reaction time, and communication latency. It has an average reaction time of 0.016 s, an average memory use of 30,360 kb, and an average connection latency of 0.042 s.

multidisciplinary sciences

WANG Qi-ke,LIU Xin-song,QIU Yuan-jie,ZHOU Tao,LI Yi

DOI: https://doi.org/10.3969/j.issn.1001-0548.2007.02.025

2007-01-01

Abstract:In the Linux kernel-based Distributed and Parallel Security Operating System (DPSOS), the system security is not assured because of the lack of global user identification and access right managing mechanism. On the basis of analyzing the mechanism of user authority verification, this paper presents an algorithm to achieve the user consistency. This algorithm consists of global synchronizing algorithm and user information consistency protocol. Through tests, it has been proved that the algorithm can guarantee the user consistency of the system effectively.

Yi Liu,Hong-qi Zhang,Jiang Liu,Ying-jie Yang

DOI: https://doi.org/10.1155/2017/9534754

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:Security functions are usually deployed on proprietary hardware, which makes the delivery of security service inflexible and of high cost. Emerging technologies such as software-defined networking and network function virtualization go in the direction of executing functions as software components in virtual machines or containers provisioned in standard hardware resources. They enable network to provide customized security service by deploying Security Service Chain (SSC), which refers to steering flow through multiple security functions in a particular order specified by individual user or application. However, SSC Deployment Problem (SSC-DP) needs to be solved. It is a challenging problem for various reasons, such as the heterogeneity of instances in terms of service capacity and resource demand. In this paper, we propose an SSC-based approach to deliver security service to users without worrying about physical locations of security functions. For SSC-DP, we present a three-phase method to solve it while optimizing network and security resource allocation. The presented method allows network to serve a large number of flows and minimizes the latency seen by flows. Comparative experiments on the fat-tree and Waxman topologies show that our method performs better than other heuristics under a wide range of network conditions.

Jiwu Shu,Zhirong Shen,Wei Xue

DOI: https://doi.org/10.1016/j.jpdc.2014.06.003

IF: 4.542

2014-01-01

Journal of Parallel and Distributed Computing

Abstract:With the increasing amount of personal data stored in public storage, users are losing control of their physical data, putting their data information at risk of theft or being compromised. Traditional secure storage systems either require users to completely trust the storage provider or impose the considerable burden of managing files on file owners; such systems are inapplicable in the practical cloud environment. This paper addresses these challenging problems by proposing a new secure system architecture and implementing a stackable secure storage system named Shield, in which a proxy server is introduced to be in charge of authentication and access control. We propose a new variant of the Merkle Hash Tree to support efficient integrity checking and file content update; further, we have designed a hierarchical key organization to achieve convenient keys management and efficient permission revocation. Shield supports concurrent write access by employing a virtual linked list; it also provides secure file sharing without any modification to the underlying file systems. A series of evaluations over various real benchmarks show that Shield causes about 7%∼13% performance degradation when compared with eCryptfs but provides enhanced security for user’s data.

Lipeng Wang,Mingsheng Hu,Zhijuan Jia,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1109/tifs.2024.3383772

IF: 7.231

2024-05-10

IEEE Transactions on Information Forensics and Security

Abstract:As more internet users opt to store their data in cloud storage, ensuring data integrity becomes a paramount concern. The emerging provable data possession (PDP) scheme enables auditors to verify data integrity with reduced bandwidth consumption compared to hash-based alternatives. Nevertheless, most existing PDP variants rely on a centralized node for generating or maintaining user keys, creating a potential single point of failure. Moreover, previous PDP schemes could only detect whether challenged data blocks were corrupted, lacking the ability to pinpoint affected blocks precisely. To tackle these challenges, we propose a novel PDP scheme that eliminates the necessity for a key management center and supports the localization of corrupted data blocks. In our scheme, users no longer need to retain private keys once they cease performing data dynamic operations, thus liberating them from reliance on external entities for key maintenance. Moreover, the new scheme utilizes existing authenticators in the cloud to identify corrupted file blocks, eliminating the necessity of storing hash values for these data blocks as seen in most of existing implementations. This effectively reduces required storage space. Furthermore, we introduce SStore, a decentralized cloud storage platform that incorporates the new PDP scheme to verify data integrity. SStore facilitates public auditing of user data, thereby enhancing transparency in the data verification procedure. Moreover, SStore leverages basic algebraic operations for data auditing, significantly increasing its efficiency. We analyze the security of the new PDP scheme, and evaluate the performance of both the PDP scheme and SStore to demonstrate their efficiency.

computer science, theory & methods,engineering, electrical & electronic