安全的WSN数据融合隐私保护方案设计

针对无线传感器网络数据融合过程中的数据隐私和完整性保护问题,提出一种安全的数据融合隐私保护方案(SPPDA),把节点的私密因子与原始数据构成复数,采用同态加密方法对复数进行加密,实现在密文不解密的情况下进行数据融合,同时采用基于复数的完整性验证方法,确保数据的可靠性。理论分析和仿真结果表明,SPPDA方案的计算代价和通信开销较少,数据融合的精确度高。     

基于同态加密的DBSCAN聚类隐私保护方案

为了降低数据外包聚类运算过程中存在的隐私泄露风险,提出了一个基于同态加密的DBSCAN聚类隐私保护方案。为了加密实际场景中的浮点型数据,给出了针对不同数据精度的3种数据预处理方式,并提出了一种基于数据特点且综合考虑数据精度和计算开销等方面的数据预处理方式的选择策略。由于同态加密不支持密文比较运算,设计了一个用户端与云服务器之间的协议实现密文比较功能。理论分析和实验结果表明,所提方案能够保证数据隐私安全,并且具有较高的聚类准确率和较低的时间开销。     

基于数据奇偶性的无线传感器网络数字水印算法

针对保护无线传感器网络数据的完整性问题。提出一种基于奇偶性数字水印的无线传感器网络安全方案。采用改变数据奇偶性嵌入水印信号,就能快速、准确地提取出水印序列。通过仿真实验证明,该方案可有效鉴别数据是否经过非法篡改,具有较好的安全性与透明度,且不会额外增加节点的存储开销、大幅减少了无线传感器网络的能耗,同时不会对网络正常运作造成影响。     

一种有效的买方卖方数字水印协议

数字水印技术是保护数字产品知识产权的一个潜在解决方案,一个有效的数字水印方案必须能够解决版权保护和盗版追踪等相关问题。以前提出了很多著名的协议,大多都存在着缺陷。在Leietal.协议的基础上提出了一种有效的数字水印协议。该协议基于密钥共享和同态公钥密码体制的思想,有效地解决了消费者的权益保护、未绑定、盗版追踪等问题,并引进一个可信的认证中心CA,有效解决了共谋问题和买方参与纠纷解决问题。     

EEPPDA—Edge-enabled efficient privacy-preserving data aggregation in smart healthcare Internet of Things network

The Internet of Things-based smart healthcare provides numerous facilities to patients and medical professionals. Medical professionals can monitor the patient's real-time medical data and diagnose diseases through the medical health history stored in the cloud database. Any kind of attack on the cloud database will result in misdiagnosis of the patients by medical professionals. Therefore, it becomes a primary concern to secure private data. On the other hand, the conventional data aggregation method for smart healthcare acquires immense communication and computational cost. Edge-enabled smart healthcare can overcome these limitations. The paper proposes an edge-enabled efficient privacy-preserving data aggregation (EEPPDA) scheme to secure health data. In the EEPPDA scheme, captured medical data have been encrypted by the Paillier homomorphic cryptosystem. Homomorphic encryption is engaged in the assurance of secure communication. For data transmission from patients to the cloud server (CS), data aggregation is performed on the edge server (ES). Then aggregated ciphertext data are transmitted to the CS. The CS validates the data integrity and analyzes and processes the authenticated aggregated data. The authorized medical professional executes the decryption, then the aggregated ciphertext data are decrypted in plaintext. EEPPDA utilizes the batch verification process to reduce communication costs. Our proposed scheme maintains the privacy of the patient's identity and medical data, resists any internal and external attacks, and verifies the health data integrity in the CS. The proposed scheme has significantly minimized computational complexity and communication overhead concerning the existing approach through extensive simulation.     

FastProtector：一种支持梯度隐私保护的高效联邦学习方法

联邦学习存在来自梯度的参与方隐私泄露,现有基于同态加密的梯度保护方案产生较大时间开销且潜在参与方与聚合服务器合谋导致梯度外泄的风险,为此,该文提出一种新的联邦学习方法FastProtector,在采用同态加密保护参与方梯度时引入符号随机梯度下降(SignSGD)思想,利用梯度中正负的多数决定聚合结果也能使模型收敛的特性,量化梯度并改进梯度更新机制,降低梯度加密的开销;同时给出一种加性秘密共享方案保护梯度密文以抵抗恶意聚合服务器和参与方之间共谋攻击;在MNIST和CIFAR-10数据集上进行了实验,结果表明所提方法在降低80%左右加解密总时间的同时仍可保证较高的模型准确率。     

Secure authentication and integrity techniques for randomized secured routing in WSN

As wireless sensor network is resource-constrained, reliability and security of broadcasted data become major issue in these types of network. In order to overcome security and integrity issues, a secure authentication and integrity technique is proposed. In this technique, shared keys are used for providing authentication. Here, mutual authentication technique allows the sender and recipient to share a common key matrix as an authentication key. Both sender and recipient chose a random noise matrix and verification is done based on hamming weight. To increase authentication and integrity, a hybrid offline and online signcryption technique is proposed which is a cryptographic method that satisfies both the function of digital signature and public key encryption in a logical single step. By simulation results, we show that the proposed technique provides security in terms of increased packet delivery ratio and reduced compromised communications.     

Multi-dimensional secure query scheme for fog-enhanced IIoT

In view of the fact that most of the existing range query schemes for fog-enhanced IoT cannot achieve both multi-dimensional query and privacy protection,a privacy-preserving multi-dimensional secure query scheme for fog-enhanced IIoT was proposed.Firstly,the multiple ranges to be queried were mapped into a certain query matrix.Then,auxiliary vectors were constructed to decompose the query matrix,and then the auxiliary vector was processed by BGN homomorphic encryption to form a query trapdoor.Finally,with the homomorphic computation utilized by an IoT device terminal,the query trapdoor could be matched to its sensor data.Spatial complexity could be effectively reduced with the used specific auxiliary vectors.The confidentiality of sensor data could be ensured and the privacy of user’s query mode could be protected by the homomorphic encryption property.Experiments results show that the computational and communication costs are relatively low.     

Research on color QR code watermarking technology based on chaos theory

In order to carry on copyright protection and security verification of color QR code,the digital image chaos encryption technology and digital watermarking technology were respectively researched.Firstly,an improved image chaos encryption algorithm was proposed as a preprocessing step of digital watermarking algorithm.Then a color QR code digital watermarking algorithm was designed based on discrete wavelet transform and matrix singular value decomposition.Finally,the feasibility of the algorithm was verified by experiments.The results show that the proposed method has good resistance to JPEG compression,noise attack and cropping attack.     

基于隐私同态数据融合的完整性验证协议

在无线传感器网络中的安全数据融合能够有效防止隐私泄露和数据篡改等问题,并实现高效的数据传输。由此提出一种基于隐私同态数据融合的完整性验证协议IV-PHDA。该协议采用同态加密保证数据隐私性;利用随机检测节点对节点聚合结果的完整性进行检测,以验证聚合节点是否忠实地传输每个数据分组。通过理论分析和仿真对比,对其算法的性能进行验证,结果表明,该协议能够在网络传输的过程中检测数据的完整性,并且实现较好的隐私保护和较高的数据精确度。     

Efficient Set Intersection with Simulation-Based Security

We consider the problem of computing the intersection of private datasets of two parties, where the datasets contain lists of elements taken from a large domain. This problem has many applications for online collaboration. In this work, we present protocols based on the use of homomorphic encryption and different hashing schemes for both the semi-honest and malicious environments. The protocol for the semi-honest environment is secure in the standard model, while the protocol for the malicious environment is secure in the random oracle model. Our protocols obtain linear communication and computation overhead. We further implement different variants of our semi-honest protocol. Our experiments show that the asymptotic overhead of the protocol is affected by different constants. (In particular, the degree of the polynomials evaluated by the protocol matters less than the number of polynomials that are evaluated.) As a result, the protocol variant with the best asymptotic overhead is not necessarily preferable for inputs of reasonable size.     

H-SPREAD: a hybrid multipath scheme for secure and reliable data collection in wireless sensor networks

Communication security and reliability are two important issues in any network. A typical communication task in a wireless sensor network is for every sensor node to sense its local environment, and upon request, send data of interest back to a base station (BS). In this paper, a hybrid multipath scheme (H-SPREAD) to improve both the security and reliability of this task in a potentially hostile and unreliable wireless sensor network is proposed. The new scheme is based on a distributed N-to-1 multipath discovery protocol, which is able to find multiple node-disjoint paths from every sensor node to the BS simultaneously in one route discovery process. Then, a hybrid multipath data collection scheme is proposed. On the one hand, end-to-end multipath data dispersion, combined with secret sharing, enhances the security of the end-to-end data delivery in the sense that the compromise of a small number of paths will not result in the compromise of a data message in the face of adversarial nodes. On the other hand, in the face of unreliable wireless links and/or sensor nodes, alternate path routing available at each sensor node improves the reliability of each packet transmission significantly. The extensive simulation results show that the hybrid multipath scheme is very efficient in improving both the security and reliability of the data collection service seamlessly.     

机会网络中用户属性隐私安全的高效协作者资料匹配协议

在机会网络中,用户通过移动造成的相遇性机会,借助协作者实现消息的传输与内容的共享。为了克服现有协作者匹配协议加解密效率不高的问题,针对机会网络中用户的不同隐私要求,设计了3个不依赖同态加密的高效隐私内积计算协议,可以证明所提出的协议是隐私安全并且正确的。在此基础上,对所提出的3个协议的计算开销与通信开销,与现有工作进行了理论上的比较。仿真结果表明,所提协议能够高效地完成隐私安全匹配,其加解密时间要比基于Paillier加密体系的协议要少至少一个数量级。     

A secure regenerating code‐based cloud storage with efficient integrity verification

Cloud storage is gaining popularity as it relieves the data owners from the burden of data storage and maintenance cost. However, outsourcing data to third‐party cloud servers raise several concerns such as data availability, confidentiality, and integrity. Recently, regenerating codes have gained popularity because of their low repair bandwidth while ensuring data availability. In this paper, we propose a secure regenerating code‐based cloud storage (SRCCS) scheme, which utilizes the verifiable computation property of homomorphic encryption scheme to check the integrity of outsourced data. In this work, an error‐correcting code (ECC)–based homomorphic encryption scheme (HES) is employed to simultaneously provide data privacy as well as error correction while supporting efficient integrity verification. In SRCCS, server regeneration process is initiated on detection of data corruption events in order to ensure data availability. The ECC‐based HES significantly reduces the probability of server regeneration and minimizes the repair cost. Extensive theoretical analysis and simulation results validate the security, efficiency, and practicability of the proposed scheme.     

无线传感器网络的安全技术研究

无线传感器网络（WSN）是通过无线通信方式形成的一个多跳自组织网络,是集信息采集、信息传输、信息处理于一体的智能化信息系统。由于其本身资源方面存在的局限性和脆弱性,使其安全问题成为一大挑战。文中分析了无线传感器网络的安全需求、可能受到的安全攻击,给出了防御方法和解决方案。通过安全加密协议、认证流广播和多种密钥机制实现传感器网络的数据机密性、完整性和系统鲁棒性。     

NLDA non-linear regression model for preserving data privacy in wireless sensor networks

Recently, the application of Wireless Sensor Networks (WSNs) has been increasing rapidly. It requires privacy preserving data aggregation protocols to secure the data from compromises. Preserving privacy of the sensor data is a challenging task. This paper presents a non-linear regression-based data aggregation protocol for preserving privacy of the sensor data. The proposed protocol uses non-linear regression functions to represent the sensor data collected from the sensor nodes. Instead of sending the complete data to the cluster head, the sensor nodes only send the coefficients of the non-linear function. This will reduce the communication overhead of the network. The data aggregation is performed on the masked coefficients and the sink node is able to retrieve the approximated results over the aggregated data. The analysis of experiment results shows that the proposed protocol is able to minimize communication overhead, enhance data aggregation accuracy, and preserve data privacy.     

Encrypted signal-based reversible data hiding with public key cryptosystem

Encrypted image-based reversible data hiding (EIRDH) is a well-known method allowing that (1) the image provider gives the data hider an encrypted image, (2) the data hider embeds the secret message into it to generate the encrypted image with the embedded secret message to the receiver, and (3) finally the receiver can extract the message and recover the original image without encryption. In the literature, the data hider and image provider must be specific parties who know the shared key with the receiver in traditional encrypted image-based reversible data hiding. In this paper, we propose an encrypted signal-based reversible data hiding (ESRDH) with public key cryptosystem, not only for images. The proposed scheme is secure based on Paillier homomorphic encryption. Finally, the experimental results show that the proposed scheme has much payload and high signal quality.     

ECCE: Enhanced cooperative channel establishment for secure pair-wise communication in wireless sensor networks

This paper presents the ECCE protocol, a new distributed, probabilistic, cooperative protocol to establish a secure pair-wise communication channel between any pair of sensors in a wireless sensor network (WSN). The main contributions of the ECCE protocol are: to allow the set-up of a secure channel between two sensors (principals) that do not share any pre-deployed key. This feature is obtained involving a set of sensors (cooperators) in the channel establishment protocol; to provide probabilistic authentication of the principals as well as the cooperators. In particular, the probability for the attacker to break authentication check decreases exponentially with the number of cooperators involved; to trade off the memory space required to store the pre-deployed encryption keys with the number of cooperators involved in the protocol. Hence, memory storage can be used to store keys built with the ECCE protocol, which helps amortizing the (limited) overhead incurred in the ECCE key set-up; to be adaptive to the level of threat the WSN is subject to. We provide analytical analysis and extensive simulations of ECCE, which show that the proposed solution increases both the probability of a secure channel set-up and the probability of channel resilience with respect to other protocols.     

An efficient distributed routing protocol for wireless sensor networks with mobile sinks

Introducing mobile sinks into a wireless sensor network can effectively improve the network performance. However, sink mobility can bring excessive protocol overhead for route maintenance and may offset the benefit from using mobile sinks. In this paper, we propose a dynamic layered routing protocol to address this problem. The proposed protocol integrates dynamic layered Voronoi scoping and dynamic anchor selection to effectively reduce the dissemination scopes and frequencies of routing updates as the sinks move in the network. Simulation results show that the proposed protocol can effectively reduce the protocol overhead while ensuring high packet delivery ratio as compared with existing work. Copyright © 2014 John Wiley & Sons, Ltd.     

Elliptic curve ElGamal based homomorphic image encryption scheme for sharing secret images

This paper proposes an encryption scheme with a new additive homomorphism based on Elliptic Curve ElGamal (EC-ElGamal) for sharing secret images over unsecured channel. The proposed scheme enables shorter key and better performance than schemes based on RSA or ElGamal. It has a lower computation overhead in image decryption comparing with the method that uses other additively homomorphic property in EC-ElGamal. Elliptic curve parameters are selected to resist the Pohlig-Hellman, Pollard's-rho, and Isomorphism attacks. Experimental results and analysis show that the proposed method has superior performance to RSA and ElGamal.