云社交网络中安全高效的加密数据共享机制(英文)

Despite that existing data sharing systems in online social networks(OSNs)propose to encrypt data before sharing,the multiparty access control of encrypted data has become a challenging issue.In this paper,we propose a secure data sharing scheme in OSNs based on ciphertext-policy attributebased proxy re-encryption and secret sharing.In order to protect users' sensitive data,our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider.Our scheme presents a multiparty access control model,which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy.Further,we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider.We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext.Moreover,our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy.The security and performance analysis results indicate that the proposed scheme is secure and efficient in OSNs.     

虚拟银行教学软件系统的设计、实现与应用

随着教育信息化的发展,高等教育领域对教学软件的需求不断增加,本文介绍了为"安全电子支付与电子货币"课程设计并实现的虚拟银行教学软件系统VBR,该系统为学生提供了一个全方位、真实的学习与实践环境。通过在教学中使用本教学软件系统,不仅增强了学生运用信息安全专业知识的意识,充分发挥了学生自主探索式学习,更重要的是提高了学生的工程实践能力,取得了良好的教学效果。     

云计算平台下基于属性加密的动态版权使用控制方案（英文）

In order to achieve fine-grained access control in cloud computing,existing digital rights management(DRM) schemes adopt attribute-based encryption as the main encryption primitive.However,these schemes suffer from inefficiency and cannot support dynamic updating of usage rights stored in the cloud.In this paper,we propose a novel DRM scheme with secure key management and dynamic usage control in cloud computing.We present a secure key management mechanism based on attribute-based encryption and proxy re-encryption.Only the users whose attributes satisfy the access policy of the encrypted content and who have effective usage rights can be able to recover the content encryption key and further decrypt the content.The attribute based mechanism allows the content provider to selectively provide fine-grained access control of contents among a set of users,and also enables the license server to implement immediate attribute and user revocation.Moreover,our scheme supports privacy-preserving dynamic usage control based on additive homomorphic encryption,which allows the license server in the cloud to update the users' usage rights dynamically without disclosing the plaintext.Extensive analytical results indicate that our proposed scheme is secure and efficient.     

云计算环境中支持隐私保护的数字版权保护方案简

针对云计算环境中数字内容安全和用户隐私保护的需求,提出了一种云计算环境中支持隐私保护的数字版权保护方案。设计了云计算环境中数字内容版权全生命周期保护和用户隐私保护的框架,包括系统初始化、内容加密、许可授权和内容解密4个主要协议;采用基于属性基加密和加法同态加密算法的内容加密密钥保护和分发机制,保证内容加密密钥的安全性;允许用户匿名向云服务提供商订购内容和申请授权,保护用户的隐私,并且防止云服务提供商、授权服务器和密钥服务器等收集用户使用习惯等敏感信息。与现有的云计算环境中数字版权保护方案相比,该方案在保护内容安全和用户隐私的同时,支持灵活的访问控制,并且支持在线和超级分发应用模式,在云计算环境中具有较好的实用性。     

基于Android的移动终端安全管理系统

针对Android移动终端设备安全和敏感数据泄露的问题,设计并实现基于Android的移动终端安全管理系统,允许用户远程对移动终端设备和其存储的数据进行安全管理。该系统采用C/S架构,客户端允许用户将移动终端注册到服务端,并通过在移动终端嵌入可信平台模块实现基于口令、设备和SIM卡三因素的本地用户身份识别。服务端允许用户通过Web平台对已注册的移动终端进行定位、锁定、数据加解密、数据擦除等远程安全管理。为防止用户的远程操作指令受到假冒攻击,以椭圆曲线加密和零知识证明为基础,实现移动终端对服务端的远程身份认证。实验结果表明,该系统能保障移动终端设备通信安全,防止假冒攻击。     

新型通用格式多媒体数字版权管理系统设计与实现

针对多媒体内容的版权保护问题,设计一种新型通用格式多媒体数字版权管理模型,包括内容加密与打包、密钥管理、安全引擎、许可证管理与分发、DRM客户端和DRM管理等功能单元,该模型通过非结构化加密方法,克服了基于内容格式加密方法的局限性,实现对通用格式多媒体内容的保护。另外,采用许可证提取码作为下载许可证的凭证,解决许可证重新发行和转让的问题,并支持细粒度使用控制方式。基于此模型,实现了基于固定与移动融合业务的多媒体数字版权管理系统,并将其运用于数字消费领域,实验结果和实际运行表明该方案不影响多媒体质量,效率及安全性较高,在多媒体内容版权保护方面具有较好的实用性。