共查询到20条相似文献,搜索用时 843 毫秒
1.
针对数据资产保护中突出的易复制问题,将互联网App阅后即焚思想移植到数据计算领域,基于虚拟机Hypervisor硬盘加密、内存加密、I/O安全增强等技术,设计了数据用后即毁可信安全隔离区,保证了数据使用后无泄露;设计了基于区块链的数据计算操作追责机制,形成数据传递、计算、删除等各关键环节操作可信及追责。同时,采用开源软件包bitvisor、HyperCrypt、jupyter、Dataverse、Hyperledger等开发了原型系统,进行了测试验证。该系统可应用于企业点对点模式的可信工业数据空间协作计算应用,解决数据被复原、计算模型泄露、参与方违背安全公约导致的数据计算安全及合规问题。 相似文献
2.
联邦学习存在来自梯度的参与方隐私泄露,现有基于同态加密的梯度保护方案产生较大时间开销且潜在参与方与聚合服务器合谋导致梯度外泄的风险,为此,该文提出一种新的联邦学习方法FastProtector,在采用同态加密保护参与方梯度时引入符号随机梯度下降(SignSGD)思想,利用梯度中正负的多数决定聚合结果也能使模型收敛的特性,量化梯度并改进梯度更新机制,降低梯度加密的开销;同时给出一种加性秘密共享方案保护梯度密文以抵抗恶意聚合服务器和参与方之间共谋攻击;在MNIST和CIFAR-10数据集上进行了实验,结果表明所提方法在降低80%左右加解密总时间的同时仍可保证较高的模型准确率。 相似文献
3.
计算平台状态可信证明是可信计算研究的热点问题.基于系统策略的计算平台状态可信证明模型(Policy Based Trustworthiness Attestation Model,PBTAM)可以解决目前计算平台可信证明方法中存在的平台隐私保护等重要问题.PBTAM认为计算平台的状态是否可信与其系统可信传递策略紧密相关,如果证明平台的系统可信传递策略符合质询方的期望,那么该证明平台对于质询方是可信的.PBTAM在可信计算平台技术规范基础上,通过对证明平台的系统可信传递策略进行度量和验证,实现计算平台的可信证明.本文在对实际生产系统应用安装状态采样、统计和分析的基础之上,对PBTAM的性能进行了总结,证明了该模型的实际可行性和有效性. 相似文献
4.
联邦学习能够有效地规避参与方数据隐私问题,但模型训练中传递的参数或者梯度仍有可能泄露参与方的隐私数据,而恶意参与方的存在则会严重影响聚合过程和模型质量。基于此,该文提出一种基于相似度聚类的可信联邦安全聚合方法(FSA-SC)。首先基于客户端训练数据集规模及其与服务器间的通信距离综合评估选出拟参与模型聚合的候选客户端;然后根据候选客户端间的相似度,利用聚类将候选客户端划分为良性客户端和异常客户端;最后,对异常客户端类中的成员利用类内广播和二次协商进行参数替换和记录,检测识别恶意客户端。为了验证FSA-SC的有效性,以联邦推荐为应用场景,选取MovieLens 1M,Netflix数据集和Amazon抽样数据集为实验数据集,实验结果表明,所提方法能够实现高效的安全聚合,且相较对比方法有更高的鲁棒性。 相似文献
5.
6.
7.
8.
9.
10.
计算平台接入网络时的可信状态对网络安全具有重要的影响,为此可信计算组织TCG提出了TNC架构用以解决计算平台的可信接入问题,该架构提出了可信接入的模型和基本方法,已成为业界的研究热点.通过研究基于TNC架构的可信接入控制技术,实现了具有可信接入控制功能的可信交换机,并给出了可信接入控制应用解决方案,表明基于TNC的可信接入控制技术可以有效地从网络入口处防止非法或不可信终端给网络带来的潜在安全威胁. 相似文献
11.
《Digital Communications & Networks》2022,8(5):644-653
Widespread applications of 5G technology have prompted the outsourcing of computation dominated by the Internet of Things (IoT) cloud to improve transmission efficiency, which has created a novel paradigm for improving the speed of common connected objects in IoT. However, although it makes it easier for ubiquitous resource-constrained equipment that outsources computing tasks to achieve high-speed transmission services, security concerns, such as a lack of reliability and collusion attacks, still exist in the outsourcing computation. In this paper, we propose a reliable, anti-collusion outsourcing computation and verification protocol, which uses distributed storage solutions in response to the issue of centralized storage, leverages homomorphic encryption to deal with outsourcing computation and ensures data privacy. Moreover, we embed outsourcing computation results and a novel polynomial factorization algorithm into the smart contract of Ethereum, which not only enables the verification of the outsourcing result without a trusted third party but also resists collusion attacks. The results of the theoretical analysis and experimental performance evaluation demonstrate that the proposed protocol is secure, reliable, and more effective compared with state-of-the-art approaches. 相似文献
12.
Laicheng Cao Yafei Wang Xiaoye Dong Yufei Liu Yangyang Zhang Xian Guo Tao Feng 《International Journal of Communication Systems》2018,31(9)
Searchable encryption scheme‐based ciphertext‐policy attribute‐based encryption (CP‐ABE) is a effective scheme for providing multiuser to search over the encrypted data on cloud storage environment. However, most of the existing search schemes lack the privacy protection of the data owner and have higher computation time cost. In this paper, we propose a multiuser access control searchable privacy‐preserving scheme in cloud storage. First, the data owner only encrypts the data file and sets the access control list of multiuser and multiattribute for search data file. And the computing operation, which generates the attribute keys of the users' access control and the keyword index, is given trusted third party to perform for reducing the computation time of the data owner. Second, using CP‐ABE scheme, trusted third party embeds the users' access control attributes into their attribute keys. Only when those embedded attributes satisfy the access control list, the ciphertext can be decrypted accordingly. Finally, when the user searches data file, the keyword trap door is no longer generated by the user, and it is handed to the proxy server to finish. Also, the ciphertext is predecrypted by the proxy sever before the user performs decryption. In this way, the flaw of the client's limited computation resource can be solved. Security analysis results show that this scheme has the data privacy, the privacy of the search process, and the collusion‐resistance attack, and experimental results demonstrate that the proposed scheme can effectively reduce the computation time of the data owner and the users. 相似文献
13.
In view of the problem of trust relationship in traditional trust-based service recommendation algorithm,and the inaccuracy of service recommendation list obtained by sorting the predicted QoS,a trust expansion and listwise learning-to-rank based service recommendation method (TELSR) was proposed.The probabilistic user similarity computation method was proposed after analyzing the importance of service sorting information,in order to further improve the accuracy of similarity computation.The trust expansion model was presented to solve the sparseness of trust relationship,and then the trusted neighbor set construction algorithm was proposed by combining with the user similarity.Based on the trusted neighbor set,the listwise learning-to-rank algorithm was proposed to train an optimal ranking model.Simulation experiments show that TELSR not only has high recommendation accuracy,but also can resist attacks from malicious users. 相似文献
14.
标准模型下的基于身份签名方案大多数是存在性不可伪造的,无法阻止攻击者对已经签名过的消息重新伪造一个合法的签名,并且验证签名需要执行耗时的双线性对运算。为了克服已有基于身份签名方案的安全性依赖强和计算代价大等缺陷,提出了一个强不可伪造的基于身份服务器辅助验证签名方案,并在标准模型下证明了新方案在合谋攻击、自适应选择身份和消息攻击下是安全的。分析结果表明,新方案有效减少了双线性对的计算量,大大降低了签名验证算法的计算复杂度,在效率上优于已有的基于身份签名方案。 相似文献
15.
The major advantages of EBS-based key management scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which means it is prone to the cooperative attack of evicted members. A novel EBS-based collusion resistant group management scheme utilizing the construction of Cipher-text-Policy Attribute-Based Encryption (CP-ABE) is proposed. The new scheme satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion secrecy. Compared with existing EBS-based key management scheme, the new scheme can resolve EBS collusion problem completely. Even all evicted members work together, and share their individual piece of information, they could not access to the new group key. In addition, our scheme is more efficient in terms of communication and computation overhead when the group size is large. It can be well controlled even in the case of large-scale application scenarios . 相似文献
16.
一种可信计算环境下DAA协议实现方案 总被引:2,自引:0,他引:2
证明是可信计算从体系结构上保障网络服务安全的重要功能。文中介绍了TCG可信计算环境下的认证策略和以TPM为基础的直接匿名认证协议(Direct Anonymous Attestation,DAA),分析了其特点,提出为了获得更好的应用性,对DAA协议进行基于ECC算法的扩展方案。经安全性分析证明,该方案在可信计算环境下只需有限的系统资源,可以有效提高可信网络接入的安全性与可管可控性。 相似文献
17.
针对现有的基于可信第三方的可分电子现金存在用户花费电子现金效率低、用户花费时要从根节点一层一层计算的缺点,在无可信第三方的基础上,首次将节点可直接计算与可再分的方法引入到离线可分电子现金中,提出了一种新型的无可信第三方的离线可分电子现金系统.该协议在基于同一棵二叉树时,用户所能花费的电子现金总额是原来的n倍(n是二叉树层数),由同一电子现金分出的不同节点具有不可链接性,而且花费二叉树上任一节点所做的计算量是一样的,从而提高系统的整体效率. 相似文献
18.
Attribute-based encryption (ABE) is a new cryptographic technique which guarantees fine-grained access control of outsourced encrypted data in the cloud environment.However,a key limitation remains,namely policy updating.Thus,a multi-authority attribute-based encryption scheme with policy dynamic updating was proposed.In the scheme,an anonymous key issuing protocol was introduced to protect users’ privacy and resist collusion attack of attribute authority.The scheme with dynamic policy updating technique was secure against chosen plaintext attack under the standard model and can support any types of policy updating.Compared to the existing related schemes,the size of ciphertext and users’ secret key is reduced and can significantly reduce the computation and communication costs of updating ciphertext.It is more effective in the practical application. 相似文献
19.
Dominique Unruh 《Journal of Cryptology》2018,31(4):965-1011
A protocol has everlasting security if it is secure against adversaries that are computationally unlimited after the protocol execution. This models the fact that we cannot predict which cryptographic schemes will be broken, say, several decades after the protocol execution. In classical cryptography, everlasting security is difficult to achieve: even using trusted setup like common reference strings or signature cards, many tasks such as secure communication and oblivious transfer cannot be achieved with everlasting security. An analogous result in the quantum setting excludes protocols based on common reference strings, but not protocols using a signature card. We define a variant of the Universal Composability framework, everlasting quantum-UC, and show that in this model, we can implement secure communication and general multi-party computation using signature cards as trusted setup. 相似文献