一种基于同态标签的动态云存储数据完整性验证方法

在云存储服务中,为使用户可以随时验证存储在云存储服务器上数据的完整性,提出一种基于同态标签的动态数据完整性验证方法。通过引入同态标签和用户随机选择待检测数据块,可以无限次验证数据是否完好无损,并支持数据动态更新;可信第三方的引入解决了云用户与云存储服务供应商因数据完整性问题产生的纠纷,实现数据完整性的公开验证;然后给出该方法的正确性和安全性分析,以及该方法的性能分析;最后通过实验验证了该方法是高效可行的。     

高效的身份基多用户全同态加密方案

针对传统的身份基全同态加密（IBFHE）方案无法对不同身份标识（ID）下的密文进行同态运算的问题,提出一个基于误差学习（LWE）问题的分层身份基多用户全同态加密方案。该方案利用Clear等（CLEAR M,McGOLDRICK C.Multi-identity and multi-key leveled FHE from learning with errors.Proceedings of the 2015 Annual Cryptology Conference,LNCS 9216.Berlin：Springer,2015：630-656）在2015年提出的身份基多用户全同态加密方案（[CM15]方案）的转化机制,结合Cash等（CASH D,HOFHEINZ D,KILTZ E,et al.Bonsai trees,or how to delegate a lattice basis.Proceedings of the 2010 Annual International Conference on the Theory and Applications of Cryptographic Techniques,LNCS 6110.Berlin：Springer,2010：523-552）在2010年提出的身份基加密（IBE）方案（[CHKP10]方案）,实现了不同身份标识下的密文同态运算,应用前景更加广阔,在随机预言机模型下为基于身份匿名的选择明文攻击下的不可区分性（IND-ID-CPA）安全。与[CM15]方案相比,该方案在公钥规模、私钥规模、密文尺寸、分层性质和密钥更新周期方面都具有优势。     

基于无双线性对的可信云数据完整性验证方案

针对云审计中第三方审计机构（TPA）可能存在的恶意欺骗行为,提出一种无双线性对的、能够正确检查TPA行为的可信云审计方案。首先,利用伪随机比特生成器生成随机挑战信息,以保证TPA生成挑战信息可靠;其次,在证据生成过程中增加哈希值,从而有效保护用户数据隐私;然后,在证据验证过程中,增加用户和TPA结果的交互过程,根据这个结果检查数据完整性,并判断TPA是否如实完成审计请求;最后,扩展该方案以实现多项数据的批量审计。安全分析表明,所提方案能够抵抗替换攻击和伪造攻击,且能保护数据隐私。相比基于Merkle哈希树的无双线性对（MHT-WiBPA）审计方案,所提方案的验证证据时间接近,而标签生成时间降低约49.96%。效能分析表明,所提方案在保证审计结果可信的前提下,实现了更低的计算开销和通信开销。     

A Design of System using homomorphic encryption for multimedia data management

Multimedia Tools and Applications - With the introduction of the concept of information warfare, the way military operations are done is changing quickly. Now, much more than it was in past, quick...     

Identity-based public data integrity verification scheme in cloud storage system via blockchain

The Journal of Supercomputing - Almost all existing data integrity verification schemes upload outsourced files and tags set to the CSP simultaneously. Thus, in this paper, we provide a novel idea...     

Efficient retrieval of replicated data

Declustering is a common technique used to reduce query response times. Data is declustered over multiple disks and query retrieval can be parallelized. Most of the research on declustering is targeted at spatial range queries and investigates schemes with low additive error. Recently, declustering using replication has been proposed to reduce the additive overhead. Replication significantly reduces retrieval cost of arbitrary queries. In this paper, we propose a disk allocation and retrieval mechanism for arbitrary queries based on design theory. Using the proposed c-copy replicated declustering scheme, buckets can be retrieved using at most k disk accesses. Retrieval algorithm is very efficient and is asymptotically optimal with complexity for a query Q. In addition to the deterministic worst-case bound and efficient retrieval, proposed algorithm handles nonuniform data, high dimensions, supports incremental declustering and has good fault-tolerance property. Experimental results show the feasibility of the algorithm. Recommended by: Sunil Prabhakar     

Efficient audio integrity verification algorithm using discrete cosine transform

Audio recordings have been used as evidence for long times. Multimedia processing advancement makes it difficult to be completely sure about what is heard is the truth. This paper presents a promising approach for integrity verification of recorded audio signals using discrete cosine transform. This approach is based on self embedding concept which embeds block-based marks extracted from the same audio signal after being transformed into 2-D format into other blocks according to a specific algorithm. After the self-embedding process, the data is converted back into 1-D style which represents a marked audio signal. The 1-D audio signal is converted into a 2-D format and then converted back into a 1-D format using the popular lexicographic ordering scheme utilized in image processing. Reverse processes are executed to extract the verification marks from the audio signal throughout the integrity verification process. Based on the extracted audio signal properties, the integrity of the marked audio signal is evaluated. Different audio processing tasks and attacks are implemented to examine the suitability of the proposed algorithm for verifying the integrity of high-confidentiality recorded audio data. The results show that the efficient ability of the proposed approach to verify integrity and detect attacks.     

Privacy-preserving iris authentication using fully homomorphic encryption

Multimedia Tools and Applications - Rapid advancement in technology has led to the use of biometric authentication in every field. In particular, from the past few years, iris recognition systems...     

Efficient data integrity auditing for storage security in mobile health cloud

Cloud storage services can enable data owners to eliminate the need for the initial investment of expensive infrastructure setup and also minimize development and maintenance costs. Outsourcing the health data to e-health cloud storage server is very beneficial. Nonetheless, storing the health data on cloud servers also brings serious security challenges. In this paper, we propose a highly efficient data integrity auditing scheme for cloud storage for mobile health applications. The authentication tag for each data block generated by biosensor nodes is minimal in our scheme due to the use of hash operation. Moreover, in data integrity checking phase, message-locked encryption scheme is utilized to encrypt and transport the auditing information of the checked data blocks, which significantly reduces the required amount of calculation and communication resources. Compared with the conventional third party auditing schemes, the presented scheme speeds up the tag generation and tag checking process by more than one thousand times.     

Practical homomorphic encryption over the integers for secure computation in the cloud

International Journal of Information Security - We present novel homomorphic encryption schemes for integer arithmetic, intended primarily for use in secure single-party computation in the cloud....     

云存储中基于MHT的动态数据完整性验证与恢复方案

针对云服务器上存储数据完整性验证过程中的高通信开销和动态数据验证问题,提出一种基于Merkle哈希树(MHT)的动态数据完整性验证与恢复方案。首先,基于MHT构建了一种新型分层认证数据结构,将数据块的每个副本块组织成副本子树,以此大幅降低多副本更新验证的通信开销。然后,在数据验证中,融入了对服务器安全索引信息的认证,以此避免服务器攻击。最后,当发现数据损坏时,通过二分查找和Shamir秘密共享机制来恢复数据。实验结果表明,该方案在验证过程中能有效降低计算和通讯开销,并能够很好地支持数据的动态操作。     

Grover algorithm-based quantum homomorphic encryption ciphertext retrieval scheme in quantum cloud computing

Quantum Information Processing - An important topic in quantum information is the theory of error correction codes. Practical situations often involve quantum systems with states in an...     

云存储系统中数据完整性验证协议

在云存储网络环境中,数据的安全性和完整性是用户最关心的问题之一。综合考虑云存储网络环境中的安全需求,设计了云存储数据完整性验证(CS-DIV)协议。客户端把数据文件和校验标签上传到云存储服务器后随机抽查,服务器返回验证证据并由客户端判断文件的完整性。协议可以有效地验证云存储数据的完整性,并抵抗恶意服务器欺骗和恶意客户端攻击,从而提高整个云存储系统的可靠性和稳定性。仿真实验数据表明,所提协议以较低的存储、通信及时间开销实现了数据的完整性保护。     

Efficient fully homomorphic encryption from RLWE with an extension to a threshold encryption scheme

In this paper, we present an effective fully homomorphic encryption (FHE) from ring learning with errors (RLWE) assumption without using Gentry’s standard squashing and bootstrapping techniques. Our FHE scheme is to modify the recent FHE scheme of Brakerski. We use the re-linearization technique to reduce the length of ciphertext considerably, and use the modulus reduction technique to manage the noise level and decrease the decryption complexity without introducing additional assumptions. Furthermore, with the key-homomorphic property, we extend our FHE scheme to a threshold fully homomorphic encryption (TFHE), which allows parties to cooperatively decrypt a ciphertext without learning anything but the plaintext. The TFHE scheme can be protected from related-key attacks, as long as we add extra smudging noise during sensitive operations.     

基于同态加密的云环境障碍最短路径导航的隐私保护算法

针对基于位置服务(LBS)中外包计算最短路径可能泄露用户隐私的问题,基于同态加密和安全多方计算,提出了一个基于同态加密的云环境障碍最短路径导航的隐私保护算法,为用户和数据所有者提供隐私保护.在该算法中,使用安全多方计算解决两种不同条件下计算道路中有无障碍物的最短路径隐私问题,并基于同态加密提出了有障碍物查询和无障碍物查询两个协议.最后,依照上述协议在理论和实践两个方面证明了所提出框架的有效性.     

Discrete logarithm based additively homomorphic encryption and secure data aggregation

At PKC 2006, Chevallier-Mames, Paillier, and Pointcheval proposed discrete logarithm based encryption schemes that are partially homomorphic, either additively or multiplicatively and announced an open problem: finding a discrete logarithm based cryptosystem that would help realize fully additive or multiplicative homomorphism. In this study, we achieve this goal by enclosing two opposite settings on the discrete logarithm problems (DLP) simultaneously: the first setting is that DLP over Z_p0 (where p₀ − 1 is smooth) is used to encode messages, while the second setting is that DLP over Z_p (where p − 1 is non-smooth, i.e., containing large prime factors) is used to encrypt plaintexts. Then, based on the proposed scheme, novel protocols for secure data aggregation in wireless sensor networks are presented. Finally, taking Paillier’s factoring-based additively homomorphic encryption schemes as the reference framework, we present detailed performance comparisons and further enhancement.     

External integrity verification for outsourced big data in cloud and IoT: A big picture

As cloud computing is being widely adopted for big data processing, data security is becoming one of the major concerns of data owners. Data integrity is an important factor in almost any data and computation related context. It is not only one of the qualities of service, but also an important part of data security and privacy. With the proliferation of cloud computing and the increasing needs in analytics for big data such as data generated by the Internet of Things, verification of data integrity becomes increasingly important, especially on outsourced data. Therefore, research topics on external data integrity verification have attracted tremendous research interest in recent years. Among all the metrics, efficiency and security are two of the most concerned measurements. In this paper, we will bring forth a big picture through providing an analysis on authenticator-based data integrity verification techniques on cloud and Internet of Things data. We will analyze multiple aspects of the research problem. First, we illustrate the research problem by summarizing research motivations and methodologies. Second, we summarize and compare current achievements of several of the representative approaches. Finally, we introduce our view for possible future developments.     

基于同态加密的生物数据版本管理

随着生物技术的发展和研究的深入,生物数据也逐步完备。对于同一物种的基因组测序,也在原始版本的基础上不断完善。当前主流的存储方式为将多个测序版本完整保存,由于生物数据本身体积较大,对相似的大数据存储大量重复部分是不划算的。同时,由于这些数据经常涉及到较高的隐私性,在公开情景执行修改和分析时,需要有一定的手段对其进行保护。文章设计了数据的差异文件版本管理方案,并结合同态加密技术,实现基因组数据的轻便存储和安全修改,并通过对短DNA序列的分析实现了验证。     

同态加密隐私保护数据挖掘方法综述*

如何保护私有信息或敏感知识在数据挖掘过程中不被泄露,同时能得到较为准确的挖掘结果,是隐私保护中面临的重大挑战。近年来国内外学者对隐私保护数据挖掘（privacy-preserving data mining,PPDM）进行了大量研究,适时地对研究成果进行总结,能够明确研究方向。从分类挖掘、关联规则挖掘、聚类挖掘和安全多方计算等几个方面,总结了现有的基于同态加密技术的算法,分析了其基本原理和特点,并在此基础上指出了PPDM技术今后发展的方向。