Earticle

The privacy of data or plain is an important issue in cloud computing. Therefore, to solve the problem, we establish the environment of cloud computing to process data with privacy and apply our scheme in the area of digital forensics for RSA signature algorithm. We experiment with efficiency of RSA signature in cloud computing. As a result, our scheme can reduce the loading of computing; besides, the clients don’t need to waste storage spaces to save the results. The most important of all, we can take full advantage of the cloud computing for computing of large data and storage spaces.

Cloud computing can improve utilization of powerful computer systems. However, security problems become an important challenge in the cloud systems. Implementation of antivirus software can cost a lot of resource. This paper advanced an access-control based architecture of operation systems which ensure the high availability of the whole system. System resource cost on security can be dropped by the implementation of this architecture.

In this paper, we manufacture Fiber Bragg Grating (FBG) sensor and study its applying to the structure deformation measurement. FBGs are manufactured using the 248nm excimer laser and phase masks. To enhance the photosensitivity of the core, we have loaded Hydrogen in the fiber. Then its reflectivity has improved about 8 dB. Experimental results based on comparative measurements with electric strain gauge sensors installed on the structure show that FBGs can be replaced the electric strain gauge sensors.

The existing secure file delete tool distorts secure contents by over-writing the randomly generated data many times, which decreases the recoverability of the secure contents. However, in NAND-based storages, the original secure contents are preserved even after performing the repetitive over-write requests, which is because of the out-of-place update of flash translation layer. In order to address the problem, this paper studies the method to implement the secure file delete as to the representative flash translation layer schemes. The result shows that the secure file delete can be implemented in the block mapping scheme or in the BAST scheme.

Recently, Chang and Cheng proposed a robust mechanism for smart card based remote logins in a multi-server architecture. However, based on the security analyzes conducted by us, we find their mechanism is vulnerable against smart card lost problems, leak-of-verifier attack and session key disclosure attack. To eliminate all identified security threats in their mechanism, we further proposed an improved version of two-factor based user authentication protocol in multi-server networks.

Various attacks against NTRU have been proposed without ideal effects. To cut down the huge time complexity, this paper proposed a quantum mechanical meet-in-the-middle attack method against NTRU. Our method managed to combine the advantages of Meet-in-the-middle attack and the Grover quantum searching algorithm. Our evaluation reveals that the time complexity dropped dramatically comparing with classical meet-in-the-middle attacks, with the same space complexity. Our method also decreases time complexity comparing with Wang’s attacking algorithm dramatically, with the cost of space complexity. Main variants of NTRU were also studied

Web Services require reliable communication over a wide area. While Internet can be used for this communications, for customers these Web Services must satisfy requirements for security, availability, reliability, and performance/scalability. Additionally, these web services must be readily integrated into existing communication networks at the communication end points. This paper considers the use of Web Services based OPC Unified Architecture.

The IEEE 802.15.4 standard is able to achieve low power transmissions in low-rate and short-distance wireless personal area network (WPAN). The CSMA/CA algorithm is used for contention mechanism that collision and retransmission occur. If a collision occurs, CSMA/CA algorithm executes retransmission operation. So it’s very important to decrease retransmission count. In this paper, we propose a channel access algorithm for IEEE 802.15.4 LR-WPAN. To performance analysis, we use OPNET network simulator. The proposed algorithm decreases the transmission delay, energy consumption, dropped packet and throughput is more increase, so the proposal algorithm is more efficient than the IEEE 802.15.4 standard .

To study the cascading failures and robustness of Internet, measuring topology of regional Internet with monitors is performed first. The mathematical transformation of measured results into matrix is introduced to set up a simulation platform for further experiments. By setting up various simulation parameters, we found that Internet is to some extent having the performances of highly resistance to random attacks and easily collapse while under intentional attacks. And in hybrid attack situations, Internet is also quite fragile no matter what ratio of intentional attacks over the random ones is. Besides, we find that networks with high loads would easily result in more damaged networks even under the same attacks.

The accuracy of face recognition is very important for its security in many applications, because wrong face recognition may cause such security problems as authorization. To increase the recognition rate in such face database as ORL, a face recognition algorithm should be good at minimizing the disturbances of facial pose, illumination and expression (PIE) to this recognition. In this paper, the improved clonal selection algorithm and diverse samples are designed. The improved clonal selection algorithm searches the most similar sample for unknown face image, according to the affinity between the unknown one and the most similar sample. The affinity is newly designed to improve the adaptive matching between the object and the samples. Compared with some state-of-the-art algorithms on the ORL face database, the proposed approach outperforms the other algorithms in the recognition rate, based on the experimental results.

With the growth of the requirement of users, it becomes a challenge that how to ensure the security of data resources sharing in extended virtual machine system. In order to solve this problem, we propose a secure sharing mechanism which is based on the ciphertext-policy attribute-based encryption scheme (CPA scheme). In the secure sharing mechanism, the corresponding data attributes are defined for each owner and some corresponding algorithms are proposed for different processes. In order to justify the feasibility and availability of the sharing mechanism, a series of experiments have been done. The results show that it is feasible to ensure the security of data resources sharing in extended virtual machine system.

Cloud computing is the next generation of platform over which information and services can be offered to the user in a more convenient and transparent way. On the other hand, however, commercial interests will cause information proliferation, resulting in over-supply of useless information to the user and waste of precious systems and network resources. The problem of controlling such information proliferation has thus received a great deal of interests in recent years. In this paper, we propose an access control model for negative authorization to provide the user with the ability and flexibility of specifying the objects to which access is not desired through the means of negative authorization. The main contributions of this paper include: (1) the concept of negative authorization in access control; (2) negative authorization rules; and (3) specification of negative authorizations by the user. With the ability of specifying negative authorization by the user, access to unwanted information and services offered by the cloud can be disabled through access control. Compared to filtering mechanisms that block unwanted information and services, negative authorization has the advantage of saving precious computation and network resources because access control happens prior to actual access while filtering takes place after system access and network transmission.

Policy has been widely used in field information security. Semantic policy has being widespread concerned by the academic and industry world due to its powerful ability of expression. While policy conflicts have become a key issue constraining its application. In this paper, first a Semantic Security Policy Language (SSPL) is introduced. And we propose a Defeasible Description Logic (DDL) based conflict detection and solution approach for SSPL. Finally, the experiment shows that, the method which combines with non-monotonic reasoning and semantic reasoning improves the rate of conflict detection.

Discriminant locality preserving projection(DLPP) can not obtain optimal discriminant vectors which utmostly optimize the objective of DLPP. This paper proposed a Gabor based optimized discriminant locality preserving projections (ODLPP) algorithm which can directly optimize discriminant locality preserving criterion on high-dimensional Gabor feature space via simultaneous diagonalization, without any dimensionality reduction preprocessing. The proposed method is applied to face and finger vein recognition problems and is compared with some other related Gabor based dimensionality reduction techniques. Experimental results conducted on the VALID face database and a subset of PKU finger vein database indicates the effectiveness of the proposed algorithm.

To select a most trustworthy one among web services with the same functionality, a trust and reputation management framework for web service selection is proposed. A reputation evaluation algorithm is proposed for the new added web service based on the similarity theory. Similarities and trusts are used as weights for computing reputations from different recommenders. Updating algorithms for trusts and reputations are proposed.

ebXML is an e-business standard which enables enterprises to exchange business messages, conduct trading relationships, communicate data in common terms and define and register business processes using Web services. ebXML business transaction models are proposed which allow trading partners to securely exchange business transactions by employing Web service security standard technologies. It is shown how each Web service security technology meets the ebXML standard by constructing the experimentation software and validating messages between the trading partners.

With the progress the Internet, more and more applications provide Web services. The presentation of web page has evolved to be dynamic. You also can interact with the web page. Some malicious users have malicious browsing behaviors, such as flooding attack, to waste the resources and bandwidth of the host for web page. Nowadays, more and more web services are developed on cloud computing. Flooding attack on the application layer has no ability to cause denial of service to a Web server on cloud computing. But resources on cloud mean cost. Any waste of resource will cause unnecessary cost. Therefore, in this paper we analyze PHP dynamic pages. According to analysis, we propose a method based on semantic concept to formulate rules to indentify malicious browsing behaviors in order to slice the cost.

Detecting protein complexes is an important way to discover the relationship between network topological structure and its functional features in protein-protein interaction (PPI) network. The spectral clustering method is a popular approach. However, how to select its optimal Laplacian matrix is still an open problem. Here, we analyzed the performances of three graph Laplacian matrices (unnormalized symmetric graph Laplacians,, normalized symmetric graph Laplacians and normalized random walk graph Laplacians, respectively) in yeast PPI network. The comparison shows that the performances of unnormalized and normalized symmetric graph Laplacian matrices are similar, and they are better than that of normalized random walk graph Laplacian matrix. It is helpful to choose proper graph Laplacian matrix for PPI networks’ analysis.

Many enterprises are adopting Mobile Device Management systems to monitor the status and control the functionalities of smart phones and tablet PCs in order to solve the security problems of confidential enterprise data being leaked whenever a device is misused or lost. However, no criteria have been established as yet to evaluate whether such Mobile Device Management systems correctly provide the basic security functions needed by enterprises and whether such functions have been securely developed. Therefore, this paper proposes security requirements of a Mobile Device Management system by modeling a threat and applying a security requirement engineering methodology based on Common Criteria.

The new computing modes, such as mobile computing, distributed computing, cloud computing and ubiquitous computing, etc., have brought about diversification and open features to the expression, exchange and access of computer network information. The multi-level security management is widely used in operation systems and information management systems. Focus on the multi-level security problem in various network environments, this paper defines the security identity, environment and temporal state of object, based on the ABAC (Action Based Access Control), and shows the security level, access scope and the demand of environment and temporal state of accessing subject, then proposes a multi-level security access control mechanism .Finally, an application example is given.

We propose and analyze a novel approach for security based on an execution behavior of an application program, which aims at detecting previously unknown anomaly execution patterns. Our scheme, which is a sort of hardware-based approach, uses the basic block information of an application program for the purpose of detecting and preventing unknown anomaly execution behaviors effectively. Furthermore, we present a possibility to connect our scheme with an existing branch prediction scheme such as BTB (Branch Target Buffer).

In this paper, we present Common Public Key Cryptography for SMS security. An SMS has two discussions. At the first, an SMS should be monitored by adapted agency or government because it can be abused to crime. Next the SMS increases a double charge in occurrence of communication. For these reasons, our scheme has been designed to fully satisfy the issues. We employed SMS gateways as a trusted third party in our scheme. The SMS gateways fulfill mediator between two users and surveillant. In order to avoid doubled- charge, the scheme uses a common public key rather than personal public key used in PKI. Accordingly, the designed scheme makes users communicate efficiently without sharing or exchanging their unique keys.

In this paper, we propose a novel digital publication issuing mechanism, which supports business model, and implemented the system. In this mechanism, we adopted API-HOOK to avoid changing habits of customers. However, the properties of digital contents make themselves be easily copied and transferred if there is not any proper protection for them. Hence, it is a critical issue for publication provider to effectively control and distribute their digital publications. Digital Rights Management is a mechanism, which might congregate various techniques to protect the rights of digital publication from copyrights violations. Moreover, Wrapper-based Digital Rights Management technique applies encapsulating digital contents by packaging content and monitoring by API-Hook to control and protect them, which provide a way to authenticate users by users' machine serial number or smart card via network. Hence, users may use the digital contents without changing their digital con- tent player. According to the definition of Digital Rights Management, this paper provides a digital publication issuing mechanism, which supports superdistribution for advertising digital publications effectively and improving development of digital contents.

We present a scalable and accurate method for classifying program traces to detect system intrusion attempts. By employing inter-element dependency models to overcome the independence violation problem inherent in the Naïve Bayes learners, our method yields intrusion detectors with better accuracy. For efficient counting of n-gram features without losing accuracy, we use a k-truncated generalized suffix tree (k-TGST) for storing n-gram features. The k-TGST storage mechanism enables to scale up the classifiers, which cannot be easily achieved by SVM (Support Vector Machine) based methods that require implausible computing power and resources for accuracy.

Web Metering is a method to nd out content and services exposure to visitors. This paper proposes a visitor centric voucher scheme that uses an identity management systems solution to incorporate a Web Metering function. The proposed scheme runs transparently to the visitor and utilises security properties available in identity management systems. On a higher level, the scheme introduces the use of authentication protocols to provide Web Metering evidence.

In this paper, we propose an ecient method to break H2-MAC, by using a generalized birthday attack to recover the equivalent key, under the assumption that the underlying hash function is secure (collision resistance). We can successfully recover the equivalent key of H2-MAC in about 2n=2 on-line MAC queries and 2n=2 o-line hash computations with great probability. This attack shows that the security of H2-MAC is totally dependent on the col- lision resistance of the underlying hash function, instead of the PRF-AX of the underlying compression function in the origin security proof of H2-MAC.

Network coding signature schemes can be employed to pre- vent malicious modification of data in network transition. But existing network coding signature schemes are only suitable for linear network coding. To adapt to nonlinear network coding, in this paper we introduce the concept of nonlinear network coding signature scheme and its un- forgeability, and propose a unforgeable nonlinear network coding scheme based on the hardness of the small integer solution (SIS) problem in lattice-based cryptography. We first present an improvement on the theorem which presented the unforgeability of a signature scheme without identifiers proposed by David Cash et.al. in EURO- CRYPT 2010. Then a nonlinear network coding signature scheme is designed, and its unforgeability is proved by employing the Chinese remainder theorem. Thus the scheme can be used to provide cryptographic protection in nonlinear network coding.

As an important component of Intelligent Transportation Systems (ITS), vehicular ad hoc networks can provide safer and more comfortable driving circumstance for the drivers. Pseudonyms certificate and group-oriented signature are two most widely adopted privacy- preserving technique in VANET. However, the two methods exists many efficiency flaws which affect their application. To overcome the above problems which exist in the above two methods. In this paper, we propose a novel privacy-preserving authentication protocols based on self-certified signature. And we show that our scheme can achieve conditional privacy-preserving and is proven be secure in the random oracle. Furthermore, the scheme has the following advantages: short length of the signature and low computation.

Xen supports CPU-intensive domains fairly well, however, it has drawback for support- ing I/O domains because I/O domain requires low latency data processing. In this paper, we propose a VCPU scheduling framework exploiting VCPU characteristics for supporting accurate resource measuring scheme. Our approach categorizes the VCPU characteristics into three model, CPU-intensive, disk-intensive and network-intensive, respectively. We de- signed and implemented a virtual machine monitoring tool for predicting the behavior of each domain.

In a data deduplication system, the performance of data deduplication algorithms are varying on the condition of le contents. For example, if a le is modied at the end of le region then Fixed-length Chunking algorithm superior to Variable-length Chunking in terms of computation time with similar space reduction result. Therefore, it is important to predict in which location of a le is modied in a deduplication system. In this paper, we discuss a new approach to one of the key methods that is invariably applied to data deduplication. The essential idea is to exploit an ecient le pattern checking scheme that can be used for data deduplication. The contribution of this paper is to nd in which region of a le is modied using le similarity information. The le modication pattern can be used for elaborating data deduplication system for selecting deduplication algorithm. Experiment result shows that the proposed system can predict le modication region with high probability.