An Inner Product Space-Based Hierarchical Key Assignment Scheme for Access Control

An inner product space-based hierarchical key assignment/access control scheme is presented in this work. The proposed scheme can be utilized in any cloud delivery model where the data controller implements a hierarchical access control policy. In other words, the scheme adjusts any hierarchical access control policy to a digital medium. The scheme is based on inner product spaces and the method of orthogonal projection. While distributing a basis for each class by the data controller, the left-to-right and bottom-up policy can ensure much more flexibility and efficiency, especially during any change in the structure. For each class, the secret keys can be derived only when a predetermined subspace is available. The parent class can obtain the keys of the child class, which means a one-way function, and the opposite direction is not allowed. Our scheme is collusion attack and privilege creep problem resistant, as well as key recovery and indistinguishability secure. The performance analysis shows that the data storage overhead is much more tolerable than other schemes in the literature. In addition, the other advantage of our scheme over many others in the literature is that it needs only one operation for the derivation of the key of child classes.

An Inner Product Space-Based Hierarchical Key Assignment Scheme for Access Control

An inner product space-based hierarchical key assignment/access control scheme is presented in this work. The proposed scheme can be utilized in any cloud delivery model where the data controller implements a hierarchical access control policy. In other words, the scheme adjusts any hierarchical access control policy to a digital medium. The scheme is based on inner product spaces and the method of orthogonal projection. While distributing a basis for each class by the data controller, the left-to-right and bottom-up policy can ensure much more flexibility and efficiency, especially during any change in the structure. For each class, the secret keys can be derived only when a predetermined subspace is available. The parent class can obtain the keys of the child class, which means a one-way function, and the opposite direction is not allowed. Our scheme is collusion attack and privilege creep problem resistant, as well as key recovery and indistinguishability secure. The performance analysis shows that the data storage overhead is much more tolerable than other schemes in the literature. In addition, the other advantage of our scheme over many others in the literature is that it needs only one operation for the derivation of the key of child classes.

A Lightweight Two-Layer Blockchain Mechanism for Reliable Crossing-Domain Communication in Smart Cities

The smart city is an emerging notion that is leveraging the Internet of Things (IoT) technique to achieve more comfortable, smart and controllable cities. The communications crossing domains between smart cities is indispensable to enhance collaborations. However, crossing-domain communications are more vulnerable since there are in different domains. Moreover, there are huge different devices with different computation capabilities, from sensors to the cloud servers. In this paper, we propose a lightweight two-layer blockchain mechanism for reliable crossing-domain communication in smart cities. Our mechanism provides a reliable communication mechanism for data sharing and communication between smart cities. We defined a two-layer blockchain structure for the communications inner and between smart cities to achieve reliable communications. We present a new block structure for the lightweight IoT devices. Moreover, we present a reputation-based multi-weight consensus protocol in order to achieve efficient communication while resistant to the nodes collusion attack for the proposed blockchain system. We also conduct a secure analysis to demonstrate the security of the proposed scheme. Finally, performance evaluation shows that our scheme is efficient and practical.

A Register Access Control Scheme for SNR System to Counter CPA Attack Based on Malicious User Blacklist

Standalone Name Resolution (SNR) is an essential component of many Information-Centric Networking (ICN) infrastructures that maps and stores the mappings of IDs and locators. The delivery of data can be realized only when the name resolution process is completed correctly. It also makes the SNR become the key target of network attackers. In this paper, our research focuses on the more covert and complex Content Pollution Attack (CPA). By continuously sending invalid content to the network at a low speed, attackers will consume a lot of the resources and time of the SNR system, resulting in a serious increase in the resolution delay of normal users and further cache pollution in ICN. It is difficult to be quickly detected because the characteristics of attack are inconspicuous. To address the challenge, a register access control scheme for an SNR system based on a malicious user blacklist query is proposed. A neighbor voting algorithm is designed to discover possible attacks in the network quickly and build a blacklist of malicious users reasonably. Users on the blacklist will be restricted from accessing the ICN network during the registration phase with the resolution system. Incentives and punishments for network users are introduced to automate responses about the potential malicious behavior reports. Our scheme is more efficient as users do not have to wait for an additional system component to perform operations. In addition, our algorithm can better solve the collusion problem in the voting process when compared with the others. We experimentally evaluate our protocol to demonstrate that the probability of successful collusion attack can be reduced to less than 0.1 when the attacker ratio is 0.5.

Building a Reputation Attack Detector for Effective Trust Evaluation in a Cloud Services Environment

Cloud computing is a widely used technology that has changed the way people and organizations store and access information. This technology is versatile, and extensive amounts of data can be stored in the cloud. Businesses can access various services over the cloud without having to install applications. However, cloud computing services are provided over a public domain, which means that both trusted and non-trusted users can access the services. Although there are a number of advantages to cloud computing services, especially for business owners, various challenges are posed in terms of the privacy and security of information and online services. A threat that is widely faced in the cloud environment is the on/off attack, in which entities exhibit proper behavior for a given time period to develop a positive reputation and gather trust, after which they exhibit deception. Another threat often faced by trust management services is a collusion attack, which is also known as collusive malicious feedback behavior. This is carried out when a group of people work together to make false recommendations with the intention of damaging the reputation of another party, which is referred to as a slandering attack, or to enhance their own reputation, which is referred to as a self-promoting attack. In this paper, a viable solution is provided with the given trust model for preventing these attacks. This method works by providing effective security to cloud services by identifying malicious and inappropriate behaviors through the application of trust algorithms that can identify on/off attacks and collusion attacks by applying different security criteria. Finally, the results show that the proposed trust model system can provide high security by decreasing security risk and improving the quality of decisions of data owners and cloud operators.

A Verifiable Steganography-Based Secret Image Sharing Scheme in 5G Networks

With the development and innovation of new techniques for 5G, 5G networks can provide extremely large capacity, robust integrity, high bandwidth, and low latency for multimedia image sharing and storage. However, it will surely exacerbate the privacy problems intrinsic to image transformation. Due to the high security and reliability requirements for storing and sharing sensitive images in the 5G network environment, verifiable steganography-based secret image sharing (SIS) is attracting increasing attention. The verifiable capability is necessary to ensure the correct image reconstruction. From the literature, efficient cheating verification, lossless reconstruction, low reconstruct complexity, and high-quality stego images without pixel expansion are summarized as the primary goals of proposing an effective steganography-based SIS scheme. Compared with the traditional underlying techniques for SIS, cellular automata (CA) and matrix projection have more strengths as well as some weaknesses. In this paper, we perform a complimentary of these two techniques to propose a verifiable secret image sharing scheme, where CA is used to enhance the security of the secret image, and matrix projection is used to generate shadows with a smaller size. From the steganography perspective, instead of the traditional least significant bits replacement method, matrix encoding is used in this paper to improve the embedding efficiency and stego image quality. Therefore, we can simultaneously achieve the above goals and achieve proactive and dynamic features based on matrix projection. Such features can make the proposed SIS scheme more applicable to flexible 5G networks. Finally, the security analysis illustrates that our scheme can effectively resist the collusion attack and detect the shadow tampering over the persistent adversary. The analyses for performance and comparative demonstrate that our scheme is a better performer among the recent schemes with the perspective of functionality, visual quality, embedding ratio, and computational efficiency. Therefore, our scheme further strengthens security for the images in 5G networks.

A Lattice-Based Homomorphic Proxy Re-Encryption Scheme with Strong Anti-Collusion for Cloud Computing

The homomorphic proxy re-encryption scheme combines the characteristics of a homomorphic encryption scheme and proxy re-encryption scheme. The proxy can not only convert a ciphertext of the delegator into a ciphertext of the delegatee, but also can homomorphically calculate the original ciphertext and re-encryption ciphertext belonging to the same user, so it is especially suitable for cloud computing. Yin et al. put forward the concept of a strong collusion attack on a proxy re-encryption scheme, and carried out a strong collusion attack on the scheme through an example. The existing homomorphic proxy re-encryption schemes use key switching algorithms to generate re-encryption keys, so it can not resist strong collusion attack. In this paper, we construct the first lattice-based homomorphic proxy re-encryption scheme with strong anti-collusion (HPRE-SAC). Firstly, algorithm TrapGen is used to generate an encryption key and trapdoor, then trapdoor sampling is used to generate a decryption key and re-encryption key, respectively. Finally, in order to ensure the homomorphism of ciphertext, a key switching algorithm is only used to generate the evaluation key. Compared with the existing homomorphic proxy re-encryption schemes, our HPRE-SAC scheme not only can resist strong collusion attacks, but also has smaller parameters.