The unprecedented scale of large models,such as large language models(LLMs)and text-to-image diffusion models,has raised critical concerns about the unauthorized use of copyrighted data during model training.These con...The unprecedented scale of large models,such as large language models(LLMs)and text-to-image diffusion models,has raised critical concerns about the unauthorized use of copyrighted data during model training.These concerns have spurred a growing demand for dataset copyright auditing techniques,which aim to detect and verify potential infringements in the training data of commercial AI systems.This paper presents a survey of existing auditing solutions,categorizing them across key dimensions:data modality,model training stage,data overlap scenarios,and model access levels.We highlight major trends,including the prevalence of black-box auditing methods and the emphasis on fine-tuning rather than pre-training.Through an in-depth analysis of 12 representative works,we extract four key observations that reveal the limitations of current methods.Furthermore,we identify three open challenges and propose future directions for robust,multimodal,and scalable auditing solutions.Our findings underscore the urgent need to establish standardized benchmarks and develop auditing frameworks that are resilient to low watermark densities and applicable in diverse deployment settings.展开更多
Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers...Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers.However,users’sensitive data would then become unregulated.In the event of data loss,cloud storage providers might conceal the fact that data has been compromised to protect their reputation and mitigate losses.Ensuring the integrity of data stored in the cloud remains a pressing issue that urgently needs to be addressed.In this paper,we propose a data auditing scheme for cloud-based EHRs that incorporates recoverability and batch auditing,alongside a thorough security and performance evaluation.Our scheme builds upon the indistinguishability-based privacy-preserving auditing approach proposed by Zhou et al.We identify that this scheme is insecure and vulnerable to forgery attacks on data storage proofs.To address these vulnerabilities,we enhanced the auditing process using masking techniques and designed new algorithms to strengthen security.We also provide formal proof of the security of the signature algorithm and the auditing scheme.Furthermore,our results show that our scheme effectively protects user privacy and is resilient against malicious attacks.Experimental results indicate that our scheme is not only secure and efficient but also supports batch auditing of cloud data.Specifically,when auditing 10,000 users,batch auditing reduces computational overhead by 101 s compared to normal auditing.展开更多
This study focused on a multi-indicator assessment methodology for governmental environmental auditing of water protection programs. The environmental status of Wuli Lake in China was assessed using the global indicat...This study focused on a multi-indicator assessment methodology for governmental environmental auditing of water protection programs. The environmental status of Wuli Lake in China was assessed using the global indicators (driver-status-response) developed by the Commission on Sustainable Development, and four additional indicators proposed by the author: water quality, pollution load, aquatic ecosystem status, and lake sediment deposition. Various hydrological, chemical, biological and environmental parameters were used to estimate the values of the indicators for assessment of environmental status of the lake based on time series data sets for twenty years. The indicators proposed can be customized to meeting the needs for particular assessment of water protection programs. This method can be used to evaluate the performance of national environmental protection programs and provide technical support for environmental auditors.展开更多
Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a pu...Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.展开更多
Storage auditing and client-side deduplication techniques have been proposed to assure data integrity and improve storage efficiency, respectively. Recently, a few schemes start to consider these two different aspects...Storage auditing and client-side deduplication techniques have been proposed to assure data integrity and improve storage efficiency, respectively. Recently, a few schemes start to consider these two different aspects together. However, these schemes either only support plaintext data file or have been proved insecure. In this paper, we propose a public auditing scheme for cloud storage systems, in which deduplication of encrypted data and data integrity checking can be achieved within the same framework. The cloud server can correctly check the ownership for new owners and the auditor can correctly check the integrity of deduplicated data. Our scheme supports deduplication of encrypted data by using the method of proxy re-encryption and also achieves deduplication of data tags by aggregating the tags from different owners. The analysis and experiment results show that our scheme is provably secure and efficient.展开更多
Perfecting the natural resource system and auditing natural resource assets are requirements in protecting natural resources and developing an ecological civilization in practice.While the natural resource asset audit...Perfecting the natural resource system and auditing natural resource assets are requirements in protecting natural resources and developing an ecological civilization in practice.While the natural resource asset audit both confirms and quantifies natural resources,the nature of such resources makes it difficult to identify their ownership.Further,these resources'diversity creates complex measurement standards and activities,all of which require relevant institutional guarantees.However,the existing audit system for natural resource assets includes insufficient stock,incremental difficulties,and poor guidance,which cannot meet the requirements for environmental governance and an ecological civilization.Thus,it is necessary to define natural resource assets’rights and measurement systems and responsibility regulations,among others;construct an auditing participation system,technical regulations,and evaluation criterion for natural resource assets;amend the Audit Law in a timely manner;and enact natural resource asset legislation.Ultimately,such efforts would eliminate the bottleneck in the natural resource asset auditing system and facilitate the construction of a resource-saving,environmentally friendly society.展开更多
With the rapid advancement of cloud computing,cloud storage services have developed rapidly.One issue that has attracted particular attention in such remote storage services is that cloud storage servers are not enoug...With the rapid advancement of cloud computing,cloud storage services have developed rapidly.One issue that has attracted particular attention in such remote storage services is that cloud storage servers are not enough to reliably save and maintain data,which greatly affects users’confidence in purchasing and consuming cloud storage services.Traditional data integrity auditing techniques for cloud data storage are centralized,which faces huge security risks due to single-point-of-failure and vulnerabilities of central auditing servers.Blockchain technology offers a new approach to this problem.Many researchers have endeavored to employ the blockchain for data integrity auditing.Based on the search of relevant papers,we found that existing literature lacks a thorough survey of blockchain-based integrity auditing for cloud data.In this paper,we make an in-depth survey on cloud data integrity auditing based on blockchain.Firstly,we cover essential basic knowledge of integrity auditing for cloud data and blockchain techniques.Then,we propose a series of requirements for evaluating existing Blockchain-based Data Integrity Auditing(BDIA)schemes.Furthermore,we provide a comprehensive review of existing BDIA schemes and evaluate them based on our proposed criteria.Finally,according to our completed review and analysis,we explore some open issues and suggest research directions worthy of further efforts in the future.展开更多
The security of cloud data has always been a concern.Cloud server provider may maliciously tamper or delete user’s data for their own benefit,so data integrity audit is of great significance to verify whether data is...The security of cloud data has always been a concern.Cloud server provider may maliciously tamper or delete user’s data for their own benefit,so data integrity audit is of great significance to verify whether data is modified or not.Based on the general three-party audit architecture,a dynamic auditing scheme without bilinear pairings is proposed in this paper.It utilizes exponential operation instead of bilinear mapping to verify the validity of evidence.By establishing the mapping relation between logic index and tag index of data block with index transformation table,our scheme can easily support dynamic data operation.By hiding random numbers in the integrity evidence,our scheme can protect users’privacy information.Detailed security analysis shows that our scheme is secure against attacks such as forgery,replaying and substitution.Further experiments demonstrate that our scheme has lower computational overhead.展开更多
Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authentica...Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authenticate the identity and generate private keys for all users, and one Third Party Auditor(TPA) is employed to by users to check the integrity of cloud data. This approach is undesirable for large-scale users since the PKG and the TPA might not be able to afford the heavy workload. To solve the problem, we give a hierarchical Private Key Generator structure for large-scale user groups, in which a root PKG delegates lower-level PKGs to generate private keys and authenticate identities. Based on the proposed structure, we propose an authorized identity-based public cloud storage auditing scheme, in which the lowest-level PKGs play the role of TPA, and only the authorized lowest-level PKGs can represent users in their domains to check cloud data's integrity. Furthermore, we give the formal security analysis and experimental results, which show that our proposed scheme is secure and efficient.展开更多
In this work, a survey is used to investigate the current energy performance for Faculty of Applied Medical Sciences (previously Faculty of Engineering) at Taibah University in Medina city. The results of the survey s...In this work, a survey is used to investigate the current energy performance for Faculty of Applied Medical Sciences (previously Faculty of Engineering) at Taibah University in Medina city. The results of the survey show that several factors affect the energy performance in this building. It revealed that the building has been poorly designed from the point of view of thermal performance. Therefore, the building energy consumption needs to be monitored and maintained through energy auditing program. To determine the energy profile, the power consumption was calculated;the cooling load was estimated and analyzed to know the actual capacity required. The level of comfort in the building has been evaluated. Against the installed air conditioning capacity of 200-ton refrigeration, the cooling load calculations showed that the maximum cooling load needed, which is in August is only 83.22-ton refrigeration. In addition, illumination levels were measured and compared to the standard levels. Based on obtained results, two solutions were proposed: to install a building management system with approximate cost of 337,904 SR and to replace the existing chiller. Finally, the payback period for the proposed system has been estimated and found to be about 5.4 years.展开更多
Remote data auditing becomes critical to ensure the storage reliability in distributed cloud storage.Recently,Le et al proposed an efficient private data auditing scheme NC-Audit designed for regenerating codes,which ...Remote data auditing becomes critical to ensure the storage reliability in distributed cloud storage.Recently,Le et al proposed an efficient private data auditing scheme NC-Audit designed for regenerating codes,which claimed that NC-Audit can effectively realize privacy-preserving data auditing for distributed storage systems.However,our analysis shows that NC-Audit is not secure for that the adversarial cloud can forge some illegal blocks to cheat the auditor successfully with a high probability even without storing the user’s whole data,when the coding field is large enough.展开更多
This paper is based on the samples of listed manufacturing companies of China, taking the financial performance as criterion, and then does research on the firm performance with different internal auditing modes, usin...This paper is based on the samples of listed manufacturing companies of China, taking the financial performance as criterion, and then does research on the firm performance with different internal auditing modes, using Cross-sectional data to analyze the distribution of internal auditing modes and the characteristics of the firm performance. The conclusion is that setting up internal auditing is good for the development of companies, but the function of internal auditing has not been widelv fulfilled.展开更多
In Vietnam, in the current period, public investment plays an important role in the improvement of technical infrastructure systems, economic and social development of motivation to promote national development. Howev...In Vietnam, in the current period, public investment plays an important role in the improvement of technical infrastructure systems, economic and social development of motivation to promote national development. However, the question is how to ensure that these sources of funds are used most effectively in terms of limited resources. In this article, the author would like to emphasize the critical role of the state auditor which is not only in the transparency of information, in enhancing the trust of the citizens, but also in providing important and reliable information to the public sector agencies, units, investors, and people in the society. From that, it could help to serve the management and administration of revenues and expenditures of the state budget as well as reasonably and efficiently using financial resources and assets. In case of perfectly conducting those tasks, they will contribute the power to the economy, fight corruption as loss or waste, and detect and prevent violations of law; improve the efficient use of the budget, the money, and property of the state; and serve effectively for the operation of the National Assembly and People's Councils at all levels of the implementation and monitoring function to decide important issues of national and local governments. With the above information, these matters in Vietnam will be solved through this paper that consists of five parts: (1) the basics about the current public investment in Vietnam; (2) the role of state auditing in improving performance management and monitoring of investment; (3) the limitations of state auditing in public investment; (4) many solutions to promote the role of state auditing in improving the effective investment activities; and (5) conclusion.展开更多
Big Data and Data Analytics affect almost all aspects of modern organisations’decision-making and business strategies.Big Data and Data Analytics create opportunities,challenges,and implications for the external audi...Big Data and Data Analytics affect almost all aspects of modern organisations’decision-making and business strategies.Big Data and Data Analytics create opportunities,challenges,and implications for the external auditing procedure.The purpose of this article is to reveal essential aspects of the impact of Big Data and Data Analytics on external auditing.It seems that Big Data Analytics is a critical tool for organisations,as well as auditors,that contributes to the enhancement of the auditing process.Also,legislative implications must be taken under consideration,since existing standards may need to change.Last,auditors need to develop new skills and competence,and educational organisations need to change their educational programs in order to be able to correspond to new market needs.展开更多
As a new computing paradigm, outsourcing computing provides inexpensive, on-demand, convenient storage and computing services for cloud clients. For the security of outsourcing databases to the cloud, it is important ...As a new computing paradigm, outsourcing computing provides inexpensive, on-demand, convenient storage and computing services for cloud clients. For the security of outsourcing databases to the cloud, it is important to allow the user to verify the query results returned by the cloud server. So far, tremendous efforts have been carried out to study secure outsourcing computing. The existing scheme supports that the user can detect the correctness and completeness of the query results even if the cloud server returns an empty set. However, since the data owner performs the database encryption operations and uploads the encrypted database to the cloud server, they require the user to request the data owner to decrypt the query results. In this paper, we propose a new scheme, which can accurately verify the search results. Meanwhile, the users can decrypt the query results independently. Furthermore, the proposed scheme supports a large number of data owners to upload their encrypted database to the cloud server, and it can efficiently verify the query results. Besides, we can prove that our proposed solution can achieve the desired security properties.展开更多
The possibilities for improving energy efficiency in ready-made composite garment factories in Bangladesh are assessed in this study. This work aims to understand the impacts of energy consumption on garment productio...The possibilities for improving energy efficiency in ready-made composite garment factories in Bangladesh are assessed in this study. This work aims to understand the impacts of energy consumption on garment production and determine the scope of energy efficiency improvement based on energy-related data collected from a garment factory over a three-year period (2018-2020). Data from 2018 is used as the baseline and is compared to data from 2019 and 2020. It has been discovered that energy consumption has a seasonal impact. Despite the fact that electricity consumption decreased significantly during the 2020 pandemic, the energy consumption pattern in 2020 was found to be similar to that of 2018 and 2019. To improve energy efficiency, recommendations are made to modify the boiler, water pumps, gas generators, electrical motors, and lighting systems in specific ways. These suggested actions could save BDT 95 million (1.15 million US dollars) on power generation and BDT 20.5 million (0.25 million US dollars) on natural gas used for power and heat generation. These would result in a 3.75 percent reduction in the unit (kWh/kg) production energy requirement and a 3.65 percent reduction in natural gas usage per unit production, respectively, when compared to current conditions. Furthermore, these changes will provide an opportunity to reduce greenhouse gas emissions by 9.78%.展开更多
This paper proposes the concept of transaction-type covert storage channels, which are caused by database storage resources. It also proposes that the mode of auditing those channels be based on the transactions. Next...This paper proposes the concept of transaction-type covert storage channels, which are caused by database storage resources. It also proposes that the mode of auditing those channels be based on the transactions. Next, the paper analyzes and resolves the two problems arising from auditing the use of transaction-type covert storage channels in database systems: namely, the relationship between channel variables, which are altered (or viewed) by the transaction and satisfy integrity constraints in DBMS, and database states; and the circumvention of covert storage channel audit in DBMS.展开更多
A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for cov...A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for covert channel auditing are given. Whereas TCSEC (Trusted Computer System Evaluation Criteria) or CC (Common Criteria for Information Technology Security Evaluation) only use the bandwidth to evaluate the threat of covert channels, our new criteria integrate the security level difference, the bandwidth sensitive parameter, bandwidth, duration and instantaneous time of covert channels, so as to give a comprehensive evaluation of the threat of covert channels in a multilevel security system.展开更多
基金supported in part by NSFC under Grant Nos.62402379,U22A2029 and U24A20237.
文摘The unprecedented scale of large models,such as large language models(LLMs)and text-to-image diffusion models,has raised critical concerns about the unauthorized use of copyrighted data during model training.These concerns have spurred a growing demand for dataset copyright auditing techniques,which aim to detect and verify potential infringements in the training data of commercial AI systems.This paper presents a survey of existing auditing solutions,categorizing them across key dimensions:data modality,model training stage,data overlap scenarios,and model access levels.We highlight major trends,including the prevalence of black-box auditing methods and the emphasis on fine-tuning rather than pre-training.Through an in-depth analysis of 12 representative works,we extract four key observations that reveal the limitations of current methods.Furthermore,we identify three open challenges and propose future directions for robust,multimodal,and scalable auditing solutions.Our findings underscore the urgent need to establish standardized benchmarks and develop auditing frameworks that are resilient to low watermark densities and applicable in diverse deployment settings.
基金supported by National Natural Science Foundation of China(No.62172436)Additionally,it is supported by Natural Science Foundation of Shaanxi Province(No.2023-JC-YB-584)Engineering University of PAP’s Funding for Scientific Research Innovation Team and Key Researcher(No.KYGG202011).
文摘Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers.However,users’sensitive data would then become unregulated.In the event of data loss,cloud storage providers might conceal the fact that data has been compromised to protect their reputation and mitigate losses.Ensuring the integrity of data stored in the cloud remains a pressing issue that urgently needs to be addressed.In this paper,we propose a data auditing scheme for cloud-based EHRs that incorporates recoverability and batch auditing,alongside a thorough security and performance evaluation.Our scheme builds upon the indistinguishability-based privacy-preserving auditing approach proposed by Zhou et al.We identify that this scheme is insecure and vulnerable to forgery attacks on data storage proofs.To address these vulnerabilities,we enhanced the auditing process using masking techniques and designed new algorithms to strengthen security.We also provide formal proof of the security of the signature algorithm and the auditing scheme.Furthermore,our results show that our scheme effectively protects user privacy and is resilient against malicious attacks.Experimental results indicate that our scheme is not only secure and efficient but also supports batch auditing of cloud data.Specifically,when auditing 10,000 users,batch auditing reduces computational overhead by 101 s compared to normal auditing.
基金Project supported by the International Project between The Netherlands Royal Academy of Arts and Sciences and Chinese Academy of Sciences (No. 04CDP014) the National Natural Science Foundation of China (No. 40471130)
文摘This study focused on a multi-indicator assessment methodology for governmental environmental auditing of water protection programs. The environmental status of Wuli Lake in China was assessed using the global indicators (driver-status-response) developed by the Commission on Sustainable Development, and four additional indicators proposed by the author: water quality, pollution load, aquatic ecosystem status, and lake sediment deposition. Various hydrological, chemical, biological and environmental parameters were used to estimate the values of the indicators for assessment of environmental status of the lake based on time series data sets for twenty years. The indicators proposed can be customized to meeting the needs for particular assessment of water protection programs. This method can be used to evaluate the performance of national environmental protection programs and provide technical support for environmental auditors.
基金Supported by the Applied Basic and Advanced Technology Research Programs of Tianjin(15JCYBJC15900)the National Natural Science Foundation of China(51378350)
文摘Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.
基金Supported by the National Natural Science Foundation of China(61373040,61173137)the Ph.D.Programs Foundation of Ministry of Education of China(20120141110002)the Key Project of Natural Science Foundation of Hubei Province(2010CDA004)
文摘Storage auditing and client-side deduplication techniques have been proposed to assure data integrity and improve storage efficiency, respectively. Recently, a few schemes start to consider these two different aspects together. However, these schemes either only support plaintext data file or have been proved insecure. In this paper, we propose a public auditing scheme for cloud storage systems, in which deduplication of encrypted data and data integrity checking can be achieved within the same framework. The cloud server can correctly check the ownership for new owners and the auditor can correctly check the integrity of deduplicated data. Our scheme supports deduplication of encrypted data by using the method of proxy re-encryption and also achieves deduplication of data tags by aggregating the tags from different owners. The analysis and experiment results show that our scheme is provably secure and efficient.
基金supported by Chinese National Funding of Social Science[Grant number.18BJY024],Study on the Cooperative Supervision Mechanism of Budget Implementation Based on National Audit.
文摘Perfecting the natural resource system and auditing natural resource assets are requirements in protecting natural resources and developing an ecological civilization in practice.While the natural resource asset audit both confirms and quantifies natural resources,the nature of such resources makes it difficult to identify their ownership.Further,these resources'diversity creates complex measurement standards and activities,all of which require relevant institutional guarantees.However,the existing audit system for natural resource assets includes insufficient stock,incremental difficulties,and poor guidance,which cannot meet the requirements for environmental governance and an ecological civilization.Thus,it is necessary to define natural resource assets’rights and measurement systems and responsibility regulations,among others;construct an auditing participation system,technical regulations,and evaluation criterion for natural resource assets;amend the Audit Law in a timely manner;and enact natural resource asset legislation.Ultimately,such efforts would eliminate the bottleneck in the natural resource asset auditing system and facilitate the construction of a resource-saving,environmentally friendly society.
基金This work was supported in part by the National Natural Science Foundation of China under Grant 62072351in part by the Academy of Finland under Grant 308087,Grant 335262,Grant 345072,and Grant 350464+1 种基金in part by the Open Project of Zhejiang Lab under Grant 2021PD0AB01and in part by the 111 Project under Grant B16037.
文摘With the rapid advancement of cloud computing,cloud storage services have developed rapidly.One issue that has attracted particular attention in such remote storage services is that cloud storage servers are not enough to reliably save and maintain data,which greatly affects users’confidence in purchasing and consuming cloud storage services.Traditional data integrity auditing techniques for cloud data storage are centralized,which faces huge security risks due to single-point-of-failure and vulnerabilities of central auditing servers.Blockchain technology offers a new approach to this problem.Many researchers have endeavored to employ the blockchain for data integrity auditing.Based on the search of relevant papers,we found that existing literature lacks a thorough survey of blockchain-based integrity auditing for cloud data.In this paper,we make an in-depth survey on cloud data integrity auditing based on blockchain.Firstly,we cover essential basic knowledge of integrity auditing for cloud data and blockchain techniques.Then,we propose a series of requirements for evaluating existing Blockchain-based Data Integrity Auditing(BDIA)schemes.Furthermore,we provide a comprehensive review of existing BDIA schemes and evaluate them based on our proposed criteria.Finally,according to our completed review and analysis,we explore some open issues and suggest research directions worthy of further efforts in the future.
基金This work is supported by the National Key R&D Program of China(2016YFB0800402)partially supported by the National Natural Science Foundation of China under Grant No.61232004and the Fundamental Research Funds for the Central Universities(2016YXMS020).
文摘The security of cloud data has always been a concern.Cloud server provider may maliciously tamper or delete user’s data for their own benefit,so data integrity audit is of great significance to verify whether data is modified or not.Based on the general three-party audit architecture,a dynamic auditing scheme without bilinear pairings is proposed in this paper.It utilizes exponential operation instead of bilinear mapping to verify the validity of evidence.By establishing the mapping relation between logic index and tag index of data block with index transformation table,our scheme can easily support dynamic data operation.By hiding random numbers in the integrity evidence,our scheme can protect users’privacy information.Detailed security analysis shows that our scheme is secure against attacks such as forgery,replaying and substitution.Further experiments demonstrate that our scheme has lower computational overhead.
基金supported by National Natural Science Foundation of China (No. 61572267, No. 61272425, No. 61402245)the Open Project of Co-Innovation Center for Information Supply & Assurance Technology, Anhui University+1 种基金the Open Project of the State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences(No.2017-MS-21, No.2016-MS-23)National Cryptography Development Fund of China (MMJJ20170118)
文摘Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authenticate the identity and generate private keys for all users, and one Third Party Auditor(TPA) is employed to by users to check the integrity of cloud data. This approach is undesirable for large-scale users since the PKG and the TPA might not be able to afford the heavy workload. To solve the problem, we give a hierarchical Private Key Generator structure for large-scale user groups, in which a root PKG delegates lower-level PKGs to generate private keys and authenticate identities. Based on the proposed structure, we propose an authorized identity-based public cloud storage auditing scheme, in which the lowest-level PKGs play the role of TPA, and only the authorized lowest-level PKGs can represent users in their domains to check cloud data's integrity. Furthermore, we give the formal security analysis and experimental results, which show that our proposed scheme is secure and efficient.
文摘In this work, a survey is used to investigate the current energy performance for Faculty of Applied Medical Sciences (previously Faculty of Engineering) at Taibah University in Medina city. The results of the survey show that several factors affect the energy performance in this building. It revealed that the building has been poorly designed from the point of view of thermal performance. Therefore, the building energy consumption needs to be monitored and maintained through energy auditing program. To determine the energy profile, the power consumption was calculated;the cooling load was estimated and analyzed to know the actual capacity required. The level of comfort in the building has been evaluated. Against the installed air conditioning capacity of 200-ton refrigeration, the cooling load calculations showed that the maximum cooling load needed, which is in August is only 83.22-ton refrigeration. In addition, illumination levels were measured and compared to the standard levels. Based on obtained results, two solutions were proposed: to install a building management system with approximate cost of 337,904 SR and to replace the existing chiller. Finally, the payback period for the proposed system has been estimated and found to be about 5.4 years.
基金Supported by the National Natural Science Foundation of China(61872088)the Science and Technology Plan Project of Xi’an(2020KJWL02,2017CGWL35)the China National Study Abroad Fund。
文摘Remote data auditing becomes critical to ensure the storage reliability in distributed cloud storage.Recently,Le et al proposed an efficient private data auditing scheme NC-Audit designed for regenerating codes,which claimed that NC-Audit can effectively realize privacy-preserving data auditing for distributed storage systems.However,our analysis shows that NC-Audit is not secure for that the adversarial cloud can forge some illegal blocks to cheat the auditor successfully with a high probability even without storing the user’s whole data,when the coding field is large enough.
基金This paper is supported by National Natural Science Foundation of China (NoL70372028), the "Projects 985" and "Projects 211" of Nankai University. It's the authors' responsibility to stand the errors in this paper..
文摘This paper is based on the samples of listed manufacturing companies of China, taking the financial performance as criterion, and then does research on the firm performance with different internal auditing modes, using Cross-sectional data to analyze the distribution of internal auditing modes and the characteristics of the firm performance. The conclusion is that setting up internal auditing is good for the development of companies, but the function of internal auditing has not been widelv fulfilled.
文摘In Vietnam, in the current period, public investment plays an important role in the improvement of technical infrastructure systems, economic and social development of motivation to promote national development. However, the question is how to ensure that these sources of funds are used most effectively in terms of limited resources. In this article, the author would like to emphasize the critical role of the state auditor which is not only in the transparency of information, in enhancing the trust of the citizens, but also in providing important and reliable information to the public sector agencies, units, investors, and people in the society. From that, it could help to serve the management and administration of revenues and expenditures of the state budget as well as reasonably and efficiently using financial resources and assets. In case of perfectly conducting those tasks, they will contribute the power to the economy, fight corruption as loss or waste, and detect and prevent violations of law; improve the efficient use of the budget, the money, and property of the state; and serve effectively for the operation of the National Assembly and People's Councils at all levels of the implementation and monitoring function to decide important issues of national and local governments. With the above information, these matters in Vietnam will be solved through this paper that consists of five parts: (1) the basics about the current public investment in Vietnam; (2) the role of state auditing in improving performance management and monitoring of investment; (3) the limitations of state auditing in public investment; (4) many solutions to promote the role of state auditing in improving the effective investment activities; and (5) conclusion.
文摘Big Data and Data Analytics affect almost all aspects of modern organisations’decision-making and business strategies.Big Data and Data Analytics create opportunities,challenges,and implications for the external auditing procedure.The purpose of this article is to reveal essential aspects of the impact of Big Data and Data Analytics on external auditing.It seems that Big Data Analytics is a critical tool for organisations,as well as auditors,that contributes to the enhancement of the auditing process.Also,legislative implications must be taken under consideration,since existing standards may need to change.Last,auditors need to develop new skills and competence,and educational organisations need to change their educational programs in order to be able to correspond to new market needs.
基金Supported by the National Key Research and Development Program of China(2017YFB0802000)the National Natural Science Foundation of China(61572390,U1736111)+1 种基金the Natural Science Foundation of Ningbo City(201601HJ-B01382)the Open Foundation of Key Laboratory of Cognitive Radio and Information Processing of Ministry of Education(Guilin University of Electronic Technology)(CRKL160202)
文摘As a new computing paradigm, outsourcing computing provides inexpensive, on-demand, convenient storage and computing services for cloud clients. For the security of outsourcing databases to the cloud, it is important to allow the user to verify the query results returned by the cloud server. So far, tremendous efforts have been carried out to study secure outsourcing computing. The existing scheme supports that the user can detect the correctness and completeness of the query results even if the cloud server returns an empty set. However, since the data owner performs the database encryption operations and uploads the encrypted database to the cloud server, they require the user to request the data owner to decrypt the query results. In this paper, we propose a new scheme, which can accurately verify the search results. Meanwhile, the users can decrypt the query results independently. Furthermore, the proposed scheme supports a large number of data owners to upload their encrypted database to the cloud server, and it can efficiently verify the query results. Besides, we can prove that our proposed solution can achieve the desired security properties.
文摘The possibilities for improving energy efficiency in ready-made composite garment factories in Bangladesh are assessed in this study. This work aims to understand the impacts of energy consumption on garment production and determine the scope of energy efficiency improvement based on energy-related data collected from a garment factory over a three-year period (2018-2020). Data from 2018 is used as the baseline and is compared to data from 2019 and 2020. It has been discovered that energy consumption has a seasonal impact. Despite the fact that electricity consumption decreased significantly during the 2020 pandemic, the energy consumption pattern in 2020 was found to be similar to that of 2018 and 2019. To improve energy efficiency, recommendations are made to modify the boiler, water pumps, gas generators, electrical motors, and lighting systems in specific ways. These suggested actions could save BDT 95 million (1.15 million US dollars) on power generation and BDT 20.5 million (0.25 million US dollars) on natural gas used for power and heat generation. These would result in a 3.75 percent reduction in the unit (kWh/kg) production energy requirement and a 3.65 percent reduction in natural gas usage per unit production, respectively, when compared to current conditions. Furthermore, these changes will provide an opportunity to reduce greenhouse gas emissions by 9.78%.
文摘This paper proposes the concept of transaction-type covert storage channels, which are caused by database storage resources. It also proposes that the mode of auditing those channels be based on the transactions. Next, the paper analyzes and resolves the two problems arising from auditing the use of transaction-type covert storage channels in database systems: namely, the relationship between channel variables, which are altered (or viewed) by the transaction and satisfy integrity constraints in DBMS, and database states; and the circumvention of covert storage channel audit in DBMS.
基金the National Natural Science Foundation of China (No. 60773049)the Natural Science Foundation of Jiangsu Province (No. BK2007086)+1 种基金the Fundamental Research Project of the Natural Science in Colleges of Jiangsu Province (No. 07KJB520016)the Person with Ability Project of Jiangsu University (No. 07JDG053), China
文摘A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for covert channel auditing are given. Whereas TCSEC (Trusted Computer System Evaluation Criteria) or CC (Common Criteria for Information Technology Security Evaluation) only use the bandwidth to evaluate the threat of covert channels, our new criteria integrate the security level difference, the bandwidth sensitive parameter, bandwidth, duration and instantaneous time of covert channels, so as to give a comprehensive evaluation of the threat of covert channels in a multilevel security system.
