This paper investigated spatial structures of 3418 national protected areas(NPAs)grouped into 13 types using GIS and quantitative analysis,including point patterns,Ripley’s K function,hotspot clustering,quadrat analy...This paper investigated spatial structures of 3418 national protected areas(NPAs)grouped into 13 types using GIS and quantitative analysis,including point patterns,Ripley’s K function,hotspot clustering,quadrat analysis,and Gini coefficient.Spatial accessibility was calculated for all NPAs from matrix raster data using cost weighted distance on the Arc GIS platform.The results are as follows:(1)The NNI of NPAs is 0.515,Gini is 0.073,all of which indicates distribution was shown to be a spatially dependent agglomeration,and more balanced in the provinces.The national key parks and the national water conservancy scenic spots had present the strongest aggregation,with NNI of 0.563 and 0.561 respectively,and K index indicates reducing aggregation when distance exceeds 600 km.(2)The national forest parks account for the largest proportion of 22.87% of all NPAs,and the world biosphere reserves the least of 0.77%.The number of NPAs in Shandong with 240 had been the largest one in all the provinces,while Tianjin had the least number including 9 NPAs.(3)There is only one hot spot in the first-class zone,5 in the second-class zones,and 51 in the third-class zones,which indicates NPAs are also aggregated at microscopic scales.(4)The hotspot NPA regions were mainly concentrated in the middle and lower reaches of the Yellow and Yangtze rivers,east of 100°E.High density of NPAs were generally in flat,water-rich,broad-leaved forest dominated plains and low mountain areas,with fertile soil,pleasant weather,long cultural history,and high transportation accessibility.(5)Average NPA accessible time is 60.05 min,with 70.76%regions being within 60 min,and the furthest was 777 min.The distribution of accessibility was positively related to the traffic lines.Interdepartmental protectionism has meant the various departments developed different management systems,standards,and technical specifications.展开更多
With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issu...With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.展开更多
Precise localization techniques for indoor Wi-Fi access points(APs)have important application in the security inspection.However,due to the interference of environment factors such as multipath propagation and NLOS(No...Precise localization techniques for indoor Wi-Fi access points(APs)have important application in the security inspection.However,due to the interference of environment factors such as multipath propagation and NLOS(Non-Line-of-Sight),the existing methods for localization indoor Wi-Fi access points based on RSS ranging tend to have lower accuracy as the RSS(Received Signal Strength)is difficult to accurately measure.Therefore,the localization algorithm of indoor Wi-Fi access points based on the signal strength relative relationship and region division is proposed in this paper.The algorithm hierarchically divide the room where the target Wi-Fi AP is located,on the region division line,a modified signal collection device is used to measure RSS in two directions of each reference point.All RSS values are compared and the region where the RSS value has the relative largest signal strength is located as next candidate region.The location coordinate of the target Wi-Fi AP is obtained when the localization region of the target Wi-Fi AP is successively approximated until the candidate region is smaller than the accuracy threshold.There are 360 experiments carried out in this paper with 8 types of Wi-Fi APs including fixed APs and portable APs.The experimental results show that the average localization error of the proposed localization algorithm is 0.30 meters,and the minimum localization error is 0.16 meters,which is significantly higher than the localization accuracy of the existing typical indoor Wi-Fi access point localization methods.展开更多
In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved ...In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system(OS) is comprised since malwares are running in ring 0 level. In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management(PM),security server(SS) and policy enforcement(PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache(AVC) between SS and PE in the vip OS,in order to speed up communication between the vip OS and the security domain. The policy enforcement module is retained in the vip OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implementthe system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the vip OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.Keywords: hypervisor; virtualization; memo-展开更多
The north-south transitional zone in China mainly consists of the Qinling-Daba Mountains. It is the most important West-East geo-ecological space in China, containing protected areas vital for biodiversity conservatio...The north-south transitional zone in China mainly consists of the Qinling-Daba Mountains. It is the most important West-East geo-ecological space in China, containing protected areas vital for biodiversity conservation and ecological security of China. The protection and rational development of its natural habitat is of great significance to China’s ecological security and integration of protected areas based on mountain forest ecosystems on a global scale. In this study, five important types of protected areas in the transitional zone were selected, and their spatial patterns were analysed. Spatial analysis methods, such as kernel density estimation and accessibility analysis, were employed for both point and areal data, and focused on four aspects: land use scale, shift in the centre of gravity, spatial agglomeration, and accessibility. In addition, policy background and evolution of spatial and temporal characteristics of the protected area system in the transitional zone from 1963 to 2017 were also examined. We analysed the characteristics and geographical significance of the West-east corridor using the spatial pattern of the protected area system from the perspective of ecological and economic spaces. We focused on spatial shape, type intersection, and key areas to analyse the spatial overlap of the protected areas. Protected area establishment was divided into three stages: initial(1956–1980), rapid development(1981–2013), and national park transformation(2014–present). These stages reflected the change in the concept of ‘simple protection—sustainable use—integration and upgrade’ for protected areas of China. The spatial centre of gravity of the protection zone system was located in the west Qinling-Daba Mountains, and its high-density core exhibited a relatively stable N-shaped structure composed of four gathering areas. Affected by factors such as geographic environment and socio-economic development density, the average access time for protected areas was high(1.56 h);wetland parks and scenic areas are located closer to the city centre. As the West-east corridor in the transitional zone extends from west to east, there is a clear spatial dislocation between the development of protected areas and the intensity of human activities. During development, differentiated goal orientation should be adopted based on the idea of zoning and classified governance. With the advancement of the construction of protected areas, the spatial overlap of protected areas in the transition zone has become more prominent. At present, the spatially overlapped protected areas in the transitional zone remain prominent, with inclusion overlap being the most common, and forest parks exhibiting the highest probability of overlap with other protected areas, we should focus on in the integration process of the corridor-type ecological space based on the mountain forest ecosystem.展开更多
A Wi-Fi fingerprinting localization approach has attracted increasing attention in recent years due to the ubiquity of Access Point( AP). However,typical fingerprinting localization methods fail to resist accidental e...A Wi-Fi fingerprinting localization approach has attracted increasing attention in recent years due to the ubiquity of Access Point( AP). However,typical fingerprinting localization methods fail to resist accidental environmental changes,such as AP movement. In order to address this problem,a robust fingerprinting indoor localization method is initiated. In the offline phase,three attributes of Received Signal Strength Indication( RSSI) —average,standard deviation and AP's response rate—are computed to prepare for the subsequent computation. In this way,the underlying location-relevant information can be captured comprehensively. Then in the online phase, a three-step voting scheme-based decision mechanism is demonstrated, detecting and eliminating the part of AP where the signals measured are severely distorted by AP 's movement. In the following localization step,in order to achieve accuracy and efficiency simultaneously,a novel fingerprinting localization algorithm is applied. Bhattacharyya distance is utilized to measure the RSSI distribution distance,thus realizing the optimization of MAximum Overlapping algorithm( MAO). Finally,experimental results are displayed,which demonstrate the effectiveness of our proposed methods in eliminating outliers and attaining relatively higher localization accuracy.展开更多
The growing ubiquity of Wi-Fi networks combined with the integration of low-cost Wi-Fi chipsets in all devices makes Wi-Fi as the wireless technology the most used for accessing to internet [1]. This means that the de...The growing ubiquity of Wi-Fi networks combined with the integration of low-cost Wi-Fi chipsets in all devices makes Wi-Fi as the wireless technology the most used for accessing to internet [1]. This means that the development of a Wi-Fi strategy has become an imperative for almost all operators worldwide. In this context, APs (Access Points) have to become as secure as cellular networks. Furthermore, authentication process between a mobile device and an access point has to be automated, without user constraining configuration. For reaching this purpose, client must have different credentials depending on authentication method. Our goal is to create an architecture that is both ergonomic and flexible in order to meet the need for connection and client mobility. We use NFC technology as a radio channel for starting communication with the network. The communication initiation will instantiate a virtual Wi-Fi AP and distribute all policies and access certificates for an authentication based on EAP-TLS (it could be extended to any EAP method for 802.1X standard). The end result of our new topology is to allow access to services through a virtual Wi-Fi AP with an enterprise-grade in a public hotspot.展开更多
Data privacy is important to the security of our society,and enabling authorized users to query this data efficiently is facing more challenge.Recently,blockchain has gained extensive attention with its prominent char...Data privacy is important to the security of our society,and enabling authorized users to query this data efficiently is facing more challenge.Recently,blockchain has gained extensive attention with its prominent characteristics as public,distributed,decentration and chronological characteristics.However,the transaction information on the blockchain is open to all nodes,the transaction information update operation is even more transparent.And the leakage of transaction information will cause huge losses to the transaction party.In response to these problems,this paper combines hierarchical attribute encryption with linear secret sharing,and proposes a blockchain data privacy protection control scheme based on searchable attribute encryption,which solves the privacy exposure problem in traditional blockchain transactions.The user’s access control is implemented by the verification nodes,which avoids the security risks of submitting private keys and access structures to the blockchain network.Associating the private key component with the random identity of the user node in the blockchain can solve the collusion problem.In addition,authorized users can quickly search and supervise transaction information through searchable encryption.The improved algorithm ensures the security of keywords.Finally,based on the DBDH hypothesis,the security of the scheme is proved in the random prediction model.展开更多
Efficient response speed and information processing speed are among the characteristics of mobile edge computing(MEC).However,MEC easily causes information leakage and loss problems because it requires frequent data e...Efficient response speed and information processing speed are among the characteristics of mobile edge computing(MEC).However,MEC easily causes information leakage and loss problems because it requires frequent data exchange.This work proposes an anonymous privacy data protection and access control scheme based on elliptic curve cryptography(ECC)and bilinear pairing to protect the communication security of the MEC.In the proposed scheme,the information sender encrypts private information through the ECC algorithm,and the information receiver uses its own key information and bilinear pairing to extract and verify the identity of the information sender.During each round of communication,the proposed scheme uses timestamps and random numbers to ensure the freshness of each round of conversation.Experimental results show that the proposed scheme has good security performance and can provide data privacy protection,integrity verification,and traceability for the communication process of MEC.The proposed scheme has a lower cost than other related schemes.The communication and computational cost of the proposed scheme are reduced by 31.08% and 22.31% on average compared with those of the other related schemes.展开更多
With reference to sensor node architectures, we consider the problem of supporting forms of memory protection through a hardware/compiler approach that takes advantage of a low-cost protection circuitry inside the mic...With reference to sensor node architectures, we consider the problem of supporting forms of memory protection through a hardware/compiler approach that takes advantage of a low-cost protection circuitry inside the microcontroller, interposed between the processor and the storage devices. Our design effort complies with the stringent limitations existing in these architectures in terms of hardware complexity, available storage and energy consumption. Rather that precluding deliberately harmful programs from producing their effects, our solution is aimed at limiting the spread of programming errors outside the memory scope of the running program. The discussion evaluates the resulting protection environment from a number of salient viewpoints that include the implementation of common protection paradigms, efficiency in the distribution and revocation of access privileges, and the lack of a privileged (kernel) mode.展开更多
Nowadays,the scale of the user’s personal social network(personal network,a network of the user and their friends,where the user we call“center user”)is becoming larger and more complex.It is difficult to find a su...Nowadays,the scale of the user’s personal social network(personal network,a network of the user and their friends,where the user we call“center user”)is becoming larger and more complex.It is difficult to find a suitable way to manage them automatically.In order to solve this problem,we propose an access control model for social network to protect the privacy of the central users,which achieves the access control accurately and automatically.Based on the hybrid friend circle detection algorithm,we consider the aspects of direct judgment,indirect trust judgment and malicious users,a set of multi-angle control method which could be adapted to the social network environment is proposed.Finally,we propose the solution to the possible conflict of rights in the right control,and assign the rights reasonably in the case of guaranteeing the privacy of the users.展开更多
In the era of big data,the conflict between data mining and data privacy protection is increasing day by day.Traditional information security focuses on protecting the security of attribute values without semantic ass...In the era of big data,the conflict between data mining and data privacy protection is increasing day by day.Traditional information security focuses on protecting the security of attribute values without semantic association.The data privacy of big data is mainly reflected in the effective use of data without exposing the user’s sensitive information.Considering the semantic association,reasonable security access for privacy protect is required.Semi-structured and self-descriptive XML(eXtensible Markup Language)has become a common form of data organization for database management in big data environments.Based on the semantic integration nature of XML data,this paper proposes a data access control model for individual users.Through the semantic dependency between data and the integration process from bottom to top,the global visual range of inverted XML structure is realized.Experimental results show that the model effectively protects the privacy and has high access efficiency.展开更多
With reference to a protection model featuring processes, objects and domains, we consider the salient aspects of the protection problem, domain representation and access right segregation in memory. We propose a solu...With reference to a protection model featuring processes, objects and domains, we consider the salient aspects of the protection problem, domain representation and access right segregation in memory. We propose a solution based on protected references, each consisting of the identifier of an object and the specification of a collection of access rights for this object. The protection system associates an encryption key with each object and each domain. A protected reference for a given object is always part of a domain, and is stored in memory in the ciphertext form that results from application of a double encryption using both the object key and the domain key.展开更多
The aim of this study was to characterize 103 mango accessions of the field germplasm collection of Embrapa semi-arid region, located in Juazeiro, Bahia, Brazil and to apply 50 morphological descriptors established by...The aim of this study was to characterize 103 mango accessions of the field germplasm collection of Embrapa semi-arid region, located in Juazeiro, Bahia, Brazil and to apply 50 morphological descriptors established by the Brazilian Ministry of Agriculture, livestock and supply to help in the development of new mango cultivars for the Northeastern region of Brazil. Four trees were selected for each accession and eight adult leaves, eight flowers and 16 fruits were collected from each tree. Morphological characteristics ranging from plant size to seed embryo were evaluated. Simple percentages were estimated for all the descriptors. Only the descriptors for leaf symmetry and fruit waxiness did not show variability among the accessions. Eight accessions did not show fruits with fibers, while nine other accessions presented flesh firmness, which is an important characteristic to improve breeding. The soluble solids content was high, above 14 ~Brix for 95% of the accessions with Tommy Atkins showing the lowest value, 12.5 ~Brix. A great diversity was found in the color of the epidermis ranging from green to red. The accessions Amrapali and Salitre presented a dark orange flesh color. The obtained data set, are the most comprehensive so far in Brazil, it allows choosing the best parents to develop new cultivars and will also contribute to the protection of mango cultivars in Brazil.展开更多
基金National Natural Science Foundation of China,No.41661025Scientific Research Foundation for Universities of Gansu Province,No.2016A-001Research Capacity Promotion Program for Young Teachers of Northwest Normal University,No.NWNU-LKQN-16-7
文摘This paper investigated spatial structures of 3418 national protected areas(NPAs)grouped into 13 types using GIS and quantitative analysis,including point patterns,Ripley’s K function,hotspot clustering,quadrat analysis,and Gini coefficient.Spatial accessibility was calculated for all NPAs from matrix raster data using cost weighted distance on the Arc GIS platform.The results are as follows:(1)The NNI of NPAs is 0.515,Gini is 0.073,all of which indicates distribution was shown to be a spatially dependent agglomeration,and more balanced in the provinces.The national key parks and the national water conservancy scenic spots had present the strongest aggregation,with NNI of 0.563 and 0.561 respectively,and K index indicates reducing aggregation when distance exceeds 600 km.(2)The national forest parks account for the largest proportion of 22.87% of all NPAs,and the world biosphere reserves the least of 0.77%.The number of NPAs in Shandong with 240 had been the largest one in all the provinces,while Tianjin had the least number including 9 NPAs.(3)There is only one hot spot in the first-class zone,5 in the second-class zones,and 51 in the third-class zones,which indicates NPAs are also aggregated at microscopic scales.(4)The hotspot NPA regions were mainly concentrated in the middle and lower reaches of the Yellow and Yangtze rivers,east of 100°E.High density of NPAs were generally in flat,water-rich,broad-leaved forest dominated plains and low mountain areas,with fertile soil,pleasant weather,long cultural history,and high transportation accessibility.(5)Average NPA accessible time is 60.05 min,with 70.76%regions being within 60 min,and the furthest was 777 min.The distribution of accessibility was positively related to the traffic lines.Interdepartmental protectionism has meant the various departments developed different management systems,standards,and technical specifications.
基金financially supported by the National Natural Science Foundation of China(No.61303216,No.61272457,No.U1401251,and No.61373172)the National High Technology Research and Development Program of China(863 Program)(No.2012AA013102)National 111 Program of China B16037 and B08038
文摘With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.
基金The work presented in this paper is supported by the National Key R&D Program of China(No.2016YFB0801303,2016QY01W0105)the National Natural Science Foundation of China(No.U1636219,61602508,61772549,U1736214,61572052)+1 种基金Plan for Scientific Innovation Talent of Henan Province(No.2018JR0018)the Key Technologies R&D Program of Henan Province(No.162102210032).
文摘Precise localization techniques for indoor Wi-Fi access points(APs)have important application in the security inspection.However,due to the interference of environment factors such as multipath propagation and NLOS(Non-Line-of-Sight),the existing methods for localization indoor Wi-Fi access points based on RSS ranging tend to have lower accuracy as the RSS(Received Signal Strength)is difficult to accurately measure.Therefore,the localization algorithm of indoor Wi-Fi access points based on the signal strength relative relationship and region division is proposed in this paper.The algorithm hierarchically divide the room where the target Wi-Fi AP is located,on the region division line,a modified signal collection device is used to measure RSS in two directions of each reference point.All RSS values are compared and the region where the RSS value has the relative largest signal strength is located as next candidate region.The location coordinate of the target Wi-Fi AP is obtained when the localization region of the target Wi-Fi AP is successively approximated until the candidate region is smaller than the accuracy threshold.There are 360 experiments carried out in this paper with 8 types of Wi-Fi APs including fixed APs and portable APs.The experimental results show that the average localization error of the proposed localization algorithm is 0.30 meters,and the minimum localization error is 0.16 meters,which is significantly higher than the localization accuracy of the existing typical indoor Wi-Fi access point localization methods.
基金supported by the National 973 Basic Research Program of China under grant No.2014CB340600the National Natural Science Foundation of China under grant No.61370230 and No.61662022+1 种基金Program for New Century Excellent Talents in University Under grant NCET-13-0241Natural Science Foundation of Huhei Province under Grant No.2016CFB371
文摘In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system(OS) is comprised since malwares are running in ring 0 level. In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management(PM),security server(SS) and policy enforcement(PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache(AVC) between SS and PE in the vip OS,in order to speed up communication between the vip OS and the security domain. The policy enforcement module is retained in the vip OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implementthe system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the vip OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.Keywords: hypervisor; virtualization; memo-
基金Under the auspices of National Science and Technology Basic Resource Investigation Program(No.2017FY100900)。
文摘The north-south transitional zone in China mainly consists of the Qinling-Daba Mountains. It is the most important West-East geo-ecological space in China, containing protected areas vital for biodiversity conservation and ecological security of China. The protection and rational development of its natural habitat is of great significance to China’s ecological security and integration of protected areas based on mountain forest ecosystems on a global scale. In this study, five important types of protected areas in the transitional zone were selected, and their spatial patterns were analysed. Spatial analysis methods, such as kernel density estimation and accessibility analysis, were employed for both point and areal data, and focused on four aspects: land use scale, shift in the centre of gravity, spatial agglomeration, and accessibility. In addition, policy background and evolution of spatial and temporal characteristics of the protected area system in the transitional zone from 1963 to 2017 were also examined. We analysed the characteristics and geographical significance of the West-east corridor using the spatial pattern of the protected area system from the perspective of ecological and economic spaces. We focused on spatial shape, type intersection, and key areas to analyse the spatial overlap of the protected areas. Protected area establishment was divided into three stages: initial(1956–1980), rapid development(1981–2013), and national park transformation(2014–present). These stages reflected the change in the concept of ‘simple protection—sustainable use—integration and upgrade’ for protected areas of China. The spatial centre of gravity of the protection zone system was located in the west Qinling-Daba Mountains, and its high-density core exhibited a relatively stable N-shaped structure composed of four gathering areas. Affected by factors such as geographic environment and socio-economic development density, the average access time for protected areas was high(1.56 h);wetland parks and scenic areas are located closer to the city centre. As the West-east corridor in the transitional zone extends from west to east, there is a clear spatial dislocation between the development of protected areas and the intensity of human activities. During development, differentiated goal orientation should be adopted based on the idea of zoning and classified governance. With the advancement of the construction of protected areas, the spatial overlap of protected areas in the transition zone has become more prominent. At present, the spatially overlapped protected areas in the transitional zone remain prominent, with inclusion overlap being the most common, and forest parks exhibiting the highest probability of overlap with other protected areas, we should focus on in the integration process of the corridor-type ecological space based on the mountain forest ecosystem.
基金Sponsored by the National High Technology Research and Development Program of China(Grant No.2014AA123103)
文摘A Wi-Fi fingerprinting localization approach has attracted increasing attention in recent years due to the ubiquity of Access Point( AP). However,typical fingerprinting localization methods fail to resist accidental environmental changes,such as AP movement. In order to address this problem,a robust fingerprinting indoor localization method is initiated. In the offline phase,three attributes of Received Signal Strength Indication( RSSI) —average,standard deviation and AP's response rate—are computed to prepare for the subsequent computation. In this way,the underlying location-relevant information can be captured comprehensively. Then in the online phase, a three-step voting scheme-based decision mechanism is demonstrated, detecting and eliminating the part of AP where the signals measured are severely distorted by AP 's movement. In the following localization step,in order to achieve accuracy and efficiency simultaneously,a novel fingerprinting localization algorithm is applied. Bhattacharyya distance is utilized to measure the RSSI distribution distance,thus realizing the optimization of MAximum Overlapping algorithm( MAO). Finally,experimental results are displayed,which demonstrate the effectiveness of our proposed methods in eliminating outliers and attaining relatively higher localization accuracy.
文摘The growing ubiquity of Wi-Fi networks combined with the integration of low-cost Wi-Fi chipsets in all devices makes Wi-Fi as the wireless technology the most used for accessing to internet [1]. This means that the development of a Wi-Fi strategy has become an imperative for almost all operators worldwide. In this context, APs (Access Points) have to become as secure as cellular networks. Furthermore, authentication process between a mobile device and an access point has to be automated, without user constraining configuration. For reaching this purpose, client must have different credentials depending on authentication method. Our goal is to create an architecture that is both ergonomic and flexible in order to meet the need for connection and client mobility. We use NFC technology as a radio channel for starting communication with the network. The communication initiation will instantiate a virtual Wi-Fi AP and distribute all policies and access certificates for an authentication based on EAP-TLS (it could be extended to any EAP method for 802.1X standard). The end result of our new topology is to allow access to services through a virtual Wi-Fi AP with an enterprise-grade in a public hotspot.
基金The National Natural Science Foundation of China(No.61462060,No.61762060)The Network and Information Security Innovation Team of Gansu Provincial Department of Education Lanzhou University of Technology(No.2017C-05).
文摘Data privacy is important to the security of our society,and enabling authorized users to query this data efficiently is facing more challenge.Recently,blockchain has gained extensive attention with its prominent characteristics as public,distributed,decentration and chronological characteristics.However,the transaction information on the blockchain is open to all nodes,the transaction information update operation is even more transparent.And the leakage of transaction information will cause huge losses to the transaction party.In response to these problems,this paper combines hierarchical attribute encryption with linear secret sharing,and proposes a blockchain data privacy protection control scheme based on searchable attribute encryption,which solves the privacy exposure problem in traditional blockchain transactions.The user’s access control is implemented by the verification nodes,which avoids the security risks of submitting private keys and access structures to the blockchain network.Associating the private key component with the random identity of the user node in the blockchain can solve the collusion problem.In addition,authorized users can quickly search and supervise transaction information through searchable encryption.The improved algorithm ensures the security of keywords.Finally,based on the DBDH hypothesis,the security of the scheme is proved in the random prediction model.
基金partially supported by the National Natural Science Foundation of China under Grant 62072170 and Grant 62177047the Fundamental Research Funds for the Central Universities under Grant 531118010527+1 种基金the Science and Technology Key Projects of Hunan Province under Grant 2022GK2015the Hunan Provincial Natural Science Foundation of China under Grant 2021JJ30141.
文摘Efficient response speed and information processing speed are among the characteristics of mobile edge computing(MEC).However,MEC easily causes information leakage and loss problems because it requires frequent data exchange.This work proposes an anonymous privacy data protection and access control scheme based on elliptic curve cryptography(ECC)and bilinear pairing to protect the communication security of the MEC.In the proposed scheme,the information sender encrypts private information through the ECC algorithm,and the information receiver uses its own key information and bilinear pairing to extract and verify the identity of the information sender.During each round of communication,the proposed scheme uses timestamps and random numbers to ensure the freshness of each round of conversation.Experimental results show that the proposed scheme has good security performance and can provide data privacy protection,integrity verification,and traceability for the communication process of MEC.The proposed scheme has a lower cost than other related schemes.The communication and computational cost of the proposed scheme are reduced by 31.08% and 22.31% on average compared with those of the other related schemes.
文摘With reference to sensor node architectures, we consider the problem of supporting forms of memory protection through a hardware/compiler approach that takes advantage of a low-cost protection circuitry inside the microcontroller, interposed between the processor and the storage devices. Our design effort complies with the stringent limitations existing in these architectures in terms of hardware complexity, available storage and energy consumption. Rather that precluding deliberately harmful programs from producing their effects, our solution is aimed at limiting the spread of programming errors outside the memory scope of the running program. The discussion evaluates the resulting protection environment from a number of salient viewpoints that include the implementation of common protection paradigms, efficiency in the distribution and revocation of access privileges, and the lack of a privileged (kernel) mode.
基金This work was supported in part by National Science Foundation of China(No.61572259,No.U1736105)。
文摘Nowadays,the scale of the user’s personal social network(personal network,a network of the user and their friends,where the user we call“center user”)is becoming larger and more complex.It is difficult to find a suitable way to manage them automatically.In order to solve this problem,we propose an access control model for social network to protect the privacy of the central users,which achieves the access control accurately and automatically.Based on the hybrid friend circle detection algorithm,we consider the aspects of direct judgment,indirect trust judgment and malicious users,a set of multi-angle control method which could be adapted to the social network environment is proposed.Finally,we propose the solution to the possible conflict of rights in the right control,and assign the rights reasonably in the case of guaranteeing the privacy of the users.
基金This work was supported by Funding of Jiangsu Innovation Program for Graduate Education KYLX_0285,the National Natural Science Foundation of China(No.61602241)the Natural Science Foundation of Jiangsu Province(No.BK20150758)the pre-study fund of PLA University of Science and Technology.
文摘In the era of big data,the conflict between data mining and data privacy protection is increasing day by day.Traditional information security focuses on protecting the security of attribute values without semantic association.The data privacy of big data is mainly reflected in the effective use of data without exposing the user’s sensitive information.Considering the semantic association,reasonable security access for privacy protect is required.Semi-structured and self-descriptive XML(eXtensible Markup Language)has become a common form of data organization for database management in big data environments.Based on the semantic integration nature of XML data,this paper proposes a data access control model for individual users.Through the semantic dependency between data and the integration process from bottom to top,the global visual range of inverted XML structure is realized.Experimental results show that the model effectively protects the privacy and has high access efficiency.
文摘With reference to a protection model featuring processes, objects and domains, we consider the salient aspects of the protection problem, domain representation and access right segregation in memory. We propose a solution based on protected references, each consisting of the identifier of an object and the specification of a collection of access rights for this object. The protection system associates an encryption key with each object and each domain. A protected reference for a given object is always part of a domain, and is stored in memory in the ciphertext form that results from application of a double encryption using both the object key and the domain key.
文摘The aim of this study was to characterize 103 mango accessions of the field germplasm collection of Embrapa semi-arid region, located in Juazeiro, Bahia, Brazil and to apply 50 morphological descriptors established by the Brazilian Ministry of Agriculture, livestock and supply to help in the development of new mango cultivars for the Northeastern region of Brazil. Four trees were selected for each accession and eight adult leaves, eight flowers and 16 fruits were collected from each tree. Morphological characteristics ranging from plant size to seed embryo were evaluated. Simple percentages were estimated for all the descriptors. Only the descriptors for leaf symmetry and fruit waxiness did not show variability among the accessions. Eight accessions did not show fruits with fibers, while nine other accessions presented flesh firmness, which is an important characteristic to improve breeding. The soluble solids content was high, above 14 ~Brix for 95% of the accessions with Tommy Atkins showing the lowest value, 12.5 ~Brix. A great diversity was found in the color of the epidermis ranging from green to red. The accessions Amrapali and Salitre presented a dark orange flesh color. The obtained data set, are the most comprehensive so far in Brazil, it allows choosing the best parents to develop new cultivars and will also contribute to the protection of mango cultivars in Brazil.
