Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, w...Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography (IBC) to propose a Distributed Authentication and Authorization Scheme (DAAS), where an identity-based signature (IBS) is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption (CP-ABE) is used to enable the distributed and fine-grained authorization. DAAS consists of three phases: initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest (NOAM) dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest (AM) distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.展开更多
User’s data is considered as a vital asset of several organizations.Migrating data to the cloud computing is not an easy decision for any organization due to the privacy and security concerns.Service providers must e...User’s data is considered as a vital asset of several organizations.Migrating data to the cloud computing is not an easy decision for any organization due to the privacy and security concerns.Service providers must ensure that both data and applications that will be stored on the cloud should be protected in a secure environment.The data stored on the public cloud will be vulnerable to outside and inside attacks.This paper provides interactive multi-layer authentication frameworks for securing user identities on the cloud.Different access control policies are applied for verifying users on the cloud.A security mechanism is applied to the cloud application that includes user registration,granting user privileges,and generating user authentication factor.An intrusion detection system is embedded to the security mechanism to detect malicious users.The multi factor authentication,intrusion detection,and access control techniques can be used for ensuring the identity of the user.Finally,encryption techniques are used for protecting the data from being disclosed.Experimental results are carried out to verify the accuracy and efficiency of the proposed frameworks and mechanism.The results recorded high detection rate with low false positive alarms.展开更多
This paper presents how to apply the RADIUS (Remote Authentication Dial In User Service)protocol ,which is generally applied to dial-up network, to the authentication & charge of Broad Band accessing control syste...This paper presents how to apply the RADIUS (Remote Authentication Dial In User Service)protocol ,which is generally applied to dial-up network, to the authentication & charge of Broad Band accessing control system on Ethernet. It is provided that the Broad Band accessing control system included a self-designed communication protocol is used in communicating between an terminal user and Network Access Server .The interface module on the servers side and the Radius system is also given in this article.展开更多
文摘Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography (IBC) to propose a Distributed Authentication and Authorization Scheme (DAAS), where an identity-based signature (IBS) is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption (CP-ABE) is used to enable the distributed and fine-grained authorization. DAAS consists of three phases: initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest (NOAM) dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest (AM) distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.
文摘User’s data is considered as a vital asset of several organizations.Migrating data to the cloud computing is not an easy decision for any organization due to the privacy and security concerns.Service providers must ensure that both data and applications that will be stored on the cloud should be protected in a secure environment.The data stored on the public cloud will be vulnerable to outside and inside attacks.This paper provides interactive multi-layer authentication frameworks for securing user identities on the cloud.Different access control policies are applied for verifying users on the cloud.A security mechanism is applied to the cloud application that includes user registration,granting user privileges,and generating user authentication factor.An intrusion detection system is embedded to the security mechanism to detect malicious users.The multi factor authentication,intrusion detection,and access control techniques can be used for ensuring the identity of the user.Finally,encryption techniques are used for protecting the data from being disclosed.Experimental results are carried out to verify the accuracy and efficiency of the proposed frameworks and mechanism.The results recorded high detection rate with low false positive alarms.
基金This research is supported by the key Project of Chinese Ministry of Education (No.01083)
文摘This paper presents how to apply the RADIUS (Remote Authentication Dial In User Service)protocol ,which is generally applied to dial-up network, to the authentication & charge of Broad Band accessing control system on Ethernet. It is provided that the Broad Band accessing control system included a self-designed communication protocol is used in communicating between an terminal user and Network Access Server .The interface module on the servers side and the Radius system is also given in this article.
