Relay in full-duplex(FD) mode can achieve higher spectrum efficiency than that in half-duplex mode,while it is crucial to suppress relay self-interference to ensure transmission quality which requires instantaneous ch...Relay in full-duplex(FD) mode can achieve higher spectrum efficiency than that in half-duplex mode,while it is crucial to suppress relay self-interference to ensure transmission quality which requires instantaneous channel state information(CSI). In this paper,the channel estimation issue in FD amplify-andforward relay networks is considered,where the training-based estimation technique is adopted. Firstly,the least square(LS) estimation is implemented to obtain composite channel coefficients of source-relay-destination(SRD) channel and relay loop-interference(LI) channel in order to assist destination in performing data detection. Secondly,both LS and maximum likelihood estimation methods are utilized to perform individual channel estimation aiming at supporting successive interference cancelation at destination. Finally,simulation results demonstrate the effectiveness of both composite and individual channel estimation,and the presented ML method can achieve lower MSEs than LS solution.展开更多
In this paper, a quasi-Newton method fbr semi-blind estimation is derived for channel estimation in uplink cloud radio access networks (C-RANs). Different from traditional pilot-aided estimation, semiblind estimatio...In this paper, a quasi-Newton method fbr semi-blind estimation is derived for channel estimation in uplink cloud radio access networks (C-RANs). Different from traditional pilot-aided estimation, semiblind estimation utilizes the unknown data symbols in addition to the known pilot symbols to estimate the channel. An initial channel state information (CSI) obtained by least-squared (LS) estimation is needed in semi-blind estimation. BFGS (Brayben, Fletcher, Goldfarb and Shanno) algorithm, which employs data as well as pilot symbols, estimates the CSI though solving the problem provided by maximum-likelihood (ML) principle. In addition, mean-square-error (MSE) used to evaluate the estimation performance can be further minimized with an optimal pilot design. Simulation results show that the semi-blind estimation achieves a significant improvement in terms of MSE performance over the conventional LS estimation by utilizing data symbols instead of increasing the number of pilot symbols, which demonstrates the estimation accuracy and spectral efficiency are both improved by semiblind estimation for C-RANs.展开更多
Attribute-based encryption(ABE) supports the fine-grained sharing of encrypted data.In some common designs,attributes are managed by an attribute authority that is supposed to be fully trustworthy.This concept implies...Attribute-based encryption(ABE) supports the fine-grained sharing of encrypted data.In some common designs,attributes are managed by an attribute authority that is supposed to be fully trustworthy.This concept implies that the attribute authority can access all encrypted data,which is known as the key escrow problem.In addition,because all access privileges are defined over a single attribute universe and attributes are shared among multiple data users,the revocation of users is inefficient for the existing ABE scheme.In this paper,we propose a novel scheme that solves the key escrow problem and supports efficient user revocation.First,an access controller is introduced into the existing scheme,and then,secret keys are generated corporately by the attribute authority and access controller.Second,an efficient user revocation mechanism is achieved using a version key that supports forward and backward security.The analysis proves that our scheme is secure and efficient in user authorization and revocation.展开更多
Personal cloud computing is an emerging trend in the computer industry. For a sustainable service, cloud computing services must control user access. The essential business characteristics of cloud computing are payme...Personal cloud computing is an emerging trend in the computer industry. For a sustainable service, cloud computing services must control user access. The essential business characteristics of cloud computing are payment status and service level agreement. This work proposes a novel access control method for personal cloud service business. The proposed method sets metadata, policy analysis rules, and access denying rules. Metadata define the structure of access control policies and user requirements for cloud services. The policy analysis rules are used to compare conflicts and redundancies between access control policies. The access denying rules apply policies for inhibiting inappropriate access. The ontology is a theoretical foundation of this method. In this work, ontologies for payment status, access permission, service level, and the cloud provide semantic information needed to execute rules. A scenario of personal data backup cloud service is also provided in this work. This work potentially provides cloud service providers with a convenient method of controlling user access according to changeable business and marketing strategies.展开更多
Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces m...Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.展开更多
Access control has made a long way from 1960s. With the advent changes of technologies pertaining to location transparency in storage of data, there arises different access control scenarios. Cloud storage, the predom...Access control has made a long way from 1960s. With the advent changes of technologies pertaining to location transparency in storage of data, there arises different access control scenarios. Cloud storage, the predominant storage that is being in use currently, also paves way to various access control problems. Though there are various access control mechanisms such as RBAC, ABAC, they are designed on the user’s perspective such as the role held by the user or other attributes assigned to the user. A new access control mechanism called object relationship based access control (RoBAC) has been developed based on the relations held among the users. The policy decision of access control is based on the relationship among the classes followed in the Java programming. Results have shown that this model best suits various scenarios in the cloud environment, and it also shows that the time for making decision either to allow or to deny is reduced compared to the existing system.展开更多
With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality a...With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.展开更多
With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issu...With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.展开更多
The cloud radio access network(C-RAN) has recently been proposed as an important component of the next generation wireless networks providing opportunities for improving both spectral and energy effi ciencies. The per...The cloud radio access network(C-RAN) has recently been proposed as an important component of the next generation wireless networks providing opportunities for improving both spectral and energy effi ciencies. The performance of this network structure is however constrained by severe inter-cell interference due to the limited capacity of fronthaul between the radio remote heads(RRH) and the base band unit(BBU) pool. To achieve performance improvement taking full advantage of centralized processing capabilities of C-RANs,a set of RRHs can jointly transmit data to the same UE for improved spectral effi ciency. In this paper,a user centralized joint coordinated transmission(UC-JCT) scheme is put forth to investigate the downlink performance of C-RANs. The most important benefit the proposed strategy is the ability to translate what would have been the most dominant interfering sources to usable signal leading to a signifi cantly improved performance. Stochastic geometry is utilized to model the randomness of RRH location and provides a reliable performance analysis. We derive an analytical expression for the closed integral form of the coverage probability of a typical UE. Simulation results confirm the accuracy of our analysis and demonstrate that significant performance gain can be achieved from the proposed coordination schemes.展开更多
With the massive diffusion of cloud computing, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for the security and privacy of outsourced data. To addres...With the massive diffusion of cloud computing, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for the security and privacy of outsourced data. To address these challenges, the server-aided access control(SAAC) system was proposed. The SAAC system builds upon a variant of conditional proxy re-encryption(CPRE) named threshold conditional proxy re-encryption(TCPRE). In TCPRE, t out of n proxies can re-encrypt ciphertexts(satisfying some specified conditions) for the delegator(while up to t-1 proxies cannot), and the correctness of the re-encrypted ciphertexts can be publicly verified. Both features guarantee the trust and reliability on the proxies deployed in the SAAC system. The security models for TCPRE were formalized, several TCPRE constructions were proposed and that our final scheme was secure against chosen-ciphertext attacks was proved.展开更多
Emerging cloud computing has introduced new platforms for developing enterprise academic web applications, where software, platforms and infrastructures are published to the globe as services. Software developers can ...Emerging cloud computing has introduced new platforms for developing enterprise academic web applications, where software, platforms and infrastructures are published to the globe as services. Software developers can build their systems by multiple invocations of these services. This research is devoted to investigating the management and data flow control over enterprise academic web applications where web services and developed academic web application are constructing infrastructure-networking scheme at the application level. Academic web services are invoked over http port and using REST based protocol;thus traditional access control method is not enough to control the follow of data using host and port information. The new cloud based access control rules proposed here are to be designed and implemented to work at this level. The new proposed access control architecture will be a web service gateway, and it published itself as a service (SaaS). We used three case studies to test our moodle and then we apply JSON parsers to perceive web service description file (WSDL file) and supply policies according to data are to be allowed or denied based on user roll through our parsing.展开更多
基金supported in part by the National High Technology Research and Development Program of China(Grant No.2014AA01A707)the Beijing Natural Science Foundation(Grant No.4131003)+1 种基金the Specialized Research Fund for the Doctoral Program of Higher Education (SRFDP)(Grant No.20120005140002)the Key Program of Science and Technology Development Project of Beijing Municipal Education Commission of China (KZ201511232036)
文摘Relay in full-duplex(FD) mode can achieve higher spectrum efficiency than that in half-duplex mode,while it is crucial to suppress relay self-interference to ensure transmission quality which requires instantaneous channel state information(CSI). In this paper,the channel estimation issue in FD amplify-andforward relay networks is considered,where the training-based estimation technique is adopted. Firstly,the least square(LS) estimation is implemented to obtain composite channel coefficients of source-relay-destination(SRD) channel and relay loop-interference(LI) channel in order to assist destination in performing data detection. Secondly,both LS and maximum likelihood estimation methods are utilized to perform individual channel estimation aiming at supporting successive interference cancelation at destination. Finally,simulation results demonstrate the effectiveness of both composite and individual channel estimation,and the presented ML method can achieve lower MSEs than LS solution.
基金supported in part by the the National High Technology Research and Devel-opment Program of China(Grant No.2014AA01A701)National Natural Science Foundation of China(Grant No.61361166005)+2 种基金the State Major Science and Technology Special Projects(Grant No.2016ZX03001020006)the National Program for Support of Top-notch Young Pro-fessionalsthe Science and Technology Development Project of Beijing Municipal Education Commission of China(Grant No.KZ201511232036)
文摘In this paper, a quasi-Newton method fbr semi-blind estimation is derived for channel estimation in uplink cloud radio access networks (C-RANs). Different from traditional pilot-aided estimation, semiblind estimation utilizes the unknown data symbols in addition to the known pilot symbols to estimate the channel. An initial channel state information (CSI) obtained by least-squared (LS) estimation is needed in semi-blind estimation. BFGS (Brayben, Fletcher, Goldfarb and Shanno) algorithm, which employs data as well as pilot symbols, estimates the CSI though solving the problem provided by maximum-likelihood (ML) principle. In addition, mean-square-error (MSE) used to evaluate the estimation performance can be further minimized with an optimal pilot design. Simulation results show that the semi-blind estimation achieves a significant improvement in terms of MSE performance over the conventional LS estimation by utilizing data symbols instead of increasing the number of pilot symbols, which demonstrates the estimation accuracy and spectral efficiency are both improved by semiblind estimation for C-RANs.
基金supported by the NSFC(61173141,U1536206,61232016, U1405254,61373133,61502242,61572258)BK20150925+3 种基金Fund of Jiangsu Engineering Center of Network Monitoring(KJR1402)Fund of MOE Internet Innovation Platform(KJRP1403)CICAEETthe PAPD fund
文摘Attribute-based encryption(ABE) supports the fine-grained sharing of encrypted data.In some common designs,attributes are managed by an attribute authority that is supposed to be fully trustworthy.This concept implies that the attribute authority can access all encrypted data,which is known as the key escrow problem.In addition,because all access privileges are defined over a single attribute universe and attributes are shared among multiple data users,the revocation of users is inefficient for the existing ABE scheme.In this paper,we propose a novel scheme that solves the key escrow problem and supports efficient user revocation.First,an access controller is introduced into the existing scheme,and then,secret keys are generated corporately by the attribute authority and access controller.Second,an efficient user revocation mechanism is achieved using a version key that supports forward and backward security.The analysis proves that our scheme is secure and efficient in user authorization and revocation.
文摘Personal cloud computing is an emerging trend in the computer industry. For a sustainable service, cloud computing services must control user access. The essential business characteristics of cloud computing are payment status and service level agreement. This work proposes a novel access control method for personal cloud service business. The proposed method sets metadata, policy analysis rules, and access denying rules. Metadata define the structure of access control policies and user requirements for cloud services. The policy analysis rules are used to compare conflicts and redundancies between access control policies. The access denying rules apply policies for inhibiting inappropriate access. The ontology is a theoretical foundation of this method. In this work, ontologies for payment status, access permission, service level, and the cloud provide semantic information needed to execute rules. A scenario of personal data backup cloud service is also provided in this work. This work potentially provides cloud service providers with a convenient method of controlling user access according to changeable business and marketing strategies.
基金supported by National Information Security Program under Grant No.2009A112
文摘Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.
文摘Access control has made a long way from 1960s. With the advent changes of technologies pertaining to location transparency in storage of data, there arises different access control scenarios. Cloud storage, the predominant storage that is being in use currently, also paves way to various access control problems. Though there are various access control mechanisms such as RBAC, ABAC, they are designed on the user’s perspective such as the role held by the user or other attributes assigned to the user. A new access control mechanism called object relationship based access control (RoBAC) has been developed based on the relations held among the users. The policy decision of access control is based on the relationship among the classes followed in the Java programming. Results have shown that this model best suits various scenarios in the cloud environment, and it also shows that the time for making decision either to allow or to deny is reduced compared to the existing system.
文摘With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.
基金financially supported by the National Natural Science Foundation of China(No.61303216,No.61272457,No.U1401251,and No.61373172)the National High Technology Research and Development Program of China(863 Program)(No.2012AA013102)National 111 Program of China B16037 and B08038
文摘With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.
基金supported in part by the National Natural Science Foundation of China (Grant No. 61222103)the Beijing Natural Science Foundation (Grant No. 4131003)+1 种基金the Specialized Research Fund for the Doctoral Program of Higher Education (SRFDP) (Grant No. 20120005140002)the National High Technology Research and Development Program (863 Program) of China under Grant No. 2014AA01A707
文摘The cloud radio access network(C-RAN) has recently been proposed as an important component of the next generation wireless networks providing opportunities for improving both spectral and energy effi ciencies. The performance of this network structure is however constrained by severe inter-cell interference due to the limited capacity of fronthaul between the radio remote heads(RRH) and the base band unit(BBU) pool. To achieve performance improvement taking full advantage of centralized processing capabilities of C-RANs,a set of RRHs can jointly transmit data to the same UE for improved spectral effi ciency. In this paper,a user centralized joint coordinated transmission(UC-JCT) scheme is put forth to investigate the downlink performance of C-RANs. The most important benefit the proposed strategy is the ability to translate what would have been the most dominant interfering sources to usable signal leading to a signifi cantly improved performance. Stochastic geometry is utilized to model the randomness of RRH location and provides a reliable performance analysis. We derive an analytical expression for the closed integral form of the coverage probability of a typical UE. Simulation results confirm the accuracy of our analysis and demonstrate that significant performance gain can be achieved from the proposed coordination schemes.
基金The National Natural Science Foundation of China(No.61272413,No.61472165)
文摘With the massive diffusion of cloud computing, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for the security and privacy of outsourced data. To address these challenges, the server-aided access control(SAAC) system was proposed. The SAAC system builds upon a variant of conditional proxy re-encryption(CPRE) named threshold conditional proxy re-encryption(TCPRE). In TCPRE, t out of n proxies can re-encrypt ciphertexts(satisfying some specified conditions) for the delegator(while up to t-1 proxies cannot), and the correctness of the re-encrypted ciphertexts can be publicly verified. Both features guarantee the trust and reliability on the proxies deployed in the SAAC system. The security models for TCPRE were formalized, several TCPRE constructions were proposed and that our final scheme was secure against chosen-ciphertext attacks was proved.
文摘Emerging cloud computing has introduced new platforms for developing enterprise academic web applications, where software, platforms and infrastructures are published to the globe as services. Software developers can build their systems by multiple invocations of these services. This research is devoted to investigating the management and data flow control over enterprise academic web applications where web services and developed academic web application are constructing infrastructure-networking scheme at the application level. Academic web services are invoked over http port and using REST based protocol;thus traditional access control method is not enough to control the follow of data using host and port information. The new cloud based access control rules proposed here are to be designed and implemented to work at this level. The new proposed access control architecture will be a web service gateway, and it published itself as a service (SaaS). We used three case studies to test our moodle and then we apply JSON parsers to perceive web service description file (WSDL file) and supply policies according to data are to be allowed or denied based on user roll through our parsing.
