The accelerated advancement of the Internet of Things(IoT)has generated substantial data,including sensitive and private information.Consequently,it is imperative to guarantee the security of data sharing.While facili...The accelerated advancement of the Internet of Things(IoT)has generated substantial data,including sensitive and private information.Consequently,it is imperative to guarantee the security of data sharing.While facilitating fine-grained access control,Ciphertext Policy Attribute-Based Encryption(CP-ABE)can effectively ensure the confidentiality of shared data.Nevertheless,the conventional centralized CP-ABE scheme is plagued by the issues of keymisuse,key escrow,and large computation,which will result in security risks.This paper suggests a lightweight IoT data security sharing scheme that integrates blockchain technology and CP-ABE to address the abovementioned issues.The integrity and traceability of shared data are guaranteed by the use of blockchain technology to store and verify access transactions.The encryption and decryption operations of the CP-ABE algorithm have been implemented using elliptic curve scalarmultiplication to accommodate lightweight IoT devices,as opposed to themore arithmetic bilinear pairing found in the traditional CP-ABE algorithm.Additionally,a portion of the computation is delegated to the edge nodes to alleviate the computational burden on users.A distributed key management method is proposed to address the issues of key escrow andmisuse.Thismethod employs the edge blockchain to facilitate the storage and distribution of attribute private keys.Meanwhile,data security sharing is enhanced by combining off-chain and on-chain ciphertext storage.The security and performance analysis indicates that the proposed scheme is more efficient and secure.展开更多
With the rapid development of web3.0 applications,the volume of data sharing is increasing,the inefficiency of big data file sharing and the problem of data privacy leakage are becoming more and more prominent,and the...With the rapid development of web3.0 applications,the volume of data sharing is increasing,the inefficiency of big data file sharing and the problem of data privacy leakage are becoming more and more prominent,and the existing data sharing schemes have been difficult to meet the growing demand for data sharing,this paper aims at exploring a secure,efficient and privacy-protecting data sharing scheme under web3.0 applications.Specifically,this paper adopts interplanetary file system(IPFS)technology to realize the storage of large data files to solve the problem of blockchain storage capacity limitation,and utilizes ciphertext policy attribute-based encryption(CP-ABE)and proxy re-encryption(PRE)technology to realize secure multi-party sharing and finegrained access control of data.This paper provides the detailed algorithm design and implementation of data sharing phases and processes,and analyzes the algorithms from the perspectives of security,privacy protection,and performance.展开更多
With the rapid development of medical data sharing,issues of privacy and ownership have become prominent,which have limited the scale of data sharing.To address the above challenges,we propose a blockchainbased data-s...With the rapid development of medical data sharing,issues of privacy and ownership have become prominent,which have limited the scale of data sharing.To address the above challenges,we propose a blockchainbased data-sharing framework to ensure data security and encourage data owners to actively participate in sharing.We introduce a reliable attribute-based searchable encryption scheme that enables fine-grained access control of encrypted data and ensures secure and efficient data sharing.The revenue distribution model is constructed based on Shapley value to motivate participants.Additionally,by integrating the smart contract technology of blockchain,the search operation and incentive mechanism are automatically executed.Through revenue distribution analysis,the incentive effect and rationality of the proposed scheme are verified.Performance evaluation shows that,compared with traditional data-sharing models,our proposed framework not only meets data security requirements but also incentivizes more participants to actively participate in data sharing.展开更多
The advent of the digital age has consistently provided impetus for facilitating global trade,as evidenced by the numerous customs clearance documents and participants involved in the international trade process,inclu...The advent of the digital age has consistently provided impetus for facilitating global trade,as evidenced by the numerous customs clearance documents and participants involved in the international trade process,including enterprises,agents,and government departments.However,the urgent issue that requires immediate attention is how to achieve secure and efficient cross-border data sharing among these government departments and enterprises in complex trade processes.In addressing this need,this paper proposes a data exchange architecture employing Multi-Authority Attribute-Based Encryption(MA-ABE)in combination with blockchain technology.This scheme supports proxy decryption,attribute revocation,and policy update,while allowing each participating entity to manage their keys autonomously,ensuring system security and enhancing trust among participants.In order to enhance system decentralization,a mechanism has been designed in the architecture where multiple institutions interact with smart contracts and jointly participate in the generation of public parameters.Integration with the multi-party process execution engine Caterpillar has been shown to boost the transparency of cross-border information flow and cooperation between different organizations.The scheme ensures the auditability of data access control information and the visualization of on-chain data sharing.The MA-ABE scheme is statically secure under the q-Decisional Parallel Bilinear Diffie-Hellman Exponent(q-DPBDHE2)assumption in the random oracle model,and can resist ciphertext rollback attacks to achieve true backward and forward security.Theoretical analysis and experimental results demonstrate the appropriateness of the scheme for cross-border data collaboration between different institutions.展开更多
Sharing of personal health records(PHR)in cloud computing is an essential functionality in the healthcare system.However,how to securely,efficiently and flexibly share PHRs data of the patient in a multi-receiver sett...Sharing of personal health records(PHR)in cloud computing is an essential functionality in the healthcare system.However,how to securely,efficiently and flexibly share PHRs data of the patient in a multi-receiver setting has not been well addressed.For instance,since the trust domain of the cloud server is not identical to the data owner or data user,the semi-trust cloud service provider may intentionally destroy or tamper shared PHRs data of user or only transform partial ciphertext of the shared PHRs or even return wrong computation results to save its storage and computation resource,to pursue maximum economic interest or other malicious purposes.Thus,the PHRs data storing or sharing via the cloud server should be performed with consistency and integrity verification.Fortunately,the emergence of blockchain technology provides new ideas and prospects for ensuring the consistency and integrity of shared PHRs data.To this end,in this work,we leverage the consortiumblockchain technology to enhance the trustworthiness of each participant and propose a blockchain-based patient-centric data sharing scheme for PHRs in cloud computing(BC-PC-Share).Different from the state-of-art schemes,our proposal can achieve the following desired properties:(1)Realizing patient-centric PHRs sharing with a public verification function,i.e.,which can ensure that the returned shared data is consistent with the requested shared data and the integrity of the shared data is not compromised.(2)Supporting scalable and fine-grained access control and sharing of PHRs data with multiple domain users,such as hospitals,medical research institutes,and medical insurance companies.(3)Achieving efficient user decryption by leveraging the transformation key technique and efficient user revocation by introducing time-controlled access.The security analysis and simulation experiment demonstrate that the proposed BC-PC-Share scheme is a feasible and promising solution for PHRs data sharing via consortium blockchain.展开更多
The Cloud is increasingly being used to store and process big data for its tenants and classical security mechanisms using encryption are neither sufficiently efficient nor suited to the task of protecting big data in...The Cloud is increasingly being used to store and process big data for its tenants and classical security mechanisms using encryption are neither sufficiently efficient nor suited to the task of protecting big data in the Cloud.In this paper,we present an alternative approach which divides big data into sequenced parts and stores them among multiple Cloud storage service providers.Instead of protecting the big data itself,the proposed scheme protects the mapping of the various data elements to each provider using a trapdoor function.Analysis,comparison and simulation prove that the proposed scheme is efficient and secure for the big data of Cloud tenants.展开更多
The fast proliferation of edge devices for the Internet of Things(IoT)has led to massive volumes of data explosion.The generated data is collected and shared using edge-based IoT structures at a considerably high freq...The fast proliferation of edge devices for the Internet of Things(IoT)has led to massive volumes of data explosion.The generated data is collected and shared using edge-based IoT structures at a considerably high frequency.Thus,the data-sharing privacy exposure issue is increasingly intimidating when IoT devices make malicious requests for filching sensitive information from a cloud storage system through edge nodes.To address the identified issue,we present evolutionary privacy preservation learning strategies for an edge computing-based IoT data sharing scheme.In particular,we introduce evolutionary game theory and construct a payoff matrix to symbolize intercommunication between IoT devices and edge nodes,where IoT devices and edge nodes are two parties of the game.IoT devices may make malicious requests to achieve their goals of stealing privacy.Accordingly,edge nodes should deny malicious IoT device requests to prevent IoT data from being disclosed.They dynamically adjust their own strategies according to the opponent's strategy and finally maximize the payoffs.Built upon a developed application framework to illustrate the concrete data sharing architecture,a novel algorithm is proposed that can derive the optimal evolutionary learning strategy.Furthermore,we numerically simulate evolutionarily stable strategies,and the final results experimentally verify the correctness of the IoT data sharing privacy preservation scheme.Therefore,the proposed model can effectively defeat malicious invasion and protect sensitive information from leaking when IoT data is shared.展开更多
With the development of the Internet of Things(IoT),the massive data sharing between IoT devices improves the Quality of Service(QoS)and user experience in various IoT applications.However,data sharing may cause serio...With the development of the Internet of Things(IoT),the massive data sharing between IoT devices improves the Quality of Service(QoS)and user experience in various IoT applications.However,data sharing may cause serious privacy leakages to data providers.To address this problem,in this study,data sharing is realized through model sharing,based on which a secure data sharing mechanism,called BP2P-FL,is proposed using peer-to-peer federated learning with the privacy protection of data providers.In addition,by introducing the blockchain to the data sharing,every training process is recorded to ensure that data providers offer high-quality data.For further privacy protection,the differential privacy technology is used to disturb the global data sharing model.The experimental results show that BP2P-FL has high accuracy and feasibility in the data sharing of various IoT applications.展开更多
In the digital era,electronic medical record(EMR)has been a major way for hospitals to store patients’medical data.The traditional centralized medical system and semi-trusted cloud storage are difficult to achieve dy...In the digital era,electronic medical record(EMR)has been a major way for hospitals to store patients’medical data.The traditional centralized medical system and semi-trusted cloud storage are difficult to achieve dynamic balance between privacy protection and data sharing.The storage capacity of blockchain is limited and single blockchain schemes have poor scalability and low throughput.To address these issues,we propose a secure and efficient medical data storage and sharing scheme based on double blockchain.In our scheme,we encrypt the original EMR and store it in the cloud.The storage blockchain stores the index of the complete EMR,and the shared blockchain stores the index of the shared part of the EMR.Users with different attributes can make requests to different blockchains to share different parts according to their own permissions.Through experiments,it was found that cloud storage combined with blockchain not only solved the problem of limited storage capacity of blockchain,but also greatly reduced the risk of leakage of the original EMR.Content Extraction Signature(CES)combined with the double blockchain technology realized the separation of the privacy part and the shared part of the original EMR.The symmetric encryption technology combined with Ciphertext-Policy Attribute-Based Encryption(CP–ABE)not only ensures the safe storage of data in the cloud,but also achieves the consistency and convenience of data update,avoiding redundant backup of data.Safety analysis and performance analysis verified the feasibility and effectiveness of our scheme.展开更多
Data sharing technology in Internet of Vehicles(Io V)has attracted great research interest with the goal of realizing intelligent transportation and traffic management.Meanwhile,the main concerns have been raised abou...Data sharing technology in Internet of Vehicles(Io V)has attracted great research interest with the goal of realizing intelligent transportation and traffic management.Meanwhile,the main concerns have been raised about the security and privacy of vehicle data.The mobility and real-time characteristics of vehicle data make data sharing more difficult in Io V.The emergence of blockchain and federated learning brings new directions.In this paper,a data-sharing model that combines blockchain and federated learning is proposed to solve the security and privacy problems of data sharing in Io V.First,we use federated learning to share data instead of exposing actual data and propose an adaptive differential privacy scheme to further balance the privacy and availability of data.Then,we integrate the verification scheme into the consensus process,so that the consensus computation can filter out low-quality models.Experimental data shows that our data-sharing model can better balance the relationship between data availability and privacy,and also has enhanced security.展开更多
The traditional centralized data sharing systems have potential risks such as single point of failures and excessive working load on the central node.As a distributed and collaborative alternative,approaches based upo...The traditional centralized data sharing systems have potential risks such as single point of failures and excessive working load on the central node.As a distributed and collaborative alternative,approaches based upon blockchain have been explored recently for Internet of Things(IoTs).However,the access from a legitimate user may be denied without the pre-defined policy and data update on the blockchain could be costly to the owners.In this paper,we first address these issues by incorporating the Accountable Subgroup Multi-Signature(ASM)algorithm into the Attribute-based Access Control(ABAC)method with Policy Smart Contract,to provide a finegrained and flexible solution.Next,we propose a policy-based Chameleon Hash algorithm that allows the data to be updated in a reliable and convenient way by the authorized users.Finally,we evaluate our work by comparing its performance with the benchmarks.The results demonstrate significant improvement on the effectiveness and efficiency.展开更多
During the prevention of coronavirus disease 2019(COVID-19),epidemiological data is essential for controlling the source of infection,cutting off the route of transmission,and protecting vulnerable populations.Followi...During the prevention of coronavirus disease 2019(COVID-19),epidemiological data is essential for controlling the source of infection,cutting off the route of transmission,and protecting vulnerable populations.Following Law of the People's Republic of China on Prevention and Treatment of Infectious Diseases and other related regulations,medical institutions have been authorized to collect the detailed information of patients,while it is still a formidable task in megacities because of the significant patient mobility and the existing information sharing barrier.As a smart city which strengthens precise epidemic prevention and control,Shanghai has established a multi-department platform named"one-net management"on dynamic information monitoring.By sharing epidemiological data with medical institutions under a safe environment,we believe that the ability to prevent and control epidemics among medical institutions will be effectively and comprehensively improved.展开更多
In this paper,we propose a novel fuzzy matching data sharing scheme named FADS for cloudedge communications.FADS allows users to specify their access policies,and enables receivers to obtain the data transmitted by th...In this paper,we propose a novel fuzzy matching data sharing scheme named FADS for cloudedge communications.FADS allows users to specify their access policies,and enables receivers to obtain the data transmitted by the senders if and only if the two sides meet their defined certain policies simultaneously.Specifically,we first formalize the definition and security models of fuzzy matching data sharing in cloud-edge environments.Then,we construct a concrete instantiation by pairing-based cryptosystem and the privacy-preserving set intersection on attribute sets from both sides to construct a concurrent matching over the policies.If the matching succeeds,the data can be decrypted.Otherwise,nothing will be revealed.In addition,FADS allows users to dynamically specify the policy for each time,which is an urgent demand in practice.A thorough security analysis demonstrates that FADS is of provable security under indistinguishable chosen ciphertext attack(IND-CCA)in random oracle model against probabilistic polynomial-time(PPT)adversary,and the desirable security properties of privacy and authenticity are achieved.Extensive experiments provide evidence that FADS is with acceptable efficiency.展开更多
Despite that existing data sharing systems in online social networks(OSNs)propose to encrypt data before sharing,the multiparty access control of encrypted data has become a challenging issue.In this paper,we propose ...Despite that existing data sharing systems in online social networks(OSNs)propose to encrypt data before sharing,the multiparty access control of encrypted data has become a challenging issue.In this paper,we propose a secure data sharing scheme in 0SNs based on ciphertext-policy attribute-based proxy re-encryption and secret sharing.In order to protect users'sensitive data,our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider.Our scheme presents a multiparty access control model,which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy.Further,we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider.We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext.Moreover,our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy.The security and performance analysis results indicate that the proposed scheme is secure and efficient in OSNs.展开更多
With the continuous development of deep learning,Deep Convolutional Neural Network(DCNN)has attracted wide attention in the industry due to its high accuracy in image classification.Compared with other DCNN hard-ware ...With the continuous development of deep learning,Deep Convolutional Neural Network(DCNN)has attracted wide attention in the industry due to its high accuracy in image classification.Compared with other DCNN hard-ware deployment platforms,Field Programmable Gate Array(FPGA)has the advantages of being programmable,low power consumption,parallelism,and low cost.However,the enormous amount of calculation of DCNN and the limited logic capacity of FPGA restrict the energy efficiency of the DCNN accelerator.The traditional sequential sliding window method can improve the throughput of the DCNN accelerator by data multiplexing,but this method’s data multiplexing rate is low because it repeatedly reads the data between rows.This paper proposes a fast data readout strategy via the circular sliding window data reading method,it can improve the multiplexing rate of data between rows by optimizing the memory access order of input data.In addition,the multiplication bit width of the DCNN accelerator is much smaller than that of the Digital Signal Processing(DSP)on the FPGA,which means that there will be a waste of resources if a multiplication uses a single DSP.A multiplier sharing strategy is proposed,the multiplier of the accelerator is customized so that a single DSP block can complete multiple groups of 4,6,and 8-bit signed multiplication in parallel.Finally,based on two strategies of appeal,an FPGA optimized accelerator is proposed.The accelerator is customized by Verilog language and deployed on Xilinx VCU118.When the accelerator recognizes the CIRFAR-10 dataset,its energy efficiency is 39.98 GOPS/W,which provides 1.73×speedup energy efficiency over previous DCNN FPGA accelerators.When the accelerator recognizes the IMAGENET dataset,its energy efficiency is 41.12 GOPS/W,which shows 1.28×−3.14×energy efficiency compared with others.展开更多
To address the private data management problems and realize privacy-preserving data sharing,a blockchain-based transaction system named Ecare featuring information transparency,fairness and scalability is proposed.The...To address the private data management problems and realize privacy-preserving data sharing,a blockchain-based transaction system named Ecare featuring information transparency,fairness and scalability is proposed.The proposed system formulates multiple private data access control strategies,and realizes data trading and sharing through on-chain transactions,which makes transaction records transparent and immutable.In our system,the private data are encrypted,and the role-based account model ensures that access to the data requires owner’s authorization.Moreover,a new consensus protocol named Proof of Transactions(PoT)proposed by ourselves has been used to improve consensus efficiency.The value of Ecare is not only that it aggregates telemedicine,data transactions,and other features,but also that it translates these actions into transaction events stored in the blockchain,making them transparent and immutable to all participants.The proposed system can be extended to more general big data privacy protection and data transaction scenarios.展开更多
In current cloud computing system, large amounts of sensitive data are shared to other cloud users. To keep these data confidentiality, data owners should encrypt their data before outsourcing. We choose proxy reencry...In current cloud computing system, large amounts of sensitive data are shared to other cloud users. To keep these data confidentiality, data owners should encrypt their data before outsourcing. We choose proxy reencryption (PRE) as the cloud data encryption technique. In a PRE system, a semi-trusted proxy can transform a ciphertext under one public key into a ciphertext of the same message under another public key, but the proxy cannot gain any information about the message. In this paper, we propose a certificateless PRE (CL-PRE) scheme without pairings. The security of the proposed scheme can be proved to be equivalent to the computational Dire- Hellman (CDH) problem in the random oracle model. Compared with other existing CL-PRE schemes, our scheme requires less computation cost and is significantly more efficient. The new scheme does not need the public key certificates to guarantee validity of public keys and solves the key escrow problem in identity-based public key cryptography.展开更多
An M_(S)7.4 earthquake struck west China in Maduo county,Guoluo prefecture,Qinghai province on May 22,2021,at 2:04 Beijing time(18:04 UTC on May 21,2021),which broke the quiet period of Chinese mainland for 1382 days ...An M_(S)7.4 earthquake struck west China in Maduo county,Guoluo prefecture,Qinghai province on May 22,2021,at 2:04 Beijing time(18:04 UTC on May 21,2021),which broke the quiet period of Chinese mainland for 1382 days without earthquakes of magnitude 7 or higher.The analysis of the seismic data sequence would play an important role in the in-depth study of the Maduo earthquake and the Bayan Har block.The Institute of Geophysics,China Earthquake Administration(CEA),compiled observation data recorded through 57 broadband seismometers within 500 km of the earthquake epicenter and intended to share for further researches in earthquake science community.The shared dataset included waveforms of the event and its sequence with magnitudes of 3.0 or higher that occurred between May 22-31,2021 with a sampling rate of 100 sps along with the continuous waveforms of 20 Hz and 100 Hz.Additionally,the seismic instrument response files also were shared.The event and continuous waveform records could be downloaded by submitting a request through the web platform of the Earthquake Science Data Center of the Institute of Geophysics,CEA(www.esdc.ac.cn).展开更多
With the rapid growth of Internet of Things(IoT)based models,and the lack amount of data makes cloud computing resources insufficient.Hence,edge computing-based techniques are becoming more popular in present research...With the rapid growth of Internet of Things(IoT)based models,and the lack amount of data makes cloud computing resources insufficient.Hence,edge computing-based techniques are becoming more popular in present research domains that makes data storage,and processing effective at the network edges.There are several advanced features like parallel processing and data perception are available in edge computing.Still,there are some challenges in providing privacy and data security over networks.To solve the security issues in Edge Computing,Hash-based Message Authentication Code(HMAC)algorithm is used to provide solutions for preserving data from various attacks that happens with the distributed network nature.This paper proposed a Trust Model for Secure Data Sharing(TM-SDS)with HMAC algorithm.Here,data security is ensured with local and global trust levels with the centralized processing of cloud and by conserving resources effectively.Further,the proposed model achieved 84.25%of packet delivery ratio which is better compared to existing models in the resulting phase.The data packets are securely transmitted between entities in the proposed model and results showed that proposed TM-SDS model outperforms the existing models in an efficient manner.展开更多
For the goals of security and privacy preservation,we propose a blind batch encryption-and public ledger-based data sharing protocol that allows the integrity of sensitive data to be audited by a public ledger and all...For the goals of security and privacy preservation,we propose a blind batch encryption-and public ledger-based data sharing protocol that allows the integrity of sensitive data to be audited by a public ledger and allows privacy information to be preserved.Data owners can tightly manage their data with efficient revocation and only grant one-time adaptive access for the fulfillment of the requester.We prove that our protocol is semanticallly secure,blind,and secure against oblivious requesters and malicious file keepers.We also provide security analysis in the context of four typical attacks.展开更多
文摘The accelerated advancement of the Internet of Things(IoT)has generated substantial data,including sensitive and private information.Consequently,it is imperative to guarantee the security of data sharing.While facilitating fine-grained access control,Ciphertext Policy Attribute-Based Encryption(CP-ABE)can effectively ensure the confidentiality of shared data.Nevertheless,the conventional centralized CP-ABE scheme is plagued by the issues of keymisuse,key escrow,and large computation,which will result in security risks.This paper suggests a lightweight IoT data security sharing scheme that integrates blockchain technology and CP-ABE to address the abovementioned issues.The integrity and traceability of shared data are guaranteed by the use of blockchain technology to store and verify access transactions.The encryption and decryption operations of the CP-ABE algorithm have been implemented using elliptic curve scalarmultiplication to accommodate lightweight IoT devices,as opposed to themore arithmetic bilinear pairing found in the traditional CP-ABE algorithm.Additionally,a portion of the computation is delegated to the edge nodes to alleviate the computational burden on users.A distributed key management method is proposed to address the issues of key escrow andmisuse.Thismethod employs the edge blockchain to facilitate the storage and distribution of attribute private keys.Meanwhile,data security sharing is enhanced by combining off-chain and on-chain ciphertext storage.The security and performance analysis indicates that the proposed scheme is more efficient and secure.
基金supported by the National Natural Science Foundation of China(Grant No.U24B20146)the National Key Research and Development Plan in China(Grant No.2020YFB1005500)Beijing Natural Science Foundation Project(No.M21034).
文摘With the rapid development of web3.0 applications,the volume of data sharing is increasing,the inefficiency of big data file sharing and the problem of data privacy leakage are becoming more and more prominent,and the existing data sharing schemes have been difficult to meet the growing demand for data sharing,this paper aims at exploring a secure,efficient and privacy-protecting data sharing scheme under web3.0 applications.Specifically,this paper adopts interplanetary file system(IPFS)technology to realize the storage of large data files to solve the problem of blockchain storage capacity limitation,and utilizes ciphertext policy attribute-based encryption(CP-ABE)and proxy re-encryption(PRE)technology to realize secure multi-party sharing and finegrained access control of data.This paper provides the detailed algorithm design and implementation of data sharing phases and processes,and analyzes the algorithms from the perspectives of security,privacy protection,and performance.
基金supported by the Natural Science Foundation of Hebei Province of China(F2021201052).
文摘With the rapid development of medical data sharing,issues of privacy and ownership have become prominent,which have limited the scale of data sharing.To address the above challenges,we propose a blockchainbased data-sharing framework to ensure data security and encourage data owners to actively participate in sharing.We introduce a reliable attribute-based searchable encryption scheme that enables fine-grained access control of encrypted data and ensures secure and efficient data sharing.The revenue distribution model is constructed based on Shapley value to motivate participants.Additionally,by integrating the smart contract technology of blockchain,the search operation and incentive mechanism are automatically executed.Through revenue distribution analysis,the incentive effect and rationality of the proposed scheme are verified.Performance evaluation shows that,compared with traditional data-sharing models,our proposed framework not only meets data security requirements but also incentivizes more participants to actively participate in data sharing.
基金supported by Hainan Provincial Natural Science Foundation of China Nos.622RC617,624RC485Open Foundation of State Key Laboratory of Networking and Switching Technology(Beijing University of Posts and Telecommunications)(SKLNST-2023-1-07).
文摘The advent of the digital age has consistently provided impetus for facilitating global trade,as evidenced by the numerous customs clearance documents and participants involved in the international trade process,including enterprises,agents,and government departments.However,the urgent issue that requires immediate attention is how to achieve secure and efficient cross-border data sharing among these government departments and enterprises in complex trade processes.In addressing this need,this paper proposes a data exchange architecture employing Multi-Authority Attribute-Based Encryption(MA-ABE)in combination with blockchain technology.This scheme supports proxy decryption,attribute revocation,and policy update,while allowing each participating entity to manage their keys autonomously,ensuring system security and enhancing trust among participants.In order to enhance system decentralization,a mechanism has been designed in the architecture where multiple institutions interact with smart contracts and jointly participate in the generation of public parameters.Integration with the multi-party process execution engine Caterpillar has been shown to boost the transparency of cross-border information flow and cooperation between different organizations.The scheme ensures the auditability of data access control information and the visualization of on-chain data sharing.The MA-ABE scheme is statically secure under the q-Decisional Parallel Bilinear Diffie-Hellman Exponent(q-DPBDHE2)assumption in the random oracle model,and can resist ciphertext rollback attacks to achieve true backward and forward security.Theoretical analysis and experimental results demonstrate the appropriateness of the scheme for cross-border data collaboration between different institutions.
基金supported by the Youth Doctoral Foundation of Gansu Education Committee under Grant No.2022QB-176.
文摘Sharing of personal health records(PHR)in cloud computing is an essential functionality in the healthcare system.However,how to securely,efficiently and flexibly share PHRs data of the patient in a multi-receiver setting has not been well addressed.For instance,since the trust domain of the cloud server is not identical to the data owner or data user,the semi-trust cloud service provider may intentionally destroy or tamper shared PHRs data of user or only transform partial ciphertext of the shared PHRs or even return wrong computation results to save its storage and computation resource,to pursue maximum economic interest or other malicious purposes.Thus,the PHRs data storing or sharing via the cloud server should be performed with consistency and integrity verification.Fortunately,the emergence of blockchain technology provides new ideas and prospects for ensuring the consistency and integrity of shared PHRs data.To this end,in this work,we leverage the consortiumblockchain technology to enhance the trustworthiness of each participant and propose a blockchain-based patient-centric data sharing scheme for PHRs in cloud computing(BC-PC-Share).Different from the state-of-art schemes,our proposal can achieve the following desired properties:(1)Realizing patient-centric PHRs sharing with a public verification function,i.e.,which can ensure that the returned shared data is consistent with the requested shared data and the integrity of the shared data is not compromised.(2)Supporting scalable and fine-grained access control and sharing of PHRs data with multiple domain users,such as hospitals,medical research institutes,and medical insurance companies.(3)Achieving efficient user decryption by leveraging the transformation key technique and efficient user revocation by introducing time-controlled access.The security analysis and simulation experiment demonstrate that the proposed BC-PC-Share scheme is a feasible and promising solution for PHRs data sharing via consortium blockchain.
基金supported in part by the National Nature Science Foundation of China under Grant No.61402413 and 61340058 the "Six Kinds Peak Talents Plan" project of Jiangsu Province under Grant No.ll-JY-009+2 种基金the Nature Science Foundation of Zhejiang Province under Grant No.LY14F020019, Z14F020006 and Y1101183the China Postdoctoral Science Foundation funded project under Grant No.2012M511732Jiangsu Province Postdoctoral Science Foundation funded project Grant No.1102014C
文摘The Cloud is increasingly being used to store and process big data for its tenants and classical security mechanisms using encryption are neither sufficiently efficient nor suited to the task of protecting big data in the Cloud.In this paper,we present an alternative approach which divides big data into sequenced parts and stores them among multiple Cloud storage service providers.Instead of protecting the big data itself,the proposed scheme protects the mapping of the various data elements to each provider using a trapdoor function.Analysis,comparison and simulation prove that the proposed scheme is efficient and secure for the big data of Cloud tenants.
基金supported in part by Zhejiang Provincial Natural Science Foundation of China under Grant nos.LZ22F020002 and LY22F020003National Natural Science Foundation of China under Grant nos.61772018 and 62002226the key project of Humanities and Social Sciences in Colleges and Universities of Zhejiang Province under Grant no.2021GH017.
文摘The fast proliferation of edge devices for the Internet of Things(IoT)has led to massive volumes of data explosion.The generated data is collected and shared using edge-based IoT structures at a considerably high frequency.Thus,the data-sharing privacy exposure issue is increasingly intimidating when IoT devices make malicious requests for filching sensitive information from a cloud storage system through edge nodes.To address the identified issue,we present evolutionary privacy preservation learning strategies for an edge computing-based IoT data sharing scheme.In particular,we introduce evolutionary game theory and construct a payoff matrix to symbolize intercommunication between IoT devices and edge nodes,where IoT devices and edge nodes are two parties of the game.IoT devices may make malicious requests to achieve their goals of stealing privacy.Accordingly,edge nodes should deny malicious IoT device requests to prevent IoT data from being disclosed.They dynamically adjust their own strategies according to the opponent's strategy and finally maximize the payoffs.Built upon a developed application framework to illustrate the concrete data sharing architecture,a novel algorithm is proposed that can derive the optimal evolutionary learning strategy.Furthermore,we numerically simulate evolutionarily stable strategies,and the final results experimentally verify the correctness of the IoT data sharing privacy preservation scheme.Therefore,the proposed model can effectively defeat malicious invasion and protect sensitive information from leaking when IoT data is shared.
基金This work is supported by National Natural Science Foundation of China under Grant No.U1905211 and 61702103Natural Science Foundation of Fujian Province under Grant No.2020J01167 and 2020J01169.
文摘With the development of the Internet of Things(IoT),the massive data sharing between IoT devices improves the Quality of Service(QoS)and user experience in various IoT applications.However,data sharing may cause serious privacy leakages to data providers.To address this problem,in this study,data sharing is realized through model sharing,based on which a secure data sharing mechanism,called BP2P-FL,is proposed using peer-to-peer federated learning with the privacy protection of data providers.In addition,by introducing the blockchain to the data sharing,every training process is recorded to ensure that data providers offer high-quality data.For further privacy protection,the differential privacy technology is used to disturb the global data sharing model.The experimental results show that BP2P-FL has high accuracy and feasibility in the data sharing of various IoT applications.
基金the Natural Science Foundation of Heilongjiang Province of China under Grant No.LC2016024Natural Science Foundation of the Jiangsu Higher Education Institutions Grant No.17KJB520044Six Talent Peaks Project in Jiangsu Province No.XYDXX–108.
文摘In the digital era,electronic medical record(EMR)has been a major way for hospitals to store patients’medical data.The traditional centralized medical system and semi-trusted cloud storage are difficult to achieve dynamic balance between privacy protection and data sharing.The storage capacity of blockchain is limited and single blockchain schemes have poor scalability and low throughput.To address these issues,we propose a secure and efficient medical data storage and sharing scheme based on double blockchain.In our scheme,we encrypt the original EMR and store it in the cloud.The storage blockchain stores the index of the complete EMR,and the shared blockchain stores the index of the shared part of the EMR.Users with different attributes can make requests to different blockchains to share different parts according to their own permissions.Through experiments,it was found that cloud storage combined with blockchain not only solved the problem of limited storage capacity of blockchain,but also greatly reduced the risk of leakage of the original EMR.Content Extraction Signature(CES)combined with the double blockchain technology realized the separation of the privacy part and the shared part of the original EMR.The symmetric encryption technology combined with Ciphertext-Policy Attribute-Based Encryption(CP–ABE)not only ensures the safe storage of data in the cloud,but also achieves the consistency and convenience of data update,avoiding redundant backup of data.Safety analysis and performance analysis verified the feasibility and effectiveness of our scheme.
基金supported by the Ministry of Education Industry-University Cooperation Collaborative Education Projects of China under Grant 202102119036 and 202102082013。
文摘Data sharing technology in Internet of Vehicles(Io V)has attracted great research interest with the goal of realizing intelligent transportation and traffic management.Meanwhile,the main concerns have been raised about the security and privacy of vehicle data.The mobility and real-time characteristics of vehicle data make data sharing more difficult in Io V.The emergence of blockchain and federated learning brings new directions.In this paper,a data-sharing model that combines blockchain and federated learning is proposed to solve the security and privacy problems of data sharing in Io V.First,we use federated learning to share data instead of exposing actual data and propose an adaptive differential privacy scheme to further balance the privacy and availability of data.Then,we integrate the verification scheme into the consensus process,so that the consensus computation can filter out low-quality models.Experimental data shows that our data-sharing model can better balance the relationship between data availability and privacy,and also has enhanced security.
基金supported by the National Natural Science Foundation of China under Grant 61972148。
文摘The traditional centralized data sharing systems have potential risks such as single point of failures and excessive working load on the central node.As a distributed and collaborative alternative,approaches based upon blockchain have been explored recently for Internet of Things(IoTs).However,the access from a legitimate user may be denied without the pre-defined policy and data update on the blockchain could be costly to the owners.In this paper,we first address these issues by incorporating the Accountable Subgroup Multi-Signature(ASM)algorithm into the Attribute-based Access Control(ABAC)method with Policy Smart Contract,to provide a finegrained and flexible solution.Next,we propose a policy-based Chameleon Hash algorithm that allows the data to be updated in a reliable and convenient way by the authorized users.Finally,we evaluate our work by comparing its performance with the benchmarks.The results demonstrate significant improvement on the effectiveness and efficiency.
文摘During the prevention of coronavirus disease 2019(COVID-19),epidemiological data is essential for controlling the source of infection,cutting off the route of transmission,and protecting vulnerable populations.Following Law of the People's Republic of China on Prevention and Treatment of Infectious Diseases and other related regulations,medical institutions have been authorized to collect the detailed information of patients,while it is still a formidable task in megacities because of the significant patient mobility and the existing information sharing barrier.As a smart city which strengthens precise epidemic prevention and control,Shanghai has established a multi-department platform named"one-net management"on dynamic information monitoring.By sharing epidemiological data with medical institutions under a safe environment,we believe that the ability to prevent and control epidemics among medical institutions will be effectively and comprehensively improved.
基金supported by the China Postdoctoral Science Foundation (Grant Nos. 2021TQ0042, 2021M700435, 2021TQ0041)the National Natural Science Foundation of China (Grant No. 62102027)the Shandong Provincial Key Research and Development Program (2021CXGC010106)
文摘In this paper,we propose a novel fuzzy matching data sharing scheme named FADS for cloudedge communications.FADS allows users to specify their access policies,and enables receivers to obtain the data transmitted by the senders if and only if the two sides meet their defined certain policies simultaneously.Specifically,we first formalize the definition and security models of fuzzy matching data sharing in cloud-edge environments.Then,we construct a concrete instantiation by pairing-based cryptosystem and the privacy-preserving set intersection on attribute sets from both sides to construct a concurrent matching over the policies.If the matching succeeds,the data can be decrypted.Otherwise,nothing will be revealed.In addition,FADS allows users to dynamically specify the policy for each time,which is an urgent demand in practice.A thorough security analysis demonstrates that FADS is of provable security under indistinguishable chosen ciphertext attack(IND-CCA)in random oracle model against probabilistic polynomial-time(PPT)adversary,and the desirable security properties of privacy and authenticity are achieved.Extensive experiments provide evidence that FADS is with acceptable efficiency.
基金supported by the National Natural Science Foundation of China under Grant No.61272519the Specialized Research Fund for the Doctoral Program of Higher Education under Grant No.20120005110017the National Key Technology R&D Program under Grant No.2012BAH06B02
文摘Despite that existing data sharing systems in online social networks(OSNs)propose to encrypt data before sharing,the multiparty access control of encrypted data has become a challenging issue.In this paper,we propose a secure data sharing scheme in 0SNs based on ciphertext-policy attribute-based proxy re-encryption and secret sharing.In order to protect users'sensitive data,our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider.Our scheme presents a multiparty access control model,which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy.Further,we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider.We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext.Moreover,our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy.The security and performance analysis results indicate that the proposed scheme is secure and efficient in OSNs.
基金supported in part by the Major Program of the Ministry of Science and Technology of China under Grant 2019YFB2205102in part by the National Natural Science Foundation of China under Grant 61974164,62074166,61804181,62004219,62004220,62104256.
文摘With the continuous development of deep learning,Deep Convolutional Neural Network(DCNN)has attracted wide attention in the industry due to its high accuracy in image classification.Compared with other DCNN hard-ware deployment platforms,Field Programmable Gate Array(FPGA)has the advantages of being programmable,low power consumption,parallelism,and low cost.However,the enormous amount of calculation of DCNN and the limited logic capacity of FPGA restrict the energy efficiency of the DCNN accelerator.The traditional sequential sliding window method can improve the throughput of the DCNN accelerator by data multiplexing,but this method’s data multiplexing rate is low because it repeatedly reads the data between rows.This paper proposes a fast data readout strategy via the circular sliding window data reading method,it can improve the multiplexing rate of data between rows by optimizing the memory access order of input data.In addition,the multiplication bit width of the DCNN accelerator is much smaller than that of the Digital Signal Processing(DSP)on the FPGA,which means that there will be a waste of resources if a multiplication uses a single DSP.A multiplier sharing strategy is proposed,the multiplier of the accelerator is customized so that a single DSP block can complete multiple groups of 4,6,and 8-bit signed multiplication in parallel.Finally,based on two strategies of appeal,an FPGA optimized accelerator is proposed.The accelerator is customized by Verilog language and deployed on Xilinx VCU118.When the accelerator recognizes the CIRFAR-10 dataset,its energy efficiency is 39.98 GOPS/W,which provides 1.73×speedup energy efficiency over previous DCNN FPGA accelerators.When the accelerator recognizes the IMAGENET dataset,its energy efficiency is 41.12 GOPS/W,which shows 1.28×−3.14×energy efficiency compared with others.
基金This work was supported by the National Key R&D Program of China(No.2018YFB1700100)the National Natural Science Foundation of China(No.61873317)。
文摘To address the private data management problems and realize privacy-preserving data sharing,a blockchain-based transaction system named Ecare featuring information transparency,fairness and scalability is proposed.The proposed system formulates multiple private data access control strategies,and realizes data trading and sharing through on-chain transactions,which makes transaction records transparent and immutable.In our system,the private data are encrypted,and the role-based account model ensures that access to the data requires owner’s authorization.Moreover,a new consensus protocol named Proof of Transactions(PoT)proposed by ourselves has been used to improve consensus efficiency.The value of Ecare is not only that it aggregates telemedicine,data transactions,and other features,but also that it translates these actions into transaction events stored in the blockchain,making them transparent and immutable to all participants.The proposed system can be extended to more general big data privacy protection and data transaction scenarios.
基金the National Natural Science Foundation of China(No.61133014)
文摘In current cloud computing system, large amounts of sensitive data are shared to other cloud users. To keep these data confidentiality, data owners should encrypt their data before outsourcing. We choose proxy reencryption (PRE) as the cloud data encryption technique. In a PRE system, a semi-trusted proxy can transform a ciphertext under one public key into a ciphertext of the same message under another public key, but the proxy cannot gain any information about the message. In this paper, we propose a certificateless PRE (CL-PRE) scheme without pairings. The security of the proposed scheme can be proved to be equivalent to the computational Dire- Hellman (CDH) problem in the random oracle model. Compared with other existing CL-PRE schemes, our scheme requires less computation cost and is significantly more efficient. The new scheme does not need the public key certificates to guarantee validity of public keys and solves the key escrow problem in identity-based public key cryptography.
文摘An M_(S)7.4 earthquake struck west China in Maduo county,Guoluo prefecture,Qinghai province on May 22,2021,at 2:04 Beijing time(18:04 UTC on May 21,2021),which broke the quiet period of Chinese mainland for 1382 days without earthquakes of magnitude 7 or higher.The analysis of the seismic data sequence would play an important role in the in-depth study of the Maduo earthquake and the Bayan Har block.The Institute of Geophysics,China Earthquake Administration(CEA),compiled observation data recorded through 57 broadband seismometers within 500 km of the earthquake epicenter and intended to share for further researches in earthquake science community.The shared dataset included waveforms of the event and its sequence with magnitudes of 3.0 or higher that occurred between May 22-31,2021 with a sampling rate of 100 sps along with the continuous waveforms of 20 Hz and 100 Hz.Additionally,the seismic instrument response files also were shared.The event and continuous waveform records could be downloaded by submitting a request through the web platform of the Earthquake Science Data Center of the Institute of Geophysics,CEA(www.esdc.ac.cn).
文摘With the rapid growth of Internet of Things(IoT)based models,and the lack amount of data makes cloud computing resources insufficient.Hence,edge computing-based techniques are becoming more popular in present research domains that makes data storage,and processing effective at the network edges.There are several advanced features like parallel processing and data perception are available in edge computing.Still,there are some challenges in providing privacy and data security over networks.To solve the security issues in Edge Computing,Hash-based Message Authentication Code(HMAC)algorithm is used to provide solutions for preserving data from various attacks that happens with the distributed network nature.This paper proposed a Trust Model for Secure Data Sharing(TM-SDS)with HMAC algorithm.Here,data security is ensured with local and global trust levels with the centralized processing of cloud and by conserving resources effectively.Further,the proposed model achieved 84.25%of packet delivery ratio which is better compared to existing models in the resulting phase.The data packets are securely transmitted between entities in the proposed model and results showed that proposed TM-SDS model outperforms the existing models in an efficient manner.
基金partially supported by the National Natural Science Foundation of China under grant no.62372245the Foundation of Yunnan Key Laboratory of Blockchain Application Technology under Grant 202105AG070005+1 种基金in part by the Foundation of State Key Laboratory of Public Big Datain part by the Foundation of Key Laboratory of Computational Science and Application of Hainan Province under Grant JSKX202202。
文摘For the goals of security and privacy preservation,we propose a blind batch encryption-and public ledger-based data sharing protocol that allows the integrity of sensitive data to be audited by a public ledger and allows privacy information to be preserved.Data owners can tightly manage their data with efficient revocation and only grant one-time adaptive access for the fulfillment of the requester.We prove that our protocol is semanticallly secure,blind,and secure against oblivious requesters and malicious file keepers.We also provide security analysis in the context of four typical attacks.
