Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authentica...Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authenticate the identity and generate private keys for all users, and one Third Party Auditor(TPA) is employed to by users to check the integrity of cloud data. This approach is undesirable for large-scale users since the PKG and the TPA might not be able to afford the heavy workload. To solve the problem, we give a hierarchical Private Key Generator structure for large-scale user groups, in which a root PKG delegates lower-level PKGs to generate private keys and authenticate identities. Based on the proposed structure, we propose an authorized identity-based public cloud storage auditing scheme, in which the lowest-level PKGs play the role of TPA, and only the authorized lowest-level PKGs can represent users in their domains to check cloud data's integrity. Furthermore, we give the formal security analysis and experimental results, which show that our proposed scheme is secure and efficient.展开更多
In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dy...In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.展开更多
Ciphertext policy attribute based encryption(CP-ABE)can provide high finegrained access control for cloud storage.However,it needs to solve problems such as property privacy protection,ciphertext search and data updat...Ciphertext policy attribute based encryption(CP-ABE)can provide high finegrained access control for cloud storage.However,it needs to solve problems such as property privacy protection,ciphertext search and data update in the application process.Therefore,based on CP-ABE scheme,this paper proposes a dynamically updatable searchable encryption cloud storage(DUSECS)scheme.Using the characteristics of homomorphic encryption,the encrypted data is compared to achieve efficient hiding policy.Meanwhile,adopting linked list structure,the DUSECS scheme realizes the dynamic data update and integrity detection,and the search encryption against keyword guessing attacks is achieved by combining homomorphic encryption with aggregation algorithm.The analysis of security and performance shows that the scheme is secure and efficient.展开更多
Cloud storage is one of the main application of the cloud computing.With the data services in the cloud,users is able to outsource their data to the cloud,access and share their outsourced data from the cloud server a...Cloud storage is one of the main application of the cloud computing.With the data services in the cloud,users is able to outsource their data to the cloud,access and share their outsourced data from the cloud server anywhere and anytime.However,this new paradigm of data outsourcing services also introduces new security challenges,among which is how to ensure the integrity of the outsourced data.Although the cloud storage providers commit a reliable and secure environment to users,the integrity of data can still be damaged owing to the carelessness of humans and failures of hardwares/softwares or the attacks from external adversaries.Therefore,it is of great importance for users to audit the integrity of their data outsourced to the cloud.In this paper,we first design an auditing framework for cloud storage and proposed an algebraic signature based remote data possession checking protocol,which allows a third-party to auditing the integrity of the outsourced data on behalf of the users and supports unlimited number of verifications.Then we extends our auditing protocol to support data dynamic operations,including data update,data insertion and data deletion.The analysis and experiment results demonstrate that our proposed schemes are secure and efficient.展开更多
The proliferation of the global datasphere has forced cloud storage systems to evolve more complex architectures for different applications.The emergence of these application session requests and system daemon service...The proliferation of the global datasphere has forced cloud storage systems to evolve more complex architectures for different applications.The emergence of these application session requests and system daemon services has created large persistent flows with diverse performance requirements that need to coexist with other types of traffic.Current routing methods such as equal-cost multipath(ECMP)and Hedera do not take into consideration specific traffic characteristics nor performance requirements,which make these methods difficult to meet the quality of service(QoS)for high-priority flows.In this paper,we tailored the best routing for different kinds of cloud storage flows as an integer programming problem and utilized grey relational analysis(GRA)to solve this optimization problem.The resulting method is a GRAbased service-aware flow scheduling(GRSA)framework that considers requested flow types and network status to select appropriate routing paths for flows in cloud storage datacenter networks.The results from experiments carried out on a real traffic trace show that the proposed GRSA method can better balance traffic loads,conserve table space and reduce the average transmission delay for high-priority flows compared to ECMP and Hedera.展开更多
In distributed cloud storage systems, inevitably there exist multiple node failures at the same time. The existing methods of regenerating codes, including minimum storage regenerating(MSR) codes and minimum bandwidth...In distributed cloud storage systems, inevitably there exist multiple node failures at the same time. The existing methods of regenerating codes, including minimum storage regenerating(MSR) codes and minimum bandwidth regenerating(MBR) codes, are mainly to repair one single or several failed nodes, unable to meet the repair need of distributed cloud storage systems. In this paper, we present locally minimum storage regenerating(LMSR) codes to recover multiple failed nodes at the same time. Specifically, the nodes in distributed cloud storage systems are divided into multiple local groups, and in each local group(4, 2) or(5, 3) MSR codes are constructed. Moreover, the grouping method of storage nodes and the repairing process of failed nodes in local groups are studied. Theoretical analysis shows that LMSR codes can achieve the same storage overhead as MSR codes. Furthermore, we verify by means of simulation that, compared with MSR codes, LMSR codes can reduce the repair bandwidth and disk I/O overhead effectively.展开更多
Due to its characteristics distribution and virtualization, cloud storage also brings new security problems. User's data is stored in the cloud, which separated the ownership from management. How to ensure the securi...Due to its characteristics distribution and virtualization, cloud storage also brings new security problems. User's data is stored in the cloud, which separated the ownership from management. How to ensure the security of cloud data, how to increase data availability and how to improve user privacy perception are the key issues of cloud storage research, especially when the cloud service provider is not completely trusted. In this paper, a cloud storage ciphertext retrieval scheme based on AES and homomorphic encryption is presented. This ciphertext retrieval scheme will not only conceal the user retrieval information, but also prevent the cloud from obtaining user access pattern such as read-write mode, and access frequency, thereby ensuring the safety of the ciphertext retrieval and user privacy. The results of simulation analysis show that the performance of this ciphertext retrieval scheme requires less overhead than other schemes on the same security level.展开更多
Purpose: In order to explain and predict the adoption of personal cloud storage, this study explores the critical factors involved in the adoption of personal cloud storage and empirically validates their relationshi...Purpose: In order to explain and predict the adoption of personal cloud storage, this study explores the critical factors involved in the adoption of personal cloud storage and empirically validates their relationships to a user's intentions.Design/methodology/approach: Based on technology acceptance model(TAM), network externality, trust, and an interview survey, this study proposes a personal cloud storage adoption model. We conducted an empirical analysis by structural equation modeling based on survey data obtained with a questionnaire.Findings: Among the adoption factors we identified, network externality has the salient influence on a user's adoption intention, followed by perceived usefulness, individual innovation, perceived trust, perceived ease of use, and subjective norms. Cloud storage characteristics are the most important indirect factors, followed by awareness to personal cloud storage and perceived risk. However, although perceived risk is regarded as an important factor by other cloud computing researchers, we found that it has no significant influence. Also, subjective norms have no significant influence on perceived usefulness. This indicates that users are rational when they choose whether to adopt personal cloud storage.Research limitations: This study ignores time and cost factors that might affect a user's intention to adopt personal cloud storage.Practical implications: Our findings might be helpful in designing and developing personal cloud storage products, and helpful to regulators crafting policies.Originality/value: This study is one of the first research efforts that discuss Chinese users' personal cloud storage adoption, which should help to further the understanding of personal cloud adoption behavior among Chinese users.展开更多
Cloud storage employs software that interconnects and facilitates collaboration between different types of storage devices Compared with traditional storage methods, cloud storage poses new challenges in data security...Cloud storage employs software that interconnects and facilitates collaboration between different types of storage devices Compared with traditional storage methods, cloud storage poses new challenges in data security, reliability, and management. This paper introduces four layers of cloud storage architecture: data storage layer (connecting multiple storage components), data management layer (providing common support technology for multiple services), data service layer (sustaining multiple storage applications), and user access layer. A typical cloud storage application--Backup Cloud (B-Cloud)--is examined and its software architecture, characteristics, and main research areas are discussed.展开更多
Problems with data security impede the widespread application of cloud computing. Although data can be protected through encryption, effective retrieval of encrypted data is difficult to achieve using traditional meth...Problems with data security impede the widespread application of cloud computing. Although data can be protected through encryption, effective retrieval of encrypted data is difficult to achieve using traditional methods. This paper analyzes encrypted storage and retrieval technologies in cloud storage applications. A ranking method based on fully homomorphic encryption is proposed to meet demands of encrypted storage. Results show this method can improve efficiency.展开更多
In order to ensure the security of cloud storage, on the basis of the analysis of cloud storage security requirements, this paper puts forward a kind of" hidden mapping hyper-combined public key management scheme...In order to ensure the security of cloud storage, on the basis of the analysis of cloud storage security requirements, this paper puts forward a kind of" hidden mapping hyper-combined public key management scheme based on the hyperelliptic curve crypto system, which is applicable to the distributed cloud storage. A series of operation processes of the key management are elaborated, including key distribution, key updating and key agreement, etc. Analysis shows that the scheme can solve the problem of large-scale key management and storage issues in cloud storage effectively. The scheme feathers high efficiency and good scalability. It is able to resist collusion attack and ensure safe and reliable service provided by the cloud storaee system展开更多
In this paper, we survey data security and privacy problems created by cloud storage applications and propose a cloud storage security architecture. We discuss state-of-the-art techniques for ensuring the privacy and ...In this paper, we survey data security and privacy problems created by cloud storage applications and propose a cloud storage security architecture. We discuss state-of-the-art techniques for ensuring the privacy and security of data stored in the cloud. We discuss policies for access control and data integrity, availability, and privacy. We also discuss several key solutions proposed in current literature and point out future research directions.展开更多
Based on the energy storage cloud platform architecture,this study considers the extensive configuration of energy storage devices and the future large-scale application of electric vehicles at the customer side to bu...Based on the energy storage cloud platform architecture,this study considers the extensive configuration of energy storage devices and the future large-scale application of electric vehicles at the customer side to build a new mode of smart power consumption with a flexible interaction,smooth the peak/valley difference of the load side power,and improve energy efficiency.A plug and play device for customer-side energy storage and an internet-based energy storage cloud platform are developed herein to build a new intelligent power consumption mode with a flexible interaction suitable for ordinary customers.Based on the load perception of the power grid,this study aims to investigate the operating state and service life of distributed energy storage devices.By selecting an integrated optimal control scheme,this study designs a kind of energy optimization and deployment strategy for stratified partition to reduce the operating cost of the energy storage device on the client side.The effectiveness of the system and the control strategy is verified through the Suzhou client-side distributed energy storage demonstration project.展开更多
This paper introduces the basic concepts and features of an obiect storage system. It also introduces some related standards, specifications, and implementations for several existing systems. ZTE' s Object Storage Sy...This paper introduces the basic concepts and features of an obiect storage system. It also introduces some related standards, specifications, and implementations for several existing systems. ZTE' s Object Storage System (ZTE OSS) was designed by Tsinghua University and ZTE Corporation and is designed to manage large amounts of data. ZTE OSS has a scalable architecture, some open source components, and an efficient key-value database. ZTE OSS is easy to scale and highly reliable. Experiments show that ZTE OSS performs well with mass data and heavy展开更多
Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server i...Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server is not completely trusted, and its security could be compromised by monetary reasons or caused by hacking and hardware errors. Therefore, despite of having advantages of scalability and flexibility, cloud storage service comes with privacy and the security concerns. A straightforward method to protect the user's privacy is to encrypt the data stored at the cloud. To enable the authenticated users to access the encrypted cloud data, a practical group key management algorithm for the cloud data sharing application is highly desired. The existing group key management mechanisms presume that the server is trusted. But, the cloud data service mode does not always meet this condition. How to manage the group keys to support the scenario of the cloud storage with a semi-trusted cloud server is still a challenging task. Moreover, the cloud storage system is a large-scale and open application, in which the user group is dynamic. To address this problem, we propose a practical group key management algorithm based on a proxy re-encryption mechanism in this paper. We use the cloud server to act as a proxy tore-encrypt the group key to allow authorized users to decrypt and get the group key by their private key. To achieve the hierarchical access control policy, our scheme enables the cloud server to convert the encrypted group key of the lower group to the upper group. The numerical analysis and experimental results further validate the high efficiency and security of the proposed scheme.展开更多
With the development of smart grid, the electric power supervisory control and data acquisition (SCADA) system is limited by the traditional IT infrastructure, leading to low resource utilization and poor scalabilit...With the development of smart grid, the electric power supervisory control and data acquisition (SCADA) system is limited by the traditional IT infrastructure, leading to low resource utilization and poor scalability. Information islands are formed due to poor system interoperability. The development of innovative applications is limited, and the launching period of new businesses is long. Management costs and risks increase, and equipment utilization declines. To address these issues, a professional private cloud solution is introduced to integrate the electric power SCADA system, and conduct experimental study of its applicability, reliability, security, and real time. The experimental results show that the professional private cloud solution is technical and commercial feasible, meeting the requirements of the electric power SCADA system.展开更多
Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different prov...Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption (IBE) for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.展开更多
In cloud,data access control is a crucial way to ensure data security.Functional encryption(FE) is a novel cryptographic primitive supporting fine-grained access control of encrypted data in cloud.In FE,every cipherte...In cloud,data access control is a crucial way to ensure data security.Functional encryption(FE) is a novel cryptographic primitive supporting fine-grained access control of encrypted data in cloud.In FE,every ciphertext is specified with an access policy,a decryptor can access the data if and only if his secret key matches with the access policy.However,the FE cannot be directly applied to construct access control scheme due to the exposure of the access policy which may contain sensitive information.In this paper,we deal with the policy privacy issue and present a mechanism named multi-authority vector policy(MAVP) which provides hidden and expressive access policy for FE.Firstly,each access policy is encoded as a matrix and decryptors can only obtain the matched result from the matrix in MAVP.Then,we design a novel function encryption scheme based on the multi-authority spatial policy(MAVPFE),which can support privacy-preserving yet non-monotone access policy.Moreover,we greatly improve the efficiency of encryption and decryption in MAVP-FE by shifting the major computation of clients to the outsourced server.Finally,the security and performance analysis show that our MAVP-FE is secure and efficient in practice.展开更多
To enhance the security of user data in the clouds,we present an adaptive and dynamic data encryption method to encrypt user data in the mobile phone before it is uploaded.Firstly,the adopted data encryption algorithm...To enhance the security of user data in the clouds,we present an adaptive and dynamic data encryption method to encrypt user data in the mobile phone before it is uploaded.Firstly,the adopted data encryption algorithm is not static and uniform.For each encryption,this algorithm is adaptively and dynamically selected from the algorithm set in the mobile phone encryption system.From the mobile phone's character,the detail encryption algorithm selection strategy is confirmed based on the user's mobile phone hardware information,personalization information and a pseudo-random number.Secondly,the data is rearranged with a randomly selected start position in the data before being encrypted.The start position's randomness makes the mobile phone data encryption safer.Thirdly,the rearranged data is encrypted by the selected algorithm and generated key.Finally,the analysis shows this method possesses the higher security because the more dynamics and randomness are adaptively added into the encryption process.展开更多
Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands, cloud storage provider always furnish a location-independent platform for managing user's data. Howeve...Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands, cloud storage provider always furnish a location-independent platform for managing user's data. However, mobile users wonder if their cloud video data leakage or dynamic migration to illegal service providers. In this paper, we design a novel provable data possession protocol based on data geographic location attribute, which allows data owner to auditing the integrity of their video data, which put forward an ideal choice for remote data possession checking in the mobile cloud storage. In our proposed scheme, we check out whether the video data dynamic migrate to an unspecified location (such as: overseas) by adding data geographic location attribute tag into provable data possession protocol. Moreover, we make sure the security of our proposed scheme under the Computational Diffic-Hellman assumption. The analysis and experiment results demonstrate that our proposed scheme is provably secure and efficient.展开更多
基金supported by National Natural Science Foundation of China (No. 61572267, No. 61272425, No. 61402245)the Open Project of Co-Innovation Center for Information Supply & Assurance Technology, Anhui University+1 种基金the Open Project of the State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences(No.2017-MS-21, No.2016-MS-23)National Cryptography Development Fund of China (MMJJ20170118)
文摘Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authenticate the identity and generate private keys for all users, and one Third Party Auditor(TPA) is employed to by users to check the integrity of cloud data. This approach is undesirable for large-scale users since the PKG and the TPA might not be able to afford the heavy workload. To solve the problem, we give a hierarchical Private Key Generator structure for large-scale user groups, in which a root PKG delegates lower-level PKGs to generate private keys and authenticate identities. Based on the proposed structure, we propose an authorized identity-based public cloud storage auditing scheme, in which the lowest-level PKGs play the role of TPA, and only the authorized lowest-level PKGs can represent users in their domains to check cloud data's integrity. Furthermore, we give the formal security analysis and experimental results, which show that our proposed scheme is secure and efficient.
基金supported by the National Key Basic Research Program of China(973 program) under Grant No.2012CB315901
文摘In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.
基金supported by the National Nature Science Foundation of China under grant No.(61562059,61461027,61462060)。
文摘Ciphertext policy attribute based encryption(CP-ABE)can provide high finegrained access control for cloud storage.However,it needs to solve problems such as property privacy protection,ciphertext search and data update in the application process.Therefore,based on CP-ABE scheme,this paper proposes a dynamically updatable searchable encryption cloud storage(DUSECS)scheme.Using the characteristics of homomorphic encryption,the encrypted data is compared to achieve efficient hiding policy.Meanwhile,adopting linked list structure,the DUSECS scheme realizes the dynamic data update and integrity detection,and the search encryption against keyword guessing attacks is achieved by combining homomorphic encryption with aggregation algorithm.The analysis of security and performance shows that the scheme is secure and efficient.
基金The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped improve the quality of this paper. This work is supported by National Natural Science Foundation of China (No: 61379144), Foundation of Science and Technology on Information Assurance Laboratory (No: KJ-13-002) and the Graduate Innovation Fund of the National University of Defense Technology.
文摘Cloud storage is one of the main application of the cloud computing.With the data services in the cloud,users is able to outsource their data to the cloud,access and share their outsourced data from the cloud server anywhere and anytime.However,this new paradigm of data outsourcing services also introduces new security challenges,among which is how to ensure the integrity of the outsourced data.Although the cloud storage providers commit a reliable and secure environment to users,the integrity of data can still be damaged owing to the carelessness of humans and failures of hardwares/softwares or the attacks from external adversaries.Therefore,it is of great importance for users to audit the integrity of their data outsourced to the cloud.In this paper,we first design an auditing framework for cloud storage and proposed an algebraic signature based remote data possession checking protocol,which allows a third-party to auditing the integrity of the outsourced data on behalf of the users and supports unlimited number of verifications.Then we extends our auditing protocol to support data dynamic operations,including data update,data insertion and data deletion.The analysis and experiment results demonstrate that our proposed schemes are secure and efficient.
基金supported by National Natural Science Foundation of China(Nos.61861013,61662018)Science and Technology Major Project of Guangxi(No.AA18118031)+2 种基金Guangxi Natural Science Foundation of China(No.2018 GXNSFAA050028)the Doctoral Research Foundation of Guilin University of Electronic Science and Technology(No.UF19033Y)Director Fund project of Key Laboratory of Cognitive Radio and Information Processing of Ministry of Education(No.CRKL190102)。
文摘The proliferation of the global datasphere has forced cloud storage systems to evolve more complex architectures for different applications.The emergence of these application session requests and system daemon services has created large persistent flows with diverse performance requirements that need to coexist with other types of traffic.Current routing methods such as equal-cost multipath(ECMP)and Hedera do not take into consideration specific traffic characteristics nor performance requirements,which make these methods difficult to meet the quality of service(QoS)for high-priority flows.In this paper,we tailored the best routing for different kinds of cloud storage flows as an integer programming problem and utilized grey relational analysis(GRA)to solve this optimization problem.The resulting method is a GRAbased service-aware flow scheduling(GRSA)framework that considers requested flow types and network status to select appropriate routing paths for flows in cloud storage datacenter networks.The results from experiments carried out on a real traffic trace show that the proposed GRSA method can better balance traffic loads,conserve table space and reduce the average transmission delay for high-priority flows compared to ECMP and Hedera.
基金supported in part by the National Natural Science Foundation of China (61640006, 61572188)the Natural Science Foundation of Shaanxi Province, China (2015JM6307, 2016JQ6011)the project of science and technology of Xi’an City (2017088CG/RC051(CADX002))
文摘In distributed cloud storage systems, inevitably there exist multiple node failures at the same time. The existing methods of regenerating codes, including minimum storage regenerating(MSR) codes and minimum bandwidth regenerating(MBR) codes, are mainly to repair one single or several failed nodes, unable to meet the repair need of distributed cloud storage systems. In this paper, we present locally minimum storage regenerating(LMSR) codes to recover multiple failed nodes at the same time. Specifically, the nodes in distributed cloud storage systems are divided into multiple local groups, and in each local group(4, 2) or(5, 3) MSR codes are constructed. Moreover, the grouping method of storage nodes and the repairing process of failed nodes in local groups are studied. Theoretical analysis shows that LMSR codes can achieve the same storage overhead as MSR codes. Furthermore, we verify by means of simulation that, compared with MSR codes, LMSR codes can reduce the repair bandwidth and disk I/O overhead effectively.
基金the National Natural Science Foundation of China under Grant,the Fundamental Research Funds for the Central Universities under Grant No.FRF-TP-14-046A2
文摘Due to its characteristics distribution and virtualization, cloud storage also brings new security problems. User's data is stored in the cloud, which separated the ownership from management. How to ensure the security of cloud data, how to increase data availability and how to improve user privacy perception are the key issues of cloud storage research, especially when the cloud service provider is not completely trusted. In this paper, a cloud storage ciphertext retrieval scheme based on AES and homomorphic encryption is presented. This ciphertext retrieval scheme will not only conceal the user retrieval information, but also prevent the cloud from obtaining user access pattern such as read-write mode, and access frequency, thereby ensuring the safety of the ciphertext retrieval and user privacy. The results of simulation analysis show that the performance of this ciphertext retrieval scheme requires less overhead than other schemes on the same security level.
基金supported by Social Science Fund of Hebei Province (Grant No.:HB15TQ019)
文摘Purpose: In order to explain and predict the adoption of personal cloud storage, this study explores the critical factors involved in the adoption of personal cloud storage and empirically validates their relationships to a user's intentions.Design/methodology/approach: Based on technology acceptance model(TAM), network externality, trust, and an interview survey, this study proposes a personal cloud storage adoption model. We conducted an empirical analysis by structural equation modeling based on survey data obtained with a questionnaire.Findings: Among the adoption factors we identified, network externality has the salient influence on a user's adoption intention, followed by perceived usefulness, individual innovation, perceived trust, perceived ease of use, and subjective norms. Cloud storage characteristics are the most important indirect factors, followed by awareness to personal cloud storage and perceived risk. However, although perceived risk is regarded as an important factor by other cloud computing researchers, we found that it has no significant influence. Also, subjective norms have no significant influence on perceived usefulness. This indicates that users are rational when they choose whether to adopt personal cloud storage.Research limitations: This study ignores time and cost factors that might affect a user's intention to adopt personal cloud storage.Practical implications: Our findings might be helpful in designing and developing personal cloud storage products, and helpful to regulators crafting policies.Originality/value: This study is one of the first research efforts that discuss Chinese users' personal cloud storage adoption, which should help to further the understanding of personal cloud adoption behavior among Chinese users.
基金funded by the National High Technology Research and Development Program of China "(863"program) under Grant No. 2009AA01A402
文摘Cloud storage employs software that interconnects and facilitates collaboration between different types of storage devices Compared with traditional storage methods, cloud storage poses new challenges in data security, reliability, and management. This paper introduces four layers of cloud storage architecture: data storage layer (connecting multiple storage components), data management layer (providing common support technology for multiple services), data service layer (sustaining multiple storage applications), and user access layer. A typical cloud storage application--Backup Cloud (B-Cloud)--is examined and its software architecture, characteristics, and main research areas are discussed.
基金funded by the National Key Technology R & D Program of China under Grant No. 2008BAH37B07the National Natural Science Foundation of China under Grant No. 60970148the National Basic Research Program of China ("973" Program) under Grant No. 2007CB310806
文摘Problems with data security impede the widespread application of cloud computing. Although data can be protected through encryption, effective retrieval of encrypted data is difficult to achieve using traditional methods. This paper analyzes encrypted storage and retrieval technologies in cloud storage applications. A ranking method based on fully homomorphic encryption is proposed to meet demands of encrypted storage. Results show this method can improve efficiency.
基金This work was supported in part by the National Science Foundation Project of P.R.China,the Fundamental Research Funds for the Central Universities under Grant No.FRF-TP-14-046A2
文摘In order to ensure the security of cloud storage, on the basis of the analysis of cloud storage security requirements, this paper puts forward a kind of" hidden mapping hyper-combined public key management scheme based on the hyperelliptic curve crypto system, which is applicable to the distributed cloud storage. A series of operation processes of the key management are elaborated, including key distribution, key updating and key agreement, etc. Analysis shows that the scheme can solve the problem of large-scale key management and storage issues in cloud storage effectively. The scheme feathers high efficiency and good scalability. It is able to resist collusion attack and ensure safe and reliable service provided by the cloud storaee system
基金supported by National Natural Science Foundation of China under grants 61173170 and 60873225National High Technology Research and Development Program of China under grant 2007AA01Z403Innovation Fund of Huazhong University of Science and Technology under grants 2013QN120,2012TS052 and 2012TS053
文摘In this paper, we survey data security and privacy problems created by cloud storage applications and propose a cloud storage security architecture. We discuss state-of-the-art techniques for ensuring the privacy and security of data stored in the cloud. We discuss policies for access control and data integrity, availability, and privacy. We also discuss several key solutions proposed in current literature and point out future research directions.
基金supported by the State Grid Corporation of China Science and Technological Project(Research and demonstration application of key technology of energy storage cloud for mobile energy storage application of electric vehicles 5419-20197121 7a-0-0-00)
文摘Based on the energy storage cloud platform architecture,this study considers the extensive configuration of energy storage devices and the future large-scale application of electric vehicles at the customer side to build a new mode of smart power consumption with a flexible interaction,smooth the peak/valley difference of the load side power,and improve energy efficiency.A plug and play device for customer-side energy storage and an internet-based energy storage cloud platform are developed herein to build a new intelligent power consumption mode with a flexible interaction suitable for ordinary customers.Based on the load perception of the power grid,this study aims to investigate the operating state and service life of distributed energy storage devices.By selecting an integrated optimal control scheme,this study designs a kind of energy optimization and deployment strategy for stratified partition to reduce the operating cost of the energy storage device on the client side.The effectiveness of the system and the control strategy is verified through the Suzhou client-side distributed energy storage demonstration project.
文摘This paper introduces the basic concepts and features of an obiect storage system. It also introduces some related standards, specifications, and implementations for several existing systems. ZTE' s Object Storage System (ZTE OSS) was designed by Tsinghua University and ZTE Corporation and is designed to manage large amounts of data. ZTE OSS has a scalable architecture, some open source components, and an efficient key-value database. ZTE OSS is easy to scale and highly reliable. Experiments show that ZTE OSS performs well with mass data and heavy
基金partially supported by National Natural Science Foundation of China No.61202034,61232002,61303026,6157237861402339CCF Opening Project of Chinese Information Processing No.CCF2014-01-02+2 种基金the Program for Innovative Research Team of Wuhan No.2014070504020237Fundamental Application Research Plan of Suzhou City No.SYG201312Natural Science Foundation of Wuhan University No.2042016gf0020
文摘Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server is not completely trusted, and its security could be compromised by monetary reasons or caused by hacking and hardware errors. Therefore, despite of having advantages of scalability and flexibility, cloud storage service comes with privacy and the security concerns. A straightforward method to protect the user's privacy is to encrypt the data stored at the cloud. To enable the authenticated users to access the encrypted cloud data, a practical group key management algorithm for the cloud data sharing application is highly desired. The existing group key management mechanisms presume that the server is trusted. But, the cloud data service mode does not always meet this condition. How to manage the group keys to support the scenario of the cloud storage with a semi-trusted cloud server is still a challenging task. Moreover, the cloud storage system is a large-scale and open application, in which the user group is dynamic. To address this problem, we propose a practical group key management algorithm based on a proxy re-encryption mechanism in this paper. We use the cloud server to act as a proxy tore-encrypt the group key to allow authorized users to decrypt and get the group key by their private key. To achieve the hierarchical access control policy, our scheme enables the cloud server to convert the encrypted group key of the lower group to the upper group. The numerical analysis and experimental results further validate the high efficiency and security of the proposed scheme.
文摘With the development of smart grid, the electric power supervisory control and data acquisition (SCADA) system is limited by the traditional IT infrastructure, leading to low resource utilization and poor scalability. Information islands are formed due to poor system interoperability. The development of innovative applications is limited, and the launching period of new businesses is long. Management costs and risks increase, and equipment utilization declines. To address these issues, a professional private cloud solution is introduced to integrate the electric power SCADA system, and conduct experimental study of its applicability, reliability, security, and real time. The experimental results show that the professional private cloud solution is technical and commercial feasible, meeting the requirements of the electric power SCADA system.
基金supported by the National Natural Science Foundation of China under Grant No. 60873231the National Basic Research Program of China ("973"Program) under Grant No. 2011CB302903+2 种基金the High Education Natural Science Foundation of Jiangsu Province under Grant No. 08KJB520006Funds of Key Lab of Fujian Province University Network Security and Cryptology under Grant No. 09A010Innovation Project for postgraduate cultivation of Jiangsu Province, China under Grant No. CX10B_195Z
文摘Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption (IBE) for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.
基金supported by the National Science Foundation of China (No.61373040,No.61173137)The Ph.D.Pro-grams Foundation of Ministry of Education of China(20120141110073)Key Project of Natural Science Foundation of Hubei Province (No.2010CDA004)
文摘In cloud,data access control is a crucial way to ensure data security.Functional encryption(FE) is a novel cryptographic primitive supporting fine-grained access control of encrypted data in cloud.In FE,every ciphertext is specified with an access policy,a decryptor can access the data if and only if his secret key matches with the access policy.However,the FE cannot be directly applied to construct access control scheme due to the exposure of the access policy which may contain sensitive information.In this paper,we deal with the policy privacy issue and present a mechanism named multi-authority vector policy(MAVP) which provides hidden and expressive access policy for FE.Firstly,each access policy is encoded as a matrix and decryptors can only obtain the matched result from the matrix in MAVP.Then,we design a novel function encryption scheme based on the multi-authority spatial policy(MAVPFE),which can support privacy-preserving yet non-monotone access policy.Moreover,we greatly improve the efficiency of encryption and decryption in MAVP-FE by shifting the major computation of clients to the outsourced server.Finally,the security and performance analysis show that our MAVP-FE is secure and efficient in practice.
文摘To enhance the security of user data in the clouds,we present an adaptive and dynamic data encryption method to encrypt user data in the mobile phone before it is uploaded.Firstly,the adopted data encryption algorithm is not static and uniform.For each encryption,this algorithm is adaptively and dynamically selected from the algorithm set in the mobile phone encryption system.From the mobile phone's character,the detail encryption algorithm selection strategy is confirmed based on the user's mobile phone hardware information,personalization information and a pseudo-random number.Secondly,the data is rearranged with a randomly selected start position in the data before being encrypted.The start position's randomness makes the mobile phone data encryption safer.Thirdly,the rearranged data is encrypted by the selected algorithm and generated key.Finally,the analysis shows this method possesses the higher security because the more dynamics and randomness are adaptively added into the encryption process.
基金supported in part by National High Tech Research and Development Program(863 Program)of China(No.2015 AA016005)
文摘Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands, cloud storage provider always furnish a location-independent platform for managing user's data. However, mobile users wonder if their cloud video data leakage or dynamic migration to illegal service providers. In this paper, we design a novel provable data possession protocol based on data geographic location attribute, which allows data owner to auditing the integrity of their video data, which put forward an ideal choice for remote data possession checking in the mobile cloud storage. In our proposed scheme, we check out whether the video data dynamic migrate to an unspecified location (such as: overseas) by adding data geographic location attribute tag into provable data possession protocol. Moreover, we make sure the security of our proposed scheme under the Computational Diffic-Hellman assumption. The analysis and experiment results demonstrate that our proposed scheme is provably secure and efficient.
