Algorithms and Architectures for Parallel Processing

In such an era of big data, the number of tasks submitted to cloud computing system becomes huge and users’ demand for real time has increased. But the existing algorithms rarely take real time into consideration and most of them are static scheduling algorithms. As a result, we ensure real time of cloud computing system under the premise of not influencing the performance on makespan and load balance by proposing a dynamic scheduler called Real Time Dynamic Max-min-min (RTDM) which takes real time, makespan, and load balance into consideration. RTDM is made up of dynamic sequencer and static scheduler. In dynamic sequencer, the tasks are sorted dynamically based on their waiting and execution times to decrease makespan and improve real time. The tasks fetched from the dynamic sequencer to the static scheduler can be seen as static tasks, so we propose an algorithm named Max-min-min in static scheduler which achieves good performance on waiting time, makespan and load balance simultaneously. Experiment results demonstrate that the proposed scheduler greatly improves the performance on real time and makespan compared with the static scheduling algorithms like Max-min, Min-min and PSO, and improves performance on makespan and real time by 1.66% and 17.19% respectively compared to First Come First Serve (FCFS).

For a better power management of data center, it is necessary to understand the power pattern and curve of various application servers before server placement and setup in data center. In this paper, a CGAN based method is proposed to generate power curve of servers for various applications in data center. Pearson Correlation is used to calculate the similarity between the generated data and the real data. From our experiment of data from real data center, the method can generate the power curve of servers with good similarity with real power data and can be used in server placement optimization and energy management.

One-sided communication mechanism of Messaging Passing Interface (MPI) has been extended by remote memory access (RMA) from several aspects, including interface, language and compiler, etc. Coarray Fortran (CAF), as an emerging syntactic extension of Fortran to satisfy one-sided communication, has been freely supported by the open-source and widely used GNU Fortran compiler, which relies on MPI-3 as the transport layer. In this paper, we present the potential of RMA to benefit the communication patterns in Cannon algorithm. EVENTS, a safer implementation of atomics to synchronize different processes in CAF, are also introduced via classic Fast Fourier Transform (FFT). In addition, we also studied the performance of one-sided communication based on different compilers. In our tests, one-sided communication outperforms two-sided communication only when the data size is large enough (in particular, inter-node transfer). CAF is slightly faster than the simple one-sided routines without optimization by compiler in MPI-3. EVENTS are capable of improving the performance of parallel applications by avoiding the idle time.

Named Data Networking (NDN) is a new content transmission and retrieval network architecture, its network cache and request mechanism can improve network transmission performance and reduce transmission delay. Network coding has been considered as especially suitable for latency and lossy network, providing reliable multicast transport without requiring feedback from receivers. However, for network coding, the best practical advantage is robustness and adaptability, without caring the change of networks. The purpose of this paper is to improve the reliability of content delivery in lossy NDN networks by network coding. In this paper, we use network coding as an error control technique in NDN. We analyze the performance of network coding compared with automatic repeat request (ARQ) and forward error correction (FEC) technique in lossy NDN networks. We confirm that network coding can reduce the number of packets retransmitted in lossy NDN networks. Extensive real physical emulation shows that network coding reduces the number of packet retransmission and improves the reliability of content delivery in lossy NDN networks.

There are many studies on verifying Computation Tree Logic (CTL) based on reachable graphs of Petri nets. However, they often suffer from the state explosion problem. In order to avoid/alleviate this problem, we use the unfolding technique of Petri nets to verify CTL. For highly concurrent systems, this technique implicitly represents all reachable states and greatly saves storage space. We construct verification algorithms and develop a related tool. Experiments show the advantages of our method.

Computerized human-machine interfaces are used to control the manipulators and robots for inspection and maintenance activities in Tokamak. The activities embrace routine and critical activities such as tile inspection, dust cleaning, equipment handling and replacement tasks. Camera(s) is deployed on the robotic arm which moves inside the chamber to accomplish the inspection task. For navigating the robotic arm to the desired position, an inverse kinematic solution is required. Such closed-form inverse kinematic solutions become complex in the case of dexterous hyper-redundant robotic arms that have high degrees of freedom and can be used for inspections in narrow gaps. To develop real-time inverse kinematic solver for robots, a technique called Reinforcement Learning is used. There are various strategies to solve Reinforcement problem in polynomial time, one of them is Q-Learning. It can handle problems with stochastic transitions and rewards, without requiring adaption or probabilities of actions to be taken at a certain point. It is observed that Deep Q-Network successfully learned optimal policies from high dimension sensory inputs using Reinforcement Learning.

Nowadays, different end devices with different computation and bandwidth capabilities acquire data from Internet. To improve efficiency of data storage and retrieve, in this paper, we study how to use random linear network coding to construct an efficient distributed storage system to reduce the traffic cost in a dynamic network. In order to balance the success ratio of recovery traffic cost and traffic speed, we firstly introduce a random network coding scheme and implement a practically available distributed storage system in the actual environment. We then adjust different parameters, e.g., finite fields, link bandwidth, node computing capabilities, etc., to evaluate the proposed system. Finally, experiment results show the efficiency of the proposed designs.

Searchable Symmetric Encryption (SSE) has been widely applied in the encrypted database for exact queries or even range queries in practice. In spite of it has excellent efficiency and complete functionality, it always suffers from information leakages. Some recent attacks point out that forward privacy is the vital security goal. However, there are only several schemes achieving this security. In this paper, we propose a new flexible forward secure SSE scheme referred to as “FFSSE”, which has the best performance in literature, such as fast search operation, fast token generation and O(1) update complexity. It also supports both add and delete operations in the unique instance. Technically, we exploit a novel “key-based blocks chain” technique based on symmetric cryptographic primitive, which can be deployed in arbitrary index tree structures or key-value structures directly to guarantee forward privacy.

The malicious modification on software is a major threat on software copyright. As a common protection method, tamper-proofing can detect and respond the malicious modification. However, existing works consider less about the security of tamper-proofing itself. When launching MATE (Man-At-The-End) attacks based on reverse engineering to the software equipped with embedded tamper-proofing, adversary is enabled to obtain all privileges to the execution code and device configure, which lead tamper proofing being attacked. In this paper, we design a novel tamper-proofing scheme to ensure the code integrity. Different from previous works, our tamper-proofing technique has executed in an isolated zone, Intel SGX (Software Guard Extension) enclave instances, such that the MATE attacks cannot compromise the tamper-proofing functions. Moreover, our scheme performs considerably high execution efficiency since it only introduces the constant extra cost of time and space. We deploy our work on SPECint-2006 benchmark suit. The experimental results demonstrate our scheme is light-weight for computation and storage.

Android platform has become the most popular smartphone system due to its openness and flexibility. Similarly, it has also become the target of numerous attackers because of these. Various types of malware are thus designed to attack Android devices. All these cases prompted amounts of researchers to start studying malware detection technologies and some of the groups applied network traffic analysis to their detection models. The majority of these models have considered the detection primarily on network traffic statistical features which can distinguish malicious network traffic from normal one. However, when faces a large amount of network traffic on the detection stage, especially some of the network flows are quite huge as a result of containing too many packets, feature extraction can be extremely time consuming. Therefore, we propose a malware detection approach based on TCP traffic, which can quickly and effectively detect malware behavior. We first employ the traffic collection platform to collect network traffic generated by various apps. After preprocessing (filtering and aggregating) the collected network traffic data, we get a large number of TCP flows. Next we extract early packets’ sizes as features from each TCP flow and then send it to detection model to get the detection result. In our method, the time it takes to extract features from 53108 network flows is reduced from 39321 s to 18041 s, which is a reduction of 54%. Meanwhile, our method achieves a detection rate of 97%.

With the widespread adoption of multicore chips, many multithreaded applications based on the shared address space have been developed. Widely-used operating systems, such as Linux, use a per-process lock to synchronize page faults and memory mapping operations (e.g., mmap and munmap) on the shared address space between threads, restricting the scalability and performance of the applications. We propose a novel Pthreads-compatible multithreaded model, PAthreads, which provides isolated address spaces between threads to avoid contention on address space, and meanwhile preserves the shared variable semantics. We prototype PAthreads on Linux by using a proposed character device driver and a proposed shared heap allocator IAmalloc. Pthreads applications can run with PAthreads without any modifications. Experimental results show that PAthreads runs 2.17 $$\times $$ , 3.19 $$\times $$ faster for workloads hist, dedup on 32 CPU cores, and 8.15 $$\times $$ faster for workload lr on 16 cores than Pthreads. Moreover, by using Linux Perf, we further analyze critical bottlenecks that limit the scalability of workloads programmed by Pthreads. This paper also reviews the performance impact of the latest Linux 4.10 kernel optimization on PAthreads and Pthreads, and results show that PAthreads still has advantage for dedup and lr.

Outsourcing spatial database to the cloud becomes a paradigm for many applications such as location-bases service (LBS). At the same time, the security of outsourced data and its query becomes a serious issue. In this paper, we consider 3D spherical data that has wide applications in geometric information systems (GIS), and investigate its privacy-preserving query problem. By using an approximately distance-preserving 3D-2D projection method, we first project 3D spatial points to six possible 2D planes. Then we utilize secure Hilbert space-filling curve to encode the 2D points into 1D Hilbert values. After that, we build an encrypted spatial index tree using B $$^+$$ -tree and order-preserving encryption (OPE). Our scheme supports efficient point query, arbitrary polygon query, as well as dynamic updating in the encrypted domain. Theoretical analysis and experimental results on real-word datasets demonstrate its satisfactory tradeoff between security and efficiency.

Advanced Persistent Threats (APTs) have become the critical issue in high security network. The high pertinence, disguise and phasing make it even more ineffective to be discovered by traditional detection technologies. APTs continuously gather information and data from targeted objects, using various of exploits to penetrate the organization. The current threat detection methods take advantage of machine learning algorithm using statistical and behavioral characteristics of the network traffic. The key problem using machine learning algorithm is to find a appropriate feature vector to be fed into the learner. This paper presents an entropy-based detection using support vector machine, aiming to find the traffic containing APT attack, so that attacking stream will be restricted in a smaller range of network traffic which makes it much easier to be found in further analysis. The experimental results show that the proposed method can more effectively and efficiently distinguish the traffic containing ATP streams from the normal.

With the popularization of smartphones, the number of mobile applications has grown substantially. However, many malware are emerging and thus pose a serious threat to the user’s mobile phones. Malware detection has become a public concern that requires urgent resolution. In this paper, we propose MulAV, a multilevel and explainable detection method with data fusion. Our method obtain information from multiple levels (the APP source code, network traffic, and geospatial information) and combine it with machine learning method to train a model which can identify mobile malware with high accuracy and few false alarms. Experimental result shows that MulAV outperforms other anti-virus scanners and methods and achieves a detection rate of 97.8% with 0.4% false alarms. Furthermore, for the benefit of users, MulAV displays the explanation for each detection, thus revealing relevant properties of the detected malware.

In Bitcoin user identification, an important challenge is to accurately link Bitcoin addresses to their owners. Previously, some heuristics based on transaction structural rules or observations were found and used for Bitcoin address clustering. In this paper, we propose a deep learning method to achieve address-user mapping. We define addresses by their transactional behaviors and seek concealed patterns and characteristics of users that can help us distinguish the owner of a certain address from millions of others.We propose a system that learns a mapping from address representations to a compact Euclidean space where distances directly correspond to a measure of address similarity. We train a deep neural network for address behavior embedding and optimization to finally obtain an address feature vector for each address. We identify owners of addresses through address verification, recognition and clustering, where the implementation relies directly on the distance between address feature vectors.We set up an address-user pairing dataset with extensive collections and careful sanitation. We tested our method using the dataset and proved its efficiency. In contrast to heuristic-based methods, our model shows great performance in Bitcoin user identification.

Revocability and reusability are important properties in an authentication scheme in reality. The former requires that the user credential stored in the authentication server be easily replaced if it is compromised while the latter allows the credentials of the same user to appear independent in cross-domain applications. However, the invariable biometrics features in the face authentication poses a great challenge to accomplishing these two properties. Existing solutions either sacrifice the accuracy of the authentication result or rely on a trusted third party. In this paper, we propose a novel privacy-preserving face authentication scheme without the assistance of an additional server, which achieves both revocability and reusability as well as the same accuracy level of the plaintext face recognition that uses Euclidean distance measure. Moreover, we rigorously analyze the security of our scheme using the simulation technique and conduct the experiment on a real-world dataset to demonstrate its efficiency. We report that a successful user authentication costs less than a second on a smartphone with common specs.

Vehicular Ad hoc Networks (VANETs) have higher requirements of continuous Location-Based Services (LBSs). However, the untrusted server could reveal the users’ location privacy in the meantime. Syntactic-based privacy models have been widely used in most of the existing location privacy protection schemes. Whereas, they are suffering from background knowledge attacks, neither do they take the continuous time stamps into account. Therefore we propose a new differential privacy definition in the context of location protection for the VANETs, and we designed an obfuscation mechanism so that fine-grained locations and trajectories will not exposed when vehicles request location-based services on continuous time stamps. Then, we apply the exponential mechanism in the pseudonym permutations to provide disparate pseudonyms for different vehicles when making requests on different time stamps, these pseudonyms can hide the position correlation of vehicles on consecutive time stamps besides releasing them in a coarse-grained form simultaneously. The experimental results on real-world datasets indicate that our scheme significantly outperforms the baseline approaches in data utility.

The data of user should be protected against untrusted cloud server. A simple way is to use cryptographic methods. Attribute-based encryption (ABE) plays a vital role in securing many applications, particularly in cloud computing. In this paper, we propose a scheme called fine-grained attribute-based encryption supporting equality test (FG-ABEET). The proposed scheme grants the cloud server to perform if two ciphertexts are encryptions of the same message encrypted with the same access policy or different access policy. Moreover, the cloud server can perform the equality test operation without knowing anything about the message encrypted under either access policy. The FG-ABEET scheme is proved to be secure under Decisional Bilinear Diffe-Hellman (DBDH) assumption. In addition, the performance comparisons reveal that the proposed FG-ABEET scheme is efficient and practical.

With the popularity of mobile computing, WiFi has become one of the essential technologies for people to access the Internet, and WiFi security has also become a major threat for mobile computing. The Evil-Twin attack can steal a large amount of private data by forging the same SSID as the real Access Point. This paper proposes a passive Evil-Twin attack detection scheme through CSI in physical layer. First of all, we propose a location model based on the edge of landmark area. In this model, the improved MUSIC algorithm is used to calculate each AP’s AoA by CSI phase. Secondly, it proposes an algorithm for simplifying the generation of location model files, which is the dataset of a small number of AoA and RSSI samples. Finally, according to location model, attack detection algorithm combines a large number of crowd sensing data to determine whether it is a malicious AP. Experiments show that our attack detection system achieves a higher detection rate.

At present, smart watches are loved by users because of their convenience, high efficiency, aesthetics and practicality. Smart watches interconnect with matching smart phones instead of working individually to achieve their maximum functionality. The wireless network interface serves as an interconnection bridge between smart watches and smart phones to realize application data exchange, which introduces a risk to personal security and privacy. Therefore, improving Wi-Fi firmware security is very important. To boost the security of the wearable device, we propose a security upgrade and replacement scheme of the Wi-Fi firmware by expanding the security function of the Wi-Fi watch firmware and a reliable replacement method, which can effectively improve the security of the smart watch. We implement firmware switching and recovery at the kernel level. Data encryption module is added to the firmware to enhance data interaction security. Experiments show that our approach improves robustness of Wi-Fi firmware upgrade and data interaction security while guarantees the ordinary functionality of the Wi-Fi module.

As Android operating system and applications on the device play important roles, the security requirements of Android applications increased as well. With the upgrade of Android system, Android runtime mode (ART mode) has gradually become the mainstream architecture of the Android operating system. ART introduces several improvements in Android, but it also introduces new ways to enhance malicious activities. This paper proposed a confidential finer granularity protection scheme for application programs under ART mode of ROOT Android devices. Taking Java method as the protection granularity, the protection scheme increased the accuracy of protecting targets. In addition, the protection scheme provided a more thorough protection for applications by combining dynamic loading technology and encryption technology in ART mode, and improved the security of Android applications. Experiments showed that the proposed protection scheme is effective.

With the development of cloud computing, verifiable computation (VC) has attracted considerable attentions due to its importance. However, the existing VC schemes suffer from two substantial shortcomings that limit their usefulness: (i) they have to invest expensive computational tasks in the preprocessing stage, which has exceeded the available computation capacity of the client, and (ii) they do not support frequent updates, so that each update needs to perform the computation from scratch. To resolve these problems, we propose a novel primitive called verifiable outsourced computation with full delegation (FD-VC), which greatly reduces the computation cost of the client by delegating the preprocessing to the cloud. During this phase, the cloud cannot obtain any knowledge of the verification key. To the best of our knowledge, it is the first VC scheme not only supporting full delegation but also supporting dynamic update. The highlight of our scheme is that verification and update cost are constant and independent of the degree of the polynomial. Our scheme is provably correct and secure based on bilinear pairing and the hardness assumption of Bilinear Diffie-Hellman Exponent problem, and our analyses show that our scheme is very practical and suitable for the real world applications.

With the incessant development and popularization of Internet of things (IoT), the amount of the data collected by IoT devices has rapidly increased. This introduces the concerns over the heavy storage overhead to such systems. In order to relief the storage burden, a popular method is to use the outsourced cloud technology. While the massive collected IoT data is outsourced to the cloud, the security and privacy of these outsourced data is therefore of critical importance, and many researches have been done in this area. In this paper, we propose a new keyword searchable encryption system with fine-grained right revocation. In the system, each IoT device’s data are stored in a special document. Thus the data owner can revoke users’ search rights at fine-grained document level by setting new random number in each time period. Especially, to realize search right revocation, re-encryption operations on keyword cipheretexts are not needed in our scheme. Then, we instantiate a valid construction in practical application and discuss the security properties in the construction. Our performance evaluations show that the proposed construction is efficient.

Internet of Things (IoT) era appeared to connect all the digital and non-digital devices around the globe through the Internet. Based on predictions, billions of devices will be connected with each other by 2050 with the aim of providing high-level and humanized services. One application of IoT is a smart city that means IT-enabled cities running by themselves without human interventions. These large number of devices, especially in a smart city environment, may sense sensitive and personal data which makes the system vulnerable. We have to protect private information so that unwanted parties would not be able to find original data, which is a part of privacy-preserving. Meanwhile, a new networking paradigm evolved called Software Defined Networking (SDN) that aimed to separate the Control Plane and the Data Plane of the network results in much more flexibility to manage the network. Most of the existing works are deficient in flexibility or very tedious. In this paper, we facilitated IoT-based smart city with SDN paradigm to leverage the benefits of SDN. Then, based on the environment, we propose IoT-SDN Privacy-Preserving, IoT-SDNPP, to keep private data safe. We have done extensive experiments, and the experimental results have demonstrated the effectiveness of our approach.

The use of passwords in daily life has become more and more widespread, which has become an indispensable part of life. However, there are still some security risks when using passwords. These security risks occupy a large part due to users using low strength password because of the very limited memory ability of human beings. It makes verbal guessing based on human memory habits achieve good attack effectiveness. In order to improve the security of network password system, this paper proposes a password enhancement method combining Markov model intelligent prediction and dynamic password enhanced technology. This method can greatly increase the password strength by more than 80% without increasing the memory burden of the user. At the same time, it does not need to store complex keys in the system, which can significantly improve the security of the network password system.

Radio fingerprinting-based localization is one of the most promising indoor localization techniques. It has great potential because of the ubiquitous smartphones and the cheapness of Bluetooth and WiFi infrastructures. However, the acquisition and maintenance of fingerprints require a lot of labor, which is a major obstacle in site survey. In this paper, we propose a radio map fast construction mechanism for Bluetooth low energy (BLE) fingerprint localization. The advertising interval of BLE beacon and the way of smartphones scanning BLE packets are different from WiFi. The lower interval of BLE packets and the mode of smartphone returning packets instantly both signify more refined fingerprints. Firstly, we reproduce the walking path based on pedestrian dead reckoning (PDR) and sensor landmarks and then map BLE signals to the path finely, which helps the collection process. Then we develop a detection rule according to the probability of smartphone scanning BLE beacons in a short period of time, avoiding accidental BLE signals. Finally, BLE signals associated with estimated collection coordinates are used to predict fingerprints on untouched places by Gaussian process regression. Experiments demonstrate that our method has an average localization accuracy of 2.129 m under the premise of reducing the time overhead greatly.

Existing cache coherence protocols incur high overheads to shared memory systems and significantly reduce the system efficiency. For example, the widely used snooping protocol broadcasts messages at the expense of high network bandwidth overheads, and the directory protocol requires massive storage spaces to keep track of sharers. Furthermore, these coherence protocols have numerous transient states to cover various races, which increase the difficulty of implementation and verification. To mitigate these issues, this paper proposes a simple and efficient, two-state (Valid and Invalid) cache coherence protocol, VISU, for data-race-free programs. We adopt two distinct schemes for the private and shared data to simplify the design. Since the private data does not need to maintain coherence, we apply a simple write-back policy. For shared data, we leverage a write-through policy to make the last-level cache always hold the up-to-date data. A self-updating mechanism is deployed at synchronization points to update stale copies in L1 caches; this obviates the need for the broadcast communication or the directory.Experimental results show that the VISU protocol achieves a significant reduction (31.0%) in the area overhead and obtains a better performance (2.9%) comparing with the sophisticated MESI directory protocol.

In this paper, we first propose a fast anomaly detection algorithm LDEM. The key insight of LDEM is a fast local density estimator, which estimates the local density of instances by the average density of all features. The local density of each feature can be estimated by the defined mapping function. Furthermore, we propose an efficient scheme PPLDEM to detect anomaly instances with considering privacy protection in the case of multi-party participation, based on the proposed scheme and homomorphic encryption. Compare with existing schemes with privacy preserving, our scheme needs less communication cost and less calculation. From security analysis, it can prove that our scheme will not leak any privacy information of participants. And experiments results show that our proposed scheme PPLDEM can detect anomaly instances effectively and efficiently.

As the development of cloud computing technology, cloud storage service has been widely used these years. People upload most of their data files to the cloud for saving local storage space and making data sharing available everywhere. Except for storage service, data similarity retrieval is another basic service that cloud provides, especially for image data. As demand for near-duplicate image detection increases, it has been an attracted research topic in cloud image data similarity retrieval in resent years. However, due to some image data (like medical images and face recognition images) contains important privacy information, it is preferred to support privacy protection in cloud image data similarity retrieval. In this paper, focusing on image data stored in the cloud, we propose a privacy preserving near-duplicate image data detection scheme based on the LSH algorithm. In particular, users would use their own image data to generate image-feature LSH metadata vector using LSH algorithm and would store both the ciphertexts of image data and image-feature LSH metadata vector in cloud. When the inquirer queries the near-duplicate image data, he would generate the image-feature query token LSH metadata vector using LSH algorithm and send it to cloud. With the query token, cloud will execute the privacy-preserving near-duplicate image data detection and return the encrypted result to inquirer. Then the inquirer would decrypt the ciphertext and get the final result. Our security and performance analysis shows that the proposed scheme achieves the goals of privacy preserving and lightweight.

Due to the strong storage capacity and calculating power of cloud computing, more and more users outsource their data to the cloud. To avoid users’ data exposed to cloud, searchable encryption which can search over the encrypted data is studied. In this paper, based on the multi-keyword searchable encryption proposed by Cash et al., through enforcing access control for users, we present an efficient multi-keyword searchable encryption supporting multi-user access control(MMSE). MMSE supports multi-user scenarios, and only the users whose attributes satisfy the policy can generate the search token, no matter the data owner is online or not. The security and performance analysis shows that the proposed MMSE is secure and efficient.

With the drastic increase of smartphone adoption, malware attacks on smartphones have emerged as serious privacy and security threat. Kaspersky Labs detected and intercepted a total of 5,730,916 malicious installation packages in 2017. To curb this problem, researchers and various security laboratories have developed numerous malware analysis models. In Android based smartphones, permissions have been an inherent part of such models. Permission request patterns can be used to detect behavior of different applications. As applications with similar functionalities should use permission requests in similar ways, they can be used to distinguish different types of apps. However, when analysis models are trained on permission vectors extracted from a mixture of applications without maintaining any differences that naturally exist among different application categories, aggregated results can miss details and this can result in errors. In this paper, we propose a permission analysis model for android applications which includes a classification module and a malware detection module based on application permission vectors to deal with Android malware detection problem. We mine the benign application permission vector set into 32 categories by mining the similarity of permission vectors, and input malicious application permission vector sets into the model to obtain class labels, then extract sensitive features from different classes. Finally, sensitive features of each class are respectively input into the machine learning algorithm to obtain a classification model of malicious and benign applications. Our experimental results show that our model can achieve 93.66% accuracy of detecting malware instances.

With the development of cloud computing, more and more people choose to upload their own data to cloud for storage outsourcing and computing outsourcing. Because cloud is not completely trusted, the uploading data is encrypted by user’s own public key. However, many of the current secure computing methods only apply to single-key encrypted data. Therefore, it is a challenge to efficiently handle multiple key-encrypted data on cloud. On the other hand, the Demand for data classification is also growing. In particular, using support vector machine (SVM) algorithm to classify data. But currently there is no good way to utilize SVM for ciphertext especially the ciphertext is encrypted by multiple key. Therefore, it is also a challenge to efficiently classify data encrypted by multiple keys using SVM. In order to solve the above challenges, in this paper we propose a scheme that allows the SVM algorithm to perform classification processing on the outsourced data encrypted by multi-key without jeopardizing the privacy of the user’s original data, intermediate calculation results and final classification result. In addition, we also verified the safety and correctness of our designed protocol.

In traditional mobile crowdsensing (MCS) applications, the crowdsensing server (CS-server) need mobile users’ precise locations for optimal task allocation, which raises privacy concerns. This work proposes a framework P2TA to optimize task acceptance rate while protecting users’ privacy. Specifically, edge nodes are introduced as an anonymous server and a task allocation agent to prevent CS-server from directly obtaining user data and dispersing privacy risks. On this basis, a genetic algorithm that performed on edge nodes is designed to choose an initial obfuscation strategy. Furthermore, a privacy game model is used to optimize user/adversary objectives against each other to obtain a final obfuscation strategy which can be immune to posterior inference. Finally, edge nodes take user acceptance rate and task allocation rate into account comprehensively, focusing on maximizing the expected accepted task number under the constraint of differential privacy and distortion privacy. The effectiveness and superiority of P2TA to the exiting MCS task allocation schemes are validated via extensive simulations on the synthetic data, as well as the measured data collected by ourselves.

Privacy preserving collaborative data mining aims to extract useful knowledge from distributed databases owned by multiple parties while keeping the privacy of both data and mining result. Nowadays, more and more companies reply on cloud to store data and handle with data. In this context, privacy preserving collaborative k-means clustering framework was proposed to support both storage and computation outsourcing for two parties. However, the computing cost and communication overhead are too high to practical. In this paper, we propose to encrypt each party’s data once and then store them in cloud. Privacy preserving k-means collaborative clustering protocol is executed mainly at cloud side, with total $$O(k(m+n))$$ -round interactions among the two parties and the cloud. Here, m and n means that the total numbers of records for the two parties, respectively. The protocol is secure in the semi-honest security model and especially secure in the malicious model supporting only one party corrupted during k centroids re-computation. We also implement it in real cloud environment using e-health data as the testing data.

Proofs of storage (PoS) refer to an effective solution for checking the integrity of large files stored in clouds, such as provable data possession and proofs of retrievability. Traditional PoS schemes are mostly designed in the public key infrastructure setting, thus they will inevitably suffer from the complex certificate management problem when deployed. Identity-based PoS (IBPoS) is a lightweight variant of traditional PoS that eliminates the certificate management problem via identity-based cryptographic technology. Although there are several IBPoS schemes in the literature, all of them cannot simultaneously protect both identity privacy and data privacy against a third-party verifier that is pervasive in IBPoS systems. To fill this gap, in this paper we propose a new IBPoS scheme, from which a verifier is able to confirm the integrity of the files stored in clouds but cannot get the files or the identity information of their owners. We prove our scheme is secure in the random oracle model under a standard assumption. Finally, we also conduct a series of experiments to evaluate its performance.

Cyber attacks are greatly expanding in both size and complexity. To handle this issue, research has been focused on collaborative intrusion detection networks (CIDNs), which can improve the detection accuracy of a single IDS by allowing various nodes to communicate with each other. While such collaborative system or network is vulnerable to insider attacks, which can significantly reduce the advantages of a detector. To protect CIDNs against insider attacks, one potential way is to enhance the trust evaluation among IDS nodes, i.e., by emphasizing the impact of expert nodes. In this work, we adopt the notion of intrusion sensitivity that assigns different values of detection capability relating to particular attacks, and evaluate its impact on defending against a special On-Off attack (SOOA). In the evaluation, we investigate the impact of intrusion sensitivity in a simulated CIDN environment, and experimental results demonstrate that the use of intrusion sensitivity can help enhance the security of CIDNs under adversarial scenarios, like SOOA.

Cold Start (CS) and sparse evaluation problems dramatically degrade recommendation performance in large-scale recommendation systems such as Taobao and eBay. We name this degradation as the sparse trust problem, which will cause the decrease of the recommendation accuracy rate. To address this problem we propose a novel sparse trust mining method, which is based on the Roundtable Gossip Algorithm (RGA). First, we define the relevant representation of sparse trust, which provides a research idea to solve the problem of sparse evidence in the large-scale recommendation system. Based on which the RGA is proposed for mining latent sparse trust relationships between entities in large-scale recommendation systems. Second, we propose an efficient and simple anti-sparsification method, which overcomes the disadvantages of random trust relationship propagation and Grade Inflation caused by different users have different standard for item rating. Finally, the experimental results show that our method can effectively mine new trust relationships and mitigate the sparse trust problem.

Cloud storage reduces the cost of data storage and brings great convenience for data backup, therefore in order to improve data availability, more and more users choose to outsource personal data for multiple copies instead of storing them locally. However, multi-copy storage brings the difficulty in associating all the copies to store, increases the number of keys for encrypting every single copy and makes the integrity and the verifiable deletion of copies hard to be guaranteed, all of these issues introduce more threatens to the security of user data. In this paper, we present a cryptographic solution called ADM to solve above problems. To reduce management cost, we outsource data keys encrypted by blinded RSA to the third party, and not only to guarantee the integrity of multi-copy but also to give the verifiable evidence for deletion operation of the copies, we propose a multi-copy associated deleting solution based on pre-deleting sequence and Merkle hash tree. Finally, a proof-of-concept implementation of ADM is presented to demonstrate its practical feasibility, and we compare our scheme with other typical schemes in functionalities and conduct the security analysis and empirical performance of the prototype.

Interest Flooding Attack (IFA) has been one of the biggest threats for the Named Data Networking (NDN) paradigm, while it is very easy to launch but very difficult to mitigate. In this paper, we propose the InterestFence, which is a simple, direct, lightweight yet efficient IFA countermeasure, and the first one to achieve fast detection meanwhile accurate and efficient attacking traffic filtering without harming any legitimate Interests. InterestFence detects IFA based on content servers rather than routers to guarantee accurate detection. All content items with the same prefix within a content server have a hash-based security label (HSL) to claim their existence, and a HSL verification method is securely transmitted to related routers to help filtering and cleaning IFA traffic in transit networks accurately and efficiently. Performance analysis demonstrates the effectiveness of InterestFence on mitigating IFA and its lightweight feature due to the limited overhead involved.

This paper presents a new secure and targeted mobile coupon delivery scheme based on blockchain. Our goal is to design a decentralized targeted mobile coupon delivery framework, which enables the secure delivery of targeted coupons to eligible mobile users whose behavioral profiles accurately satisfy the targeting profile defined by the vendor. It does not require trusted third-party meanwhile protects the mobile user and vendor’s information security, including user privacy, data integrity and rights protection. We adopt Policy-Data Contract Pair (PDCP) to control the transfer of information between users and vendors and use encryption algorithm to ensure the data security. Once transactions containing signatures are recorded in the blockchain after consensus, they become non-repudiation. Theoretical analysis and simulation experimental results demonstrate that our model has higher security and lower computation than JG’16 scheme.

Wireless networks can be easily attacked by jammers due to their shared nature and open access to the wireless medium. Jamming attack can degrade the network performance significantly by emitting useless signals to the wireless channel, i.e. the access delay of nodes’ packets will increase under jamming scenarios. In order to analyze the impact of jamming attack, this paper investigates the access delay of nodes’ packets in a string multi-hop wireless network. Specially, a ring-based model is put forward to calculate the existing probability of the jammer based on the stochastic geometry theory. Then, the collision probabilities of the nodes in different locations are derived while considering the impact of neighbor nodes and jammers. At last, the access delay of the packets under IEEE 802.11 protocols is obtained. A series of numerical tests are conducted to illustrate the impact of different jamming probabilities or jammer densities on the access delay.

With emerging container technologies, such as Docker, microservices-based applications can be developed and deployed in cloud environment much agiler. The dependability of these microservices becomes a major concern of application providers. Anomalous behaviors which may lead to unexpected failures can be detected with anomaly detection techniques. In this paper, an anomaly detection system (ADS) is designed to detect and diagnose the anomalies in microservices by monitoring and analyzing real-time performance data of them. The proposed ADS consists of a monitoring module that collects the performance data of containers, a data processing module based on machine learning models and a fault injection module integrated for training these models. The fault injection module is also used to assess the anomaly detection and diagnosis performance of our ADS. Clearwater, an open source virtual IP Multimedia Subsystem, is used for the validation of our ADS and experimental results show that the proposed ADS works well.

Sleep quality has great effect on physical and mental health. Severe insomnia will cause autonomic neurological dysfunction. For making good clinical decisions, it is crucial to extract features of sleep quality and accurately predict the mental illness. Prior studies have a number of deficiencies to be overcome. On the one hand, the selected features for sleep quality are not good enough, as they do not account for multisource and heterogeneous features. On the other hand, the mental illness prediction model does not work well and thus needs to be enhanced and improved. This paper presents a multi-dimensional feature extraction method and an ensemble prediction model for mental illness. First, we do correlation analysis for every indicators and sleep quality, and further select the optimal heterogeneous features. Next, we propose a combinational model, which is integrated by basic modules according to their weights. Finally, we perform abundant experiments to test our method. Experimental results demonstrate that our approach outperforms many state-of-the-art approaches.

With the rapid development of the Internet of Things (IoT), a large number of IoT device data has flooded into cloud computing service centers, which has greatly increased the data processing task of cloud computing. To alleviate this situation, IoT enabled fog computing comes into being and it is necessary to aggregate the collected data of multiple IoT devices at the fog node. In this paper, we consider a privacy-aware data collection and aggregation scheme for fog computing. Although the fog node and the cloud control center are honest-but-curious, the proposed scheme also ensures that the data privacy will not be leaked. Our security and performance analysis indicates that the proposed scheme is secure and efficient in terms of computation and communication cost.

Fog computing, as a mode of distributing computing resources, can process data directly at the network edge so becomes a promising solution towards the Internet of Things (IoT). To support various IoT services, many third-party fog resources providers participate in the service provisioning process, which accelerates the development of Fog as a Service (FaaS). Current solutions assume the existence of a reliable entity to maintain run-time information about such third-party fog resources providers, which is not feasible because of resource constraints at the network edge. To be aware of the dynamic availability of the fog resources, this paper proposes a graph-based decentralized reputation model for service provisioning in fog computing environment. This mechanism includes a verification model between fog nodes and a consensus mechanism for composite transactions in FaaS. This paper evaluates the proposed solution and proves its feasibility through the experimental result.

Attribute-based group signatures allow a group member who possesses certain attributes to anonymously sign messages on behalf the group, and an opening authority can reveal the real identity of the signer from a signature in case of any needed. Almost all of the existing schemes work only in the bilinear map setting and are insecure against quantum computers. The only exception is the lattice-based construction put forward by Kuchta et al. (ICISC 2017) that can handle the user enrollment, however, users cannot be revoked. As a flexible and practical revocation approach, verifier-local revocation (VLR) only needs the verifiers to own the up-to-date revocation information. In this work, we provide the first attribute-based VLR group signature from lattices, and thus, the first construction that supports for membership revocation and is quantum-resistant. The signature size of our scheme is linear in terms of the size of the threshold predicate and in the random oracle model, the security can be reduced to the worst-case lattice hardness problem, the approximating shortest independent vector problem (SIVP).

Block chain has become a hot research topic in recent years, such as the United Nations, the International Monetary Fund and other international organizations, as well as many governments. Industry has also increased investment efforts. At present, the application of block chain has been extended to the Internet of things, intelligent manufacturing, supply chain management, digital asset trading and other fields, which will bring new opportunities for the development of cloud computing, big data, mobile Internet and other new generation of information technology. On the basis of analyzing the disadvantages of the traditional VMI mode, this paper discusses the feasibility of applying the block chain technology in the VMI mode supply chain, and tries to construct the VMI mode supply chain management system based on the block chain technology. The purpose of this paper is to combine the blockchain technology and supply chain management in order to find a feasible way to implement the VMI supply chain mode.

With the rapid development of storage technology, Solid State Drive (SSD) has received extensive attentions from industry and academia. As a promising alternative of the conventional Hard Disk Drive (HDD), SSD shows its advantages in terms of I/O performance, power consumption and shock resistance. But the natural constraint of write endurance limits the use of SSDs in large-scale storage systems, especially for scenarios with high reliability equirements. The Redundant Arrays of Independent Disks (RAID) technology provides a mechanism of device-level fault tolerance. To guarantee the performance, current RAID strategies usually evenly distributes the I/O requests to all disks. However, different from HDD, the bit error rate (BER) of SSD increases dramatically when it gets older. Therefore, simply introducing RAID technology into SSD array would result in the “correlated SSD failure” problem, that is, all the SSDs in array wear out at approximately the same time, seriously affecting the reliability of the array. In this paper, we propose a Hybrid High reliability RAID architecture named H $$^{2}$$ -RAID, which combines SSDs with HDDs to achieve the high-performance of SSDs and the high-reliability of HDDs. To minimize the performance degradation caused by the low-performance HDDs, we design an HDD-aware backup strategy to coalesce the small writes requests. We implement the proposed strategy on the simulator based on Disksim. The experimental results show that we reduce the probability of data loss from 11.31% to 0.02% with only 5% performance loss, in average.

This paper focuses on the determination of sensitive data from huge mass of data collected from social network, cloud drives, local repository files etc. With the advancement of technology, numerous technologies have emerged and are actively being used in extracting useful and critical information about criminal activities from big data that get accumulated due to the use of communicating devices and applications. Numerous reduction techniques and data retrieval algorithm have been invented to extract sensitive information from accumulated data of criminals to prevent future criminal activities and to control unexpected events. In this paper, two different reduction techniques – Neural Network and K-Nearest Neighbor algorithms are used. Experiments for both algorithms were done in the similar environment by changing data size and node numbers in the processing cluster. From the experiment, it is found that Neural Network classification algorithm is more superior to retrieve sensitive data from big data than K- nearest neighbor algorithm.

Biometric authentication system has been widely used because of its convenience. But the development of science and technology has brought new challenges to biological information in the authentication system. In this paper, a revocable biometric template authentication scheme based on chaotic map is proposed. The scheme uses a piecewise Logistic chaotic mapping system to generate key sequences to encrypt biometric data and changes the way of traditional biometric authentication system which directly stored biometric templates in plaintext. Our scheme enables the storage and matching of biometrics in the encryption domain and it has improved the security of the biometric identity authentication in open network.