Security and Privacy in New Computing Environments

The basic idea of quantum secret sharing is to share classical information through quantum schemes. In reality, the number of secret bits shared will vary according to the actual situation. For this reason, a secret sharing scheme of double qubits is constructed based on single particle. At the same time, combined with the needs of real life in e-commerce, this paper proposes a quantum blind signature protocol suitable for electronic cash payment scenarios. In this protocol, the blinding of the message is an XOR operation, which makes the solution simpler and easier to implement, and the owner of the message cannot be tracked. Moreover, we use quantum key distribution protocol and quantum one-time pad to guarantee its unconditional security. The quantum blind signature applied to the electronic payment system proposed in this paper could protect user’s anonymity as the traditional E-payment systems do, and also have unconditional security which the classical E-payment systems cannot provide. Security analysis shows that our scheme is unforgeability, undeniability, blindness and unconditionally secure.

The traditional cryptosystem is based on the security of private key. While the private key is leaked, the signature information may be exposed. Based on this, a threshold signature scheme with strong forward security based on Chinese remainder theorem is proposed. The signature is generated through the cooperation of members, which solve the problem of authoritative fraud introduced by the dealer. The private key is updated periodically to handle the threat caused by the private key leakage. Security analysis shows that the existing signatures will not be affected by the compromise of the corresponding private keys, and do not allow for forgery of the future signatures, which shows that the new scheme has the forward security and the backward security. The efficiency analysis shows that our scheme is more efficient compared with the well-known existing schemes in the literature.

Cloud platform provides users with shared data storage services. To ensure shared data integrity, it is necessary to validate the data effectively. The audit scheme that supports the group dynamic operations conducts the integrity verification of the shared data, but this approach results in complex calculations for group members. The audit scheme of the designated agent implements the lightweight calculation of the group members, but it ignores the security risks between the group members and the agents. By introducing Hashgraph technology and designing a Third Party Medium (TPM) management strategy, a lightweight secure cloud auditing scheme for shared data supporting identity privacy and traceability (LSSA) is proposed, which realizes the security management of dynamic groups and the lightweight calculations for group members. Meanwhile, a virtual TPM pool is constructed by combining TCP sliding window technology and interconnected functions to improve agent security. Experiments on real data sets show that the theoretical analysis and experimental results are consistent, thereby reflecting the feasibility and efficiency of the scheme.

Emerging services such as cloud computing, the Internet of Things, and social networking are driving the growth of human society’s data types and scales at an unprecedented rate. The age of big data has officially arrived. The use of cloud computing technology to bring great convenience to big data processing, solve various deficiencies in traditional processing technology, make big data more application value and service value, but at the same time, it also brings new security problems. By analyzing the security threats faced by cloud computing-based big data platforms, a cloud computing-based big data platform security system framework is proposed, and a security deployment strategy is given.

Differential privacy enables data analysis while protecting individual privacy. However, existing differential privacy database platforms do not defend against repeated attacks. This paper proposes a practical Database Query System for differential privacy protection against repeated attacks with customizable privacy budget. By limiting adversary’s success probability and the number of attacks, the administrator can protect privacy against the repeated attacks. We conduct an evaluation of this solution, and explain the applicability of this system.

Data publishing for large-scale social network has the risk of privacy leakage. Trying to solve this problem, a differential private social network data publishing algorithm named DP-HRG is proposed in the paper, which is based on Hierarchical Random Graph (HRG). Firstly, the social network is divided into 1-neighborhood subgraphs, and the HRG of each subgraph is extracted by using both Markov Monte Carlo (MCMC) and exponential mechanism to compose the HRG candidate set. Then an average edge matrix is obtained based on the HRG candidate set and perturbed by a random matrix. Finally, according to the perturbed average edge matrix, a 1-neighborhood graph is regenerated and pasted into the original social network for publishing. Experimental results show that the proposed algorithm preserves good network characteristics and better data utility while satisfying the requirement of privacy protection.

The transparent property of the blockchain guarantees the immutability of the data on the chain, but it can lead to violations of data privacy protection. On the other hand, absolute anonymity will make it difficult for the government to supervise the encrypted content stored on the chain. Moreover, it is inconvenient for the data owners to delegate their decryption authority to others. In order to solve the problem of data privacy concern and supervision in the current blockchain, we propose a supervised data sharing model called CROSS, which combines the proxy re-encryption mechanism with the tree key distribution mechanism. The model realizes the hierarchical supervision and horizental sharing of private data on the blockchain, which effectively improves the privacy of the blockchain while taking into account security. Consideration should be given to some potential attacks and corresponding defenses against our proposed model.

The proposed trusted network is respond to the increasingly prominent internal network security threats. At present, research on trusted networks focuses on two aspects: pre-network access check and dynamic evaluation after access. The pre-access check considers the integrity of the terminal and uses encryption and authentication methods to achieve it. The dynamic evaluation uses the static and dynamic attributes of the trust to implement trust evaluation.

With the rapid advance of intelligent vehicles, auxiliary driving and automatic driving have been paid more attention to. While vehicle security has become increasingly prominent, which is seriously related to the property and personal safety. The attacker can send abnormal information to the controller through internal CAN bus. Because of the particularity of the vehicle CAN network information communication protocol, the encryption authentication technology cannot effectively solve the safety problem of the vehicle network. In the paper, a novel anomaly detection method based on CAN packet content is proposed. The scheme is effective in preventing in-vehicle ECU attacks caused by malicious modifications. Statistical thinking is adopted to analyze the characteristics of normal message content. Then a confidence interval based on normal features is defined for detecting abnormal network messages. Its detection performance has been demonstrated through experiments carried out on real CAN traffic gathered from an unmodified licensed vehicle.

With the widespread use of the Android operating system, the number of applications based on the Android platform is growing. How to effectively identify malware is critical to the security of phones. This paper proposes an Android malware detection method based on the combination of sensitive permissions and API features. This method extracts the permission features and API features by decompiling the APK file, and then uses the mutual information to select sensitive permissions and APIs as feature sets. On this basis, an ensemble learning model based on decision tree classifier and KNN classifier is used to quickly and accurately detect unknown APKs. The experimental results show that the discriminative accuracy of the proposed method is higher than that of the permission set or the API set alone, and the accuracy rate can reach up to 95.5%.

Due to the multi-scale fusion of cyber-physical systems, attackers can attack the physical space based on cyber space intentionally. This process can cause cascading failures and then in sharp contrast with the previous physical space. Thus, how to effectively evaluate the security of cyber-physical systems becomes critical. In this paper, we model the cyber-physical systems and then analyze the cascading failure process under target attack strategy. After doing that, based on the comparative analysis of simulation experiments, we analyze the main factors affecting the security of the cyber-physical system.

The patients’ health information is often kept as electronic health records (EHRs). To improve the quality and efficiency of the care, EHRs can be shared among different organizations. However, the inappropriate sharing or usage of these healthcare data could threaten people’s privacy. It becomes increasingly important to preserve the privacy of the published EHRs. An attacker is apt to identify an individual from the published EHRs by partial measurement information as background knowledge, with attacks through the record linkage and attribute linkage. To resist the above types of attacks, we propose a privacy preservation with perturbation in the published healthcare data (PPHR). To protect the privacy of sensitive information, we first determine the critical sequences based on which some specific records are easy to be identified. Then, we adopt perturbation on these sequences by adding or deleting some points while ensuring the published data to satisfy l-diversity. A comprehensive set of real-life healthcare data sets are applied to evaluate the performance of our anonymization approach. Simulations show our scheme possesses better privacy while ensuring higher utility.

The usage of Location-Based Services (LBSs) ranges from searching points of interests to location-based social networking. They are present in almost every daily task. Moreover, with smartphone ownership growth, getting one’s location became easier, and the privacy-related issues became almost inescapable. Accordingly, numerous efforts have extensively explored the problem from different perspectives. Many of the existing solutions lack rigorous privacy safeguards and have been foiled by several location attacks. In a nutshell, their shortcomings are mainly due to the heavy dependence on computational privacy models, and the lack of consideration for adaptable protections. We discuss in this paper the current location-based services models, privacy issues, a general overview of the protection mechanisms, and our thoughts about location-privacy in the near future.

An increasing number of people are sharing information through text messages, emails, and social media without proper privacy checks. In many situations, this could lead to serious privacy threats. This paper presents a methodology for providing extra safety precautions without being intrusive to users. We have developed and evaluated a model to help users take control of their shared information by automatically identifying text (i.e., a sentence or a transcribed utterance) that might contain personal or private disclosures. We apply off-the-shelf natural language processing tools to derive linguistic features such as part-of-speech, syntactic dependencies, and entity relations. From these features, we model and train a multichannel convolutional neural network as a classifier to identify short texts that have personal, private disclosures. We show how our model can notify users if a piece of text discloses personal or private information, and evaluate our approach in a binary classification task with 93% accuracy on our own labeled dataset, and 86% on a dataset of ground truth. Unlike document classification tasks in the area of natural language processing, our framework is developed keeping the sentence level context into consideration.

In order to effectively evaluate the information security level for an intelligent and connected vehicle, a novel Intelligent Connected Vehicle (ICV) Information Security Attack and Defense (ICV-ISAD) test evaluation method is proposed in this paper. ICV-ISAD test method is based on long-term large number of real vehicle test experiments. It mainly consists of security threat and risk analysis, test strategy design, test tool call, test point mapping, test procedure execution, and remediation measures mapping. Using ICV-ISAD test method, we conducted test experiments to In-vehicle Network, Telematics Box, Engine Control Unit, In-Vehicle Infotainment, Mobile Application, Radio and Telematics Service Provider for different types of vehicle. The results show that some vulnerabilities exist in ICV’s system, such as gateway filtering vulnerability, high-risk port opening, Cross Site Scripting (XSS), Structured Query Language (SQL) injection, weak password, and cleartext network traffic (HTTP). Besides, ICV-ISAD test method could map some remediation measures or recommendations for these vulnerabilities. It denotes that ICV-ISAD test method can effectively test and evaluate the information security of ICV.

With the development of Intelligent Connected Vehicles, a large number of automobile cybersecurity incidents also occur. Scientific and reasonable incident response system is the key technology to ensure the successful handling of cybersecurity incidents. From the point of view of management, referring to the construction of incident response system in IT industry and combining with the characteristics of automobile cybersecurity, this paper puts forward the framework of incident response system for automobile cybersecurity. The framework includes five aspects: plan and prepare, detection and reporting, assessment and decision, responses and lessons learnt. Emphasis is laid on the formulation and updating of management policy, the establishment of incident response team, incident coordination mechanism and so on. Then, based on the method of questionnaire survey, the evaluation method of incident response capability is put forward. The research method makes up for the blank of automobile industry in cybersecurity incident response, and has an important positive role in reducing the adverse impact of security incidents.

Compared with exact search, fuzzy search will meet more practical requirements in searchable encryption since it can handle spelling errors or search the keywords with similar spelling. However, most of the existing fuzzy search schemes adopt bloom filter and locality sensitive hashing which cannot resist Sparse Non-negative Matrix Factorization based attack (SNMF attack). In this paper, we propose a new secure multi-keyword fuzzy search scheme for encrypted cloud data, our scheme leverages random redundancy method to handle the deterministic of bloom filter to resist SNMF attack. The scheme allows users to conduct complicated fuzzy search with logic operations (“AND”, “OR” and “NOT”), which can meet more flexible and fine-grained query demands. The theoretical analysis and experiments on real-world data show the security and high performance of our scheme.

In recent years, many revocable group signatures schemes were proposed; however, the backward security, which can disable a revoked signer to generate group signatures pertaining to future time periods, was not fully realized through those schemes. In this paper, we present a security model with the definition of backward security and propose a revocable group signatures scheme that is more efficient than previous ones, especially in Sign and Verify algorithms, which are performed much more frequently than others. In addition, considering the heavy workload of group manager in original group signatures, we separate a group into groups by employing a decentralized model to make our scheme more scalable, and thus more practical in real-life applications.

Biometric credentials have become a popular means of authentication. However, since biometrics are unique and stable, one data breach might cause the user lose some of his biometrics permanently. And the stolen biometrics may be used for identity fraud, posing a permanent risk to the user. There have been many studies addressing this problem, in which the protection of biometric templates is a basic consideration. However, most existing solutions have inefficient security or efficiency. In this paper, we use the ElGamal scheme which shows good performance in applications to construct an efficient, privacy-preserving palmprint authentication scheme. We first construct a palmprint recognition scheme based on palm lines and feature points with good performance. Then, we use the RP (random projection) method to effectively reduce the extracted palmprint features, which greatly reduces the volume of data to be stored. Finally, we design a confidential comparison process based on the ElGamal scheme to perform efficient comparisons of palmprint features while ensuring provable security. Subsequent theoretical analysis/proof and a series of experiments prove the significance and validity of our work.

With the development of science and technology, the world has become increasingly closely linked. While enjoying the convenience brought by the Internet, we are also facing the danger of risk dissemination. This problem has become more challenging in real-world networks. In this paper, in view of the outbreak of network threats, such as malware, computer viruses, rumors, etc. It is particularly important to identify the source of network threats. In this paper, we have done the following work. Firstly, we draw on the propagation models from epidemiology and design an algorithm partitioned Jordan Center (PJC) to locate the multiple propagation sources. Then, by establishing an extended model originated from propagation sources, we derive the number of sources of estimation. In order to evaluate the performance of the proposed method, a series of experiments were carried out in real-world network topologies. Experimental results show that the method is more accurate than the existing methods.

Exploiting the fact that the pitch period parameter in speech parameter encoding is difficult to predict, a large number of steganographic strategies choose to embed secret information in the pitch period. Several detection methods for these steganography strategies based on the pitch period have also been proposed so far, but it is still a challenge to detect the steganography accurately. In this work, a new steganalysis scheme is proposed to detect pitch period based steganography, which has lower complexity and higher accuracy compared with the existing steganalysis schemes. Firstly, we regard a frame as a calculation unit within which the parity of four sub-frames can be obtained. Secondly, after filtering and merging into 14-dimensional PBP (parity Bayesian probability) features, these features are classified by the support vector machine (SVM). We evaluate the performance of the proposed strategy with numerous speech samples encoded by the adaptive multi-rate audio codec (AMR) and compare it with the state-of-the-art strategies. The experimental results illustrate that proposed method can effectively detect the pitch-delay based steganography. It is not only superior to the existing steganalysis methods in detection accuracy, but also has outstanding real-time detection performance and robustness because of its lower feature dimension and complexity.

With the increasingly extensive applications of the network, the security of internal network of enterprises is facing more and more threats from the outside world, which implies the importance to master the network risk assessment skills. In the big data era, there are various security protection techniques and different types of group data. Meanwhile, Online Social Networks (OSNs) and Social Internet of Things (SIoT) are becoming popular patterns of meeting people and keeping in touch with friends [2, 5]. However, risk assessment, as a bridge between security experts and network administrators, to some extent, whose accuracy can influence the judgment of administrators to the entire network state. In order to solve this problem, this essay proposes the improved MulVAL framework to optimize the risk assessment process by establishing the HMM model and the Bayesian model, which can improve the accuracy of the evaluation value. Firstly, behavior of the attacker is described in-depth by the attack graph generated through MulVAL. Then, with the quantitative evaluation conducted by the Common Vulnerability Scoring System, the nodes on the attack path can will be evaluated and the value will be further evaluated by the Bayesian model. Finally, by establishing the hidden Markov model, the corresponding parameters can be defined and the most likely probabilistic state transition sequence can be calculated by using the Viterbi algorithm to deduce the attack intent with the highest possibility.

Recent advances in Internet of Things (IoT) connectivity have made IoT devices prone to Cyber attacks. Moreover, vendors are eager to provide autonomous and open source device, which in turn adds more security threat to the system. In this paper, we consider network traffic attack, and provide a Fog-assisted solution, dubbed as FIREWORK, that reduces risk of security attacks by periodically monitoring network traffic, and applying traffic isolation techniques to overcome network congestion and performance degradation.

Outsourcing encrypted data to cloud platforms is widely adopted by users, but there are some problems existing in it: one is that encrypted databases only provide limited types of queries for users. Meanwhile, in the deterministic encryption, users’ encrypted data is subject to the frequency attack easily. Besides, users’ data privacy is disclosed to cloud platforms when their data is updated. To address these problems, in this paper, we propose an effective encryption scheme on outsourcing data for query on cloud platforms. In our scheme, users’ data is encrypted according to all possible queries to meet users’ diverse query demands. Furthermore, a double AES encryption method is adopted to cope with the frequency attack existing in deterministic encryption. To protect users’ privacy when their data is updated, a neighbor rows exchange method is designed in our scheme. The theoretical analysis and comparative experiments demonstrate the effectiveness of our scheme.

The Internet of things (IoT) is the network that composed of different devices (e.g. computers, vehicles, RFID and sensors etc.) and allows these things to connect, interact, generate data and exchange data. The IoT technology plays a role in people and has become a research hotspot. Due to the expansion of urban area, the construction of underground pipelines lags behind, the increase of rainfall makes it impossible to drain rainwater from the city interior, which endangers the safety of life and property. On the one hand, the planning of urban drainage system is unreasonable, on the other hand, the water monitoring system of city road is not formed, the data monitoring and data processing is not timely enough, so that it is failure to achieve effective early warning. In view of the above problems, this paper proposes an urban waterlogging monitoring and warning system. In view of the above problems, this paper proposes a urban waterlogging monitoring and warning system. The system combines Vehicle Network, Sensor Technology and Cellular Network technology to realize an IoT application of rain water monitoring, data transmission, processing and warning system of urban waterlogging situation, which makes the traffic environment in the city more networked and intelligent, and reduces the occurrence of property and personal safety incidents.

With the development of Wireless Sensor Network (WSN), the number of Internet of Things (IoT) services has increased dramatically. In order to use IoT services conveniently, it has become a key issue to reasonably aggregate information, content and applications, and filter services according to users’ needs. Most of the existing service selection algorithms adopt heuristic search algorithm or Genetic Algorithm (GA). The heuristic algorithm is not stable, and GA cannot meet the needs of service selection because of the one-dimensional chromosome coding. For overcoming the disadvantages of these methods, this paper proposes a multi-objective service selection algorithm based on Ant Colony Optimization (ACO) for Quality of Experience(QoE) restrictions. The proposed method can get a feasible solution quickly and efficiently by utilizing the fast convergence speed of ACO. Specifically, QoE model was established firstly, and relevant constraints and quantitative methods are given. Secondly, a service selection model based on ACO was constructed to select specific services based on the above model. Finally, the proposed method is verified through simulations. Results show that, compared with GA-based method, the proposed algorithm can improve the recall rate and precision rate, and has a higher algorithm efficiency in solving the service selection problems.

With the rapid development of cloud storage technology, cloud data assured deletion has received extensive attention. While ensuring the deletion of cloud data, users have also placed increasing demands on cloud data assured deletion, such as improving the execution efficiency of various stages of a cloud data assured deletion system and performing fine-grained access and deletion operations. In this paper, we propose the Fast deletion scheme of cloud data. The scheme replaces complicated bilinear pairing with simple scalar multiplication on elliptic curves to realize ciphertext policy attribute-based encryption of cloud data, while solving the security problem of shared data. In addition, the efficiency of encryption and decryption is improved, and fine-grained access of ciphertext is realized. The scheme designs an attribute key management system that employs a dual-server to solve system flaws caused by single point failure. The scheme is proven to be secure, based on the decisional Diffie-Hellman assumption in the standard model; therefore, it has stronger security. The theoretical analysis and experimental results show that the scheme guarantees security and significantly improves the efficiency of each stage of cloud data assured deletion.

Aiming at the shortcomings of most of existing ciphertext access control scheme in cloud storage does not support dynamic update of access control strategy, has large computational overhead ,combine identity-based cryptosystem and role based access control model (using RBAC1 model of the RBAC96 model family), build RBAC model based on identity-based cryptosystem in cloud storage. This paper presents a formal definition of the scheme, a detailed description of four tuple used to represent access control strategy, the hybrid encryption strategy and Re-encrypt when writing strategy in order to improve the efficiency of the system, detailed steps of system initialization, add and delete users, add and delete permissions, add and delete roles, add and delete role inheritance, assign and remove user, assign and remove permission, read and write file algorithm.

Cloud storage security has been widely focused by the industry and academia in recent years. Differing from the previous researches on cloud data integrity audit, we pay more attention to the security of log generated during the operation of cloud data. While cloud data is damaged and tampered by various security threats (e.g. faulty operations, hacker attacks etc.), it is one of the most common methods to track accidents through log analysis. Therefore, ensuring the integrity of the log files is a prerequisite for completing the incident tracking. To this end, this paper proposes a public model for verifying the integrity of cloud log based on a third party auditor. In order to prevent the log data from being tampered with, we aggregate the log block tags by using the classic Merkle hash tree structure and generate the root node which will be stored in the blockchain. In addition, the proposed scheme does not leak any log content during public audit. The theoretical analysis and experimental results show that the scheme can effectively implement the security audit of cloud logs, which is better than the past in terms of computational complexity overhead.

Web scan is one of the most common network attacks on the Internet, in which an adversary probes one or more websites to discover exploitable information in order to perform further cyber attacks. For a coordinated web scan, an adversary controls multiple sources to achieve a large-scale scanning as well as detection evasion. In this paper, a novel detection approach based on hierarchical correlation is proposed to identify coordinated web campaigns from the labelled malicious sources. The semantic correlation is used to identify the malicious sources scanning the similar contents, and the temporal-spatial correlation is employed to identify malicious campaigns from the semantic correlation results. In both correlation phases, we convert the clustering problem into the group partition problem and propose a greedy algorithm to solve it. The evaluation shows that our algorithm is effective in detecting coordinated web scan attacks, since the metric Precision for detection can achieve 1.0, and the metric Rand Index for clustering is 0.984.

With the development of Intelligent Connected Vehicle (ICV), the information security problems it faces are becoming more and more important. Authentication and access control is an important part of ensuring the security of intelligent connected vehicles’ information. In this paper, we have proposed a multi-domain based access control model (MDBA) based on the attribute-based access control model. The model proposes access control from the aspects of intelligent connected vehicles’ multi-domain, thus ensuring the information security of intelligent connected vehicles.

Shor presented a quantum algorithm to factor large integers and compute discrete logarithms in polynomial time. As a result, public key cryptosystems, such as RSA, ElGamal and ECC, which are based on these computational assumptions will become insecure with the advent of quantum computers. To construct a secure anti-quantum public-key cryptosystem, Wu et al. introduced the notion of data complexity under quantum environment. Based on the hardness of NP-complete problems and data complexity, they presented a new public key cryptosystem. Using Shor’s quantum algorithm, we break their public key cryptosystem by directly solving the private key from the public key. Therefore, their public key cryptosystem is insecure in a quantum computer.

Medical expert system not only has a lot of medical professional knowledge, but also has inference ability. The inference engine is not only one of the cores of the expert system, but also the key to designing the expert system. We focus on inference engine. In order to improve the diagnostic accuracy of medical diagnostic expert system, we propose the Group Decision Making (GDM) medical diagnosis expert system based on the Standardized Euclidean Distance-Jaccard Distance (SED-JD) algorithm. The mainly research content of inference engine is similarity measurement algorithm (that is SED-JD) and inference engine rule scheme (that is GDM). In order to get more accurate diagnosis, data preprocessing was performed before our experiments. In the design of inference engine, the selection of the Group Decision Making Objects (GDMOs) depends on the maximum similarity distance (MaxDist). The final decision result depends on the average similarity distance of each subgroup. By comparing the similarity scheme and GDM scheme, the experimental results show that GDM scheme is more effective and accurate. By comparing the Standardized Euclidean Distance (SED) algorithm, the Jaccard Distance (JD) algorithm and SED-JD algorithm, the experimental results show that SED-JD algorithm is more accurate.

While mobile internet brings convenience to people, it also introduces many security risks. For security protection of specific business, the technical means such as traffic analysis and illegal protocol identification can effectively detect network attacks, because of the simple business protocol and small business access. This paper proposes a lightweight intrusion detection and prevention method, based on nDPI, adopting common network packet capture means for design and implementation of a lightweight intrusion detection and prevention system. The test results show that the system can detect the abnormal protocol through the traffic and trace back to the corresponding terminal, so as to handle the abnormal terminal response and block the abnormal connection initiated from the terminal, thereby achieving the purpose of intrusion prevention.

In this paper, the reliability performance analysis of coupled cyber-physical systems under different network types is investigated. To study the underlying network model, we propose a practical model for interdependent cyber-physical systems using network percolation theory. For different network models, we also study the effect of cascading failures effect and reveal mathematical analysis of failure propagation in such systems. The simulation results show that there exists a threshold for the proportion of faulty nodes and different system parameters, beyond which the cyber-physical systems collapse.

Due to the decentralized nature and security attributes of blockchain, cyber-physical systems (CPS) emerge more and more interdependent. However, an important challenge of such interdependent CPS is the cascading failures. Thus, how to analyze the invulnerability of interdependent coupled CPS becomes critical and indispensable. In this paper, we have modeled the interdependent CPS in the blockchain environment, and analyzed the cascading failures process based on the network characteristics. Besides, based on simulation experiments, we analyze the main factor affecting the invulnerability of CPS.

With the acceleration of the Internet of things (IoT) construction, the security and energy consumption of IoT will become an import factor restricting the overall development of the IoT. In order to reduce the energy consumption of the IoT heterogeneous perceptual network in the attack-defense process, the placement strategy of the intrusion detection system (IDS) described in this paper is to place the IDS on the cluster head nodes selected by the clustering algorithm called ULEACH, which we have proposed in this paper. Furthermore, by applying modified particle swarm optimization, the optimal defense strategy is obtained. Finally, the experiment results show that proposed strategy not only effectively detects multiple network attacks, but also reduces energy consumption.

With the development of information technologies, digital media advertising (AD) based on the Internet has penetrated into every aspect of real life. Particularly, in recent years, the rapid development of modern digital media technology has brought huge opportunities to the Internet digital advertising (IDA), where many digital advertising media systems have been introduced. However, after these digital advertising media systems are released to the IDA market, some problems become increasingly prominent. For example, a large number of low-quality advertisements (ADs) have caused great troubles for Internet users, and the fake traffic has plunged the IDA market into a crisis of trust. It is necessary to rebuild the trust and suppress the spreading of low-quality ADs. To address this issue, we propose a blockchain-based digital advertising media system (B $${^2}$$ DAM). With the desirable features of blockchain such as decentralization, trust system, high autonomy and tamper resistance, our system is able to improve the experience of Internet users, purify the environment of IDA market, and further promote the sound development of the IDA market.

This paper presents a novel methodology to detect the steganography on the fixed codebook (FCB) of adaptive multi-rate (AMR) speech stream. We have found that correlations of pulses are influenced by the steganographic operation. Based on this, two categories of features are proposed to characterize the pulse correlations, namely subframe-level pulse correlation based on self-information and track-level pulse correlation based on mutual-information, whose feature dimension is only 1/5 of the state of the art. The proposed method employs the support vector machine as the classifier and is evaluated with a large quantity of AMR speech samples. The experimental results demonstrate that the propose method is effective and has a better detection performance than the state of the arts.

Non-reentrant functions are commonly used in multi-thread programs, such as network services and other event-driven programs, to reserve some global states in a concurrent context. However, calling non-reentrant functions may bring several kinds of dangerous pointer dereference faults, and will lead to serious consequences such as program vulnerabilities. To beat this, this paper presents an approach to check state consistency against non-reentrant functions based on taint analysis and symbol execution technology. The proposed method records the program taint states and traces the data flow during the symbol execution process where some rules are specified to check the state consistency and exceptions such as null pointer reference, pointer double free and pointer use-after-free. We implement a proof-of-concept system SC2NRF based on the symbol execution framework angr. Further experiments show that our approach is able to effectively check state consistency of non-reentrant functions in binary programs.

This paper proposed a SE Dots architecture and system with type awareness and high scalability to improve the ability to handle DDoS attacks across networks. Firstly, we designed a Dots protocol that includes attack type extensions, which enables accurate sensing of attack types. Then, the shunt capability module and adaptive matching module are extended in Dots framework to realize the adaptive selection of various disposal mechanisms, thus effectively extend the docking of different types of Mitigator to achieve a finer-grained cleaning effect. Technical verification shows that, under the same DDoS attack, the use of SE Dots scheme and architecture can improve the disposal efficiency by 17% and increase the user access success rate by 31.5% without increasing the cost of equipment. and it has strong advancement and practicability.

In recent years, the mobile Internet has been rapidly developed and widely used. Aiming at the problems of the weak computing power of mobile internet mobile terminal equipment, limited energy supply and high security requirements due to the complexity of mobile Internet environment, we proposes a secure and efficient server-assisted verification threshold proxy re-signature scheme, and the correctness of the program is verified. The proposed scheme includes a threshold proxy re-signature algorithm and a server-assisted authentication protocol scheme. Threshold proxy re-signature is a technique of proxy re-signature using threshold, which can decentralize the proxy’s signature rights. In the scheme, the verifier and the server send the complex signature verification operation to a semi-trusted server through the protocol, which effectively reduces the computational load of the verifier. The security analysis results show that the new scheme is safe and it is proved that the scheme is safe under collusion attack and adaptive selection message attack under the standard model. The performance analysis results show that the new scheme proposed in this paper has shorter signature length, less computational cost, higher verification efficiency and better adaptability to the mobile Internet environment.

Based on the intractable problem of discrete logarithm in ECC and the intractability of reversing a one-way hash function, this paper presents a signcryption scheme with public verifiability and forward security. In the process of security proof, the unforgeability ensures that the attacker can’t create a valid ciphertext. We verify the cipher text $$ c $$ instead of the plain text $$ m $$ in verification phase. We protect the plain text $$ m $$ , which makes the proposed scheme confidential. Thus, the proposed scheme has the property of public verification. And the scheme ensures that if the sender’s private key is compromised, but the attacker can’t recover original message $$ m $$ from cipher text $$ (c,R,s) $$ . By the performance analysis, our proposed scheme mainly uses the model multiplication. Compared with Zhou scheme, the number of model multiplication has lost one time in signcryption phase, which leads to the significant increase in calculation rate. Moreover, the signature length has lost $$ 2|n| $$ compared with Zhou scheme. In other words, the minimum value of complexity is reached in theory. This makes the scheme have higher security and wider applications.

Reversible watermarking is widely used in copyright protection of relational data. It allows recovering the original data besides claiming copyright. In current schemes, watermarked data are either completely restored to the original version or kept unchanged. We present a robust and reversible watermark which allows arbitrary portion of the watermark to be removed. Experiments show the robust of the proposed algorithm is robust.

Current anomaly-based network attack detection methods face difficulties such as unsatisfied accuracy and lack of generalization. The Rule-based Web attack detection is difficult to combat against unknown attacks and is relatively easy to bypass. Therefore, we propose a new method to detect Web attacks using deep learning. The method is based on analyzing HTTP request, where only some preprocessing is required, and the automatic feature extraction is done by the Bi-LSTM itself. The experimental results on the dataset HTTP DATASET CSIC 2010 show that the Bi-LSTM has good performance. This method has achieved state-of-the-art results in detecting Web attacks, and has a high detection rate while maintaining a low false alarm rate.

Due to lacking proper theory to accurately describe characteristics of vulnerability, the existing static detection models are designed for specific vulnerability is hard to be expanded and the latter often encounters the state space explosion and with higher false positive rate. This paper proposes a static detection model of a five-tuple ( $$n_0;F;S;P;Q$$ ): the vulnerability initial nodes set, program state space, Vulnerability Syntax Rules, preconditions of vulnerability, and post-conditions of vulnerability are accurately described. We design a testing prototype system for the static detection model and carry out experiments to evaluate the results with the vulnerabilities disclosed by NIST. Our model find more vulnerabilities of Wireshark than published by NIST and shows higher detection efficiency than that of FindBugs. Formal accurately description is prerequisite of auto-detection of vulnerability.

Traditional wireless sensor networks rely on battery power to operate, but when the node’s energy is exhausted, the node loses its ability to operate. To enable wireless sensor networks to achieve continuous working, researchers have turned their attention to energy harvesting wireless sensor networks. The energy harvesting wireless sensor network has the advantages of energy renewable, low maintenance cost, etc., and can achieve permanent use of nodes to a certain extent. However, the energy collected by nodes in such networks will change with the change of environment and time, so the survival of energy-gathering wireless sensor networks in environmental detection needs further study and research. In view of the above problems, we designed a solar energy harvesting wireless sensor network in this paper, and designed energy harvesting and energy consumption related experiments to record the energy and network characteristics under different weather and time, collected under different conditions, and model the solar energy collected under different circumstances, so as to provide basic data for the further research of network reliability and other characteristics.

The arrival of the era of big data has brought about changes and impacts on human life, work, and thinking. With the rapid development of the scale and number of e-commerce in China, the e-commerce marketing requires continuous innovation. Big data can tap and utilize the underlying business value behind the data to achieve more precise positioning and marketing. This article analyzes the big data theory and method, discusses the three major challenges of data holding, data processing and data security brought by e-commerce in the era of big data. The era of big data analyzes and accurately updates and changes the target audience. A case study of JD e-commerce company was conducted again to analyze JD’s big data platform and the application and practice of marketing based on the platform. Inspired by the case study, we found weaknesses and made suggestions.

This paper proposes a trusted international settlement solution based on Cross Check of CDRs, improving the credibility and verification efficiency of international settlement, and preventing fraud and tampering. Based on the distributed settlement architecture of blockchain and cloud database, the solution confirm the CDRs of home operator, roaming operator, transit operator, third-party operator and user to form a trusted consensus. Based on smart contract reducing the duplication check of CDRs and bills, the solution improve the operational efficiency. Using cloud database and blockchain deposits technology, the solution solve the data storage capacity limitation and data tampering problem of blockchain. The solution effectively solves the problems of CDRs fraud, data tampering and disclosure, CDRs/bill duplication check in the existing international settlement service of operators. Experiment proves that the settlement efficiency of the single operator in the solution can be improved to hour level to realize the fully automation of settlement process.

In recent years, much attention has been paid on the design and realization of smart campus, which is a miniature smart city paradigm consisting of its unique infrastructures, facilities, and services. Realizing the full vision of smart campus needs an instrumented, interconnected, and intelligent cyber physical system leveraging ICTs and physical infrastructures in the campus. Moreover, the study of a smart campus could pave a way for studying smart cities. In a smart campus, heterogeneous big data is continuously generated by the different functional sensing devices. This poses great challenges on the computation, transmission, storage, and energy consumption of traditional sensor-to-cloud continuum, which typically incurs huge amount of network transmission, high energy consumption, and long (sometimes intolerable) processing delay. Based on these observations, we propose a fog-enabled smart campus to enhance the real-time service provisioning. An architecture of smart campus is put forward, in which multiple fog nodes are deployed to guarantee the real-time performance of services and applications by performing tasks at the network edge. Furthermore, a lot of open research issues regarding to this architecture are discussed in hope to inspire to expand more research activities in this field.

Mobile edge computing has always been a key issue in the development of the mobile Internet and the Internet of things, how to efficiently schedule tasks has gradually become the focus of mobile edge computing research. Task scheduling problem belongs to the NP-hard optimization problem. Many traditional heuristic algorithms are applied to deal with the task scheduling problem. For improving the problem that ant colony algorithm has slow convergence speed, an ant colony optimization fuzzy clustering algorithm is proposed in this paper. In this algorithm, the fuzzy clustering algorithm is used to reduce the search space range in order to reduce the complexity of the scheduling algorithm and the number of iterations. And the optimal solution of the scheduling is found using the strong global search ability of ant colony algorithm. The simulation results show that the performance of the ant colony optimization fuzzy clustering algorithm is better than that of the First-Come-First-Served algorithm and the traditional ant colony optimization algorithm.

With the rapid development of the Internet, the combination of outsourcing and Internet has produced an overturning mode for labor cooperation – crowdsourcing. Crowdsourcing outsource the work that used to be done by internal staffs of a company or organization to non-specific people in a free and voluntary way, which concentrates the wisdom of public to solve difficult problems, greatly optimizes the rational allocation of human resources and thus improves the social productivity. In the environment of crowdsourcing market, how to set an “appropriate” price to recruit workers to complete a given task at a reasonable quality and cost is a key problem which restricts the development of it. Therefore, this paper proposes a posted pricing method based on the Random Forests (RF) algorithm in crowdsourcing market. The proposed mechanism is described theoretically and the actual crowdsourcing date is acquired from Taskcn by python spider firstly. Then, based on these empirical data, serval typical machine learning methods have been compared, which proves that RF is a very suitable method for posted pricing in crowdsourcing market. Finally, extensive experiments have been conducted and analysed for optimizing the parameters in RF and a set of parameters suitable for posted pricing in crowdsourcing is given to construct the corresponding RF model.

Crowdsensing has been integrated into many aspects of human life. Compared with the general mode of perception which need to arrange a large number of sensors in advance, crowdsensing uses the idea of crowdsourcing to distribute tasks to participants carrying mobile sensing devices with them, which can save the cost of deploying sensing nodes. Therefore, how to make people actively participate in perception has become a hot issue. The existing incentives mainly include bonus incentives, game entertainment incentives, and social relationship incentives. This paper proposes a reverse auction incentive mechanism based on the participant’s behavior. Specifically, we analyze the user’s behavior and build a model of participant competency assessment firstly; then, according to the above analysis, each user is scored and the reward is distributed using the improved reverse auction algorithm. The experimental results show the effect of the proposed method.

Lightweight ciphers have a wide range of applications such as IoT, anti-counterfeiting labels, and passive RFID, which drawing loads of attention in recent years. Obviously, the most significant metric of lightweight cryptography is the area. To implement the smallest area lightweight cipher, to the best of our knowledge, the bit-serial structure is used. However, the bit-serial provides a possible access for the small area occupied hardware Trojan to steal key information at the same time, which makes lightweight ciphers vulnerable to Trojan attack. In this paper, we introduce a general hardware Trojan scheme targeted on ciphers based on bit-serial technique, which can leakage secret key through only one flip-flop at least with ease. This paper will alert cryptographic designers not implement the ciphers only based on design specifications, without taking hardware security into account.

This study presents the current situation (starting with January 2015) related to EU Regulation eIDAS. eIDAS represents the latest EU initiative to build a common framework for electronic identification and trust services. It was the intention of European Council to elaborate and impose a minimal legislation which should guarantee compatibility and interoperability of national identification and trust systems while still allowing the existence of local legal flavors. It is expected that eIDAS will offer safer interactions between various entities (such as private enterprises, public enterprises, citizens, administration) thus contributing to the growth of European market and the improvement of cross-border transactions. Exposure of the current state is combined with suggestions and discussions about improvements to the former eID resulting from the new regulation. A section on the implementation of interoperability framework in some member states gives a first insight into the work which will be required in the next few years for completing the implementation. This paper presents a thorough review of the main identification and trust techniques in eIDAS and the differences to previous or more local similar frameworks.

Moving object gathering pattern refers to a group of incident or case that are involved large congregation of moving objects. Mining the moving object gathering pattern in massive and dynamic trajectory data streams can timely discover the anomalies in the group moving model. This paper proposes a moving object gathering pattern mining method based on trajectory data stream, which consists of two stages: clustering and crowed mining. In the clustering stage, the MR-GDBSCAN clustering algorithm is proposed. It uses the grid to index moving objects and uses the grid as a clustering object and determines the center of each cluster. In the crowed mining phase, the sliding time window is used for incremental crowed mining, and the cluster center is used to calculate the distance between different clusters, thereby improving the crowed detection efficiency. Experiments show that the proposed moving object gathering pattern mining method has good efficiency and stability.

With the acceleration of urbanization and motorization, the characteristics and rules of residents’ travel are constantly changing. Analysis of this information provides reference and guidance for transportation planning, urban management and residents’ travel. With the development of mobile positioning and wireless communications, GPS signals, mobile phone signaling data and other data have established the foundation for obtaining wide-area travel information. This paper proposes a travel mode recognition method based on mobile phone signaling data. In the data preprocessing stage, the method effectively identifies and processes exceptions such as “ping-pong switching” effect and “data drift” effect through time-space threshold filtering, and accurately recognizes key points in the trajectory segmentation stage through feature analyses. In the recognition stage, this method utilizes the road network constraints to improve the calculation of features. The experimental results show that the method can effectively recognize the mode of residents’ travel according to the mobile phone signaling data.

In view of the fact that some attacks have low detection rates in intrusion detection dataset, a two-level feature selection method based on minimal-redundancy-maximal-relevance (mRMR) and information gain (IG) was proposed. In this method, irrelevant and redundant features were filtered preliminarily to reduce data dimension by using mRMR algorithm, and highly correlated features to low detection rate attacks were obtained based on the calculation of information gain, and finally these features were integrated together to get final feature subset. The experimental results showed that the classification result of the feature subset filtered by this method had a better classification performance than the current filtering methods and improved the testing results of some attacks with low detection rates effectively.

This paper proposed a malicious node detection model based on reputation with enhanced low energy adaptive clustering hierarchy (Enhanced LEACH) routing protocol (MNDREL). MNDREL is a novel algorithm, which is aimed at identifying malicious nodes in the wireless sensor network (WSN) more efficiently. Cluster-head nodes are first selected based on the enhanced LEACH routing protocol. Other nodes in WSN then form different clusters by selecting corresponding cluster-head nodes and determine the packets delivery paths. Each node then adds its node number and reputation evaluation value to the packet before sending it to the sink node. A list of suspicious nodes is then formed by comparing the node numbers, obtained through parsing with the packets by the sink node, with the source node numbers. To determine the malicious nodes in the network, the ratio of the suspect value to the trusted value of each node is further calculated and compared with a predefined threshold. The simulation experiments show that the proposed algorithm in this paper is more efficient in detecting malicious nodes in WSN with lower false alarm rate than other state-of-the-art methods.

Clustering is an important data processing tool, which can be used to reveal the distribution structure of unfamiliar domain data, or as preprocess methods to magnify data object to accelerate subsequent processing or simplify models. However, the distribution of many real-world data in feature space is very complex or uneven. Besides, the similarity/distance is not easy to be properly defined in feature space with different dimensional quantity. Therefore, many existing clustering algorithms are not stable in real datasets, and better performance of different datasets relies on artificial special design, such as scale normalization. In this paper, we propose a bidirectional hierarchical clustering (BHC) algorithm with two phases. In the first phase (Top-down), based on the probability density function of data in different dimensions, the feature space is divided into over-segmented grids to adapt to the complex distribution of data. In the second phase (Bottom-up), based on statistical information, a robust distance instead of geometrical distance is defined to agglomerate the grids into a dendrogram. Compared with the individual data points, grids created in the first phase can carry more statistical information, and the magnified processing objects can accelerate the clustering process. The second phase enhances the algorithm’s ability by the ability of recognize arbitrary shape data clusters. The effectiveness of BHC is compared with 20 popular or recent clustering algorithms on 8 artificial datasets and 6 real-world datasets. And the results show that our algorithm can achieve good results on most datasets. In particular, BHC surpasses all the comparison algorithms involved in the experiment on all real-world datasets. In addition, in order to test the efficiency of the algorithm, we design an experiment which can test the influence of dimension and data size on the operation time.

With the widespread popularity of cloud storage, cloud storage security issues have also received much attention. A provable data possession (PDP) scheme can effectively help users to verify the integrity of data stored remotely in the cloud. For this reason, the client’s PDP scheme is constantly improving and developing. In view of the problem that the existing PDP scheme pays less attention to the clients deceiving the cloud server, a non-repudiable dynamic PDP scheme based on the Stern-Brocot tree (SB-NR-DPDP) is proposed. We put forward a dynamic storage structure and dynamic operation algorithm based on the Stern-Brocot tree, so that it can satisfy the client’s dynamic data operations and realize the non-repudiation feature of the scheme. This scheme can resist hash value attacks, delete-insert attacks and tamper with cloud return value attacks. The theoretical analysis shows that the proposed scheme has less computing and storage overhead than other schemes.

Due to the huge volume of image data generation in numerous domains, image compression has got the attention of researchers to minimize redundant image contents for efficient handling and transmission. However, a small region of interest (ROI) in the whole image is a major challenge in image compression. In this perspective, lossless image compression techniques have a low compression rate, and lossy image compression approaches, like JPEG, JPEG2000 and HD Photo, slightly loose data with high compression ratio. High compression ratio of lossy image compression helps in saving storage and fast transfer of data. In this paper, we proposed new DWT based zoning technique in combination with DCT for image compression. DWT divides an image into LL, LH, HL and HH frequencies and Zoning is further dividing these images into four parts as an input to DCT one after another. The output of DCT on each zone is then combined into a compressed bitstream image. Extensive experimentation is performed on various common images to compare the results with JPEG, JPEG2000 and HD Photo methods. Our ZDD methods remarkably performed better than the aforementioned techniques.