Abstract—Attribute-based authentication is considered a cor nerstone component to achieve scalable fine-grained access con trol in the fast growing market of cloud-based services. Un fortunately, it also poses a privacy concern. User’s attributes should not be linked to the users’ identity and spread across different organizations. To tackle this issue, several solutions have been proposed such as Privacy Attribute-based Credentials (Privacy-ABCs), which support pseudonym-based authentication with embedded attributes. Privacy-ABCs allow users to establish anonymous accounts with service providers while hiding the identity of the user under a pseudonym. However, Privacy ABCs require the selective disclosure of the attribute values towards service providers. Other schemes such as Attribute based Signatures (ABS) and mesh signatures do not require the disclosure of attributes; unfortunately, these schemes do not cater for pseudonym generation in their construction, and hence cannot be used to establish anonymous accounts. In this paper, we propose a pseudonym-based signature scheme that enables unlinkable pseudonym self-generation with embedded attributes, similarly to Privacy-ABCs, and integrates a secret sharing scheme in a similar fashion to ABS and mesh signature schemes for attribute verification. Our proposed scheme also provides verifiable delegation, enabling users to share attributes according to the service providers’ policies.

ABSTRACT With the development of the times, the existing social security system can no longer meet peoples needsintermsofprovidingtransparent, distributed sharing, tamper-proof, traceable, consensus trust andtrustworthyservices. Furthermore, they are centralized and subjectto asinglepointofcontrolandfailure. In this context, we propose a consortium blockchain-based solution to establish and improve social security informatization to meet the above challenges. In this article, we present speci c business situations for three important social security services. Namely, apply for social insurance, apply for social assistance and social bene ts online. Our proposedsolution also provides a multi-party trust and data sharing mechanism, andalso demonstratestheintegrationofblockchainandInterplanetaryFileSystem(IPFS)storagesystemstofacilitate the security of approval documents, photos and videos related to the processing of social security services Accessibility and traceability. It also introduces the implementation and testing details of the algorithm in the smart contract, and expounds how to apply it in the automatic approval of social security business to reduce the workload of existing manual review. Finally, by comparing with the existing system, it is discussed that our solution has great advantages in promoting the online processing of social security business, and the safe access and traceability of approval documents, photos and videos.

ABSTRACT This study discusses the general overview of Timed Ef cient Stream Loss-tolerant Authentication (TESLA) protocol, including its properties, key setups, and improvement protocols. The discussion includes a new proposed two-level in nite TESLA (TLI TESLA) protocol that solves the authentication delay and synchronization issues. We theoretically compared TLI TESLA with the previously proposed protocols in terms of security services and showed that the new protocol prevents excessive use of the buffer in the sensor node and reduces the DoS attacks on the network. In addition, it accelerates the authentication process of the broadcasted message with less delay and assures continuous receipt of packets comparedtopreviousTESLAProtocols.Wealsoaddressedthechallengesfacedduringthe implementation of TESLA protocol and presented the recent solutions and parameter choices for improving the ef ciency of the TESLA protocol. Moreover, we focused on utilizing biometric authentication as a promising approach to replace public cryptography in the authentication process

Abstract—The population of cloud computing greatly facili tates the sharing of explosively generated image today. While benefiting from the convenient of cloud, the privacy protection mechanism that commonly applied in cloud service makes the spreading of illegal and harmful data very hard to be detected or controlled. Such a realistic threat should be seriously treated, yet is largely overlooked in the literature. To address this issue, we propose the first cloud service framework that can simultaneously provide privacy protection and content regulation for the cloud storage image. In specific, we design a secure multi party computation (MPC) protocol to protect the data privacy via random projection. By leveraging the distance preserving properties residing in random projection, we propose a privacy preserving principal component analysis (PCA)-based recognition approach over the random projection domain to achieve content matching while respecting the data privacy. To facilitate the efficiency, we implement our system under the compressive sensing (CS) framework. Due to the compression effect of CS, the proposed cloud service can achieve remarkable reduction on the computation and communication complexity of the content matching process. Theoretical analysis and experimental results both show that our system can achieve privacy assurance and acceptable recognition performance, while with high efficiency.

ABSTRACT Ahomomorphicencryption (HE) scheme is an advanced encryption technology which allows any user receiving ciphertexts to perform computations over them in a public manner. An important application of an HE scheme is a private delegating computation where clients encrypt their secret data, send the ciphertexts to a (computationally powerful) server who perform computations over encrypted data. In this application, one of the crucial problems is that the delegated server might be not trusted one and in this case, we cannot believe that a server always returns correct computation results. To solve this problem, Lai et al. (ESORICS 2014) proposed a veri able homomorphic encryption (VHE) as a core primitive realizing private and veri able secure delegating computation. However, their VHE scheme only supports homomorphic evaluation over ciphertexts generated by a single user. In this paper, we propose a formalization and its construction of multi-key veri able homomorphic encryption (MVHE), which is a new cryptographic primitive for realizing private and veri able delegated computation in the multi-client setting. Our construction can be obtained by combining a multi-key homomorphic encryption scheme and a multi-key homomorphic encrypted authentication scheme, which is also a new primitive provided in this work

Abstract—Clouds have been adopted widely by many organizations for their supports of flexible resource demands and low cost, which is normally achieved through sharing the underlying hardware among multiple cloud tenants. However, such sharing with the changes in resource contentions in virtual machines (VMs) can result in large variations for the performance of cloud applications, which makes it difficult for ordinary cloud users to estimate the run-time performance of their applications. In this paper, we propose online learning methodologies for performance modeling and prediction of applications that run repetitively on multi-tenant clouds (such as on-line data analytic tasks). Here, a few micro-benchmarks are utilized to probe the in-situ perceivable performance of CPU, memory and I/O components of the target VM. Then, based on such profiling information and in-place measured application’s performance, the predictive models can be derived with either Regression or Neural-Network techniques. In particular, to address the changes in the intensity of resource contentions of a VM over time and its effects on the target application, we proposed periodic model retraining where the sliding-window technique was exploited to control the frequency and historical data used for model retraining. Moreover, a progressive modeling approach has been devised where the Regression and Neural-Network models are gradually updated for better adaptation to recent changes in resource contention. With 17 representative applications from PARSEC, Nas Parallel and CloudSuite benchmarks being considered, we have extensively evaluated the proposed online schemes for the prediction accuracy of the resulting models and associated overheads on both a private and public clouds. The evaluation results show that, even on the private cloud with high and radically changed resource contention, the average prediction errors of the considered models can be less than 20% with periodic retraining. The prediction errors generally decrease with higher retraining frequencies and more historical data points but incurring higher run-time overheads. Furthermore, with the neural-network progressive models, the average prediction errors can be reduced by about 7% with much reduced run-time overheads (up to 265X) on the private cloud. For public clouds with less resource contentions, the average prediction errors can be less than 4% for the considered models with our proposed online schemes.

Abstract—Data deduplication can efficiently eliminate data redundancies in cloud storage and reduce the bandwidth requirement of users. However, most previous schemes depending on the help of a trusted key server (KS) are vulnerable and limited because they suffer from revealing information, poor resistance to attacks, great computational overhead, etc. In particular, if the trusted KS fails, the whole system stops working, i.e., single-point-of-failure. In this paper, we propose a Secure and Efficient data Deduplication scheme (named SED) in a JointCloud storage system which provides the global services via collaboration with various clouds. SED also supports dynamic data update and sharing without the help of the trusted KS. Moreover, SED can overcome the single-point-of-failure that commonly occurs in the classic cloud storage system. According to the theoretical analyses, our SED ensures the semantic security in the random oracle model and has strong anti-attack ability such as the brute-force attack resistance and the collusion attack resistance. Besides, SED can effectively eliminate data redundancies with low computational complexity and communication and storage overhead. The efficiency and functionality of SED improves the usability in client-side. Finally, the comparing results show that the performance of our scheme is superior to that of the existing schemes.

Abstract—For better data availability and accessibility while ensuring data secrecy, organizations often tend to outsource their encrypted data to the cloud storage servers, thus bringing the challenge of keyword search over encrypted data. In this paper, we propose a novel authorized keyword search scheme using Role-Based Encryption (RBE) technique in a cloud environment. The contributions of this paper are multi-fold. First, it presents a keyword search scheme which enables only authorized users, having properly assigned roles, to delegate keyword-based data search capabilities over encrypted data to the cloud providers without disclosing any sensitive information. Second, it supports a multi-organization cloud environment, where the users can be associated with more than one organization. Third, the proposed scheme provides efficient decryption, conjunctive keyword search and revocation mechanisms. Fourth, the proposed scheme outsources expensive cryptographic operations in decryption to the cloud in a secure manner. Fifth, we have provided a formal security analysis to prove that the proposed scheme is semantically secure against Chosen Plaintext and Chosen Keyword Attacks. Finally, our performance analysis shows that the proposed scheme is suitable for practical applications.

Abstract—Withtheemergenceof intelligentterminals,theContent-BasedImageRetrieval (CBIR)techniquehasattractedmuch attentionfrommanyareas(i.e.,cloudcomputing,socialnetworkingservices,etc.).Althoughexistingprivacy-preservingCBIRschemes canguaranteeimageprivacywhilesupportingimageretrieval,theseschemesstillhaveinherentdefects(i.e., lowsearchaccuracy, low searchefficiency,keyleakage,etc.).Toaddressthesechallengingissues, inthispaperweprovideasimilaritySearchforEncrypted Imagesinsecurecloudcomputing(calledSEI).First,thefeaturedescriptorsextractedbytheConvolutionalNeuralNetwork(CNN) modelareusedtoimprovesearchaccuracy.Next,anencryptedhierarchical indextreebyusingK-meansclusteringbasedonAffinity Propagation(AP)clusteringisdevised,whichcanimprovesearchefficiency.Then,alimitedkey-leakagek-NearestNeighbor(kNN) algorithmisproposedtoprotectkeyfrombeingcompletelyleakedtountrustedimageusers.Finally,SEI isextendedtofurtherprevent imageusers’searchinformationfrombeingexposedtothecloudserver.OurformalsecurityanalysisprovesthatSEIcanprotect imageprivacyaswellaskeyprivacy.Ourempiricalexperimentsusingareal-worlddataset illustratethehighersearchaccuracyand efficiencyofSEI

Abstract—It is crucial to model missing ratings in recommender systems since user preferences learnt from only observed ratings are biased. One possible explanation for missing ratings is motivated by the spiral of silence theory. When the majority opinion is formed, a spiral process is triggered where users are more and more likely to show their ratings if they perceive that they are supported by the opinion climate. In this paper we first verify the existence of the spiral process in recommender systems by using a variety of different real-life datasets. We then study the characteristics of two key factors in the spiral process: opinion climate and the hardcore users who will give ratings even when they are minority opinion holders. Based on our empirical findings, we develop four variants to model missing ratings. They mimic different components of the spiral of silence based on the spiral process with global opinion climate, local opinion climate, hardcore users, relationships between hardcore users and items, respectively. We experimentally show that, the presented variants all outperform state-of-the-art recommendation models with missing rating components.