CN105827632B - Cloud computing CCS fine-grained data control method - Google Patents
Cloud computing CCS fine-grained data control method Download PDFInfo
- Publication number
- CN105827632B CN105827632B CN201610294486.3A CN201610294486A CN105827632B CN 105827632 B CN105827632 B CN 105827632B CN 201610294486 A CN201610294486 A CN 201610294486A CN 105827632 B CN105827632 B CN 105827632B
- Authority
- CN
- China
- Prior art keywords
- cloud computing
- key
- ccs
- fine
- control method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 239000011159 matrix material Substances 0.000 claims abstract description 52
- 238000005516 engineering process Methods 0.000 claims abstract description 16
- 238000004364 calculation method Methods 0.000 claims abstract description 8
- 239000013598 vector Substances 0.000 claims description 12
- 230000006870 function Effects 0.000 description 24
- 238000005259 measurement Methods 0.000 description 11
- 238000011084 recovery Methods 0.000 description 8
- 238000012360 testing method Methods 0.000 description 8
- 230000000977 initiatory effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000002474 experimental method Methods 0.000 description 3
- 235000019580 granularity Nutrition 0.000 description 3
- 238000005070 sampling Methods 0.000 description 3
- 238000010008 shearing Methods 0.000 description 3
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000008447 perception Effects 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000006073 displacement reaction Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention discloses a kind of cloud computing CCS fine-grained data control method, includes the following steps: using compressed sensing technology, and after obtaining initial key, utilization and N grades of shift registers and feedback function calculation formula generate key;Index sequence is established to the key of generation, and encoder matrix is obtained according to the index sequence;When cloud computing platform is under noise and Prerequisite, according to N grades of shift registers, encoder matrix and key realization cloud computing data access control process;The N is more than or equal to 1.A kind of cloud computing CCS fine-grained data control method of the invention it is highly-safe.
Description
Technical field
The present invention relates to cloud data access control methods, and in particular to a kind of CCS (Cloud of cloud computing data
Computational Security, cloud computing safety) fine-grained access control method.
Background technique
Data access control allows indeed through access control rule or strategy is formulated or limits cloud user to cloud
The access of resource and its service content.Due to the distributivity of resource and service in cloud computing environment, dynamic, anonymity and
The data access control of the reasons such as isomerism, the encryption of Yao Shixian fine granularity becomes more sophisticated.Although having under tradition IT running environment
Many models and method realize that fine granularity encrypted access controls, but these models and method require the owner for possessing data
Belong in same trust domain with storage service provider, but this condition is no longer set up under cloud environment, i.e. cloud data owner
It is not belonging to same trust security domain with cloud service provider majority, cloud service provider cannot understand the complete of data owner completely
Portion's information more knows little about it to the user of access data, especially across safe domain browsing so in cross-domain access
It is difficult to give the safely and effectively data access entitlement of cloud data access person one.Therefore, traditional encrypted access control technology is not
Suitable for cloud computing environment.
Summary of the invention
In view of the deficiencies of the prior art, the purpose of the present invention is to provide a kind of highly-safe cloud computing CCS fine granularities
Data control method.
To achieve the above object, the present invention adopts the following technical scheme:
A kind of cloud computing CCS fine-grained data control method, includes the following steps:
Using compressed sensing technology, after obtaining initial key, utilization and N grades of shift registers and feedback function are calculated
Formula generates key;
Index sequence is established to the key of generation, and encoder matrix is obtained according to the index sequence;
When cloud computing platform is under noise and Prerequisite, according to N grades of shift registers, encoder matrix and key realization cloud
Calculate data access control process;
The N is more than or equal to 1.
Preferably, the shift register storage is using the storage decimal numeral mode storing data of double precision.
Preferably, the data value of the shift register storage storage is [- 1,1].
Preferably, it is described using compressed sensing technology after obtaining initial key, utilization and N grade shift registers and instead
Feedback function calculation formula generate key process include: obtain generating by gaussian random function using compressed sensing technology it is N number of
Initial key;
Each initial key is stored respectively in corresponding shift register;
The currently stored key of shift register is calculated by feedback function according to initial key.
Preferably, pass through the initial state value c of Gaussian function(0)~N (0,1) generates initial key.
Preferably, the sequence that the feedback function generates should have similar gaussian random matrix or random symmetric symbol square
The randomness of battle array;The numerical value that the feedback function generates cannot converge on some numerical value or absolute value size is constantly spread;
If sequence caused by the feedback function is presented periodically, the period is greater than or equal to encrypted data length.
Preferably, the key of described pair of generation establishes index sequence, and obtains the mistake of encoder matrix according to the index sequence
Journey includes:
Index sequence is generated to shift register using the index sequence of sparse dictionary;
N rank hadamard matrix is generated by index sequence, and the row vector for choosing hadamard matrix constitutes the coding square
Battle array.
Preferably, cloud computing data access control process using two-stage encrypt or multi-level encryption by the way of carry out encryption/
Decryption control.
Preferably, the attack and noise jamming are controlled by the random jump of on-off symbol.
Preferably, the random jump of the attack and noise jamming is applied to multiple mutually disjoint subset space set
In.
Beneficial effects of the present invention:
Compared with prior art, the present invention generates N using the index sequence of sparse dictionary by using compressed sensing technology
Rank hadamard matrix simultaneously establishes encoder matrix, solves the problems, such as the safety measurement of encoder matrix, and then improve cloud computing CCS
The safety of fine-grained data control method;It can realize according further to encoder matrix and N grades of shift registers in cloud platform
Different data user realize and provide the decoding mode of multistage access control in receiving end using various forms of encoder matrixs,
It is also different for the access right of different cloud users, it solves and is difficult in cross-domain access to cloud data access person one safely and effectively
Data access entitlement the problem of.
Further, by the way that shift register bit cell is changed to storage double precision decimal number, and pass through feedback letter
Number design remains at numerical value in [- 1,1] range, guarantees that the effect of key randomness is preferable.
Detailed description of the invention
Fig. 1 is the flow chart of cloud computing CCS fine-grained data control method in the embodiment of the present invention;
Fig. 2 is the flow chart of step 1 in the embodiment of the present invention;
Fig. 3 is the schematic diagram of cloud computing CCS fine-grained data control method in the embodiment of the present invention
Fig. 4 is cloud computing CCS fine-grained data control method experimentation figure in the embodiment of the present invention;
Fig. 5 is in the embodiment of the present invention in cloud computing CCS fine-grained data control method at image data encryption/decryption
Reason is as a result, wherein (a) is original image, (b) λ=0.5, the image of CS scrambled, (c) image (PSNR=restored
49dB), (d) λ=0.3, the image of CS scrambled;(e) image (PSNR=36.62dB) restored, (f) λ=0.15, CS add
The image of code;(g) image (PSNR=28.83dB) restored;
Fig. 6 is that in λ=0.5, different Gausses' cloud computing CCS fine-grained data control method make an uproar in the embodiment of the present invention
The experimental result of CCS encrypted image under sound, in which: (a) NoiserelCS scrambled image when=0.028, (b) Noiserel=
0.05, CS scrambled image, (c) image (PSNR=38.61dB) of corresponding diagram (a) decryption restoration, (d) corresponding diagram (b) solves
The image (PSNR=23.82dB) of close recovery;
Fig. 7 is that cloud computing CCS fine-grained data control method (is cut in different degrees of distorting in the embodiment of the present invention
Cut) decrypted result under Data attack, in which: (a1) vertical direction shearing 12.5%;(a2) horizontal direction shearing 12.5%;
(a3) and (a4) be respectively encrypted image (a1) and (a2) after Tampering attack decrypted image;(b1) 25% is sheared;(b2) it cuts
Cut 50%;(b3) and (b4) be respectively encrypted image (b1) and (b2) after Tampering attack decrypted image;
Fig. 8 be the embodiment of the present invention in cloud computing CCS fine-grained data control method change in λ=0.5 one it is close
Decrypted image after key numerical value, in which: (a) decrypted image (cipher key number: 0.3292~(0,1)) (b) decrypted image (cipher key number
Value: 0.32920.329);
Fig. 9 is cloud computing CCS fine-grained data control method in the embodiment of the present invention in λ=0.5, fingerprint image
Data test value and its result of recovery, in which: (a) original fingerprint, (b) DB1 test value, (c) DB2 test value, (d) DB3 is surveyed
Examination value, (e) image that DB1 restores, (f) image that DB2 restores, (g) image (PSNR=45.3dB) (PSNR=that DB3 restores
42.8dB) (PSNR=41.92dB);
Figure 10 is the realization result (PSNR=29.3dB) of DB1 fingerprint;
Figure 11 is the realization result (PSNR=27.51dB) of DB2 fingerprint;
Figure 12 is the realization result (PSNR=26.54dB) of DB3 fingerprint.
Specific embodiment
In the following, being described further in conjunction with attached drawing and specific embodiment to the present invention:
Referring to Fig.1, a kind of cloud computing CCS fine-grained data control method described in the present embodiment, includes the following steps:
Step 1, it using compressed sensing technology (or in CS technology, full name in English Compressed Sensing), is obtaining
To after initial key, utilization and N grades of shift registers and feedback function calculation formula generate key.The N is more than or equal to 1.
The shift register storage is using the storage decimal numeral mode storing data of double precision.
In conjunction with referring to Fig. 2, step 1 can also include the following steps:
Step 11, it obtains using compressed sensing technology and by gaussian random function generating N number of initial key;The step 11
In can pass through the initial state value c of Gaussian function(0)~N (0,1) generates initial key.
Step 12, each initial key is stored respectively in corresponding shift register;
Step 13, the currently stored key of shift register is calculated by feedback function according to initial key.The step
The sequence that feedback function described in rapid 13 generates should have the random of similar gaussian random matrix or random symmetric sign matrix
Property;The numerical value that the feedback function generates cannot converge on some numerical value or absolute value size is constantly spread;If the feedback
Sequence caused by function is presented periodically, then the period is greater than or equal to encrypted data length.In feedback function design,
For the storage mode of register cell of the invention using double precision decimal number come storing data, several initial values are (i.e. initial close
Key) it is generated using gaussian random method.
Under CS technology, if signal x ∈ Rn, x=D α, wherein D ∈ Rn×pIt is the sparse dictionary of k degree of rarefication, α ∈ RpIt is dilute
Sparse coefficient, and | | α | |0=k.So, y=AD α is the set of a sparse spike, and has:
Here, A is the measurement encoder matrix of m × n, measures dimensionIt can according to formula (1) formula
It is solved by convex optimization method:
I.e. formula (2) formula illustrates, CS signal reconstruction can pass through minimum decoder l1It realizes.
For formula (1)-(2), from the angle of information theory, under conditions of signal meets sparsity, CS can utilize dilute
The a small amount of linear measurement for dredging signal can Exact recovery original signal.Since random structure calculation matrix is answered in linear measurement
With so that the measurement process of CS becomes a kind of natural information cipher mode.
For y=Ax, when x is the plaintext of signal, then, measurement vector y is exactly a ciphertext of signal, Encryption Algorithm
It may be implemented by the linear transformation that encoder matrix A is operated.
In CS technology, if signal has sparse prior, then only needing a small amount of signal observation can be to signal
Carry out high probability reconstruct.The theory can sampling while just to signal carry out compressed encoding, the basic principle is that be utilized with
Machine observation carries out non-adaptive linear measurement, and high dimensional signal is projected on lower dimensional space, then solves a convex optimization problem.
Another significant characteristic of CS is exactly, and during signal sampling, observing matrix can be generated using key S, and encryption
Perception data process is lain in, additional calculating is not needed.
Step 2, index sequence is established to the key of generation, and encoder matrix is obtained according to the index sequence.The displacement
The data value of register storage storage is [- 1,1].
The step 2 can also include the following steps:
Step 21, index sequence is generated to shift register using the index sequence of sparse dictionary;
Step 22;Described in the row vector for generating N rank hadamard matrix by index sequence, and choosing hadamard matrix is constituted
Encoder matrix.N rank Hadamard (Hadamard) matrix is generated by the sequence after sequence, row vector therein is chosen and constitutes coding
Matrix solves the problems, such as the safety measurement of CS encoder matrix.
In CS encryption system of the invention, data owner obtains plaintext x by using sparse basis dictionary D, and passes through
Encoder matrix A transmits ciphertext y to cloud computing platform.Only legal cloud user (i.e. Data receiver) knows A or key, could just
It can restore x from y.Here, the encryption key of A is by pseudorandom number generator PRNG (Pseudo-Random Number
Generator it) generates, i.e. PRNG produces the initialization seed sequence of encoder matrix A.
Shift register can use several initiation sequences and generate long random sequence, and usual one single comprising N number of storage
The N grade shift register of member there is 2NA possible state, each possible state correspond to vector v=[v0, v1, v2,
Λ, vN-1], Λ is the index of stochastic regime number.
If shift register current state it is known that next state arrive when, the v of preceding stateiIt is assigned to new shape
The v ' of statei-1, and the v ' of new stateN-1It is determined by feedback function f.In general, the input item of f is previous buffer status vector v,
I.e.
v′i-1=f (v0, v1, v2, Λ, vi-1) (3)
The function expression of f can be defined according to particular problem.
For the shift register that cipher key matrix generates, the present invention is for u user, and using w grades of shift registers, w is a
Initiation sequence numerical value (i.e. initial key Key) uses gaussian random (mean value 0, variance 1) method to generate.Obtain register
Feedback function f, first define intermediate variable f '
Intermediate variable f ' definition feedback function f is used again, and the expression formula of feedback function f is
The purpose of above formula is to guarantee that the numerical value of sequence is maintained in [- 1,1].
In order to improve physical realizability, using part Hadamard (Hadamard) matrix construction encoder matrix A, square is encoded
Battle array building method is as follows:
(a) in order to guarantee the randomness of formation sequence, if initial state value is c(0)~N (0,1) is generated by (4)-(5)
Length is the random sequence f of 2N, gives up the N number of value in front, obtains index sequence Λ=[s1, s2..., sN];
(b) index sequence (i.e. the supported collection of sparse dictionary) Λ=[s of sparse dictionary is utilized1, s2..., sN] to nature
Sequence x=[x1, x2..., xN] be ranked up, the sequence x after being sortedp=[p1, p2..., pm];
(c) pass through xpN rank Hadamard matrix is generated, row vector A (p therein is chosen1:);A(p2:) ..., A
(pm:) and constitute encoder matrix A, that is, have
Wherein, A (pi:) and indicate A pthiCapable row vector.
Step 3, when cloud computing platform is under noise and Prerequisite, according to N grades of shift registers, encoder matrix and key
Realize cloud computing data access control process.In the step 3, the cloud computing data access control process is encrypted using two-stage
Or the mode of multistage (two-stage or more) encryption carries out encryption/decryption control.
When the cloud computing data access control process use two-stage cipher mode when, it is described attack and noise jamming by
The random jump of on-off symbol controls.
During safety, if the encoder matrix A of CS is under stochastic model, there are the influences of attack and noise.In the present invention, attack
It hits and is controlled with noise jamming by the random jump of on-off symbol, the initial matrix of encoder matrix A is A(0)=[A(0)(p1:), A(0)(p2:) ..., A(0)(pm:);]T, random data set is combined into c(0), c < m × n.Then, A(1)Form be
Therefore, the two-stage encryption application model of the encoder matrix A of CS is
A(1)=A(0)+ΔA (8)
Wherein, Δ A is attack and noise jamming matrix, and the form of Δ A is
The density of Δ A isThe ratio of non-zero element in as Δ A.In this case, CS two-stage encrypts
To ciphertext form be
Y=A(1)× x=A(0)× x+ Δ A × x=A(0)×x+ε (10)
Wherein ε=Δ A × x is known as interference factor.
The cloud computing data access control process use multi-level encryption mode when it is described attack and noise jamming it is random
Jump is applied in multiple mutually disjoint subset space set.
Formula (7)-(10) formula is extended to any w cloud computing user, random jump of the present invention attack and noise jamming
Become control and is applied to u mutually disjoint subspace set c(u)In, wherein u=0,1,2 ..., w-2 have:
Therefore, for the different receptions and access right of different user in cloud platform, (informing) encoder matrix A is authorized(w-1)
User can completely restore plaintext x by ciphertext y, we are defined as advanced level user;Authorize (informing) encoder matrix A(u+1)(u=
0,1,2 ..., w-3) user can restore plaintext x by the part ciphertext y, we are defined as intermediate users;Only authorize coding square
Battle array A(0)User, the presence of plaintext y can only be known by ciphertext y but can not be restored, we are defined as less advanced users.
This encryption method of CS can be restored to require, provide multistage visit in decoding end for different user according to different data
Ask data pattern.According to defined above, the encryption key of w grades of CS processing by (4) formula the generation of w seed, thus, it is of the invention
Key form are as follows:
1) less advanced users key
2) primary user key
……
(w-1) grade user key
Control principle of the invention is illustrated below by way of the process of one group of control method:
Hardware platform includes DSP signal node, 1 Master transCoding node and 3 Slave nodes.DSP letter
Number node is responsible for data acquisition and compressed sensing coded treatment (i.e. CS encoder), and Master transCoding node is responsible for number
According to storage and data classification processing, Slave node is responsible for distributed calculating task (i.e. CS decodes client), and configuration is equal
Are as follows:
1) DSP:TMS320C6000 250MHz, 2MB SDRAM;
2) CPU:Intel Xeon E3-1225v3,3.2GHz/8MB Cache;
3) Memory:16GB (2x8GB) 1333MHz Dual Ranked RDIM;
4) Disk:1TB 3.5-inch, 7.2K RPM, SATA II Hard Drive;
5) software platform are as follows: CentOS Linux Server 6.6, CCS2.2-CS_Cloud, Java 1.7.0.
CS based on Fig. 3 encrypts/realization principle is decrypted, the CS for establishing the cloud computing data encryption/decryption processing of Fig. 4 is real
Test platform.
1) sparse dictionary D: being based on 10 width images, is generated by K-SVD algorithm by 10240 random selection training samples.
2) 16 grades of shift registers, 16 initiation sequence numerical value the encoder matrix A that key generates: are used
(i.e. initial key) uses gaussian random (mean value 0, variance 1) method to generate.16 grades of shift registers just
Beginning key (i.e. initiation sequence numerical value) takes -1.4511 respectively, -0.2679,0.1077, -1.1379,0.3292,0.9359,
1.4067,1.1024,1.5263,0.2431,0.3988, -0.6702,1.2195,1.0611, -1.9515 and -2.0431, instead
Function is presented to carry out using formula (5).
A measured rate λ=m/n is respectively defined as: 0.15,0.3,0.5.
3) signal recovery algorithms: it is segmented orthogonal convergence tracking (StOCP) algorithm.
4) test image: objective 256 × 256 gray level image " Lena ";Subjectivity 640 × 480,328 × 364,300 ×
Biological " fingerprint " image of 480 gray scale.
5) picture appraisal of user terminal recovery and rebuilding: Y-PSNR PSNR (dB).
Wherein dataIt is xijRecovery valuation.
Experimental result
(1) image signal process of noiseless and attack
According to the experiment porch of Fig. 4, two dimensional image signal is inputted under different sample rate settings respectively, carries out DSP-CS
Sampling and CCS data encryption processing, and encrypted data are transferred to cloud computing platform and is stored and is distributed.Finally, root
According to the data requirements of different user, different keys is authorized to be decoded and restore.
From fig. 5, it can be seen that the measured rate of signal perception is bigger, the picture quality that decryption restoration goes out is better, even if measurement
When rate λ=0.15, on subjective vision and objective (PSNR=28.83dB) degree for the picture quality decrypted still may be used
Receive.This shows that CCS encryption performance is good, and data volume is variable with the requirement of different encryptions and decryption, therefore, can satisfy
Need to consider the application scenarios of transmission speed under cloud environment.
(2) image signal process under the conditions of Gaussian noise
In experiment, it is 0 that mean value, which is added, to the ciphertext (image i.e. after CCS scrambled) of Fig. 5 (b), variance σnoiseIt is high
This white noise, noise relative intensity areNoiserelValue range: 10-5~10-1It (is jumped and is switched by system
Formula (9) control).It recycles the ciphertext of Noise to carry out image reconstruction according to decryption method, exports reconstructed results.That rebuilds is defeated
Result is as shown in Figure 6 out.
In conjunction with Fig. 6 as it can be seen that with noise intensity increasing, the distortion level of decrypted image is also increasing.But Noiserel
When increasing to some strength, decrypted image still remains the most information of original image, illustrates that CS Encryption Algorithm can support
Resist a degree of attacked by noise.
(3) image signal process under Prerequisite
When due to measuring encryption to the original image of input, process, which is equivalent to, is considered as one group of column vector for original image
Combination, and calculation matrix measures these column vectors respectively and carries out dimension compression, therefore, when image restores, and to these
Column vector is reconstructed respectively.If directly exported measured value as encrypted result, due to linear measurement, distorting
When attack, the distortion level that the loss of data on different directions will cause decrypted image is seriously different.In order under Prerequisite,
The high probability of decrypted image, which restores, to be realized to legal cloud user, the present invention is by data owner to the key function of calculation matrix
Control reaches the influence for resisting malicious attack in conjunction with sparse dictionary D.
After carrying out scramble by key pair measured value from Fig. 7 (a1)-(a4), either in the horizontal direction or in Vertical Square
It is sheared upwards, decrypted image can all recognize original image.(b1)-(b4) is also indicated that, even if encrypted image is lost 25%
Data, still can restore the most information of original image from its encrypted image.I.e. the Encryption Algorithm can resist certain journey
The shearing attack of the malice altered data of degree.
(4) image signal process under the conditions of cipher key attacks
For the case where under cloud computing environment, key is attacked, experimental hypothesis attacker may know that the feelings of part of key
Condition, we carry out compliance test result by changing an initial password.The 5th key 0.3292 in 16 initial keys is carried out
Again number is set, other initial keys are constant, and 5 keys 0.3292 are set number (gaussian random generation) at random respectively and set a phase
Close numerical value (0.329) is still generated using formula (9), is recycled key and its calculation matrix to carry out image reconstruction, is rebuild knot
Fruit is as shown in Figure 8.
By the reconstructed results of Fig. 8 it is found that even if attacker obtains 15 in 16 initial keys, or even understand another
The substantially numerical value of a key, still can not decryption restoration go out original image.Therefore, the feelings of partial password are understood for cipher key attacks person
Condition, the algorithm can effectively ensure that the safety of image.
(5) the biological fingerprint image signal process under Prerequisite
In order to protect the private data of user, private data should be stored beyond the clouds with ciphertext form, but commonly add
Close mode brings the expense in operation again, therefore to bring reliable Information Security with computing cost as small as possible.Mesh
Under preceding cloud computing environment, the encryption of complete homomorphism can't be realized efficiently.Therefore, (such as referred to based on user biological feature
Line) encryption and identification authentication mode become cloud computing data encryption more recent application technology.
The present invention, which is tested, carries out CS acquisition compression, and the data format encrypted by cipher controlled measurement with biological fingerprint,
Can between multiple clouds implementation level Identity Management, and cloud user can be authenticated from multiple characteristics, therefore
It is capable of providing high safety.
The original signal of fingerprint image derives from FVC2004 fingerprint database, major parameter such as table 1.
FVC2004 fingerprint database DB (datebase)
| datebase | Type of fingerprint sensor | Fingerprint image size | Resolution ratio |
| DB1 | FPS200 | 640×480 | 500 |
| DB2 | FPS200 | 328×364 | 500 |
| DB3 | FPS200 | 300×480 | 500 |
Table 1
Referring to Fig. 9, DB1 is illustrated, DB2, DB3 fingerprint image is in λ=0.5, the test value and its nothing of CCS encryption data
The fingerprint image of decryption restoration when noise and attack.As seen from Figure 9, under this cloud computing environment, CCS encryption-of the invention
Decryption has excellent data recovery function.
In order to test the safety of the method for the present invention, Wo Menfen under " Gaussian noise+attack " simultaneous cloud environment
Condition experiment is not carried out with DB1, DB2, DB3 fingerprint.Gaussian noise intensity: Noiserel=0.028, shear CS encryption data:
25%, CS measured rate: λ=0.5.
By Figure 10-12 as it can be seen that CCS encrypt-decrypt technology proposed by the present invention is simultaneous in " Gaussian noise+attack "
There is better data recovery capabilities and anti-attack ability under cloud computing environment, illustrate present invention data safety with higher
Property.
It will be apparent to those skilled in the art that can make various other according to the above description of the technical scheme and ideas
Corresponding change and deformation, and all these changes and deformation all should belong to the protection scope of the claims in the present invention
Within.
Claims (7)
1. cloud computing CCS fine-grained data control method, which comprises the steps of:
Using compressed sensing technology, after obtaining initial key, produced using N grades of shift registers and feedback function calculation formula
Raw key;
Index sequence is established to the key of generation, and encoder matrix is obtained according to the index sequence;
When cloud computing platform is under noise and Prerequisite, according to the realization cloud computing of N grades of shift registers, encoder matrix and key
Data access control process;
The N is more than or equal to 1;
It is described to use compressed sensing technology after obtaining initial key, utilize N grades of shift registers and feedback function to calculate public
Formula generate key process include:
N number of initial key is generated using compressed sensing technology and by gaussian random function;
Each initial key is stored respectively in corresponding shift register;
The currently stored key of shift register is calculated by feedback function according to initial key;
Pass through the initial state value c of Gaussian function(0)~N (0,1) generates initial key;
The key of described pair of generation establishes index sequence, and includes: according to the process that the index sequence obtains encoder matrix
Index sequence is generated to shift register using the index sequence of sparse dictionary;
N rank hadamard matrix is generated by index sequence, and the row vector for choosing hadamard matrix constitutes the encoder matrix.
2. cloud computing CCS fine-grained data control method according to claim 1, which is characterized in that the shift LD
Device is using the storage decimal numeral mode storing data of double precision.
3. cloud computing CCS fine-grained data control method according to claim 2, which is characterized in that the shift LD
The data value of device storage is [- 1,1].
4. cloud computing CCS fine-grained data control method according to claim 1, which is characterized in that the feedback function
The sequence of generation has the randomness of similar gaussian random matrix or random symmetric sign matrix;The number that the feedback function generates
Value cannot converge on some numerical value or absolute value size is constantly spread;If week is presented in sequence caused by the feedback function
Phase property, the period are greater than or equal to encrypted data length.
5. cloud computing CCS fine-grained data control method according to claim 1-3, which is characterized in that described
Cloud computing data access control process carries out encryption/decryption control by the way of two-stage encryption or multi-level encryption.
6. cloud computing CCS fine-grained data control method according to claim 5, which is characterized in that the noise and attack
Hit the random jump control by on-off symbol.
7. cloud computing CCS fine-grained data control method according to claim 5, which is characterized in that the noise and attack
The random jump hit is applied in multiple mutually disjoint subset space set.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610294486.3A CN105827632B (en) | 2016-04-26 | 2016-04-26 | Cloud computing CCS fine-grained data control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610294486.3A CN105827632B (en) | 2016-04-26 | 2016-04-26 | Cloud computing CCS fine-grained data control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105827632A CN105827632A (en) | 2016-08-03 |
| CN105827632B true CN105827632B (en) | 2019-03-26 |
Family
ID=56529029
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610294486.3A Expired - Fee Related CN105827632B (en) | 2016-04-26 | 2016-04-26 | Cloud computing CCS fine-grained data control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105827632B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107659315B (en) * | 2017-09-25 | 2020-11-10 | 天津大学 | Sparse binary coding circuit for compressed sensing |
| CN108092798B (en) * | 2017-11-27 | 2020-11-03 | 西安财经学院 | Variable-granularity-based cloud service optimization method and cloud server |
| CN108881186B (en) * | 2018-05-31 | 2020-06-16 | 西安电子科技大学 | Compressed sensing encryption method capable of realizing key sharing and error control |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102014158A (en) * | 2010-11-29 | 2011-04-13 | 北京兴宇中科科技开发股份有限公司 | Cloud storage service client high-efficiency fine-granularity data caching system and method |
| CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
| CN102567454A (en) * | 2010-12-27 | 2012-07-11 | 国际商业机器公司 | Method and system enabling granular discretionary access control for data stored in a cloud computing environment |
| CN103609059A (en) * | 2010-09-20 | 2014-02-26 | 安全第一公司 | Systems and methods for secure data sharing |
| CN104243452A (en) * | 2014-08-20 | 2014-12-24 | 宇龙计算机通信科技(深圳)有限公司 | Method and system for cloud computing access control |
-
2016
- 2016-04-26 CN CN201610294486.3A patent/CN105827632B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103609059A (en) * | 2010-09-20 | 2014-02-26 | 安全第一公司 | Systems and methods for secure data sharing |
| CN102014158A (en) * | 2010-11-29 | 2011-04-13 | 北京兴宇中科科技开发股份有限公司 | Cloud storage service client high-efficiency fine-granularity data caching system and method |
| CN102567454A (en) * | 2010-12-27 | 2012-07-11 | 国际商业机器公司 | Method and system enabling granular discretionary access control for data stored in a cloud computing environment |
| CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
| CN104243452A (en) * | 2014-08-20 | 2014-12-24 | 宇龙计算机通信科技(深圳)有限公司 | Method and system for cloud computing access control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105827632A (en) | 2016-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ye et al. | Image encryption and hiding algorithm based on compressive sensing and random numbers insertion | |
| Hua et al. | Visually secure image encryption using adaptive-thresholding sparsification and parallel compressive sensing | |
| Chai et al. | An image encryption scheme based on multi-objective optimization and block compressed sensing | |
| Gong et al. | Quantum image encryption algorithm based on quantum image XOR operations | |
| Kengnou Telem et al. | Image encryption algorithm based on dynamic DNA coding operations and 3D chaotic systems | |
| Sun et al. | Image compression and encryption scheme using fractal dictionary and Julia set | |
| CN110659379B (en) | Searchable encrypted image retrieval method based on deep convolution network characteristics | |
| Ashwin et al. | Novel and secure encoding and hiding techniques using image steganography: A survey | |
| Gan et al. | Exploiting 2D compressed sensing and information entropy for secure color image compression and encryption | |
| Hua et al. | Reversible data hiding in encrypted images using cipher-feedback secret sharing | |
| Zhang et al. | A novel 1D hybrid chaotic map-based image compression and encryption using compressed sensing and Fibonacci-Lucas transform | |
| Darwish | A modified image selective encryption-compression technique based on 3D chaotic maps and arithmetic coding | |
| Zhang et al. | A new algorithm of image compression and encryption based on spatiotemporal cross chaotic system | |
| Xiao et al. | Separable data hiding in encrypted image based on compressive sensing | |
| CN105827632B (en) | Cloud computing CCS fine-grained data control method | |
| Karawia | Image encryption based on Fisher‐Yates shuffling and three dimensional chaotic economic map | |
| Bao et al. | Image scrambling adversarial autoencoder based on the asymmetric encryption | |
| Blesswin et al. | Enhanced semantic visual secret sharing scheme for the secure image communication | |
| Wang et al. | A color image encryption and hiding algorithm based on hyperchaotic system and discrete cosine transform | |
| Yuan et al. | Secret image sharing scheme with threshold changeable capability | |
| CN105913369B (en) | Score field image encryption method based on three-dimensional cat face transformation and hyperchaotic system | |
| Wang et al. | Optimized visually meaningful image embedding strategy based on compressive sensing and 2D DWT-SVD | |
| Liu et al. | Image processing method based on chaotic encryption and wavelet transform for planar design | |
| Zhang et al. | Coverless video steganography based on audio and frame features | |
| Ye et al. | Joint fingerprinting and encryption in hybrid domains for multimedia sharing in social networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 293 No. 510000 Guangdong city of Guangzhou province Tianhe District Zhongshan Shipai Road Patentee after: GUANGDONG POLYTECHNIC NORMAL University Address before: 293 No. 510000 Guangdong city of Guangzhou province Tianhe District Zhongshan Shipai Road Patentee before: GUANGDONG POLYTECHNIC NORMAL University |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190326 |