Internet of Medical Things(IoMT)plays an essential role in collecting and managing personal medical data.In recent years,blockchain technology has put power in traditional IoMT systems for data sharing between differe...Internet of Medical Things(IoMT)plays an essential role in collecting and managing personal medical data.In recent years,blockchain technology has put power in traditional IoMT systems for data sharing between different medical institutions and improved the utilization of medical data.However,some problems in the information transfer process between wireless medical devices and mobile medical apps,such as information leakage and privacy disclosure.This paper first designs a cross-device key agreement model for blockchain-enabled IoMT.This model can establish a key agreement mechanism for secure medical data sharing.Meanwhile,a certificateless authenticated key agreement(KA)protocol has been proposed to strengthen the information transfer security in the cross-device key agreement model.The proposed KA protocol only requires one exchange of messages between the two parties,which can improve the protocol execution efficiency.Then,any unauthorized tampering of the transmitted signed message sent by the sender can be detected by the receiver,so this can guarantee the success of the establishment of a session key between the strange entities.The blockchain ledger can ensure that the medical data cannot be tampered with,and the certificateless mechanism can weaken the key escrow problem.Moreover,the security proof and performance analysis are given,which show that the proposed model and KA protocol are more secure and efficient than other schemes in similar literature.展开更多
Most existing blockchain schemes are based on the design concept“openness and transparency”to realize data security,which usually require transaction data to be presented in the form of plaintext.However,it inevitab...Most existing blockchain schemes are based on the design concept“openness and transparency”to realize data security,which usually require transaction data to be presented in the form of plaintext.However,it inevitably brings the issues with respect to data privacy and operating performance.In this paper,we proposed a novel blockchain scheme called Cipherchain,which can process and maintain transaction data in the form of ciphertext while the characteristics of immutability and auditability are guaranteed.Specifically in our scheme,transactions can be encrypted locally based on a searchable encryption scheme called multi-user public key encryption with conjunctive keyword search(mPECK),and can be accessed by multiple specific participants after appended to the globally consistent distributed ledger.By introducing execution-consensus-update paradigm of transaction flow,Cipherchain cannot only make it possible for transaction data to exist in the form of ciphertext,but also guarantee the overall system performance not greatly affected by cryptographic operations and other local execution work.In addition,Cipherchain is a promising scheme to realize the technology combination of“blockchain+cloud computing”and“permissioned blockchain+public blockchain”.展开更多
This paper discusses the problem that constructing a curve to satisfy the given endpoint constraints and chord-length parameters. Based on the research of Lu, the curve construction method for the entire tangent angle...This paper discusses the problem that constructing a curve to satisfy the given endpoint constraints and chord-length parameters. Based on the research of Lu, the curve construction method for the entire tangent angles region (α0, α1)∈(-r, r)×(-r, r) is given. Firstly, to ensure the weights are always positive, the three characteristics of cubic rational Bezier curve is proved, then the segment construction idea for the other tangent angles are presented in view of the three characteristics. The curve constructed with the new method satisfies the endpoint constraint and chord-length parameters, it's G1 continuous in every segment curve, and the shapes of the curve are well.展开更多
Non-Volatile Main Memories (NVMMs) have recently emerged as a promising technology for future memory systems. Generally, NVMMs have many desirable properties such as high density, byte-addressability, non-volatility, ...Non-Volatile Main Memories (NVMMs) have recently emerged as a promising technology for future memory systems. Generally, NVMMs have many desirable properties such as high density, byte-addressability, non-volatility, low cost, and energy efficiency, at the expense of high write latency, high write power consumption, and limited write endurance. NVMMs have become a competitive alternative of Dynamic Random Access Memory (DRAM), and will fundamentally change the landscape of memory systems. They bring many research opportunities as well as challenges on system architectural designs, memory management in operating systems (OSes), and programming models for hybrid memory systems. In this article, we revisit the landscape of emerging NVMM technologies, and then survey the state-of-the-art studies of NVMM technologies. We classify those studies with a taxonomy according to different dimensions such as memory architectures, data persistence, performance improvement, energy saving, and wear leveling. Second, to demonstrate the best practices in building NVMM systems, we introduce our recent work of hybrid memory system designs from the dimensions of architectures, systems, and applications. At last, we present our vision of future research directions of NVMMs and shed some light on design challenges and opportunities.展开更多
Along with the increase of wearable medical device,the privacy leakage problem in the process of transmission between these edge medical devices.The blockchain-enabled Internet of Medical Things(BIoMT)has been develop...Along with the increase of wearable medical device,the privacy leakage problem in the process of transmission between these edge medical devices.The blockchain-enabled Internet of Medical Things(BIoMT)has been developed to reform traditional centralized medical system in recent years.This paper first introduces a data anonymous authentication model to protect user privacy and medical data in BIoMT.Then,a proxy group signature(PGS)scheme has been proposed based on lattice assumption.This scheme can well satisfy the anonymous authentication demand for the proposed model,and provide anti-quantum attack security for BIoMT in the future general quantum computer age.Moreover,the security analysis shows this PGS scheme is secure against the dynamical-almost-full anonymous and traceability.The efficiency comparison shows the proposed model and PGS scheme is more efficient and practical.展开更多
In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved ...In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system(OS) is comprised since malwares are running in ring 0 level. In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management(PM),security server(SS) and policy enforcement(PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache(AVC) between SS and PE in the guest OS,in order to speed up communication between the guest OS and the security domain. The policy enforcement module is retained in the guest OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implementthe system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.Keywords: hypervisor; virtualization; memo-展开更多
Unikernels provide an efficient and lightweight way to deploy cloud computing services in application-specialized and single-address-space virtual machines (VMs). They can efficiently deploy hundreds of unikernel-base...Unikernels provide an efficient and lightweight way to deploy cloud computing services in application-specialized and single-address-space virtual machines (VMs). They can efficiently deploy hundreds of unikernel-based VMs in a single physical server. In such a cloud computing platform, main memory is the primary bottleneck resource for high-density application deployment. Recently, non-volatile memory (NVM) technologies has become increasingly popular in cloud data centers because they can offer extremely large memory capacity at a low expense. However, there still remain many challenges to utilize NVMs for unikernel-based VMs, such as the difficulty of heterogeneous memory allocation and high performance overhead of address translations.In this paper, we present UCat, a heterogeneous memory management mechanism that support multi-grained memory allocation for unikernels. We propose front-end/back-end cooperative address space mapping to expose the host memory heterogeneity to unikernels. UCat exploits large pages to reduce the cost of two-layer address translation in virtualization environments, and leverages slab allocation to reduce memory waste due to internal memory fragmentation. We implement UCat based on a popular unikernel--OSv and conduct extensive experiments to evaluate its efficiency. Experimental results show that UCat can reduce the memory consumption of unikernels by 50% and TLB miss rate by 41%, and improve the throughput of real-world benchmarks such as memslap and YCSB by up to 18.5% and 14.8%, respectively.展开更多
Packet loss cannot be avoided in wireless network due to wireless transmission medium particularity, therefore improving retransmission efficiency is meaningful to wireless transmission. The current retransmission pac...Packet loss cannot be avoided in wireless network due to wireless transmission medium particularity, therefore improving retransmission efficiency is meaningful to wireless transmission. The current retransmission packet selection mechanisms based on oppornistic network coding (ONC) face low retransmission efficiency and high computational complexity problems. To these problems, an optimized encoding packet selection mechanism based on ONC in wireless network retransmission (OONCR) is proposed. This mechanism is based on mutual exclusion packets and decoding gain concepts, and makes full use of ONC advantages. The main contributions of this scheme are to control the algorithm eomplexity of the maximum encoding packets selection effectively, avoid the redundancy encoding packets due to the overlapping among encoding packets, and take the encoding packet local and global optimization problem into consideration. Retransmission efficiency is evaluated according to the computational complexity, the throughput, the retransmission redundancy ratio, and the number of average retransmission. Under the various conditions, the number of average retransmission of OONCR is mainly lower than that of other typical retransmission packet selection schemes. The average retransmission redundancy ratios of OONCR are lower about 5%-40% compared with other typical schemes. Simultaneously the computational complexity of OONCR is comparatively lower than that of other typical schemes.展开更多
基金supported by the National Natural Science Foundation of China under Grant 92046001,61962009,the JSPS KAKENHI Grant Numbers JP19K20250,JP20H04174,JP22K11989Leading Initiative for Excellent Young Researchers (LEADER),MEXT,Japan,and JST,PRESTO Grant Number JPMJPR21P3+1 种基金Japan.Mianxiong Dong is the corresponding author,the Doctor Scientific Research Fund of Zhengzhou University of Light Industry under Grant 2021BSJJ033Key Scientific Research Project of Colleges and Universities in Henan Province (CN)under Grant No.22A413010.
文摘Internet of Medical Things(IoMT)plays an essential role in collecting and managing personal medical data.In recent years,blockchain technology has put power in traditional IoMT systems for data sharing between different medical institutions and improved the utilization of medical data.However,some problems in the information transfer process between wireless medical devices and mobile medical apps,such as information leakage and privacy disclosure.This paper first designs a cross-device key agreement model for blockchain-enabled IoMT.This model can establish a key agreement mechanism for secure medical data sharing.Meanwhile,a certificateless authenticated key agreement(KA)protocol has been proposed to strengthen the information transfer security in the cross-device key agreement model.The proposed KA protocol only requires one exchange of messages between the two parties,which can improve the protocol execution efficiency.Then,any unauthorized tampering of the transmitted signed message sent by the sender can be detected by the receiver,so this can guarantee the success of the establishment of a session key between the strange entities.The blockchain ledger can ensure that the medical data cannot be tampered with,and the certificateless mechanism can weaken the key escrow problem.Moreover,the security proof and performance analysis are given,which show that the proposed model and KA protocol are more secure and efficient than other schemes in similar literature.
基金This work is supported by the NSFC(Grant Nos.61671087,61962009,61003287)the Fok Ying Tong Education Foundation(Grant No.131067)+4 种基金the Major Scientific and Technological Special Project of Guizhou Province(Grant No.20183001)the Foundation of State Key Laboratory of Public Big Data(Grant No.2018BDKFJJ018)CCF-Tencent Open Fund WeBank Special Funding(CCF-WebankRAGR20180104)the High-quality and Cutting-edge Disciplines Construction Project for Universities in Beijing(Internet Information,Communication University of China)the Fundamental Research Funds for the Central Universities,and the Fundamental Research Funds for the Central Universities No.2019XD-A02.
文摘Most existing blockchain schemes are based on the design concept“openness and transparency”to realize data security,which usually require transaction data to be presented in the form of plaintext.However,it inevitably brings the issues with respect to data privacy and operating performance.In this paper,we proposed a novel blockchain scheme called Cipherchain,which can process and maintain transaction data in the form of ciphertext while the characteristics of immutability and auditability are guaranteed.Specifically in our scheme,transactions can be encrypted locally based on a searchable encryption scheme called multi-user public key encryption with conjunctive keyword search(mPECK),and can be accessed by multiple specific participants after appended to the globally consistent distributed ledger.By introducing execution-consensus-update paradigm of transaction flow,Cipherchain cannot only make it possible for transaction data to exist in the form of ciphertext,but also guarantee the overall system performance not greatly affected by cryptographic operations and other local execution work.In addition,Cipherchain is a promising scheme to realize the technology combination of“blockchain+cloud computing”and“permissioned blockchain+public blockchain”.
基金Supported by Shandong Province Higher Educational Science and Technology Program(No.J12LN34)Shandong Ji'nan College and Institute Independent Innovation Project(No.201303011,No.201303021,No.201303016)
文摘This paper discusses the problem that constructing a curve to satisfy the given endpoint constraints and chord-length parameters. Based on the research of Lu, the curve construction method for the entire tangent angles region (α0, α1)∈(-r, r)×(-r, r) is given. Firstly, to ensure the weights are always positive, the three characteristics of cubic rational Bezier curve is proved, then the segment construction idea for the other tangent angles are presented in view of the three characteristics. The curve constructed with the new method satisfies the endpoint constraint and chord-length parameters, it's G1 continuous in every segment curve, and the shapes of the curve are well.
基金Supported jointly by the National Natural Science Foundation of China under Grants Nos. 61672251, 61732010, 61825202, and 61929103.
文摘Non-Volatile Main Memories (NVMMs) have recently emerged as a promising technology for future memory systems. Generally, NVMMs have many desirable properties such as high density, byte-addressability, non-volatility, low cost, and energy efficiency, at the expense of high write latency, high write power consumption, and limited write endurance. NVMMs have become a competitive alternative of Dynamic Random Access Memory (DRAM), and will fundamentally change the landscape of memory systems. They bring many research opportunities as well as challenges on system architectural designs, memory management in operating systems (OSes), and programming models for hybrid memory systems. In this article, we revisit the landscape of emerging NVMM technologies, and then survey the state-of-the-art studies of NVMM technologies. We classify those studies with a taxonomy according to different dimensions such as memory architectures, data persistence, performance improvement, energy saving, and wear leveling. Second, to demonstrate the best practices in building NVMM systems, we introduce our recent work of hybrid memory system designs from the dimensions of architectures, systems, and applications. At last, we present our vision of future research directions of NVMMs and shed some light on design challenges and opportunities.
基金This work was supported by the National Natural Science Foundation of China under Grants 92046001,61962009the Doctor Scientific Research Fund of Zhengzhou University of Light Industry under Grant 2021BSJJ033Key Scientific Research Project of Colleges and Universities in Henan Province(CN)under Grant No.22A413010。
文摘Along with the increase of wearable medical device,the privacy leakage problem in the process of transmission between these edge medical devices.The blockchain-enabled Internet of Medical Things(BIoMT)has been developed to reform traditional centralized medical system in recent years.This paper first introduces a data anonymous authentication model to protect user privacy and medical data in BIoMT.Then,a proxy group signature(PGS)scheme has been proposed based on lattice assumption.This scheme can well satisfy the anonymous authentication demand for the proposed model,and provide anti-quantum attack security for BIoMT in the future general quantum computer age.Moreover,the security analysis shows this PGS scheme is secure against the dynamical-almost-full anonymous and traceability.The efficiency comparison shows the proposed model and PGS scheme is more efficient and practical.
基金supported by the National 973 Basic Research Program of China under grant No.2014CB340600the National Natural Science Foundation of China under grant No.61370230 and No.61662022+1 种基金Program for New Century Excellent Talents in University Under grant NCET-13-0241Natural Science Foundation of Huhei Province under Grant No.2016CFB371
文摘In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system(OS) is comprised since malwares are running in ring 0 level. In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management(PM),security server(SS) and policy enforcement(PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache(AVC) between SS and PE in the guest OS,in order to speed up communication between the guest OS and the security domain. The policy enforcement module is retained in the guest OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implementthe system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.Keywords: hypervisor; virtualization; memo-
基金supported by the National Natural Science Foundation of China(Grant Nos.62072198,61732010,61825202,and 62032008).
文摘Unikernels provide an efficient and lightweight way to deploy cloud computing services in application-specialized and single-address-space virtual machines (VMs). They can efficiently deploy hundreds of unikernel-based VMs in a single physical server. In such a cloud computing platform, main memory is the primary bottleneck resource for high-density application deployment. Recently, non-volatile memory (NVM) technologies has become increasingly popular in cloud data centers because they can offer extremely large memory capacity at a low expense. However, there still remain many challenges to utilize NVMs for unikernel-based VMs, such as the difficulty of heterogeneous memory allocation and high performance overhead of address translations.In this paper, we present UCat, a heterogeneous memory management mechanism that support multi-grained memory allocation for unikernels. We propose front-end/back-end cooperative address space mapping to expose the host memory heterogeneity to unikernels. UCat exploits large pages to reduce the cost of two-layer address translation in virtualization environments, and leverages slab allocation to reduce memory waste due to internal memory fragmentation. We implement UCat based on a popular unikernel--OSv and conduct extensive experiments to evaluate its efficiency. Experimental results show that UCat can reduce the memory consumption of unikernels by 50% and TLB miss rate by 41%, and improve the throughput of real-world benchmarks such as memslap and YCSB by up to 18.5% and 14.8%, respectively.
基金supported by the National Natural Science Foundation of China(61571375)the Hi-Tech Research and Development Program of China(2015AA01A705)
文摘Packet loss cannot be avoided in wireless network due to wireless transmission medium particularity, therefore improving retransmission efficiency is meaningful to wireless transmission. The current retransmission packet selection mechanisms based on oppornistic network coding (ONC) face low retransmission efficiency and high computational complexity problems. To these problems, an optimized encoding packet selection mechanism based on ONC in wireless network retransmission (OONCR) is proposed. This mechanism is based on mutual exclusion packets and decoding gain concepts, and makes full use of ONC advantages. The main contributions of this scheme are to control the algorithm eomplexity of the maximum encoding packets selection effectively, avoid the redundancy encoding packets due to the overlapping among encoding packets, and take the encoding packet local and global optimization problem into consideration. Retransmission efficiency is evaluated according to the computational complexity, the throughput, the retransmission redundancy ratio, and the number of average retransmission. Under the various conditions, the number of average retransmission of OONCR is mainly lower than that of other typical retransmission packet selection schemes. The average retransmission redundancy ratios of OONCR are lower about 5%-40% compared with other typical schemes. Simultaneously the computational complexity of OONCR is comparatively lower than that of other typical schemes.
