This paper was motivated by the existing problems of Cloud Data storage in Imo State University, Nigeria such as outsourced data causing the loss of data and misuse of customer information by unauthorized users or hac...This paper was motivated by the existing problems of Cloud Data storage in Imo State University, Nigeria such as outsourced data causing the loss of data and misuse of customer information by unauthorized users or hackers, thereby making customer/client data visible and unprotected. Also, this led to enormous risk of the clients/customers due to defective equipment, bugs, faulty servers, and specious actions. The aim if this paper therefore is to analyze a secure model using Unicode Transformation Format (UTF) base 64 algorithms for storage of data in cloud securely. The methodology used was Object Orientated Hypermedia Analysis and Design Methodology (OOHADM) was adopted. Python was used to develop the security model;the role-based access control (RBAC) and multi-factor authentication (MFA) to enhance security Algorithm were integrated into the Information System developed with HTML 5, JavaScript, Cascading Style Sheet (CSS) version 3 and PHP7. This paper also discussed some of the following concepts;Development of Computing in Cloud, Characteristics of computing, Cloud deployment Model, Cloud Service Models, etc. The results showed that the proposed enhanced security model for information systems of cooperate platform handled multiple authorization and authentication menace, that only one login page will direct all login requests of the different modules to one Single Sign On Server (SSOS). This will in turn redirect users to their requested resources/module when authenticated, leveraging on the Geo-location integration for physical location validation. The emergence of this newly developed system will solve the shortcomings of the existing systems and reduce time and resources incurred while using the existing system.展开更多
The security of critical data is an important issue for distributed storage system design,especially for long-term storage.ESSA (An Efficient and Secure Splitting Algorithm for Distributed Storage Systems) is presente...The security of critical data is an important issue for distributed storage system design,especially for long-term storage.ESSA (An Efficient and Secure Splitting Algorithm for Distributed Storage Systems) is presented,which takes advantage of a two level information dispersal scheme to strengthen the security of data.In ESSA,the approach of knight’s tour problem,which is NP-Complete,is introduced to scramble data at the first level,and a split cube is used to split scrambled data at the second level.Thus,it is very difficult for the malicious user to get information because the task of reconstructing the original data needs more computation than they can tolerate.We prove that the security of ESSA is better than encryption algorithm and not inferior to erasure codes and secret sharing.Experimental results show that distributed storage systems exploiting ESSA has greater efficiency than that exploiting keyed encryption,erasure codes and secret sharing.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built...A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built-in security measures, even though it can effectively handle and store enormous datasets using the Hadoop Distributed File System (HDFS). The increasing number of data breaches emphasizes how urgently creative encryption techniques are needed in cloud-based big data settings. This paper presents Adaptive Attribute-Based Honey Encryption (AABHE), a state-of-the-art technique that combines honey encryption with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to provide improved data security. Even if intercepted, AABHE makes sure that sensitive data cannot be accessed by unauthorized parties. With a focus on protecting huge files in HDFS, the suggested approach achieves 98% security robustness and 95% encryption efficiency, outperforming other encryption methods including Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Key-Policy Attribute-Based Encryption (KB-ABE), and Advanced Encryption Standard combined with Attribute-Based Encryption (AES+ABE). By fixing Hadoop’s security flaws, AABHE fortifies its protections against data breaches and enhances Hadoop’s dependability as a platform for processing and storing massive amounts of data.展开更多
COVID-19 has swept the whole our country and the world in the beginning of 2020.31 provinces and municipalities across the country have launched the first-level response to major public health emergencies since Januar...COVID-19 has swept the whole our country and the world in the beginning of 2020.31 provinces and municipalities across the country have launched the first-level response to major public health emergencies since January 24,and China has carried out intensive epidemic control.It is critical for effectively responding to COVID-19 to collect,collate and analyze people’s personal data.What’s more,obtaining identity information,travel records and health information of confirmed cases,suspected cases and close contacts has become a crucial step in epidemic investigation.All regions have made full use of big data to carry out personnel screening,travel records analysis and other related work in epidemic prevention and control,effectively improving the efficiency of epidemic prevention and control.However,data leakage,personnel privacy data exposure,and personal attack frequently occurred in the process of personnel travel records analysis and epidemic prevention and control.It even happened in the WeChat group to forward a person’s name,phone number,address,ID number and other sensitive information.It brought discrimination,telephone and SMS harassment to the parties,which caused great harm to individuals.Based on these,lack of information security and data security awareness and other issues were exposed.Therefore,while big data has been widely concerned and applied,attention should be paid to protecting personal privacy.It is urgent to pay more attention to data privacy and information security in order to effectively protect the legitimate rights of the people.Therefore,measures can be taken to achieve this goal,such as improving the relevant legal system,strengthening technical means to enhance the supervision and management of information security and data protection.展开更多
The current health information systems have many challenges such as lack of standard user interfaces,data security and privacy issues,inability to uniquely identify patients across multiple hospital information system...The current health information systems have many challenges such as lack of standard user interfaces,data security and privacy issues,inability to uniquely identify patients across multiple hospital information systems,probable misuse of patient data,high technological costs,resistance to technology deployments in hospital management,lack of data gathering,processing and analysis standardization.All these challenges,among others hamper either the acceptance of the health information systems,operational efficiency or expose patient information to cyber attacks.In this paper,an enhanced information systems success model for patient information assurance is developed using an amalgamation of Technology Acceptance Model(TAM)and Information Systems Success Model(ISS).This involved the usage of Linear Structured Relationship(LISREL)software to model a combination of ISS and Intention to Use(ITU),TAM and ITU,ISS and user satisfaction(US),and finally TAM and US.The sample size of 110 respondents was obtained based on the total population of 221 using the Conhrans formula.Thereafter,simple random sampling was employed to select members within each category of employees to take part in the study.The questionnaire as a research tool was checked for reliability via Cronbach’s Alpha.The results obtained showed that for ISS and ITU modeling,only perceived ease of use,system features,response time,flexibility,timeliness,accuracy,responsiveness and user training positively influenced the intention to use.However,for the TAM and ITU modeling,only TAM’s measures such as timely information,efficiency,increased transparency,and proper patient identification had a positive effect on intension to use.The ISS and US modeling revealed that perceived ease of use had the greatest impact on user satisfaction while response time had the least effect on user satisfaction.On its part,the TAM and US modeling showed that timely information,effectiveness,consistency,enhanced communication,and proper patients identification had a positive influence on user satisfaction.展开更多
The Personal Information Protection Law,as the first law on personal information protection in China,hits the people’s most concerned,realistic and direct privacy and information security issues,and plays an extremel...The Personal Information Protection Law,as the first law on personal information protection in China,hits the people’s most concerned,realistic and direct privacy and information security issues,and plays an extremely important role in promoting the development of the digital economy,the legalization of socialism with Chinese characteristics and social public security,and marks a new historical development stage in the protection of personal information in China.However,the awareness of privacy protection and privacy protection behavior of the public in personal information privacy protection is weak.Based on the literature review and in-depth understanding of current legal regulations,this study integrates the relevant literature and theoretical knowledge of the Personal Protection Law to construct a conceptual model of“privacy information protection willingness-privacy information protection behavior”.Taking the residents of Foshan City as an example,this paper conducts a questionnaire survey on their attitudes toward the Personal Protection Law,analyzes the factors influencing their willingness to protect their privacy and their behaviors,and explores the mechanisms of their influencing variables,to provide advice and suggestions for promoting the protection of privacy information and building a security barrier for the high-quality development of public information security.展开更多
Big data has been taken as a Chinese national strategy in order to satisfy the developments of the social and economic requirements and the development of new information technology. The prosperity of big data brings ...Big data has been taken as a Chinese national strategy in order to satisfy the developments of the social and economic requirements and the development of new information technology. The prosperity of big data brings not only convenience to people's daily life and more opportunities to enterprises, but more challenges with information security as well. This paper has a research on new types and features of information security issues in the age of big data, and puts forward the solutions for the above issues: build up the big data security management platform, set up the establishment of information security system and implement relevant laws and regulations.展开更多
With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.Howe...With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.However,with the continuous development of quantum computing,the standard Public-key Encryption with Keyword Search(PEKS)scheme cannot resist quantumbased keyword guessing attacks.Further,the credibility of the server also poses a significant threat to the security of the retrieval process.This paper proposes a searchable encryption scheme based on lattice cryptography using blockchain to address the above problems.Firstly,we design a lattice-based encryption primitive to resist quantum keyword guessing attacks.Moreover,blockchain is to decentralize the cloud storage platform’s jurisdiction of data.It also ensures that the traceability of keyword retrieval process and maintains the credibility of search result,which malicious platforms are prevented as much as possible from deliberately sending wrong search results.Last but not least,through security analysis,our proposed scheme satisfies the credibility and unforgeability of the keyword ciphertext.The comprehensive performance evaluates that our scheme has certain advantages in terms of efficiency compared with others.展开更多
In this paper, we survey data security and privacy problems created by cloud storage applications and propose a cloud storage security architecture. We discuss state-of-the-art techniques for ensuring the privacy and ...In this paper, we survey data security and privacy problems created by cloud storage applications and propose a cloud storage security architecture. We discuss state-of-the-art techniques for ensuring the privacy and security of data stored in the cloud. We discuss policies for access control and data integrity, availability, and privacy. We also discuss several key solutions proposed in current literature and point out future research directions.展开更多
With the arrival of the 5G era,wireless communication technologies and services are rapidly exhausting the limited spectrum resources.Spectrum auctions came into being,which can effectively utilize spectrum resources....With the arrival of the 5G era,wireless communication technologies and services are rapidly exhausting the limited spectrum resources.Spectrum auctions came into being,which can effectively utilize spectrum resources.Because of the complexity of the electronic spectrum auction network environment,the security of spectrum auction can not be guaranteed.Most scholars focus on researching the security of the single-sided auctions,while ignoring the practical scenario of a secure double spectrum auction where participants are composed of multiple sellers and buyers.Researchers begin to design the secure double spectrum auction mechanisms,in which two semi-honest agents are introduced to finish the spectrum auction rules.But these two agents may collude with each other or be bribed by buyers and sellers,which may create security risks,therefore,a secure double spectrum auction is proposed in this paper.Unlike traditional secure double spectrum auctions,the spectrum auction server with Software Guard Extensions(SGX)component is used in this paper,which is an Ethereum blockchain platform that performs spectrum auctions.A secure double spectrum protocol is also designed,using SGX technology and cryptographic tools such as Paillier cryptosystem,stealth address technology and one-time ring signatures to well protect the private information of spectrum auctions.In addition,the smart contracts provided by the Ethereum blockchain platform are executed to assist offline verification,and to verify important spectrum auction information to ensure the fairness and impartiality of spectrum auctions.Finally,security analysis and performance evaluation of our protocol are discussed.展开更多
文摘This paper was motivated by the existing problems of Cloud Data storage in Imo State University, Nigeria such as outsourced data causing the loss of data and misuse of customer information by unauthorized users or hackers, thereby making customer/client data visible and unprotected. Also, this led to enormous risk of the clients/customers due to defective equipment, bugs, faulty servers, and specious actions. The aim if this paper therefore is to analyze a secure model using Unicode Transformation Format (UTF) base 64 algorithms for storage of data in cloud securely. The methodology used was Object Orientated Hypermedia Analysis and Design Methodology (OOHADM) was adopted. Python was used to develop the security model;the role-based access control (RBAC) and multi-factor authentication (MFA) to enhance security Algorithm were integrated into the Information System developed with HTML 5, JavaScript, Cascading Style Sheet (CSS) version 3 and PHP7. This paper also discussed some of the following concepts;Development of Computing in Cloud, Characteristics of computing, Cloud deployment Model, Cloud Service Models, etc. The results showed that the proposed enhanced security model for information systems of cooperate platform handled multiple authorization and authentication menace, that only one login page will direct all login requests of the different modules to one Single Sign On Server (SSOS). This will in turn redirect users to their requested resources/module when authenticated, leveraging on the Geo-location integration for physical location validation. The emergence of this newly developed system will solve the shortcomings of the existing systems and reduce time and resources incurred while using the existing system.
基金This study is supported by National Natural Science Foundation of China (No.60973146) National Natur al Science Foundation of Beijing (No.4092029) The Fundamental Research Funds for the Central Universities (No.2009RC0217). We also thank the anonymous reviewers for their constructive comments.
文摘The security of critical data is an important issue for distributed storage system design,especially for long-term storage.ESSA (An Efficient and Secure Splitting Algorithm for Distributed Storage Systems) is presented,which takes advantage of a two level information dispersal scheme to strengthen the security of data.In ESSA,the approach of knight’s tour problem,which is NP-Complete,is introduced to scramble data at the first level,and a split cube is used to split scrambled data at the second level.Thus,it is very difficult for the malicious user to get information because the task of reconstructing the original data needs more computation than they can tolerate.We prove that the security of ESSA is better than encryption algorithm and not inferior to erasure codes and secret sharing.Experimental results show that distributed storage systems exploiting ESSA has greater efficiency than that exploiting keyed encryption,erasure codes and secret sharing.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
基金funded by Princess Nourah bint Abdulrahman UniversityResearchers Supporting Project number (PNURSP2024R408), Princess Nourah bint AbdulrahmanUniversity, Riyadh, Saudi Arabia.
文摘A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built-in security measures, even though it can effectively handle and store enormous datasets using the Hadoop Distributed File System (HDFS). The increasing number of data breaches emphasizes how urgently creative encryption techniques are needed in cloud-based big data settings. This paper presents Adaptive Attribute-Based Honey Encryption (AABHE), a state-of-the-art technique that combines honey encryption with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to provide improved data security. Even if intercepted, AABHE makes sure that sensitive data cannot be accessed by unauthorized parties. With a focus on protecting huge files in HDFS, the suggested approach achieves 98% security robustness and 95% encryption efficiency, outperforming other encryption methods including Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Key-Policy Attribute-Based Encryption (KB-ABE), and Advanced Encryption Standard combined with Attribute-Based Encryption (AES+ABE). By fixing Hadoop’s security flaws, AABHE fortifies its protections against data breaches and enhances Hadoop’s dependability as a platform for processing and storing massive amounts of data.
基金This paper is support by:In 2019,Liaoning Provincial Department of Education Project named“Study on the Path Selection of Rural Revitalization in Ethnic Autonomous Areas of Liaoning Province”The 3rd Azure Talent Project of Dalian Ocean University in 2018+1 种基金In 2019,Liaoning Province’s overseas training project“China-Canada Cooperation Research Plan on Marine Law and Policy”(2019GJWYB019)The Ministry of Education filed the 2017 National and Regional Research Center Project“Northeast Asia Research Center for Marine Law and Policy”(GQ17091).
文摘COVID-19 has swept the whole our country and the world in the beginning of 2020.31 provinces and municipalities across the country have launched the first-level response to major public health emergencies since January 24,and China has carried out intensive epidemic control.It is critical for effectively responding to COVID-19 to collect,collate and analyze people’s personal data.What’s more,obtaining identity information,travel records and health information of confirmed cases,suspected cases and close contacts has become a crucial step in epidemic investigation.All regions have made full use of big data to carry out personnel screening,travel records analysis and other related work in epidemic prevention and control,effectively improving the efficiency of epidemic prevention and control.However,data leakage,personnel privacy data exposure,and personal attack frequently occurred in the process of personnel travel records analysis and epidemic prevention and control.It even happened in the WeChat group to forward a person’s name,phone number,address,ID number and other sensitive information.It brought discrimination,telephone and SMS harassment to the parties,which caused great harm to individuals.Based on these,lack of information security and data security awareness and other issues were exposed.Therefore,while big data has been widely concerned and applied,attention should be paid to protecting personal privacy.It is urgent to pay more attention to data privacy and information security in order to effectively protect the legitimate rights of the people.Therefore,measures can be taken to achieve this goal,such as improving the relevant legal system,strengthening technical means to enhance the supervision and management of information security and data protection.
文摘The current health information systems have many challenges such as lack of standard user interfaces,data security and privacy issues,inability to uniquely identify patients across multiple hospital information systems,probable misuse of patient data,high technological costs,resistance to technology deployments in hospital management,lack of data gathering,processing and analysis standardization.All these challenges,among others hamper either the acceptance of the health information systems,operational efficiency or expose patient information to cyber attacks.In this paper,an enhanced information systems success model for patient information assurance is developed using an amalgamation of Technology Acceptance Model(TAM)and Information Systems Success Model(ISS).This involved the usage of Linear Structured Relationship(LISREL)software to model a combination of ISS and Intention to Use(ITU),TAM and ITU,ISS and user satisfaction(US),and finally TAM and US.The sample size of 110 respondents was obtained based on the total population of 221 using the Conhrans formula.Thereafter,simple random sampling was employed to select members within each category of employees to take part in the study.The questionnaire as a research tool was checked for reliability via Cronbach’s Alpha.The results obtained showed that for ISS and ITU modeling,only perceived ease of use,system features,response time,flexibility,timeliness,accuracy,responsiveness and user training positively influenced the intention to use.However,for the TAM and ITU modeling,only TAM’s measures such as timely information,efficiency,increased transparency,and proper patient identification had a positive effect on intension to use.The ISS and US modeling revealed that perceived ease of use had the greatest impact on user satisfaction while response time had the least effect on user satisfaction.On its part,the TAM and US modeling showed that timely information,effectiveness,consistency,enhanced communication,and proper patients identification had a positive influence on user satisfaction.
文摘The Personal Information Protection Law,as the first law on personal information protection in China,hits the people’s most concerned,realistic and direct privacy and information security issues,and plays an extremely important role in promoting the development of the digital economy,the legalization of socialism with Chinese characteristics and social public security,and marks a new historical development stage in the protection of personal information in China.However,the awareness of privacy protection and privacy protection behavior of the public in personal information privacy protection is weak.Based on the literature review and in-depth understanding of current legal regulations,this study integrates the relevant literature and theoretical knowledge of the Personal Protection Law to construct a conceptual model of“privacy information protection willingness-privacy information protection behavior”.Taking the residents of Foshan City as an example,this paper conducts a questionnaire survey on their attitudes toward the Personal Protection Law,analyzes the factors influencing their willingness to protect their privacy and their behaviors,and explores the mechanisms of their influencing variables,to provide advice and suggestions for promoting the protection of privacy information and building a security barrier for the high-quality development of public information security.
基金supported by National Key Technology Support Program(No.2013BAD17B06)Major Program of National Social Science Fund(No.15ZDB154)
文摘Big data has been taken as a Chinese national strategy in order to satisfy the developments of the social and economic requirements and the development of new information technology. The prosperity of big data brings not only convenience to people's daily life and more opportunities to enterprises, but more challenges with information security as well. This paper has a research on new types and features of information security issues in the age of big data, and puts forward the solutions for the above issues: build up the big data security management platform, set up the establishment of information security system and implement relevant laws and regulations.
基金This work was supported by the Open Fund of Advanced Cryptography and System Security Key Laboratory of Sichuan Province(Grant No.SKLACSS-202101)NSFC(Grant Nos.62176273,61962009,U1936216)+3 种基金the Foundation of Guizhou Provincial Key Laboratory of Public Big Data(No.2019BDKFJJ010,2019BDKFJJ014)the Fundamental Research Funds for Beijing Municipal Commission of Education,Beijing Urban Governance Research Base of North China University of Technology,the Natural Science Foundation of Inner Mongolia(2021MS06006)Baotou Kundulun District Science and technology plan project(YF2020013)Inner Mongolia discipline inspection and supervision big data laboratory open project fund(IMDBD2020020).
文摘With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.However,with the continuous development of quantum computing,the standard Public-key Encryption with Keyword Search(PEKS)scheme cannot resist quantumbased keyword guessing attacks.Further,the credibility of the server also poses a significant threat to the security of the retrieval process.This paper proposes a searchable encryption scheme based on lattice cryptography using blockchain to address the above problems.Firstly,we design a lattice-based encryption primitive to resist quantum keyword guessing attacks.Moreover,blockchain is to decentralize the cloud storage platform’s jurisdiction of data.It also ensures that the traceability of keyword retrieval process and maintains the credibility of search result,which malicious platforms are prevented as much as possible from deliberately sending wrong search results.Last but not least,through security analysis,our proposed scheme satisfies the credibility and unforgeability of the keyword ciphertext.The comprehensive performance evaluates that our scheme has certain advantages in terms of efficiency compared with others.
基金supported by National Natural Science Foundation of China under grants 61173170 and 60873225National High Technology Research and Development Program of China under grant 2007AA01Z403Innovation Fund of Huazhong University of Science and Technology under grants 2013QN120,2012TS052 and 2012TS053
文摘In this paper, we survey data security and privacy problems created by cloud storage applications and propose a cloud storage security architecture. We discuss state-of-the-art techniques for ensuring the privacy and security of data stored in the cloud. We discuss policies for access control and data integrity, availability, and privacy. We also discuss several key solutions proposed in current literature and point out future research directions.
基金supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government.(MSIT)(2021R1A2B5B02087169)the National Natural Science Foundation of China(Nos.62072092,62072093+4 种基金U1708262)the China Postdoctoral Science Foundation(No.2019M653568)the Key Research and Development Project of Hebei Province(No.20310702D)the Natural Science Foundation of Hebei Province(No.F2020501013)the Fundamental Research Funds for the Central Universities(No.N2023020)。
文摘With the arrival of the 5G era,wireless communication technologies and services are rapidly exhausting the limited spectrum resources.Spectrum auctions came into being,which can effectively utilize spectrum resources.Because of the complexity of the electronic spectrum auction network environment,the security of spectrum auction can not be guaranteed.Most scholars focus on researching the security of the single-sided auctions,while ignoring the practical scenario of a secure double spectrum auction where participants are composed of multiple sellers and buyers.Researchers begin to design the secure double spectrum auction mechanisms,in which two semi-honest agents are introduced to finish the spectrum auction rules.But these two agents may collude with each other or be bribed by buyers and sellers,which may create security risks,therefore,a secure double spectrum auction is proposed in this paper.Unlike traditional secure double spectrum auctions,the spectrum auction server with Software Guard Extensions(SGX)component is used in this paper,which is an Ethereum blockchain platform that performs spectrum auctions.A secure double spectrum protocol is also designed,using SGX technology and cryptographic tools such as Paillier cryptosystem,stealth address technology and one-time ring signatures to well protect the private information of spectrum auctions.In addition,the smart contracts provided by the Ethereum blockchain platform are executed to assist offline verification,and to verify important spectrum auction information to ensure the fairness and impartiality of spectrum auctions.Finally,security analysis and performance evaluation of our protocol are discussed.
