Biblio

Virtual power plants are among the promising ways that variable generation and flexible demand may be optimally balanced in the future. The virtual power plant is an important branch of the energy internet, and it plays an important role in the aggregation of distributed power generation resources and the establishment of virtual power resource transactions. However, in the existing virtual power plant model, the following problems are becoming increasingly prominent, such as safeguard, credit rating system, privacy protection, benefit distribution. Firstly, the operation and transaction mechanism of the virtual power plant was introduced. Then, the blockchain technology is introduced into the virtual power plant transaction to make it more conducive to the information transparent, stable dispatch system, data security, and storage security. Finally, the operation and transaction system based on blockchain technology for the virtual power plant was design.

Fog computing is a new computing paradigm that utilizes numerous mutually cooperating terminal devices or network edge devices to provide computing, storage, and communication services. Fog computing extends cloud computing services to the edge of the network, making up for the deficiencies of cloud computing in terms of location awareness, mobility support and latency. However, fog nodes are not active enough to perform tasks, and fog nodes recruited by cloud service providers cannot provide stable and continuous resources, which limits the development of fog computing. In the process of cloud service providers using the resources in the fog nodes to provide services to users, the cloud service providers and fog nodes are selfish and committed to maximizing their own payoffs. This situation makes it easy for the fog node to work negatively during the execution of the task. Limited by the low quality of resource provided by fog nodes, the payoff of cloud service providers has been severely affected. In response to this problem, an appropriate incentive mechanism needs to be established in the fog computing environment to solve the core problems faced by both cloud service providers and fog nodes in maximizing their respective utility, in order to achieve the incentive effect. Therefore, this paper proposes an incentive model based on repeated game, and designs a trigger strategy with credible threats, and obtains the conditions for incentive consistency. Under this condition, the fog node will be forced by the deterrence of the trigger strategy to voluntarily choose the strategy of actively executing the task, so as to avoid the loss of subsequent rewards when it is found to perform the task passively. Then, using evolutionary game theory to analyze the stability of the trigger strategy, it proves the dynamic validity of the incentive consistency condition.

The 5G technology brings the substantial improvement on the quality of services (QoS), such as higher throughput, lower latency, more stable signal and more ultra-reliable data transmission, triggering a revolution for the wireless mobile network. But in a general traffic channel in the 5G-based wireless mobile network, an attacker can detect a message transmitted over a channel, or even worse, forge or tamper with the message. Building a secure channel over the two parties is a feasible solution to this uttermost data transmission security challenge in 5G-based wireless mobile network. However, how to authentication the identities of the both parties before establishing the secure channel to fully ensure the data confidentiality and integrity during the data transmission has still been a open issue. To establish a fully secure channel, in this paper, we propose a strongly secure pairing-free certificateless authenticated key agreement (PF-CL-AKA) protocol with two-way identity-based authentication before extracting the secure session key. Our protocol is provably secure in the Lippold model, which means our protocol is still secure as long as each party of the channel has at least one uncompromised partial private term. Finally, By the theoretical analysis and simulation experiments, we can observe that our scheme is practical for the real-world applications in the 5G-based wireless mobile network.

With the rapid development of the Internet, cyberspace security has become a potentially huge problem. At the same time, the disclosure of cyberspace vulnerabilities is getting faster and faster. Traditional protection methods based on known features cannot effectively defend against new network attacks. Network attack is no more a single vulnerability exploit, but an APT attack based on multiple complicated methods. Cyberspace attacks have become ``rationalized'' on the surface. Currently, there are a lot of researches about visualization of attack paths, but there is no an overall plan to reproduce the attack path. Most researches focus on the detection and characterization individual based on single behavior cyberspace attacks, which loose it's abilities to help security personnel understand the complete attack behavior of attackers. The key factors of this paper is to collect the attackers' aggressive behavior by reverse retrospective method based on the actual shooting range environment. By finding attack nodes and dividing offensive behavior into time series, we can characterize the attacker's behavior path vividly and comprehensively.

In this paper, an attribute-based encryption scheme with policy hidden and key tracing under multi-authority is proposed. In our scheme, the access structure is embedded into the ciphertext implicitly and the attacker cannot gain user's private information by access structure. The key traceability is realized under multi-authority and collusion is prevented. Finally, based on the DBDH security model, it is proved that this scheme can resist the plaintext attack under the standard model.

Considering the problem of network security under the background of big data, the clustering analysis algorithms can be utilized to improve the correctness of network intrusion detection models for security management. As a kind of iterative clustering analysis algorithm, K-means algorithm is not only simple but also efficient, so it is widely used. However, the traditional K-means algorithm cannot well solve the network security problem when facing big data due to its high complexity and limited processing ability. In this case, this paper proposes to optimize the traditional K-means algorithm based on the Spark platform and deploy the optimized clustering analysis algorithm in the distributed architecture, so as to improve the efficiency of clustering algorithm for network intrusion detection in big data environment. The experimental result shows that, compared with the traditional K-means algorithm, the efficiency of the optimized K-means algorithm using a Spark-based method is significantly improved in the running time.

Space-air-ground integrated network (SAGIN) is emerged as a versatile computing and traffic architecture in recent years. Though SAGIN brings many significant benefits for modern communication and computing services, there are many unprecedented challenges in SAGIN. The one critical challenge in SAGIN is the data security. In SAGIN, because the data will be stored in cleartext on cloud, the sensitive data may suffer from the illegal access by the unauthorized users even the untrusted cloud servers (CSs). Ciphertext-policy attribute-based encryption (CP-ABE), which is a type of attribute-based encryption (ABE), has been regarded as a promising solution to the critical challenge of the data security on cloud. But there are two main blemishes in traditional CP-ABE. The first one is that there is only one attribute authority (AA) in CP-ABE. If the single AA crashs down, the whole system will be shut down. The second one is that the AA cannot effectively manage the life cycle of the users’ private keys. If a user on longer has one attribute, the AA cannot revoke the user’s private key of this attribute. This means the user can still decrypt some ciphertexts using this invalid attribute. In this paper, to solve the two flaws mentioned above, we propose a multi-authority CP-ABE (MA-CP-ABE) scheme with the dynamical key revocation (DKR). Our key revocation supports both user revocation and attribute revocation. And the our revocation is time friendly. What’s more, by using our dynamically tag-based revocation algorithm, AAs can dynamically and directly re-enable or revoke the invalid attributes to users. Finally, by evaluating and implementing our scheme, we can observe that our scheme is more comprehensive and practical for cloud applications in SAGIN.

Larger companies need more sites in the wide area network (WAN). However, internet service providers cannot obtain sufficient capacity to handle peak traffic, causing a terrible delay. The software-defined network (SDN) allows to own more programmability, adaptability, and application-aware, but scalability is a critical problem for merging both. This paper proposes a solution based on Protocol-Oblivious Forwarding (POF). It is a higher degree of decoupling control and data planes. The control plane uses fields unrelated to the protocol to unify packet match and route, and the data plane uses a set of general flow instructions in fast forwarding. As a result, we only save three flow tables on the forwarding paths so that each packet keeps a pipeline in the source route header to mark the next output ports. This solution can support a constant delay while the network expands.

With the prevalent of smart devices and home automations, voice command has become a popular User Interface (UI) channel in the IoT environment. Although Voice Control System (VCS) has the advantages of great convenience, it is extremely vulnerable to the spoofing attack (e.g., replay attack, hidden/inaudible command attack) due to its broadcast nature. In this study, we present WiVo, a device-free voice liveness detection system based on the prevalent wireless signals generated by IoT devices without any additional devices or sensors carried by the users. The basic motivation of WiVo is to distinguish the authentic voice command from a spoofed one via its corresponding mouth motions, which can be captured and recognized by wireless signals. To achieve this goal, WiVo builds a theoretical model to characterize the correlation between wireless signal dynamics and the user's voice syllables. WiVo extracts the unique features from both voice and wireless signals, and then calculates the consistency between these different types of signals in order to determine whether the voice command is generated by the authentic user of VCS or an adversary. To evaluate the effectiveness of WiVo, we build a testbed based on Samsung SmartThings framework and include WiVo as a new application, which is expected to significantly enhance the security of the existing VCS. We have evaluated WiVo with 6 participants and different voice commands. Experimental evaluation results demonstrate that WiVo achieves the overall 99% detection rate with 1% false accept rate and has a low latency.