Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3334281
Cheng Wang, Hao Tang, Hang Zhu, Changjun Jiang
Anti-fraud engineering for online credit loan (OCL) platforms is getting more challenging due to the developing specialization of gang fraud. Associations are critical features referring to assessing the credibility of loan applications for OCL fraud prediction. State-of-the-art solutions employ graph-based methods to mine hidden associations among loan applications effectively. They perform well based on the information asymmetry which is guaranteed by the huge advantage of platforms over fraudsters in terms of data quantity and quality at their disposal. The inherent difficulty that can be foreseen is the data isolation caused by mistrust between multiple platforms and data control legislations for privacy preservation. To maintain the advantage owned by the platforms, we design a privacy-preserving distributed graph learning framework that ensures critical association repairs by merging parameter sharing and data sharing. Specially, we propose the association reconstruction mechanism (ARM) that consists of the devised exploration, processing, transmission and utilization schemes to realize data sharing. For parameter sharing, we design a hybrid encryption technique to protect privacy during collaboratively learning graph neural network (GNN) models among different financial client platforms. We conduct the experiments over real-life data from large financial platforms. The results demonstrate the effectiveness and efficiency of our proposed methods.
{"title":"Collaborative Prediction in Anti-Fraud System Over Multiple Credit Loan Platforms","authors":"Cheng Wang, Hao Tang, Hang Zhu, Changjun Jiang","doi":"10.1109/TDSC.2023.3334281","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3334281","url":null,"abstract":"Anti-fraud engineering for online credit loan (OCL) platforms is getting more challenging due to the developing specialization of gang fraud. Associations are critical features referring to assessing the credibility of loan applications for OCL fraud prediction. State-of-the-art solutions employ graph-based methods to mine hidden associations among loan applications effectively. They perform well based on the information asymmetry which is guaranteed by the huge advantage of platforms over fraudsters in terms of data quantity and quality at their disposal. The inherent difficulty that can be foreseen is the data isolation caused by mistrust between multiple platforms and data control legislations for privacy preservation. To maintain the advantage owned by the platforms, we design a privacy-preserving distributed graph learning framework that ensures critical association repairs by merging parameter sharing and data sharing. Specially, we propose the association reconstruction mechanism (ARM) that consists of the devised exploration, processing, transmission and utilization schemes to realize data sharing. For parameter sharing, we design a hybrid encryption technique to protect privacy during collaboratively learning graph neural network (GNN) models among different financial client platforms. We conduct the experiments over real-life data from large financial platforms. The results demonstrate the effectiveness and efficiency of our proposed methods.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141715292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The rapid growth of Decentralized Finance (DeFi) boosts the blockchain ecosystem. At the same time, attacks on DeFi applications (apps) are increasing. However, to the best of our knowledge, existing smart contract vulnerability detection tools cannot directly detect DeFi attacks. That's because they lack the capability to recover and understand high-level DeFi semantics, e.g., a user trades a token pair X and Y in a Decentralized EXchange (DEX). In this work, we focus on the detection of two new types of price manipulation attacks. To this end, we propose a platform-independent method to identify high-level DeFi semantics. Specifically, we first construct the Cash Flow Tree (CFT) from a raw transaction and then lifting the low-level semantics to high-level ones, including five advanced DeFi actions. Finally, we use patterns expressed with the recovered DeFi semantics to detect price manipulation attacks. We implemented a prototype named DeFiRanger that detected 14 zero-day security incidents. These findings were reported to affected parties or/and the community for the first time. Furthermore, the backtest experiment discovered 15 unknown historical security incidents. We further performed an attack analysis to shed light on the root causes of vulnerabilities incurring price manipulation attacks.
{"title":"DeFiRanger: Detecting DeFi Price Manipulation Attacks","authors":"Siwei Wu, Zhou Yu, Dabao Wang, Yajin Zhou, Lei Wu, Haoyu Wang, Xingliang Yuan","doi":"10.1109/TDSC.2023.3346888","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3346888","url":null,"abstract":"The rapid growth of Decentralized Finance (DeFi) boosts the blockchain ecosystem. At the same time, attacks on DeFi applications (apps) are increasing. However, to the best of our knowledge, existing smart contract vulnerability detection tools cannot directly detect DeFi attacks. That's because they lack the capability to recover and understand high-level DeFi semantics, e.g., a user trades a token pair X and Y in a Decentralized EXchange (DEX). In this work, we focus on the detection of two new types of price manipulation attacks. To this end, we propose a platform-independent method to identify high-level DeFi semantics. Specifically, we first construct the Cash Flow Tree (CFT) from a raw transaction and then lifting the low-level semantics to high-level ones, including five advanced DeFi actions. Finally, we use patterns expressed with the recovered DeFi semantics to detect price manipulation attacks. We implemented a prototype named DeFiRanger that detected 14 zero-day security incidents. These findings were reported to affected parties or/and the community for the first time. Furthermore, the backtest experiment discovered 15 unknown historical security incidents. We further performed an attack analysis to shed light on the root causes of vulnerabilities incurring price manipulation attacks.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141695811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3334890
Liang Zhao, Liqun Chen
Recently, a privacy-preserving technique called Privacy-Preserving Matrix Transformation (PPMT) is widely used to construct efficient privacy-preserving Verifiable (outsourced) Computation (VC) protocols for specific functions. This technique is first proposed and formalized by Salinas et al. in 2015, and it enjoys provable privacy and high efficiency. Although it seems that Salinas et al.'s PPMT scheme and the further modified scheme are elegant, we still need to take a step back and precisely discuss whether the PPMT schemes are suitable choices for VC protocols. Since Salinas et al. gave two concrete PPMT schemes to achieve the matrix-related VC in data protection and proved that their schemes are private (in terms of indistinguishability), and Zhou et al. devised a new type of PPMT scheme for the same purpose, we focus on exploring privacy of these three types of PPMT schemes. In this article, to achieve our object, we first propose the concept of a linear distinguisher and two constructions of the linear distinguisher algorithms. In particular, the linear distinguisher is a polynomial-time algorithm employed by an adversary to explore the privacy property of a cryptographic primitive. Then, we take these three PPMT schemes (including Salinas et al.'s original work, Yu et al.'s generalization and Zhou et al.'s variant) as targets and analyze their privacy property by letting an adversary make use of our linear distinguisher algorithms. The analysis results show that all these three types of transformations do not hold privacy even against passive eavesdropping (i.e., a ciphertext-only attack), and subsequently, the privacy-preserving VC protocols, based on any of these PPMT schemes, also do not hold the same privacy.
{"title":"Privacy-Preserving Transformation Used in Verifiable (Outsourced) Computation, Revisited","authors":"Liang Zhao, Liqun Chen","doi":"10.1109/TDSC.2023.3334890","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3334890","url":null,"abstract":"Recently, a privacy-preserving technique called Privacy-Preserving Matrix Transformation (PPMT) is widely used to construct efficient privacy-preserving Verifiable (outsourced) Computation (VC) protocols for specific functions. This technique is first proposed and formalized by Salinas et al. in 2015, and it enjoys provable privacy and high efficiency. Although it seems that Salinas et al.'s PPMT scheme and the further modified scheme are elegant, we still need to take a step back and precisely discuss whether the PPMT schemes are suitable choices for VC protocols. Since Salinas et al. gave two concrete PPMT schemes to achieve the matrix-related VC in data protection and proved that their schemes are private (in terms of indistinguishability), and Zhou et al. devised a new type of PPMT scheme for the same purpose, we focus on exploring privacy of these three types of PPMT schemes. In this article, to achieve our object, we first propose the concept of a linear distinguisher and two constructions of the linear distinguisher algorithms. In particular, the linear distinguisher is a polynomial-time algorithm employed by an adversary to explore the privacy property of a cryptographic primitive. Then, we take these three PPMT schemes (including Salinas et al.'s original work, Yu et al.'s generalization and Zhou et al.'s variant) as targets and analyze their privacy property by letting an adversary make use of our linear distinguisher algorithms. The analysis results show that all these three types of transformations do not hold privacy even against passive eavesdropping (i.e., a ciphertext-only attack), and subsequently, the privacy-preserving VC protocols, based on any of these PPMT schemes, also do not hold the same privacy.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141716811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3346692
Tianhang Zheng, Baochun Li
Membership inference is a popular benchmark attack to evaluate the privacy risk of a machine learning model or a learning scheme. However, in federated learning, membership inference is still under-explored due to several issues. For instance, some assumptions in prior works may not be practical in federated learning. Most existing membership inference methods stand on those impractical assumptions or lack generalization ability, which may misestimate the privacy risk. To address these issues, we propose CMI, an attack framework armed by a targeted poisoning method, to conduct a critical evaluation of client-targeted membership inference in federated learning. Under CMI, we consider a strong adversary, refine the prior impractical assumptions, and apply simple but generalizable attack methods. The evaluation results on multiple datasets demonstrate the efficacy of CMI under identically independently distributed (i.i.d.) and non-i.i.d. settings. In terms of the defenses, although differetially private stochatic gradient descent (DP-SGD) is effective under the i.i.d. setting, it does not provide satisfactory protection under label-biased non-i.i.d. settings. Thus, we propose RR-Label, a modified random response algorithm, to defend against membership inference. Compared to DP-SGD and Random Response Top-k (RRTop-k), RR-Label enables a better trade-off between model utility and defensive performance under label-biased non-i.i.d. settings.
{"title":"CMI: Client-Targeted Membership Inference in Federated Learning","authors":"Tianhang Zheng, Baochun Li","doi":"10.1109/TDSC.2023.3346692","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3346692","url":null,"abstract":"Membership inference is a popular benchmark attack to evaluate the privacy risk of a machine learning model or a learning scheme. However, in federated learning, membership inference is still under-explored due to several issues. For instance, some assumptions in prior works may not be practical in federated learning. Most existing membership inference methods stand on those impractical assumptions or lack generalization ability, which may misestimate the privacy risk. To address these issues, we propose CMI, an attack framework armed by a targeted poisoning method, to conduct a critical evaluation of client-targeted membership inference in federated learning. Under CMI, we consider a strong adversary, refine the prior impractical assumptions, and apply simple but generalizable attack methods. The evaluation results on multiple datasets demonstrate the efficacy of CMI under identically independently distributed (i.i.d.) and non-i.i.d. settings. In terms of the defenses, although differetially private stochatic gradient descent (DP-SGD) is effective under the i.i.d. setting, it does not provide satisfactory protection under label-biased non-i.i.d. settings. Thus, we propose RR-Label, a modified random response algorithm, to defend against membership inference. Compared to DP-SGD and Random Response Top-k (RRTop-k), RR-Label enables a better trade-off between model utility and defensive performance under label-biased non-i.i.d. settings.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141706609","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3341427
Jiansong Zhang, Kejiang Chen, Weixiang Li, Weiming Zhang, Neng H. Yu
The development of generative AI applications has revolutionized the data environment for steganography, providing a new source of steganographic cover. However, existing generative data-based steganography methods typically require white-box access, rendering them unsuitable for black-box generative models. To overcome this limitation, we propose a novel steganography method for generated images, which leverages the volatility of generative models and is applicable in black-box scenarios. The volatility of generative models refers to the ability to generate a series of images with slight variations by fine-tuning the input parameters of the model. These generated images exhibit varying degrees of volatility in different areas. To resist steganalysis, we mask steganographic modifications by confusing them with the inherent volatility of the model. Specifically, by modeling distributions of generated pixels and estimating the parameters of the distributions, the occurrence probabilities of generated pixels can be obtained, which serve as an effective measure for steganographic modification probabilities to render stego images as indistinguishable as possible from the images producible by the model. Moreover, we further combine it with existing costs to develop a more comprehensive steganographic algorithm. Experimental results show that the proposed method significantly outperforms baseline and comparative methods in resisting both feature-based and CNN-based steganalyzers.
{"title":"Steganography With Generated Images: Leveraging Volatility to Enhance Security","authors":"Jiansong Zhang, Kejiang Chen, Weixiang Li, Weiming Zhang, Neng H. Yu","doi":"10.1109/TDSC.2023.3341427","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3341427","url":null,"abstract":"The development of generative AI applications has revolutionized the data environment for steganography, providing a new source of steganographic cover. However, existing generative data-based steganography methods typically require white-box access, rendering them unsuitable for black-box generative models. To overcome this limitation, we propose a novel steganography method for generated images, which leverages the volatility of generative models and is applicable in black-box scenarios. The volatility of generative models refers to the ability to generate a series of images with slight variations by fine-tuning the input parameters of the model. These generated images exhibit varying degrees of volatility in different areas. To resist steganalysis, we mask steganographic modifications by confusing them with the inherent volatility of the model. Specifically, by modeling distributions of generated pixels and estimating the parameters of the distributions, the occurrence probabilities of generated pixels can be obtained, which serve as an effective measure for steganographic modification probabilities to render stego images as indistinguishable as possible from the images producible by the model. Moreover, we further combine it with existing costs to develop a more comprehensive steganographic algorithm. Experimental results show that the proposed method significantly outperforms baseline and comparative methods in resisting both feature-based and CNN-based steganalyzers.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141706032","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3334475
Mingyang Song, Zhongyun Hua, Yifeng Zheng, Tao Xiang, Xiaohua Jia
In cloud storage systems, secure deduplication plays a critical role in saving storage costs for the cloud server and ensuring data confidentiality for cloud users. Traditional secure deduplication schemes require users to encrypt their outsourced files using specific encryption algorithms that cannot provide semantic security. However, users are unable to directly benefit from the storage savings, as the relation between the actual storage cost and the offered prices remains not transparent. As a result, users may be unwilling to cooperate with the cloud by encrypting their data using semantically secure algorithms. Moreover, data integrity is a significant concern for cloud storage users. To address these issues, this paper proposes a novel transparent and secure deduplication scheme that supports integrity auditing. Compared to previous works, our design can verify the number of file owners and the integrity through one-time proof verification. It also protects the private contents of files and the privacy of file ownership from malicious users. Moreover, our scheme includes a batch auditing method to simultaneously verify the numbers of file owners and the integrity of multiple files. Theoretical analysis confirms the correctness and security of our scheme. Comparison results demonstrate its competing performance over previous solutions.
{"title":"Enabling Transparent Deduplication and Auditing for Encrypted Data in Cloud","authors":"Mingyang Song, Zhongyun Hua, Yifeng Zheng, Tao Xiang, Xiaohua Jia","doi":"10.1109/TDSC.2023.3334475","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3334475","url":null,"abstract":"In cloud storage systems, secure deduplication plays a critical role in saving storage costs for the cloud server and ensuring data confidentiality for cloud users. Traditional secure deduplication schemes require users to encrypt their outsourced files using specific encryption algorithms that cannot provide semantic security. However, users are unable to directly benefit from the storage savings, as the relation between the actual storage cost and the offered prices remains not transparent. As a result, users may be unwilling to cooperate with the cloud by encrypting their data using semantically secure algorithms. Moreover, data integrity is a significant concern for cloud storage users. To address these issues, this paper proposes a novel transparent and secure deduplication scheme that supports integrity auditing. Compared to previous works, our design can verify the number of file owners and the integrity through one-time proof verification. It also protects the private contents of files and the privacy of file ownership from malicious users. Moreover, our scheme includes a batch auditing method to simultaneously verify the numbers of file owners and the integrity of multiple files. Theoretical analysis confirms the correctness and security of our scheme. Comparison results demonstrate its competing performance over previous solutions.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141703905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3345406
Mir Ali Rezazadeh Baee, L. Simpson, Xavier Boyen, Ernest Foo, Josef Pieprzyk
Wireless broadcast transmission technology enables vehicles to communicate with other nearby vehicles and with nearby fixed equipment. Vehicles and equipment within transmission range establish a self-organizing network called Vehicular Ad-hoc Network (VANET). The communication in VANETs is vulnerable to message manipulation attacks. Thus, mechanisms should be applied to ensure both the authenticity and integrity of the data broadcast. Any cryptographic technique employed for authentication requires the use of a cryptographic key, and mechanisms to restore the system quickly when either long-term and short-term cryptographic keying material are leaked or expired. Such mechanisms must be carefully designed to satisfy both perfect-forward-secrecy and security against known-key attacks. To achieve this, there should be no direct dependencies among keying material. Unfortunately, many existing proposals for authentication are not fully effective in VANETs, since many of them do not take a key-management mechanism into consideration or they fail to satisfy the requirements for secure key-update. In this paper, we first present a case study demonstrating that dependency among keying material is an exploitable vulnerability that violates perfect-forward-secrecy, and results in known-key attacks and message forgery attacks. Second, we propose a new cryptographic-key update protocol that consists of two sub-protocols: a long-term-key update protocol (for updating the long-term cryptographic keying material) and a short-term-key update protocol (for session-key establishment). Our scheme is accompanied by both security and efficiency analysis: we provide a formal security proof and demonstrate efficiency by conducting extensive performance analysis. This is compared with the security and efficiency of existing schemes in public literature.
{"title":"A Provably Secure and Efficient Cryptographic-Key Update Protocol for Connected Vehicles","authors":"Mir Ali Rezazadeh Baee, L. Simpson, Xavier Boyen, Ernest Foo, Josef Pieprzyk","doi":"10.1109/TDSC.2023.3345406","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3345406","url":null,"abstract":"Wireless broadcast transmission technology enables vehicles to communicate with other nearby vehicles and with nearby fixed equipment. Vehicles and equipment within transmission range establish a self-organizing network called Vehicular Ad-hoc Network (VANET). The communication in VANETs is vulnerable to message manipulation attacks. Thus, mechanisms should be applied to ensure both the authenticity and integrity of the data broadcast. Any cryptographic technique employed for authentication requires the use of a cryptographic key, and mechanisms to restore the system quickly when either long-term and short-term cryptographic keying material are leaked or expired. Such mechanisms must be carefully designed to satisfy both perfect-forward-secrecy and security against known-key attacks. To achieve this, there should be no direct dependencies among keying material. Unfortunately, many existing proposals for authentication are not fully effective in VANETs, since many of them do not take a key-management mechanism into consideration or they fail to satisfy the requirements for secure key-update. In this paper, we first present a case study demonstrating that dependency among keying material is an exploitable vulnerability that violates perfect-forward-secrecy, and results in known-key attacks and message forgery attacks. Second, we propose a new cryptographic-key update protocol that consists of two sub-protocols: a long-term-key update protocol (for updating the long-term cryptographic keying material) and a short-term-key update protocol (for session-key establishment). Our scheme is accompanied by both security and efficiency analysis: we provide a formal security proof and demonstrate efficiency by conducting extensive performance analysis. This is compared with the security and efficiency of existing schemes in public literature.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141705863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3335413
Ying Miao, Keke Gai, Liehuang Zhu, K. Choo, Jaideep Vaidya
Data deduplication and integrity auditing based blockchain plays an important role in guaranteeing secure and efficient cloud storage services. However, existing data deduplication schemes support auditing either with the assistance of a trust center (key server or third-party auditor) or bear the waste of computation and storage resources caused by repetitive authenticators storage and key storage. In this paper, we propose a blockchain-based shared data integrity auditing and deduplication scheme. Specifically, we propose a deduplication protocol based on ID-based broadcast encryption without key servers and achieve key deduplication on the user side. Next, we propose a data integrity auditing protocol by using the characteristic of convergent encryption to achieve authenticator deduplication on the cloud service provider side. Besides, we achieve decentralized data integrity auditing based blockchain without relying on a single trusted third-party auditor and improve the credibility of the auditing result. On this basis, we propose two bath auditing protocols for different scenarios to improve efficiency. Security and performance analysis demonstrates that the authenticators’ storage cost on the cloud storage provider side can be reduced from ${mathcal {O}}({mathcal {F}})$O(F) to ${mathcal {O}}(1)$O(1) and the key storage cost on the user side can be reduced from ${mathcal {O}}({mathcal {F}})$O(F) to ${mathcal {O}}(1)$O(1) as well.
{"title":"Blockchain-Based Shared Data Integrity Auditing and Deduplication","authors":"Ying Miao, Keke Gai, Liehuang Zhu, K. Choo, Jaideep Vaidya","doi":"10.1109/TDSC.2023.3335413","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3335413","url":null,"abstract":"Data deduplication and integrity auditing based blockchain plays an important role in guaranteeing secure and efficient cloud storage services. However, existing data deduplication schemes support auditing either with the assistance of a trust center (key server or third-party auditor) or bear the waste of computation and storage resources caused by repetitive authenticators storage and key storage. In this paper, we propose a blockchain-based shared data integrity auditing and deduplication scheme. Specifically, we propose a deduplication protocol based on ID-based broadcast encryption without key servers and achieve key deduplication on the user side. Next, we propose a data integrity auditing protocol by using the characteristic of convergent encryption to achieve authenticator deduplication on the cloud service provider side. Besides, we achieve decentralized data integrity auditing based blockchain without relying on a single trusted third-party auditor and improve the credibility of the auditing result. On this basis, we propose two bath auditing protocols for different scenarios to improve efficiency. Security and performance analysis demonstrates that the authenticators’ storage cost on the cloud storage provider side can be reduced from <inline-formula><tex-math notation=\"LaTeX\">${mathcal {O}}({mathcal {F}})$</tex-math><alternatives><mml:math><mml:mrow><mml:mi mathvariant=\"script\">O</mml:mi><mml:mo>(</mml:mo><mml:mi mathvariant=\"script\">F</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"gai-ieq1-3335413.gif\"/></alternatives></inline-formula> to <inline-formula><tex-math notation=\"LaTeX\">${mathcal {O}}(1)$</tex-math><alternatives><mml:math><mml:mrow><mml:mi mathvariant=\"script\">O</mml:mi><mml:mo>(</mml:mo><mml:mn>1</mml:mn><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"gai-ieq2-3335413.gif\"/></alternatives></inline-formula> and the key storage cost on the user side can be reduced from <inline-formula><tex-math notation=\"LaTeX\">${mathcal {O}}({mathcal {F}})$</tex-math><alternatives><mml:math><mml:mrow><mml:mi mathvariant=\"script\">O</mml:mi><mml:mo>(</mml:mo><mml:mi mathvariant=\"script\">F</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"gai-ieq3-3335413.gif\"/></alternatives></inline-formula> to <inline-formula><tex-math notation=\"LaTeX\">${mathcal {O}}(1)$</tex-math><alternatives><mml:math><mml:mrow><mml:mi mathvariant=\"script\">O</mml:mi><mml:mo>(</mml:mo><mml:mn>1</mml:mn><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"gai-ieq4-3335413.gif\"/></alternatives></inline-formula> as well.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141711160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3347001
Ning Lu, Mingxi Liu, Wenbo Shi, Ximeng Liu, Kim-Kwang Raymond Choo
Cloud auditing allows users to leverage digital signature evidences to undertake remote data verification and consequently determine the integrity of their data stored in the cloud. While there are many cloud auditing schemes proposed for cloud services, deployments on large scale smart grid (SG) are known to be challenging in practice, for example in terms of inefficiency and lack of robustness. In this article, we propose an efficient and robust cloud auditing scheme for SG (hereafter referred to as SG-Audit). Specifically, we utilize mobile edge computing (served as proxy signer) to offload the signature computation loads incurred by smart meters (SMs), as well as devising an efficient proxy signer recommendation strategy to ensure each SM obtains high quality service, a scalable index structure to reduce the signature evidence access time during data verification, and a deduplication and sampling based challenge data index generation strategy to narrow down the verification scope. Moreover, we also define three strategic threat scenarios supported by SG-Audit, and further devise a secure cloud auditing protocol to improve robustness. Through rigorous mathematical analysis and extensive experiments, we demonstrate that SG-Audit achieves increased auditing efficiency (by about 42% on average) in comparison to prior work.
{"title":"SG-Audit: An Efficient and Robust Cloud Auditing Scheme for Smart Grid","authors":"Ning Lu, Mingxi Liu, Wenbo Shi, Ximeng Liu, Kim-Kwang Raymond Choo","doi":"10.1109/TDSC.2023.3347001","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3347001","url":null,"abstract":"Cloud auditing allows users to leverage digital signature evidences to undertake remote data verification and consequently determine the integrity of their data stored in the cloud. While there are many cloud auditing schemes proposed for cloud services, deployments on large scale smart grid (SG) are known to be challenging in practice, for example in terms of inefficiency and lack of robustness. In this article, we propose an efficient and robust cloud auditing scheme for SG (hereafter referred to as SG-Audit). Specifically, we utilize mobile edge computing (served as proxy signer) to offload the signature computation loads incurred by smart meters (SMs), as well as devising an efficient proxy signer recommendation strategy to ensure each SM obtains high quality service, a scalable index structure to reduce the signature evidence access time during data verification, and a deduplication and sampling based challenge data index generation strategy to narrow down the verification scope. Moreover, we also define three strategic threat scenarios supported by SG-Audit, and further devise a secure cloud auditing protocol to improve robustness. Through rigorous mathematical analysis and extensive experiments, we demonstrate that SG-Audit achieves increased auditing efficiency (by about 42% on average) in comparison to prior work.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141704517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3335368
Yadong Xie, Fan Li, Yue Wu, Yu Wang
With the rapid development of mobile devices and the fast increase of sensitive data, secure and convenient mobile authentication technologies are desired. Except for traditional passwords, many mobile devices have biometric-based authentication methods (e.g., fingerprint, voiceprint, and face recognition), but they are vulnerable to spoofing attacks. To solve this problem, we study new biometric features which are based on the dental occlusion and find that the bone-conducted sound of dental occlusion collected in binaural canals contains unique features of individual bones and teeth. Motivated by this, we propose a novel authentication system, TeethPass$^+$+, which uses earbuds to collect occlusal sounds in binaural canals to achieve authentication. First, we design an event detection method based on spectrum variance to detect bone-conducted sounds. Then, we analyze the time-frequency domain of the sounds to filter out motion noises and extract unique features of users from four aspects: teeth structure, bone structure, occlusal location, and occlusal sound. Finally, we train a Triplet network to construct the user template, which is used to complete authentication. Through extensive experiments including 53 volunteers, the performance of TeethPass$^+$+ in different environments is verified. TeethPass$^+$+ achieves an accuracy of 98.6% and resists 99.7% of spoofing attacks.
{"title":"User Authentication on Earable Devices via Bone-Conducted Occlusion Sounds","authors":"Yadong Xie, Fan Li, Yue Wu, Yu Wang","doi":"10.1109/TDSC.2023.3335368","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3335368","url":null,"abstract":"With the rapid development of mobile devices and the fast increase of sensitive data, secure and convenient mobile authentication technologies are desired. Except for traditional passwords, many mobile devices have biometric-based authentication methods (e.g., fingerprint, voiceprint, and face recognition), but they are vulnerable to spoofing attacks. To solve this problem, we study new biometric features which are based on the dental occlusion and find that the bone-conducted sound of dental occlusion collected in binaural canals contains unique features of individual bones and teeth. Motivated by this, we propose a novel authentication system, TeethPass<inline-formula><tex-math notation=\"LaTeX\">$^+$</tex-math><alternatives><mml:math><mml:msup><mml:mrow/><mml:mo>+</mml:mo></mml:msup></mml:math><inline-graphic xlink:href=\"li-ieq1-3335368.gif\"/></alternatives></inline-formula>, which uses earbuds to collect occlusal sounds in binaural canals to achieve authentication. First, we design an event detection method based on spectrum variance to detect bone-conducted sounds. Then, we analyze the time-frequency domain of the sounds to filter out motion noises and extract unique features of users from four aspects: teeth structure, bone structure, occlusal location, and occlusal sound. Finally, we train a Triplet network to construct the user template, which is used to complete authentication. Through extensive experiments including 53 volunteers, the performance of TeethPass<inline-formula><tex-math notation=\"LaTeX\">$^+$</tex-math><alternatives><mml:math><mml:msup><mml:mrow/><mml:mo>+</mml:mo></mml:msup></mml:math><inline-graphic xlink:href=\"li-ieq2-3335368.gif\"/></alternatives></inline-formula> in different environments is verified. TeethPass<inline-formula><tex-math notation=\"LaTeX\">$^+$</tex-math><alternatives><mml:math><mml:msup><mml:mrow/><mml:mo>+</mml:mo></mml:msup></mml:math><inline-graphic xlink:href=\"li-ieq3-3335368.gif\"/></alternatives></inline-formula> achieves an accuracy of 98.6% and resists 99.7% of spoofing attacks.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141693470","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}