IEEE Transactions on Dependable and Secure Computing最新文献_第10页

VOSA: Verifiable and Oblivious Secure Aggregation for Privacy-Preserving Federated Learning VOSA:用于保护隐私的联合学习的可验证和不可忽略的安全聚合

IF 7.3 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing

Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3226508

Yong Wang, Aiqing Zhang, Shu-Lin Wu, Shui Yu

Federated learning has emerged as a promising paradigm by collaboratively training a global model through sharing local gradients without exposing raw data. However, the shared gradients pose a threat to privacy leakage of local data. The central server may forge the aggregated results. Besides, it is common that resource-constrained devices drop out in federated learning. To solve these problems, the existing solutions consider either only efficiency, or privacy preservation. It is still a challenge to design a verifiable and lightweight secure aggregation with drop-out resilience for large-scale federated learning. In this article, we propose VOSA, an efficient verifiable and oblivious secure aggregation protocol for privacy-preserving federated learning. We exploit aggregator oblivious encryption to efficiently mask users’ local gradients. The central server performs aggregation on the obscured gradients without revealing the privacy of local data. Meanwhile, each user can efficiently verify the correctness of the aggregated results. Moreover, VOSA adopts a dynamic group management mechanism to tolerate users’ dropping out with no impact on their participation in future learning process. Security analysis shows that the VOSA can guarantee the security requirements of privacy-preserving federated learning. The extensive experimental evaluations conducted on real-world datasets demonstrate the practical performance of the proposed VOSA with high efficiency.

联合学习已经成为一种很有前途的范式，它通过共享局部梯度而不暴露原始数据来协同训练全局模型。然而，共享梯度对本地数据的隐私泄露构成威胁。中央服务器可以伪造聚合结果。此外，在联合学习中，资源受限的设备退出是很常见的。为了解决这些问题，现有的解决方案要么只考虑效率，要么考虑隐私保护。为大规模联合学习设计一个具有退出弹性的可验证和轻量级安全聚合仍然是一个挑战。在本文中，我们提出了VOSA，这是一种用于保护隐私的联邦学习的有效的可验证和遗忘的安全聚合协议。我们利用聚合器遗忘加密来有效地屏蔽用户的局部梯度。中央服务器在不暴露本地数据隐私的情况下对模糊的梯度执行聚合。同时，每个用户都可以有效地验证聚合结果的正确性。此外，VOSA采用了动态的小组管理机制来容忍用户退出，而不会影响他们对未来学习过程的参与。安全性分析表明，VOSA可以保证保护隐私的联邦学习的安全性要求。在真实世界数据集上进行的大量实验评估证明了所提出的VOSA的高效实用性能。

{"title":"VOSA: Verifiable and Oblivious Secure Aggregation for Privacy-Preserving Federated Learning","authors":"Yong Wang, Aiqing Zhang, Shu-Lin Wu, Shui Yu","doi":"10.1109/TDSC.2022.3226508","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3226508","url":null,"abstract":"Federated learning has emerged as a promising paradigm by collaboratively training a global model through sharing local gradients without exposing raw data. However, the shared gradients pose a threat to privacy leakage of local data. The central server may forge the aggregated results. Besides, it is common that resource-constrained devices drop out in federated learning. To solve these problems, the existing solutions consider either only efficiency, or privacy preservation. It is still a challenge to design a verifiable and lightweight secure aggregation with drop-out resilience for large-scale federated learning. In this article, we propose VOSA, an efficient verifiable and oblivious secure aggregation protocol for privacy-preserving federated learning. We exploit aggregator oblivious encryption to efficiently mask users’ local gradients. The central server performs aggregation on the obscured gradients without revealing the privacy of local data. Meanwhile, each user can efficiently verify the correctness of the aggregated results. Moreover, VOSA adopts a dynamic group management mechanism to tolerate users’ dropping out with no impact on their participation in future learning process. Security analysis shows that the VOSA can guarantee the security requirements of privacy-preserving federated learning. The extensive experimental evaluations conducted on real-world datasets demonstrate the practical performance of the proposed VOSA with high efficiency.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3601-3616"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48306047","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 4

Smaug: A TEE-Assisted Secured SQLite for Embedded Systems Smaug:用于嵌入式系统的tee辅助安全SQLite

IF 7.3 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing

Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3216020

D. Lu, Minqiang Shi, Xindi Ma, Ximeng Liu, Rui-Gang Guo, Tianfang Zheng, Yulong Shen, Xuewen Dong, Jianfeng Ma

As one of the most popular relational databases for embedded devices, SQLite is lightweight to be embedded into applications without installing a specific database management system. However, simplicity and easy-to-use are double-edged swords; while bringing convenience, they also make data processing and storage risky. For example, an attacker can obtain data from a database file or memory and tamper with it once he has gained higher privileges, threatening the database's confidentiality and integrity. To address such security issues, based on a trusted execution environment (TEE) and a trusted platform module (TPM), we have proposed Smaug, a general secure scheme to ensure the confidentiality and integrity of SQLite and similar databases. With Smaug, all the critical data is stored in ciphertext, and data integrity protection is also provided. Besides, with TEE, all the sensitive operations are isolated from the untrusted environment, which can effectively resist attacks against memory. In addition, we use TPM to provide a solid root-of-trust (RoT) for the system. Finally, we have implemented a prototype system, and the performance evaluations have clarified the dominant factors that affect the system availability, providing a reference to the design and implementation of similar systems.

作为嵌入式设备中最流行的关系数据库之一，SQLite是轻量级的，可以嵌入到应用程序中，而无需安装特定的数据库管理系统。然而，简单和易用是一把双刃剑;在带来便利的同时，它们也增加了数据处理和存储的风险。例如，攻击者可以从数据库文件或内存中获取数据，并在获得更高权限后对其进行篡改，从而威胁到数据库的机密性和完整性。为了解决这些安全问题，我们基于可信执行环境(TEE)和可信平台模块(TPM)，提出了Smaug，一个通用的安全方案，以确保SQLite和类似数据库的保密性和完整性。使用Smaug，所有关键数据都存储在密文中，并且还提供数据完整性保护。此外，TEE将所有敏感操作与不可信环境隔离开来，可以有效抵御内存攻击。此外，我们使用TPM为系统提供可靠的信任根(RoT)。最后，我们实现了一个原型系统，性能评估明确了影响系统可用性的主要因素，为类似系统的设计和实现提供了参考。

{"title":"Smaug: A TEE-Assisted Secured SQLite for Embedded Systems","authors":"D. Lu, Minqiang Shi, Xindi Ma, Ximeng Liu, Rui-Gang Guo, Tianfang Zheng, Yulong Shen, Xuewen Dong, Jianfeng Ma","doi":"10.1109/TDSC.2022.3216020","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3216020","url":null,"abstract":"As one of the most popular relational databases for embedded devices, SQLite is lightweight to be embedded into applications without installing a specific database management system. However, simplicity and easy-to-use are double-edged swords; while bringing convenience, they also make data processing and storage risky. For example, an attacker can obtain data from a database file or memory and tamper with it once he has gained higher privileges, threatening the database's confidentiality and integrity. To address such security issues, based on a trusted execution environment (TEE) and a trusted platform module (TPM), we have proposed Smaug, a general secure scheme to ensure the confidentiality and integrity of SQLite and similar databases. With Smaug, all the critical data is stored in ciphertext, and data integrity protection is also provided. Besides, with TEE, all the sensitive operations are isolated from the untrusted environment, which can effectively resist attacks against memory. In addition, we use TPM to provide a solid root-of-trust (RoT) for the system. Finally, we have implemented a prototype system, and the performance evaluations have clarified the dominant factors that affect the system availability, providing a reference to the design and implementation of similar systems.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3617-3635"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47909093","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Crystal: Enhancing Blockchain Mining Transparency With Quorum Certificate Crystal：通过法定人数证书提高区块链挖矿透明度

IF 7.3 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing

Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3216749

Jianyu Niu, Fangyu Gai, Runchao Han, Ren Zhang, Yinqian Zhang, Chen Feng

Researchers have discovered a series of theoretical attacks against Bitcoin's Nakamoto consensus; the most damaging ones are selfish mining, double-spending, and consistency delay attacks. These attacks have one common cause: block withholding. This paper proposes Crystal, which leverages quorum certificates to resist block withholding misbehavior. Crystal continuously elects committees from miners and requires each block to have a quorum certificate, i.e., a set of signatures issued by members of its committee. Consequently, an attacker has to publish its blocks to obtain quorum certificates, rendering block withholding impossible. To build Crystal, we design a novel two-round committee election in a Sybil-resistant, unpredictable and non-interactive way, and a reward mechanism to incentivize miners to follow the protocol. Our analysis and evaluations show that Crystal can significantly mitigate selfish mining and double-spending attacks. For example, in Bitcoin, an attacker with 30% of the total computation power will succeed in double-spending attacks with a probability of 15.6% to break the 6-confirmation rule; however, in Crystal, the success probability for the same attacker falls to 0.62%. We provide formal end-to-end safety proofs for Crystal, ensuring no unknown attacks will be introduced. To the best of our knowledge, Crystal is the first protocol that prevents selfish mining and double-spending attacks while providing safety proof.

研究人员发现了一系列针对比特币中本共识的理论攻击;最具破坏性的攻击是自私挖掘、双重支出和一致性延迟攻击。这些攻击有一个共同的原因:阻挡。本文提出了Crystal，它利用仲裁证书来抵制区块扣留不当行为。Crystal不断从矿工中选出委员会，并要求每个区块都有法定人数证书，即由委员会成员签发的一组签名。因此，攻击者必须发布其区块以获得仲裁证书，从而使区块保留成为不可能。为了构建Crystal，我们设计了一种新颖的两轮委员会选举，以抗sybil、不可预测和非互动的方式进行，并设计了奖励机制来激励矿工遵守协议。我们的分析和评估表明，Crystal可以显著减轻自私挖矿和双重支出攻击。例如，在比特币中，拥有总算力30%的攻击者将以15.6%的概率成功进行双花攻击，从而打破6确认规则;然而，在Crystal中，同一攻击者的成功概率下降到0.62%。我们为Crystal提供正式的端到端安全证明，确保不会引入未知攻击。据我们所知，Crystal是第一个在提供安全证明的同时防止自私挖矿和双重支出攻击的协议。

{"title":"Crystal: Enhancing Blockchain Mining Transparency With Quorum Certificate","authors":"Jianyu Niu, Fangyu Gai, Runchao Han, Ren Zhang, Yinqian Zhang, Chen Feng","doi":"10.1109/TDSC.2022.3216749","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3216749","url":null,"abstract":"Researchers have discovered a series of theoretical attacks against Bitcoin's Nakamoto consensus; the most damaging ones are selfish mining, double-spending, and consistency delay attacks. These attacks have one common cause: block withholding. This paper proposes Crystal, which leverages quorum certificates to resist block withholding misbehavior. Crystal continuously elects committees from miners and requires each block to have a quorum certificate, i.e., a set of signatures issued by members of its committee. Consequently, an attacker has to publish its blocks to obtain quorum certificates, rendering block withholding impossible. To build Crystal, we design a novel two-round committee election in a Sybil-resistant, unpredictable and non-interactive way, and a reward mechanism to incentivize miners to follow the protocol. Our analysis and evaluations show that Crystal can significantly mitigate selfish mining and double-spending attacks. For example, in Bitcoin, an attacker with 30% of the total computation power will succeed in double-spending attacks with a probability of 15.6% to break the 6-confirmation rule; however, in Crystal, the success probability for the same attacker falls to 0.62%. We provide formal end-to-end safety proofs for Crystal, ensuring no unknown attacks will be introduced. To the best of our knowledge, Crystal is the first protocol that prevents selfish mining and double-spending attacks while providing safety proof.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4154-4168"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46429936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Efficient Verifiable Unbounded-Size Database From Authenticated Matrix Commitment 基于认证矩阵承诺的高效可验证无界大小数据库

IF 7.3 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing

Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3225283

Haining Yang, D. Feng, Jing Qin

Verifiable database with update (VDB) enables the client to store a large dataset in the outsourced database, and then efficiently query and update the data with a new value. It is attractive for the merits of checking the validity of the queried data and detecting the malicious actions of tampering with the outsourced database concurrently. However, the database in the context of VDB is merely suitable to store a fixed-size dataset. Hence, VDB is inapplicable to the unbounded-size database that provides the capability to store and manage the arbitrary-size datasets in the incremental manners. To circumvent the weaknesses, we research on the verifiable unbounded-size database with update (VUSDB). The VUSDB is sufficient for multiple clients to store their own arbitrary-size datasets in the database that has already contained some datasets. In order to design a VUSDB scheme, we first put forward a primitive called authenticated matrix commitment and give a scheme. This primitive is qualified to commit to a collection of ordered data represented in the form of matrix, and assure the ownership of the opened data. Then we utilize the authenticated matrix commitment scheme to construct a VUSDB scheme. The performance evaluation shows that the proposed schemes are efficient and practical.

VDB (Verifiable database with update)使客户能够将大型数据集存储在外包数据库中，然后使用新值高效地查询和更新数据。它具有检查所查询数据的有效性和同时检测篡改外包数据库的恶意行为的优点。但是，VDB上下文中的数据库仅适合存储固定大小的数据集。因此，VDB不适用于无限制大小的数据库，这种数据库提供了以增量方式存储和管理任意大小数据集的能力。为了克服这些缺点，我们研究了可验证的无边界大小数据库(VUSDB)。VUSDB足以让多个客户机在已经包含一些数据集的数据库中存储自己的任意大小的数据集。为了设计一个VUSDB方案，我们首先提出了一个称为认证矩阵承诺的原语，并给出了一个方案。这个原语有资格提交以矩阵形式表示的有序数据集合，并确保开放数据的所有权。然后利用认证矩阵承诺方案构造了一个VUSDB方案。性能评价表明，所提出的方案是有效和实用的。

{"title":"Efficient Verifiable Unbounded-Size Database From Authenticated Matrix Commitment","authors":"Haining Yang, D. Feng, Jing Qin","doi":"10.1109/TDSC.2022.3225283","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3225283","url":null,"abstract":"Verifiable database with update (VDB) enables the client to store a large dataset in the outsourced database, and then efficiently query and update the data with a new value. It is attractive for the merits of checking the validity of the queried data and detecting the malicious actions of tampering with the outsourced database concurrently. However, the database in the context of VDB is merely suitable to store a fixed-size dataset. Hence, VDB is inapplicable to the unbounded-size database that provides the capability to store and manage the arbitrary-size datasets in the incremental manners. To circumvent the weaknesses, we research on the verifiable unbounded-size database with update (VUSDB). The VUSDB is sufficient for multiple clients to store their own arbitrary-size datasets in the database that has already contained some datasets. In order to design a VUSDB scheme, we first put forward a primitive called authenticated matrix commitment and give a scheme. This primitive is qualified to commit to a collection of ordered data represented in the form of matrix, and assure the ownership of the opened data. Then we utilize the authenticated matrix commitment scheme to construct a VUSDB scheme. The performance evaluation shows that the proposed schemes are efficient and practical.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3873-3889"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45063104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Fair Cloud Auditing Based on Blockchain for Resource-Constrained IoT Devices 基于区块链的资源受限物联网设备公平云审计

IF 7.3 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing

Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3207384

Lei Zhou, Anmin Fu, Guomin Yang, Yansong Gao, Shui Yu, R. Deng

Internet of Things (IoT) devices upload their data into the cloud for storage because of their limited resources. However, cloud storage data has been subject to potential integrity threats, and consequently auditing techniques are demanded to ensure the integrity of stored data. Unfortunately, existing auditing approaches require owners to undertake expensive tag calculations, which is unsuitable for resource-constrained IoT devices. To resolve the issue, we present a Fair Cloud Auditing proposal by employing the Blockchain (FCAB). We combine certificateless signatures with the designed dynamic structure to constructively offload the cost of tag computation from the IoT device to the introduced fog node, significantly reducing the local burden. Considering that fog nodes may behave dishonestly during auditing, FCAB enables the IoT device to verify the audit result's authenticity by extracting reliable checking records from the blockchain, thereby achieving auditing fairness, which ensures that the honest cloud and fog node will gain the corresponding reward. Finally, FCAB is proved to satisfy tag unforgeability, proof unforgeability, privacy preserving, and auditing fairness. Experiment evaluations affirm that FCAB is computationally and communicationally efficient and retains a smaller and fixed computation locally at the data processing stage (mainly including tag computation) than existing auditing methods.

由于资源有限，物联网(IoT)设备将其数据上传到云端进行存储。然而，云存储数据一直受到潜在的完整性威胁，因此需要审计技术来确保存储数据的完整性。不幸的是，现有的审计方法需要所有者进行昂贵的标签计算，这不适合资源受限的物联网设备。为了解决这个问题，我们提出了一个采用区块链(FCAB)的公平云审计提案。我们将无证书签名与设计的动态结构相结合，建设性地将标签计算成本从物联网设备转移到引入的雾节点，显著降低了本地负担。考虑到雾节点在审计过程中可能存在不诚实行为，FCAB通过从区块链中提取可靠的检查记录，使物联网设备能够验证审计结果的真实性，从而实现审计公平性，从而保证诚实的云雾节点获得相应的奖励。最后，证明了FCAB满足标签不可伪造性、证明不可伪造性、隐私保护性和审计公平性。实验评价证实，与现有审计方法相比，FCAB具有计算和通信效率，并且在数据处理阶段(主要包括标签计算)保留了更小且固定的局部计算。

{"title":"Fair Cloud Auditing Based on Blockchain for Resource-Constrained IoT Devices","authors":"Lei Zhou, Anmin Fu, Guomin Yang, Yansong Gao, Shui Yu, R. Deng","doi":"10.1109/TDSC.2022.3207384","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3207384","url":null,"abstract":"Internet of Things (IoT) devices upload their data into the cloud for storage because of their limited resources. However, cloud storage data has been subject to potential integrity threats, and consequently auditing techniques are demanded to ensure the integrity of stored data. Unfortunately, existing auditing approaches require owners to undertake expensive tag calculations, which is unsuitable for resource-constrained IoT devices. To resolve the issue, we present a Fair Cloud Auditing proposal by employing the Blockchain (FCAB). We combine certificateless signatures with the designed dynamic structure to constructively offload the cost of tag computation from the IoT device to the introduced fog node, significantly reducing the local burden. Considering that fog nodes may behave dishonestly during auditing, FCAB enables the IoT device to verify the audit result's authenticity by extracting reliable checking records from the blockchain, thereby achieving auditing fairness, which ensures that the honest cloud and fog node will gain the corresponding reward. Finally, FCAB is proved to satisfy tag unforgeability, proof unforgeability, privacy preserving, and auditing fairness. Experiment evaluations affirm that FCAB is computationally and communicationally efficient and retains a smaller and fixed computation locally at the data processing stage (mainly including tag computation) than existing auditing methods.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4325-4342"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45878550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

ESMAC: Efficient and Secure Multi-Owner Access Control With TEE in Multi-Level Data Processing ESMAC:有效和安全的多所有者访问控制与多层次的数据处理TEE

IF 7.3 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing

Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3215977

Daniel Liu, Zheng Yan, Wenxiu Ding, Yuxuan Cai, Yaxing Chen, Zhiguo Wan

Traditional data access control schemes only prevent unauthorized access to private data with a single owner. They are not suitable for application in a Multi-Level Data Processing (MLDP) scenario, where data are processed by a series of parties who also insert new data. Hence, the accumulated dataset should be protected through access control handled by hierarchically-structured parties who are at least partial data owners in MLDP. Existing multi-owner access control schemes mainly focus on controlling access to co-owned data of multiple entities with the equal ownership, but seldom investigates how to apply access control in MLDP. In this paper, we base the off-the-shelf Trusted Execution Environment (TEE), Intel SGX, to propose an Efficient and Secure Multi-owner Access Control scheme (ESMAC) for access authorization in MLDP. Moreover, to prevent unauthorized data disclosure by non-root data owners aiming to gain extra profits, we further introduce undercover polices to supervise their behaviors. Specifically, we design a data protection scheme based on game theory to decide the payoffs and punishments of honest and dishonest data owners, which motivates data owners to behave honestly when claiming ownership over data. Through comprehensive security analysis and performance evaluation, we demonstrate ESMAC's security and effectiveness.

传统的数据访问控制方案只能防止单个所有者对私有数据的未经授权的访问。它们不适合应用于多层数据处理（MLDP）场景，在该场景中，数据由一系列插入新数据的各方处理。因此，累积的数据集应该通过分层结构的各方处理的访问控制来保护，这些各方至少是MLDP中的部分数据所有者。现有的多所有者访问控制方案主要集中在控制具有同等所有权的多个实体对共有数据的访问，但很少研究如何在MLDP中应用访问控制。在本文中，我们基于现成的可信执行环境（TEE）Intel SGX，提出了一种高效安全的多所有者访问控制方案（ESMAC），用于MLDP中的访问授权。此外，为了防止非根数据所有者以获取额外利润为目的的未经授权的数据披露，我们进一步引入了卧底政策来监督他们的行为。具体来说，我们设计了一个基于博弈论的数据保护方案来决定诚实和不诚实数据所有者的报酬和惩罚，这激励数据所有者在声称对数据拥有所有权时诚实行事。通过全面的安全分析和性能评估，我们展示了ESMAC的安全性和有效性。

{"title":"ESMAC: Efficient and Secure Multi-Owner Access Control With TEE in Multi-Level Data Processing","authors":"Daniel Liu, Zheng Yan, Wenxiu Ding, Yuxuan Cai, Yaxing Chen, Zhiguo Wan","doi":"10.1109/TDSC.2022.3215977","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3215977","url":null,"abstract":"Traditional data access control schemes only prevent unauthorized access to private data with a single owner. They are not suitable for application in a Multi-Level Data Processing (MLDP) scenario, where data are processed by a series of parties who also insert new data. Hence, the accumulated dataset should be protected through access control handled by hierarchically-structured parties who are at least partial data owners in MLDP. Existing multi-owner access control schemes mainly focus on controlling access to co-owned data of multiple entities with the equal ownership, but seldom investigates how to apply access control in MLDP. In this paper, we base the off-the-shelf Trusted Execution Environment (TEE), Intel SGX, to propose an Efficient and Secure Multi-owner Access Control scheme (ESMAC) for access authorization in MLDP. Moreover, to prevent unauthorized data disclosure by non-root data owners aiming to gain extra profits, we further introduce undercover polices to supervise their behaviors. Specifically, we design a data protection scheme based on game theory to decide the payoffs and punishments of honest and dishonest data owners, which motivates data owners to behave honestly when claiming ownership over data. Through comprehensive security analysis and performance evaluation, we demonstrate ESMAC's security and effectiveness.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4052-4069"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42221405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Spotting Anomalies at the Edge: Outlier Exposure-Based Cross-Silo Federated Learning for DDoS Detection 发现边缘异常:基于离群暴露的跨孤岛联合学习DDoS检测

IF 7.3 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing

Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3224896

V. Pourahmadi, H. Alameddine, M. A. Salahuddin, R. Boutaba

Distributed Denial-of-Service (DDoS) attacks are expected to continue plaguing service availability in emerging networks which rely on distributed edge clouds to offer critical, latency-sensitive applications. However, edge servers increase the network attack surface, which is exacerbated with the massive number of connected Internet of Things (IoT) devices that can be weaponized to launch DDoS attacks. Therefore, it is crucial to detect DDoS attacks early, i.e., at the network edge. In this paper, we empower the network edge with intelligent DDoS detection by learning from similarities between different data and DDoS attacks available across the edge servers. To this end, we develop a novel Outlier Exposure (OE)-enabled cross-silo Federated Learning framework, namely FedOE. FedOE enables distributed training of OE-based ML models using a limited number of labeled outliers (i.e., attack flows) experienced at edge servers. We propose a novel OE-based Autoencoder (oAE) that can better discriminate anomalies in comparison to the widely adopted traditional Autoencoder, using a tailored, OE-based loss function. We evaluate oAE in FedOE and demonstrate its ability to generalize to zero-day attacks, with just 50 labeled attack flows per edge server. The results show that oAE achieves a high F1-score for most DDoS attacks, outclassing its non-OE counterpart.

分布式拒绝服务（DDoS）攻击预计将继续困扰新兴网络中的服务可用性，这些网络依赖分布式边缘云来提供关键的、延迟敏感的应用程序。然而，边缘服务器增加了网络攻击面，大量连接的物联网（IoT）设备可以被武器化以发起DDoS攻击，这加剧了网络攻击。因此，尽早发现DDoS攻击至关重要，即在网络边缘。在本文中，我们通过学习不同数据之间的相似性和边缘服务器上可用的DDoS攻击，为网络边缘提供智能DDoS检测。为此，我们开发了一个新的支持异常值暴露（OE）的跨竖井联合学习框架，即FedOE。FedOE允许使用边缘服务器上经历的有限数量的标记异常值（即攻击流）对基于OE的ML模型进行分布式训练。我们提出了一种新的基于OE的自动编码器（oAE），与广泛采用的传统自动编码器相比，它可以使用定制的、基于OE的损失函数更好地识别异常。我们在FedOE中评估了oAE，并展示了其推广到零日攻击的能力，每个边缘服务器只有50个标记的攻击流。结果表明，oAE在大多数DDoS攻击中都获得了较高的F1分数，超过了非OE攻击。

{"title":"Spotting Anomalies at the Edge: Outlier Exposure-Based Cross-Silo Federated Learning for DDoS Detection","authors":"V. Pourahmadi, H. Alameddine, M. A. Salahuddin, R. Boutaba","doi":"10.1109/TDSC.2022.3224896","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3224896","url":null,"abstract":"Distributed Denial-of-Service (DDoS) attacks are expected to continue plaguing service availability in emerging networks which rely on distributed edge clouds to offer critical, latency-sensitive applications. However, edge servers increase the network attack surface, which is exacerbated with the massive number of connected Internet of Things (IoT) devices that can be weaponized to launch DDoS attacks. Therefore, it is crucial to detect DDoS attacks early, i.e., at the network edge. In this paper, we empower the network edge with intelligent DDoS detection by learning from similarities between different data and DDoS attacks available across the edge servers. To this end, we develop a novel Outlier Exposure (OE)-enabled cross-silo Federated Learning framework, namely FedOE. FedOE enables distributed training of OE-based ML models using a limited number of labeled outliers (i.e., attack flows) experienced at edge servers. We propose a novel OE-based Autoencoder (oAE) that can better discriminate anomalies in comparison to the widely adopted traditional Autoencoder, using a tailored, OE-based loss function. We evaluate oAE in FedOE and demonstrate its ability to generalize to zero-day attacks, with just 50 labeled attack flows per edge server. The results show that oAE achieves a high F1-score for most DDoS attacks, outclassing its non-OE counterpart.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4002-4015"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41682319","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 5

ZeroProKeS: A Secure Zeroconf Key Establishment Protocol for Large-Scale Low-Cost Applications ZeroProKeS:用于大规模低成本应用的安全零配置密钥建立协议

IF 7.3 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing

Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3207927

S. K. Sakib, G. Amariucai, Yong Guan

Traditional approaches to authenticated key establishment include the use of PKI or trusted third parties. While certificate deployment is sub-optimal for large-scale, low-cost applications, the use of trusted third parties is subject to human error and leaked credentials. For this context, co-location can be a valuable resource, and it is often exploited through common randomness harvesting techniques, but these, in turn, suffer from low achievable rates and usually from restrictive assumptions about the environment. Recent techniques for exploiting co-location are based on the notion of quality time and rely on sophisticated throttled clue-issuing mechanisms that allow a device with enough time to spend in the vicinity of the transmitter to find a secret key by collecting enough consecutive clues. By contrast, attackers are afforded only limited time to listen to, or interact with, the clue transmitter. Previous work in this direction deals solely with passive attackers and uses high-overhead information throttling mechanisms. This paper introduces the active attacker model for the quality-time paradigm and proposes a simple solution, a Zeroconf Key Establishment Protocol (ZeroProKeS). Additionally, the paper shows how to efficiently expand the proposed protocol to adhere to any customized information transfer function between legitimate users.

建立身份验证密钥的传统方法包括使用PKI或可信第三方。虽然证书部署对于大规模、低成本的应用程序来说不是最优的，但使用受信任的第三方容易出现人为错误和凭证泄露。在这种情况下，协同定位可能是一种有价值的资源，并且通常通过常见的随机收集技术加以利用，但这些技术的可实现率较低，并且通常受到对环境的限制性假设的影响。利用同址技术的最新技术是基于质量时间的概念，并依赖于复杂的节流线索发布机制，该机制允许设备有足够的时间在发射器附近度过，通过收集足够的连续线索来找到密钥。相比之下，攻击者只能在有限的时间内听取或与线索发送者互动。以前在这个方向上的工作只处理被动攻击者，并使用高开销的信息节流机制。本文介绍了质量时间范式的主动攻击者模型，并提出了一种简单的解决方案——零配置密钥建立协议(ZeroProKeS)。此外，本文还展示了如何有效地扩展所提出的协议，以坚持合法用户之间的任何自定义信息传递函数。

{"title":"ZeroProKeS: A Secure Zeroconf Key Establishment Protocol for Large-Scale Low-Cost Applications","authors":"S. K. Sakib, G. Amariucai, Yong Guan","doi":"10.1109/TDSC.2022.3207927","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3207927","url":null,"abstract":"Traditional approaches to authenticated key establishment include the use of PKI or trusted third parties. While certificate deployment is sub-optimal for large-scale, low-cost applications, the use of trusted third parties is subject to human error and leaked credentials. For this context, co-location can be a valuable resource, and it is often exploited through common randomness harvesting techniques, but these, in turn, suffer from low achievable rates and usually from restrictive assumptions about the environment. Recent techniques for exploiting co-location are based on the notion of quality time and rely on sophisticated throttled clue-issuing mechanisms that allow a device with enough time to spend in the vicinity of the transmitter to find a secret key by collecting enough consecutive clues. By contrast, attackers are afforded only limited time to listen to, or interact with, the clue transmitter. Previous work in this direction deals solely with passive attackers and uses high-overhead information throttling mechanisms. This paper introduces the active attacker model for the quality-time paradigm and proposes a simple solution, a Zeroconf Key Establishment Protocol (ZeroProKeS). Additionally, the paper shows how to efficiently expand the proposed protocol to adhere to any customized information transfer function between legitimate users.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3636-3652"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41523352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A new classification of genus Neoperla and systematic studies of other Perlinae (Plecoptera: Perlidae). Neoperla属的新分类及其他珀林科（Plecoptera: Perlidae）的系统研究。

IF 0.9 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing

Pub Date : 2023-08-29 DOI: 10.11646/zootaxa.5339.2.1

Peter Zwick

A new formal classification for the largest genus of Perlinae, Neoperla, is introduced to replace the artificial split of the genus into two informal groups. Globally, there are close to 300 named species, with the number rising all the time. The monophyletic clymene-group is assigned to Neoperla (Neoperla) with ~ 140 species in North America, Africa and parts of Asia; its seven main subgroups are briefly characterized. The polyphyletic Asian montivaga-group is replaced by two monophyletic subgenera, N. (Borneella), new subgenus (six species), and N. (Formosita) Klaplek, new status (~125 species). Five species groups in N. (Formosita) are recognized and diagnosed. For 85% of the species known by mid-2023 (DeWalt et al. 2023), their assignment to supra-specific taxa is summarized in a table, while a further 40 species cannot be placed at present. Some additions, remarks and corrections to the phylogenetically oriented synopsis of Perlinae by Sivec, Stark & Uchida (1988) are made. The new species N.(F.) fasciata is named. Eighty-eight figures, including numerous new original photographs, are presented.

本文介绍了鲈形目最大的属--新鲈属的新正式分类法，以取代人为地将该属分成两个非正式类别的做法。在全球范围内，有近 300 个命名的物种，而且数量还在不断增加。单系的蝶形花属（Clymene-group）被归入新蝶形花属（Neoperla），在北美洲、非洲和亚洲部分地区有约 140 个物种；其七个主要亚群的特征已作简要介绍。N. (Borneella) 新亚属（6 个种）和 N. (Formosita) Klaplek 新地位（约 125 个种）。N.（Formosita）中的五个种群被确认和诊断。至 2023 年中期（DeWalt 等，2023 年），85% 的已知种已归入超特异分类群，另有 40 个种目前无法归类。本文对 Sivec、Stark 和 Uchida（1988 年）所著的 Perlinae 系统发育概述进行了一些补充、评论和更正。新种 N.(F.) fasciata 被命名。文中提供了 88 幅图，包括许多新的原始照片。

引用次数: 0

Towards Robust Fingerprinting of Relational Databases by Mitigating Correlation Attacks. 通过减少相关攻击实现关系数据库的鲁棒指纹

IF 7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing

Pub Date : 2023-07-01 Epub Date: 2022-07-18 DOI: 10.1109/tdsc.2022.3191117

Tianxi Ji, Erman Ayday, Emre Yilmaz, Pan Li

Database fingerprinting is widely adopted to prevent unauthorized data sharing and identify source of data leakages. Although existing schemes are robust against common attacks, their robustness degrades significantly if attackers utilize inherent correlations among database entries. In this paper, we demonstrate the vulnerability of existing schemes by identifying different correlation attacks: column-wise correlation attack, row-wise correlation attack, and their integration. We provide robust fingerprinting against these attacks by developing mitigation techniques, which can work as post-processing steps for any off-the-shelf database fingerprinting schemes and preserve the utility of databases. We investigate the impact of correlation attacks and the performance of mitigation techniques using a real-world database. Our results show (i) high success rates of correlation attacks against existing fingerprinting schemes (e.g., integrated correlation attack can distort 64.8% fingerprint bits by just modifying 14.2% entries in a fingerprinted database), and (ii) high robustness of mitigation techniques (e.g., after mitigation, integrated correlation attack can only distort 3% fingerprint bits). Additionally, the mitigation techniques effectively alleviate correlation attacks even if (i) attackers have access to correlation models directly computed from the original database, while the database owner uses inaccurate correlation models, (ii) or attackers utilizes higher order of correlations than the database owner.

数据库指纹被广泛应用于防止未经授权的数据共享和识别数据泄漏的来源。尽管现有的方案对常见攻击具有鲁棒性，但如果攻击者利用数据库条目之间的固有相关性，则其鲁棒性会显著降低。在本文中，我们通过识别不同的相关攻击来证明现有方案的脆弱性:列相关攻击，行相关攻击，以及它们的集成。我们通过开发缓解技术为这些攻击提供健壮的指纹识别，这些技术可以作为任何现成数据库指纹识别方案的后处理步骤，并保持数据库的实用性。我们使用真实世界的数据库调查相关攻击的影响和缓解技术的性能。我们的研究结果表明:(i)针对现有指纹识别方案的相关攻击成功率高(例如，集成相关攻击通过修改指纹数据库中14.2%的条目可以扭曲64.8%的指纹位)，以及(ii)缓解技术的高鲁棒性(例如，经过缓解，集成相关攻击只能扭曲3%的指纹位)。此外，即使(i)攻击者可以访问直接从原始数据库计算的关联模型，而数据库所有者使用不准确的关联模型，(ii)或攻击者使用比数据库所有者更高阶的关联，缓解技术也能有效地减轻关联攻击。

{"title":"Towards Robust Fingerprinting of Relational Databases by Mitigating Correlation Attacks.","authors":"Tianxi Ji, Erman Ayday, Emre Yilmaz, Pan Li","doi":"10.1109/tdsc.2022.3191117","DOIUrl":"10.1109/tdsc.2022.3191117","url":null,"abstract":"<p><p>Database fingerprinting is widely adopted to prevent unauthorized data sharing and identify source of data leakages. Although existing schemes are robust against common attacks, their robustness degrades significantly if attackers utilize inherent correlations among database entries. In this paper, we demonstrate the vulnerability of existing schemes by identifying different correlation attacks: column-wise correlation attack, row-wise correlation attack, and their integration. We provide robust fingerprinting against these attacks by developing mitigation techniques, which can work as post-processing steps for any off-the-shelf database fingerprinting schemes and preserve the utility of databases. We investigate the impact of correlation attacks and the performance of mitigation techniques using a real-world database. Our results show (i) high success rates of correlation attacks against existing fingerprinting schemes (e.g., integrated correlation attack can distort 64.8% fingerprint bits by just modifying 14.2% entries in a fingerprinted database), and (ii) high robustness of mitigation techniques (e.g., after mitigation, integrated correlation attack can only distort 3% fingerprint bits). Additionally, the mitigation techniques effectively alleviate correlation attacks even if (i) attackers have access to correlation models directly computed from the original database, while the database owner uses inaccurate correlation models, (ii) or attackers utilizes higher order of correlations than the database owner.</p>","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"2939-2953"},"PeriodicalIF":7.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10877201/pdf/","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48304558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0