Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3341211
T. Hutzelmann, Dominik Mauksch, A. Petrovska, Alexander Pretschner
The state-of-the-art evaluation of an Intrusion Detection System (IDS) relies on benchmark datasets composed of the regular system's and potential attackers’ behavior. The datasets are collected once and independently of the IDS under analysis. This paper questions this practice by introducing a methodology to elicit particularly challenging samples to benchmark a given IDS. In detail, we propose (1) six fitness functions quantifying the suitability of individual samples, particularly tailored for safety-critical cyber-physical systems, (2) a scenario-based methodology for attacks on networks to systematically deduce optimal samples in addition to previous datasets, and (3) a respective extension of the standard IDS evaluation methodology. We applied our methodology to two network-based IDSs defending an advanced driver assistance system. Our results indicate that different IDSs show strongly differing characteristics in their edge case classifications and that the original datasets used for evaluation do not include such challenging behavior. In the worst case, this causes a critical undetected attack, as we document for one IDS. Our findings highlight the need to tailor benchmark datasets to the individual IDS in a final evaluation step. Especially the manual investigation of selected samples from edge case classifications by domain experts is vital for assessing the IDSs.
{"title":"Generation of Tailored and Confined Datasets for IDS Evaluation in Cyber-Physical Systems","authors":"T. Hutzelmann, Dominik Mauksch, A. Petrovska, Alexander Pretschner","doi":"10.1109/TDSC.2023.3341211","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3341211","url":null,"abstract":"The state-of-the-art evaluation of an Intrusion Detection System (IDS) relies on benchmark datasets composed of the regular system's and potential attackers’ behavior. The datasets are collected once and independently of the IDS under analysis. This paper questions this practice by introducing a methodology to elicit particularly challenging samples to benchmark a given IDS. In detail, we propose (1) six fitness functions quantifying the suitability of individual samples, particularly tailored for safety-critical cyber-physical systems, (2) a scenario-based methodology for attacks on networks to systematically deduce optimal samples in addition to previous datasets, and (3) a respective extension of the standard IDS evaluation methodology. We applied our methodology to two network-based IDSs defending an advanced driver assistance system. Our results indicate that different IDSs show strongly differing characteristics in their edge case classifications and that the original datasets used for evaluation do not include such challenging behavior. In the worst case, this causes a critical undetected attack, as we document for one IDS. Our findings highlight the need to tailor benchmark datasets to the individual IDS in a final evaluation step. Especially the manual investigation of selected samples from edge case classifications by domain experts is vital for assessing the IDSs.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141713919","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3335304
Feng Liu, Kaiping Xue, Jinjiang Yang, Jing Zhang, Zixuan Huang, Jian Li, David S. L. Wei
Searchable Symmetric Encryption (SSE) is a valuable cryptographic tool that allows a client to retrieve its outsourced data from an untrusted server via keyword search. Initially, SSE research primarily focused on the efficiency-security trade-off. However, in recent years, attention has shifted towards range queries instead of exact keyword searches, resulting in significant developments in the SSE field. Despite the advancements in SSE schemes supporting range queries, many are susceptible to leakage-abuse attacks due to volumetric profile leakage. Although several schemes exist to prevent volume leakage, these solutions prove inefficient when dealing with large-scale datasets. In this article, we highlight the efficiency-security trade-off for range queries in SSE. Subsequently, we propose a volume-hiding range SSE scheme that ensures efficient operations on extensive datasets. Leveraging the order-weighted inverted index and bitmap structure, our scheme achieves high search efficiency while maintaining the confidentiality of the volumetric profile. To facilitate searching within large-scale datasets, we introduce a partitioning strategy that divides a broad range into disjoint partitions and stores the information in a local binary tree. Through an analysis of the leakage function, we demonstrate the security of our proposed scheme within the ideal/real model simulation paradigm. Our experimental results further validate the practicality of our scheme with real-life large-scale datasets.
{"title":"Volume-Hiding Range Searchable Symmetric Encryption for Large-Scale Datasets","authors":"Feng Liu, Kaiping Xue, Jinjiang Yang, Jing Zhang, Zixuan Huang, Jian Li, David S. L. Wei","doi":"10.1109/TDSC.2023.3335304","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3335304","url":null,"abstract":"Searchable Symmetric Encryption (SSE) is a valuable cryptographic tool that allows a client to retrieve its outsourced data from an untrusted server via keyword search. Initially, SSE research primarily focused on the efficiency-security trade-off. However, in recent years, attention has shifted towards range queries instead of exact keyword searches, resulting in significant developments in the SSE field. Despite the advancements in SSE schemes supporting range queries, many are susceptible to leakage-abuse attacks due to volumetric profile leakage. Although several schemes exist to prevent volume leakage, these solutions prove inefficient when dealing with large-scale datasets. In this article, we highlight the efficiency-security trade-off for range queries in SSE. Subsequently, we propose a volume-hiding range SSE scheme that ensures efficient operations on extensive datasets. Leveraging the order-weighted inverted index and bitmap structure, our scheme achieves high search efficiency while maintaining the confidentiality of the volumetric profile. To facilitate searching within large-scale datasets, we introduce a partitioning strategy that divides a broad range into disjoint partitions and stores the information in a local binary tree. Through an analysis of the leakage function, we demonstrate the security of our proposed scheme within the ideal/real model simulation paradigm. Our experimental results further validate the practicality of our scheme with real-life large-scale datasets.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141702453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3334197
Tao Jiang, Xu Yuan, Qiong Cheng, Yulong Shen, Liangmin Wang, J. Ma
Price discrimination has been empirically exposed where e-commercial platforms aim to gain additional profits by charging customers with different prices for the same product/service. This situation becomes even worse in nowadays’ Big Data era, giving the chance for service providers to leverage artificial intelligence technologies to have the deep analysis of personalized patterns, urgently calling for solutions to prevent such discriminated behaviors to protect customers’ rights. This article aims to defend against price discrimination by developing a secure and privacy-preserving solution, provable for e-commerce fairness. Using a newly designed cryptographic accumulator and public bulletin board, our system, called FairECom, allows an auditor (i.e., a customer or third-party auditor) to verify if customers are experiencing price discrimination. In particular, FairECom enables a customer to check if his payment to a product/service is identical to other customers through a privacy-preserving challenge-response protocol, for implementing the price transparency against discrimination. We implement a prototype using an Ethereum-based public bulletin board to conduct the system evaluation. Our evaluation indicates that FairECom can integrate with existing APIs provided by Ethereum and incur acceptable costs when deploying to the e-commercial systems.
{"title":"FairECom: Towards Proof of E-Commerce Fairness Against Price Discrimination","authors":"Tao Jiang, Xu Yuan, Qiong Cheng, Yulong Shen, Liangmin Wang, J. Ma","doi":"10.1109/TDSC.2023.3334197","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3334197","url":null,"abstract":"Price discrimination has been empirically exposed where e-commercial platforms aim to gain additional profits by charging customers with different prices for the same product/service. This situation becomes even worse in nowadays’ Big Data era, giving the chance for service providers to leverage artificial intelligence technologies to have the deep analysis of personalized patterns, urgently calling for solutions to prevent such discriminated behaviors to protect customers’ rights. This article aims to defend against price discrimination by developing a secure and privacy-preserving solution, provable for e-commerce fairness. Using a newly designed cryptographic accumulator and public bulletin board, our system, called FairECom, allows an auditor (i.e., a customer or third-party auditor) to verify if customers are experiencing price discrimination. In particular, FairECom enables a customer to check if his payment to a product/service is identical to other customers through a privacy-preserving challenge-response protocol, for implementing the price transparency against discrimination. We implement a prototype using an Ethereum-based public bulletin board to conduct the system evaluation. Our evaluation indicates that FairECom can integrate with existing APIs provided by Ethereum and incur acceptable costs when deploying to the e-commercial systems.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141703217","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3339675
Shun Hu, Ming Li, Jiasi Weng, Jia-Nan Liu, Jian Weng, Zhi Li
Blockchain rewriting has become widely explored for addressing data deletion requirements, such as error data deletion, space-saving, and compliance with the “right-to-be-forgotten” rule. However, existing approaches are inadequate for handling cross-chain redaction issues, in facing with the increasing need for inter-chain communication. In particular, transaction rewriting on a blockchain might have relevant effects on the states of other blockchains. The cross-chain interoperability results in inter-chain transactions with more complex dependency relations. The issues pose new challenges to achieve rewriting consistency, for example, ensuring the rewriting of related transactions when a transaction is being modified, and achieve atomic rewriting, whereby two cross-chain transactions must either all, or neither, be processed. This article introduces a cross-chain solution IvyRedaction, with an emphasis on customizing a decentralized intermediary for generating and maintaining global cross-chain redaction states and transaction dependencies. The article proposes a novel cross-chain state mapping method with rollback rules, as well as customized block structures and verification algorithms, to address the aforementioned issues. Proof-of-concept experiments are conducted to demonstrate the feasibility of the proposed framework.
{"title":"IvyRedaction: Enabling Atomic, Consistent and Accountable Cross-Chain Rewriting","authors":"Shun Hu, Ming Li, Jiasi Weng, Jia-Nan Liu, Jian Weng, Zhi Li","doi":"10.1109/TDSC.2023.3339675","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3339675","url":null,"abstract":"Blockchain rewriting has become widely explored for addressing data deletion requirements, such as error data deletion, space-saving, and compliance with the “right-to-be-forgotten” rule. However, existing approaches are inadequate for handling cross-chain redaction issues, in facing with the increasing need for inter-chain communication. In particular, transaction rewriting on a blockchain might have relevant effects on the states of other blockchains. The cross-chain interoperability results in inter-chain transactions with more complex dependency relations. The issues pose new challenges to achieve rewriting consistency, for example, ensuring the rewriting of related transactions when a transaction is being modified, and achieve atomic rewriting, whereby two cross-chain transactions must either all, or neither, be processed. This article introduces a cross-chain solution IvyRedaction, with an emphasis on customizing a decentralized intermediary for generating and maintaining global cross-chain redaction states and transaction dependencies. The article proposes a novel cross-chain state mapping method with rollback rules, as well as customized block structures and verification algorithms, to address the aforementioned issues. Proof-of-concept experiments are conducted to demonstrate the feasibility of the proposed framework.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141691025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3348204
Xiaoyu Zhang, Shen Lin, Chao Chen, Xiaofeng Chen
Training a deep learning model from scratch requires a great deal of available labeled data, computation resources, and expert knowledge. Thus, the time-consuming and complicated learning procedure catapulted the trained model to valuable intellectual property (IP), spurring interest from attackers in model copyright infringement and stealing. Recently, a new defense approach leverages watermarking techniques to inject watermarks into the training procedure and verify model ownership when necessary. To our best knowledge, there is no research work on model ownership stealing attacks in federated learning, and the existing defense or mitigation methods can not be directly used for federated learning scenarios. In this article, we introduce watermarking neural networks in asynchronous federated learning and propose a novel model privacy attack, dubbed model ownership deprivation attack (MODA). MODA is launched by an inside adversarial participant, targeting occupying and depriving the remaining participants’ (victims) copyright to achieve his maximum profit. The extensive experimental results on five benchmark datasets (MNIST, Fashion-MNIST, GTSRB, SVHN, CIFAR10) show that MODA is highly effective in a two-participant learning scenario with a minor impact on model's performance. When extending MODA into multiple participants scenario, MODA still maintains high attack success rate and classification accuracy. Compared to the state-of-the-art works, MODA has a higher attack success rate than the black-box solution and comparable efficacy with the approach in the white-box scenario.
{"title":"MODA: Model Ownership Deprivation Attack in Asynchronous Federated Learning","authors":"Xiaoyu Zhang, Shen Lin, Chao Chen, Xiaofeng Chen","doi":"10.1109/TDSC.2023.3348204","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3348204","url":null,"abstract":"Training a deep learning model from scratch requires a great deal of available labeled data, computation resources, and expert knowledge. Thus, the time-consuming and complicated learning procedure catapulted the trained model to valuable intellectual property (IP), spurring interest from attackers in model copyright infringement and stealing. Recently, a new defense approach leverages watermarking techniques to inject watermarks into the training procedure and verify model ownership when necessary. To our best knowledge, there is no research work on model ownership stealing attacks in federated learning, and the existing defense or mitigation methods can not be directly used for federated learning scenarios. In this article, we introduce watermarking neural networks in asynchronous federated learning and propose a novel model privacy attack, dubbed model ownership deprivation attack (MODA). MODA is launched by an inside adversarial participant, targeting occupying and depriving the remaining participants’ (victims) copyright to achieve his maximum profit. The extensive experimental results on five benchmark datasets (MNIST, Fashion-MNIST, GTSRB, SVHN, CIFAR10) show that MODA is highly effective in a two-participant learning scenario with a minor impact on model's performance. When extending MODA into multiple participants scenario, MODA still maintains high attack success rate and classification accuracy. Compared to the state-of-the-art works, MODA has a higher attack success rate than the black-box solution and comparable efficacy with the approach in the white-box scenario.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141709377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3346795
Cong Li, Xinyu Feng, Qingni Shen, Zhonghai Wu
Nearly all of the previous attribute-based proxy re-encryption (ABPRE) schemes cannot support keyword search and keyword updating without the aid of private key generator (PKG) simultaneously. To resolve this problem, recently in IEEE Transactions on Dependable and Secure Computing (doi: 10.1109/TDSC.2020.2963978), Ge et al. proposed a ciphertext-policy ABPRE scheme with keyword search, dubbed CPAB-KSDS, which supports keyword updating without communicating with PKG. It also achieves indistinguishability against chosen-ciphertext attack (IND-CCA) security and indistinguishability against chosen-keyword attack (IND-CKA) security in the random oracle model. In this paper, we carefully analyze the security of Ge et al.’s CPAB-KSDS scheme and find that they did not give a correct reduction from IND-CKA security of theirs to the underlying cryptographic assumption. Furthermore, we also give a concrete attack on IND-CKA security of the CPAB-KSDS scheme. Therefore, it fails to achieve IND-CKA security they claimed, which is an essential security requirement for the encryption scheme with keyword search.
以往几乎所有基于属性的代理重加密(ABPRE)方案都无法在不借助私钥生成器(PKG)的情况下同时支持关键字搜索和关键字更新。为了解决这个问题,Ge 等人最近在 IEEE Transactions on Dependable and Secure Computing(doi: 10.1109/TDSC.2020.2963978)上提出了一种具有关键字搜索功能的密文策略 ABPRE 方案(称为 CPAB-KSDS),该方案无需与 PKG 通信即可支持关键字更新。它还在随机甲骨文模型中实现了对抗所选密文攻击的不可区分性(IND-CCA)安全性和对抗所选关键字攻击的不可区分性(IND-CKA)安全性。在本文中,我们仔细分析了 Ge 等人的 CPAB-KSDS 方案的安全性,发现他们并没有将其 IND-CKA 安全性正确还原到底层加密假设。此外,我们还给出了对 CPAB-KSDS 方案 IND-CKA 安全性的具体攻击。因此,CPAB-KSDS 未能达到他们声称的 IND-CKA 安全性,而这正是关键词搜索加密方案的基本安全要求。
{"title":"On the Security of Secure Keyword Search and Data Sharing Mechanism for Cloud Computing","authors":"Cong Li, Xinyu Feng, Qingni Shen, Zhonghai Wu","doi":"10.1109/TDSC.2023.3346795","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3346795","url":null,"abstract":"Nearly all of the previous attribute-based proxy re-encryption (ABPRE) schemes cannot support keyword search and keyword updating without the aid of private key generator (PKG) simultaneously. To resolve this problem, recently in IEEE Transactions on Dependable and Secure Computing (doi: 10.1109/TDSC.2020.2963978), Ge et al. proposed a ciphertext-policy ABPRE scheme with keyword search, dubbed CPAB-KSDS, which supports keyword updating without communicating with PKG. It also achieves indistinguishability against chosen-ciphertext attack (IND-CCA) security and indistinguishability against chosen-keyword attack (IND-CKA) security in the random oracle model. In this paper, we carefully analyze the security of Ge et al.’s CPAB-KSDS scheme and find that they did not give a correct reduction from IND-CKA security of theirs to the underlying cryptographic assumption. Furthermore, we also give a concrete attack on IND-CKA security of the CPAB-KSDS scheme. Therefore, it fails to achieve IND-CKA security they claimed, which is an essential security requirement for the encryption scheme with keyword search.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141705308","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3347342
Sona Alex, D. Jagalchandran, Deepthi P. Pattathil
The privacy of medical data and resource restrictions in the Internet of Things (IoT) nodes prohibit medical users from utilizing disease detection (DD) services offered by the health cloud in the mobile healthcare network (MHN). Also, health clouds may need the DD procedures to be private. Therefore, the essential requirements for MHN DD services are (i) performing accurate and fast DD without jeopardizing the privacy of health clouds and medical users and (ii) reducing the computational and transmission overhead (energy-consumption) of the green IoT devices while performing privacy-preserving DD. The outsourced privacy-preserving DD is available in the literature based on popular tree-based machine learning schemes such as a random forest. However, these schemes utilize energy-hungry public-key encryption schemes in IoT nodes at medical users for privacy preservation. This work proposes an energy-efficient, fully homomorphic modified Rivest scheme (FHMRS) for the proposed privacy-preserving random forest classification (PRFC). A secure integer comparison protocol is also developed for reducing processing time and energy consumption for users while performing outsourced PRFC. The implementation results and security analysis show that the proposed schemes guarantee better energy efficiency for MHN green IoT devices without compromising privacy than the existing tree-based schemes.
{"title":"Privacy-Preserving and Energy-Saving Random Forest-Based Disease Detection Framework for Green Internet of Things in Mobile Healthcare Networks","authors":"Sona Alex, D. Jagalchandran, Deepthi P. Pattathil","doi":"10.1109/TDSC.2023.3347342","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3347342","url":null,"abstract":"The privacy of medical data and resource restrictions in the Internet of Things (IoT) nodes prohibit medical users from utilizing disease detection (DD) services offered by the health cloud in the mobile healthcare network (MHN). Also, health clouds may need the DD procedures to be private. Therefore, the essential requirements for MHN DD services are (i) performing accurate and fast DD without jeopardizing the privacy of health clouds and medical users and (ii) reducing the computational and transmission overhead (energy-consumption) of the green IoT devices while performing privacy-preserving DD. The outsourced privacy-preserving DD is available in the literature based on popular tree-based machine learning schemes such as a random forest. However, these schemes utilize energy-hungry public-key encryption schemes in IoT nodes at medical users for privacy preservation. This work proposes an energy-efficient, fully homomorphic modified Rivest scheme (FHMRS) for the proposed privacy-preserving random forest classification (PRFC). A secure integer comparison protocol is also developed for reducing processing time and energy consumption for users while performing outsourced PRFC. The implementation results and security analysis show that the proposed schemes guarantee better energy efficiency for MHN green IoT devices without compromising privacy than the existing tree-based schemes.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141690656","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3334017
Dingding Wang, Muhui Jiang, Rui Chang, Yajin Zhou, Hexiang Wang, Baolei Hou, Lei Wu, Xiapu Luo
Researchers actively work on the security of Internet of Things (IoT) devices when IoT devices become popular. However, previous works ignore the insecurity about a special category of devices, i.e., the end-of-life (EoL) devices. Once a product becomes EoL, vendors no longer maintain its firmware, which makes it susceptible to attacks. In this article, we conduct the first empirical study to shed light on the (in)security of EoL devices. Our study performs two types of analysis, including the liveness analysis and the vulnerability analysis. The first one aims to detect the scale of EoL devices that are still alive in the wild in the long term. The second one is to evaluate the vulnerabilities existing in (active) EoL devices. We analyzed 894 EoL models from three vendors (i.e., D-Link, Tp-Link, and Netgear) for more than two years. Our study reveals some worrisome facts that were unknown by the community. There exist more than three million active EoL devices, while more than one million of them have been alive for more than five years. Furthermore, more than half of the vulnerabilities are discovered after the EoL date. Although vendors may release security patches after the EoL date, the process is ad hoc and incomplete, with limited functionality. In summary, more than three million active EoL devices are vulnerable, and nearly half of them are threatened by high-risk vulnerabilities. By compromising EoL devices, attackers can achieve a minimum of 8.67 Tbps DDoS attack.
{"title":"An Empirical Study on the Insecurity of End-of-Life (EoL) IoT Devices","authors":"Dingding Wang, Muhui Jiang, Rui Chang, Yajin Zhou, Hexiang Wang, Baolei Hou, Lei Wu, Xiapu Luo","doi":"10.1109/TDSC.2023.3334017","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3334017","url":null,"abstract":"Researchers actively work on the security of Internet of Things (IoT) devices when IoT devices become popular. However, previous works ignore the insecurity about a special category of devices, i.e., the end-of-life (EoL) devices. Once a product becomes EoL, vendors no longer maintain its firmware, which makes it susceptible to attacks. In this article, we conduct the first empirical study to shed light on the (in)security of EoL devices. Our study performs two types of analysis, including the liveness analysis and the vulnerability analysis. The first one aims to detect the scale of EoL devices that are still alive in the wild in the long term. The second one is to evaluate the vulnerabilities existing in (active) EoL devices. We analyzed 894 EoL models from three vendors (i.e., D-Link, Tp-Link, and Netgear) for more than two years. Our study reveals some worrisome facts that were unknown by the community. There exist more than three million active EoL devices, while more than one million of them have been alive for more than five years. Furthermore, more than half of the vulnerabilities are discovered after the EoL date. Although vendors may release security patches after the EoL date, the process is ad hoc and incomplete, with limited functionality. In summary, more than three million active EoL devices are vulnerable, and nearly half of them are threatened by high-risk vulnerabilities. By compromising EoL devices, attackers can achieve a minimum of 8.67 Tbps DDoS attack.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141705754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3334762
Jinke Song, Qiang Li, Haining Wang, Jiqiang Liu
Nowadays security vulnerability reports contain commercial vendor-centric information but fail to include accurate information of open-source software packages. Open-source ecosystems use package managers, such as Maven, NuGet, NPM, and Gem, to cover hundreds of thousands of free code packages. However, we uncover that vulnerability reports frequently miss the vulnerable software package information when the software package comes from open-source ecosystems. To fill in this gap, we propose a framework called PKVIC (software package vulnerability information calibration), as the first tool to automatically associate security vulnerability reports with affected software packages from different open-source ecosystems. Specifically, PKVIC designs an ecosystem classifier to determine which ecosystem a vulnerability report belongs to. From the reports written in natural language, PKVIC extracts the entities closely related to software names in ecosystems. To efficiently and accurately locate the affected software packages from millions of packages, we propose a recursive traversal method to generate the package identifier based on the naming scheme and candidate named entities. We implemented the prototype of PKVIC and conducted comprehensive experiments to validate its efficacy. In particular, we ran PKVIC over 421,808 vulnerability reports from 20 well-known sources of security vulnerabilities and identified 11,279 unique vulnerability reports that affected 2,703 open-source software packages. PKVIC successfully found the accurate reference URLs for these 2,703 software packages across 6 open-source ecosystems, including Pypi, Gem, NPM, Packagist, Nuget, and Maven.
{"title":"PKVIC: Supplement Missing Software Package Information in Security Vulnerability Reports","authors":"Jinke Song, Qiang Li, Haining Wang, Jiqiang Liu","doi":"10.1109/TDSC.2023.3334762","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3334762","url":null,"abstract":"Nowadays security vulnerability reports contain commercial vendor-centric information but fail to include accurate information of open-source software packages. Open-source ecosystems use package managers, such as Maven, NuGet, NPM, and Gem, to cover hundreds of thousands of free code packages. However, we uncover that vulnerability reports frequently miss the vulnerable software package information when the software package comes from open-source ecosystems. To fill in this gap, we propose a framework called PKVIC (software package vulnerability information calibration), as the first tool to automatically associate security vulnerability reports with affected software packages from different open-source ecosystems. Specifically, PKVIC designs an ecosystem classifier to determine which ecosystem a vulnerability report belongs to. From the reports written in natural language, PKVIC extracts the entities closely related to software names in ecosystems. To efficiently and accurately locate the affected software packages from millions of packages, we propose a recursive traversal method to generate the package identifier based on the naming scheme and candidate named entities. We implemented the prototype of PKVIC and conducted comprehensive experiments to validate its efficacy. In particular, we ran PKVIC over 421,808 vulnerability reports from 20 well-known sources of security vulnerabilities and identified 11,279 unique vulnerability reports that affected 2,703 open-source software packages. PKVIC successfully found the accurate reference URLs for these 2,703 software packages across 6 open-source ecosystems, including Pypi, Gem, NPM, Packagist, Nuget, and Maven.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141712473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3347225
Zipeng Ye, Wenjian Luo, Ruizhuo Zhang, Hongwei Zhang, Yuhui Shi, Yan Jia
Model inversion attacks aim to reveal information about sensitive training data of AI models, which may lead to serious privacy leakage. However, existing attack methods have limitations in reconstructing training data with higher feature fidelity. In this article, we propose an evolutionary model inversion attack approach (EvoMI) and empirically demonstrate that combined with the systematic search in the multi-degree-of-freedom latent space of the generative model, the simple use of an evolutionary algorithm can effectively improve the attack performance. Concretely, at first, we search for latent vectors which can generate images close to the attack target in the latent space with low-degree of freedom. Generally, the low-freedom constraint will reduce the probability of getting a local optima compared to existing methods that directly search for latent vectors in the high-freedom space. Consequently, we introduce a mutation operation to expand the search domain, thus further reduce the possibility of obtaining a local optima. Finally, we treat the searched latent vectors as the initial values of the post-processing and relax the constraint to further optimize the latent vectors in a higher-freedom space. Our proposed method is conceptually simple and easy to implement, yet it achieves substantial improvements and outperforms the state-of-the-art methods significantly.
{"title":"An Evolutionary Attack for Revealing Training Data of DNNs With Higher Feature Fidelity","authors":"Zipeng Ye, Wenjian Luo, Ruizhuo Zhang, Hongwei Zhang, Yuhui Shi, Yan Jia","doi":"10.1109/TDSC.2023.3347225","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3347225","url":null,"abstract":"Model inversion attacks aim to reveal information about sensitive training data of AI models, which may lead to serious privacy leakage. However, existing attack methods have limitations in reconstructing training data with higher feature fidelity. In this article, we propose an evolutionary model inversion attack approach (EvoMI) and empirically demonstrate that combined with the systematic search in the multi-degree-of-freedom latent space of the generative model, the simple use of an evolutionary algorithm can effectively improve the attack performance. Concretely, at first, we search for latent vectors which can generate images close to the attack target in the latent space with low-degree of freedom. Generally, the low-freedom constraint will reduce the probability of getting a local optima compared to existing methods that directly search for latent vectors in the high-freedom space. Consequently, we introduce a mutation operation to expand the search domain, thus further reduce the possibility of obtaining a local optima. Finally, we treat the searched latent vectors as the initial values of the post-processing and relax the constraint to further optimize the latent vectors in a higher-freedom space. Our proposed method is conceptually simple and easy to implement, yet it achieves substantial improvements and outperforms the state-of-the-art methods significantly.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141708719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}