In spatial crowdsourcing, location-based task recommendation schemes are widely used to match appropriate workers in desired geographic areas with relevant tasks from data requesters. To ensure data confidentiality, various privacy-preserving location-based task recommendation schemes have been proposed, as cloud servers behave semi-honestly. However, existing schemes reveal access patterns, and the dimension of the geographic query increases significantly when additional information beyond locations is used to filter appropriate workers. To address the above challenges, this article proposes two efficient and privacy-preserving location-based task recommendation (EPTR) schemes that support high-dimensional queries and access pattern privacy protection. First, we propose a basic EPTR scheme (EPTR-I) that utilizes randomizable matrix multiplication and public position intersection test (PPIT) to achieve linear search complexity and full access pattern privacy protection. Then, we explore the trade-off between efficiency and security and develop a tree-based EPTR scheme (EPTR-II) to achieve sub-linear search complexity. Security analysis demonstrates that both schemes protect the confidentiality of worker locations, requester queries, and query results and achieve different security properties on access pattern assurance. Extensive performance evaluation shows that both EPTR schemes are efficient in terms of computational cost, with EPTR-II being $10^{3}times$103× faster than the state-of-the-art scheme in task recommendation.
{"title":"Achieving Efficient and Privacy-Preserving Location-Based Task Recommendation in Spatial Crowdsourcing","authors":"Fuyuan Song, Jinwen Liang, Chuan Zhang, Zhangjie Fu, Zhen Qin, Song Guo","doi":"10.1109/TDSC.2023.3342239","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3342239","url":null,"abstract":"In spatial crowdsourcing, location-based task recommendation schemes are widely used to match appropriate workers in desired geographic areas with relevant tasks from data requesters. To ensure data confidentiality, various privacy-preserving location-based task recommendation schemes have been proposed, as cloud servers behave semi-honestly. However, existing schemes reveal access patterns, and the dimension of the geographic query increases significantly when additional information beyond locations is used to filter appropriate workers. To address the above challenges, this article proposes two efficient and privacy-preserving location-based task recommendation (EPTR) schemes that support high-dimensional queries and access pattern privacy protection. First, we propose a basic EPTR scheme (EPTR-I) that utilizes randomizable matrix multiplication and public position intersection test (PPIT) to achieve linear search complexity and full access pattern privacy protection. Then, we explore the trade-off between efficiency and security and develop a tree-based EPTR scheme (EPTR-II) to achieve sub-linear search complexity. Security analysis demonstrates that both schemes protect the confidentiality of worker locations, requester queries, and query results and achieve different security properties on access pattern assurance. Extensive performance evaluation shows that both EPTR schemes are efficient in terms of computational cost, with EPTR-II being <inline-formula><tex-math notation=\"LaTeX\">$10^{3}times$</tex-math><alternatives><mml:math><mml:mrow><mml:msup><mml:mn>10</mml:mn><mml:mn>3</mml:mn></mml:msup><mml:mo>×</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"liang-ieq1-3342239.gif\"/></alternatives></inline-formula> faster than the state-of-the-art scheme in task recommendation.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141712081","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3336994
Lunzhi Deng, Shuai Feng, Tao Wang, Zhenyu Hu, S. Li
In a data auditing scheme, the data owner authorizes a third-party auditor (TPA) to check whether the data stored in the cloud remains intact. Researchers have given many data auditing schemes. However, there are still three significant shortcomings in these schemes. First of all, the security proofs of these schemes are completed in the random oracle model (ROM). As we all know, a scheme with provably security in ROM may be insecure in practical applications. Second, TPA in most known schemes is set to be completely reliable. However, TPA in reality may attempt to extract the data owner's data. These schemes cannot resist the malicious behavior of TPA. Third, most known schemes require hash-to-point operations and enjoy high computation cost, so they are not suitable for computing-constrained environments. In this article, we first presented the system model and security demands for an identity-based data auditing (IBDA) scheme. We then came up with a new IBDA scheme and showed the security proofs in the standard model (SM). Finally, we made an analysis on performance for seven data auditing schemes. In our scheme, the computation cost required by TPA is a constant, independent of the number of data blocks participating in the challenge. Therefore, our scheme requires low computation cost and is suitable for computing-constrained environments.
{"title":"Identity-Based Data Auditing Scheme With Provable Security in the Standard Model Suitable for Cloud Storage","authors":"Lunzhi Deng, Shuai Feng, Tao Wang, Zhenyu Hu, S. Li","doi":"10.1109/TDSC.2023.3336994","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3336994","url":null,"abstract":"In a data auditing scheme, the data owner authorizes a third-party auditor (TPA) to check whether the data stored in the cloud remains intact. Researchers have given many data auditing schemes. However, there are still three significant shortcomings in these schemes. First of all, the security proofs of these schemes are completed in the random oracle model (ROM). As we all know, a scheme with provably security in ROM may be insecure in practical applications. Second, TPA in most known schemes is set to be completely reliable. However, TPA in reality may attempt to extract the data owner's data. These schemes cannot resist the malicious behavior of TPA. Third, most known schemes require hash-to-point operations and enjoy high computation cost, so they are not suitable for computing-constrained environments. In this article, we first presented the system model and security demands for an identity-based data auditing (IBDA) scheme. We then came up with a new IBDA scheme and showed the security proofs in the standard model (SM). Finally, we made an analysis on performance for seven data auditing schemes. In our scheme, the computation cost required by TPA is a constant, independent of the number of data blocks participating in the challenge. Therefore, our scheme requires low computation cost and is suitable for computing-constrained environments.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141697551","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Designing a query-efficient attack strategy to generate high-quality adversarial examples under the hard-label black-box setting is a fundamental yet challenging problem, especially in natural language processing (NLP). The process of searching for adversarial examples has many uncertainties (e.g., an unknown impact on the target model's prediction of the added perturbation) when confidence scores cannot be accessed, which must be compensated for with a large number of queries. To address this issue, we propose TextCheater, a decision-based metaheuristic search method that performs a query-efficient textual adversarial attack task by prohibiting invalid searches. The strategies of multiple initialization points and Tabu search are also introduced to keep the search process from falling into a local optimum. We apply our approach to three state-of-the-art language models (i.e., BERT, wordLSTM, and wordCNN) across six benchmark datasets and eight real-world commercial sentiment analysis platforms/models. Furthermore, we evaluate the Robustly optimized BERT pretraining Approach (RoBERTa) and models that enhance their robustness by adversarial training on toxicity detection and text classification tasks. The results demonstrate that our method minimizes the number of queries required for crafting plausible adversarial text while outperforming existing attack methods in the attack success rate, fluency of output sentences, and similarity between the original text and its adversary.
{"title":"TextCheater: A Query-Efficient Textual Adversarial Attack in the Hard-Label Setting","authors":"Hao Peng, Shixin Guo, Dandan Zhao, Xuhong Zhang, Jianmin Han, Shoulin Ji, Xing Yang, Ming-Hong Zhong","doi":"10.1109/TDSC.2023.3339802","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3339802","url":null,"abstract":"Designing a query-efficient attack strategy to generate high-quality adversarial examples under the hard-label black-box setting is a fundamental yet challenging problem, especially in natural language processing (NLP). The process of searching for adversarial examples has many uncertainties (e.g., an unknown impact on the target model's prediction of the added perturbation) when confidence scores cannot be accessed, which must be compensated for with a large number of queries. To address this issue, we propose TextCheater, a decision-based metaheuristic search method that performs a query-efficient textual adversarial attack task by prohibiting invalid searches. The strategies of multiple initialization points and Tabu search are also introduced to keep the search process from falling into a local optimum. We apply our approach to three state-of-the-art language models (i.e., BERT, wordLSTM, and wordCNN) across six benchmark datasets and eight real-world commercial sentiment analysis platforms/models. Furthermore, we evaluate the Robustly optimized BERT pretraining Approach (RoBERTa) and models that enhance their robustness by adversarial training on toxicity detection and text classification tasks. The results demonstrate that our method minimizes the number of queries required for crafting plausible adversarial text while outperforming existing attack methods in the attack success rate, fluency of output sentences, and similarity between the original text and its adversary.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141705144","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3333549
Dawei Li, Di Liu, Yangkun Ren, Yu Sun, Zhenyu Guan, Qianhong Wu, Jiankun Hu, Jianwei Liu
The space-air-ground integrated network (SAGIN) has a stringent demand on the efficiency of authentication protocols deployed in the devices that have been launched into the air and space. In this article, we define the concept of the security model of conditional physical unclonable function (CPUF) that guarantees the security of the protocol while allowing the use of PUFs that can be modeled. We then propose a CPUF-based authentication and key agreement (AKA) scheme, named CPAKA, that addresses the challenges of device key leakage and inefficient authentication in resource-asymmetric environments. The CPAKA scheme embeds PUFs in weak nodes and deploys prediction models corresponding to the PUFs in strong nodes, eliminating the need to store challenge-response pairs or perform complex calculations. We formally prove the protocol's security under the decisional uniqueness assumption of CPUF and the universal composability framework, and we analyze its secrecy and authentication properties using the Tamarin prover. We also implement an Arbiter PUF on the ZYNQ-7020 FPGA, verify its accuracy through experiments, and show that CPAKA is secure, efficient, and suitable for SAGIN. Our CPAKA scheme greatly reduces computing and storage costs while improving authentication efficiency compared to traditional schemes.
{"title":"CPAKA: Mutual Authentication and Key Agreement Scheme Based on Conditional PUF in Space-Air-Ground Integrated Network","authors":"Dawei Li, Di Liu, Yangkun Ren, Yu Sun, Zhenyu Guan, Qianhong Wu, Jiankun Hu, Jianwei Liu","doi":"10.1109/TDSC.2023.3333549","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3333549","url":null,"abstract":"The space-air-ground integrated network (SAGIN) has a stringent demand on the efficiency of authentication protocols deployed in the devices that have been launched into the air and space. In this article, we define the concept of the security model of conditional physical unclonable function (CPUF) that guarantees the security of the protocol while allowing the use of PUFs that can be modeled. We then propose a CPUF-based authentication and key agreement (AKA) scheme, named CPAKA, that addresses the challenges of device key leakage and inefficient authentication in resource-asymmetric environments. The CPAKA scheme embeds PUFs in weak nodes and deploys prediction models corresponding to the PUFs in strong nodes, eliminating the need to store challenge-response pairs or perform complex calculations. We formally prove the protocol's security under the decisional uniqueness assumption of CPUF and the universal composability framework, and we analyze its secrecy and authentication properties using the Tamarin prover. We also implement an Arbiter PUF on the ZYNQ-7020 FPGA, verify its accuracy through experiments, and show that CPAKA is secure, efficient, and suitable for SAGIN. Our CPAKA scheme greatly reduces computing and storage costs while improving authentication efficiency compared to traditional schemes.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141699540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3334618
Yushi Cheng, Xiaoyu Ji, Wenjun Zhu, Shibo Zhang, Kevin Fu, Wenyuan Xu
Autonomous vehicles increasingly rely on camera-based computer vision systems to perceive environments and make critical driving decisions. To improve image quality, image stabilizers with inertial sensors are added to reduce image blurring caused by camera jitters. However, this trend creates a new attack surface. This paper identifies a system-level vulnerability resulting from the combination of emerging image stabilizer hardware susceptible to acoustic manipulation and computer vision algorithms subject to adversarial examples. By emitting deliberately designed acoustic signals, an adversary can control the output of an inertial sensor, which triggers unnecessary motion compensation and results in a blurred image, even when the camera is stable. These blurred images can induce object misclassification, affecting safety-critical decision-making. We model the feasibility of such acoustic manipulation and design an attack framework that can accomplish three types of attacks: hiding, creating, and altering objects. Evaluation results demonstrate the effectiveness of our attacks against five object detectors (YOLO V3/V4/V5, Faster R-CNN, and Apollo) and two lane detectors (UFLD and LaneAF). We further introduce the concept of AMpLe attacks, a new class of system-level security vulnerabilities resulting from a combination of adversarial machine learning and physics-based injection of information-carrying signals into hardware.
{"title":"Adversarial Computer Vision via Acoustic Manipulation of Camera Sensors","authors":"Yushi Cheng, Xiaoyu Ji, Wenjun Zhu, Shibo Zhang, Kevin Fu, Wenyuan Xu","doi":"10.1109/TDSC.2023.3334618","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3334618","url":null,"abstract":"Autonomous vehicles increasingly rely on camera-based computer vision systems to perceive environments and make critical driving decisions. To improve image quality, image stabilizers with inertial sensors are added to reduce image blurring caused by camera jitters. However, this trend creates a new attack surface. This paper identifies a system-level vulnerability resulting from the combination of emerging image stabilizer hardware susceptible to acoustic manipulation and computer vision algorithms subject to adversarial examples. By emitting deliberately designed acoustic signals, an adversary can control the output of an inertial sensor, which triggers unnecessary motion compensation and results in a blurred image, even when the camera is stable. These blurred images can induce object misclassification, affecting safety-critical decision-making. We model the feasibility of such acoustic manipulation and design an attack framework that can accomplish three types of attacks: hiding, creating, and altering objects. Evaluation results demonstrate the effectiveness of our attacks against five object detectors (YOLO V3/V4/V5, Faster R-CNN, and Apollo) and two lane detectors (UFLD and LaneAF). We further introduce the concept of AMpLe attacks, a new class of system-level security vulnerabilities resulting from a combination of adversarial machine learning and physics-based injection of information-carrying signals into hardware.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141693963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3337114
Sajid Hussain, Hui Guo, Tuo Li, Sri Parameswaran
Security becomes increasingly critical in today's ubiquitous computing. One vulnerable part of a computing system is the bus between the processor chip and the external off-chip memory, where data transferred on the bus can be snooped. To protect data confidentiality, encryption is commonly used. However, encryption alone is not sufficient since the adversary can still find out useful information using the memory address trace. Oblivious RAM (ORAM) is a strong security measure to prevent such information leak. ORAM hides a true memory access in a round of random (dummy) accesses to the memory such that the data and addresses transferred over the memory buses look oblivious to the adversary. However, the existing ORAM designs often incur a hefty performance overhead, which greatly slows down the processor execution, especially for the multicore processor system where the potentially high memory access frequency from the multiple cores could make the impact of the performance overhead even more critical. To address this issue, we, for the first time, propose to process multiple memory access requests in a single round of dummy memory accesses. As such, we develop a novel ORAM design, called MP-ORAM, that targets the multicore system and is able to simultaneously handle a dynamic number of memory access requests to mitigate the performance overhead without compromising the obliviousness of the off-chip memory access trace. We have built a prototype for MP-ORAM and successfully integrated it into a RISCV-based multicore processor system. The whole system has also been implemented on a Xilinx Ultrascale+ ZCU102 FPGA board, with which we can effectively evaluate the performance of our design. Our evaluation, based on the SPLASH-2 benchmark suit, shows that MP-ORAM improves performance by 51–157% while only consuming up to 22% extra FPGA resources as compared to the baseline design. Furthermore, from the NIST randomness tests on the memory access traces generated by MP-ORAM, we have demonstrated that this performance improvement does not affect the obliviousness of the memory access trace. Most importantly, MP-ORAM is the first ORAM design of its kind that has been fully implemented and evaluated on a real multicore processor system with OS support.
{"title":"MP-ORAM: A Novel ORAM Design for Multicore Processor Systems","authors":"Sajid Hussain, Hui Guo, Tuo Li, Sri Parameswaran","doi":"10.1109/TDSC.2023.3337114","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3337114","url":null,"abstract":"Security becomes increasingly critical in today's ubiquitous computing. One vulnerable part of a computing system is the bus between the processor chip and the external off-chip memory, where data transferred on the bus can be snooped. To protect data confidentiality, encryption is commonly used. However, encryption alone is not sufficient since the adversary can still find out useful information using the memory address trace. Oblivious RAM (ORAM) is a strong security measure to prevent such information leak. ORAM hides a true memory access in a round of random (dummy) accesses to the memory such that the data and addresses transferred over the memory buses look oblivious to the adversary. However, the existing ORAM designs often incur a hefty performance overhead, which greatly slows down the processor execution, especially for the multicore processor system where the potentially high memory access frequency from the multiple cores could make the impact of the performance overhead even more critical. To address this issue, we, for the first time, propose to process multiple memory access requests in a single round of dummy memory accesses. As such, we develop a novel ORAM design, called MP-ORAM, that targets the multicore system and is able to simultaneously handle a dynamic number of memory access requests to mitigate the performance overhead without compromising the obliviousness of the off-chip memory access trace. We have built a prototype for MP-ORAM and successfully integrated it into a RISCV-based multicore processor system. The whole system has also been implemented on a Xilinx Ultrascale+ ZCU102 FPGA board, with which we can effectively evaluate the performance of our design. Our evaluation, based on the SPLASH-2 benchmark suit, shows that MP-ORAM improves performance by 51–157% while only consuming up to 22% extra FPGA resources as compared to the baseline design. Furthermore, from the NIST randomness tests on the memory access traces generated by MP-ORAM, we have demonstrated that this performance improvement does not affect the obliviousness of the memory access trace. Most importantly, MP-ORAM is the first ORAM design of its kind that has been fully implemented and evaluated on a real multicore processor system with OS support.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141706932","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3340563
Chenxin Duan, Sainan Li, Hai Lin, Wenqi Chen, Guanglei Song, Chenglong Li, Jiahai Yang, Zhiliang Wang
With Internet-of-Things (IoT) devices gaining popularity, dedicated monitoring systems which accurately detect intrusion traffic for them are in high demand. Existing methods mainly use statistical spatial-temporal traffic features and machine learning models. Their practicality has been limited due to the lack of detection ability for stealthy and tricky attacks, diagnostic utility and long-term performance. To address these problems and motivated by the simplicity of mini IoT devices, we propose to construct fully packet-level models to profile traffic patterns for IoT devices by constructing automaton for short flow and long flow, where the length and direction of each packet are the representative features. We apply these fine-grained models to design and develop a traffic monitoring system, namely IoTa, to detect intrusion traffic for IoT devices. IoTa matches the ongoing traffic with patterns extracted from normal traffic traces. With visible and interactive traffic profiles, IoTa can generate interpretable alerts and is available for long-term use under reasonable human efforts. Evaluations on dozens of common IoT devices show that IoTa can achieve excellent detection accuracy (nearly perfect recalls and always over 0.999 precisions) for various intrusion traffic covering the complete kill chains. Incorrect detection results can be compensated for by error recovery mechanisms and the understandable alert context can be used by the operator to enhance the system. The diagnostic utility and little alert weariness are recognized by the experienced operators.
{"title":"IoTa: Fine-Grained Traffic Monitoring for IoT Devices via Fully Packet-Level Models","authors":"Chenxin Duan, Sainan Li, Hai Lin, Wenqi Chen, Guanglei Song, Chenglong Li, Jiahai Yang, Zhiliang Wang","doi":"10.1109/TDSC.2023.3340563","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3340563","url":null,"abstract":"With Internet-of-Things (IoT) devices gaining popularity, dedicated monitoring systems which accurately detect intrusion traffic for them are in high demand. Existing methods mainly use statistical spatial-temporal traffic features and machine learning models. Their practicality has been limited due to the lack of detection ability for stealthy and tricky attacks, diagnostic utility and long-term performance. To address these problems and motivated by the simplicity of mini IoT devices, we propose to construct fully packet-level models to profile traffic patterns for IoT devices by constructing automaton for short flow and long flow, where the length and direction of each packet are the representative features. We apply these fine-grained models to design and develop a traffic monitoring system, namely IoTa, to detect intrusion traffic for IoT devices. IoTa matches the ongoing traffic with patterns extracted from normal traffic traces. With visible and interactive traffic profiles, IoTa can generate interpretable alerts and is available for long-term use under reasonable human efforts. Evaluations on dozens of common IoT devices show that IoTa can achieve excellent detection accuracy (nearly perfect recalls and always over 0.999 precisions) for various intrusion traffic covering the complete kill chains. Incorrect detection results can be compensated for by error recovery mechanisms and the understandable alert context can be used by the operator to enhance the system. The diagnostic utility and little alert weariness are recognized by the experienced operators.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141711902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-01DOI: 10.1109/TDSC.2023.3337093
Jie Cui, Yatao Li, Qingyan Zhang, Hong Zhong, Chengjie Gu, Debiao He
There is a growing concern about the complete lifecycle security of data in Internet of Things (IoT). This may cause privacy and trust problems for users regarding data sources, data storage, and access control for data sharing. Blockchain is a valuable solution to the above problems through distributed ledger technology, and it has been widely applied in various fields such as public services, finance, and IoT. However, the data in IoT are characterized by a large quantity, large capacity, and timely response, and existing blockchain systems only partially resolve them for data security and performance. We propose DSChain for IoT data security to address the challenges mentioned above. Our system uses a certificateless signature to ensure a trusted data source and public auditing to ensure the integrity of stored data while using ciphertext-policy attribute-based encryption to control access to shared data. Moreover, we propose a packaging mechanism based on the Merkle Hash Tree that effectively improves system performance. We implement the DSChain and provide a detailed analysis of performance and security. The experimental results indicate that DSChain can achieve approximately 1035 transactions per second on a single peer and is scalable.
{"title":"DSChain: A Blockchain System for Complete Lifecycle Security of Data in Internet of Things","authors":"Jie Cui, Yatao Li, Qingyan Zhang, Hong Zhong, Chengjie Gu, Debiao He","doi":"10.1109/TDSC.2023.3337093","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3337093","url":null,"abstract":"There is a growing concern about the complete lifecycle security of data in Internet of Things (IoT). This may cause privacy and trust problems for users regarding data sources, data storage, and access control for data sharing. Blockchain is a valuable solution to the above problems through distributed ledger technology, and it has been widely applied in various fields such as public services, finance, and IoT. However, the data in IoT are characterized by a large quantity, large capacity, and timely response, and existing blockchain systems only partially resolve them for data security and performance. We propose DSChain for IoT data security to address the challenges mentioned above. Our system uses a certificateless signature to ensure a trusted data source and public auditing to ensure the integrity of stored data while using ciphertext-policy attribute-based encryption to control access to shared data. Moreover, we propose a packaging mechanism based on the Merkle Hash Tree that effectively improves system performance. We implement the DSChain and provide a detailed analysis of performance and security. The experimental results indicate that DSChain can achieve approximately 1035 transactions per second on a single peer and is scalable.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141690008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Runtime verification is a technique, where a monitor process extracts information from a running system in order to evaluate whether system executions violate or satisfy a given correctness specification. In this article, we consider runtime verification of synchronous distributed systems, where a set of decentralized monitors that only have a partial view of the system are subject to crash failures. In this context, it is unavoidable that monitors may have different views of the underlying system, and, therefore, have different opinions about the correctness property. We propose an automata-based synchronous monitoring algorithm that copes with $t$t crash monitor failures. In our proposed approach, local monitors do not communicate their explicit reading of the underlying system. Rather, they emit a symbolic verdict that efficiently encodes their partial views. This significantly reduces the communication overhead. To this end, we also introduce an (offline) SMT-based monitor synthesis algorithm, which results in minimizing the size of monitoring messages. We evaluate our algorithm on a wide range of formulas and observe an average of 2.5 times increase in the number of states of the monitor automaton.
{"title":"Crash-Resilient Decentralized Synchronous Runtime Verification","authors":"Ritam Ganguly, Shokufeh Kazemloo, Borzoo Bonakdarpour","doi":"10.1109/TDSC.2023.3265566","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3265566","url":null,"abstract":"<italic>Runtime verification</italic> is a technique, where a <italic>monitor</italic> process extracts information from a running system in order to evaluate whether system executions violate or satisfy a given correctness specification. In this article, we consider runtime verification of synchronous distributed systems, where a set of decentralized monitors that only have a partial view of the system are subject to <italic>crash failures</italic>. In this context, it is unavoidable that monitors may have different views of the underlying system, and, therefore, have different opinions about the correctness property. We propose an automata-based synchronous monitoring algorithm that copes with <inline-formula><tex-math notation=\"LaTeX\">$t$</tex-math><alternatives><mml:math><mml:mi>t</mml:mi></mml:math><inline-graphic xlink:href=\"bonakdarpour-ieq1-3265566.gif\"/></alternatives></inline-formula> crash monitor failures. In our proposed approach, local monitors do not communicate their explicit reading of the underlying system. Rather, they emit a <italic>symbolic verdict</italic> that efficiently encodes their partial views. This significantly reduces the communication overhead. To this end, we also introduce an (offline) SMT-based monitor synthesis algorithm, which results in minimizing the size of monitoring messages. We evaluate our algorithm on a wide range of formulas and observe an average of 2.5 times increase in the number of states of the monitor automaton.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2024-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141037009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-03-26DOI: 10.1109/tdsc.2024.3382630
Jianqing Liu, Na Gong, Hritom Das
The software-based implementation of differential privacy mechanisms has been shown to be neither friendly for lightweight devices nor secure against side-channel attacks. In this work, we aim to develop a hardware-based technique to achieve differential privacy by design. In contrary to the conventional software-based noise generation and injection process, our design realizes local differential privacy (LDP) by harnessing the inherent hardware noise into controlled LDP noise when data is stored in the memory. Specifically, the noise is tamed through a novel memory design and power downscaling technique, which leads to double-faceted gains in privacy and power efficiency. A well-round study that consists of theoretical design and analysis and chip implementation and experiments is presented. The results confirm that the developed technique is differentially private, saves 88.58% system power, speeds up software-based DP mechanisms by more than 10^6 times, while only incurring 2.46% chip overhead and 7.81% estimation errors in data recovery.
{"title":"Two Birds with One Stone: Differential Privacy by Low-power SRAM Memory","authors":"Jianqing Liu, Na Gong, Hritom Das","doi":"10.1109/tdsc.2024.3382630","DOIUrl":"https://doi.org/10.1109/tdsc.2024.3382630","url":null,"abstract":"The software-based implementation of differential privacy mechanisms has been shown to be neither friendly for lightweight devices nor secure against side-channel attacks. In this work, we aim to develop a hardware-based technique to achieve differential privacy by design. In contrary to the conventional software-based noise generation and injection process, our design realizes local differential privacy (LDP) by harnessing the inherent hardware noise into controlled LDP noise when data is stored in the memory. Specifically, the noise is tamed through a novel memory design and power downscaling technique, which leads to double-faceted gains in privacy and power efficiency. A well-round study that consists of theoretical design and analysis and chip implementation and experiments is presented. The results confirm that the developed technique is differentially private, saves 88.58% system power, speeds up software-based DP mechanisms by more than 10^6 times, while only incurring 2.46% chip overhead and 7.81% estimation errors in data recovery.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2024-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140378404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}