Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3214235
Hyunsoo Kwon, Sangtae Lee, Minjae Kim, Changhee Hahn, Junbeom Hur
Digital certificates play an important role in the authentication of communicating parties for transport layer security. Recently, however, frequent incidents such as the illegal issuance of fake certificates by a compromised certificate authority have raised concerns about the legacy certificate system. Certificate Transparency (CT) mitigates such issues by employing a log server to audit issued certificates publicly, making the certificate issuance and verification processes transparent. Unfortunately, the legacy CT ecosystem suffers from log server compromises and user browsing information leakage. Furthermore, the data structure for the certificate management in the legacy CT system incurs computation overhead linear to the number of registered certificates in the log. In this paper, we propose a secure CT scheme by leveraging a shared value tree (SVT), a novel log structure specifically designed to address the log server compromise and browsing information leakage problems. The verification time of SVT remains constant regardless of the number of registered certificates in the log. We analyze our scheme on the legacy CT system to demonstrate its incremental deployability, guaranteeing a smooth transition toward a more secure web ecosystem.
{"title":"Certificate Transparency With Enhanced Privacy","authors":"Hyunsoo Kwon, Sangtae Lee, Minjae Kim, Changhee Hahn, Junbeom Hur","doi":"10.1109/TDSC.2022.3214235","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3214235","url":null,"abstract":"Digital certificates play an important role in the authentication of communicating parties for transport layer security. Recently, however, frequent incidents such as the illegal issuance of fake certificates by a compromised certificate authority have raised concerns about the legacy certificate system. Certificate Transparency (CT) mitigates such issues by employing a log server to audit issued certificates publicly, making the certificate issuance and verification processes transparent. Unfortunately, the legacy CT ecosystem suffers from log server compromises and user browsing information leakage. Furthermore, the data structure for the certificate management in the legacy CT system incurs computation overhead linear to the number of registered certificates in the log. In this paper, we propose a secure CT scheme by leveraging a shared value tree (SVT), a novel log structure specifically designed to address the log server compromise and browsing information leakage problems. The verification time of SVT remains constant regardless of the number of registered certificates in the log. We analyze our scheme on the legacy CT system to demonstrate its incremental deployability, guaranteeing a smooth transition toward a more secure web ecosystem.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3860-3872"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49055116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Traditional schemes for reversible data hiding in encrypted images (RDH-EI) focus on one data hider and cannot resist the single point of failure. Besides, the image security is determined by one party, rather than multiple parties. Thus, it is valuable to design RDH-EI schemes with multiple data hiders for stronger security. In this article, we propose a multiple data hiders-based RDH-EI scheme using a new secret sharing technique. First, we devise an <inline-formula><tex-math notation="LaTeX">$(r,n)$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>r</mml:mi><mml:mo>,</mml:mo><mml:mi>n</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="hua-ieq1-3218570.gif"/></alternatives></inline-formula>-threshold <inline-formula><tex-math notation="LaTeX">$(rleq n)$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>r</mml:mi><mml:mo>≤</mml:mo><mml:mi>n</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="hua-ieq2-3218570.gif"/></alternatives></inline-formula> matrix-based secret sharing (MSS) using matrix theory, and theoretically verify its efficacy and security properties. Then, using the MSS, we propose an <inline-formula><tex-math notation="LaTeX">$(r,n)$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>r</mml:mi><mml:mo>,</mml:mo><mml:mi>n</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="hua-ieq3-3218570.gif"/></alternatives></inline-formula>-threshold RDH-EI scheme called MSS-RDHEI. The content owner encrypts an image to be <inline-formula><tex-math notation="LaTeX">$n$</tex-math><alternatives><mml:math><mml:mi>n</mml:mi></mml:math><inline-graphic xlink:href="hua-ieq4-3218570.gif"/></alternatives></inline-formula> encrypted images using the MSS with an encryption key, and outsources these encrypted images to <inline-formula><tex-math notation="LaTeX">$n$</tex-math><alternatives><mml:math><mml:mi>n</mml:mi></mml:math><inline-graphic xlink:href="hua-ieq5-3218570.gif"/></alternatives></inline-formula> data hiders. Each data hider can embed some data, e.g., copyright and identification information, into the encrypted image for the purposes of storage, management, or other processing, and these data can also be losslessly extracted. An authorized receiver can recover the confidential image from <inline-formula><tex-math notation="LaTeX">$r$</tex-math><alternatives><mml:math><mml:mi>r</mml:mi></mml:math><inline-graphic xlink:href="hua-ieq6-3218570.gif"/></alternatives></inline-formula> encrypted images. By designing, our MSS-RDHEI scheme can withstand <inline-formula><tex-math notation="LaTeX">$n-r$</tex-math><alternatives><mml:math><mml:mrow><mml:mi>n</mml:mi><mml:mo>-</mml:mo><mml:mi>r</mml:mi></mml:mrow></mml:math><inline-graphic xlink:href="hua-ieq7-3218570.gif"/></alternatives></inline-formula> points of failure. Experimental results show that it ensures the image content confidentiality and achieves a much larger emb
{"title":"Matrix-Based Secret Sharing for Reversible Data Hiding in Encrypted Images","authors":"Zhongyun Hua, Yanxiang Wang, Shuang Yi, Yifeng Zheng, Xingyu Liu, Yongyong Chen, Xinpeng Zhang","doi":"10.1109/TDSC.2022.3218570","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3218570","url":null,"abstract":"Traditional schemes for reversible data hiding in encrypted images (RDH-EI) focus on one data hider and cannot resist the single point of failure. Besides, the image security is determined by one party, rather than multiple parties. Thus, it is valuable to design RDH-EI schemes with multiple data hiders for stronger security. In this article, we propose a multiple data hiders-based RDH-EI scheme using a new secret sharing technique. First, we devise an <inline-formula><tex-math notation=\"LaTeX\">$(r,n)$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>r</mml:mi><mml:mo>,</mml:mo><mml:mi>n</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"hua-ieq1-3218570.gif\"/></alternatives></inline-formula>-threshold <inline-formula><tex-math notation=\"LaTeX\">$(rleq n)$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>r</mml:mi><mml:mo>≤</mml:mo><mml:mi>n</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"hua-ieq2-3218570.gif\"/></alternatives></inline-formula> matrix-based secret sharing (MSS) using matrix theory, and theoretically verify its efficacy and security properties. Then, using the MSS, we propose an <inline-formula><tex-math notation=\"LaTeX\">$(r,n)$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>r</mml:mi><mml:mo>,</mml:mo><mml:mi>n</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"hua-ieq3-3218570.gif\"/></alternatives></inline-formula>-threshold RDH-EI scheme called MSS-RDHEI. The content owner encrypts an image to be <inline-formula><tex-math notation=\"LaTeX\">$n$</tex-math><alternatives><mml:math><mml:mi>n</mml:mi></mml:math><inline-graphic xlink:href=\"hua-ieq4-3218570.gif\"/></alternatives></inline-formula> encrypted images using the MSS with an encryption key, and outsources these encrypted images to <inline-formula><tex-math notation=\"LaTeX\">$n$</tex-math><alternatives><mml:math><mml:mi>n</mml:mi></mml:math><inline-graphic xlink:href=\"hua-ieq5-3218570.gif\"/></alternatives></inline-formula> data hiders. Each data hider can embed some data, e.g., copyright and identification information, into the encrypted image for the purposes of storage, management, or other processing, and these data can also be losslessly extracted. An authorized receiver can recover the confidential image from <inline-formula><tex-math notation=\"LaTeX\">$r$</tex-math><alternatives><mml:math><mml:mi>r</mml:mi></mml:math><inline-graphic xlink:href=\"hua-ieq6-3218570.gif\"/></alternatives></inline-formula> encrypted images. By designing, our MSS-RDHEI scheme can withstand <inline-formula><tex-math notation=\"LaTeX\">$n-r$</tex-math><alternatives><mml:math><mml:mrow><mml:mi>n</mml:mi><mml:mo>-</mml:mo><mml:mi>r</mml:mi></mml:mrow></mml:math><inline-graphic xlink:href=\"hua-ieq7-3218570.gif\"/></alternatives></inline-formula> points of failure. Experimental results show that it ensures the image content confidentiality and achieves a much larger emb","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3669-3686"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49558768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3207429
Yanjiao Chen, Zhicong Zheng, Xueluan Gong
Recent works have revealed that backdoor attacks against Deep Reinforcement Learning (DRL) could lead to abnormal action selections of the agent, which may result in failure or even catastrophe in crucial decision processes. However, existing attacks only consider single-agent reinforcement learning (RL) systems, in which the only agent can observe the global state and have full control of the decision process. In this article, we explore a new backdoor attack paradigm in cooperative multi-agent reinforcement learning (CMARL) scenarios, where a group of agents coordinate with each other to achieve a common goal, while each agent can only observe the local state. In the proposed MARNet attack framework, we carefully design a pipeline of trigger design, action poisoning, and reward hacking modules to accommodate the cooperative multi-agent settings. In particular, as only a subset of agents can observe the triggers in their local observations, we maneuver their actions to the worst actions suggested by an expert policy model. Since the global reward in CMARL is aggregated by individual rewards from all agents, we propose to modify the reward in a way that boosts the bad actions of poisoned agents (agents who observe the triggers) but mitigates the influence on non-poisoned agents. We conduct extensive experiments on three classical CMARL algorithms VDN, COMA, and QMIX, in two popular CMARL games Predator Prey and SMAC. The results show that the baselines extended from single-agent DRL backdoor attacks seldom work in CMARL problems while MARNet performs well by reducing the utility under attack by nearly 100%. We apply fine-tuning as a potential defense against MARNet and demonstrate that fine-tuning cannot entirely eliminate the effect of the attack.
{"title":"MARNet: Backdoor Attacks Against Cooperative Multi-Agent Reinforcement Learning","authors":"Yanjiao Chen, Zhicong Zheng, Xueluan Gong","doi":"10.1109/TDSC.2022.3207429","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3207429","url":null,"abstract":"Recent works have revealed that backdoor attacks against Deep Reinforcement Learning (DRL) could lead to abnormal action selections of the agent, which may result in failure or even catastrophe in crucial decision processes. However, existing attacks only consider single-agent reinforcement learning (RL) systems, in which the only agent can observe the global state and have full control of the decision process. In this article, we explore a new backdoor attack paradigm in cooperative multi-agent reinforcement learning (CMARL) scenarios, where a group of agents coordinate with each other to achieve a common goal, while each agent can only observe the local state. In the proposed MARNet attack framework, we carefully design a pipeline of trigger design, action poisoning, and reward hacking modules to accommodate the cooperative multi-agent settings. In particular, as only a subset of agents can observe the triggers in their local observations, we maneuver their actions to the worst actions suggested by an expert policy model. Since the global reward in CMARL is aggregated by individual rewards from all agents, we propose to modify the reward in a way that boosts the bad actions of poisoned agents (agents who observe the triggers) but mitigates the influence on non-poisoned agents. We conduct extensive experiments on three classical CMARL algorithms VDN, COMA, and QMIX, in two popular CMARL games Predator Prey and SMAC. The results show that the baselines extended from single-agent DRL backdoor attacks seldom work in CMARL problems while MARNet performs well by reducing the utility under attack by nearly 100%. We apply fine-tuning as a potential defense against MARNet and demonstrate that fine-tuning cannot entirely eliminate the effect of the attack.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4188-4198"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43789174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Blockchain technologies have drawn a lot of attentions, and its immutability is paramount to applications requiring persistent records. However, tremendous real-world incidents have exposed the harm of strict immutability, such as the illicit data stored on Bitcoin and the loss of millions of dollars in vulnerable smart contracts. Moreover, “Right to be Forgotten” has been imposed in new General Data Protection Regulation (GDPR) of European Union, which is incompatible with blockchain's immutability. Therefore, it is imperative to design efficient redactable blockchain in a controlled way. In this paper, we present a generic design of redactable blockchain protocols in the permissionless setting, applied to both proof-of-stake and proof-of-work blockchains. Our protocol can (1) maintain the same adversary bound requirement as the underlying blockchain, (2) support various network environments, (3) offer public verifiability for any redaction, and (4) achieve instant redaction, even only within one slot in the best case, which is desirable for redacting harmful data. Furthermore, we define the first ideal protocol of redactable blockchain and conduct security analysis following the language of universal composition. Finally, we develop a proof-of-concept implementation showing that the overhead remains minimal for both online and re-spawning nodes, which demonstrates the high efficiency of our design.
{"title":"Escaping From Consensus: Instantly Redactable Blockchain Protocols in Permissionless Setting","authors":"Xinyu Li, Jing Xu, Lingyuan Yin, Yuan Lu, Qiang Tang, Zhenfeng Zhang","doi":"10.1109/TDSC.2022.3212601","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3212601","url":null,"abstract":"Blockchain technologies have drawn a lot of attentions, and its immutability is paramount to applications requiring persistent records. However, tremendous real-world incidents have exposed the harm of strict immutability, such as the illicit data stored on Bitcoin and the loss of millions of dollars in vulnerable smart contracts. Moreover, “Right to be Forgotten” has been imposed in new General Data Protection Regulation (GDPR) of European Union, which is incompatible with blockchain's immutability. Therefore, it is imperative to design efficient redactable blockchain in a controlled way. In this paper, we present a generic design of redactable blockchain protocols in the permissionless setting, applied to both proof-of-stake and proof-of-work blockchains. Our protocol can (1) maintain the same adversary bound requirement as the underlying blockchain, (2) support various network environments, (3) offer public verifiability for any redaction, and (4) achieve instant redaction, even only within one slot in the best case, which is desirable for redacting harmful data. Furthermore, we define the first ideal protocol of redactable blockchain and conduct security analysis following the language of universal composition. Finally, we develop a proof-of-concept implementation showing that the overhead remains minimal for both online and re-spawning nodes, which demonstrates the high efficiency of our design.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3699-3715"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43816978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Payment channel networks (PCNs) are considered as a prominent solution for scaling blockchain, where users can establish payment channels and complete transactions in an off-chain manner. However, it is non-trivial to schedule transactions in PCNs and most existing routing algorithms suffer from the following challenges: 1) one-shot optimization, 2) privacy-invasive channel probing, 3) vulnerability to DoS attacks. To address these challenges, we propose a privacy-aware transaction scheduling algorithm with defence against DoS attacks based on deep reinforcement learning (DRL), namely PTRD. Specifically, considering both the privacy preservation and long-term throughput into the optimization criteria, we formulate the transaction-scheduling problem as a Constrained Markov Decision Process. We then design PTRD, which extends off-the-shelf DRL algorithms to constrained optimization with an additional cost critic-network and an adaptive Lagrangian multiplier. Moreover, considering the distribution nature of PCNs, in which each user schedules transactions independently, we develop a distributed training framework to collect the knowledge learned by each agent so as to enhance learning effectiveness. With the customized network design and the distributed training framework, PTRD achieves a good balance between the optimization of the throughput and the minimization of privacy risks. Evaluations show that PTRD outperforms the state-of-the-art PCN routing algorithms by 2.7%–62.5% in terms of the long-term throughput while satisfying privacy constraints.
{"title":"A Distributed and Privacy-Aware High-Throughput Transaction Scheduling Approach for Scaling Blockchain","authors":"Xiaoyu Qiu, Wuhui Chen, Bingxin Tang, Junyuan Liang, Hongning Dai, Zibin Zheng","doi":"10.1109/TDSC.2022.3216571","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3216571","url":null,"abstract":"Payment channel networks (PCNs) are considered as a prominent solution for scaling blockchain, where users can establish payment channels and complete transactions in an off-chain manner. However, it is non-trivial to schedule transactions in PCNs and most existing routing algorithms suffer from the following challenges: 1) one-shot optimization, 2) privacy-invasive channel probing, 3) vulnerability to DoS attacks. To address these challenges, we propose a privacy-aware transaction scheduling algorithm with defence against DoS attacks based on deep reinforcement learning (DRL), namely PTRD. Specifically, considering both the privacy preservation and long-term throughput into the optimization criteria, we formulate the transaction-scheduling problem as a Constrained Markov Decision Process. We then design PTRD, which extends off-the-shelf DRL algorithms to constrained optimization with an additional cost critic-network and an adaptive Lagrangian multiplier. Moreover, considering the distribution nature of PCNs, in which each user schedules transactions independently, we develop a distributed training framework to collect the knowledge learned by each agent so as to enhance learning effectiveness. With the customized network design and the distributed training framework, PTRD achieves a good balance between the optimization of the throughput and the minimization of privacy risks. Evaluations show that PTRD outperforms the state-of-the-art PCN routing algorithms by 2.7%–62.5% in terms of the long-term throughput while satisfying privacy constraints.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4372-4386"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44737676","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3211955
Yanghua Xiao, Zhuolin Xing, A. Liu, Lei Bai, Qingqi Pei, Lina Yao
Graph neural networks (GNNs) are a specialized type of deep learning models on graphs by learning aggregations over neighbor nodes. However, recent studies reveal that the performance of GNNs are severely deteriorated by injecting adversarial examples. Hence, improving the robustness of GNNs is of significant importance. Prior works are devoted to reducing the influence of direct adversaries which are adversarial attacks by positioning a node's one-hop neighbors, yet these approaches are limited in protecting GNNs from indirect adversarial attacks within a node's multi-hop neighbors. In this work, we approach this problem from a new angle by exploring the graph Ricci curvature, which can characterize the relationships of both direct and indirect links from any two nodes’ neighborhoods in the Riemannian space. We first investigate the distinguishable properties of adversarial attacks with graph Ricci curvature distribution. Then, a novel defense framework called Cure-GNN is proposed to detect and mitigate adversarial effects. Cure-GNN discerns the distinction between adversarial edges and normal edges via computing curvature, and merges it into the node features reconstructed by a residual learning framework. Extensive experiments over real-world datasets on node classification task demonstrate the efficacy of Cure-GNN and achieves superiority to the state-of-the-arts without incurring high complexity.
{"title":"Cure-GNN: A Robust Curvature-Enhanced Graph Neural Network Against Adversarial Attacks","authors":"Yanghua Xiao, Zhuolin Xing, A. Liu, Lei Bai, Qingqi Pei, Lina Yao","doi":"10.1109/TDSC.2022.3211955","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3211955","url":null,"abstract":"Graph neural networks (GNNs) are a specialized type of deep learning models on graphs by learning aggregations over neighbor nodes. However, recent studies reveal that the performance of GNNs are severely deteriorated by injecting adversarial examples. Hence, improving the robustness of GNNs is of significant importance. Prior works are devoted to reducing the influence of direct adversaries which are adversarial attacks by positioning a node's one-hop neighbors, yet these approaches are limited in protecting GNNs from indirect adversarial attacks within a node's multi-hop neighbors. In this work, we approach this problem from a new angle by exploring the graph Ricci curvature, which can characterize the relationships of both direct and indirect links from any two nodes’ neighborhoods in the Riemannian space. We first investigate the distinguishable properties of adversarial attacks with graph Ricci curvature distribution. Then, a novel defense framework called Cure-GNN is proposed to detect and mitigate adversarial effects. Cure-GNN discerns the distinction between adversarial edges and normal edges via computing curvature, and merges it into the node features reconstructed by a residual learning framework. Extensive experiments over real-world datasets on node classification task demonstrate the efficacy of Cure-GNN and achieves superiority to the state-of-the-arts without incurring high complexity.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4214-4229"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48418616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3220718
Yibing Liu, Lijun Huo, Jun Wu, M. Guizani
The emergence of new communication applications adds high heterogeneity to 5G-networks. With the increase of heterogeneity, handover of user equipment between different service HetNets is frequent. It must smoothly realize user-free switching to provide services continuously. Although the 3 rd Generation Partnership Project (3GPP) has proposed a standard protocol for this scenario, it is found that these protocols cannot satisfy key forward/backward secrecy, lacks mutual authentication, etc. Further, it can be subjected to replay, DoS and other attacks. To alleviate these problems, we propose a mask random array protocol, MRSA. For efficient, secure handover authentication in 5G HetNets, we first design a verification mechanism called mask array, which depends on a random number self-circulating encryption structure. The mechanism can not only check the identity of the communication entity but also evaluate the freshness of the message. Second, we devise the mask array-based key derivation method to ensure the whole mechanism's key security. Third, formal proof and automated analysis are established to verify the efficiency and safety of the proposed MRSA protocol. Finally, function and robustness analysis illustrate the ability to resist attacks, while the simulation base station communication analysis shows the efficiency of the protocol from three aspects of data, time and energy. MRSA has significant performance advantages compared to existing schemes in 5G HetNets.
{"title":"MRSA: Mask Random Array Protocol for Efficient Secure Handover Authentication in 5G HetNets","authors":"Yibing Liu, Lijun Huo, Jun Wu, M. Guizani","doi":"10.1109/TDSC.2022.3220718","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3220718","url":null,"abstract":"The emergence of new communication applications adds high heterogeneity to 5G-networks. With the increase of heterogeneity, handover of user equipment between different service HetNets is frequent. It must smoothly realize user-free switching to provide services continuously. Although the 3 rd Generation Partnership Project (3GPP) has proposed a standard protocol for this scenario, it is found that these protocols cannot satisfy key forward/backward secrecy, lacks mutual authentication, etc. Further, it can be subjected to replay, DoS and other attacks. To alleviate these problems, we propose a mask random array protocol, MRSA. For efficient, secure handover authentication in 5G HetNets, we first design a verification mechanism called mask array, which depends on a random number self-circulating encryption structure. The mechanism can not only check the identity of the communication entity but also evaluate the freshness of the message. Second, we devise the mask array-based key derivation method to ensure the whole mechanism's key security. Third, formal proof and automated analysis are established to verify the efficiency and safety of the proposed MRSA protocol. Finally, function and robustness analysis illustrate the ability to resist attacks, while the simulation base station communication analysis shows the efficiency of the protocol from three aspects of data, time and energy. MRSA has significant performance advantages compared to existing schemes in 5G HetNets.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3809-3827"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48623189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The FIDO protocol suite aims at allowing users to log in to remote services with a local and trusted authenticator. With FIDO, relying services do not need to store user-chosen secrets or their hashes, which eliminates a major attack surface for e-business. Given its increasing popularity, it is imperative to formally analyze whether the security promises of FIDO hold. In this paper, we present a comprehensive and formal verification of the FIDO UAF protocol by formalizing its security assumptions and goals and modeling the protocol under different scenarios in ProVerif. Our analysis identifies the minimal security assumptions required for each of the security goals of FIDO UAF to hold. We confirm previously manually discovered vulnerabilities in an automated way and disclose several new attacks. Guided by the formal verification results, we also discovered two practical attacks on two popular Android FIDO apps, which we responsibly disclosed to the vendors. In addition, we offer several concrete recommendations to fix the identified problems and weaknesses in the protocol.
{"title":"FIDO Gets Verified: A Formal Analysis of the Universal Authentication Framework Protocol","authors":"Haonan Feng, Jingjing Guan, Hui Li, Xuesong Pan, Ziming Zhao","doi":"10.1109/TDSC.2022.3217259","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3217259","url":null,"abstract":"The FIDO protocol suite aims at allowing users to log in to remote services with a local and trusted authenticator. With FIDO, relying services do not need to store user-chosen secrets or their hashes, which eliminates a major attack surface for e-business. Given its increasing popularity, it is imperative to formally analyze whether the security promises of FIDO hold. In this paper, we present a comprehensive and formal verification of the FIDO UAF protocol by formalizing its security assumptions and goals and modeling the protocol under different scenarios in ProVerif. Our analysis identifies the minimal security assumptions required for each of the security goals of FIDO UAF to hold. We confirm previously manually discovered vulnerabilities in an automated way and disclose several new attacks. Guided by the formal verification results, we also discovered two practical attacks on two popular Android FIDO apps, which we responsibly disclosed to the vendors. In addition, we offer several concrete recommendations to fix the identified problems and weaknesses in the protocol.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4291-4310"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49573053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3227654
Mengmeng Yang, Ivan Tjuawinata, Kwok-Yan Lam, Tianqing Zhu, Jun Zhao
In order to remain competitive, Internet companies collect and analyse user data for the purpose of the improvement of user experiences. Frequency estimation is a widely used statistical tool, which could potentially conflict with the relevant privacy regulations. Privacy preserving analytic methods based on differential privacy have been proposed, which require either a large user base or a trusted server. Although the requirements for such solutions may not be a problem for larger companies, they may be unattainable for smaller organizations. To address this issue, we propose a distributed privacy-preserving sampling-based frequency estimation method which has high accuracy even in the scenario with a small number of users while not requiring any trusted server. This is achieved by combining multi-party computation and sampling techniques. We also provide a relation between its privacy guarantee, output accuracy, and the number of participants. Distinct from most existing methods, our methods achieve centralized differential privacy guarantee without the need of any trusted server. We established that, even for a small number of participants, our mechanisms can produce estimates with high accuracy and hence they provide smaller companies with more opportunity for growth through privacy-preserving statistical analysis. We further propose an architectural model to support weighted aggregation in order to achieve a higher accuracy estimate to cater for users with varying privacy requirements. Compared to the unweighted aggregation, our method provides a more accurate estimate. Extensive experiments are conducted to show the effectiveness of the proposed methods.
{"title":"Differentially Private Distributed Frequency Estimation","authors":"Mengmeng Yang, Ivan Tjuawinata, Kwok-Yan Lam, Tianqing Zhu, Jun Zhao","doi":"10.1109/TDSC.2022.3227654","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3227654","url":null,"abstract":"In order to remain competitive, Internet companies collect and analyse user data for the purpose of the improvement of user experiences. Frequency estimation is a widely used statistical tool, which could potentially conflict with the relevant privacy regulations. Privacy preserving analytic methods based on differential privacy have been proposed, which require either a large user base or a trusted server. Although the requirements for such solutions may not be a problem for larger companies, they may be unattainable for smaller organizations. To address this issue, we propose a distributed privacy-preserving sampling-based frequency estimation method which has high accuracy even in the scenario with a small number of users while not requiring any trusted server. This is achieved by combining multi-party computation and sampling techniques. We also provide a relation between its privacy guarantee, output accuracy, and the number of participants. Distinct from most existing methods, our methods achieve centralized differential privacy guarantee without the need of any trusted server. We established that, even for a small number of participants, our mechanisms can produce estimates with high accuracy and hence they provide smaller companies with more opportunity for growth through privacy-preserving statistical analysis. We further propose an architectural model to support weighted aggregation in order to achieve a higher accuracy estimate to cater for users with varying privacy requirements. Compared to the unweighted aggregation, our method provides a more accurate estimate. Extensive experiments are conducted to show the effectiveness of the proposed methods.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3910-3926"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45179742","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3207573
Haozhi Li, T. Song, Yating Yang
Network covert timing channels can be maliciously used to exfiltrate secrets, coordinate attacks and propagate malwares, posing serious threats to cybersecurity. Current covert timing channels normally conduct small-volume transmission under the covers of various disguising techniques, making them hard to detect especially when a detector has little priori knowledge of their traffic features. In this article, we propose a generic and sensitive detection approach, which can simultaneously (i) identify various types of channels without their traffic knowledge and (ii) maintain reasonable performance on small traffic samples. The basis of our approach is the finding that the short-term timing behavior of covert and legitimate traffic is significantly different from the perspective of inter-packet delays’ variation. This phenomenon can be a generic reference to detect various channels because it is resistant to major channel disguising techniques which only mimic long-term traffic features, while it is also a sensitive reference to spot small-volume covert transmission since it can capture traffic anomalies in a fine-grained manner. To obtain the inner patterns of inter-packet delays’ variation, we design a context-sensitive feature-extraction technique. This technique transforms each raw inter-packet delay into a discrete counterpart based on its contextual properties, thus extracting its variation features and reducing traffic data complexity. Then we learn legitimate variation patterns using a neural network model, and identify samples showing anomalous variation as covert. The experimental results show that our approach effectively detects all currently representative channels in the absence of their knowledge, presenting once to twice higher sensitivity than the state-of-the-art solutions.
{"title":"Generic and Sensitive Anomaly Detection of Network Covert Timing Channels","authors":"Haozhi Li, T. Song, Yating Yang","doi":"10.1109/TDSC.2022.3207573","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3207573","url":null,"abstract":"Network covert timing channels can be maliciously used to exfiltrate secrets, coordinate attacks and propagate malwares, posing serious threats to cybersecurity. Current covert timing channels normally conduct small-volume transmission under the covers of various disguising techniques, making them hard to detect especially when a detector has little priori knowledge of their traffic features. In this article, we propose a generic and sensitive detection approach, which can simultaneously (i) identify various types of channels without their traffic knowledge and (ii) maintain reasonable performance on small traffic samples. The basis of our approach is the finding that the short-term timing behavior of covert and legitimate traffic is significantly different from the perspective of inter-packet delays’ variation. This phenomenon can be a generic reference to detect various channels because it is resistant to major channel disguising techniques which only mimic long-term traffic features, while it is also a sensitive reference to spot small-volume covert transmission since it can capture traffic anomalies in a fine-grained manner. To obtain the inner patterns of inter-packet delays’ variation, we design a context-sensitive feature-extraction technique. This technique transforms each raw inter-packet delay into a discrete counterpart based on its contextual properties, thus extracting its variation features and reducing traffic data complexity. Then we learn legitimate variation patterns using a neural network model, and identify samples showing anomalous variation as covert. The experimental results show that our approach effectively detects all currently representative channels in the absence of their knowledge, presenting once to twice higher sensitivity than the state-of-the-art solutions.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4085-4100"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45294673","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: