Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3238412
Anton Wahrstatter, Jorão Gomes, Sajjad Khan, D. Svetinovic
The potential of Bitcoin for money laundering and terrorist financing represents a significant challenge in law enforcement. In recent years, the use of privacy-improving CoinJoin transactions has grown significantly and helped criminal actors obfuscate Bitcoin money flows. In this study, we use unsupervised machine learning to analyze the complete Bitcoin user graph in order to identify suspicious actors potentially involved in illegal activities. In contrast to the existing studies, we introduce a novel set of features that we use to identify potential criminal activity more accurately. Furthermore, we apply our clustering algorithm to a CoinJoin-adjusted variant of the Bitcoin user graph, which enables us to analyze the network at a more detailed, user-centric level while still offering opportunities to address advanced privacy-enhancing techniques at a later stage. By comparing the results with our ground truth data set, we find that our improved clustering method is able to capture significantly more illicit activity within the most suspicious clusters. Finally, we find that users associated with illegal activities commonly have significant short paths to CoinJoin wallets and show tendencies toward outlier behavior. Our results have potential contributions to anti-money laundering efforts and combating the financing of terrorism and other illegal activities.
{"title":"Improving Cryptocurrency Crime Detection: CoinJoin Community Detection Approach","authors":"Anton Wahrstatter, Jorão Gomes, Sajjad Khan, D. Svetinovic","doi":"10.1109/tdsc.2023.3238412","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3238412","url":null,"abstract":"The potential of Bitcoin for money laundering and terrorist financing represents a significant challenge in law enforcement. In recent years, the use of privacy-improving CoinJoin transactions has grown significantly and helped criminal actors obfuscate Bitcoin money flows. In this study, we use unsupervised machine learning to analyze the complete Bitcoin user graph in order to identify suspicious actors potentially involved in illegal activities. In contrast to the existing studies, we introduce a novel set of features that we use to identify potential criminal activity more accurately. Furthermore, we apply our clustering algorithm to a CoinJoin-adjusted variant of the Bitcoin user graph, which enables us to analyze the network at a more detailed, user-centric level while still offering opportunities to address advanced privacy-enhancing techniques at a later stage. By comparing the results with our ground truth data set, we find that our improved clustering method is able to capture significantly more illicit activity within the most suspicious clusters. Finally, we find that users associated with illegal activities commonly have significant short paths to CoinJoin wallets and show tendencies toward outlier behavior. Our results have potential contributions to anti-money laundering efforts and combating the financing of terrorism and other illegal activities.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62410289","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2022.3228076
Yue Sun, Zhi Li, Shichao Lv, Limin Sun
Industrial Control System (ICS) protocols have built a tight coupling between ICS components, including industrial software and field controllers such as Programmable Logic Controllers (PLCs). With more ICS components are exposed on the Internet, huge threats are emerging through the exploitation on the inherent defects of ICS protocols. However, the proprietary of ICS protocols makes it extremely hard to build intrusion detection system or perform penetration tests for ICS security reinforcement. In this work, we introduce a symbolic-execution based protocol reverse analysis framework to extract the message format and field type of ICS protocols from real-world PLC firmware. We design new coverage metric and path prioritization strategy to enhance symbolic execution for extensive protocol reverse analysis. Moreover, we propose a field-expression based method on protocol message format inference, along with the analysis on the value ranges of fields which are ignored by previous work. Our evaluation shows that our methods can extract more protocol information during symbolic execution, and achieve high accuracy on protocol reverse analysis compared to Wireshark. Furthermore, we equip the results on private ICS protocols with a black-box fuzzer to test two real-world PLCs. In total, we have found 10 vulnerabilities, including 4 new vulnerabilities.
{"title":"Spenny: Extensive ICS Protocol Reverse Analysis via Field Guided Symbolic Execution","authors":"Yue Sun, Zhi Li, Shichao Lv, Limin Sun","doi":"10.1109/tdsc.2022.3228076","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3228076","url":null,"abstract":"Industrial Control System (ICS) protocols have built a tight coupling between ICS components, including industrial software and field controllers such as Programmable Logic Controllers (PLCs). With more ICS components are exposed on the Internet, huge threats are emerging through the exploitation on the inherent defects of ICS protocols. However, the proprietary of ICS protocols makes it extremely hard to build intrusion detection system or perform penetration tests for ICS security reinforcement. In this work, we introduce a symbolic-execution based protocol reverse analysis framework to extract the message format and field type of ICS protocols from real-world PLC firmware. We design new coverage metric and path prioritization strategy to enhance symbolic execution for extensive protocol reverse analysis. Moreover, we propose a field-expression based method on protocol message format inference, along with the analysis on the value ranges of fields which are ignored by previous work. Our evaluation shows that our methods can extract more protocol information during symbolic execution, and achieve high accuracy on protocol reverse analysis compared to Wireshark. Furthermore, we equip the results on private ICS protocols with a black-box fuzzer to test two real-world PLCs. In total, we have found 10 vulnerabilities, including 4 new vulnerabilities.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62406558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2022.3232813
Marta Bellés-Muñoz, Miguel Isabel, J. L. Muñoz-Tapia, A. Rubio, Jordi Baylina
A zero-knowledge (ZK) proof guarantees that the result of a computation is correct while keeping part of the computation details private. Some ZK proofs are tiny and can be verified in short time, which makes them one of the most promising technologies for solving two key aspects: the challenge of enabling privacy to public and transparent distributed ledgers and enhancing their scalability limitations. Most practical ZK systems require the computation to be expressed as an arithmetic circuit that is encoded as a set of equations called rank-1 constraint system (R1CS). In this paper, we present Circom, a programming language and a compiler for designing arithmetic circuits that are compiled to R1CS. More precisely, with Circom, programmers can design arithmetic circuits at a constraint level, and the compiler outputs a file with the R1CS description, and WebAssembly and C++ programs to efficiently compute all values of the circuit. We also provide an open-source library called circomlib with multiple circuit templates. Circom can be complemented with snarkjs, a library for generating and validating ZK proofs from R1CS. Altogether, our software tools abstract the complexity of ZK proving mechanisms and provide a unique and friendly interface to model low-level descriptions of arithmetic circuits.
{"title":"Circom: A Circuit Description Language for Building Zero-knowledge Applications","authors":"Marta Bellés-Muñoz, Miguel Isabel, J. L. Muñoz-Tapia, A. Rubio, Jordi Baylina","doi":"10.1109/tdsc.2022.3232813","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3232813","url":null,"abstract":"A zero-knowledge (ZK) proof guarantees that the result of a computation is correct while keeping part of the computation details private. Some ZK proofs are tiny and can be verified in short time, which makes them one of the most promising technologies for solving two key aspects: the challenge of enabling privacy to public and transparent distributed ledgers and enhancing their scalability limitations. Most practical ZK systems require the computation to be expressed as an arithmetic circuit that is encoded as a set of equations called rank-1 constraint system (R1CS). In this paper, we present Circom, a programming language and a compiler for designing arithmetic circuits that are compiled to R1CS. More precisely, with Circom, programmers can design arithmetic circuits at a constraint level, and the compiler outputs a file with the R1CS description, and WebAssembly and C++ programs to efficiently compute all values of the circuit. We also provide an open-source library called circomlib with multiple circuit templates. Circom can be complemented with snarkjs, a library for generating and validating ZK proofs from R1CS. Altogether, our software tools abstract the complexity of ZK proving mechanisms and provide a unique and friendly interface to model low-level descriptions of arithmetic circuits.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62409334","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3239611
Hui Zhang, Xuejun Li, Syh-Yuan Tan, M. Lee, Zhe Jin
In this article, we cryptanalyzed a Verifiable Threshold Predicate Encryption (VTPE) enabled Privacy-Preserving Biometric Authentication (PPBA) protocol reported in IEEE-TDSC and revealed discrepancies between its security claims and our security analysis. To be precise, the underlying authentication and key agreement scheme which is based on a challenge-response mechanism and watermark signal unsatisfactorily meets the following security scenario: (a) resistance to man-in-the-middle attacks, (b) biometric template protection, and (c) user anonymity and untraceability. To address these issues, we utilize Physical Unclonable Functions (PUF) to design a PUF driven Verifiable Threshold Predicate Encryption (PUF-VTPE) scheme and a secure PPBA protocol. The PUF-VTPE-based PPBA protocol equips with dual authentication using biometric and mobile device, which offers strong authenticity before establishing the session key. Simultaneously, the non-invertible property of PUF protects the biometric templates in the physical layer. The proposed storage-free mechanism that hides the challenge of device PUF in biometric template alleviates data leakage caused by storage challenges in PUF-based authentication protocols. Moreover, the experimental analysis suggests that the proposed PPBA protocol possesses ISO/IEC 24745 criteria of non-invertibility, unlinkability, and revocability. Additionally, the proposed PPBA protocol reduces the computational cost by about 50% compared to that of the cryptanalyzed scheme.
{"title":"Privacy-Preserving Biometric Authentication: Cryptanalysis and Countermeasures","authors":"Hui Zhang, Xuejun Li, Syh-Yuan Tan, M. Lee, Zhe Jin","doi":"10.1109/tdsc.2023.3239611","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3239611","url":null,"abstract":"In this article, we cryptanalyzed a Verifiable Threshold Predicate Encryption (VTPE) enabled Privacy-Preserving Biometric Authentication (PPBA) protocol reported in IEEE-TDSC and revealed discrepancies between its security claims and our security analysis. To be precise, the underlying authentication and key agreement scheme which is based on a challenge-response mechanism and watermark signal unsatisfactorily meets the following security scenario: (a) resistance to man-in-the-middle attacks, (b) biometric template protection, and (c) user anonymity and untraceability. To address these issues, we utilize Physical Unclonable Functions (PUF) to design a PUF driven Verifiable Threshold Predicate Encryption (PUF-VTPE) scheme and a secure PPBA protocol. The PUF-VTPE-based PPBA protocol equips with dual authentication using biometric and mobile device, which offers strong authenticity before establishing the session key. Simultaneously, the non-invertible property of PUF protects the biometric templates in the physical layer. The proposed storage-free mechanism that hides the challenge of device PUF in biometric template alleviates data leakage caused by storage challenges in PUF-based authentication protocols. Moreover, the experimental analysis suggests that the proposed PPBA protocol possesses ISO/IEC 24745 criteria of non-invertibility, unlinkability, and revocability. Additionally, the proposed PPBA protocol reduces the computational cost by about 50% compared to that of the cryptanalyzed scheme.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62410423","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3237604
Tao Zhang, Changqiao Xu, Bingchi Zhang, XinRan Li, Xiaohui Kuang, L. Grieco
Network function virtualization (NFV) supports the rapid development of service function chain (SFC), which efficiently connects a sequence of network virtual function instances (VNFIs) placed into physical infrastructures. Current SFC migration mechanisms usually keep static SFC deployment after finishing certain objectives, and deployment methods mostly provide static resource allocation for VNFIs. Therefore, the adversary has enough time to plan for devastating attacks for in-service SFCs. Fortunately, moving target defense (MTD) was proposed as a game-changing solution to dynamically adjust network configurations. However, existing MTD methods mostly depend on attack-defense models, and lack adaptive mutation period. In this article, we propose an Intelligence-Driven Service Function Chain Migration (ID-SFCM) scheme. First, we model a Markov decision process (MDP) to formulate the dynamic arrival or departure of SFCs. To remove infeasible actions from the action space of MDP, we formalize the SFC deployment as a constrained satisfaction problem. Then, we design a deep reinforcement learning (DRL) algorithm named model-based adaptive proximal policy optimization (MA-PPO) to enable attack-resistant migration decisions and adaptive migration period. Finally, we evaluate the defense performance by multiple attack strategies and two realistic datasets called CICIDS-2017 and LYCOS-IDS2017 respectively. Simulation results highlight the effectiveness of ID-SFCM compared with representative solutions.
{"title":"Towards Attack-Resistant Service Function Chain Migration: A Model-based Adaptive Proximal Policy Optimization Approach","authors":"Tao Zhang, Changqiao Xu, Bingchi Zhang, XinRan Li, Xiaohui Kuang, L. Grieco","doi":"10.1109/tdsc.2023.3237604","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3237604","url":null,"abstract":"Network function virtualization (NFV) supports the rapid development of service function chain (SFC), which efficiently connects a sequence of network virtual function instances (VNFIs) placed into physical infrastructures. Current SFC migration mechanisms usually keep static SFC deployment after finishing certain objectives, and deployment methods mostly provide static resource allocation for VNFIs. Therefore, the adversary has enough time to plan for devastating attacks for in-service SFCs. Fortunately, moving target defense (MTD) was proposed as a game-changing solution to dynamically adjust network configurations. However, existing MTD methods mostly depend on attack-defense models, and lack adaptive mutation period. In this article, we propose an Intelligence-Driven Service Function Chain Migration (ID-SFCM) scheme. First, we model a Markov decision process (MDP) to formulate the dynamic arrival or departure of SFCs. To remove infeasible actions from the action space of MDP, we formalize the SFC deployment as a constrained satisfaction problem. Then, we design a deep reinforcement learning (DRL) algorithm named model-based adaptive proximal policy optimization (MA-PPO) to enable attack-resistant migration decisions and adaptive migration period. Finally, we evaluate the defense performance by multiple attack strategies and two realistic datasets called CICIDS-2017 and LYCOS-IDS2017 respectively. Simulation results highlight the effectiveness of ID-SFCM compared with representative solutions.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62409614","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3241164
Minxin Du, Peipei Jiang, Qian Wang, Sherman S. M. Chow, Lingchen Zhao
Graphs nicely capture data from various domains, allowing the computations of many analytic tasks via graph queries. Graphs of real-world data are often large, albeit useful, and the involved computation can be too heavyweight for commodity computers. For secure outsourcing, we propose (SGX)$^{2}$2, a forward-secure structured encryption scheme for graph data, which uses lightweight cryptographic techniques with a trusted execution environment such as SGX. To process million-scale graphs by the limited memory of SGX, we load data on-demand using Dijkstra's algorithm and Fibonacci heap. Compared with most prior graph encryption schemes, (SGX)$^{2}$2 supports exact shortest-distance queries instead of approximation and can be easily extended to other graph-based analytics.
{"title":"Shielding Graph for eXact Analytics with SGX","authors":"Minxin Du, Peipei Jiang, Qian Wang, Sherman S. M. Chow, Lingchen Zhao","doi":"10.1109/tdsc.2023.3241164","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3241164","url":null,"abstract":"Graphs nicely capture data from various domains, allowing the computations of many analytic tasks via graph queries. Graphs of real-world data are often large, albeit useful, and the involved computation can be too heavyweight for commodity computers. For secure outsourcing, we propose (SGX)<inline-formula><tex-math notation=\"LaTeX\">$^{2}$</tex-math><alternatives><mml:math><mml:msup><mml:mrow/><mml:mn>2</mml:mn></mml:msup></mml:math><inline-graphic xlink:href=\"wang-ieq1-3241164.gif\"/></alternatives></inline-formula>, a forward-secure structured encryption scheme for graph data, which uses lightweight cryptographic techniques with a trusted execution environment such as SGX. To process million-scale graphs by the limited memory of SGX, we load data on-demand using Dijkstra's algorithm and Fibonacci heap. Compared with most prior graph encryption schemes, (SGX)<inline-formula><tex-math notation=\"LaTeX\">$^{2}$</tex-math><alternatives><mml:math><mml:msup><mml:mrow/><mml:mn>2</mml:mn></mml:msup></mml:math><inline-graphic xlink:href=\"wang-ieq2-3241164.gif\"/></alternatives></inline-formula> supports exact shortest-distance queries instead of approximation and can be easily extended to other graph-based analytics.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62410000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3234561
G. Mani, Marina Haliem, Bharat K. Bhargava, Indu Manickam, Kevin Kochpatcharin, Myeongsu Kim, E. Vugrin, Weichao Wang, Chris Jenkins, Pelin Angin, Meng Yu
Moving target defenses (MTDs) are widely used as an active defense strategy for thwarting cyberattacks on cyber-physical systems by increasing diversity of software and network paths. Recently, machine Learning (ML) and deep Learning (DL) models have been demonstrated to defeat some of the cyber defenses by learning attack detection patterns and defense strategies. It raises concerns about the susceptibility of MTD to ML and DL methods. In this article, we analyze the effectiveness of ML and DL models when it comes to deciphering MTD methods and ultimately evade MTD-based protections in real-time systems. Specifically, we consider a MTD algorithm that periodically randomizes address assignments within the MIL-STD-1553 protocol—a military standard serial data bus. Two ML and DL-based tasks are performed on MIL-STD-1553 protocol to measure the effectiveness of the learning models in deciphering the MTD algorithm: 1) determining whether there is an address assignments change i.e., whether the given system employs a MTD protocol and if it does 2) predicting the future address assignments. The supervised learning models (random forest and k-nearest neighbors) effectively detected the address assignment changes and classified whether the given system is equipped with a specified MTD protocol. On the other hand, the unsupervised learning model (K-means) was significantly less effective. The DL model (long short-term memory) was able to predict the future addresses with varied effectiveness based on MTD algorithm's settings.
{"title":"Machine Learning Based Resilience Testing of an Address Randomization Cyber Defense","authors":"G. Mani, Marina Haliem, Bharat K. Bhargava, Indu Manickam, Kevin Kochpatcharin, Myeongsu Kim, E. Vugrin, Weichao Wang, Chris Jenkins, Pelin Angin, Meng Yu","doi":"10.1109/tdsc.2023.3234561","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3234561","url":null,"abstract":"Moving target defenses (MTDs) are widely used as an active defense strategy for thwarting cyberattacks on cyber-physical systems by increasing diversity of software and network paths. Recently, machine Learning (ML) and deep Learning (DL) models have been demonstrated to defeat some of the cyber defenses by learning attack detection patterns and defense strategies. It raises concerns about the susceptibility of MTD to ML and DL methods. In this article, we analyze the effectiveness of ML and DL models when it comes to deciphering MTD methods and ultimately evade MTD-based protections in real-time systems. Specifically, we consider a MTD algorithm that periodically randomizes address assignments within the MIL-STD-1553 protocol—a military standard serial data bus. Two ML and DL-based tasks are performed on MIL-STD-1553 protocol to measure the effectiveness of the learning models in deciphering the MTD algorithm: 1) determining whether there is an address assignments change i.e., whether the given system employs a MTD protocol and if it does 2) predicting the future address assignments. The supervised learning models (random forest and k-nearest neighbors) effectively detected the address assignment changes and classified whether the given system is equipped with a specified MTD protocol. On the other hand, the unsupervised learning model (K-means) was significantly less effective. The DL model (long short-term memory) was able to predict the future addresses with varied effectiveness based on MTD algorithm's settings.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62409105","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3241184
Wen Cheng, Dazou Sang, Lingfang Zeng, Yang Wang, A. Brinkmann
Oblivious Random Access Machines (ORAMs) allow cloud users to access remote data without leaking access patterns. Current ORAM solutions achieve this goal at expense of either increasing bandwidth consumption by a factor of $O(log N)$O(logN), where $N$N is the number of data blocks, or relying on homomorphic encryption for bandwidth amplification reduction to $O(1)$O(1). Furthermore, most ORAMs are only effective for a single user, while the solutions for multi-user scenarios often induce security or performance problems. This article introduces Tianji — an asynchronous multi-user Shamir-based ORAM system — which supports asynchronous network access scenarios for multiple users with improved security and performance. Tianji is implemented on top of S$^{3}$3ORAM$^+$+—an extension of the state-of-the-art Shamir-based S$^{3}$3ORAM with a new non-eviction data write-back scheme to achieve $O(1)$O(1) consumption in both bandwidth amplification and storage capacity. Our experimental results show that the proposed Tianji with S$^{3}$3
{"title":"Tianji: Securing A Practical Asynchronous Multi-User ORAM","authors":"Wen Cheng, Dazou Sang, Lingfang Zeng, Yang Wang, A. Brinkmann","doi":"10.1109/tdsc.2023.3241184","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3241184","url":null,"abstract":"Oblivious Random Access Machines (ORAMs) allow cloud users to access remote data without leaking access patterns. Current ORAM solutions achieve this goal at expense of either increasing bandwidth consumption by a factor of <inline-formula><tex-math notation=\"LaTeX\">$O(log N)$</tex-math><alternatives><mml:math><mml:mrow><mml:mi>O</mml:mi><mml:mo>(</mml:mo><mml:mo form=\"prefix\">log</mml:mo><mml:mi>N</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"wang-ieq1-3241184.gif\"/></alternatives></inline-formula>, where <inline-formula><tex-math notation=\"LaTeX\">$N$</tex-math><alternatives><mml:math><mml:mi>N</mml:mi></mml:math><inline-graphic xlink:href=\"wang-ieq2-3241184.gif\"/></alternatives></inline-formula> is the number of data blocks, or relying on homomorphic encryption for bandwidth amplification reduction to <inline-formula><tex-math notation=\"LaTeX\">$O(1)$</tex-math><alternatives><mml:math><mml:mrow><mml:mi>O</mml:mi><mml:mo>(</mml:mo><mml:mn>1</mml:mn><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"wang-ieq3-3241184.gif\"/></alternatives></inline-formula>. Furthermore, most ORAMs are only effective for a single user, while the solutions for multi-user scenarios often induce security or performance problems. This article introduces <italic>Tianji</italic> — an asynchronous multi-user Shamir-based ORAM system — which supports asynchronous network access scenarios for multiple users with improved security and performance. <italic>Tianji</italic> is implemented on top of <italic>S<inline-formula><tex-math notation=\"LaTeX\">$^{3}$</tex-math><alternatives><mml:math><mml:msup><mml:mrow/><mml:mn>3</mml:mn></mml:msup></mml:math><inline-graphic xlink:href=\"wang-ieq4-3241184.gif\"/></alternatives></inline-formula>ORAM<inline-formula><tex-math notation=\"LaTeX\">$^+$</tex-math><alternatives><mml:math><mml:msup><mml:mrow/><mml:mo>+</mml:mo></mml:msup></mml:math><inline-graphic xlink:href=\"wang-ieq5-3241184.gif\"/></alternatives></inline-formula></italic>—an extension of the state-of-the-art Shamir-based S<inline-formula><tex-math notation=\"LaTeX\">$^{3}$</tex-math><alternatives><mml:math><mml:msup><mml:mrow/><mml:mn>3</mml:mn></mml:msup></mml:math><inline-graphic xlink:href=\"wang-ieq6-3241184.gif\"/></alternatives></inline-formula>ORAM with a new non-eviction data write-back scheme to achieve <inline-formula><tex-math notation=\"LaTeX\">$O(1)$</tex-math><alternatives><mml:math><mml:mrow><mml:mi>O</mml:mi><mml:mo>(</mml:mo><mml:mn>1</mml:mn><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"wang-ieq7-3241184.gif\"/></alternatives></inline-formula> consumption in both bandwidth amplification and storage capacity. Our experimental results show that the proposed <italic>Tianji</italic> with <italic>S<inline-formula><tex-math notation=\"LaTeX\">$^{3}$</tex-math><alternatives><mml:math><mml:msup><mml:mrow/><mml:mn>3</mml:mn></mml:msup></mml:math><inline-graphic xlink:href=\"wang-ieq8-3241184.gif\"/></alternatives></i","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62410066","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3241451
S. Zillien, S. Wendzel
Network covert channels are applied for the secret exfiltration of confidential data, the stealthy operation of malware, and legitimate purposes, such as censorship circumvention. In recent decades, some major detection methods for network covert channels have been developed. In this article, we investigate two highly cited detection methods for covert timing channels, namely $epsilon$ε-similarity and compressibility score from Cabuk et al. (jointly cited by 949 articles and applied by several researchers). We additionally analyze two recent ML-based detection methods: GAS (2022) and SnapCatch (2021). While all these detection methods must be considered valuable for the analysis of typical covert timing channels, we show that these methods are not reliable when a covert channel's behavior is slightly modified. In particular, we demonstrate that when confronted with a simple covert channel that we call $epsilon$ε-$kappa$κlibur, all detection methods can be circumvented or their performance can be significantly reduced although the covert channel still provides a high bitrate. In comparison to existing timing channels that circumvent these methods, $epsilon$ε-$kappa$κlibur is much simpler and eliminates the need of altering previously recorded traffic. Moreover, we propose an enhanced $epsilon$ε-similarity that can detect the classical covert timing channel as well as $epsilon$ε-$kappa$κlibur.
{"title":"Weaknesses of popular and recent covert channel detection methods and a remedy","authors":"S. Zillien, S. Wendzel","doi":"10.1109/tdsc.2023.3241451","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3241451","url":null,"abstract":"Network covert channels are applied for the secret exfiltration of confidential data, the stealthy operation of malware, and legitimate purposes, such as censorship circumvention. In recent decades, some major detection methods for network covert channels have been developed. In this article, we investigate two highly cited detection methods for covert timing channels, namely <inline-formula><tex-math notation=\"LaTeX\">$epsilon$</tex-math><alternatives><mml:math><mml:mi>ε</mml:mi></mml:math><inline-graphic xlink:href=\"zillien-ieq1-3241451.gif\"/></alternatives></inline-formula>-similarity and compressibility score from Cabuk et al. (jointly cited by 949 articles and applied by several researchers). We additionally analyze two recent ML-based detection methods: <italic>GAS</italic> (2022) and <italic>SnapCatch</italic> (2021). While all these detection methods must be considered valuable for the analysis of typical covert timing channels, we show that these methods are not reliable when a covert channel's behavior is slightly modified. In particular, we demonstrate that when confronted with a simple covert channel that we call <inline-formula><tex-math notation=\"LaTeX\">$epsilon$</tex-math><alternatives><mml:math><mml:mi>ε</mml:mi></mml:math><inline-graphic xlink:href=\"zillien-ieq2-3241451.gif\"/></alternatives></inline-formula>-<inline-formula><tex-math notation=\"LaTeX\">$kappa$</tex-math><alternatives><mml:math><mml:mi>κ</mml:mi></mml:math><inline-graphic xlink:href=\"zillien-ieq3-3241451.gif\"/></alternatives></inline-formula>libur, all detection methods can be circumvented or their performance can be significantly reduced although the covert channel still provides a high bitrate. In comparison to existing timing channels that circumvent these methods, <inline-formula><tex-math notation=\"LaTeX\">$epsilon$</tex-math><alternatives><mml:math><mml:mi>ε</mml:mi></mml:math><inline-graphic xlink:href=\"zillien-ieq4-3241451.gif\"/></alternatives></inline-formula>-<inline-formula><tex-math notation=\"LaTeX\">$kappa$</tex-math><alternatives><mml:math><mml:mi>κ</mml:mi></mml:math><inline-graphic xlink:href=\"zillien-ieq5-3241451.gif\"/></alternatives></inline-formula>libur is much simpler and eliminates the need of altering previously recorded traffic. Moreover, we propose an enhanced <inline-formula><tex-math notation=\"LaTeX\">$epsilon$</tex-math><alternatives><mml:math><mml:mi>ε</mml:mi></mml:math><inline-graphic xlink:href=\"zillien-ieq6-3241451.gif\"/></alternatives></inline-formula>-similarity that can detect the classical covert timing channel as well as <inline-formula><tex-math notation=\"LaTeX\">$epsilon$</tex-math><alternatives><mml:math><mml:mi>ε</mml:mi></mml:math><inline-graphic xlink:href=\"zillien-ieq7-3241451.gif\"/></alternatives></inline-formula>-<inline-formula><tex-math notation=\"LaTeX\">$kappa$</tex-math><alternatives><mml:math><mml:mi>κ</mml:mi></mml:math><inline-graphic xlink:href=\"zillien-ieq8-3241451.gif\"/></alternatives></inline-formula>libur.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62410550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2022.3230501
Y. Wei, Can Cheng, Guoqi Xie
As a widely used industrial field bus, the controller area network (CAN) lacks security mechanisms (e.g., encryption and authentication) and is vulnerable to security attacks (e.g., masquerade). A fingerprint-based intrusion detection system (IDS) in CAN networks can detect masquerade attacks by scanning the unique clock signals of CAN devices. However, most state-of-the-art fingerprint-based IDSs commonly use an analog-to-digital converter module with a low frequency of 60 MHz to sample CAN signals, lowering the detection accuracy of fingerprint-based IDSs. In addition, almost all fingerprint-based IDSs are trained offline and then detected online, ignoring that system clock signals of hardware change over time, resulting in degraded detection performance. This paper proposes an online learning-enabled and fingerprint-based IDS (OFIDS) in CAN networks to increase the sampling frequency, shorten the detection response time, and increase the detection accuracy. OFIDS uses a high-speed comparator (i.e., TLV3501) and FPGA (i.e., Xilinx ZYNQ-7010) to sample the CAN_High signal, achieving a low sampling delay time of 4.5 ns and a high sampling frequency of 1 GHz. The self-adaptability of the backpropagation neural network is taken advantage of and used to train the OFIDS model with a detection accuracy of 99.9992%. OFIDS is deployed to a CAN network prototype with five CAN devices (i.e., two Arduino UNO boards and three STM32 microcontrollers) and a real vehicle. Experimental results show that OFIDS can achieve at least 99.99% detection accuracy within 0.18μs in a CAN network prototype and can achieve 98% detection accuracy in a real vehicle.
{"title":"OFIDS : Online Learning-Enabled and Fingerprint-Based Intrusion Detection System in Controller Area Networks","authors":"Y. Wei, Can Cheng, Guoqi Xie","doi":"10.1109/tdsc.2022.3230501","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3230501","url":null,"abstract":"As a widely used industrial field bus, the controller area network (CAN) lacks security mechanisms (e.g., encryption and authentication) and is vulnerable to security attacks (e.g., masquerade). A fingerprint-based intrusion detection system (IDS) in CAN networks can detect masquerade attacks by scanning the unique clock signals of CAN devices. However, most state-of-the-art fingerprint-based IDSs commonly use an analog-to-digital converter module with a low frequency of 60 MHz to sample CAN signals, lowering the detection accuracy of fingerprint-based IDSs. In addition, almost all fingerprint-based IDSs are trained offline and then detected online, ignoring that system clock signals of hardware change over time, resulting in degraded detection performance. This paper proposes an online learning-enabled and fingerprint-based IDS (OFIDS) in CAN networks to increase the sampling frequency, shorten the detection response time, and increase the detection accuracy. OFIDS uses a high-speed comparator (i.e., TLV3501) and FPGA (i.e., Xilinx ZYNQ-7010) to sample the CAN_High signal, achieving a low sampling delay time of 4.5 ns and a high sampling frequency of 1 GHz. The self-adaptability of the backpropagation neural network is taken advantage of and used to train the OFIDS model with a detection accuracy of 99.9992%. OFIDS is deployed to a CAN network prototype with five CAN devices (i.e., two Arduino UNO boards and three STM32 microcontrollers) and a real vehicle. Experimental results show that OFIDS can achieve at least 99.99% detection accuracy within 0.18μs in a CAN network prototype and can achieve 98% detection accuracy in a real vehicle.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62407522","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: