Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3204767
Yuefeng Du, Huayi Duan, Lei Xu, Helei Cui, Cong Wang, Qian Wang
To keep web users away from unsafe websites, modern web browsers enable the embedded feature of safe browsing (SB) by default. In this work, through theoretical analysis and empirical evidence, we reveal two major shortcomings in the current SB infrastructure. First, we derive a feasible tracking technique for industry best practice. We show that the current mitigation techniques cannot eliminate the threat of de-anonymization permanently. Second, we gauge the effectiveness of blacklists provided by major vendors. Our discovery indicates the urge for blacklist integration in order to boost service quality. In light of this, we propose a new three-party paradigm ${{sf PEBA}}$PEBA with an intermediate third party decoupling the direct interaction of users and proprietary blacklist vendors. To satisfy practical usage requirements, we instantiate our design with trusted hardware, detailing how it can be leveraged to fulfill the requirements of privacy enhancement and broader content coverage at the same time. We also tackle numerous implementation challenges that emerged from this proxy-based and hardware-enabled solution. Extensive evaluation confirms that ${{sf PEBA}}$PEBA can balance well among desirable goals of security, usability, performance, and elasticity, making it suitable for deployment in practice.
{"title":"${{sf PEBA}}$: Enhancing User Privacy and Coverage of Safe Browsing Services","authors":"Yuefeng Du, Huayi Duan, Lei Xu, Helei Cui, Cong Wang, Qian Wang","doi":"10.1109/TDSC.2022.3204767","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3204767","url":null,"abstract":"To keep web users away from unsafe websites, modern web browsers enable the embedded feature of safe browsing (SB) by default. In this work, through theoretical analysis and empirical evidence, we reveal two major shortcomings in the current SB infrastructure. First, we derive a feasible tracking technique for industry best practice. We show that the current mitigation techniques cannot eliminate the threat of de-anonymization permanently. Second, we gauge the effectiveness of blacklists provided by major vendors. Our discovery indicates the urge for blacklist integration in order to boost service quality. In light of this, we propose a new three-party paradigm <inline-formula><tex-math notation=\"LaTeX\">${{sf PEBA}}$</tex-math><alternatives><mml:math><mml:mi mathvariant=\"sans-serif\">PEBA</mml:mi></mml:math><inline-graphic xlink:href=\"wang-ieq2-3204767.gif\"/></alternatives></inline-formula> with an intermediate third party decoupling the direct interaction of users and proprietary blacklist vendors. To satisfy practical usage requirements, we instantiate our design with trusted hardware, detailing how it can be leveraged to fulfill the requirements of privacy enhancement and broader content coverage at the same time. We also tackle numerous implementation challenges that emerged from this proxy-based and hardware-enabled solution. Extensive evaluation confirms that <inline-formula><tex-math notation=\"LaTeX\">${{sf PEBA}}$</tex-math><alternatives><mml:math><mml:mi mathvariant=\"sans-serif\">PEBA</mml:mi></mml:math><inline-graphic xlink:href=\"wang-ieq3-3204767.gif\"/></alternatives></inline-formula> can balance well among desirable goals of security, usability, performance, and elasticity, making it suitable for deployment in practice.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4343-4358"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46092865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3213577
Fulvio Valenza, Erisa Karafili, Rodrigo Vieira Steiner, Emil C. Lupu
Cyber-physical systems and their smart components have a pervasive presence in all our daily activities. Unfortunately, identifying the potential threats and issues in these systems and selecting enough protection is challenging given that such environments combine human, physical and cyber aspects to the system design and implementation. Current threat models and analysis do not take into consideration all three aspects of the analyzed system, how they can introduce new vulnerabilities or protection measures to each other. In this work, we introduce a novel threat model for cyber-physical systems that combines the cyber, physical, and human aspects. Our model represents the system's components relations and security properties by taking into consideration these three aspects. Together with the threat model we also propose a threat analysis method that allows understanding the security state of the system's components. The threat model and the threat analysis have been implemented into an automatic tool, called TAMELESS, that automatically analyzes threats to the system, verifies its security properties, and generates a graphical representation, useful for security architects to identify the proper prevention/mitigation solutions. We show and prove the use of our threat model and analysis with three cases studies from different sectors.
{"title":"A Hybrid Threat Model for Smart Systems","authors":"Fulvio Valenza, Erisa Karafili, Rodrigo Vieira Steiner, Emil C. Lupu","doi":"10.1109/TDSC.2022.3213577","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3213577","url":null,"abstract":"Cyber-physical systems and their smart components have a pervasive presence in all our daily activities. Unfortunately, identifying the potential threats and issues in these systems and selecting enough protection is challenging given that such environments combine human, physical and cyber aspects to the system design and implementation. Current threat models and analysis do not take into consideration all three aspects of the analyzed system, how they can introduce new vulnerabilities or protection measures to each other. In this work, we introduce a novel threat model for cyber-physical systems that combines the cyber, physical, and human aspects. Our model represents the system's components relations and security properties by taking into consideration these three aspects. Together with the threat model we also propose a threat analysis method that allows understanding the security state of the system's components. The threat model and the threat analysis have been implemented into an automatic tool, called TAMELESS, that automatically analyzes threats to the system, verifies its security properties, and generates a graphical representation, useful for security architects to identify the proper prevention/mitigation solutions. We show and prove the use of our threat model and analysis with three cases studies from different sectors.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4403-4417"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42513335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3208934
Ming Zhang, Zhe Sun, Hui Li, Ben Niu, Fenghua Li, Zixu Zhang, Yuhang Xie, Chunhao Zheng
The evolution of social media has led to a trend of posting daily photos on online Social Network Platforms (SNPs). The privacy of online photos is often protected carefully by security mechanisms. However, these mechanisms will lose effectiveness when someone spreads the photos to other platforms. In this article, we propose Go-sharing, a blockchain-based privacy-preserving framework that provides powerful dissemination control for cross-SNP photo sharing. In contrast to security mechanisms running separately in centralized servers that do not trust each other, our framework achieves consistent consensus on photo dissemination control through carefully designed smart contract-based protocols. We use these protocols to create platform-free dissemination trees for every image, providing users with complete sharing control and privacy protection. Considering the possible privacy conflicts between owners and subsequent re-posters in cross-SNP sharing, we design a dynamic privacy policy generation algorithm that maximizes the flexibility of re-posters without violating formers’ privacy. Moreover, Go-sharing also provides robust photo ownership identification mechanisms to avoid illegal reprinting. It introduces a random noise black box in a two-stage separable deep learning process to improve robustness against unpredictable manipulations. Through extensive real-world simulations, the results demonstrate the capability and effectiveness of the framework across a number of performance metrics.
{"title":"Go-Sharing: A Blockchain-Based Privacy-Preserving Framework for Cross-Social Network Photo Sharing","authors":"Ming Zhang, Zhe Sun, Hui Li, Ben Niu, Fenghua Li, Zixu Zhang, Yuhang Xie, Chunhao Zheng","doi":"10.1109/TDSC.2022.3208934","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3208934","url":null,"abstract":"The evolution of social media has led to a trend of posting daily photos on online Social Network Platforms (SNPs). The privacy of online photos is often protected carefully by security mechanisms. However, these mechanisms will lose effectiveness when someone spreads the photos to other platforms. In this article, we propose Go-sharing, a blockchain-based privacy-preserving framework that provides powerful dissemination control for cross-SNP photo sharing. In contrast to security mechanisms running separately in centralized servers that do not trust each other, our framework achieves consistent consensus on photo dissemination control through carefully designed smart contract-based protocols. We use these protocols to create platform-free dissemination trees for every image, providing users with complete sharing control and privacy protection. Considering the possible privacy conflicts between owners and subsequent re-posters in cross-SNP sharing, we design a dynamic privacy policy generation algorithm that maximizes the flexibility of re-posters without violating formers’ privacy. Moreover, Go-sharing also provides robust photo ownership identification mechanisms to avoid illegal reprinting. It introduces a random noise black box in a two-stage separable deep learning process to improve robustness against unpredictable manipulations. Through extensive real-world simulations, the results demonstrate the capability and effectiveness of the framework across a number of performance metrics.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3572-3587"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42128743","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3213790
R. De Prisco, Alfredo De Santis, F. Palmieri
In Distributed Secret Sharing schemes, secrets are encoded with shares distributed over multiple nodes of a network. Each involved party has access to a subset of the nodes and thus to a subset of the shares and is able to reconstruct a specific secret. Usually, these schemes are evaluated by measuring the required storage overhead, as well as the encoding and decoding complexities. In this paper, we provide new Distributed (multi) Secret Sharing Protocols for $(k,n)$(k,n)-threshold access structures that improve on previous results, characterized by nearly-optimal storage overhead, achieving both storage optimality and a better encoding/decoding complexity. The protocols are also simpler than previous ones and allow for easier encoding.
{"title":"Improved Protocols for Distributed Secret Sharing","authors":"R. De Prisco, Alfredo De Santis, F. Palmieri","doi":"10.1109/TDSC.2022.3213790","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3213790","url":null,"abstract":"In Distributed Secret Sharing schemes, secrets are encoded with shares distributed over multiple nodes of a network. Each involved party has access to a subset of the nodes and thus to a subset of the shares and is able to reconstruct a specific secret. Usually, these schemes are evaluated by measuring the required storage overhead, as well as the encoding and decoding complexities. In this paper, we provide new Distributed (multi) Secret Sharing Protocols for <inline-formula><tex-math notation=\"LaTeX\">$(k,n)$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>k</mml:mi><mml:mo>,</mml:mo><mml:mi>n</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"palmieri-ieq1-3213790.gif\"/></alternatives></inline-formula>-threshold access structures that improve on previous results, characterized by nearly-optimal storage overhead, achieving both storage optimality and a better encoding/decoding complexity. The protocols are also simpler than previous ones and allow for easier encoding.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3558-3571"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43094962","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The advance of cloud computing has driven an emerging trend of outsourcing the rapidly growing data and query services to a powerful cloud for easing the local storage and computing pressure. Meanwhile, when taking data privacy into account, data are usually outsourced to the cloud in an encrypted form. As a result, query services have to be performed over the encrypted data. Among all kinds of query services, the reverse kNN query is highly popular in various applications, such as taxi dispatching and targeted push of multimedia information, but its privacy has not received sufficient attention. To our best knowledge, many existing privacy-preserving reverse kNN query schemes still have some limitations on the query result accuracy, dataset privacy, and flexible support for the choice of the query object and the parameter k. Aiming at addressing these limitations, in this paper, we propose an efficient and privacy-preserving reverse kNN query scheme over encrypted data, named PRkNN. Specifically, we first design a modified M-tree (MM-tree) to index the dataset and further present an MM-Tree based reverse kNN query algorithm in the filter and refinement framework. Then, we leverage the lightweight matrix encryption to carefully design a filter predicate encryption scheme (FPE) and a refinement predicate encryption scheme (RPE); and propose our PRkNN scheme by applying them to protect the privacy of the MM-Tree based reverse kNN query algorithm. Detailed security analysis shows that FPE and RPE schemes are selectively secure, and our PRkNN scheme can preserve both query privacy and dataset privacy. In addition, we conduct extensive experiments to evaluate the performance of our scheme, and the results demonstrate that our scheme is efficient.
{"title":"PRkNN: Efficient and Privacy-Preserving Reverse kNN Query Over Encrypted Data","authors":"Yandong Zheng, Rongxing Lu, Songnian Zhang, Yunguo Guan, Fengwei Wang, Jun Shao, Hui Zhu","doi":"10.1109/TDSC.2022.3211870","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3211870","url":null,"abstract":"The advance of cloud computing has driven an emerging trend of outsourcing the rapidly growing data and query services to a powerful cloud for easing the local storage and computing pressure. Meanwhile, when taking data privacy into account, data are usually outsourced to the cloud in an encrypted form. As a result, query services have to be performed over the encrypted data. Among all kinds of query services, the reverse kNN query is highly popular in various applications, such as taxi dispatching and targeted push of multimedia information, but its privacy has not received sufficient attention. To our best knowledge, many existing privacy-preserving reverse kNN query schemes still have some limitations on the query result accuracy, dataset privacy, and flexible support for the choice of the query object and the parameter k. Aiming at addressing these limitations, in this paper, we propose an efficient and privacy-preserving reverse kNN query scheme over encrypted data, named PRkNN. Specifically, we first design a modified M-tree (MM-tree) to index the dataset and further present an MM-Tree based reverse kNN query algorithm in the filter and refinement framework. Then, we leverage the lightweight matrix encryption to carefully design a filter predicate encryption scheme (FPE) and a refinement predicate encryption scheme (RPE); and propose our PRkNN scheme by applying them to protect the privacy of the MM-Tree based reverse kNN query algorithm. Detailed security analysis shows that FPE and RPE schemes are selectively secure, and our PRkNN scheme can preserve both query privacy and dataset privacy. In addition, we conduct extensive experiments to evaluate the performance of our scheme, and the results demonstrate that our scheme is efficient.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4387-4402"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42789942","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3223103
Zhaoteng Yan, Zhi Li, Hong Li, Shouguo Yang, Hongsong Zhu, Limin Sun
Fingerprinting Internet-of-Things(IoT) devices on types and brands is a necessary work for security analysis in the cyberspace. The existing approaches mainly rely on the dominant features of devices which is response to information in order to identify these online devices. However, the web server components reusing and products rebranding are the common phenomenons of these embedded IoT devices. It caused the existing approaches difficult to identify most devices even errors due to the similar responses. In this paper, we present an approach, IoTXray, which improves the work efficiently of information collection about accelerating the relations between reusing/rebranding devices with the corresponding manufacturers. And these relations can generate more accurate and reliable fingerprints than previous approaches. Using the mixed neural networks, IoTXray comprehensively detects the real manufactures of online IoT devices upon three different kinds of data sources. In the experiment, our approach can identify 7,025,854 IoT devices on HTTP-hosts. The identification rate has reached to several times higher than previous approaches. Our approach has especially detected 3,268,953 reusing and 963,653 rebranding devices with their original manufacturers.
{"title":"Internet-Scale Fingerprinting the Reusing and Rebranding IoT Devices in the Cyberspace","authors":"Zhaoteng Yan, Zhi Li, Hong Li, Shouguo Yang, Hongsong Zhu, Limin Sun","doi":"10.1109/TDSC.2022.3223103","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3223103","url":null,"abstract":"Fingerprinting Internet-of-Things(IoT) devices on types and brands is a necessary work for security analysis in the cyberspace. The existing approaches mainly rely on the dominant features of devices which is response to information in order to identify these online devices. However, the web server components reusing and products rebranding are the common phenomenons of these embedded IoT devices. It caused the existing approaches difficult to identify most devices even errors due to the similar responses. In this paper, we present an approach, IoTXray, which improves the work efficiently of information collection about accelerating the relations between reusing/rebranding devices with the corresponding manufacturers. And these relations can generate more accurate and reliable fingerprints than previous approaches. Using the mixed neural networks, IoTXray comprehensively detects the real manufactures of online IoT devices upon three different kinds of data sources. In the experiment, our approach can identify 7,025,854 IoT devices on HTTP-hosts. The identification rate has reached to several times higher than previous approaches. Our approach has especially detected 3,268,953 reusing and 963,653 rebranding devices with their original manufacturers.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3890-3909"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48478338","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3218782
Min Wang, Song Wang, Jiankun Hu
Recent findings confirm that biometric templates derived from electroencephalography (EEG) signals contain sensitive information about registered users, such as age, gender, cognitive ability, mental status and health information. Existing privacy-preserving methods such as hash function and fuzzy commitment are not cancelable, where raw biometric features are vulnerable to hill-climbing attacks. To address this issue, we propose the PolyCosGraph, a system based on Polynomial transformation embedding Cosine functions with Graph features of EEG signals, which is a privacy-preserving and cancelable template design that protects EEG features and system security against multiple attacks. In addition, a template corrupting process is designed to further enhance the security of the system, and a corresponding matching algorithm is developed. Even when the transformed template is compromised, attackers cannot retrieve raw EEG features and the compromised template can be revoked. The proposed system achieves the authentication performance of 1.49% EER with a resting state protocol, 0.68% EER with a motor imagery task, and 0.46% EER under a watching movie condition, which is equivalent to that in the non-encrypted domain. Security analysis demonstrates that our system is resistant to attacks via record multiplicity, preimage attacks, hill-climbing attacks, second attacks and brute force attacks.
{"title":"PolyCosGraph: A Privacy-Preserving Cancelable EEG Biometric System","authors":"Min Wang, Song Wang, Jiankun Hu","doi":"10.1109/TDSC.2022.3218782","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3218782","url":null,"abstract":"Recent findings confirm that biometric templates derived from electroencephalography (EEG) signals contain sensitive information about registered users, such as age, gender, cognitive ability, mental status and health information. Existing privacy-preserving methods such as hash function and fuzzy commitment are not cancelable, where raw biometric features are vulnerable to hill-climbing attacks. To address this issue, we propose the PolyCosGraph, a system based on Polynomial transformation embedding Cosine functions with Graph features of EEG signals, which is a privacy-preserving and cancelable template design that protects EEG features and system security against multiple attacks. In addition, a template corrupting process is designed to further enhance the security of the system, and a corresponding matching algorithm is developed. Even when the transformed template is compromised, attackers cannot retrieve raw EEG features and the compromised template can be revoked. The proposed system achieves the authentication performance of 1.49% EER with a resting state protocol, 0.68% EER with a motor imagery task, and 0.46% EER under a watching movie condition, which is equivalent to that in the non-encrypted domain. Security analysis demonstrates that our system is resistant to attacks via record multiplicity, preimage attacks, hill-climbing attacks, second attacks and brute force attacks.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4258-4272"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41868276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3215280
Zhaopin Su, Mengke Li, Guofu Zhang, Qinfang Wu, M. Li, Weiming Zhang, Xin Yao
Audio recordings used as evidence have become increasingly important to litigation. Before their admissibility as evidence, an audio forensic expert is often required to help determine whether the submitted audio recordings are altered or authentic. Within this field, the copy-move forgery detection (CMFD), which focuses on finding possible forgeries that are derived from the same audio recording, has been an urgent problem in blind audio forensics. However, most of the existing methods require idealistic pre-segmentation and artificial threshold selection to calculate the similarity between segments, which may result in serious misleading and misjudgment especially on high frequency words. In this work, we present a robust method for detecting and locating an audio copy-move forgery on the basis of constant Q spectral sketches (CQSS) and the integration of a customised genetic algorithm (GA) and support vector machine (SVM). Specifically, the CQSS features are first extracted by averaging the logarithm of the squared-magnitude constant Q transform. Then, the CQSS feature set is automatically optimised by a customised GA combined with SVM to obtain the best feature subset and classification model at the same time. Finally, the integrated method, named CQSS-GA-SVM, is evaluated against the state-of-the-art approaches to blind detection of copy-move forgeries on real-world copy-move datasets with read English and Chinese corpus, respectively. The experimental results demonstrate that the proposed CQSS-GA-SVM exhibits significantly high robustness against post-processing based anti-forensics attacks and adaptability to the changes of the duplicated segment duration, the training set size, the recording length, and the forgery type, which may be beneficial to improving the work efficiency of audio forensic experts.
{"title":"Robust Audio Copy-Move Forgery Detection Using Constant Q Spectral Sketches and GA-SVM","authors":"Zhaopin Su, Mengke Li, Guofu Zhang, Qinfang Wu, M. Li, Weiming Zhang, Xin Yao","doi":"10.1109/TDSC.2022.3215280","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3215280","url":null,"abstract":"Audio recordings used as evidence have become increasingly important to litigation. Before their admissibility as evidence, an audio forensic expert is often required to help determine whether the submitted audio recordings are altered or authentic. Within this field, the copy-move forgery detection (CMFD), which focuses on finding possible forgeries that are derived from the same audio recording, has been an urgent problem in blind audio forensics. However, most of the existing methods require idealistic pre-segmentation and artificial threshold selection to calculate the similarity between segments, which may result in serious misleading and misjudgment especially on high frequency words. In this work, we present a robust method for detecting and locating an audio copy-move forgery on the basis of constant Q spectral sketches (CQSS) and the integration of a customised genetic algorithm (GA) and support vector machine (SVM). Specifically, the CQSS features are first extracted by averaging the logarithm of the squared-magnitude constant Q transform. Then, the CQSS feature set is automatically optimised by a customised GA combined with SVM to obtain the best feature subset and classification model at the same time. Finally, the integrated method, named CQSS-GA-SVM, is evaluated against the state-of-the-art approaches to blind detection of copy-move forgeries on real-world copy-move datasets with read English and Chinese corpus, respectively. The experimental results demonstrate that the proposed CQSS-GA-SVM exhibits significantly high robustness against post-processing based anti-forensics attacks and adaptability to the changes of the duplicated segment duration, the training set size, the recording length, and the forgery type, which may be beneficial to improving the work efficiency of audio forensic experts.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4016-4031"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47565729","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3218506
Mahendra Rathor, A. Sengupta, Rahul Chaurasia, Aditya Anshul
This paper presents a novel hardware security technique that leverages handwritten signature image features for securing intellectual property (IP) cores, such as digital signal processing (DSP) cores, against IP piracy and false claim of IP ownership threats. In our approach, an IP vendor's handwritten signature image features are first converted into a corresponding digital template, followed by mapping into hardware security constraints and implanting them into the design during high level synthesis (HLS) process. This paper presents methodologies of extracting feature set of a handwritten signature through sampling and of encoding of the samples into binary values using a tree based encoding, for generating the digital template. The results of the proposed approach are assessed in terms of strength of IP ownership proof, security against a forged signature and impact of embedding signature constraints on design cost. The results revealed that the proposed approach provides robust security at negligible design cost overhead and also outperforms state of the art hardware security approaches for DSP cores.
{"title":"Exploring Handwritten Signature Image Features for Hardware Security","authors":"Mahendra Rathor, A. Sengupta, Rahul Chaurasia, Aditya Anshul","doi":"10.1109/TDSC.2022.3218506","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3218506","url":null,"abstract":"This paper presents a novel hardware security technique that leverages handwritten signature image features for securing intellectual property (IP) cores, such as digital signal processing (DSP) cores, against IP piracy and false claim of IP ownership threats. In our approach, an IP vendor's handwritten signature image features are first converted into a corresponding digital template, followed by mapping into hardware security constraints and implanting them into the design during high level synthesis (HLS) process. This paper presents methodologies of extracting feature set of a handwritten signature through sampling and of encoding of the samples into binary values using a tree based encoding, for generating the digital template. The results of the proposed approach are assessed in terms of strength of IP ownership proof, security against a forged signature and impact of embedding signature constraints on design cost. The results revealed that the proposed approach provides robust security at negligible design cost overhead and also outperforms state of the art hardware security approaches for DSP cores.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3687-3698"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49174913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3206758
Pengfei Wu, Jianting Ning, Xinyi Huang, Joseph K. Liu
Privacy-preserving pattern matching enables a user to find all occurrences of a pattern in a text without revealing any sensitive information. However, many previous works designed on homomorphic encryption suffer from expensive computational overhead and a simple way to use it can lead to potential input leakage via access pattern during the matching process. In this article, we propose a differentially oblivious pattern matching algorithm, called DOPM. It is deployed on two servers by taking a series of lightweight secret-sharing-based protocols as building blocks. In DOPM, we utilize a witness array and the single instruction multiple data (SIMD) technique to parallelize the algorithm, which achieves sublinear round complexity in performing two-party computation. Additionally, we formally define a new access pattern privacy in the context of differential privacy, named $(epsilon,delta)$(ε,δ)-differentially oblivious privacy ($(epsilon,delta)$(ε,δ)-DOP), and present a pair of differentially oblivious algorithms to read and write elements in an array without using oblivious shuffle. Detailed security analysis demonstrates that the proposed DOPM achieves the goal of protecting confidentiality and access pattern during the matching process. Finally, we benchmark our scheme on a real-world human genome dataset, and experimental results show that DOPM is $10.9times$10.9× faster than the brute-force matching, $3.4-7.1times$3.4-7.1× faster than two state-of-the-art approaches.
{"title":"Differentially Oblivious Two-Party Pattern Matching With Sublinear Round Complexity","authors":"Pengfei Wu, Jianting Ning, Xinyi Huang, Joseph K. Liu","doi":"10.1109/TDSC.2022.3206758","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3206758","url":null,"abstract":"Privacy-preserving pattern matching enables a user to find all occurrences of a pattern in a text without revealing any sensitive information. However, many previous works designed on homomorphic encryption suffer from expensive computational overhead and a simple way to use it can lead to potential input leakage via access pattern during the matching process. In this article, we propose a differentially oblivious pattern matching algorithm, called <monospace>DOPM</monospace>. It is deployed on two servers by taking a series of lightweight secret-sharing-based protocols as building blocks. In <monospace>DOPM</monospace>, we utilize a witness array and the single instruction multiple data (SIMD) technique to parallelize the algorithm, which achieves sublinear round complexity in performing two-party computation. Additionally, we formally define a new access pattern privacy in the context of differential privacy, named <inline-formula><tex-math notation=\"LaTeX\">$(epsilon,delta)$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>ε</mml:mi><mml:mo>,</mml:mo><mml:mi>δ</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"ning-ieq1-3206758.gif\"/></alternatives></inline-formula>-differentially oblivious privacy (<inline-formula><tex-math notation=\"LaTeX\">$(epsilon,delta)$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>ε</mml:mi><mml:mo>,</mml:mo><mml:mi>δ</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"ning-ieq2-3206758.gif\"/></alternatives></inline-formula>-DOP), and present a pair of differentially oblivious algorithms to read and write elements in an array without using oblivious shuffle. Detailed security analysis demonstrates that the proposed <monospace>DOPM</monospace> achieves the goal of protecting confidentiality and access pattern during the matching process. Finally, we benchmark our scheme on a real-world human genome dataset, and experimental results show that <monospace>DOPM</monospace> is <inline-formula><tex-math notation=\"LaTeX\">$10.9times$</tex-math><alternatives><mml:math><mml:mrow><mml:mn>10</mml:mn><mml:mo>.</mml:mo><mml:mn>9</mml:mn><mml:mo>×</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"ning-ieq3-3206758.gif\"/></alternatives></inline-formula> faster than the brute-force matching, <inline-formula><tex-math notation=\"LaTeX\">$3.4-7.1times$</tex-math><alternatives><mml:math><mml:mrow><mml:mn>3</mml:mn><mml:mo>.</mml:mo><mml:mn>4</mml:mn><mml:mo>-</mml:mo><mml:mn>7</mml:mn><mml:mo>.</mml:mo><mml:mn>1</mml:mn><mml:mo>×</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"ning-ieq4-3206758.gif\"/></alternatives></inline-formula> faster than two state-of-the-art approaches.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4101-4117"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48110739","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: