Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3218191
Ardavan Bozorgi, Alireza Bahramali, Fateme Rezaei, Amirhossein Ghafari, A. Houmansadr, Ramin Soltani, D. Goeckel, D. Towsley
Instant Messaging (IM) applications such as Signal, Telegram, and WhatsApp have become tremendously popular in recent years. Unfortunately, such IM services have been targets of governmental surveillance and censorship, as these services are home to public and private communications on socially and politically sensitive topics. To protect their clients, popular IM services deploy state-of-the-art encryption. Despite the use of advanced encryption, we show that popular IM applications leak sensitive information about their clients to adversaries merely monitoring their encrypted IM traffic, with no need for leveraging any software vulnerabilities of IM applications. Specifically, we devise traffic analysis attacks enabling an adversary to identify participants of target IM communications (e.g., forums) with high accuracies. We believe that our study demonstrates a significant, real-world threat to the users of such services. We demonstrate the practicality of our attacks through extensive experiments on real-world IM communications. We show that standard countermeasure techniques can degrade the effectiveness of these attacks. We hope our study will encourage IM providers to integrate effective traffic obfuscation into their software. In the meantime, we have designed a countermeasure system, called IMProxy that can be used by IM clients with no need for any support from IM providers. We demonstrate the effectiveness of IMProxy through simulation and experiments.
{"title":"I Still Know What You Did Last Summer: Inferring Sensitive User Activities on Messaging Applications Through Traffic Analysis","authors":"Ardavan Bozorgi, Alireza Bahramali, Fateme Rezaei, Amirhossein Ghafari, A. Houmansadr, Ramin Soltani, D. Goeckel, D. Towsley","doi":"10.1109/TDSC.2022.3218191","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3218191","url":null,"abstract":"Instant Messaging (IM) applications such as Signal, Telegram, and WhatsApp have become tremendously popular in recent years. Unfortunately, such IM services have been targets of governmental surveillance and censorship, as these services are home to public and private communications on socially and politically sensitive topics. To protect their clients, popular IM services deploy state-of-the-art encryption. Despite the use of advanced encryption, we show that popular IM applications leak sensitive information about their clients to adversaries merely monitoring their encrypted IM traffic, with no need for leveraging any software vulnerabilities of IM applications. Specifically, we devise traffic analysis attacks enabling an adversary to identify participants of target IM communications (e.g., forums) with high accuracies. We believe that our study demonstrates a significant, real-world threat to the users of such services. We demonstrate the practicality of our attacks through extensive experiments on real-world IM communications. We show that standard countermeasure techniques can degrade the effectiveness of these attacks. We hope our study will encourage IM providers to integrate effective traffic obfuscation into their software. In the meantime, we have designed a countermeasure system, called IMProxy that can be used by IM clients with no need for any support from IM providers. We demonstrate the effectiveness of IMProxy through simulation and experiments.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4135-4153"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49582604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3217115
Sergio Galan, P. Reviriego, Stefan Walzer, A. Sánchez-Macián, Shanshan Liu, Fabrizio Lombardi
Counting Bloom Filters (CBFs) are approximate membership checking data structures, and it is normally believed that at most an approximate reconstruction of the underlying set can be derived when interacting with a CBF. This paper decisively refutes this assumption. In a recent paper, we considered the privacy of CBFs when the attacker has access to the implementation details and thus, it sees the filter as a white-box. In that setting, we showed that the attacker may be able to extract the elements stored in the filter when the number of false positives over the entire universe is not significantly larger than the number of elements stored in the filter. In this work, we consider a black-box attacker that can only perform user interactions on the CBF to insert, remove and query elements with no knowledge of the filter implementation details. We show that even in this case, an attacker may be able to extract information from the filter at the cost of using more complex and time-consuming attack algorithms. The proposed algorithms have been implemented and compared with the white-box attack, showing that in most cases, almost the same information can be extracted from the filter.
{"title":"On the Privacy of Counting Bloom Filters Under a Black-Box Attacker","authors":"Sergio Galan, P. Reviriego, Stefan Walzer, A. Sánchez-Macián, Shanshan Liu, Fabrizio Lombardi","doi":"10.1109/TDSC.2022.3217115","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3217115","url":null,"abstract":"Counting Bloom Filters (CBFs) are approximate membership checking data structures, and it is normally believed that at most an approximate reconstruction of the underlying set can be derived when interacting with a CBF. This paper decisively refutes this assumption. In a recent paper, we considered the privacy of CBFs when the attacker has access to the implementation details and thus, it sees the filter as a white-box. In that setting, we showed that the attacker may be able to extract the elements stored in the filter when the number of false positives over the entire universe is not significantly larger than the number of elements stored in the filter. In this work, we consider a black-box attacker that can only perform user interactions on the CBF to insert, remove and query elements with no knowledge of the filter implementation details. We show that even in this case, an attacker may be able to extract information from the filter at the cost of using more complex and time-consuming attack algorithms. The proposed algorithms have been implemented and compared with the white-box attack, showing that in most cases, almost the same information can be extracted from the filter.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4434-4440"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42420610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3214809
Zhen Liu, Changzhen Hu, Chun Shan, Zheng Yan
Calculating system damage caused by a cyberattack can help in understanding the impact and destructiveness of the attack to discover system security weaknesses. Thus, system damage calculations is important in the process of network offense–defense confrontation. However, there is little research on attack damage calculation. Current methods are unable to quantitatively evaluate the impact of an attack in a rational and accurate way. The lack of theoretical support and the complexity of both cyber systems and attacks bring tremendous challenges to attack damage calculations. In this paper, we propose a novel method called ADCaDeM to enable quantitative attack damage calculation based on a differential manifold. The damage is a negative utility produced by attack behaviors on an attacked object, which can be characterized and expressed by its attributes. We formally map the attack behaviors into a space constructed by the attributes of the attacked object in a mathematical way. Then, we propose an algorithm to construct these attributes as a differential manifold to represent their algebraic topological structure. According to the theory of tangent vectors and geodesics on the differential manifold, we can calculate attack behavioral utility in a physical way, such as computing the work done in physics. Regardless of the complexity of the dimensional structure of the attributes, the differential manifold structure can reasonably represent and calculate the damage caused by an attack. We simulate a data theft attack and a web penetration attack to test the performance of ADCaDeM and compare it with existing methods. Our experimental results illustrate ADCaDeM's advance in terms of rationality for calculating the damage caused by some typical cyberattacks.
{"title":"ADCaDeM: A Novel Method of Calculating Attack Damage Based on Differential Manifolds","authors":"Zhen Liu, Changzhen Hu, Chun Shan, Zheng Yan","doi":"10.1109/TDSC.2022.3214809","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3214809","url":null,"abstract":"Calculating system damage caused by a cyberattack can help in understanding the impact and destructiveness of the attack to discover system security weaknesses. Thus, system damage calculations is important in the process of network offense–defense confrontation. However, there is little research on attack damage calculation. Current methods are unable to quantitatively evaluate the impact of an attack in a rational and accurate way. The lack of theoretical support and the complexity of both cyber systems and attacks bring tremendous challenges to attack damage calculations. In this paper, we propose a novel method called ADCaDeM to enable quantitative attack damage calculation based on a differential manifold. The damage is a negative utility produced by attack behaviors on an attacked object, which can be characterized and expressed by its attributes. We formally map the attack behaviors into a space constructed by the attributes of the attacked object in a mathematical way. Then, we propose an algorithm to construct these attributes as a differential manifold to represent their algebraic topological structure. According to the theory of tangent vectors and geodesics on the differential manifold, we can calculate attack behavioral utility in a physical way, such as computing the work done in physics. Regardless of the complexity of the dimensional structure of the attributes, the differential manifold structure can reasonably represent and calculate the damage caused by an attack. We simulate a data theft attack and a web penetration attack to test the performance of ADCaDeM and compare it with existing methods. Our experimental results illustrate ADCaDeM's advance in terms of rationality for calculating the damage caused by some typical cyberattacks.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4070-4084"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44755518","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3210017
Hong-Yen Tran, Jiankun Hu, H. Pota
With the appearance of electric energy market deregulation, there exists a growing concern over the potential privacy leakage of commercial data among competing power companies where data sharing is essential in the applications such as smart grid state estimation. Most of the existing solutions are either perturbation-based or conventional cryptography-based where a trusted central 3rd party would often be required. This article proposes privacy-preserving state estimation protocols for DC and AC models. The proposed idea is to distribute the overall task of the system state estimation into sub-tasks which can be performed by local sub-grid operators with their private data. A masking method is designed inside a homomorphic encryption scheme which is then used to ensure both the input and output data privacy during the collaboration process among individual sub-task players. Security is achieved via the computationally indistinguishable post-quantum security guaranteed by a levelled homomorphic encryption scheme over real numbers and the differential privacy of the output estimated states provided by the Laplace mechanism perturbation integrated into the masking linear transformation. Simulation results are presented to demonstrate the validity of our proposed privacy-preserving system state estimation protocols.
{"title":"A Privacy-Preserving State Estimation Scheme for Smart Grids","authors":"Hong-Yen Tran, Jiankun Hu, H. Pota","doi":"10.1109/TDSC.2022.3210017","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3210017","url":null,"abstract":"With the appearance of electric energy market deregulation, there exists a growing concern over the potential privacy leakage of commercial data among competing power companies where data sharing is essential in the applications such as smart grid state estimation. Most of the existing solutions are either perturbation-based or conventional cryptography-based where a trusted central 3rd party would often be required. This article proposes privacy-preserving state estimation protocols for DC and AC models. The proposed idea is to distribute the overall task of the system state estimation into sub-tasks which can be performed by local sub-grid operators with their private data. A masking method is designed inside a homomorphic encryption scheme which is then used to ensure both the input and output data privacy during the collaboration process among individual sub-task players. Security is achieved via the computationally indistinguishable post-quantum security guaranteed by a levelled homomorphic encryption scheme over real numbers and the differential privacy of the output estimated states provided by the Laplace mechanism perturbation integrated into the masking linear transformation. Simulation results are presented to demonstrate the validity of our proposed privacy-preserving system state estimation protocols.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3940-3956"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43459859","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3222533
Qin Liu, Yu Peng, Hongbo Jiang, Jie Wu, Tian Wang, Tao Peng, Guojun Wang
Due to the explosive increase of enterprise network traffic, middleboxes that inspect packets through customized rules have been widely outsourced for cost-saving. Despite promising, redirecting enterprise traffic to remote middleboxes raises privacy concerns about the exposure of corporate secrets. To address this, existing solutions mainly apply searchable encryption (SE) to encrypt traffic and rules, enabling middlebox to perform pattern matching over ciphertexts without learning any sensitive information. However, SE is designed for searching pre-chosen keywords, and may cause extensive costs when applied directly to inspecting traffic in which the keywords cannot be determined in advance. The inefficiency of existing SE-based approaches motivates us to investigate a privacy-preserving and lightweight middlebox. To this end, this paper designs $mathsf{SlimBox}$SlimBox, which rapidly screens out potentially malicious packets in constant time while incurring only moderate communication overhead. Our main idea is to fragment a traffic/rule string into sub-patterns to achieve conjunctive sub-pattern matching over ciphertexts, while incorporating the position information into the secure matching process to avoid false positives. Experiment results on real datasets show that $mathsf{SlimBox}$SlimBox can achieve a good tradeoff between matching latency and communication cost compared to prior work.
{"title":"SlimBox: Lightweight Packet Inspection over Encrypted Traffic","authors":"Qin Liu, Yu Peng, Hongbo Jiang, Jie Wu, Tian Wang, Tao Peng, Guojun Wang","doi":"10.1109/TDSC.2022.3222533","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3222533","url":null,"abstract":"Due to the explosive increase of enterprise network traffic, middleboxes that inspect packets through customized rules have been widely outsourced for cost-saving. Despite promising, redirecting enterprise traffic to remote middleboxes raises privacy concerns about the exposure of corporate secrets. To address this, existing solutions mainly apply searchable encryption (SE) to encrypt traffic and rules, enabling middlebox to perform pattern matching over ciphertexts without learning any sensitive information. However, SE is designed for searching pre-chosen keywords, and may cause extensive costs when applied directly to inspecting traffic in which the keywords cannot be determined in advance. The inefficiency of existing SE-based approaches motivates us to investigate a privacy-preserving and lightweight middlebox. To this end, this paper designs <inline-formula><tex-math notation=\"LaTeX\">$mathsf{SlimBox}$</tex-math><alternatives><mml:math><mml:mi mathvariant=\"sans-serif\">SlimBox</mml:mi></mml:math><inline-graphic xlink:href=\"wang-ieq1-3222533.gif\"/></alternatives></inline-formula>, which rapidly screens out potentially malicious packets in constant time while incurring only moderate communication overhead. Our main idea is to fragment a traffic/rule string into sub-patterns to achieve conjunctive sub-pattern matching over ciphertexts, while incorporating the position information into the secure matching process to avoid false positives. Experiment results on real datasets show that <inline-formula><tex-math notation=\"LaTeX\">$mathsf{SlimBox}$</tex-math><alternatives><mml:math><mml:mi mathvariant=\"sans-serif\">SlimBox</mml:mi></mml:math><inline-graphic xlink:href=\"wang-ieq2-3222533.gif\"/></alternatives></inline-formula> can achieve a good tradeoff between matching latency and communication cost compared to prior work.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4359-4371"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46995993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3214666
Zhi-Li Zhang, Wei He, Yueqiang Cheng, Wenhao Wang, Yansong Gao, Dongxi Liu, Kang Li, Surya Nepal, Anmin Fu, Yuexian Zou
Rowhammer is a hardware vulnerability in DRAM memory, where repeated access to hammer rows can induce bit flips in neighboring victim rows. Rowhammer attacks have enabled privilege escalation, sandbox escape, cryptographic key disclosures, etc. A key requirement of all existing rowhammer attacks is that an attacker must have access to at least part of an exploitable hammer row. We term such rowhammer attacks as Explicit Hammer. Recently, several proposals leverage the spatial proximity between the accessed hammer rows and the location of the victim rows for a defense against rowhammer. These all aim to deny the attacker's permission to access hammer rows near sensitive data, thus defeating explicit hammer-based attacks. In this paper, we question the core assumption underlying these defenses. We present Implicit Hammer, a confused-deputy attack that causes accesses to hammer rows that the attacker is not allowed to access. It is a paradigm shift in rowhammer attacks since it crosses privilege boundary to stealthily rowhammer an inaccessible row by implicit DRAM accesses. Such accesses are achieved by abusing inherent features of modern hardware and/or software. We propose a generic model to rigorously formalize the necessary conditions to initiate implicit hammer and explicit hammer, respectively. Compared to explicit hammer, implicit hammer can defeat the advanced software-only defenses, stealthy in hiding itself and hard to be mitigated. To demonstrate the practicality of implicit hammer, we have created two implicit hammer's instances, called PThammer and SyscallHammer.
{"title":"Implicit Hammer: Cross-Privilege-Boundary Rowhammer Through Implicit Accesses","authors":"Zhi-Li Zhang, Wei He, Yueqiang Cheng, Wenhao Wang, Yansong Gao, Dongxi Liu, Kang Li, Surya Nepal, Anmin Fu, Yuexian Zou","doi":"10.1109/TDSC.2022.3214666","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3214666","url":null,"abstract":"Rowhammer is a hardware vulnerability in DRAM memory, where repeated access to hammer rows can induce bit flips in neighboring victim rows. Rowhammer attacks have enabled privilege escalation, sandbox escape, cryptographic key disclosures, etc. A key requirement of all existing rowhammer attacks is that an attacker must have access to at least part of an exploitable hammer row. We term such rowhammer attacks as Explicit Hammer. Recently, several proposals leverage the spatial proximity between the accessed hammer rows and the location of the victim rows for a defense against rowhammer. These all aim to deny the attacker's permission to access hammer rows near sensitive data, thus defeating explicit hammer-based attacks. In this paper, we question the core assumption underlying these defenses. We present Implicit Hammer, a confused-deputy attack that causes accesses to hammer rows that the attacker is not allowed to access. It is a paradigm shift in rowhammer attacks since it crosses privilege boundary to stealthily rowhammer an inaccessible row by implicit DRAM accesses. Such accesses are achieved by abusing inherent features of modern hardware and/or software. We propose a generic model to rigorously formalize the necessary conditions to initiate implicit hammer and explicit hammer, respectively. Compared to explicit hammer, implicit hammer can defeat the advanced software-only defenses, stealthy in hiding itself and hard to be mitigated. To demonstrate the practicality of implicit hammer, we have created two implicit hammer's instances, called PThammer and SyscallHammer.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3716-3733"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47050844","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Albeit the popularity of federated learning (FL), recently emerging model-inversion and poisoning attacks arouse extensive concerns towards privacy or model integrity, which catalyzes the developments of secure federated learning (SFL) methods. Nonetheless, the collisions between its privacy and integrity, two equally crucial elements in collaborative learning scenarios, are relatively underexplored. Individuals’ wish to “hide in the crowd” for privacy frequently clashes with aggregators’ need to resist abnormal participants for integrity (i.e., the incompatibility between Byzantine robustness and differential privacy). The dilemma prompts researchers to reflect on how to build mutual confidence between individuals and aggregators. Against the backdrop, this paper proposes a multi-shuffler secure federated learning (MSFL) framework, based on which we further propound three modules (hierarchical shuffling mechanism, malice evaluation module, and composite defense strategy) to jointly guarantee strong privacy protection, efficient poisoning resistance, and agile adversary elimination. Extensive experiments on standard datasets exhibited the method's effectiveness in thwarting different FL poisoning attack paradigms with a minimal cost of privacy breaches.
{"title":"A Multi-Shuffler Framework to Establish Mutual Confidence for Secure Federated Learning","authors":"Zan Zhou, Changqiao Xu, Mingze Wang, Xiaohui Kuang, Yirong Zhuang, Shui Yu","doi":"10.1109/TDSC.2022.3215574","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3215574","url":null,"abstract":"Albeit the popularity of federated learning (FL), recently emerging model-inversion and poisoning attacks arouse extensive concerns towards privacy or model integrity, which catalyzes the developments of secure federated learning (SFL) methods. Nonetheless, the collisions between its privacy and integrity, two equally crucial elements in collaborative learning scenarios, are relatively underexplored. Individuals’ wish to “hide in the crowd” for privacy frequently clashes with aggregators’ need to resist abnormal participants for integrity (i.e., the incompatibility between Byzantine robustness and differential privacy). The dilemma prompts researchers to reflect on how to build mutual confidence between individuals and aggregators. Against the backdrop, this paper proposes a multi-shuffler secure federated learning (MSFL) framework, based on which we further propound three modules (hierarchical shuffling mechanism, malice evaluation module, and composite defense strategy) to jointly guarantee strong privacy protection, efficient poisoning resistance, and agile adversary elimination. Extensive experiments on standard datasets exhibited the method's effectiveness in thwarting different FL poisoning attack paradigms with a minimal cost of privacy breaches.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4230-4244"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41998702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3227141
Songnian Zhang, S. Ray, Rongxing Lu, Yunguo Guan, Yandong Zheng, Jun Shao
As a popular and practical query type in location-based services, the spatial keyword query has been extensively studied in both academia and industry. Meanwhile, with the growing demand for data privacy, many privacy-preserving spatial keyword query schemes have been proposed to deal with queries over encrypted data. However, none of the existing schemes preserve access pattern privacy, and the recent research illustrates that leaking such privacy may incur inference attacks and thus disclose sensitive information. In addition, most existing schemes only consider the boolean keyword search, which is not quite practical and flexible in real-world applications. To address the above issues, in this paper, we propose two privacy-preserving spatial keyword similarity query schemes that can preserve full and partial access pattern privacy, respectively. First, we present a basic privacy-preserving spatial keyword similarity query scheme (PPSKS) by integrating a secure set membership test (SSMT) technique with secure circuits. After that, to improve performance, we propose a tree-based scheme (PPSKS+) by employing a new index called FR-tree together with a predicate encryption technique that can encrypt FR-tree. Formal security analysis shows that: i) our proposed schemes can protect outsourced data, query requests, and query results; ii) our PPSKS scheme can hide full access patterns, while the PPSKS+ scheme preserves $m$m-access pattern privacy. Extensive experiments are also conducted, and the results indicate that our tree-based PPSKS+ scheme is much more efficient, almost two orders of magnitude better than our linear search PPSKS scheme in performing queries.
{"title":"Efficient and Privacy-Preserving Spatial Keyword Similarity Query Over Encrypted Data","authors":"Songnian Zhang, S. Ray, Rongxing Lu, Yunguo Guan, Yandong Zheng, Jun Shao","doi":"10.1109/TDSC.2022.3227141","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3227141","url":null,"abstract":"As a popular and practical query type in location-based services, the spatial keyword query has been extensively studied in both academia and industry. Meanwhile, with the growing demand for data privacy, many privacy-preserving spatial keyword query schemes have been proposed to deal with queries over encrypted data. However, none of the existing schemes preserve access pattern privacy, and the recent research illustrates that leaking such privacy may incur inference attacks and thus disclose sensitive information. In addition, most existing schemes only consider the boolean keyword search, which is not quite practical and flexible in real-world applications. To address the above issues, in this paper, we propose two privacy-preserving spatial keyword similarity query schemes that can preserve full and partial access pattern privacy, respectively. First, we present a basic privacy-preserving spatial keyword similarity query scheme (PPSKS) by integrating a secure set membership test (SSMT) technique with secure circuits. After that, to improve performance, we propose a tree-based scheme (PPSKS+) by employing a new index called FR-tree together with a predicate encryption technique that can encrypt FR-tree. Formal security analysis shows that: i) our proposed schemes can protect outsourced data, query requests, and query results; ii) our PPSKS scheme can hide full access patterns, while the PPSKS+ scheme preserves <inline-formula><tex-math notation=\"LaTeX\">$m$</tex-math><alternatives><mml:math><mml:mi>m</mml:mi></mml:math><inline-graphic xlink:href=\"lu-ieq1-3227141.gif\"/></alternatives></inline-formula>-access pattern privacy. Extensive experiments are also conducted, and the results indicate that our tree-based PPSKS+ scheme is much more efficient, almost two orders of magnitude better than our linear search PPSKS scheme in performing queries.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3770-3786"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48767861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3214423
Soumya Purohit, R. Neupane, Naga Ramya Bhamidipati, Varsha Vakkavanthula, Songjie Wang, Matthew Rockey, P. Calyam
Cloud-hosted applications are prone to targeted attacks such as DDoS, advanced persistent threats, Cryptojacking which threaten service availability. Recently, methods for threat information sharing and defense require cooperation and trust between multiple domains/entities. There is a need for mechanisms that establish distributed trust to allow for such a collective defense. In this paper, we present a novel threat intelligence sharing and defense system, namely “DefenseChain,” to allow organizations to have incentive-based and trustworthy cooperation to mitigate the impact of cyber attacks. Our solution approach features a consortium Blockchain platform and an economic model to obtain threat data and select suitable peers to help with attack detection and mitigation. We apply DefenseChain in the financial technology industry for an insurance claim processing use case to demonstrate the effectiveness of DefenseChain in a real-world application setting. Our evaluation experiments with DefenseChain implementation are performed on an Open Cloud testbed with Hyperledger Composer and in a simulation environment. Our results show that the DefenseChain system overall performs better than state-of-the-art decision making schemes in choosing the most appropriate detector and mitigator peers. Lastly, we validate how DefenseChain helps mitigate the threat risk of incidents relating to potential fraudulent insurance claims or cyber attacks.
{"title":"Cyber Threat Intelligence Sharing for Co-Operative Defense in Multi-Domain Entities","authors":"Soumya Purohit, R. Neupane, Naga Ramya Bhamidipati, Varsha Vakkavanthula, Songjie Wang, Matthew Rockey, P. Calyam","doi":"10.1109/TDSC.2022.3214423","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3214423","url":null,"abstract":"Cloud-hosted applications are prone to targeted attacks such as DDoS, advanced persistent threats, Cryptojacking which threaten service availability. Recently, methods for threat information sharing and defense require cooperation and trust between multiple domains/entities. There is a need for mechanisms that establish distributed trust to allow for such a collective defense. In this paper, we present a novel threat intelligence sharing and defense system, namely “DefenseChain,” to allow organizations to have incentive-based and trustworthy cooperation to mitigate the impact of cyber attacks. Our solution approach features a consortium Blockchain platform and an economic model to obtain threat data and select suitable peers to help with attack detection and mitigation. We apply DefenseChain in the financial technology industry for an insurance claim processing use case to demonstrate the effectiveness of DefenseChain in a real-world application setting. Our evaluation experiments with DefenseChain implementation are performed on an Open Cloud testbed with Hyperledger Composer and in a simulation environment. Our results show that the DefenseChain system overall performs better than state-of-the-art decision making schemes in choosing the most appropriate detector and mitigator peers. Lastly, we validate how DefenseChain helps mitigate the threat risk of incidents relating to potential fraudulent insurance claims or cyber attacks.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4273-4290"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47626315","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3219849
Mingwu Zhang, Yu Chen, W. Susilo
By collecting and analyzing patients' e-healthcare data in Medical Internet-of-Things (MIOT), e-Healthcare providers can offer alternative and helpful evaluation services of the risk of diseases to patients. However, e-Healthcare providers cannot cope with the huge volumes of data and respond to this online service. Providers typically outsource medical data to powerful medical cloud servers. Since outsourced servers are not fully trusted, a direct evaluation service will inevitably result in privacy risks concerning the patient's identity or original medical data. It is hard to hide the results of an evaluation from the single-server model unless a fully homomorphic cryptosystem is used or the patients must communicate online with the cloud multiple times in an inefficient manner. With regards to these issues, this article proposes a Secure and Privacy-Preserving Decision Tree Evaluation scheme (namely SPP-DTE) to achieve secure disease diagnosis classification under e-Healthcare systems without revealing the sensitive information of patients such as physiological data or the private data of medical providers such as the structure of decision trees. Our proposed scheme uses modified KNN computation to match the similarity and preserve the confidentiality of raw data and also applies matrix randomization and monotonically increasing and one-way functions to confuse the intermediate results. The experiment is conducted in data sets from UCI machine learning repository of medical health data. Our analysis indicates that the proposed SPP-DTE scheme is efficient in terms of computational cost and communication overhead that is practical and efficient for privacy protection in e-Healthcare classification and diagnosis system.
{"title":"Decision Tree Evaluation on Sensitive Datasets for Secure e-Healthcare Systems","authors":"Mingwu Zhang, Yu Chen, W. Susilo","doi":"10.1109/TDSC.2022.3219849","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3219849","url":null,"abstract":"By collecting and analyzing patients' e-healthcare data in Medical Internet-of-Things (MIOT), e-Healthcare providers can offer alternative and helpful evaluation services of the risk of diseases to patients. However, e-Healthcare providers cannot cope with the huge volumes of data and respond to this online service. Providers typically outsource medical data to powerful medical cloud servers. Since outsourced servers are not fully trusted, a direct evaluation service will inevitably result in privacy risks concerning the patient's identity or original medical data. It is hard to hide the results of an evaluation from the single-server model unless a fully homomorphic cryptosystem is used or the patients must communicate online with the cloud multiple times in an inefficient manner. With regards to these issues, this article proposes a Secure and Privacy-Preserving Decision Tree Evaluation scheme (namely SPP-DTE) to achieve secure disease diagnosis classification under e-Healthcare systems without revealing the sensitive information of patients such as physiological data or the private data of medical providers such as the structure of decision trees. Our proposed scheme uses modified KNN computation to match the similarity and preserve the confidentiality of raw data and also applies matrix randomization and monotonically increasing and one-way functions to confuse the intermediate results. The experiment is conducted in data sets from UCI machine learning repository of medical health data. Our analysis indicates that the proposed SPP-DTE scheme is efficient in terms of computational cost and communication overhead that is practical and efficient for privacy protection in e-Healthcare classification and diagnosis system.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3988-4001"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43677889","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: