Pub Date : 2024-12-25DOI: 10.1109/tifs.2024.3523202
Changsong Jiang, Chunxiang Xu, Xinfeng Dong, Kefei Chen, Guomin Yang
{"title":"An Efficient Privacy-Preserving Scheme for Weak Password Collection in Internet of Things against Perpetual Leakage","authors":"Changsong Jiang, Chunxiang Xu, Xinfeng Dong, Kefei Chen, Guomin Yang","doi":"10.1109/tifs.2024.3523202","DOIUrl":"https://doi.org/10.1109/tifs.2024.3523202","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"41 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2024-12-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142888825","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"B-AVIBench: Towards Evaluating the Robustness of Large Vision-Language Model on Black-box Adversarial Visual-Instructions","authors":"Hao Zhang, Wenqi Shao, Hong Liu, Yongqiang Ma, Ping Luo, Yu Qiao, Nanning Zheng, Kaipeng Zhang","doi":"10.1109/tifs.2024.3520306","DOIUrl":"https://doi.org/10.1109/tifs.2024.3520306","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"41 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2024-12-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142888374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-25DOI: 10.1109/TIFS.2024.3523198
Mingwei Zeng;Jie Cui;Qingyang Zhang;Hong Zhong;Debiao He
The rapid evolution of the Industrial Internet of Things (IIoT) has necessitated increased device interactions across various management domains. This entails devices from different domains collaborating on the same production task. This poses significant challenges for the dynamics of cross-domain authentication schemes. Traditional cross-domain authentication schemes struggle to support seamless switching between domains and face difficulties when accommodating devices that join and leave the same domain. Moreover, these schemes suffer from intricate interactions and suboptimal efficiency. To address these issues, we propose a dynamic group signature scheme based on a dynamic accumulator and a non-interactive zero-knowledge proof. We integrated this scheme with blockchain technology to construct an efficient revocation cross-domain authentication scheme. The proposed scheme enables cross-domain anonymous authentication with simple interactions and provides an efficient revocation function for illegal devices. This approach ensures conditional privacy-preserving and enables efficient member joining and exiting through a dynamic accumulator. It effectively addresses the dynamic requirements of devices involved in IIoT production and manufacturing processes. We prove the security of the proposed scheme using a random Oracle model and conduct thorough analyses to verify its resistance against various attacks. Furthermore, the experimental results demonstrate that the proposed scheme achieves better performance in terms of computational and communication costs.
{"title":"Efficient Revocable Cross-Domain Anonymous Authentication Scheme for IIoT","authors":"Mingwei Zeng;Jie Cui;Qingyang Zhang;Hong Zhong;Debiao He","doi":"10.1109/TIFS.2024.3523198","DOIUrl":"10.1109/TIFS.2024.3523198","url":null,"abstract":"The rapid evolution of the Industrial Internet of Things (IIoT) has necessitated increased device interactions across various management domains. This entails devices from different domains collaborating on the same production task. This poses significant challenges for the dynamics of cross-domain authentication schemes. Traditional cross-domain authentication schemes struggle to support seamless switching between domains and face difficulties when accommodating devices that join and leave the same domain. Moreover, these schemes suffer from intricate interactions and suboptimal efficiency. To address these issues, we propose a dynamic group signature scheme based on a dynamic accumulator and a non-interactive zero-knowledge proof. We integrated this scheme with blockchain technology to construct an efficient revocation cross-domain authentication scheme. The proposed scheme enables cross-domain anonymous authentication with simple interactions and provides an efficient revocation function for illegal devices. This approach ensures conditional privacy-preserving and enables efficient member joining and exiting through a dynamic accumulator. It effectively addresses the dynamic requirements of devices involved in IIoT production and manufacturing processes. We prove the security of the proposed scheme using a random Oracle model and conduct thorough analyses to verify its resistance against various attacks. Furthermore, the experimental results demonstrate that the proposed scheme achieves better performance in terms of computational and communication costs.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"996-1010"},"PeriodicalIF":6.3,"publicationDate":"2024-12-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142888373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-25DOI: 10.1109/tifs.2024.3522775
Vamoua Yachongka, Hideki Yagi, Hideki Ochiai
{"title":"Outer Bounds on the CEO Problem with Privacy Constraints","authors":"Vamoua Yachongka, Hideki Yagi, Hideki Ochiai","doi":"10.1109/tifs.2024.3522775","DOIUrl":"https://doi.org/10.1109/tifs.2024.3522775","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"3 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2024-12-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142888375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-23DOI: 10.1109/TIFS.2024.3516542
Fei Meng;Leixiao Cheng
The cloud server is a versatile platform for data storage, with users increasingly uploading personal data to public servers to circumvent costly local storage. However, the server is not entirely honest, as it may potentially compromise user data privacy. Ciphertext-policy attribute-based encryption (CP-ABE) is a highly flexible cryptographic technique for ensuring access control over encrypted data in cloud storage applications. To prevent unauthorized access, traceability and revocability are two necessary requirements for CP-ABE system. Nevertheless, existing white-box traceable and revocable CP-ABE schemes suffer from several imitations: 1) Whether direct revocation or indirect revocation is applied, neither type of the revocation mode is well compatible with the trace function. 2) Moreover, all of the previous white-box traceable CP-ABE schemes rely on non-static assumptions to prove traceability. Ideally, a scheme provably secure under static complexity assumptions is preferable. To deal with these issues, we propose a novel traceable and server-aided revocable CP-ABE (TSR-ABE) scheme based on static assumptions. Specifically, our revocation mode works well with the trace function, and we prove the adaptive chosen-plaintext attack security and traceability of our scheme via the well-known dual system encryption methodology. Compared with many previous traceable CP-ABE schemes, regardless of whether they support revocation or not, we remove the need to introduce an additional l-SDH assumption to prove the traceability of the scheme. In addition, our scheme is more practical due to its lower private key size, lower decryption costs and lower tracing costs. As a result, we strengthen current research from the perspective of both security and efficiency.
{"title":"TSR-ABE: Traceable and Server-Aided Revocable Ciphertext-Policy Attribute-Based Encryption Under Static Assumptions","authors":"Fei Meng;Leixiao Cheng","doi":"10.1109/TIFS.2024.3516542","DOIUrl":"10.1109/TIFS.2024.3516542","url":null,"abstract":"The cloud server is a versatile platform for data storage, with users increasingly uploading personal data to public servers to circumvent costly local storage. However, the server is not entirely honest, as it may potentially compromise user data privacy. Ciphertext-policy attribute-based encryption (CP-ABE) is a highly flexible cryptographic technique for ensuring access control over encrypted data in cloud storage applications. To prevent unauthorized access, traceability and revocability are two necessary requirements for CP-ABE system. Nevertheless, existing white-box traceable and revocable CP-ABE schemes suffer from several imitations: 1) Whether direct revocation or indirect revocation is applied, neither type of the revocation mode is well compatible with the trace function. 2) Moreover, all of the previous white-box traceable CP-ABE schemes rely on non-static assumptions to prove traceability. Ideally, a scheme provably secure under static complexity assumptions is preferable. To deal with these issues, we propose a novel traceable and server-aided revocable CP-ABE (TSR-ABE) scheme based on static assumptions. Specifically, our revocation mode works well with the trace function, and we prove the adaptive chosen-plaintext attack security and traceability of our scheme via the well-known dual system encryption methodology. Compared with many previous traceable CP-ABE schemes, regardless of whether they support revocation or not, we remove the need to introduce an additional l-SDH assumption to prove the traceability of the scheme. In addition, our scheme is more practical due to its lower private key size, lower decryption costs and lower tracing costs. As a result, we strengthen current research from the perspective of both security and efficiency.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"955-967"},"PeriodicalIF":6.3,"publicationDate":"2024-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142879742","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-23DOI: 10.1109/TIFS.2024.3521611
Chengxiang Jin;Jiajun Zhou;Chenxuan Xie;Shanqing Yu;Qi Xuan;Xiaoniu Yang
The rampant fraudulent activities on Ethereum hinder the healthy development of the blockchain ecosystem, necessitating the reinforcement of regulations. However, multiple imbalances involving account interaction frequencies and interaction types in the Ethereum transaction environment pose significant challenges to data mining-based fraud detection research. To address this, we first propose the concept of meta-interactions to refine interaction behaviors in Ethereum, and based on this, we present a dual self-supervision enhanced Ethereum fraud detection framework, named Meta-IFD. This framework initially introduces a generative self-supervision mechanism to augment the interaction features of accounts, followed by a contrastive self-supervision mechanism to differentiate various behavior patterns, and ultimately characterizes the behavioral representations of accounts and mines potential fraud risks through multi-view interaction feature learning. Extensive experiments on real Ethereum datasets demonstrate the effectiveness and superiority of our framework in detecting common Ethereum fraud behaviors such as Ponzi schemes and phishing scams. Additionally, the generative module can effectively alleviate the interaction distribution imbalance in Ethereum data, while the contrastive module significantly enhances the framework’s ability to distinguish different behavior patterns. The source code will be available in �https://github.com/GISec-Team/Meta-IFD�.
{"title":"Enhancing Ethereum Fraud Detection via Generative and Contrastive Self-Supervision","authors":"Chengxiang Jin;Jiajun Zhou;Chenxuan Xie;Shanqing Yu;Qi Xuan;Xiaoniu Yang","doi":"10.1109/TIFS.2024.3521611","DOIUrl":"10.1109/TIFS.2024.3521611","url":null,"abstract":"The rampant fraudulent activities on Ethereum hinder the healthy development of the blockchain ecosystem, necessitating the reinforcement of regulations. However, multiple imbalances involving account interaction frequencies and interaction types in the Ethereum transaction environment pose significant challenges to data mining-based fraud detection research. To address this, we first propose the concept of meta-interactions to refine interaction behaviors in Ethereum, and based on this, we present a dual self-supervision enhanced Ethereum fraud detection framework, named Meta-IFD. This framework initially introduces a generative self-supervision mechanism to augment the interaction features of accounts, followed by a contrastive self-supervision mechanism to differentiate various behavior patterns, and ultimately characterizes the behavioral representations of accounts and mines potential fraud risks through multi-view interaction feature learning. Extensive experiments on real Ethereum datasets demonstrate the effectiveness and superiority of our framework in detecting common Ethereum fraud behaviors such as Ponzi schemes and phishing scams. Additionally, the generative module can effectively alleviate the interaction distribution imbalance in Ethereum data, while the contrastive module significantly enhances the framework’s ability to distinguish different behavior patterns. The source code will be available in \u0000<uri>https://github.com/GISec-Team/Meta-IFD</uri>\u0000.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"839-853"},"PeriodicalIF":6.3,"publicationDate":"2024-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142879741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-23DOI: 10.1109/tifs.2024.3518072
Qi Guo, Shanmin Pang, Xiaojun Jia, Yang Liu, Qing Guo
{"title":"Efficient Generation of Targeted and Transferable Adversarial Examples for Vision-Language Models Via Diffusion Models","authors":"Qi Guo, Shanmin Pang, Xiaojun Jia, Yang Liu, Qing Guo","doi":"10.1109/tifs.2024.3518072","DOIUrl":"https://doi.org/10.1109/tifs.2024.3518072","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"147 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2024-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142879956","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-20DOI: 10.1109/TIFS.2024.3516560
Anmol Kumar;Mayank Agarwal
Mitigating DDoS attacks poses a significant challenge for cyber security teams within victim organizations, as these attacks directly target service availability. Most DDoS mitigation solutions focus address the direct effects of DDoS attacks, such as service unavailability and network congestion, while the indirect effects, including collateral damage to legitimate users, receive substantially less attention in the present state-of-the-art. To address this gap, we propose a novel defense architecture designed to mitigate collateral damage and ensure service availability for legitimate users even under attack conditions. The proposed approach employs containerization, micro-services architecture, and traffic segmentation to enhance system resilience and fortify security. We send requests for two distinct services, namely an HTTP-based service and an SSH service, in order to analyze the collateral damage caused by the DDoS attack. The proposed architecture classifies incoming HTTP traffic into two categories: “benign traffic” and “suspicious traffic,” determined by the number of requests originating from the same source address. We tested this approach in three different scenarios (S-1, S-2, and S-3). Experimental results demonstrate that the proposed architecture effectively isolates suspicious traffic, mitigating its impact on benign services. This ensures the availability of critical services during a DDoS attack while minimizing collateral damage. In scenarios S-1, S-2, and S-3, it maintains service availability at 3%, 67%, and 98%, respectively, highlighting its efficacy in the face of varying levels of DDoS attack intensity. Furthermore, the architecture is extremely effective in reducing the collateral effects on SSH requests during a DDoS attack. In the S-1 scenario, SSH login time was reduced by 25%, 46%, and 27%, respectively. In the S-2 scenario, the reductions were 99%, 53%, and 29%. In the same vein, the system achieved reductions of 4%, 17%, and 99% in the S-3 scenario.
{"title":"Reducing Internal Collateral Damage From DDoS Attacks Through Micro-Service Cloud Architecture","authors":"Anmol Kumar;Mayank Agarwal","doi":"10.1109/TIFS.2024.3516560","DOIUrl":"10.1109/TIFS.2024.3516560","url":null,"abstract":"Mitigating DDoS attacks poses a significant challenge for cyber security teams within victim organizations, as these attacks directly target service availability. Most DDoS mitigation solutions focus address the direct effects of DDoS attacks, such as service unavailability and network congestion, while the indirect effects, including collateral damage to legitimate users, receive substantially less attention in the present state-of-the-art. To address this gap, we propose a novel defense architecture designed to mitigate collateral damage and ensure service availability for legitimate users even under attack conditions. The proposed approach employs containerization, micro-services architecture, and traffic segmentation to enhance system resilience and fortify security. We send requests for two distinct services, namely an HTTP-based service and an SSH service, in order to analyze the collateral damage caused by the DDoS attack. The proposed architecture classifies incoming HTTP traffic into two categories: “benign traffic” and “suspicious traffic,” determined by the number of requests originating from the same source address. We tested this approach in three different scenarios (S-1, S-2, and S-3). Experimental results demonstrate that the proposed architecture effectively isolates suspicious traffic, mitigating its impact on benign services. This ensures the availability of critical services during a DDoS attack while minimizing collateral damage. In scenarios S-1, S-2, and S-3, it maintains service availability at 3%, 67%, and 98%, respectively, highlighting its efficacy in the face of varying levels of DDoS attack intensity. Furthermore, the architecture is extremely effective in reducing the collateral effects on SSH requests during a DDoS attack. In the S-1 scenario, SSH login time was reduced by 25%, 46%, and 27%, respectively. In the S-2 scenario, the reductions were 99%, 53%, and 29%. In the same vein, the system achieved reductions of 4%, 17%, and 99% in the S-3 scenario.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1081-1091"},"PeriodicalIF":6.3,"publicationDate":"2024-12-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142867141","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-20DOI: 10.1109/TIFS.2024.3520863
Haochen Sun;Tonghe Bai;Jason Li;Hongyang Zhang
The recent advancements in deep learning have brought about significant changes in various aspects of people’s lives. Meanwhile, these rapid developments have raised concerns about the legitimacy of the training process of deep neural networks. To protect the intellectual properties of AI developers, directly examining the training process by accessing the model parameters and training data is often prohibited for verifiers. In response to this challenge, we present zero-knowledge deep learning (zkDL), an efficient zero-knowledge proof for deep learning training. To address the long-standing challenge of verifiable computations of non-linearities in deep learning training, we introduce zkReLU, a specialized proof for the ReLU activation and its backpropagation. zkReLU turns the disadvantage of non-arithmetic relations into an advantage, leading to the creation of FAC4DNN, our specialized arithmetic circuit design for modelling neural networks. This design aggregates the proofs over different layers and training steps, without being constrained by their sequential order in the training process. With our new CUDA implementation that achieves full compatibility with the tensor structures and the aggregated proof design, zkDL enables the generation of complete and sound proofs in less than a second per batch update for an 8-layer neural network with 10M parameters and a batch size of 64, while provably ensuring the privacy of data and model parameters. To our best knowledge, we are not aware of any existing work on zero-knowledge proof of deep learning training that is scalable to million-size networks.
{"title":"zkDL: Efficient Zero-Knowledge Proofs of Deep Learning Training","authors":"Haochen Sun;Tonghe Bai;Jason Li;Hongyang Zhang","doi":"10.1109/TIFS.2024.3520863","DOIUrl":"10.1109/TIFS.2024.3520863","url":null,"abstract":"The recent advancements in deep learning have brought about significant changes in various aspects of people’s lives. Meanwhile, these rapid developments have raised concerns about the legitimacy of the training process of deep neural networks. To protect the intellectual properties of AI developers, directly examining the training process by accessing the model parameters and training data is often prohibited for verifiers. In response to this challenge, we present zero-knowledge deep learning (zkDL), an efficient zero-knowledge proof for deep learning training. To address the long-standing challenge of verifiable computations of non-linearities in deep learning training, we introduce zkReLU, a specialized proof for the ReLU activation and its backpropagation. zkReLU turns the disadvantage of non-arithmetic relations into an advantage, leading to the creation of FAC4DNN, our specialized arithmetic circuit design for modelling neural networks. This design aggregates the proofs over different layers and training steps, without being constrained by their sequential order in the training process. With our new CUDA implementation that achieves full compatibility with the tensor structures and the aggregated proof design, zkDL enables the generation of complete and sound proofs in less than a second per batch update for an 8-layer neural network with 10M parameters and a batch size of 64, while provably ensuring the privacy of data and model parameters. To our best knowledge, we are not aware of any existing work on zero-knowledge proof of deep learning training that is scalable to million-size networks.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"914-927"},"PeriodicalIF":6.3,"publicationDate":"2024-12-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142867142","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The immutability of blockchain has exposed its limitations in adapting to rapidly evolving legal requirements and preventing malicious misuse. To address these issues, transaction-level redactable blockchain solutions based on the policy-based chameleon hash (PCH) have been introduced. These solutions allow users to create transactions and encrypt trapdoors under specific attribute policies. However, current transaction-level rewriting schemes face two security challenges: Firstly, transactions encrypted with the invalid trapdoor are difficult to rewrite; Secondly, due to lacking version detection on transactions, malicious modifiers may rollback the version of the transaction to launch a reversion attack. In this paper, we present a resilient and redactable blockchain (RRB) with 2-level rewriting and transaction version detection. Specifically, we propose a new redactable blockchain structure that supports both transaction-level and block-level rewriting. To tackle the invalid trapdoor problem, we propose two protocols: a fine-grained, controllable transaction-level rewriting protocol and a centrally controlled block-level rewriting protocol. Moreover, for the transaction reversion attack, we design a version detection mechanism for RRB by using an accumulator. Through security analysis and performance evaluation, we demonstrate the security and practicality of our RRB scheme.
{"title":"Resilient and Redactable Blockchain With Two-Level Rewriting and Version Detection","authors":"Wei Wang;Haipeng Peng;Junke Duan;Licheng Wang;Xiaoya Hu;Zilin Zhao","doi":"10.1109/TIFS.2024.3520830","DOIUrl":"10.1109/TIFS.2024.3520830","url":null,"abstract":"The immutability of blockchain has exposed its limitations in adapting to rapidly evolving legal requirements and preventing malicious misuse. To address these issues, transaction-level redactable blockchain solutions based on the policy-based chameleon hash (PCH) have been introduced. These solutions allow users to create transactions and encrypt trapdoors under specific attribute policies. However, current transaction-level rewriting schemes face two security challenges: Firstly, transactions encrypted with the invalid trapdoor are difficult to rewrite; Secondly, due to lacking version detection on transactions, malicious modifiers may rollback the version of the transaction to launch a reversion attack. In this paper, we present a resilient and redactable blockchain (RRB) with 2-level rewriting and transaction version detection. Specifically, we propose a new redactable blockchain structure that supports both transaction-level and block-level rewriting. To tackle the invalid trapdoor problem, we propose two protocols: a fine-grained, controllable transaction-level rewriting protocol and a centrally controlled block-level rewriting protocol. Moreover, for the transaction reversion attack, we design a version detection mechanism for RRB by using an accumulator. Through security analysis and performance evaluation, we demonstrate the security and practicality of our RRB scheme.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1163-1175"},"PeriodicalIF":6.3,"publicationDate":"2024-12-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142867076","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: