Pub Date : 2024-09-30DOI: 10.1109/TIFS.2024.3470650
Etienne Levecque;Jan Butora;Patrick Bas
This article presents a refined notion of incompatible JPEG images for a quality factor of 100. It can detect the presence of steganographic schemes embedding in DCT coefficients. We show that, within the JPEG pipeline, the combination of the DCT transform with the quantization function can map several blocks in the pixel domain to the same block in the DCT domain. However, not every DCT block can be obtained: we call those blocks incompatible. In particular, incompatibility can happen when DCT coefficients are manually modified to embed a message. We show that the problem of distinguishing compatible blocks from incompatible ones is an inverse problem with or without solution and we propose two different methods to solve it. The first one is heuristic-based, fast to find a solution if it exists. The second is formulated as an Integer Linear Programming problem and can detect incompatible blocks only for a specific DCT transform in a reasonable amount of time. We show that the probability for a block to become incompatible only relies on the number of modifications. Finally, using the heuristic algorithm we can derive a Likelihood Ratio Test depending on the number of compatible blocks per image to perform steganalysis. We simulate the result of this test and show that it outperforms a deep learning detector e-SRNet for every payload between 0.001 and 0.01 bpp by using only 10% of the blocks from �$bf 256times 256$ � images. A Selection-Channel-Aware version of the test is even more powerful and outperforms e-SRNet while using only 1% of the blocks.
{"title":"Finding Incompatible Blocks for Reliable JPEG Steganalysis","authors":"Etienne Levecque;Jan Butora;Patrick Bas","doi":"10.1109/TIFS.2024.3470650","DOIUrl":"10.1109/TIFS.2024.3470650","url":null,"abstract":"This article presents a refined notion of incompatible JPEG images for a quality factor of 100. It can detect the presence of steganographic schemes embedding in DCT coefficients. We show that, within the JPEG pipeline, the combination of the DCT transform with the quantization function can map several blocks in the pixel domain to the same block in the DCT domain. However, not every DCT block can be obtained: we call those blocks incompatible. In particular, incompatibility can happen when DCT coefficients are manually modified to embed a message. We show that the problem of distinguishing compatible blocks from incompatible ones is an inverse problem with or without solution and we propose two different methods to solve it. The first one is heuristic-based, fast to find a solution if it exists. The second is formulated as an Integer Linear Programming problem and can detect incompatible blocks only for a specific DCT transform in a reasonable amount of time. We show that the probability for a block to become incompatible only relies on the number of modifications. Finally, using the heuristic algorithm we can derive a Likelihood Ratio Test depending on the number of compatible blocks per image to perform steganalysis. We simulate the result of this test and show that it outperforms a deep learning detector e-SRNet for every payload between 0.001 and 0.01 bpp by using only 10% of the blocks from \u0000<inline-formula> <tex-math>$bf 256times 256$ </tex-math></inline-formula>\u0000 images. A Selection-Channel-Aware version of the test is even more powerful and outperforms e-SRNet while using only 1% of the blocks.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9467-9479"},"PeriodicalIF":6.3,"publicationDate":"2024-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142360467","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Non-orthogonal multiple access (NOMA) has been recognized as a promising multiple access technique for enhanced spectral efficiency in the current and next-generation wireless networks. In this paper, we examine a realistic NOMA model where users, assisted by a regenerative relay, cannot be fully trusted. We address the challenge of ensuring secure access for these users while accounting for the error propagation in successive interference cancellation (SIC) during the decoding process. For such, we formulate and solve two optimization problems, viz. maximizing the minimum secrecy rate of the users and maximizing the sum secrecy rate of the users, while accounting for SIC errors and the constraint on the power budget. For each case, we derive the optimal power allocation solution to achieve positive secrecy rates despite imperfect SIC. Simulation results provide key insights on the obtained secrecy rates and power allocations, factoring in residual interference. The joint optimal solution for the decoding order and power allocation is compared with different benchmark schemes: optimal decoding order and equal power allocation, fixed decoding order and equal power allocation, fixed decoding order and optimal power allocation, and optimal decoding order and channel-based power allocation. Our proposed framework demonstrates average performance gains of about 47.62 dB, 50.79 dB, 54.02 dB and 39.83 dB over these schemes and, hence, the fact that the proposed framework can substantially improve the secrecy performance.
在当前和下一代无线网络中,非正交多址接入(NOMA)已被认为是一种很有前途的多址接入技术,可提高频谱效率。在本文中,我们研究了一个现实的 NOMA 模型,在该模型中,用户在再生中继的协助下无法完全信任。我们要解决的难题是,既要确保这些用户的安全接入,又要考虑到解码过程中连续干扰消除(SIC)的误差传播。为此,我们提出并解决了两个优化问题,即最大化用户最小保密率和最大化用户总保密率,同时考虑 SIC 误差和功率预算约束。针对每种情况,我们都会推导出最优功率分配方案,以便在 SIC 不完善的情况下实现正保密率。仿真结果为所获得的保密率和功率分配提供了重要启示,同时考虑到了残余干扰。解码顺序和功率分配的联合最优解与不同的基准方案进行了比较:最优解码顺序和相等功率分配、固定解码顺序和相等功率分配、固定解码顺序和最优功率分配,以及最优解码顺序和基于信道的功率分配。与这些方案相比,我们提出的框架的平均性能分别提高了约 47.62 dB、50.79 dB、54.02 dB 和 39.83 dB,因此,我们提出的框架可以大幅提高保密性能。
{"title":"Power Allocation and Decoding Order Selection for Secrecy Fairness in Downlink Cooperative NOMA With Untrusted Receivers Under Imperfect SIC","authors":"Insha Amin;Deepak Mishra;Ravikant Saini;Sonia Aïssa","doi":"10.1109/TIFS.2024.3471429","DOIUrl":"10.1109/TIFS.2024.3471429","url":null,"abstract":"Non-orthogonal multiple access (NOMA) has been recognized as a promising multiple access technique for enhanced spectral efficiency in the current and next-generation wireless networks. In this paper, we examine a realistic NOMA model where users, assisted by a regenerative relay, cannot be fully trusted. We address the challenge of ensuring secure access for these users while accounting for the error propagation in successive interference cancellation (SIC) during the decoding process. For such, we formulate and solve two optimization problems, viz. maximizing the minimum secrecy rate of the users and maximizing the sum secrecy rate of the users, while accounting for SIC errors and the constraint on the power budget. For each case, we derive the optimal power allocation solution to achieve positive secrecy rates despite imperfect SIC. Simulation results provide key insights on the obtained secrecy rates and power allocations, factoring in residual interference. The joint optimal solution for the decoding order and power allocation is compared with different benchmark schemes: optimal decoding order and equal power allocation, fixed decoding order and equal power allocation, fixed decoding order and optimal power allocation, and optimal decoding order and channel-based power allocation. Our proposed framework demonstrates average performance gains of about 47.62 dB, 50.79 dB, 54.02 dB and 39.83 dB over these schemes and, hence, the fact that the proposed framework can substantially improve the secrecy performance.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9406-9418"},"PeriodicalIF":6.3,"publicationDate":"2024-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142360466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-30DOI: 10.1109/TIFS.2024.3470651
Kaiqing Lin;Bin Li;Weixiang Li;Mauro Barni;Benedetta Tondi;Xulong Liu
The effectiveness of deep learning-based steganalyzers is significantly compromised by adversarial steganography. In response to this challenge, recent efforts have been devoted to identifying distinct traces of adversarial perturbations, yet they have overlooked the inherently adversarial robustness required in steganalyzers. This paper aims to develop a steganalytic model that defends against adversarial steganography by increasing the difficulty of generating adversarial stego images. To achieve this objective, the techniques of learning neighboring feature relationships and self-adversarial adjustment are proposed with three essential modules. The first one, named K-times Dropout Neighboring Feature Transformer (KDNFT), is designed to accept a set of neighboring features obtained by dropout as input. Based on the finding that K-times dropout neighboring features have different distributions for covers and adversarial stegos, KDNFT effectively learns to exploit the relationships among these features for adversarial steganalysis. To facilitate adversarial training, which is an effective way to improve intrinsic robustness, the second module called Pseudo Adversarial Stego Generator (PASG) is proposed to synthesize samples for training. The third module is a Test-time Active Perturbation (TAP) module that adjusts the results of adversarial stego samples close to the decision boundary in a self-adversarial way. Extensive experiments demonstrate that our method achieves improvements in steganalyzing various kinds of adversarial steganographic methods.
{"title":"Constructing an Intrinsically Robust Steganalyzer via Learning Neighboring Feature Relationships and Self-Adversarial Adjustment","authors":"Kaiqing Lin;Bin Li;Weixiang Li;Mauro Barni;Benedetta Tondi;Xulong Liu","doi":"10.1109/TIFS.2024.3470651","DOIUrl":"10.1109/TIFS.2024.3470651","url":null,"abstract":"The effectiveness of deep learning-based steganalyzers is significantly compromised by adversarial steganography. In response to this challenge, recent efforts have been devoted to identifying distinct traces of adversarial perturbations, yet they have overlooked the inherently adversarial robustness required in steganalyzers. This paper aims to develop a steganalytic model that defends against adversarial steganography by increasing the difficulty of generating adversarial stego images. To achieve this objective, the techniques of learning neighboring feature relationships and self-adversarial adjustment are proposed with three essential modules. The first one, named K-times Dropout Neighboring Feature Transformer (KDNFT), is designed to accept a set of neighboring features obtained by dropout as input. Based on the finding that K-times dropout neighboring features have different distributions for covers and adversarial stegos, KDNFT effectively learns to exploit the relationships among these features for adversarial steganalysis. To facilitate adversarial training, which is an effective way to improve intrinsic robustness, the second module called Pseudo Adversarial Stego Generator (PASG) is proposed to synthesize samples for training. The third module is a Test-time Active Perturbation (TAP) module that adjusts the results of adversarial stego samples close to the decision boundary in a self-adversarial way. Extensive experiments demonstrate that our method achieves improvements in steganalyzing various kinds of adversarial steganographic methods.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9390-9405"},"PeriodicalIF":6.3,"publicationDate":"2024-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142360468","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-30DOI: 10.1109/TIFS.2024.3471185
Stefano Tomasin;Tarek N. M. M. Elwakeel;Anna Valeria Guglielmi;Robin Maes;Nele Noels;Marc Moeneclaey
Physical-layer authentication (PLA) mechanisms exploit signals exchanged at the physical layer of communication systems to confirm the sender of a received message. In this paper, we propose a novel challenge-response PLA (CR-PLA) mechanism for a cellular system that leverages the reconfigurability property of a reconfigurable intelligent surface (RIS) (under the control of the verifier) in an authentication mechanism. In CR-PLA, the verifier base station (BS) sets a random RIS configuration, which remains secret to the intruder, and then checks that the resulting estimated channel is modified correspondingly. In fact, for a message sent by an attacker in a different location than the legitimate user equipment (UE), the BS will estimate a different channel and the message will be rejected as fake. Such a solution reduces the communication and computational overhead with respect to higher-layer cryptographic authentication. We derive the maximum a-posteriori attack when the attacker observes a correlated channel and the reconfigurable intelligent surface (RIS) has many elements, and the attacker transmits to Bob either directly or through the RIS. Using a generalized likelihood ratio test to test the authenticity at the base station (BS), we derive approximate expressions of the false alarm and misdetection probabilities when both the BS and the UE have a single antenna each, while the RIS has a large number of elements. We also evaluate the trade-off between security and communication performance, since choosing a random RIS configuration reduces the data rate. Moreover, we investigate the impact of various parameters (e.g., the RIS randomness, the number of RIS elements, and the operating signal-to-noise ratio) on security and communication performance.
{"title":"Analysis of Challenge-Response Authentication With Reconfigurable Intelligent Surfaces","authors":"Stefano Tomasin;Tarek N. M. M. Elwakeel;Anna Valeria Guglielmi;Robin Maes;Nele Noels;Marc Moeneclaey","doi":"10.1109/TIFS.2024.3471185","DOIUrl":"10.1109/TIFS.2024.3471185","url":null,"abstract":"Physical-layer authentication (PLA) mechanisms exploit signals exchanged at the physical layer of communication systems to confirm the sender of a received message. In this paper, we propose a novel challenge-response PLA (CR-PLA) mechanism for a cellular system that leverages the reconfigurability property of a reconfigurable intelligent surface (RIS) (under the control of the verifier) in an authentication mechanism. In CR-PLA, the verifier base station (BS) sets a random RIS configuration, which remains secret to the intruder, and then checks that the resulting estimated channel is modified correspondingly. In fact, for a message sent by an attacker in a different location than the legitimate user equipment (UE), the BS will estimate a different channel and the message will be rejected as fake. Such a solution reduces the communication and computational overhead with respect to higher-layer cryptographic authentication. We derive the maximum a-posteriori attack when the attacker observes a correlated channel and the reconfigurable intelligent surface (RIS) has many elements, and the attacker transmits to Bob either directly or through the RIS. Using a generalized likelihood ratio test to test the authenticity at the base station (BS), we derive approximate expressions of the false alarm and misdetection probabilities when both the BS and the UE have a single antenna each, while the RIS has a large number of elements. We also evaluate the trade-off between security and communication performance, since choosing a random RIS configuration reduces the data rate. Moreover, we investigate the impact of various parameters (e.g., the RIS randomness, the number of RIS elements, and the operating signal-to-noise ratio) on security and communication performance.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9494-9507"},"PeriodicalIF":6.3,"publicationDate":"2024-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10700780","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142360470","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-30DOI: 10.1109/TIFS.2024.3471080
Anand Agrawal;Rajib Ranjan Maiti
IoT provisioning is a critical phase in IoT communication, where a number of security parameters are exchanged that are used both in this phase and later. Due to the headless nature of IoT devices, the exchange of these parameters faces challenges of balancing security and convenience. Some proprietary (e.g., “SmartConfig” by Texas Instruments) and open de-facto standards (e.g., AP mode and EZ mode by Tuya Inc.) are proposed to address these challenges, leaving scopes for certain vendor-specific settings. The analysis of vulnerability and threats thereby is a challenging task due to the lack of a common model of IoT provisioning in commercial IoT devices over Wi-Fi AP mode and EZ mode. In this paper, we propose a model using a sequence diagram for such provisioning and fuse seven research questions (RQs) to discover vendor-agnostic vulnerabilities. We develop a system, called iTieProbe to resolve the RQs. We discover six non-trivial potential vulnerabilities, identified as �$mathcal {V}1$ � to �$mathcal {V}6$ �. We evaluate the efficacy of testing these six vulnerabilities using iTieProbe by applying it to nine commercial IoT devices that include seven types, like a smart plug, IoT doorbell, spy bulb, smart speaker, spy clock, smart camera, and air quality monitor. We show that using iTieProbe, among others, an attacker can find �$mathcal {V}1$ � - leads to access neighbor’s Wi-Fi AP - in five devices, �$mathcal {V}3$ � and �$mathcal {V}4$ � in three devices, and �$mathcal {V}5$ � and �$mathcal {V}6$ � - both lead to successful provisioning using either an expired authentication token or a valid token belonging to an attacker - in three devices. We have reported all these vulnerabilities to respective vendors via email and received acknowledgment from some of them with three registered vulnerability (CVE-2024-7408, CVE-2024-46040, CVE-2024-46041). The average runtime of iTieProbe to test a vulnerability of any individual IoT provisioning is about 48.95 seconds, which is much less than the provisioning itself (typically in the range of a few minutes). We believe that our revelation can help the vendors or the developers of these IoT devices to fix the security vulnerabilities in their implementations of the provisioning.
物联网配置是物联网通信的一个关键阶段,在这一阶段和之后都要交换大量安全参数。由于物联网设备的无头性质,这些参数的交换面临着平衡安全性和便利性的挑战。为应对这些挑战,提出了一些专有标准(如德州仪器公司的 "SmartConfig")和开放的事实标准(如图雅公司的 AP 模式和 EZ 模式),为某些特定供应商的设置留出了余地。由于缺乏通过 Wi-Fi AP 模式和 EZ 模式在商用物联网设备中进行物联网配置的通用模型,因此分析漏洞和威胁是一项具有挑战性的任务。在本文中,我们提出了一个使用序列图进行此类配置的模型,并融合了七个研究问题(RQ),以发现与供应商无关的漏洞。我们开发了一个名为 iTieProbe 的系统来解决 RQs。我们发现了六个非实质性的潜在漏洞,分别为 $mathcal {V}1$ 至 $mathcal {V}6$ 。我们通过将 iTieProbe 应用于九个商业物联网设备(包括七种类型,如智能插头、物联网门铃、间谍灯泡、智能扬声器、间谍时钟、智能摄像头和空气质量监测器)来评估使用 iTieProbe 测试这六个漏洞的效果。我们发现,使用iTieProbe,攻击者可以在五台设备中发现$mathcal {V}1$--导致访问邻居的Wi-Fi AP,在三台设备中发现$mathcal {V}3$和$mathcal {V}4$,在三台设备中发现$mathcal {V}5$和$mathcal {V}6$--导致使用过期的认证令牌或属于攻击者的有效令牌成功配置。我们已通过电子邮件向相关供应商报告了所有这些漏洞,并收到了其中一些供应商的确认,其中有三个漏洞已注册(CVE-2024-7408、CVE-2024-46040、CVE-2024-46041)。iTieProbe 测试任何单个物联网配置漏洞的平均运行时间约为 48.95 秒,远远少于配置本身的时间(通常在几分钟左右)。我们相信,我们的启示可以帮助这些物联网设备的供应商或开发人员修复他们在实现配置时存在的安全漏洞。
{"title":"iTieProbe: How Vulnerable Your IoT Provisioning via Wi-Fi AP Mode or EZ Mode?","authors":"Anand Agrawal;Rajib Ranjan Maiti","doi":"10.1109/TIFS.2024.3471080","DOIUrl":"10.1109/TIFS.2024.3471080","url":null,"abstract":"IoT provisioning is a critical phase in IoT communication, where a number of security parameters are exchanged that are used both in this phase and later. Due to the headless nature of IoT devices, the exchange of these parameters faces challenges of balancing security and convenience. Some proprietary (e.g., “SmartConfig” by Texas Instruments) and open de-facto standards (e.g., AP mode and EZ mode by Tuya Inc.) are proposed to address these challenges, leaving scopes for certain vendor-specific settings. The analysis of vulnerability and threats thereby is a challenging task due to the lack of a common model of IoT provisioning in commercial IoT devices over Wi-Fi AP mode and EZ mode. In this paper, we propose a model using a sequence diagram for such provisioning and fuse seven research questions (RQs) to discover vendor-agnostic vulnerabilities. We develop a system, called iTieProbe to resolve the RQs. We discover six non-trivial potential vulnerabilities, identified as \u0000<inline-formula> <tex-math>$mathcal {V}1$ </tex-math></inline-formula>\u0000 to \u0000<inline-formula> <tex-math>$mathcal {V}6$ </tex-math></inline-formula>\u0000. We evaluate the efficacy of testing these six vulnerabilities using iTieProbe by applying it to nine commercial IoT devices that include seven types, like a smart plug, IoT doorbell, spy bulb, smart speaker, spy clock, smart camera, and air quality monitor. We show that using iTieProbe, among others, an attacker can find \u0000<inline-formula> <tex-math>$mathcal {V}1$ </tex-math></inline-formula>\u0000 - leads to access neighbor’s Wi-Fi AP - in five devices, \u0000<inline-formula> <tex-math>$mathcal {V}3$ </tex-math></inline-formula>\u0000 and \u0000<inline-formula> <tex-math>$mathcal {V}4$ </tex-math></inline-formula>\u0000 in three devices, and \u0000<inline-formula> <tex-math>$mathcal {V}5$ </tex-math></inline-formula>\u0000 and \u0000<inline-formula> <tex-math>$mathcal {V}6$ </tex-math></inline-formula>\u0000 - both lead to successful provisioning using either an expired authentication token or a valid token belonging to an attacker - in three devices. We have reported all these vulnerabilities to respective vendors via email and received acknowledgment from some of them with three registered vulnerability (CVE-2024-7408, CVE-2024-46040, CVE-2024-46041). The average runtime of iTieProbe to test a vulnerability of any individual IoT provisioning is about 48.95 seconds, which is much less than the provisioning itself (typically in the range of a few minutes). We believe that our revelation can help the vendors or the developers of these IoT devices to fix the security vulnerabilities in their implementations of the provisioning.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10058-10070"},"PeriodicalIF":6.3,"publicationDate":"2024-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142360469","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-30DOI: 10.1109/TIFS.2024.3471074
Joohee Lee;Hansol Ryu;Minju Lee;Jaehui Park
In IEEE TIFS 2023, NTRU+ has been proposed, an efficient lattice-based post-quantum Key Encapsulation Mechanism (KEM), which has also been submitted to the KpqC competition. In this paper, we propose an effective classical chosen ciphertext attack to recover the transmitted session key for NTRU+ with all but negligible probability for the first time. With the proposed attacks, we show that all the suggested parameters of NTRU+ do not satisfy the claimed IND-CCA security. Moreover, we elaborate on some flaws in the security proof, a part of which introduces our attack. We also suggest a way to modify the NTRU+ scheme to defend our attack while maintaining its practical performance.
{"title":"Cryptanalysis on “NTRU+: Compact Construction of NTRU Using Simple Encoding Method”","authors":"Joohee Lee;Hansol Ryu;Minju Lee;Jaehui Park","doi":"10.1109/TIFS.2024.3471074","DOIUrl":"10.1109/TIFS.2024.3471074","url":null,"abstract":"In IEEE TIFS 2023, NTRU+ has been proposed, an efficient lattice-based post-quantum Key Encapsulation Mechanism (KEM), which has also been submitted to the KpqC competition. In this paper, we propose an effective classical chosen ciphertext attack to recover the transmitted session key for NTRU+ with all but negligible probability for the first time. With the proposed attacks, we show that all the suggested parameters of NTRU+ do not satisfy the claimed IND-CCA security. Moreover, we elaborate on some flaws in the security proof, a part of which introduces our attack. We also suggest a way to modify the NTRU+ scheme to defend our attack while maintaining its practical performance.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9508-9517"},"PeriodicalIF":6.3,"publicationDate":"2024-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142360489","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-27DOI: 10.1109/TIFS.2024.3469820
Guanxiong Shen;Junqing Zhang;Xuyu Wang;Shiwen Mao
Radio frequency fingerprint identification (RFFI) is a promising physical layer authentication technique that utilizes the unique impairments within the analog front-end of transmitters as distinct identifiers. State-of-the-art RFFI systems are frequently powered by deep learning, which requires extensive training data to ensure satisfactory performance. However, current RFFI studies suffer from a severe lack of training data, which poses challenges in achieving high identification accuracy. In this paper, we propose a federated RFFI system that is particularly suitable for Internet of Things (IoT) networks, which holds a high potential to address the data scarcity challenge in RFFI development. Specifically, all the receivers in an IoT network can pre-train a deep learning-driven feature extractor in a federated and unsupervised manner. Subsequently, a new client can perform fine-tuning on the basis of the pre-trained feature extractor to activate its RFFI functionality. Extensive experimental evaluation was carried out, involving 60 commercial off-the-shelf (COTS) LoRa transmitters and six software-defined radio (SDR) receivers. The experimental results demonstrate that the federated RFFI protocol can effectively improve the identification accuracy from 63% to 95%, and is robust to receiver hardware and location variations.
{"title":"Federated Radio Frequency Fingerprint Identification Powered by Unsupervised Contrastive Learning","authors":"Guanxiong Shen;Junqing Zhang;Xuyu Wang;Shiwen Mao","doi":"10.1109/TIFS.2024.3469820","DOIUrl":"10.1109/TIFS.2024.3469820","url":null,"abstract":"Radio frequency fingerprint identification (RFFI) is a promising physical layer authentication technique that utilizes the unique impairments within the analog front-end of transmitters as distinct identifiers. State-of-the-art RFFI systems are frequently powered by deep learning, which requires extensive training data to ensure satisfactory performance. However, current RFFI studies suffer from a severe lack of training data, which poses challenges in achieving high identification accuracy. In this paper, we propose a federated RFFI system that is particularly suitable for Internet of Things (IoT) networks, which holds a high potential to address the data scarcity challenge in RFFI development. Specifically, all the receivers in an IoT network can pre-train a deep learning-driven feature extractor in a federated and unsupervised manner. Subsequently, a new client can perform fine-tuning on the basis of the pre-trained feature extractor to activate its RFFI functionality. Extensive experimental evaluation was carried out, involving 60 commercial off-the-shelf (COTS) LoRa transmitters and six software-defined radio (SDR) receivers. The experimental results demonstrate that the federated RFFI protocol can effectively improve the identification accuracy from 63% to 95%, and is robust to receiver hardware and location variations.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9204-9215"},"PeriodicalIF":6.3,"publicationDate":"2024-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142328812","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cyberattacks have caused significant damage and losses in various domains. While existing attack investigations against cyberattacks focus on identifying compromised system entities and reconstructing attack stories, there is a lack of information that security analysts can use to locate software vulnerabilities and thus fix them. In this paper, we present AiVl, a novel software vulnerability location method to push the attack investigation further. AiVl relies on logs collected by the default built-in system auditing tool and program binaries within the system. Given a sequence of malicious log entries obtained through traditional attack investigations, AiVl can identify the functions responsible for generating these logs and trace the corresponding function call paths, namely the location of vulnerabilities in the source code. To achieve this, AiVl proposes an accurate, concise, and complete specific-domain program modeling that constructs all system call flows by static-dynamic techniques from the binary, and develops effective matching-based algorithms between the log sequences and program models. To evaluate the effectiveness of AiVl, we conduct experiments on 18 real-world attack scenarios and an APT, covering comprehensive categories of vulnerabilities and program execution classes. The results show that compared to actual vulnerability remediation reports, AiVl achieves a 100% precision and an average recall of 90%. Besides, the runtime overhead is reasonable, averaging at 7%.
{"title":"The Last Mile of Attack Investigation: Audit Log Analysis Toward Software Vulnerability Location","authors":"Changhua Chen;Tingzhen Yan;Chenxuan Shi;Hao Xi;Zhirui Fan;Hai Wan;Xibin Zhao","doi":"10.1109/TIFS.2024.3459616","DOIUrl":"10.1109/TIFS.2024.3459616","url":null,"abstract":"Cyberattacks have caused significant damage and losses in various domains. While existing attack investigations against cyberattacks focus on identifying compromised system entities and reconstructing attack stories, there is a lack of information that security analysts can use to locate software vulnerabilities and thus fix them. In this paper, we present AiVl, a novel software vulnerability location method to push the attack investigation further. AiVl relies on logs collected by the default built-in system auditing tool and program binaries within the system. Given a sequence of malicious log entries obtained through traditional attack investigations, AiVl can identify the functions responsible for generating these logs and trace the corresponding function call paths, namely the location of vulnerabilities in the source code. To achieve this, AiVl proposes an accurate, concise, and complete specific-domain program modeling that constructs all system call flows by static-dynamic techniques from the binary, and develops effective matching-based algorithms between the log sequences and program models. To evaluate the effectiveness of AiVl, we conduct experiments on 18 real-world attack scenarios and an APT, covering comprehensive categories of vulnerabilities and program execution classes. The results show that compared to actual vulnerability remediation reports, AiVl achieves a 100% precision and an average recall of 90%. Besides, the runtime overhead is reasonable, averaging at 7%.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9566-9581"},"PeriodicalIF":6.3,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142325533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-26DOI: 10.1109/TIFS.2024.3468898
Huafeng Qin;Zhipeng Xiong;Yantao Li;Mounim A. El-Yacoubi;Jun Wang
Finger-vein biometrics has recently gained significant attention due to its robust privacy and high security features. Despite notable advancements, most existing methods focus on extracting features from a 2-dimensional (2D) image projected from 3D vein vessels with a single view. However, recognition based on a single view is prone to errors due to variations in finger positioning, especially those caused by finger roll movements, which can degrade recognition performance. To address this challenge, we propose ABLSTM-TSVT, an Attention Bidirectional LSTM-based Temporal-Spatial Vein Transformer for multi-view finger-vein recognition. First, we enhance LSTM with an attention mechanism to create an attention LSTM for extracting temporal features. We further improve this by introducing a local attention module, which learns temporal dependencies between a patch (token) and its adjacent patches across multiple views, integrating it with the attention LSTM to form a temporal attention module. Second, we develop a spatial attention module that captures the spatial dependencies of patches within an image. Finally, merging the temporal and the spatial attention modules, we create our temporal-spatial transformer model, which effectively represents features from multi-view images. Experimental results on two multi-view datasets demonstrate that our approach outperforms state-of-the-art approaches in enhancing identification accuracy and reducing verification errors in vein classifiers.
{"title":"Attention BLSTM-Based Temporal-Spatial Vein Transformer for Multi-View Finger-Vein Recognition","authors":"Huafeng Qin;Zhipeng Xiong;Yantao Li;Mounim A. El-Yacoubi;Jun Wang","doi":"10.1109/TIFS.2024.3468898","DOIUrl":"10.1109/TIFS.2024.3468898","url":null,"abstract":"Finger-vein biometrics has recently gained significant attention due to its robust privacy and high security features. Despite notable advancements, most existing methods focus on extracting features from a 2-dimensional (2D) image projected from 3D vein vessels with a single view. However, recognition based on a single view is prone to errors due to variations in finger positioning, especially those caused by finger roll movements, which can degrade recognition performance. To address this challenge, we propose ABLSTM-TSVT, an Attention Bidirectional LSTM-based Temporal-Spatial Vein Transformer for multi-view finger-vein recognition. First, we enhance LSTM with an attention mechanism to create an attention LSTM for extracting temporal features. We further improve this by introducing a local attention module, which learns temporal dependencies between a patch (token) and its adjacent patches across multiple views, integrating it with the attention LSTM to form a temporal attention module. Second, we develop a spatial attention module that captures the spatial dependencies of patches within an image. Finally, merging the temporal and the spatial attention modules, we create our temporal-spatial transformer model, which effectively represents features from multi-view images. Experimental results on two multi-view datasets demonstrate that our approach outperforms state-of-the-art approaches in enhancing identification accuracy and reducing verification errors in vein classifiers.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9330-9343"},"PeriodicalIF":6.3,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142325261","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-26DOI: 10.1109/TIFS.2024.3468903
Xiaojuan Cheng;Lu-Xing Yang;Qingyi Zhu;Chenquan Gan;Xiaofan Yang;Gang Li
Cyber propaganda wars significantly impact users on Online Social Networks (OSNs), potentially altering their psychological/ideological attitudes and behaviors. Understanding these behavioral dynamics necessitates models that can effectively capture the propagation of dual competitive information, encompassing both propaganda and counter-propaganda campaigns by both conflicting parties. However, current models do not adequately account for competitive information spreading in dual setting and it lacks efficient strategies for managing both propaganda and counter-propaganda investments. To bridge these gaps, our study presents an innovative netwORked dIfferENTial gAme wiTh hybrId cONtrol (ORIENTATION) framework that integrates differential game with 1) a degree-based network model characterizing the spreading dynamics of dual competitive information for both parties; and 2) a dual hybrid control mechanism consisting of investment rates by continuous-time propaganda and discrete-time counter-propaganda. Using this framework, we formulate the Hybrid-contrOlled Differential GamE (HODGE) problem. We theoretically derive the necessary conditions for Nash equilibrium, and develop an iterative algorithm, termed the �HODGE� algorithm, to numerically approximate the Nash equilibrium. Our experiments, performed on different groups of OSNs, reveal that the resulting strategy profiles consistently outperform several alternative profiles in terms of cost-effectiveness. Scalability assessment for the �HODGE� algorithm is then carried out on OSNs with different scales, demonstrating its strong performance in terms of computational efficiency, scalability and practicability. Additional experimental results suggest that a decrease in the lower bounds of the investment rates in both propaganda and counter-propaganda campaigns and an early implementation of counter-propaganda strategies can significantly enhance cost-effectiveness, offering strategic insights for those engaged in cyber propaganda war.
网络宣传战对在线社交网络(OSN)上的用户产生了重大影响,可能会改变他们的心理/意识形态态度和行为。要了解这些行为动态,就必须建立能有效捕捉双重竞争信息传播的模型,其中包括冲突双方的宣传和反宣传活动。然而,目前的模型并不能充分解释双重背景下的竞争信息传播,也缺乏管理宣传和反宣传投资的有效策略。为了弥补这些不足,我们的研究提出了一个创新的网络博弈与混合控制(ORIENTATION)框架,该框架将微分博弈与 1)表征双方双重竞争信息传播动态的基于度的网络模型;以及 2)由连续时间宣传和离散时间反宣传投资率组成的双重混合控制机制整合在一起。利用这一框架,我们提出了混合控制差分伽马问题(Hybrid-contrOlled Differential GamE,HODGE)。我们从理论上推导出了纳什均衡的必要条件,并开发了一种称为 HODGE 算法的迭代算法,用于数值逼近纳什均衡。我们在不同组别的 OSN 上进行的实验表明,所得出的策略配置文件在成本效益方面始终优于其他几种配置文件。随后,我们在不同规模的 OSN 上对 HODGE 算法的可扩展性进行了评估,结果表明该算法在计算效率、可扩展性和实用性方面表现出色。其他实验结果表明,降低宣传和反宣传活动的投资率下限以及尽早实施反宣传策略,可以显著提高成本效益,为参与网络宣传战的人员提供战略启示。
{"title":"Cost-Effective Hybrid Control Strategies for Dynamical Propaganda War Game","authors":"Xiaojuan Cheng;Lu-Xing Yang;Qingyi Zhu;Chenquan Gan;Xiaofan Yang;Gang Li","doi":"10.1109/TIFS.2024.3468903","DOIUrl":"10.1109/TIFS.2024.3468903","url":null,"abstract":"Cyber propaganda wars significantly impact users on Online Social Networks (OSNs), potentially altering their psychological/ideological attitudes and behaviors. Understanding these behavioral dynamics necessitates models that can effectively capture the propagation of dual competitive information, encompassing both propaganda and counter-propaganda campaigns by both conflicting parties. However, current models do not adequately account for competitive information spreading in dual setting and it lacks efficient strategies for managing both propaganda and counter-propaganda investments. To bridge these gaps, our study presents an innovative netwORked dIfferENTial gAme wiTh hybrId cONtrol (ORIENTATION) framework that integrates differential game with 1) a degree-based network model characterizing the spreading dynamics of dual competitive information for both parties; and 2) a dual hybrid control mechanism consisting of investment rates by continuous-time propaganda and discrete-time counter-propaganda. Using this framework, we formulate the Hybrid-contrOlled Differential GamE (HODGE) problem. We theoretically derive the necessary conditions for Nash equilibrium, and develop an iterative algorithm, termed the \u0000<monospace>HODGE</monospace>\u0000 algorithm, to numerically approximate the Nash equilibrium. Our experiments, performed on different groups of OSNs, reveal that the resulting strategy profiles consistently outperform several alternative profiles in terms of cost-effectiveness. Scalability assessment for the \u0000<monospace>HODGE</monospace>\u0000 algorithm is then carried out on OSNs with different scales, demonstrating its strong performance in terms of computational efficiency, scalability and practicability. Additional experimental results suggest that a decrease in the lower bounds of the investment rates in both propaganda and counter-propaganda campaigns and an early implementation of counter-propaganda strategies can significantly enhance cost-effectiveness, offering strategic insights for those engaged in cyber propaganda war.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9789-9802"},"PeriodicalIF":6.3,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142325263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: