Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346267
Chien‐Ming Chen, Zhuoyu Tie, E. Wang, Kuo-Hui Yeh, Wensheng Gan, S. H. Islam
Searchable symmetric encryption performs satisfactorily in protecting the privacy of outsourced data in cloud storage scenarios because it encrypts data and provides a secure way of searching on the ciphertext. Dynamic searchable symmetric encryption is designed to support insertion and deletion of outsourced data. However, insertion may cause information leakage of updated keywords. Thus, forward privacy is proposed to limit the leakage of insertion, and it has become an important security attribute for dynamic schemes. The existing dynamic searchable symmetric encryption schemes with forward privacy are mainly based on two approaches, re-build index with fresh key and token with state information. However, both approaches have their constraint and advantages. In this paper, we first proposed a new highly versatile reinforcement approach. The proposed approach is easy to implement. Besides, we minimized the loss of efficiency by setting a small threshold value. In order to demonstrate that the proposed approach is effective, we utilize our approaches to improve EDMRS scheme. Security and performance analysis show that the improved scheme with the proposed approach is still satisfy the forward privacy without a significant loss of performance.
{"title":"A Reinforced Dynamic Multi-keyword Ranked Search with Forward Privacy","authors":"Chien‐Ming Chen, Zhuoyu Tie, E. Wang, Kuo-Hui Yeh, Wensheng Gan, S. H. Islam","doi":"10.1109/DSC49826.2021.9346267","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346267","url":null,"abstract":"Searchable symmetric encryption performs satisfactorily in protecting the privacy of outsourced data in cloud storage scenarios because it encrypts data and provides a secure way of searching on the ciphertext. Dynamic searchable symmetric encryption is designed to support insertion and deletion of outsourced data. However, insertion may cause information leakage of updated keywords. Thus, forward privacy is proposed to limit the leakage of insertion, and it has become an important security attribute for dynamic schemes. The existing dynamic searchable symmetric encryption schemes with forward privacy are mainly based on two approaches, re-build index with fresh key and token with state information. However, both approaches have their constraint and advantages. In this paper, we first proposed a new highly versatile reinforcement approach. The proposed approach is easy to implement. Besides, we minimized the loss of efficiency by setting a small threshold value. In order to demonstrate that the proposed approach is effective, we utilize our approaches to improve EDMRS scheme. Security and performance analysis show that the improved scheme with the proposed approach is still satisfy the forward privacy without a significant loss of performance.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125585479","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346229
Wei-Chieh Chao, Chung-Kuan Chen, Chen-Mou Cheng
In this paper, we present an automatic static tool CryFind to identify cryptographic algorithms in a binary executable. Our main strategy is using string match to search for cryptographic constants and API names. To expand our search range and improve our hit rate, our tool matches strings under different encodings and XOR'ed with different keys, as well as incorporates techniques to extract strings on stack. As a result, we have a more effective and efficient detection tool compared with a wide range of state-of-the-art static analysis tools.
{"title":"Cryfind: Using Static Analysis to Identify Cryptographic Algorithms in Binary Executables","authors":"Wei-Chieh Chao, Chung-Kuan Chen, Chen-Mou Cheng","doi":"10.1109/DSC49826.2021.9346229","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346229","url":null,"abstract":"In this paper, we present an automatic static tool CryFind to identify cryptographic algorithms in a binary executable. Our main strategy is using string match to search for cryptographic constants and API names. To expand our search range and improve our hit rate, our tool matches strings under different encodings and XOR'ed with different keys, as well as incorporates techniques to extract strings on stack. As a result, we have a more effective and efficient detection tool compared with a wide range of state-of-the-art static analysis tools.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116732546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346255
Takato Hirano, Yutaka Kawai, Yoshihiro Koseki
Searchable symmetric encryption enables users with the secret key to conduct keyword search on encrypted data without decryption. Recently, dynamic searchable symmetric encryption (DSSE) which provides secure functionalities for adding or deleting documents has been studied extensively. Many DSSE schemes construct indexes in order to efficiently conduct keyword search. On the other hand, the indexes constructed in DSSE are complicated and independent to indexes supported by database management systems (DBMSs). Plug-in developments over DBMSs are often restricted, and therefore it is not easy to develop softwares which can deploy DSSE schemes to DBMSs. In this paper, we propose a DBMS-friendly searchable symmetric encryption scheme which can generate indexes suitable for DBMSs. Our index can narrow down encrypted data which should be conducted keyword search, and be combined with well-used indexes supported by many DBMSs. Our index consists of a small portion of an output value of a cryptographic deterministic function (e.g. pseudo-random function or hash function). We also show an experiment result of our scheme deployed to DBMSs.
{"title":"DBMS-Friendly Searchable Symmetric Encryption: Constructing Index Generation Suitable for Database Management Systems","authors":"Takato Hirano, Yutaka Kawai, Yoshihiro Koseki","doi":"10.1109/DSC49826.2021.9346255","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346255","url":null,"abstract":"Searchable symmetric encryption enables users with the secret key to conduct keyword search on encrypted data without decryption. Recently, dynamic searchable symmetric encryption (DSSE) which provides secure functionalities for adding or deleting documents has been studied extensively. Many DSSE schemes construct indexes in order to efficiently conduct keyword search. On the other hand, the indexes constructed in DSSE are complicated and independent to indexes supported by database management systems (DBMSs). Plug-in developments over DBMSs are often restricted, and therefore it is not easy to develop softwares which can deploy DSSE schemes to DBMSs. In this paper, we propose a DBMS-friendly searchable symmetric encryption scheme which can generate indexes suitable for DBMSs. Our index can narrow down encrypted data which should be conducted keyword search, and be combined with well-used indexes supported by many DBMSs. Our index consists of a small portion of an output value of a cryptographic deterministic function (e.g. pseudo-random function or hash function). We also show an experiment result of our scheme deployed to DBMSs.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129815624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346231
Ruisi Wu, Wen-Kang Jia, Xufang Wang
Software-Defined Networking (SDN) has obtained a lot of attention in the last decade and has played a significant role in the development of next-generation networks (NGN). IP networks can also benefit from the SDN evolution to fulfill the data traffic booming. However, the transition of the traditional networking model to SDN architectures poses scalability issues due to the possible flow entry explosion in SDN switches. The limited size of flow-table of SDN switches is not sufficient to handle thousands upon thousands of flows in a large-scale IP network. On the other hand, the interleaved allocation of non-contiguous IP addresses also leads to inefficient routing aggregation and reduces the feasibility of the serious implementation of SDN severely. Therefore, we propose an aggressive flow aggregation scheme-Destination Address Translation and Source-Port Translation on Demand (DATSPToD), which is based on the modified address and port rewriting. DATSPToD enables the aggregation of flow entries in SDNs by translating the destination addresses of multiple same-destination flows with different-source into one flow entry, thus significantly reducing the volume of flow-table occupancy of core-layer SDN switches, even in freely scattered IP address space environments. Simulation results show that DATSPToD outperforms non-aggregation and both wildcard aggregation schemes for a significant reduction of the flow-table occupancy under varied traffic patterns and topologies, especially in large-scale SDNs such as the Internet during the SDN migration period.
{"title":"Header-Translation based Flow Aggregation for Scattered Address Allocating SDNs","authors":"Ruisi Wu, Wen-Kang Jia, Xufang Wang","doi":"10.1109/DSC49826.2021.9346231","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346231","url":null,"abstract":"Software-Defined Networking (SDN) has obtained a lot of attention in the last decade and has played a significant role in the development of next-generation networks (NGN). IP networks can also benefit from the SDN evolution to fulfill the data traffic booming. However, the transition of the traditional networking model to SDN architectures poses scalability issues due to the possible flow entry explosion in SDN switches. The limited size of flow-table of SDN switches is not sufficient to handle thousands upon thousands of flows in a large-scale IP network. On the other hand, the interleaved allocation of non-contiguous IP addresses also leads to inefficient routing aggregation and reduces the feasibility of the serious implementation of SDN severely. Therefore, we propose an aggressive flow aggregation scheme-Destination Address Translation and Source-Port Translation on Demand (DATSPToD), which is based on the modified address and port rewriting. DATSPToD enables the aggregation of flow entries in SDNs by translating the destination addresses of multiple same-destination flows with different-source into one flow entry, thus significantly reducing the volume of flow-table occupancy of core-layer SDN switches, even in freely scattered IP address space environments. Simulation results show that DATSPToD outperforms non-aggregation and both wildcard aggregation schemes for a significant reduction of the flow-table occupancy under varied traffic patterns and topologies, especially in large-scale SDNs such as the Internet during the SDN migration period.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121288860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346234
Albert Guan, Chia-Mei Chen
User name and password are one of the most commonly used authentication mechanisms in information systems and social networks. Strong passwords are secure, but not easy to memorize; users may choose passwords that are easy to remember as well as easy to be compromised. Therefore, online password guessing attacks becomes a major security threat in information systems and social networks. It is a challenge to provide a reliable user authentication solution that allows legitimate access and prevents password guessing attacks. Our preliminary study observed the fact that legal users know what passwords they have chosen, while attackers can only guess what they are. The proposed solution applies information theory and compares the entropy discrepancy between the passwords entered by the user and attacker. The password entropy is calculated by accumulating the frequencies of the entered characters, not the password itself. The experimental results show that, even if the user selects a common password, the proposed authentication method can distinguish between legitimate users and attackers effectively and efficiently.
{"title":"A Novel Verification scheme for Resisting Password Guessing Attacks","authors":"Albert Guan, Chia-Mei Chen","doi":"10.1109/DSC49826.2021.9346234","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346234","url":null,"abstract":"User name and password are one of the most commonly used authentication mechanisms in information systems and social networks. Strong passwords are secure, but not easy to memorize; users may choose passwords that are easy to remember as well as easy to be compromised. Therefore, online password guessing attacks becomes a major security threat in information systems and social networks. It is a challenge to provide a reliable user authentication solution that allows legitimate access and prevents password guessing attacks. Our preliminary study observed the fact that legal users know what passwords they have chosen, while attackers can only guess what they are. The proposed solution applies information theory and compares the entropy discrepancy between the passwords entered by the user and attacker. The password entropy is calculated by accumulating the frequencies of the entered characters, not the password itself. The experimental results show that, even if the user selects a common password, the proposed authentication method can distinguish between legitimate users and attackers effectively and efficiently.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124446614","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346278
Nahid Bandi, Hesam Tajbakhsh, M. Analoui
Distributed denial of service attacks are still one of the greatest threats for computer systems and networks. We propose an intelligent moving target solution against DDOS flooding attacks. Our solution will use a fast-flux approach combined with moving target techniques to increase attack cost and complexity by bringing dynamics and randomization in network address space. It continually increases attack costs and makes it harder and almost infeasible for botnets to launch an attack. Along with performing selective proxy server replication and shuffling clients among this proxy, our solution can successfully separate and isolate attackers from benign clients and mitigate large-scale and complex flooding attacks. Our approach effectively stops both network and application-layer attacks at a minimum cost. However, while we try to make prevalent attack launches difficult and expensive for Bot Masters, this approach is good enough to combat zero-day attacks, too. Using DNS capabilities to change IP addresses frequently along with the proxy servers included in the proposed architecture, it is possible to hide the original server address from the attacker and invalidate the data attackers gathered during the reconnaissance phase of attack and make them repeat this step over and over. Our simulations demonstrate that we can mitigate large-scale attacks with minimum possible cost and overhead.
{"title":"FastMove: Fast IP switching Moving Target Defense to mitigate DDOS Attacks","authors":"Nahid Bandi, Hesam Tajbakhsh, M. Analoui","doi":"10.1109/DSC49826.2021.9346278","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346278","url":null,"abstract":"Distributed denial of service attacks are still one of the greatest threats for computer systems and networks. We propose an intelligent moving target solution against DDOS flooding attacks. Our solution will use a fast-flux approach combined with moving target techniques to increase attack cost and complexity by bringing dynamics and randomization in network address space. It continually increases attack costs and makes it harder and almost infeasible for botnets to launch an attack. Along with performing selective proxy server replication and shuffling clients among this proxy, our solution can successfully separate and isolate attackers from benign clients and mitigate large-scale and complex flooding attacks. Our approach effectively stops both network and application-layer attacks at a minimum cost. However, while we try to make prevalent attack launches difficult and expensive for Bot Masters, this approach is good enough to combat zero-day attacks, too. Using DNS capabilities to change IP addresses frequently along with the proxy servers included in the proposed architecture, it is possible to hide the original server address from the attacker and invalidate the data attackers gathered during the reconnaissance phase of attack and make them repeat this step over and over. Our simulations demonstrate that we can mitigate large-scale attacks with minimum possible cost and overhead.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134482356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346265
Tatsuhiro Fukuda, Kazumasa Omote
The number of Internet of Things (IoT) devices has increased recently and will increase further in the future. IoT devices are vulnerable, so vendors update and distribute firmware. At the time of firmware distribution, a huge number of IoT devices may connect to the firmware server and excessive network traffic may occur. Consequently, a method using a peer-to-peer file sharing system and a blockchain has been proposed. One study proposed an update scheme considering incentives for distributors to help with updating. However, this method requires the IoT devices, which have limited processing power, to decrypt encrypted files, and the distribution nodes to pay the transaction cost. This paper proposes a firmware distribution method that provides incentives for distributors to help with distribution to reduce the gas costs, using a smart contract and access control based on update records. The additional computations performed by IoT devices and distributors key management were reduced compared to those in previous studies by using access control instead of encryption. Further, the proposed approach was implemented and evaluated using a Raspberry Pi and laptop. The evaluation demonstrated that the gas cost per update was successfully lowered compared to the costs in previous studies.
{"title":"Efficient Blockchain-based IoT Firmware Update Considering Distribution Incentives","authors":"Tatsuhiro Fukuda, Kazumasa Omote","doi":"10.1109/DSC49826.2021.9346265","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346265","url":null,"abstract":"The number of Internet of Things (IoT) devices has increased recently and will increase further in the future. IoT devices are vulnerable, so vendors update and distribute firmware. At the time of firmware distribution, a huge number of IoT devices may connect to the firmware server and excessive network traffic may occur. Consequently, a method using a peer-to-peer file sharing system and a blockchain has been proposed. One study proposed an update scheme considering incentives for distributors to help with updating. However, this method requires the IoT devices, which have limited processing power, to decrypt encrypted files, and the distribution nodes to pay the transaction cost. This paper proposes a firmware distribution method that provides incentives for distributors to help with distribution to reduce the gas costs, using a smart contract and access control based on update records. The additional computations performed by IoT devices and distributors key management were reduced compared to those in previous studies by using access control instead of encryption. Further, the proposed approach was implemented and evaluated using a Raspberry Pi and laptop. The evaluation demonstrated that the gas cost per update was successfully lowered compared to the costs in previous studies.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133801124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346233
Hongxun Huang, Zi-Yuan Liu, R. Tso
Blind signatures allow a user to obtain a signature without revealing message information to the signer. However, in many cases, the signer must record additional information relevant to the signature. Therefore, the concept of partially blind signature is introduced that enables the signer to obtain some information from the signed message. With the development of blockchain technology, users increasingly use Bitcoin for purchases and transactions with coin providers. Some studies have indicated that Elliptic Curve Digital Signature Algorithm (ECDSA)-based blind signatures are compatible with Bitcoin because they prevent the linking of sensitive information due to the untamability of Bitcoin. However, these approaches are not sufficiently flexible because blind signatures do not allow the signer to obtain any information. Here, we propose an ECDSA-based partially blind signature scheme. Security proofs are provided to demonstrate that the proposed scheme have satisfactory unforgeability and blindness. To the best of our knowledge, compared with other state-of-the-art schemes, our scheme is the first ECDSA-based partially blind signature scheme compatible with the current Bitcoin protocol.
{"title":"Partially Blind ECDSA Scheme and Its Application to Bitcoin","authors":"Hongxun Huang, Zi-Yuan Liu, R. Tso","doi":"10.1109/DSC49826.2021.9346233","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346233","url":null,"abstract":"Blind signatures allow a user to obtain a signature without revealing message information to the signer. However, in many cases, the signer must record additional information relevant to the signature. Therefore, the concept of partially blind signature is introduced that enables the signer to obtain some information from the signed message. With the development of blockchain technology, users increasingly use Bitcoin for purchases and transactions with coin providers. Some studies have indicated that Elliptic Curve Digital Signature Algorithm (ECDSA)-based blind signatures are compatible with Bitcoin because they prevent the linking of sensitive information due to the untamability of Bitcoin. However, these approaches are not sufficiently flexible because blind signatures do not allow the signer to obtain any information. Here, we propose an ECDSA-based partially blind signature scheme. Security proofs are provided to demonstrate that the proposed scheme have satisfactory unforgeability and blindness. To the best of our knowledge, compared with other state-of-the-art schemes, our scheme is the first ECDSA-based partially blind signature scheme compatible with the current Bitcoin protocol.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"95 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116891255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346251
Feihong Yin, Li Yang, Yuchen Wang, Jiahao Dai
The past decades have seen the rapid development of Internet of Things (IoT) in various domains. Identifying the IoT devices connected to the network is a crucial aspect of network security. However, existing work on identifying IoT devices based on manually extracted features and prior knowledge, leading to low efficiency and identification accuracy. In this paper, we propose an automatic end-to-end IoT device identification method (IoT ETEI) based on CNN+BiLSTM deep learning model, which outperforms traditional methods from the perspective of overhead and identify accuracy. We demonstrate the effectiveness and flexibility of the proposed method by deploying IoT ETEI in the face of identifying IoT devices on public datasets with the accuracy rate over 99 %, even for IoT devices that use encryption protocols.
{"title":"IoT ETEI: End-to-End IoT Device Identification Method","authors":"Feihong Yin, Li Yang, Yuchen Wang, Jiahao Dai","doi":"10.1109/DSC49826.2021.9346251","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346251","url":null,"abstract":"The past decades have seen the rapid development of Internet of Things (IoT) in various domains. Identifying the IoT devices connected to the network is a crucial aspect of network security. However, existing work on identifying IoT devices based on manually extracted features and prior knowledge, leading to low efficiency and identification accuracy. In this paper, we propose an automatic end-to-end IoT device identification method (IoT ETEI) based on CNN+BiLSTM deep learning model, which outperforms traditional methods from the perspective of overhead and identify accuracy. We demonstrate the effectiveness and flexibility of the proposed method by deploying IoT ETEI in the face of identifying IoT devices on public datasets with the accuracy rate over 99 %, even for IoT devices that use encryption protocols.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129041401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346238
Junqing Lu, Rongxin Qi, Jian Shen
Group signature is a cryptography primitive that has been widely researched. It strikes a balance between digital signature and the user's demand for anonymity. A valid member in the group can generate a signature on behalf of the whole group. The public can only know that it was provided by a valid group member and learn nothing about the actual identity of the signer when verifying a group signature. Backes et al pointed out that the existing dynamic group signature schemes implicitly assume that the membership of everyone in the group is open to the public. Thus, they put forward a property called membership privacy for dynamic group signature. In this paper, we design a dynamic group signature scheme with membership privacy on top of Signature Proofs of Knowledge (SPK) and BBS+ signature. Further more, dynamic accumulator mechanism is adopted to revoke a group member's authority to sign. Then, a security analysis demonstrates that the proposed group signature scheme satisfies join-leave privacy. Finally, quantitative analysis and experimental results show that the proposed group signature scheme achieves the fewer signature size and less computation overhead compared with Backes's scheme.
{"title":"A Novel Dynamic Group Signature with Membership Privacy","authors":"Junqing Lu, Rongxin Qi, Jian Shen","doi":"10.1109/DSC49826.2021.9346238","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346238","url":null,"abstract":"Group signature is a cryptography primitive that has been widely researched. It strikes a balance between digital signature and the user's demand for anonymity. A valid member in the group can generate a signature on behalf of the whole group. The public can only know that it was provided by a valid group member and learn nothing about the actual identity of the signer when verifying a group signature. Backes et al pointed out that the existing dynamic group signature schemes implicitly assume that the membership of everyone in the group is open to the public. Thus, they put forward a property called membership privacy for dynamic group signature. In this paper, we design a dynamic group signature scheme with membership privacy on top of Signature Proofs of Knowledge (SPK) and BBS+ signature. Further more, dynamic accumulator mechanism is adopted to revoke a group member's authority to sign. Then, a security analysis demonstrates that the proposed group signature scheme satisfies join-leave privacy. Finally, quantitative analysis and experimental results show that the proposed group signature scheme achieves the fewer signature size and less computation overhead compared with Backes's scheme.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115168173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: