Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346264
Lyue Li, Amir Rezapour, Wen-Guey Tzeng
In this paper we propose a novel black-box adversarial attack by using the reinforcement learning to learn the characteristics of the target classifier C. Our method does not need to find a substitute classifier that resembles $C$ with respect to its structure and parameters. Instead, our method learns an optimal attacking policy of guiding the attacker to build an adversarial image from the original image. We work on the feature space of images, instead of the pixels of images directly. Our method achieves better results on many measures. Our method achieves 94.5 % attack success rate on a well-trained digit classifier. Our adversarial images have better imperceptibility even though the norm distances to original images are larger than other methods. Since our method works on the characteristics of a classifier, it has better transferability. The transfer rate of our method could reach 52.1 % for a targeted class and 65.9% for a non-targeted class. This improves over previous results of single-digit transfer rates. Also, we show that it is harder to defend our attack by incorporating defense mechanisms, such as MagNet, which uses a denoising technique. We show that our method achieves 65% attack success rate even though the target classifier employs MagNet to defend.
{"title":"A Black-Box Adversarial Attack via Deep Reinforcement Learning on the Feature Space","authors":"Lyue Li, Amir Rezapour, Wen-Guey Tzeng","doi":"10.1109/DSC49826.2021.9346264","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346264","url":null,"abstract":"In this paper we propose a novel black-box adversarial attack by using the reinforcement learning to learn the characteristics of the target classifier C. Our method does not need to find a substitute classifier that resembles $C$ with respect to its structure and parameters. Instead, our method learns an optimal attacking policy of guiding the attacker to build an adversarial image from the original image. We work on the feature space of images, instead of the pixels of images directly. Our method achieves better results on many measures. Our method achieves 94.5 % attack success rate on a well-trained digit classifier. Our adversarial images have better imperceptibility even though the norm distances to original images are larger than other methods. Since our method works on the characteristics of a classifier, it has better transferability. The transfer rate of our method could reach 52.1 % for a targeted class and 65.9% for a non-targeted class. This improves over previous results of single-digit transfer rates. Also, we show that it is harder to defend our attack by incorporating defense mechanisms, such as MagNet, which uses a denoising technique. We show that our method achieves 65% attack success rate even though the target classifier employs MagNet to defend.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132674101","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346252
Yalian Qian, Xueya Xia, Jian Shen
The cyber-physical-social system (CPSS) is a three-layer system framework that combines the human society on the basis of the cyber-physical system (CPS), so that the human society, the cyber world and the physical world are interconnected. In the CPSS, similar profile attributes are matched to socialize and ultimately achieve the purpose of information sharing. However, some personal information may be included in the profile attributes, thus the users' privacy cannot be protected during the process. To meet this challenge, a privacy-preserving profile matching scheme based on private set intersection is proposed in this paper. Multi-tag is utilized to partition the dataset of users to achieve fine-grained profile matching. In addition, the privacy of users is protected by re-encryption technique. Security analysis shows that our scheme is secure against the semi-honest adversary and theoretical analysis of the experiment shows that that the scheme is efficient for profile matching in the CPSS.
{"title":"A Profile Matching Scheme based on Private Set Intersection for Cyber-Physical-Social Systems","authors":"Yalian Qian, Xueya Xia, Jian Shen","doi":"10.1109/DSC49826.2021.9346252","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346252","url":null,"abstract":"The cyber-physical-social system (CPSS) is a three-layer system framework that combines the human society on the basis of the cyber-physical system (CPS), so that the human society, the cyber world and the physical world are interconnected. In the CPSS, similar profile attributes are matched to socialize and ultimately achieve the purpose of information sharing. However, some personal information may be included in the profile attributes, thus the users' privacy cannot be protected during the process. To meet this challenge, a privacy-preserving profile matching scheme based on private set intersection is proposed in this paper. Multi-tag is utilized to partition the dataset of users to achieve fine-grained profile matching. In addition, the privacy of users is protected by re-encryption technique. Security analysis shows that our scheme is secure against the semi-honest adversary and theoretical analysis of the experiment shows that that the scheme is efficient for profile matching in the CPSS.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125850591","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.
{"title":"Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay","authors":"Yu-Hsin Hung, Bing-Jhong Jheng, Hong-Wei Li, Wen-Yang Lai, S. Mallissery, Yu-Sung Wu","doi":"10.1109/DSC49826.2021.9346239","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346239","url":null,"abstract":"Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116819520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346257
Xueya Xia, S. Ji
Smart grid is not only related to the revolution in the power system, It will also drive the transformation of the mode of production and development of the whole society. In smart grid, the electricity data from users needs to be collected to realize efficient energy management, which may reveal their privacy. The existing researches on protecting privacy of users mainly focus on data aggregation. These solutions protect users' privacy at the expense of acquiring their fine-grained electricity data. However, fine-grained electricity data is significant for smart grid to perform many functions, such as debugging configuration problems, developing optimal energy use strategies, etc. To solve this problem, an anonymous authentication scheme based on non-interactive zero knowledge (NIZK) is proposed. The scheme ensures operation center (OC) to acquire fine-grained electricity data from users while protect their privacy. The experimental simulation indicates that the proposal is practical and applicable to large-scale user clusters.
{"title":"An Efficient Anonymous Authentication Scheme for Privacy-preserving in Smart Grid","authors":"Xueya Xia, S. Ji","doi":"10.1109/DSC49826.2021.9346257","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346257","url":null,"abstract":"Smart grid is not only related to the revolution in the power system, It will also drive the transformation of the mode of production and development of the whole society. In smart grid, the electricity data from users needs to be collected to realize efficient energy management, which may reveal their privacy. The existing researches on protecting privacy of users mainly focus on data aggregation. These solutions protect users' privacy at the expense of acquiring their fine-grained electricity data. However, fine-grained electricity data is significant for smart grid to perform many functions, such as debugging configuration problems, developing optimal energy use strategies, etc. To solve this problem, an anonymous authentication scheme based on non-interactive zero knowledge (NIZK) is proposed. The scheme ensures operation center (OC) to acquire fine-grained electricity data from users while protect their privacy. The experimental simulation indicates that the proposal is practical and applicable to large-scale user clusters.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134523060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346249
Yang Zhao, Ankang Ruan, Guohang Dan, Jicheng Huang, Yi Ding
Recently, efficient fine-grained access mechanism has been studied as a main concern in cloud storage area for several years. Attribute-based signcryption (ABSC) which is logical combination of attribute-based encryption(ABE) and attribute-based signature(ABS), can provide confidentiality, authenticity for sensitive data and anonymous authentication. At the same time it is more efficient than previous “encrypt-then-sign” and “sign-then-encrypt” patterns. However, most of the existing ABSC schemes fail to serve for real scenario of multiple authorities and have heavy communication overhead and computing overhead. Hence, we construct a novel ABSC scheme realizing multi-authority access control and constant-size ciphertext that does not depend on the number of attributes or authorities. Furthermore, our scheme provides public verifiability of the ciphertext and privacy protection for the signcryptor. Specially, it is proven to be secure in the standard model, including ciphertext indistinguishability under adaptive chosen ciphertext attacks and existential unforgeability under adaptive chosen message attack.
{"title":"Efficient Multi-Authority Attribute-based Signcryption with Constant-Size Ciphertext","authors":"Yang Zhao, Ankang Ruan, Guohang Dan, Jicheng Huang, Yi Ding","doi":"10.1109/DSC49826.2021.9346249","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346249","url":null,"abstract":"Recently, efficient fine-grained access mechanism has been studied as a main concern in cloud storage area for several years. Attribute-based signcryption (ABSC) which is logical combination of attribute-based encryption(ABE) and attribute-based signature(ABS), can provide confidentiality, authenticity for sensitive data and anonymous authentication. At the same time it is more efficient than previous “encrypt-then-sign” and “sign-then-encrypt” patterns. However, most of the existing ABSC schemes fail to serve for real scenario of multiple authorities and have heavy communication overhead and computing overhead. Hence, we construct a novel ABSC scheme realizing multi-authority access control and constant-size ciphertext that does not depend on the number of attributes or authorities. Furthermore, our scheme provides public verifiability of the ciphertext and privacy protection for the signcryptor. Specially, it is proven to be secure in the standard model, including ciphertext indistinguishability under adaptive chosen ciphertext attacks and existential unforgeability under adaptive chosen message attack.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130201040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346246
Hiroaki Kikuchi, Kazuki Eto, Kazushi Waki, Takafumi Mori
This work studies a vulnerability in privacy visors, new wearable devices that aim to prevent unauthorized face recognition from being performed. Although the use of a privacy visor assumes that the detectors' targets are uncovered bare faces, it is not hard to detect the privacy visor itself. To quantify the effects of the disruption and the vulnerability, we conducted experiments involving two major face-recognition algorithms, namely a method based on convolutional neural networks and a method that aims to identify coordinates of facial landscapes. Our experiments were able to demonstrate that using a privacy visor can reduce the mean face-recognition rates for both algorithms. However, they are less effective if faces with privacy visors are used in training. Faces with privacy visors is detected at a rate of 42.28 % on average.
{"title":"Vulnerability of Privacy Visor Used to Disrupt Unauthorized Face Recognition","authors":"Hiroaki Kikuchi, Kazuki Eto, Kazushi Waki, Takafumi Mori","doi":"10.1109/DSC49826.2021.9346246","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346246","url":null,"abstract":"This work studies a vulnerability in privacy visors, new wearable devices that aim to prevent unauthorized face recognition from being performed. Although the use of a privacy visor assumes that the detectors' targets are uncovered bare faces, it is not hard to detect the privacy visor itself. To quantify the effects of the disruption and the vulnerability, we conducted experiments involving two major face-recognition algorithms, namely a method based on convolutional neural networks and a method that aims to identify coordinates of facial landscapes. Our experiments were able to demonstrate that using a privacy visor can reduce the mean face-recognition rates for both algorithms. However, they are less effective if faces with privacy visors are used in training. Faces with privacy visors is detected at a rate of 42.28 % on average.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125850248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Malware evolves quickly as new attack, evasion and mutation techniques are commonly used by hackers to build new malicious malware families. For malware detection and classification, multi-class learning model is one of the most popular machine learning models being used. To recognize malicious programs, multi-class model requires malware types to be predefined as output classes in advance which cannot be dynamically adjusted after the model is trained. When a new variant or type of malicious programs is discovered, the trained multi-class model will be no longer valid and have to be retrained completely. This consumes a significant amount of time and resources, and cannot adapt quickly to meet the timely requirement in dealing with dynamically evolving malware types. To cope with the problem, an evolvable malware classification deep learning model, namely EC-Model, is proposed in this paper which can dynamically adapt to new malware types without the need of fully retraining. Consequently, the reaction time can be significantly reduced to meet the timely requirement of malware classification. To our best knowledge, our work is the first attempt to adopt multi-task, deep learning for evolvable malware classification.
{"title":"EC-Model: An Evolvable Malware Classification Model","authors":"Shan-Hsin Lee, Shen-Chieh Lan, Hsiu-Chuan Huang, Chia-Wei Hsu, Yung-Shiu Chen, S. Shieh","doi":"10.1109/DSC49826.2021.9346248","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346248","url":null,"abstract":"Malware evolves quickly as new attack, evasion and mutation techniques are commonly used by hackers to build new malicious malware families. For malware detection and classification, multi-class learning model is one of the most popular machine learning models being used. To recognize malicious programs, multi-class model requires malware types to be predefined as output classes in advance which cannot be dynamically adjusted after the model is trained. When a new variant or type of malicious programs is discovered, the trained multi-class model will be no longer valid and have to be retrained completely. This consumes a significant amount of time and resources, and cannot adapt quickly to meet the timely requirement in dealing with dynamically evolving malware types. To cope with the problem, an evolvable malware classification deep learning model, namely EC-Model, is proposed in this paper which can dynamically adapt to new malware types without the need of fully retraining. Consequently, the reaction time can be significantly reduced to meet the timely requirement of malware classification. To our best knowledge, our work is the first attempt to adopt multi-task, deep learning for evolvable malware classification.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128074585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346274
Qingfeng Zhu, S. Ji, Qi Liu
Recently, the smart road tolling system has drawn significant attention from researchers and industries. However, how to guarantee the geolocation privacy of vehicles and prevent drivers from behaving incorrectly at the same time remains a challenging task. In this paper, a reliable and secure road tolling system is proposed. The vehicle's routes information are encrypted and uploaded to the roadside units, which then forwards to the traffic control centre for further tolling. For malicious vehicles, the traffic control centre has the capability to compare data collected from roadside units and video surveillance cameras to analysis whether it behave incorrectly. The security analysis and experiment yield the robustness of the proposed scheme in comparison to the existing approaches.
{"title":"Privacy-Preserving Smart Road Pricing System in Smart Cities","authors":"Qingfeng Zhu, S. Ji, Qi Liu","doi":"10.1109/DSC49826.2021.9346274","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346274","url":null,"abstract":"Recently, the smart road tolling system has drawn significant attention from researchers and industries. However, how to guarantee the geolocation privacy of vehicles and prevent drivers from behaving incorrectly at the same time remains a challenging task. In this paper, a reliable and secure road tolling system is proposed. The vehicle's routes information are encrypted and uploaded to the roadside units, which then forwards to the traffic control centre for further tolling. For malicious vehicles, the traffic control centre has the capability to compare data collected from roadside units and video surveillance cameras to analysis whether it behave incorrectly. The security analysis and experiment yield the robustness of the proposed scheme in comparison to the existing approaches.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131678585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346256
Shoma Tanaka, T. Matsunaka, A. Yamada, A. Kubota
The number of phishing sites is increasing and becoming a problem. General phishing sites often have very short lives. Phishers are thought to construct phishing sites using tools such as phishing kits. Phishing sites constructed using the same tools have similar website structures. We propose a new method based on the similarity of website structure information defined by the types and sizes of web resources that make up these websites. Our method can detect phishing sites that is not registered with blocklists or do not have similar URL strings with targeting legitimate sites. In addition, our method can identify phishing sites that differed in appearance but have similar website structures. Our method is particularly effective for detecting phishing sites constructed by the same phishers or using the same tools, as our method identifies structural similarity between websites. We conducted an evaluation to confirm the correctness of our assumption using phishing sites constructed using phishing kits and the PhishTank dataset. We found a large number of phishing sites that were structurally similar to phishing sites constructed using phishing kits. We applied our method to web access logs provided by ordinary Japanese citizens, and detected some unknown phishing sites. We have also examined the possibility of improving our method based on the importance of web resources, determined using the number of occurrences in web access logs.
{"title":"Phishing Site Detection Using Similarity of Website Structure","authors":"Shoma Tanaka, T. Matsunaka, A. Yamada, A. Kubota","doi":"10.1109/DSC49826.2021.9346256","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346256","url":null,"abstract":"The number of phishing sites is increasing and becoming a problem. General phishing sites often have very short lives. Phishers are thought to construct phishing sites using tools such as phishing kits. Phishing sites constructed using the same tools have similar website structures. We propose a new method based on the similarity of website structure information defined by the types and sizes of web resources that make up these websites. Our method can detect phishing sites that is not registered with blocklists or do not have similar URL strings with targeting legitimate sites. In addition, our method can identify phishing sites that differed in appearance but have similar website structures. Our method is particularly effective for detecting phishing sites constructed by the same phishers or using the same tools, as our method identifies structural similarity between websites. We conducted an evaluation to confirm the correctness of our assumption using phishing sites constructed using phishing kits and the PhishTank dataset. We found a large number of phishing sites that were structurally similar to phishing sites constructed using phishing kits. We applied our method to web access logs provided by ordinary Japanese citizens, and detected some unknown phishing sites. We have also examined the possibility of improving our method based on the importance of web resources, determined using the number of occurrences in web access logs.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131716365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-30DOI: 10.1109/DSC49826.2021.9346247
Chun-I Fan, Yi-Fan Tseng, Cheng-Chun Feng
Attribute-based encryption (ABE) is an access control mechanism where a sender encrypts messages according to an attribute set for multiple receivers. With fine-grained access control, it has been widely applied to cloud storage and file sharing systems. In such a mechanism, it is a challenge to achieve the revocation efficiently on a specific user since different users may share common attributes. Thus, dynamic membership is a critical issue to discuss. On the other hand, most works on LSSS-based ABE do not address the situation about threshold on the access structure, and it lowers the diversity of access policies. This manuscript presents an efficient attribute-based encryption scheme with dynamic membership by using LSSS. The proposed scheme can implement threshold gates in the access structure. Furthermore, it is the first ABE supporting complete dynamic membership that achieves the CCA security in the standard model, i.e. without the assumption of random oracles.
{"title":"CCA-Secure Attribute-Based Encryption Supporting Dynamic Membership in the Standard Model","authors":"Chun-I Fan, Yi-Fan Tseng, Cheng-Chun Feng","doi":"10.1109/DSC49826.2021.9346247","DOIUrl":"https://doi.org/10.1109/DSC49826.2021.9346247","url":null,"abstract":"Attribute-based encryption (ABE) is an access control mechanism where a sender encrypts messages according to an attribute set for multiple receivers. With fine-grained access control, it has been widely applied to cloud storage and file sharing systems. In such a mechanism, it is a challenge to achieve the revocation efficiently on a specific user since different users may share common attributes. Thus, dynamic membership is a critical issue to discuss. On the other hand, most works on LSSS-based ABE do not address the situation about threshold on the access structure, and it lowers the diversity of access policies. This manuscript presents an efficient attribute-based encryption scheme with dynamic membership by using LSSS. The proposed scheme can implement threshold gates in the access structure. Furthermore, it is the first ABE supporting complete dynamic membership that achieves the CCA security in the standard model, i.e. without the assumption of random oracles.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"194 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122599271","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: