Journal of Systems Architecture最新文献_第7页

An efficient and compatible authenticated key exchange protocol with leakage resilience for heterogeneous client–server environments 一种高效且兼容的身份验证密钥交换协议，具有针对异构客户机-服务器环境的泄漏弹性

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2025-11-11 DOI: 10.1016/j.sysarc.2025.103625

Ting-Chieh Ho, Yuh-Min Tseng, Sen-Shan Huang

An authenticated key exchange (AKE) protocol plays a critical role in public-key cryptography (PKC), providing essential mechanisms to establish secure communication and mutual authentication between communicating participants. Recently, to withstand side-channel attacks that allow adversaries to obtain partial information of private keys during computation rounds, some AKE protocols have been designed to provide leakage resilience. However, there has been limited work on AKE protocols with leakage resilience for client–server environments, and the existing protocols are suitable only for a single PKC, namely, both clients and a server are based on the same PKC. To overcome this limitation, we propose the first efficient and compatible authenticated key exchange protocol with leakage resilience for heterogeneous client–server environments (CAKE-LR). In the proposed protocol, clients can be heterogeneous PKC participants, namely, the public-key infrastructure PKC (PKI-PKC) or the identity-based PKC (ID-PKC). For security analysis, we provide formal security proofs in the generic bilinear group (GBG) model, based on security assumptions including the secure hash function (SHF), the discrete logarithm (DL), and the computational Diffie–Hellman (CDH) assumptions. Finally, performance evaluations and comparisons demonstrate that our protocol offers several advantages over the existing AKE protocols, making it well-suited for practical deployment in heterogeneous client–server environments.

认证密钥交换（AKE）协议在公钥密码学（PKC）中起着至关重要的作用，它提供了在通信参与者之间建立安全通信和相互认证的基本机制。最近，为了抵御允许攻击者在计算回合中获得私钥部分信息的侧信道攻击，一些AKE协议被设计为提供泄漏弹性。然而，在客户端-服务器环境中具有泄漏弹性的AKE协议方面的工作有限，现有协议仅适用于单个PKC，即客户端和服务器都基于相同的PKC。为了克服这一限制，我们提出了针对异构客户机-服务器环境（CAKE-LR）的第一个具有泄漏弹性的高效和兼容的身份验证密钥交换协议。在提出的协议中，客户端可以是异构PKC参与者，即公钥基础设施PKC （PKI-PKC）或基于身份的PKC （ID-PKC）。对于安全性分析，我们基于安全哈希函数（SHF）、离散对数（DL）和计算Diffie-Hellman （CDH）假设等安全假设，在一般双线性群（GBG）模型中提供形式化的安全性证明。最后，性能评估和比较表明，与现有的AKE协议相比，我们的协议提供了几个优势，使其非常适合在异构客户机-服务器环境中进行实际部署。

{"title":"An efficient and compatible authenticated key exchange protocol with leakage resilience for heterogeneous client–server environments","authors":"Ting-Chieh Ho, Yuh-Min Tseng, Sen-Shan Huang","doi":"10.1016/j.sysarc.2025.103625","DOIUrl":"10.1016/j.sysarc.2025.103625","url":null,"abstract":"<div><div>An authenticated key exchange (AKE) protocol plays a critical role in public-key cryptography (PKC), providing essential mechanisms to establish secure communication and mutual authentication between communicating participants. Recently, to withstand side-channel attacks that allow adversaries to obtain partial information of private keys during computation rounds, some AKE protocols have been designed to provide leakage resilience. However, there has been limited work on AKE protocols with leakage resilience for client–server environments, and the existing protocols are suitable only for a single PKC, namely, both clients and a server are based on the same PKC. To overcome this limitation, we propose the first efficient and compatible authenticated key exchange protocol with leakage resilience for heterogeneous client–server environments (CAKE-LR). In the proposed protocol, clients can be heterogeneous PKC participants, namely, the public-key infrastructure PKC (PKI-PKC) or the identity-based PKC (ID-PKC). For security analysis, we provide formal security proofs in the generic bilinear group (GBG) model, based on security assumptions including the secure hash function (SHF), the discrete logarithm (DL), and the computational Diffie–Hellman (CDH) assumptions. Finally, performance evaluations and comparisons demonstrate that our protocol offers several advantages over the existing AKE protocols, making it well-suited for practical deployment in heterogeneous client–server environments.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"170 ","pages":"Article 103625"},"PeriodicalIF":4.1,"publicationDate":"2025-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

LARDM: Lightweight and aggregation-driven real-time detection and mitigation of volumetric DDoS attacks in the programmable data plane LARDM：轻量级和聚合驱动的实时检测和缓解可编程数据平面上的海量DDoS攻击

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2025-11-10 DOI: 10.1016/j.sysarc.2025.103624

Yuansheng Luo , Hao Yang , Bing Xiong , Shi Qiu

With the accelerated deployment of AIoT (artificial intelligence of things), massive edge terminals and distributed sensing introduce high concurrency and bursty network loads. Resource-constrained devices are susceptible to hijacking and can be leveraged to form botnets, significantly amplifying the risk of volumetric DDoS (distributed denial-of-service) attacks. Traditional software-based defense schemes often struggle to meet line-rate and real-time requirements under large-scale attacks due to high processing latency and substantial resource consumption. To address this, this paper proposes LARDM—a DDoS detection and mitigation framework fully deployed on the programmable data plane. The framework is based on P4-programmable switches and comprises three core components: a burst stream filter, a stream feature collector, and a decision tree module, enabling real-time detection and accurate localization of volumetric DDoS attacks. The burst stream filter utilizes hash collision and probabilistic decay mechanisms to efficiently filter mice flows and focus resources on detecting potential attack streams; the stream feature collector captures key statistical features at multiple checkpoints; and the decision tree module performs lightweight inference directly in the data plane, reporting to the controller to issue blacklists, whitelists, and mitigation rules when the confidence level exceeds the threshold. The framework innovatively introduces Gini impurity to quantify network anomalies and performs flow aggregation based on suspicious source or destination IPs when anomalies are detected, significantly enhancing the tracking and localization of distributed attack sources. Experimental results show that LARDM achieves 90 % coverage of Top-K elephant flows on BMv2 programmable switches, with a flow classification accuracy of 99.3 %, outperforming existing data plane detection methods. The system can rapidly identify anomalies and initiate mitigation within a short window after an attack, effectively reducing the impact of attack traffic on network performance. The lightweight nature of the scheme is further validated by space complexity analysis, demonstrating its suitability for resource-constrained data planes.

随着物联网（AIoT）的加速部署，海量边缘终端和分布式感知带来了高并发性和突发性的网络负载。资源受限的设备很容易被劫持，并且可以用来形成僵尸网络，这大大增加了大规模DDoS（分布式拒绝服务）攻击的风险。传统的基于软件的防御方案由于处理延迟高、资源消耗大，往往难以满足大规模攻击下的线率和实时性要求。为了解决这个问题，本文提出了lardm -一个完全部署在可编程数据平面上的DDoS检测和缓解框架。该框架基于p4可编程交换机，包括三个核心组件：突发流滤波器、流特征收集器和决策树模块，能够实时检测和准确定位容量DDoS攻击。突发流过滤器利用哈希碰撞和概率衰减机制有效过滤小鼠流，集中资源检测潜在攻击流；流特征收集器在多个检查点捕获关键统计特征；决策树模块直接在数据平面中执行轻量级推理，当置信度超过阈值时，向控制器报告以发布黑名单、白名单和缓解规则。该框架创新性地引入基尼杂质来量化网络异常，并在检测到异常时基于可疑的源ip或目的ip进行流量聚合，显著增强了对分布式攻击源的跟踪和定位。实验结果表明，LARDM在BMv2可编程交换机上对Top-K大象流的覆盖率达到90%，流分类准确率达到99.3%，优于现有的数据平面检测方法。系统可以在攻击发生后的短时间内快速识别异常并进行缓解，有效降低攻击流量对网络性能的影响。空间复杂度分析进一步验证了该方案的轻量化特性，证明了其适用于资源受限的数据平面。

{"title":"LARDM: Lightweight and aggregation-driven real-time detection and mitigation of volumetric DDoS attacks in the programmable data plane","authors":"Yuansheng Luo , Hao Yang , Bing Xiong , Shi Qiu","doi":"10.1016/j.sysarc.2025.103624","DOIUrl":"10.1016/j.sysarc.2025.103624","url":null,"abstract":"<div><div>With the accelerated deployment of AIoT (artificial intelligence of things), massive edge terminals and distributed sensing introduce high concurrency and bursty network loads. Resource-constrained devices are susceptible to hijacking and can be leveraged to form botnets, significantly amplifying the risk of volumetric DDoS (distributed denial-of-service) attacks. Traditional software-based defense schemes often struggle to meet line-rate and real-time requirements under large-scale attacks due to high processing latency and substantial resource consumption. To address this, this paper proposes LARDM—a DDoS detection and mitigation framework fully deployed on the programmable data plane. The framework is based on P4-programmable switches and comprises three core components: a burst stream filter, a stream feature collector, and a decision tree module, enabling real-time detection and accurate localization of volumetric DDoS attacks. The burst stream filter utilizes hash collision and probabilistic decay mechanisms to efficiently filter mice flows and focus resources on detecting potential attack streams; the stream feature collector captures key statistical features at multiple checkpoints; and the decision tree module performs lightweight inference directly in the data plane, reporting to the controller to issue blacklists, whitelists, and mitigation rules when the confidence level exceeds the threshold. The framework innovatively introduces Gini impurity to quantify network anomalies and performs flow aggregation based on suspicious source or destination IPs when anomalies are detected, significantly enhancing the tracking and localization of distributed attack sources. Experimental results show that LARDM achieves 90 % coverage of Top-K elephant flows on BMv2 programmable switches, with a flow classification accuracy of 99.3 %, outperforming existing data plane detection methods. The system can rapidly identify anomalies and initiate mitigation within a short window after an attack, effectively reducing the impact of attack traffic on network performance. The lightweight nature of the scheme is further validated by space complexity analysis, demonstrating its suitability for resource-constrained data planes.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"170 ","pages":"Article 103624"},"PeriodicalIF":4.1,"publicationDate":"2025-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569892","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An FPGA-based accelerator design methodology for smart UAVs in precision agriculture: A case study 基于fpga的精准农业智能无人机加速器设计方法：案例研究

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2025-11-07 DOI: 10.1016/j.sysarc.2025.103592

Gianluca Bellocchi , Daniel Madronal , Alessandro Capotondi , Francesca Palumbo , Andrea Marongiu

Smart and Precision Agriculture (SPA) methods and technologies, such as autonomous robots, AI/ML, sensors, and actuators, enhance farming productivity by automating the retrieval of environmental parameters and the decision-making process, while Fog- and Edge-based paradigms enable more informed and responsive practices. Unmanned Aerial Vehicles (UAVs) can autonomously inspect crops and promptly cooperate with terrestrial vehicles to perform treatments, as recently demonstrated by the EU-funded COMP4DRONES (C4D) research project, focused on the provisioning of innovative UAV technologies for civilian applications. Modern companion-equipped UAVs leverage Heterogeneous Systems-on-Chip (HeSoCs) to execute complex on-board tasks. HeSoCs generally combine a general-purpose, multi-core processor with a domain-specific accelerator-rich subsystem, massively integrating application-specific accelerators. Field Programmable Gate Arrays (FPGAs) are ideal fabrics to attain high performance and energy efficiency because of their massively parallel, deeply pipelined, non-Von-Neumann processing logic and custom memory hierarchies. Automated hardware-software co-design methodologies, e.g., FPGA overlays and toolflows, largely simplify the design phases, including the optimization of the accelerator interfaces, such as the merging of redundant components to reduce area usage. In this context, our contribution consists of a System-Level Design (SLD) methodology for the design of overlay-based UAV companion computers, including a modular and scalable accelerator-rich RISC-V HeSoC, a heterogeneous software stack, and an automation toolchain to generate and integrate application-specific accelerators into our overlay. Our results show three optimized overlay variants targeting an UAV-based system employed in a SPA context. Experimental results denote improvements in performance and area usage, up to

18.5%

on a FPGA-based HeSoC with respect to traditional design flows.

智能和精准农业（SPA）方法和技术，如自主机器人、人工智能/机器学习、传感器和执行器，通过自动检索环境参数和决策过程来提高农业生产力，而基于雾和边缘的范例使实践更加明智和响应。最近，欧盟资助的COMP4DRONES （C4D）研究项目证明，无人机（UAV）可以自主检查作物，并迅速与地面车辆合作进行处理，该项目专注于为民用应用提供创新的无人机技术。现代同伴装备的无人机利用异构系统芯片（HeSoCs）来执行复杂的机载任务。hesoc通常将一个通用的多核处理器与一个特定领域的富含加速器的子系统相结合，大规模集成特定于应用程序的加速器。现场可编程门阵列（fpga）是实现高性能和高能效的理想结构，因为它们具有大规模并行，深度流水线，非冯-诺伊曼处理逻辑和自定义内存层次结构。自动化软硬件协同设计方法，例如FPGA覆盖和工具流，极大地简化了设计阶段，包括加速器接口的优化，例如合并冗余组件以减少面积使用。在这种情况下，我们的贡献包括用于设计基于覆盖的无人机伴侣计算机的系统级设计（SLD）方法，包括模块化和可扩展的富含RISC-V加速器的HeSoC，异构软件堆栈和自动化工具链，以生成和集成应用特定的加速器到我们的覆盖中。我们的研究结果显示了针对SPA环境中采用的基于无人机的系统的三种优化覆盖变体。实验结果表明，与传统设计流程相比，基于fpga的HeSoC的性能和面积利用率提高了18.5%。

{"title":"An FPGA-based accelerator design methodology for smart UAVs in precision agriculture: A case study","authors":"Gianluca Bellocchi , Daniel Madronal , Alessandro Capotondi , Francesca Palumbo , Andrea Marongiu","doi":"10.1016/j.sysarc.2025.103592","DOIUrl":"10.1016/j.sysarc.2025.103592","url":null,"abstract":"<div><div>Smart and Precision Agriculture (SPA) methods and technologies, such as autonomous robots, AI/ML, sensors, and actuators, enhance farming productivity by automating the retrieval of environmental parameters and the decision-making process, while Fog- and Edge-based paradigms enable more informed and responsive practices. Unmanned Aerial Vehicles (UAVs) can autonomously inspect crops and promptly cooperate with terrestrial vehicles to perform treatments, as recently demonstrated by the EU-funded COMP4DRONES (C4D) research project, focused on the provisioning of innovative UAV technologies for civilian applications. Modern companion-equipped UAVs leverage Heterogeneous Systems-on-Chip (HeSoCs) to execute complex on-board tasks. HeSoCs generally combine a general-purpose, multi-core processor with a domain-specific accelerator-rich subsystem, massively integrating application-specific accelerators. Field Programmable Gate Arrays (FPGAs) are ideal fabrics to attain high performance and energy efficiency because of their massively parallel, deeply pipelined, non-Von-Neumann processing logic and custom memory hierarchies. Automated hardware-software co-design methodologies, e.g., FPGA overlays and toolflows, largely simplify the design phases, including the optimization of the accelerator interfaces, such as the merging of redundant components to reduce area usage. In this context, our contribution consists of a System-Level Design (SLD) methodology for the design of overlay-based UAV companion computers, including a modular and scalable accelerator-rich RISC-V HeSoC, a heterogeneous software stack, and an automation toolchain to generate and integrate application-specific accelerators into our overlay. Our results show three optimized overlay variants targeting an UAV-based system employed in a SPA context. Experimental results denote improvements in performance and area usage, up to <span><math><mi>18.5%</mi></math></span> on a FPGA-based HeSoC with respect to traditional design flows.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"170 ","pages":"Article 103592"},"PeriodicalIF":4.1,"publicationDate":"2025-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520786","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Joint learning video segmentation with different prior guidance 不同先验指导下的联合学习视频分割

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2025-11-04 DOI: 10.1016/j.sysarc.2025.103622

Dawei Yang , Chenhao Ma , Xiuhui Deng , Jason Junwei Zeng , Jianning Zhang , Wei Huang , Zhe Jiang , Ying Huo

Various video segmentation tasks can be summarized as segmenting target objects in the video using prior guidance. Based on what priors are used, these tasks can be categorized into video instance segmentation (VIS), referring video object segmentation (RVOS), and audio-guided video object segmentation (AVOS), which take predefined categories, text descriptions, and audio cues as guidance, respectively. Previous works primarily focused on each task individually, designing specialized architectures for optimal performance. However, these architectures cannot easily generalize to different tasks. To address this, we present a joint-training video segmentation transformer (JVST) capable of solving these tasks using a single architecture. Specifically, we extract features from prior guidance and unify them into embeddings to act as queries, indicating the model which task to conduct. Then, prior and visual features interact in our prior-to-vision and vision-to-prior modules to improve the representation of each other. Finally, the enhanced visual features and queries are input into our frame-level and clip-level models to generate predictions. Joint training on datasets from different tasks enables the model to learn more general and robust knowledge. Extensive experiments verify the effectiveness of our joint training paradigm and the superiority of JVST over previous task-specific methods.

各种视频分割任务可以概括为利用先验指导对视频中的目标对象进行分割。根据使用的先验条件，这些任务可以分为视频实例分割（VIS）、参考视频对象分割（RVOS）和音频引导视频对象分割（AVOS），它们分别以预定义的类别、文本描述和音频提示为指导。以前的工作主要集中在每个任务上，为最佳性能设计专门的架构。然而，这些体系结构不能很容易地推广到不同的任务。为了解决这个问题，我们提出了一个联合训练视频分割转换器（JVST），能够使用单一架构解决这些任务。具体来说，我们从先前的指导中提取特征，并将它们统一到嵌入中作为查询，指示要执行的任务的模型。然后，先验特征和视觉特征在我们的先验-视觉和视觉-先验模块中相互作用，以改善彼此的表示。最后，将增强的视觉特征和查询输入到我们的帧级和剪辑级模型中以生成预测。对来自不同任务的数据集进行联合训练，使模型能够学习更通用和鲁棒的知识。大量的实验验证了我们的联合训练范式的有效性，以及JVST相对于以前的特定任务方法的优越性。

{"title":"Joint learning video segmentation with different prior guidance","authors":"Dawei Yang , Chenhao Ma , Xiuhui Deng , Jason Junwei Zeng , Jianning Zhang , Wei Huang , Zhe Jiang , Ying Huo","doi":"10.1016/j.sysarc.2025.103622","DOIUrl":"10.1016/j.sysarc.2025.103622","url":null,"abstract":"<div><div>Various video segmentation tasks can be summarized as segmenting target objects in the video using prior guidance. Based on what priors are used, these tasks can be categorized into video instance segmentation (VIS), referring video object segmentation (RVOS), and audio-guided video object segmentation (AVOS), which take predefined categories, text descriptions, and audio cues as guidance, respectively. Previous works primarily focused on each task individually, designing specialized architectures for optimal performance. However, these architectures cannot easily generalize to different tasks. To address this, we present a joint-training video segmentation transformer (JVST) capable of solving these tasks using a single architecture. Specifically, we extract features from prior guidance and unify them into embeddings to act as queries, indicating the model which task to conduct. Then, prior and visual features interact in our prior-to-vision and vision-to-prior modules to improve the representation of each other. Finally, the enhanced visual features and queries are input into our frame-level and clip-level models to generate predictions. Joint training on datasets from different tasks enables the model to learn more general and robust knowledge. Extensive experiments verify the effectiveness of our joint training paradigm and the superiority of JVST over previous task-specific methods.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"170 ","pages":"Article 103622"},"PeriodicalIF":4.1,"publicationDate":"2025-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145468567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

LOST-ViT: a low overhead soft error tolerance framework for vision transformers via model compression and selective bit-level redundancy LOST-ViT：通过模型压缩和选择性位级冗余的视觉变压器的低开销软容错框架

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2025-11-01 DOI: 10.1016/j.sysarc.2025.103623

Setareh Ahsaei, Mohsen Raji

Vision Transformers (ViTs) have achieved remarkable success across various vision tasks. However, their deployment in safety-critical applications raises serious concerns about their resilience to hardware faults such as soft errors. Traditional soft error tolerance techniques are effective but impose considerable memory and computational overhead, making them unsuitable for resource-constrained embedded systems. This paper presents a Low Overhead Soft error Tolerance methodology for ViTs (called LOST-ViT), leveraging model compression and selective bit-level redundancy. LOST-ViT begins by pruning low-saliency weights to reduce the parameters that are potentially vulnerable to faults and meanwhile, lowering both memory and computational overhead of forthcoming soft error mitigation approach. The proposed methodology takes advantage of a Zero-memory Overhead Bit-level data Redundancy (named ZOBiR) to improve the soft error tolerance of ViTs. The core idea of ZoBiR is to replicate a selected bit segments of the model parameters and store them in place of the common bit segments that remain identical across all parameters. To manage the computational overhead, a selective approach is introduced according to a comprehensive vulnerability analysis across different components of ViT model. Extensive experiments demonstrate the high resilience of the proposed method to memory soft errors, with very low computational and no memory overhead.

视觉变压器（ViTs）在各种视觉任务中取得了显著的成功。然而，它们在安全关键型应用程序中的部署引起了对硬件故障（如软错误）的恢复能力的严重关注。传统的软容错技术是有效的，但会带来相当大的内存和计算开销，使得它们不适合资源受限的嵌入式系统。本文提出了一种低开销软容错方法（称为LOST-ViT），利用模型压缩和选择性位级冗余。loss - vit首先修剪低显著性权重，以减少可能易受故障影响的参数，同时降低即将到来的软错误缓解方法的内存和计算开销。该方法利用零存储开销位级数据冗余（ZOBiR）来提高vit的软容错性。ZoBiR的核心思想是复制模型参数的选定位段，并将它们存储在所有参数中保持相同的公共位段的位置。为了管理计算开销，根据对ViT模型不同组件的综合漏洞分析，引入了一种选择性方法。大量的实验表明，该方法对存储软错误具有很高的弹性，计算量非常低，没有内存开销。

{"title":"LOST-ViT: a low overhead soft error tolerance framework for vision transformers via model compression and selective bit-level redundancy","authors":"Setareh Ahsaei, Mohsen Raji","doi":"10.1016/j.sysarc.2025.103623","DOIUrl":"10.1016/j.sysarc.2025.103623","url":null,"abstract":"<div><div>Vision Transformers (ViTs) have achieved remarkable success across various vision tasks. However, their deployment in safety-critical applications raises serious concerns about their resilience to hardware faults such as soft errors. Traditional soft error tolerance techniques are effective but impose considerable memory and computational overhead, making them unsuitable for resource-constrained embedded systems. This paper presents a <u>L</u>ow <u>O</u>verhead <u>S</u>oft error <u>T</u>olerance methodology for <u>ViT</u>s (called LOST-ViT), leveraging model compression and selective bit-level redundancy. LOST-ViT begins by pruning low-saliency weights to reduce the parameters that are potentially vulnerable to faults and meanwhile, lowering both memory and computational overhead of forthcoming soft error mitigation approach. The proposed methodology takes advantage of a Zero-memory Overhead Bit-level data Redundancy (named ZOBiR) to improve the soft error tolerance of ViTs. The core idea of ZoBiR is to replicate a selected bit segments of the model parameters and store them in place of the common bit segments that remain identical across all parameters. To manage the computational overhead, a selective approach is introduced according to a comprehensive vulnerability analysis across different components of ViT model. Extensive experiments demonstrate the high resilience of the proposed method to memory soft errors, with very low computational and no memory overhead.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"170 ","pages":"Article 103623"},"PeriodicalIF":4.1,"publicationDate":"2025-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520787","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MedHST: Secure spatiotemporal EHR analytics with fine-grained access control for IoMT MedHST：安全的时空EHR分析，为IoMT提供细粒度访问控制

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2025-10-31 DOI: 10.1016/j.sysarc.2025.103606

Yuxi Li , Jingjing Chen , Dong Ji , Qingxu Deng

Within the Internet of Medical Things (IoMT), wearables and edge sensors continuously stream physiological data with precise spatiotemporal labels, producing spatiotemporal electronic health records (EHRs) at scale. Offloading raw telemetry to the cloud burdens analytics and storage and raises compliance and profiling risks. We present MedHST, an edge-first framework that secures the IoMT analytics pipeline end-to-end with fine-grained access control. Each timestamp–grid block is protected with labeled additive homomorphic encryption (LabHE) for encrypted range aggregation. Per-dimension first-difference masking with constrained pseudorandom function (cPRF)-derived seeds enables constant-time verify-then-decrypt for axis-aligned windows. A hierarchical quadtree-dyadic index together with a homomorphic MAC (HoMAC) binds each answer to a fresh nonce and its query context, providing end-to-end integrity. Least-privilege sharing uses ciphertext-policy attribute-based encryption (CP-ABE)-wrapped range seeds to support epoch-bounded revocation and logarithmic-size authorization headers, without exposing plaintext indices. On a gateway-class platform, MedHST returns constant-size answers and maintains

O (1)

client verify-then-decrypt work; cryptographic paths run in the

μ s

regime with a predictable

\approx 2 \times

integrity overhead; end-to-end latency remains

1 - 2 ms

across window sizes; and ingest scales to tens of millions of blocks. Collectively, these properties establish MedHST as a practical, scalable, and verifiable security layer for privacy-preserving IoMT analytics from device to cloud.

在医疗物联网（IoMT）中，可穿戴设备和边缘传感器不断传输具有精确时空标签的生理数据，从而大规模生成时空电子健康记录（EHRs）。将原始遥测数据转移到云端会增加分析和存储的负担，并增加合规性和分析风险。我们提出MedHST，这是一个边缘优先的框架，通过细粒度的访问控制来保护IoMT分析管道的端到端。每个时间戳网格块都使用标记加性同态加密（LabHE）进行加密范围聚合。使用约束伪随机函数（cPRF）衍生种子的每维一差掩码可以为轴对齐窗口实现恒定时间的先验证后解密。分层四叉树双进索引与同态MAC （HoMAC）一起将每个答案绑定到一个新的随机数及其查询上下文，从而提供端到端的完整性。最小权限共享使用密文策略基于属性的加密（CP-ABE）包装的范围种子来支持有时间限制的撤销和对数大小的授权头，而不暴露明文索引。在网关类平台上，MedHST返回固定大小的答案，并维护O(1)客户端验证-然后解密工作；加密路径在μs范围内运行，具有可预测的≈2x完整性开销；端到端延迟保持1 - 2ms跨窗口大小；摄取量可达数千万块。总的来说，这些属性使MedHST成为一个实用的、可扩展的、可验证的安全层，用于从设备到云的隐私保护IoMT分析。

{"title":"MedHST: Secure spatiotemporal EHR analytics with fine-grained access control for IoMT","authors":"Yuxi Li , Jingjing Chen , Dong Ji , Qingxu Deng","doi":"10.1016/j.sysarc.2025.103606","DOIUrl":"10.1016/j.sysarc.2025.103606","url":null,"abstract":"<div><div>Within the Internet of Medical Things (IoMT), wearables and edge sensors continuously stream physiological data with precise spatiotemporal labels, producing spatiotemporal electronic health records (EHRs) at scale. Offloading raw telemetry to the cloud burdens analytics and storage and raises compliance and profiling risks. We present <span>MedHST</span>, an edge-first framework that secures the IoMT analytics pipeline end-to-end with fine-grained access control. Each timestamp–grid block is protected with labeled additive homomorphic encryption (LabHE) for encrypted range aggregation. Per-dimension first-difference masking with constrained pseudorandom function (cPRF)-derived seeds enables constant-time verify-then-decrypt for axis-aligned windows. A hierarchical quadtree-dyadic index together with a homomorphic MAC (HoMAC) binds each answer to a fresh nonce and its query context, providing end-to-end integrity. Least-privilege sharing uses ciphertext-policy attribute-based encryption (CP-ABE)-wrapped range seeds to support epoch-bounded revocation and logarithmic-size authorization headers, without exposing plaintext indices. On a gateway-class platform, <span>MedHST</span> returns constant-size answers and maintains <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mn>1</mn><mo>)</mo></mrow></mrow></math></span> client verify-then-decrypt work; cryptographic paths run in the <span><math><mrow><mi>μ</mi><mi>s</mi></mrow></math></span> regime with a predictable <span><math><mrow><mo>≈</mo><mspace></mspace><mn>2</mn><mo>×</mo></mrow></math></span> integrity overhead; end-to-end latency remains <span><math><mrow><mn>1</mn><mspace></mspace><mo>−</mo><mspace></mspace><mn>2</mn><mspace></mspace><mi>ms</mi></mrow></math></span> across window sizes; and ingest scales to tens of millions of blocks. Collectively, these properties establish <span>MedHST</span> as a practical, scalable, and verifiable security layer for privacy-preserving IoMT analytics from device to cloud.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"170 ","pages":"Article 103606"},"PeriodicalIF":4.1,"publicationDate":"2025-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145468569","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MoPHoney: An adaptive honeyword generation system based on Mixture-of-prompts MoPHoney：一个基于混合提示的自适应蜜词生成系统

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2025-10-31 DOI: 10.1016/j.sysarc.2025.103617

Yiren Chen, Xiaobo Yang, Fangming Dong, Bo Jiang, Zhigang Lu, Baoxu Liu

With the advancement of password-cracking technologies, database security is encountering critical challenges. Honeywords, decoy passwords alongside the real password, serve as a key mechanism to detect unauthorized access from password leaks. However, most existing honeyword generation techniques (HGTs) rely on static strategies or single-model generators, resulting in insufficient robustness across threat scenarios. To alleviate this issue, we propose MoPHoney, an adaptive HGT based on mixture-of-prompts (MoP) powered by large language models (LLMs). MoPHoney initially employs a LightGBM-based router to predict a soft probability distribution over password types, which determines weights of the corresponding prompts for LLM. Then, adaptive styles of honeywords are generated through diverse prompt-guided pipelines, each enhanced via retrieval-augmented generation (RAG) to improve contextual realism. Next, the output is filtered by an LLM-based adversary that discards failed honeywords. Finally, honeyword files are stored using a new strategy to further enhance the complexity of password-guessing. We evaluate MoPHoney against four representative honeyword threat techniques on three real-world datasets and a PII-based password dataset. Compared with baseline HGTs, MoPHoney achieves superior flatness (average

ɛ_{1}

-flatness below 0.078 at

k = 20

), success-number, and resistance to DoS attack (average FPP below 0.004). Even when

k

varies from 5 to 50, MoPHoney maintains stable flatness and keeps false alarms under 0.5%, demonstrating robust scalability across different honeyword counts. These results not only highlight the effectiveness of input-adaptive prompts, in-context passwords, and adversarial strategies in HGTs but also show the feasibility of LLMs for generating decoys for cyber threat hunting.

随着密码破解技术的发展，数据库的安全性面临着严峻的挑战。蜜糖词，与真实密码一起的诱饵密码，作为从密码泄漏中检测未经授权访问的关键机制。然而，现有的大多数蜜词生成技术（hgt）依赖于静态策略或单模型生成器，导致其在威胁场景中的鲁棒性不足。为了缓解这个问题，我们提出了MoPHoney，这是一种基于大型语言模型（llm）支持的混合提示（MoP）的自适应HGT。MoPHoney最初使用基于lightgbm的路由器来预测密码类型的软概率分布，从而确定LLM相应提示的权重。然后，通过各种提示引导的管道生成自适应的蜜词风格，每个管道都通过检索增强生成（RAG）进行增强，以提高上下文真实感。接下来，一个基于llm的对手对输出进行过滤，该对手会丢弃失败的甜言蜜语。最后，采用一种新的存储策略来存储蜜词文件，进一步提高了密码猜测的复杂度。我们在三个真实数据集和一个基于pii的密码数据集上对MoPHoney针对四种代表性的honeyword威胁技术进行了评估。与基线hgt相比，MoPHoney具有更好的平坦度（k=20时平均平坦度低于0.078）、成功次数和抗DoS攻击能力（平均FPP低于0.004）。即使k在5到50之间变化，MoPHoney也能保持稳定的平坦度，并将假警报保持在0.5%以下，这表明在不同的蜜词数下具有强大的可扩展性。这些结果不仅突出了hgt中输入自适应提示、上下文密码和对抗策略的有效性，而且还显示了llm为网络威胁狩猎生成诱饵的可行性。

{"title":"MoPHoney: An adaptive honeyword generation system based on Mixture-of-prompts","authors":"Yiren Chen, Xiaobo Yang, Fangming Dong, Bo Jiang, Zhigang Lu, Baoxu Liu","doi":"10.1016/j.sysarc.2025.103617","DOIUrl":"10.1016/j.sysarc.2025.103617","url":null,"abstract":"<div><div>With the advancement of password-cracking technologies, database security is encountering critical challenges. Honeywords, decoy passwords alongside the real password, serve as a key mechanism to detect unauthorized access from password leaks. However, most existing honeyword generation techniques (HGTs) rely on static strategies or single-model generators, resulting in insufficient robustness across threat scenarios. To alleviate this issue, we propose MoPHoney, an adaptive HGT based on mixture-of-prompts (MoP) powered by large language models (LLMs). MoPHoney initially employs a LightGBM-based router to predict a soft probability distribution over password types, which determines weights of the corresponding prompts for LLM. Then, adaptive styles of honeywords are generated through diverse prompt-guided pipelines, each enhanced via retrieval-augmented generation (RAG) to improve contextual realism. Next, the output is filtered by an LLM-based adversary that discards failed honeywords. Finally, honeyword files are stored using a new strategy to further enhance the complexity of password-guessing. We evaluate MoPHoney against four representative honeyword threat techniques on three real-world datasets and a PII-based password dataset. Compared with baseline HGTs, MoPHoney achieves superior flatness (average <span><math><msub><mrow><mi>ɛ</mi></mrow><mrow><mn>1</mn></mrow></msub></math></span>-flatness below 0.078 at <span><math><mrow><mi>k</mi><mo>=</mo><mn>20</mn></mrow></math></span>), success-number, and resistance to DoS attack (average FPP below 0.004). Even when <span><math><mi>k</mi></math></span> varies from 5 to 50, MoPHoney maintains stable flatness and keeps false alarms under 0.5%, demonstrating robust scalability across different honeyword counts. These results not only highlight the effectiveness of input-adaptive prompts, in-context passwords, and adversarial strategies in HGTs but also show the feasibility of LLMs for generating decoys for cyber threat hunting.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"170 ","pages":"Article 103617"},"PeriodicalIF":4.1,"publicationDate":"2025-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145419555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain-assisted provably secure identity-based public key encryption with keyword search scheme for medical data sharing 基于区块链的可证明安全身份公钥加密关键字搜索医疗数据共享方案

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2025-10-30 DOI: 10.1016/j.sysarc.2025.103619

Sudeep Ghosh , SK Hafizul Islam , Athanasios V. Vasilakos

Cloud computing is widely used in modern healthcare to manage Electronic Medical Records (EMRs), allowing organizations to store, access, and share patient data efficiently. Storing encrypted EMRs presents challenges for secure search and access control when using untrusted third-party cloud environments. Public Key Encryption with Keyword Search (PEKS) enables searching over encrypted data but suffers from keyword guessing attacks, inefficient multi-user search, and the requirement for secure communication channels. This paper proposes a secure Identity-Based Medical Data Sharing framework (BCT-IMDS) that leverages a hybrid cloud-assisted blockchain system comprising private and consortium blockchains. In BCT-IMDS, each hospital maintains a private blockchain, where each department operates a computer that acts as a node in the private blockchain network. Multiple hospitals establish a consortium blockchain network using their respective cloud servers. BCT-IMDS eliminates the need for pre-selecting data consumers, supports secure multi-user search, and ensures ciphertext and trapdoor indistinguishability. We formally analyze the security of the BCT-IMDS scheme, verify it using the Scyther tool, and evaluate the performance of BCT-IMDS at different security levels (80, 112, 128, 192, and 256 bits). The analysis demonstrates that BCT-IMDS is highly secure with practical computational, communication, and storage efficiency, and outperforms state-of-the-art PEKS-based medical data-sharing schemes.

云计算在现代医疗保健中广泛用于管理电子医疗记录（emr），使组织能够有效地存储、访问和共享患者数据。在使用不受信任的第三方云环境时，存储加密的emr对安全搜索和访问控制提出了挑战。带关键字搜索的公钥加密（PEKS）支持对加密数据进行搜索，但存在关键字猜测攻击、低效率的多用户搜索以及对安全通信通道的要求。本文提出了一种安全的基于身份的医疗数据共享框架（BCT-IMDS），该框架利用混合云辅助区块链系统，包括私有和财团区块链。在BCT-IMDS中，每个医院维护一个私有区块链，其中每个部门操作一台计算机，充当私有区块链网络中的节点。多家医院使用各自的云服务器建立一个联盟区块链网络。BCT-IMDS消除了预先选择数据消费者的需要，支持安全的多用户搜索，并确保密文和活板门的不可区分性。我们正式分析了BCT-IMDS方案的安全性，使用Scyther工具对其进行了验证，并评估了BCT-IMDS在不同安全级别（80、112、128、192和256位）下的性能。分析表明，BCT-IMDS具有高度安全性，具有实用的计算、通信和存储效率，并且优于最先进的基于peks的医疗数据共享方案。

{"title":"Blockchain-assisted provably secure identity-based public key encryption with keyword search scheme for medical data sharing","authors":"Sudeep Ghosh , SK Hafizul Islam , Athanasios V. Vasilakos","doi":"10.1016/j.sysarc.2025.103619","DOIUrl":"10.1016/j.sysarc.2025.103619","url":null,"abstract":"<div><div>Cloud computing is widely used in modern healthcare to manage Electronic Medical Records (EMRs), allowing organizations to store, access, and share patient data efficiently. Storing encrypted EMRs presents challenges for secure search and access control when using untrusted third-party cloud environments. Public Key Encryption with Keyword Search (PEKS) enables searching over encrypted data but suffers from keyword guessing attacks, inefficient multi-user search, and the requirement for secure communication channels. This paper proposes a secure Identity-Based Medical Data Sharing framework (BCT-IMDS) that leverages a hybrid cloud-assisted blockchain system comprising private and consortium blockchains. In BCT-IMDS, each hospital maintains a private blockchain, where each department operates a computer that acts as a node in the private blockchain network. Multiple hospitals establish a consortium blockchain network using their respective cloud servers. BCT-IMDS eliminates the need for pre-selecting data consumers, supports secure multi-user search, and ensures ciphertext and trapdoor indistinguishability. We formally analyze the security of the BCT-IMDS scheme, verify it using the Scyther tool, and evaluate the performance of BCT-IMDS at different security levels (80, 112, 128, 192, and 256 bits). The analysis demonstrates that BCT-IMDS is highly secure with practical computational, communication, and storage efficiency, and outperforms state-of-the-art PEKS-based medical data-sharing schemes.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"170 ","pages":"Article 103619"},"PeriodicalIF":4.1,"publicationDate":"2025-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145468568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Exploiting virtual channel allocation policies in STT-RAM buffers of NoC routers through hardware Trojan 利用硬件木马利用NoC路由器STT-RAM缓冲区中的虚拟信道分配策略

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2025-10-30 DOI: 10.1016/j.sysarc.2025.103618

Josna Philomina , Rekha K. James , Palash Das , Shirshendu Das , Daleesha M. Viswanathan

Spin Transfer Torque Magnetic Random Access Memory (STT-RAM) has emerged as a promising alternative to conventional on-chip memory due to its high density, non-volatility, scalability, and CMOS compatibility. Beyond its use in designing last-level caches (LLCs), recent efforts have explored replacing traditional SRAM buffers inside Network-on-Chip (NoC) routers with STT-RAM. However, STT-RAM suffers from expensive write operations in terms of both latency and endurance. To prolong the lifetime of STT-RAM buffers, it is essential to minimize write variation by evenly distributing write operations across the memory cells. The existing virtual channel (VC) allocation policies of NoC attempt to address this by spreading writes uniformly across buffer entries. In this paper, we propose a novel hardware Trojan (HT) attack that targets the VC allocation mechanism in NoC routers. The HT maliciously alters the VC allocation to increase the write intensity on specific STT-RAM locations, thereby accelerating their wear-out and reducing the overall buffer lifespan. We analyze the impact of this attack on different VC allocation strategies and evaluate its effects using the gem5 simulator. Our results show that the proposed HT significantly increases the write variation in STT-RAM buffers, leading to a marked degradation in their endurance.

由于其高密度、非易失性、可扩展性和CMOS兼容性，自旋转移扭矩磁随机存取存储器（STT-RAM）已成为传统片上存储器的一个有前途的替代品。除了在设计最后一级缓存（lc）中使用STT-RAM之外，最近人们还在探索用STT-RAM取代片上网络（NoC）路由器中的传统SRAM缓冲区。然而，STT-RAM的写操作在延迟和持久性方面都很昂贵。为了延长STT-RAM缓冲区的生命周期，必须通过在内存单元中均匀分布写操作来最小化写变化。NoC的现有虚拟通道（VC）分配策略试图通过在缓冲区项上均匀分布写来解决这个问题。本文提出了一种针对NoC路由器中VC分配机制的硬件木马（HT）攻击方法。HT恶意地改变VC分配，以增加特定STT-RAM位置上的写强度，从而加速它们的损耗并缩短总体缓冲区寿命。我们分析了这种攻击对不同VC分配策略的影响，并使用gem5模拟器评估了其效果。我们的研究结果表明，所提出的HT显着增加了STT-RAM缓冲区的写入变化，导致其耐久性显着下降。

{"title":"Exploiting virtual channel allocation policies in STT-RAM buffers of NoC routers through hardware Trojan","authors":"Josna Philomina , Rekha K. James , Palash Das , Shirshendu Das , Daleesha M. Viswanathan","doi":"10.1016/j.sysarc.2025.103618","DOIUrl":"10.1016/j.sysarc.2025.103618","url":null,"abstract":"<div><div>Spin Transfer Torque Magnetic Random Access Memory (STT-RAM) has emerged as a promising alternative to conventional on-chip memory due to its high density, non-volatility, scalability, and CMOS compatibility. Beyond its use in designing last-level caches (LLCs), recent efforts have explored replacing traditional SRAM buffers inside Network-on-Chip (NoC) routers with STT-RAM. However, STT-RAM suffers from expensive write operations in terms of both latency and endurance. To prolong the lifetime of STT-RAM buffers, it is essential to minimize write variation by evenly distributing write operations across the memory cells. The existing virtual channel (VC) allocation policies of NoC attempt to address this by spreading writes uniformly across buffer entries. In this paper, we propose a novel hardware Trojan (HT) attack that targets the VC allocation mechanism in NoC routers. The HT maliciously alters the VC allocation to increase the write intensity on specific STT-RAM locations, thereby accelerating their wear-out and reducing the overall buffer lifespan. We analyze the impact of this attack on different VC allocation strategies and evaluate its effects using the gem5 simulator. Our results show that the proposed HT significantly increases the write variation in STT-RAM buffers, leading to a marked degradation in their endurance.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"170 ","pages":"Article 103618"},"PeriodicalIF":4.1,"publicationDate":"2025-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145468571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A multi-functional and privacy-preserving data aggregation scheme for smart grid 一种多功能、隐私保护的智能电网数据聚合方案

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2025-10-30 DOI: 10.1016/j.sysarc.2025.103599

Zhixin Zeng , Zuxin Yu , Yiming Chen , Long Li , Yining Liu , Huadong Liu

The real-time collection of electricity consumption data enables smart grids to optimize supply–demand balance and detect electricity theft. However, the utilization of such consumption data poses significant privacy risks to consumers. Privacy-preserving data aggregation (PPDA) techniques offer a means to safeguard the privacy of electricity consumers/users. But, a significant limitation of current implementations is that the aggregated data typically only enables the calculation of total consumption across all consumers within a residential area. In practical applications, aggregated data fails to meet diverse query requirements. Therefore, a multi-functional privacy-preserving data aggregation scheme is proposed to enhance the utility of data without compromising privacy. First, a blind-factor-enhanced PPDA algorithm based on inner product functional encryption (IPFE) is introduced to safeguard the privacy of individual data. The proposed solution allows the control center and electricity consumers to perform some function-specific queries on encrypted data. Second, a dynamic pseudonym-based authentication protocol is designed to resist identity inference attacks. Security analysis indicates that the proposed scheme fulfills security and privacy requirements. Extensive experimental results reveal that the proposed scheme can not only support multi-functional queries in real scenarios but also outperform other comparable schemes in terms of computation cost, communication overhead, and storage overhead.

电力消耗数据的实时收集使智能电网能够优化供需平衡并检测电力盗窃。然而，这些消费数据的使用给消费者带来了重大的隐私风险。保护隐私的数据聚合（PPDA）技术为保护电力消费者/用户的隐私提供了一种手段。但是，当前实现的一个重要限制是，聚合的数据通常只能计算一个住宅区域内所有消费者的总消费量。在实际应用中，聚合的数据不能满足多样化的查询需求。为此，提出了一种多功能保护隐私的数据聚合方案，在不损害隐私的前提下提高数据的效用。首先，提出了一种基于内积功能加密（IPFE）的盲因子增强PPDA算法来保护个人数据的隐私。提出的解决方案允许控制中心和电力用户对加密数据执行一些特定功能的查询。其次，设计了基于动态假名的身份验证协议，以抵御身份推断攻击。安全性分析表明，该方案满足安全性和隐私性要求。大量的实验结果表明，该方案不仅可以在实际场景中支持多功能查询，而且在计算成本、通信开销和存储开销方面都优于其他可比方案。

{"title":"A multi-functional and privacy-preserving data aggregation scheme for smart grid","authors":"Zhixin Zeng , Zuxin Yu , Yiming Chen , Long Li , Yining Liu , Huadong Liu","doi":"10.1016/j.sysarc.2025.103599","DOIUrl":"10.1016/j.sysarc.2025.103599","url":null,"abstract":"<div><div>The real-time collection of electricity consumption data enables smart grids to optimize supply–demand balance and detect electricity theft. However, the utilization of such consumption data poses significant privacy risks to consumers. Privacy-preserving data aggregation (PPDA) techniques offer a means to safeguard the privacy of electricity consumers/users. But, a significant limitation of current implementations is that the aggregated data typically only enables the calculation of total consumption across all consumers within a residential area. In practical applications, aggregated data fails to meet diverse query requirements. Therefore, a multi-functional privacy-preserving data aggregation scheme is proposed to enhance the utility of data without compromising privacy. First, a blind-factor-enhanced PPDA algorithm based on inner product functional encryption (IPFE) is introduced to safeguard the privacy of individual data. The proposed solution allows the control center and electricity consumers to perform some function-specific queries on encrypted data. Second, a dynamic pseudonym-based authentication protocol is designed to resist identity inference attacks. Security analysis indicates that the proposed scheme fulfills security and privacy requirements. Extensive experimental results reveal that the proposed scheme can not only support multi-functional queries in real scenarios but also outperform other comparable schemes in terms of computation cost, communication overhead, and storage overhead.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"170 ","pages":"Article 103599"},"PeriodicalIF":4.1,"publicationDate":"2025-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145419557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0