Internet of Things (IoT), as a remarkable paradigm, establishes a wide range of applications in various industries like healthcare, smart homes, smart cities, agriculture, transportation, and military domains. This widespread technology provides a general platform for heterogeneous objects to connect, exchange, and process gathered information. Beside significant efficiency and productivity impacts of IoT technology, security and privacy concerns have emerged more than ever. The routing protocol for low power and lossy networks (RPL) which is standardized for IoT environment, suffers from the basic security considerations, which makes it vulnerable to many well-known attacks. Several security solutions have been proposed to address routing attacks detection in RPL–based IoT, most of which are based on machine learning techniques, intrusion detection systems and trust-based approaches. Securing RPL–based IoT networks is challenging because resource constraint IoT devices are connected to untrusted Internet, the communication links are lossy and the devices use a set of novel and heterogenous technologies. Therefore, providing light-weight security mechanisms play a vital role in timely detection and prevention of IoT routing attacks. In this paper, we proposed a novel anomaly detection–based trust management model using the concepts of sequence prediction and deep learning. We have formulated the problem of routing behavior anomaly detection as a time series forecasting method, which is solved based on a stacked long–short term memory (LSTM) sequence to sequence autoencoder; that is, a hybrid training model of recurrent neural networks and autoencoders. The proposed model is then utilized to provide a detection mechanism to address four prevalent and destructive RPL attacks including: black-hole attack, destination-oriented directed acyclic graph (DODAG) information solicitation (DIS) flooding attack, version number (VN) attack, and decreased rank (DR) attack. In order to evaluate the efficiency and effectiveness of the proposed model in timely detection of RPL–specific routing attacks, we have implemented the proposed model on several RPL–based IoT scenarios simulated using Contiki Cooja simulator separately, and the results have been compared in details. According to the presented results, the implemented detection scheme on all attack scenarios, demonstrated that the trend of estimated anomaly between real and predicted routing behavior is similar to the evaluated attack frequency of malicious nodes during the RPL process and in contrast, analyzed trust scores represent an opposite pattern, which shows high accurate and timely detection of attack incidences using our proposed trust scheme.
{"title":"A Trust Based Anomaly Detection Scheme Using a Hybrid Deep Learning Model for IoT Routing Attacks Mitigation","authors":"Khatereh Ahmadi, Reza Javidan","doi":"10.1049/2024/4449798","DOIUrl":"10.1049/2024/4449798","url":null,"abstract":"<p>Internet of Things (IoT), as a remarkable paradigm, establishes a wide range of applications in various industries like healthcare, smart homes, smart cities, agriculture, transportation, and military domains. This widespread technology provides a general platform for heterogeneous objects to connect, exchange, and process gathered information. Beside significant efficiency and productivity impacts of IoT technology, security and privacy concerns have emerged more than ever. The routing protocol for low power and lossy networks (RPL) which is standardized for IoT environment, suffers from the basic security considerations, which makes it vulnerable to many well-known attacks. Several security solutions have been proposed to address routing attacks detection in RPL–based IoT, most of which are based on machine learning techniques, intrusion detection systems and trust-based approaches. Securing RPL–based IoT networks is challenging because resource constraint IoT devices are connected to untrusted Internet, the communication links are lossy and the devices use a set of novel and heterogenous technologies. Therefore, providing light-weight security mechanisms play a vital role in timely detection and prevention of IoT routing attacks. In this paper, we proposed a novel anomaly detection–based trust management model using the concepts of sequence prediction and deep learning. We have formulated the problem of routing behavior anomaly detection as a time series forecasting method, which is solved based on a stacked long–short term memory (LSTM) sequence to sequence autoencoder; that is, a hybrid training model of recurrent neural networks and autoencoders. The proposed model is then utilized to provide a detection mechanism to address four prevalent and destructive RPL attacks including: black-hole attack, destination-oriented directed acyclic graph (DODAG) information solicitation (DIS) flooding attack, version number (VN) attack, and decreased rank (DR) attack. In order to evaluate the efficiency and effectiveness of the proposed model in timely detection of RPL–specific routing attacks, we have implemented the proposed model on several RPL–based IoT scenarios simulated using Contiki Cooja simulator separately, and the results have been compared in details. According to the presented results, the implemented detection scheme on all attack scenarios, demonstrated that the trend of estimated anomaly between real and predicted routing behavior is similar to the evaluated attack frequency of malicious nodes during the RPL process and in contrast, analyzed trust scores represent an opposite pattern, which shows high accurate and timely detection of attack incidences using our proposed trust scheme.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2024-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/4449798","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142708347","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
To securely share the data between users, encryption schemes with keyword searches in various settings have been proposed. Many studies design schemes in a designated receiver setting where a data owner specifies which receivers could download the data in advance at the time the data are uploaded. In this setting, it is not easy to extend the scheme to support environments with multiple data owners. Moreover, there was no scheme considering the situation in which a newly enrolled user accesses data that were uploaded prior to his enrollment. On the other hand, schemes designed in an undesignated receiver setting support multiple data owners and allow data to be accessed by all users in the system, regardless of the time the data were uploaded. However, most of them are not secure against collusion attacks involving an untrusted server and revoked users. In this paper, we propose a full-accessible multiparty searchable encryption (FA-MPSE) scheme for data-sharing systems. Our scheme supports the property that we call full-accessibility, and any users in the system can access all data in the storage. In addition, our scheme is secure against collision attacks so that the revoked users who collaborate with the server can not access the stored data. Furthermore, our scheme provides all the essential properties of MPSE, such as query privacy, query unforgeability, full-revocability, and unlinkability, and its security is proven in a formal security model. We provide the comparison result with the related schemes to show that our scheme has a comparative advantage.
{"title":"Full-Accessible Multiparty Searchable Encryption Scheme for Shared Cloud Storage","authors":"Dongmin Kim, Jieun Eom, Kee Sung Kim","doi":"10.1049/ise2/5693357","DOIUrl":"10.1049/ise2/5693357","url":null,"abstract":"<p>To securely share the data between users, encryption schemes with keyword searches in various settings have been proposed. Many studies design schemes in a <i>designated</i> receiver setting where a data owner specifies which receivers could download the data in advance at the time the data are uploaded. In this setting, it is not easy to extend the scheme to support environments with multiple data owners. Moreover, there was no scheme considering the situation in which a newly enrolled user accesses data that were uploaded prior to his enrollment. On the other hand, schemes designed in an <i>undesignated</i> receiver setting support multiple data owners and allow data to be accessed by all users in the system, regardless of the time the data were uploaded. However, most of them are not secure against collusion attacks involving an untrusted server and revoked users. In this paper, we propose a full-accessible multiparty searchable encryption (FA-MPSE) scheme for data-sharing systems. Our scheme supports the property that we call <i>full-accessibility</i>, and any users in the system can access all data in the storage. In addition, our scheme is secure against collision attacks so that the revoked users who collaborate with the server can not access the stored data. Furthermore, our scheme provides all the essential properties of MPSE, such as query privacy, query unforgeability, full-revocability, and unlinkability, and its security is proven in a formal security model. We provide the comparison result with the related schemes to show that our scheme has a comparative advantage.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2024-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/5693357","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142708273","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
At CRYPTO 2019, Gohr showed the significant advantages of neural distinguishers over traditional distinguishers in differential cryptanalysis. At fast software encryption (FSE) 2024, Bellini et al. provided a generic tool to automatically train the (related-key) differential neural distinguishers for different block ciphers. In this paper, based on the intrinsic principle of differential cryptanalysis and neural distinguisher, we propose a superior (related-key) differential neural distinguisher that uses the ciphertext pairs generated by two different differences. In addition, we give a framework to automatically train our (related-key) differential neural distinguisher with four steps: difference selection, sample generation, training pipeline, and evaluation scheme. To demonstrate the effectiveness of our approach, we apply it to the block ciphers: Simon, Speck, Simeck, and Hight. Compared to the existing results, our method can provide improved accuracy and even increase the number of rounds that can be analyzed. The source codes are available in https://github.com/differentialdistinguisher/AutoND_New.
{"title":"A New (Related-Key) Neural Distinguisher Using Two Differences for Differential Cryptanalysis","authors":"Gao Wang, Gaoli Wang, Siwei Sun","doi":"10.1049/2024/4097586","DOIUrl":"10.1049/2024/4097586","url":null,"abstract":"<p>At CRYPTO 2019, Gohr showed the significant advantages of neural distinguishers over traditional distinguishers in differential cryptanalysis. At fast software encryption (FSE) 2024, Bellini et al. provided a generic tool to automatically train the (related-key) differential neural distinguishers for different block ciphers. In this paper, based on the intrinsic principle of differential cryptanalysis and neural distinguisher, we propose a superior (related-key) differential neural distinguisher that uses the ciphertext pairs generated by two different differences. In addition, we give a framework to automatically train our (related-key) differential neural distinguisher with four steps: difference selection, sample generation, training pipeline, and evaluation scheme. To demonstrate the effectiveness of our approach, we apply it to the block ciphers: Simon, Speck, Simeck, and Hight. Compared to the existing results, our method can provide improved accuracy and even increase the number of rounds that can be analyzed. The source codes are available in https://github.com/differentialdistinguisher/AutoND_New.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2024-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/4097586","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142561563","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This study addresses the challenge of extracting valuable information and selecting key variables from large datasets, essential across statistics, computational science, and data science. In the age of big data, where safeguarding personal privacy is paramount, this study presents an online learning algorithm that leverages differential privacy to handle large-scale data effectively. The focus is on enhancing the online group lasso approach within the differential privacy realm. The study begins by comparing online and offline learning approaches and classifying common online learning techniques. It proceeds to elucidate the concept of differential privacy and its importance. By enhancing the group-follow-the-proximally-regularized-leader (GFTPRL) algorithm, we have created a new method for the online group lasso model that integrates differential privacy for binary classification in logistic regression. The research offers a solid validation of the algorithm’s effectiveness based on differential privacy and online learning principles. The algorithm’s performance was thoroughly evaluated through simulations with both synthetic and actual data. The comparison is made between the proposed privacy-preserving algorithm and traditional non-privacy-preserving counterparts, with a focus on regret bounds, a measure of performance. The findings underscore the practical benefits of the differential privacy-preserving algorithm in tackling large-scale data analysis while upholding privacy standards. This research marks a significant step forward in the fusion of big data analytics and the safeguarding of individual privacy.
{"title":"A Novel Differentially Private Online Learning Algorithm for Group Lasso in Big Data","authors":"Jinxia Li, Liwei Lu","doi":"10.1049/2024/5553292","DOIUrl":"10.1049/2024/5553292","url":null,"abstract":"<p>This study addresses the challenge of extracting valuable information and selecting key variables from large datasets, essential across statistics, computational science, and data science. In the age of big data, where safeguarding personal privacy is paramount, this study presents an online learning algorithm that leverages differential privacy to handle large-scale data effectively. The focus is on enhancing the online group lasso approach within the differential privacy realm. The study begins by comparing online and offline learning approaches and classifying common online learning techniques. It proceeds to elucidate the concept of differential privacy and its importance. By enhancing the group-follow-the-proximally-regularized-leader (GFTPRL) algorithm, we have created a new method for the online group lasso model that integrates differential privacy for binary classification in logistic regression. The research offers a solid validation of the algorithm’s effectiveness based on differential privacy and online learning principles. The algorithm’s performance was thoroughly evaluated through simulations with both synthetic and actual data. The comparison is made between the proposed privacy-preserving algorithm and traditional non-privacy-preserving counterparts, with a focus on regret bounds, a measure of performance. The findings underscore the practical benefits of the differential privacy-preserving algorithm in tackling large-scale data analysis while upholding privacy standards. This research marks a significant step forward in the fusion of big data analytics and the safeguarding of individual privacy.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2024-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/5553292","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142525225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Large language models (LLMs) have brought significant advancements to artificial intelligence, particularly in understanding and generating human language. However, concerns over management burden and data security have grown alongside their capabilities. To solve the problem, we design a blockchain-based distributed LLM framework, where LLM works in the distributed mode and its outputs can be stored and verified on a blockchain to ensure integrity, transparency, and traceability. In addition, a multiparty signature-based authentication mechanism is necessary to ensure stakeholder consensus before publication. To address these requirements, we propose a threshold elliptic curve digital signature algorithm that counters malicious adversaries in environments with three or more participants. Our approach relies on discrete logarithmic zero-knowledge proofs and Feldman verifiable secret sharing, reducing complexity by forgoing multiplication triple protocols. When compared with some related schemes, this optimization speeds up both the key generation and signing phases with constant rounds while maintaining security against malicious adversaries.
{"title":"An Efficient Multiparty Threshold ECDSA Protocol against Malicious Adversaries for Blockchain-Based LLMs","authors":"Jing Wang, Xue Yuan, Yingjie Xu, Yudi Zhang","doi":"10.1049/2024/2252865","DOIUrl":"10.1049/2024/2252865","url":null,"abstract":"<p>Large language models (LLMs) have brought significant advancements to artificial intelligence, particularly in understanding and generating human language. However, concerns over management burden and data security have grown alongside their capabilities. To solve the problem, we design a blockchain-based distributed LLM framework, where LLM works in the distributed mode and its outputs can be stored and verified on a blockchain to ensure integrity, transparency, and traceability. In addition, a multiparty signature-based authentication mechanism is necessary to ensure stakeholder consensus before publication. To address these requirements, we propose a threshold elliptic curve digital signature algorithm that counters malicious adversaries in environments with three or more participants. Our approach relies on discrete logarithmic zero-knowledge proofs and Feldman verifiable secret sharing, reducing complexity by forgoing multiplication triple protocols. When compared with some related schemes, this optimization speeds up both the key generation and signing phases with constant rounds while maintaining security against malicious adversaries.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2024-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/2252865","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142447780","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In isogeny-based cryptography, bilinear pairings are regarded as a powerful tool in various applications, including key compression, public key validation, and torsion basis generation. However, in most isogeny-based protocols, the performance of pairing computations is unsatisfactory due to the high computational cost of the Miller function. Reducing the computational expense of the Miller function is crucial for enhancing the overall performance of pairing computations in isogeny-based cryptography. This paper addresses this efficiency bottleneck. To achieve this, we propose several techniques for a better implementation of pairings in isogeny-based cryptosystems. We use (modified) Jacobian coordinates and present new algorithms for Miller function computations to compute pairings of order 2∙ and 3∙. For pairings of arbitrary order, which are crucial for key compression in some SIDH-based schemes (such as M-SIDH and binSIDH), we combine Miller doublings with Miller additions/subtractions, leading to a considerable speedup. Moreover, the optimizations for pairing applications in CSIDH-based protocols are also considered in this paper. In particular, our approach for supersingularity verification in CSIDH is 15.3% faster than Doliskani’s test, which is the state-of-the-art.
{"title":"Pairing Optimizations for Isogeny-Based Cryptosystems","authors":"Shiping Cai, Kaizhan Lin, Chang-An Zhao","doi":"10.1049/2024/9631360","DOIUrl":"10.1049/2024/9631360","url":null,"abstract":"<p>In isogeny-based cryptography, bilinear pairings are regarded as a powerful tool in various applications, including key compression, public key validation, and torsion basis generation. However, in most isogeny-based protocols, the performance of pairing computations is unsatisfactory due to the high computational cost of the Miller function. Reducing the computational expense of the Miller function is crucial for enhancing the overall performance of pairing computations in isogeny-based cryptography. This paper addresses this efficiency bottleneck. To achieve this, we propose several techniques for a better implementation of pairings in isogeny-based cryptosystems. We use (modified) Jacobian coordinates and present new algorithms for Miller function computations to compute pairings of order 2<sup>∙</sup> and 3<sup>∙</sup>. For pairings of arbitrary order, which are crucial for key compression in some SIDH-based schemes (such as M-SIDH and binSIDH), we combine Miller doublings with Miller additions/subtractions, leading to a considerable speedup. Moreover, the optimizations for pairing applications in CSIDH-based protocols are also considered in this paper. In particular, our approach for supersingularity verification in CSIDH is 15.3% faster than Doliskani’s test, which is the state-of-the-art.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2024-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/9631360","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142429227","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Reflection structure has a significant advantage that realizing decryption and encryption results in minimum additional costs, and many block ciphers tend to adopt such structure to achieve the requirement of low overhead. PRINCE, MANTIS, QARMA, and PRINCEv2 are lightweight block ciphers with reflection feature proposed in recent years. In this paper, we consider the automatic differential cryptanalysis of reflection block ciphers based on Boolean satisfiability (SAT) method. Since reflection block ciphers have different round functions, we extend forward and backward from the middle structure and achieve to accelerate the search of the optimal differential characteristics for such block ciphers with the Matsui’s bounding conditions. As a result, we present the optimal differential characteristics for PRINCE up to 12 rounds (full round), and they are also the optimal characteristics for PRINCEv2. We also find the optimal differential characteristics for MANTIS, QARMA-64, and QARMA-128 up to 10, 12, and 8 rounds, respectively. To mount an efficient differential attack on such block ciphers, we present a uniform SAT model by combining the differential characteristic searching process and the key recovery process. With this model, we find two sets of 7-round differential characteristics for PRINCE with less guessed key bits and use them to present a multiple differential attack against 11-round PRINCE, which improves the known single-key attack on PRINCE by one round to our knowledge.
反射结构有一个显著的优点,即实现解密和加密所需的额外成本最小,许多块密码都倾向于采用这种结构来实现低开销的要求。PRINCE、MANTIS、QARMA 和 PRINCEv2 是近年来提出的具有反射功能的轻量级块密码。本文考虑基于布尔可满足性(SAT)方法对反射式块密码进行自动差分密码分析。由于反射分块密码具有不同的圆函数,我们从中间结构向前和向后扩展,实现了用松井约束条件加速搜索这类分块密码的最优差分特征。因此,我们提出了 PRINCE 最多 12 轮(全轮)的最佳差分特征,它们也是 PRINCEv2 的最佳特征。我们还发现了 MANTIS、QARMA-64 和 QARMA-128 的最佳差分特性,分别达到 10、12 和 8 轮。为了对此类块密码进行有效的差分攻击,我们结合差分特征搜索过程和密钥恢复过程,提出了一个统一的 SAT 模型。利用这个模型,我们找到了 PRINCE 的两组 7 轮差分特征,猜测的密钥位数较少,并利用它们提出了针对 11 轮 PRINCE 的多重差分攻击,将已知的 PRINCE 单密钥攻击改进了一轮。
{"title":"Automatic Search of Differential Characteristics and Improved Differential Cryptanalysis for PRINCE, QARMA, and MANTIS","authors":"Yaxin Cui, Hong Xu, Lin Tan, Wenfeng Qi","doi":"10.1049/2024/5574862","DOIUrl":"10.1049/2024/5574862","url":null,"abstract":"<p>Reflection structure has a significant advantage that realizing decryption and encryption results in minimum additional costs, and many block ciphers tend to adopt such structure to achieve the requirement of low overhead. PRINCE, MANTIS, QARMA, and PRINCEv2 are lightweight block ciphers with reflection feature proposed in recent years. In this paper, we consider the automatic differential cryptanalysis of reflection block ciphers based on Boolean satisfiability (SAT) method. Since reflection block ciphers have different round functions, we extend forward and backward from the middle structure and achieve to accelerate the search of the optimal differential characteristics for such block ciphers with the Matsui’s bounding conditions. As a result, we present the optimal differential characteristics for PRINCE up to 12 rounds (full round), and they are also the optimal characteristics for PRINCEv2. We also find the optimal differential characteristics for MANTIS, QARMA-64, and QARMA-128 up to 10, 12, and 8 rounds, respectively. To mount an efficient differential attack on such block ciphers, we present a uniform SAT model by combining the differential characteristic searching process and the key recovery process. With this model, we find two sets of 7-round differential characteristics for PRINCE with less guessed key bits and use them to present a multiple differential attack against 11-round PRINCE, which improves the known single-key attack on PRINCE by one round to our knowledge.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2024-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/5574862","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142359951","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The emergence of cloud computing enables users to upload data to remote clouds and compute them. This drastically reduces computing and storage costs for users. Considering secure computing for multilevel users in enterprises, the notion of hierarchical identity-based inner product functional encryption (HIB-IPFE) is proposed. In this cryptosystem, a sender can encrypt a vector into a ciphertext with a hierarchical identity, while a receiver who possesses a secret key corresponding to the same hierarchical identity and a vector can decrypt the ciphertext and obtain the inner product . However, HIB-IPFE is not sufficient to capture flexible data sharing and forward security. In this study, we present a notion of hierarchical identity-based puncturable HIBP-IPFE. Furthermore, we present a formal definition and security model of HIBP-IPFE to guarantee data confidentiality and receiver anonymity. Compared with HIB-IPFE, our proposed scheme enables users to puncture keys on specific tags ensuring that the punctured keys cannot be used to decrypt the ciphertexts associated with those tags. The proposed scheme is provably secure under d-DBDHE assumption in the standard model. The experimental results indicate that our scheme is more practical in cloud computing, with superior functionality.
{"title":"Privacy-Enhanced Data Sharing Systems from Hierarchical ID-Based Puncturable Functional Encryption with Inner Product Predicates","authors":"Cheng-Yi Lee, Zi-Yuan Liu, Masahiro Mambo, Raylin Tso","doi":"10.1049/2024/5535196","DOIUrl":"10.1049/2024/5535196","url":null,"abstract":"<p>The emergence of cloud computing enables users to upload data to remote clouds and compute them. This drastically reduces computing and storage costs for users. Considering secure computing for multilevel users in enterprises, the notion of hierarchical identity-based inner product functional encryption (HIB-IPFE) is proposed. In this cryptosystem, a sender can encrypt a vector <span></span><math></math> into a ciphertext with a hierarchical identity, while a receiver who possesses a secret key corresponding to the same hierarchical identity and a vector <span></span><math></math> can decrypt the ciphertext and obtain the inner product <span></span><math></math>. However, HIB-IPFE is not sufficient to capture flexible data sharing and forward security. In this study, we present a notion of hierarchical identity-based puncturable HIBP-IPFE. Furthermore, we present a formal definition and security model of HIBP-IPFE to guarantee data confidentiality and receiver anonymity. Compared with HIB-IPFE, our proposed scheme enables users to puncture keys on specific tags ensuring that the punctured keys cannot be used to decrypt the ciphertexts associated with those tags. The proposed scheme is provably secure under <i>d</i>-DBDHE assumption in the standard model. The experimental results indicate that our scheme is more practical in cloud computing, with superior functionality.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2024-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/5535196","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142359916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Attribute-based conditional proxy re-encryption protocols (AB-CPREs) enable a delegator to delegate his decryption rights via different policies and grant the data owner greater flexibility in allocating their encrypted private data stored in the cloud. However, existing lattice-based AB-CPREs suffer from some drawbacks such as large parameters and weak passive securities. To the best of our knowledge, the first quantum-safe key-policy AB-CPREs with polynomially bounded parameters (for certain NC 0 circuits/policies) that is selective attribute secure against honest re-encryption attacks (HRA) is presented. The security of our proposed AB-CPREs is based on standard LWE assumptions. We further introduce the directly revocable AB-CPREs, a primitive that enables a delegator to authorize and revoke his delegation of decryption rights dynamically and offers more flexible access control on externally stored encrypted data. Definition and security model of single-hop directly revocable AB-CPREs are given, and the first detailed construction of single-hop directly revocable AB-CPREs based on standard LWE assumptions is also proposed.
{"title":"Improved AB-CPREs with Revocability and HRA Security under LWE","authors":"Yang Wang, Mingqiang Wang","doi":"10.1049/2024/4333883","DOIUrl":"10.1049/2024/4333883","url":null,"abstract":"<p>Attribute-based conditional proxy re-encryption protocols (AB-CPREs) enable a delegator to delegate his decryption rights via different policies and grant the data owner greater flexibility in allocating their encrypted private data stored in the cloud. However, existing lattice-based AB-CPREs suffer from some drawbacks such as large parameters and weak passive securities. To the best of our knowledge, the first quantum-safe key-policy AB-CPREs with <i>polynomially bounded parameters</i> (for certain NC <sup>0</sup> circuits/policies) that is selective attribute secure against honest re-encryption attacks (HRA) is presented. The security of our proposed AB-CPREs is based on standard LWE assumptions. We further introduce the directly revocable AB-CPREs, a primitive that enables a delegator to authorize and revoke his delegation of decryption rights dynamically and offers more flexible access control on externally stored encrypted data. Definition and security model of single-hop directly revocable AB-CPREs are given, and the first detailed construction of single-hop directly revocable AB-CPREs based on standard LWE assumptions is also proposed.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/4333883","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142324601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Distributed denial-of-service (DDoS) attacks pose a significant threat to network security due to their widespread impact and detrimental consequences. Currently, deep learning methods are widely applied in DDoS anomaly traffic detection. However, they often lack the ability to collectively model both local and global traffic features, which presents challenges in improving performance. In order to provide an effective method for detecting abnormal traffic, this paper proposes a novel network architecture called DDoS-MSCT, which combines a multiscale convolutional neural network and transformer. The DDoS-MSCT architecture introduces the DDoS-MSCT block, which consists of a local feature extraction module (LFEM) and a global feature extraction module (GFEM). The LFEM employs convolutional kernels of different sizes, accompanied by dilated convolutions, with the aim of enhancing the receptive field and capturing multiscale features simultaneously. On the other hand, the GFEM is utilized to capture long-range dependencies for attending to global features. Furthermore, with the increase in network depth, DDoS-MSCT facilitates the integration of multiscale local and global contextual information of traffic features, thereby improving detection performance. Our experiments are conducted on the CIC-DDoS2019 dataset, and also the CIC-IDS2017 dataset, which is introduced as a supplement to address the issue of sample imbalance. Experimental results on the hybrid dataset show that DDoS-MSCT achieves accuracy, recall, F1 score, and precision of 99.94%, 99.95%, 99.95%, and 99.97%, respectively. Compared to the state of the art methods, the DDoS-MSCT model achieves a good performance for detecting the DDoS attack to provide the protecting ability for network security.
{"title":"DDoS-MSCT: A DDoS Attack Detection Method Based on Multiscale Convolution and Transformer","authors":"Bangli Wang, Yuxuan Jiang, You Liao, Zhen Li","doi":"10.1049/2024/1056705","DOIUrl":"10.1049/2024/1056705","url":null,"abstract":"<p>Distributed denial-of-service (DDoS) attacks pose a significant threat to network security due to their widespread impact and detrimental consequences. Currently, deep learning methods are widely applied in DDoS anomaly traffic detection. However, they often lack the ability to collectively model both local and global traffic features, which presents challenges in improving performance. In order to provide an effective method for detecting abnormal traffic, this paper proposes a novel network architecture called DDoS-MSCT, which combines a multiscale convolutional neural network and transformer. The DDoS-MSCT architecture introduces the DDoS-MSCT block, which consists of a local feature extraction module (LFEM) and a global feature extraction module (GFEM). The LFEM employs convolutional kernels of different sizes, accompanied by dilated convolutions, with the aim of enhancing the receptive field and capturing multiscale features simultaneously. On the other hand, the GFEM is utilized to capture long-range dependencies for attending to global features. Furthermore, with the increase in network depth, DDoS-MSCT facilitates the integration of multiscale local and global contextual information of traffic features, thereby improving detection performance. Our experiments are conducted on the CIC-DDoS2019 dataset, and also the CIC-IDS2017 dataset, which is introduced as a supplement to address the issue of sample imbalance. Experimental results on the hybrid dataset show that DDoS-MSCT achieves accuracy, recall, F1 score, and precision of 99.94%, 99.95%, 99.95%, and 99.97%, respectively. Compared to the state of the art methods, the DDoS-MSCT model achieves a good performance for detecting the DDoS attack to provide the protecting ability for network security.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/1056705","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142244563","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号