Computer Standards & Interfaces最新文献

At present, the rapid development of satellite capabilities has prompted the proposal of satellite–terrestrial integrated networks (STIN), which solves the problem of limited signal coverage of terrestrial cellular networks, further promotes the globalization process, and realizes global data sharing and on-demand use. However, due to the high openness of satellite-to-ground links in STIN, users are vulnerable to attacks such as eavesdropping, replay, tampering, and impersonation when requesting access to satellite nodes and obtaining subscription services. To ensure the security and reliability, many authentication protocols have been proposed, but there are still some shortcomings, such as high authentication overhead, vulnerability to certain attacks. In addition, for inter-satellite handovers caused by the highly dynamic topology of satellites, the computational overhead of existing handover authentication mechanisms is too high to be applied to frequent inter-satellite handover scenarios in STIN. To address the above issues, in this paper, we propose a new access and handover authentication protocol with batch verification for STIN, namely the AHA-BV protocol. The AHA-BV protocol not only realizes mutual authentication and key negotiation between users and satellite access points without the participation of the network control center, but also ensures the conditional anonymity of users during the access authentication phase. Furthermore, the lightweight batch verification mechanism reduces the risk of computing bottlenecks when resource-constrained satellites receive a large number of access authentication requests. Not only that, the AHA-BV protocol can also achieve sustained trust in subscription services from STIN with low computational overhead during the inter-satellite handover authentication phase. Formal and heuristic security analysis show that the AHA-BV protocol can meet the security requirements of STIN. Performance analysis indicates that the AHA-BV protocol has low authentication overhead while ensuring security, and is more suitable for users under satellite dynamic topology to access and obtain subscription services from STIN.

Cutting-edge and innovative software solutions are provided to address network security, network virtualization, and other network-related challenges in highly congested SDN-powered networks. However, these networks are susceptible to the same security issues as traditional networks. For instance, SDNs are significantly vulnerable to distributed denial of service (DDoS) attacks. Previous studies have suggested various anomaly detection techniques based on machine learning, statistical analysis, or entropy measurement to combat DDoS attacks and other security threats in SDN networks. However, these techniques face challenges such as collecting sufficient and relevant flow data, extracting and selecting the most informative features, and choosing the best model for identifying and preventing anomalies. This paper introduces a new and advanced multi-stage modular approach for anomaly detection and mitigation in SDN networks. The approach consists of four modules: data collection, feature selection, anomaly classification, and anomaly response. The approach utilizes the NetFlow standard to gather data and generate a dataset, employs the Information Gain Ratio (IGR) to select the most valuable features, uses gradient-boosted trees (GBT), and leverages Representational State Transfer Application Programming Interfaces (REST API) and Static Entry Pusher within the floodlight controller to construct an exceptionally efficient structure for detecting and mitigating anomalies in SDN design. We conducted experiments on a synthetic dataset containing 15 types of anomalies, such as DDoS attacks, port scans, worms, etc. We compared our model with four existing techniques: SVM, KNN, DT, and RF. Experimental results demonstrate that our model outperforms the existing techniques in terms of enhancing Accuracy (AC) and Detection Rate (DR) while simultaneously reducing Classification Error (CE) and False Alarm Rate (FAR) to 98.80 %, 97.44 %, 1.2 %, and 0.38 %, respectively.

The encryption of user data is crucial when employing cloud storage services to guarantee the security of these data stored on cloud servers. Attribute-based encryption (ABE) scheme is considered a powerful encryption technique that offers flexible and fine-grained access control capabilities. Further, the multi-user collaborative access ABE scheme additionally supports users to acquire access authorization through collaborative works. However, the existing multi-user collaborative access ABE schemes do not consider the different weights of collaboration users. Therefore, using these schemes for weighted multi-user collaborative access results in either redundant attributes or unsuccessful construction of the access control structure. For this, we proposes the special attribute policy (SAP) problem about weighted multi-user collaborative access, and presents an efficient ciphertext-policy weighted attribute-based encryption with collaborative access scheme (CP-WABE-CA), which can provide efficient collaborative access control for multiple users with different weights. In detail, this scheme utilizes a novel weighted access tree to prevent attribute repetition, thereby eliminating redundant attributes and addressing the issue of constructing access control structures. We prove our scheme is resistant against chosen plaintext attack. The experimental results demonstrate that our scheme has significant computational efficiency advantages compared to related works, without increasing storage or communication overhead. Therefore, the CP-WABE-CA scheme can provide an efficient flexible weighted collaborative access control mechanisms for cloud storage.

Complex and large software-intensive systems are increasingly present in several application domains, including Industry 4.0, connected health, smart cities, and smart agriculture, to mention a few. These systems are commonly composed of diverse other systems often developed by different organizations using various technologies and, as a consequence, interoperability among these systems becomes difficult. Many architectural strategies for interoperability have already been proposed; however, selecting adequate strategies is challenging. Additionally, it lacks an overview of such strategies. This work presents TASIS, a typology of architectural strategies for the interoperability of software-intensive systems. We also validated it with 33 practitioners from different countries with an extensive experience in integration projects. This work also offers 12 industry-based association rules that suggest how to combine those strategies to mitigate issues at different interoperability levels. As a result, our typology can serve as a starting point to further aggregate new strategies and, ultimately, supports software architects in designing interoperability-driven architectural solutions.

In recent years, machine learning techniques have been widely deployed in various fields. However, machine learning faces problems like high computation overhead, low training accuracy, and poor security due to data silos, privacy issues and communication limitations, especially in the environment of cloud computing. Logistic regression (LR) is a popular machine learning method used for prediction, while current LR algorithms suffer from high computation cost and communication burden due to interactions between users and cloud servers. In this paper, we propose a Privacy-Preserving Multi-party Logistic Regression (PPMLR) algorithm, which achieves privacy-preserving and non-interactive gradient descent regression training in machine learning. PPMLR uses the Distributed two Trapdoors Public-Key Cryptosystem (DT-PKC) as a main building block, which satisfies additive homomorphic encryption. Specifically, users go off-line after encrypting local private data, then the service provider ($\mathrm{SP}$) trains the global logistic regression model by interacting with the cloud server ($\mathrm{CS}$), so that the confidentiality and privacy of user’s private data can be guaranteed during the training process. We prove by detailed security proof that PPMLR guarantees data and model privacy. Finally, we conduct experiments on two popular medical datasets from the UCI machine learning repository. The experimental results show that PPMLR can conduct privacy-preserving training efficiently. Comparison with the stat-of-the-art Privacy-Preserving Logistic Regression Algorithm (PPLRA) shows that the model training time is reduced by about 4 times.

In human–computer interaction, emotion recognition provides a deeper understanding of the user’s emotions, enabling empathetic and effective responses based on the user’s emotional state. While deep learning models have improved emotion recognition solutions, it is still an active area of research. One important limitation is that most emotion recognition systems use only text as input, ignoring features such as voice intonation. Another limitation is the limited number of datasets available for multimodal emotion recognition. In addition, most published datasets contain emotions that are simulated by professionals and produce limited results in real-world scenarios. In other languages, such as Spanish, hardly any datasets are available. Therefore, our contributions to emotion recognition are as follows. First, we compile and annotate a new corpus for multimodal emotion recognition in Spanish (Spanish MEACorpus 2023), which contains 13.16 h of speech divided into 5129 segments labeled by considering Ekman’s six basic emotions. The dataset is extracted from YouTube videos in natural environments. Second, we explore several deep learning models for emotion recognition using text- and audio-based features. Third, we evaluate different multimodal techniques to build a multimodal recognition system that improves the results of unimodal models, achieving a Macro F1-score of 87.745%, using late fusion with concatenation strategy approach.

With the development of blockchain technology, Byzantine Fault Tolerance (BFT) is becoming an important research topic. The rPBFT consensus algorithm was introduced to address a range of shortcomings in the PBFT consensus algorithm, including high communication complexity, limited scalability, and a significant decline in performance when the system reaches approximately 100 nodes. Although rPBFT has been widely applied in the FISCO consortium chain, existing methods fail to ensure fairness in the power distribution among consensus member nodes and fine-grained node classification in rPBFT consensus. This work proposes a rPBFT consensus mechanism based on reputation value evaluation and supervision of consensus members. By implementing hierarchical management of nodes based on their reputation values, malicious nodes are eliminated, and supervision of consensus members is realized. The simulation experiment simulates the decision process of a variety of different nodes and consensus member jury with different proportions of 60%, 80% and 100% judges. The results show that the proposed scheme can dynamically update the node reputation value and classify various nodes. On the premise that the jury judges cast no less than 50% of the verdict votes, the malicious nodes in the consensus members can also be eliminated from the group of consensus member nodes. The scheme proposed in this paper effectively improves the fault tolerance of the rPBFT consensus mechanism, maintains the stability of the consortium chain network and ensures the security of the system.

Attribute-based encryption (ABE) has been widely applied in cloud services for access control. However, a large number of pairing operations required for decryption affect the wide use of ABE on lightweight devices. A general solution is to outsource the heavy computation to the cloud service provider (CSP), leaving the lighter computation to the data user. Nevertheless, it is impractical to assume that the CSP will provide free services. A recent ABE scheme with payable outsourced decryption ${\mathrm{ABE}}_{\mathrm{POD}}$ (TIFS’20) provides a solution for the above payment issue. The CSP is generally untrusted, however, ${\mathrm{ABE}}_{\mathrm{POD}}$ does not offer a verification mechanism for the data user to verify the correctness of the message. Moreover, the use of dual key pairs in ${\mathrm{ABE}}_{\mathrm{POD}}$ incurs a significant computational overhead for data users during the key generation phase. We address the above issues by presenting a new blockchain-based verifiable outsourced attribute-based encryption system that enables data users to verify the correctness of plaintexts. We implement batch verification using homomorphic technical to optimize the verification process. We use the technique of dichotomous search to accurately locate problematic plaintexts. Additionally, we optimize three key-generation algorithms to transfer the computational cost from the data user to the key generation center. We offer the formal security models and the instantiation system with security analysis. As compared to ${\mathrm{ABE}}_{\mathrm{POD}}$, we further optimize the key-generation algorithms such that the computational overhead of transformation-key and verification-key generation for data users is reduced from O($\Omega$) to O(1) and reduced by half respectively, where $\Omega$ is the number of attributes.

Key-Aggregate Searchable (KASE) can enable a data owner to delegate search rights over a set of data files to multiple users through a single aggregated authorization key in multi-user data sharing environments. Despite the elegance of the KASE concept, designing a KASE scheme that simultaneously prevents authorization from being abused and resists offline keyword guessing attacks is a formidable challenge. To respond the challenge, we propose a secure Key Aggregation Keyword Searchable Encryption against Keyword Guessing Attack and Authorization Abuse (KASE-AKA) scheme. Compared with existing KASE schemes, our KASE-AKA scheme has the following merits: (1) supporting dynamic update of user data search right through a user data search right list maintained by the semi-trust cloud server. (2) preventing the authorization from being abused since the authorization key (aggregate key) associates the user’s public key, a subset of access rights, and a common secret value that only the cloud and data owner can collaboratively generate. (3) providing resistance against offline keyword guessing attacks. Correctness proof, security analysis and performance evaluation demonstrate that the proposed KASE-AKA scheme is provably secure, highly efficient and more feasible in practical application scenarios.

Blockchain technology has demonstrated promising potential for covert communication. Although a series of studies have investigated blockchain-based covert communication, systematic research on the information-hiding patterns and covert communication patterns built on the blockchain is absent. This paper aims to conduct a comprehensive analysis of the related patterns. Based on intensive investigation, we abstract and propose a reference model for blockchain-based covert communication. We accordingly identify five types of covert communication patterns, each with different roles for covert senders and covert receivers, which enable one-to-one and one-to-many communication. Using Bitcoin as an example, we analyze the data distribution of covert channels within the block and transaction structure. Furthermore, we compare the hiding patterns and covert communication patterns and discuss the challenges and promising directions to achieve secure, robust, and cost-effective covert communication using blockchain. This work can provide valuable insights into the potential of blockchain technology for covert communication and lay the foundation for future research in this area.