Computer Standards & Interfaces最新文献

Zero Trust (ZT) has become a very hot approach for building secure systems, promoted by industry and government as a new way to produce systems with a high degree of security. ZT is based on not trusting any request for accessing resources. Because of the possibility of increasing the security of enterprise systems there has been a large amount of publication on different aspects of this strategy. It is then important to evaluate if its claims are true. We have used security patterns to design and evaluate security architectures and we apply here this method to analyze the expectations of this strategy. We relate the ideas behind ZT to the accumulated knowledge of security and attempt to answer some questions about the value and possibilities of this technology. In general, industry publications are vague about the technical aspects of these systems, ignore past security knowledge, and there are few reports describing actual experience building and using ZT architectures. Is Zero Trust Architecture (ZTA) the ideal architecture to build secure systems? To obtain a deeper understanding of this architecture, we analyze its pattern structure and provide a sketch of its reference architecture built as an aggregation of security patterns. As any system architecture, regardless of the way it has been constructed, represents a system, we also consider its threats. Finally, we provide directions for research on this area.

Deep learning has been used to address various problems in a range of domains within both academia and industry. However, the issue of intellectual property with deep learning models has aroused broad attention. Watermarking, a proactive defense approach widely adopted to safeguard the copyright of digital content, is now sparking novel mechanisms for protecting the intellectual property of deep learning models. Further, significantly improved digital watermarking techniques have been developed to protect multimedia content, primarily images, with high efficiency and effectiveness. Yet, our current understandings of these two technical forefronts, i.e., deep learning model watermarking and image watermarking via deep learning, are unilaterally separated and application-oriented. To this end, we have undertaken a survey on emerging watermarking mechanisms in the two areas from a novel security perspective. That is, we have surveyed attacks and defenses in deep learning model watermarking and deep-learning-based image watermarking. Within the survey, we propose an objective taxonomy to unify the two domains, revealing their commonly shared properties with reference to design principles, functionalities, etc. Upon the taxonomy, a comprehensive analysis of attacks and defenses associated with the shared properties in both domains is presented. We have summarized the collected methods from a technical aspect and their advantages vs. disadvantages. A discussion of the joint characteristics and possible improvements of the methods are attached. Lastly, we have also proposed several potential research directions to inspire more ideas in these areas.

The NTRU lattice is a promising candidate to construct practical cryptosystems, in particular key encapsulation mechanism (KEM), resistant to quantum computing attacks. Nevertheless, there are still some inherent obstacles to NTRU-based KEM schemes when considering integrated performance, taking security, bandwidth, error probability, and computational efficiency as a whole, that is as good as and even better than their {R,M}LWE-based counterparts. In this work, we address the challenges by presenting a new family of NTRU-based KEM schemes, denoted as CTRU and CNTR. By bridging low-dimensional lattice codes and high-dimensional NTRU-lattice-based cryptography with careful design and analysis, to the best of our knowledge, CTRU and CNTR are the first NTRU-based KEM schemes featuring scalable ciphertext compression via only one single ciphertext polynomial, and are the first that can outperform {R,M}LWE-based KEM schemes in terms of integrated performance. For instance, when compared to Kyber, the only KEM scheme currently standardized by NIST, our recommended parameter set CNTR-768 exhibits approximately 12% smaller ciphertext size, when its security is strengthened by $(8,7)$ bits for classical and quantum security respectively, with a significantly lower error probability ($2^{-230}$ for CNTR-768 vs. $2^{-164}$ for Kyber-768). In terms of the state-of-the-art AVX2 implementation of Kyber-768, CNTR-768,achieves a speedup of 2.7X in KeyGen, 3.3X in Encaps, and 1.6X in Decaps, respectively. When compared to the NIST Round 3 finalist NTRU-HRSS, CNTR-768,features 15% smaller ciphertext size, coupled with an improvement of $(55,49)$ bits for classical and quantum security respectively. As for the AVX2 implementation, CNTR-768,outperforms NTRU-HRSS by 26X in KeyGen, 3.0X in Encaps, and 2.2X in Decaps, respectively. Along the way, we develop new techniques for more accurate error probability analysis, and a unified number theoretic transform (NTT) implementation for multiple parameter sets, which may be of independent interest.

With the rapid development of low-cost consumer electronics and pervasive adoption of next generation wireless communication technologies, a tremendous amount of data has been generated from users’ smart devices and collected for research and analysis. This inevitably results in increasing concern of mobile users regarding their personal information; the problem of privacy preservation has become more urgent and it has also attracted a significant amount of attention from both academic researchers and industry practitioners. As a strong privacy tool, local differential privacy (LDP) has been widely deployed in recent years. It eliminates the need for a trusted third party by allowing users to perturb their data locally, thus providing better privacy protection. This survey provides a comprehensive and structured overview of LDP technology. We summarize and analyse state-of-the-art development in LDP and compare a range of methods from various perspectives and from the context of machine learning model training. We explore the applications of LDP in various domains. Furthermore, we identify several research challenges and discuss promising future research directions.

Web conferencing software can help workers work remotely and provide them with greater flexibility and autonomy. However, existing web conferencing software faces certain technical, functional, and design-related limitations. These problems lead to a less than ideal user experience and consequently result in a lack of intrinsic motivation on the part of the user. To improve this situation, we conducted a System Literature Review (SLR) to integrate and summarize the principles proposed in the literature and ultimately developed a heuristic design toolkit for web conferencing software based on self-determination theory. This toolkit contains a total of 15 principles corresponding to autonomy, competence and relatedness. Through heuristic and expert evaluations, we verified that the toolkit is effective in identifying problems. Therefore, the results of this research can help designers to develop web conferencing software and evaluate its usability in order to address the usability issues of the software and to satisfy the basic psychological needs of the users, thus enhancing users intrinsic motivation to use the web conferencing software.

Existing multimodal fake news detection methods face challenges in jointly capturing the intramodality and cross-modal correlation relationships between image regions and text fragments. Additionally, these methods lack comprehensive hierarchical semantics mining for text. These limitations result in ineffective utilization of multimodal information and impact detection performance. To address these issues, we propose a multimodal relationship-aware attention network (MRAN), which consists of three main steps. First, a multi-level encoding network is employed to extract hierarchical semantic feature representations of text, while the visual feature extractor VGG19 learns image feature representations. Second, the captured text and image representations are input into the relationship-aware attention network, which generates high-order fusion features by calculating the similarity between information segments within modalities and cross-modal similarity. Finally, the fusion features are passed through a fake news detector, which identifies fake news. Experimental results on three benchmark datasets demonstrate the effectiveness of MRAN, highlighting its strong detection performance.

To address the slow response time of existing detection modules to the Internet of Things (IoT) Distributed Denial of Service (DDoS) attacks, along with their low feature differentiation and poor detection performance, we propose MRFM, a timely detection method with multidimensional reconstruction and function mapping. Firstly, we employ a queue mechanism to capture and store incoming network traffic data within a predefined time frame. Subsequently, we introduce a multidimensional reconstruction neural network model, specifically designed to reconstruct quantitative features based on their respective indices by adjusting the loss function. This process is followed by the computation of multidimensional reconstruction errors and the transformation of vectors into mapping features, thereby augmenting the disparities among various types of traffic data and promoting the similarity within the same category of traffic data. Lastly, we extract frequency information from the qualitative feature matrix using information entropy calculations, enriching the feature profile of individual traffic instances. The experimental results on two benchmark datasets show that MRFM can effectively detect different types of DDoS attacks. Notably, MRFM consistently outperforms other existing methods, exhibiting an average metric improvement of up to 9.61 %.

The storage of electronic medical records (EMRs) is an area of extensive research, and healthcare systems often delegate this task to cloud service providers (CSP). Typically, CSP transmits the encrypted EMRs to a cloud server with a searchable encryption scheme for easy retrieval. However, the enormous power held by centralized CSP poses a potential threat to patients’ personal privacy, as it can lead to unauthorized access and misuse of medical data by both CSP and data users, such as doctors. This paper proposes a blockchain-based multi-keyword searchable encryption (BMSE) electronic medical record solution. The scheme consists of two parts. On the one hand, our solution involves the integration of blockchain technology and the utilization of advanced encryption standard (AES) for symmetric data encryption. Additionally, we employ attribute-based encryption (ABE) to encrypt the search index. This approach aims to address the issue of excessive power held by centralized CSP, which can potentially result in the compromise of patients’ privacy. On the other hand, we use the K-means algorithm to cluster the documents, and use the relevance score of keywords and documents as the search index to solve the problem of low efficiency of the existing multi-keyword searchable encryption schemes. Finally, we verify the safety of BMSE through safety analysis, and the experimental analysis shows that BMSE improves the search efficiency.

Image generation using generative adversarial networks (GANs) has raised new security challenges recently. One promising forensic solution is verifying whether or not a suspicious image contains a GAN fingerprint, a unique trace left behind by the source GAN. Previous methods mainly focused on GAN fingerprint extraction while underestimating the downstream forensic applications, and the fingerprints are often single-level which only supports one specific forensic task. In this study, we investigate the problem of disentangling different levels of GAN fingerprints to satisfy the need for varying forensics tasks. Based on an analysis of fingerprint dependency revealing the existence of two levels of fingerprints in different signal domains, we proposed a decoupling representation framework to separate and extract two types of GAN fingerprints from different domains. An adversarial data augmentation strategy plus a transformation-invariant loss is added to the framework to enhance the robustness of fingerprints to image perturbations. Then we elaborated on three typical forensics tasks and the task-specific fingerprinting using different GAN fingerprints. Extensive experiments have verified our dependency analysis, the effectiveness and robustness of the proposed fingerprint extraction framework, and the applicability of task-specific fingerprinting in real-world and simulated scenarios.

Blockchain heralds the dawn of decentralized applications that coordinate proper computations without requiring prior trust. Existing blockchain solutions, however, are incapable of dealing with intensive validation. Duplicated execution results in limited throughput and unacceptably high costs. Furthermore, the absence of secure incentive mechanisms derives undesired dilemmas among rational verifiers.

In this work, we present Lever-FS, a practical blockchain validation framework that makes intensive validation cost-efficient and incentive-compatible among rational verifiers. It is faster than previous constructions since full-fledged scalability is achieved over optimistic execution, dispute resolution, and backbone confirmation of every potential workload. Lever-FS first curtails the scale of each validation to a single node and introduces novel challenge-response games between potential adversaries and rational participants, optimistically optimizing validation redundancy according to the practical adversarial capability confronted. When there is a rich and stubborn adversary, the backstop protocol is then activated to resolve intricate disputes via a threshold voting supported by concurrent redundant executions. Throughout the game, compelling incentive design efficiently transfers the adversary’s budget to proliferated task rewards for subsequent executions, therefore allowing the user to lever sufficient endorsements for the correct verdict with minimum expense. In addition, fair incentive distribution mechanisms are designed to circumvent the well-known Verifier’s Dilemma. Finally, we accelerate Lever-FS with sharding to enable scale-out backbone confirmation, seamless workload balancing, and optimized unanimous assertion across multiple independent validation instances.

Experiments reveal that Lever-FS significantly improves the throughput while lowering expenses of intensive validation with a slight tradeoff in latency. Compared to state-of-the-art alternatives, it removes their brittle reliance on altruism, dense interactions, or massive computational power. It is also robust to conceivable attacks on validation and performs distinguishable ability to purify Byzantine participants.