Computer Standards & Interfaces最新文献_第9页

40 years of Computer Standards & Interfaces: A bibliometric retrospective 40年的计算机标准与接口：文献计量学回顾

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces

Pub Date : 2025-07-08 DOI: 10.1016/j.csi.2025.104046

Nikunja Mohan Modak , Ghassan Beydoun , José M. Merigó , Iman Rahimi , Willy Susilo

Computer Standards & Interfaces (CSI) is a leading international journal in the field of computer applications, standards, data management, interfaces, and software developments. This bibliometric study analyzes a four-decade journey of the CSI from 1982 to 2023. We captured data related to the CSI publications from two trustworthy databases: Web of Science (WoS) Core Collection and Scopus. We analyze the journal's performance in relationships with publications, citations, topics, periods, authors, institutions, countries, and regions. Visualization of similarities (VOS) viewer software is used to construct network visualizations of co-citations, co-occurrences, and bibliographic couplings of related issues. The present work finds that 2001 published articles in CSI have received 24,139 citations. David C. Yen from Texas Southern University (USA) and Ahmed Patel from Ceará State University (Brazil) are the most productive authors. The USA, Europe and East Asia are the most productive regions. Security, Standardization, Standards, Interoperability, Authentication, Privacy, and Cryptography are highly discussed research topics by the authors in CSI. This retrospective study explores the reach and credibility of CSI capturing active and significant involvements of the authors from different parts of the world.

计算机标准《接口》（CSI）是一本在计算机应用、标准、数据管理、接口和软件开发领域领先的国际期刊。本文献计量学研究分析了CSI从1982年到2023年的40年历程。我们从两个值得信赖的数据库中获取了与CSI出版物相关的数据：Web of Science (WoS) Core Collection和Scopus。我们分析了期刊的表现与出版物、引用、主题、时期、作者、机构、国家和地区的关系。相似度可视化（VOS）查看器软件用于构建相关问题的共引、共现和书目耦合的网络可视化。本研究发现，2001篇在CSI上发表的文章被引用24139次。美国德克萨斯南方大学的David C. Yen和巴西塞奥州立大学的Ahmed Patel是最高产的作者。美国、欧洲和东亚是生产力最高的地区。安全、标准化、标准、互操作性、身份验证、隐私和密码学是CSI中作者高度讨论的研究主题。这项回顾性研究探讨了CSI的影响范围和可信度，它捕捉了来自世界各地的作者积极而重要的参与。

{"title":"40 years of Computer Standards & Interfaces: A bibliometric retrospective","authors":"Nikunja Mohan Modak , Ghassan Beydoun , José M. Merigó , Iman Rahimi , Willy Susilo","doi":"10.1016/j.csi.2025.104046","DOIUrl":"10.1016/j.csi.2025.104046","url":null,"abstract":"<div><div>Computer Standards & Interfaces (CSI) is a leading international journal in the field of computer applications, standards, data management, interfaces, and software developments. This bibliometric study analyzes a four-decade journey of the CSI from 1982 to 2023. We captured data related to the CSI publications from two trustworthy databases: Web of Science (WoS) Core Collection and Scopus. We analyze the journal's performance in relationships with publications, citations, topics, periods, authors, institutions, countries, and regions. Visualization of similarities (VOS) viewer software is used to construct network visualizations of co-citations, co-occurrences, and bibliographic couplings of related issues. The present work finds that 2001 published articles in CSI have received 24,139 citations. David C. Yen from Texas Southern University (USA) and Ahmed Patel from Ceará State University (Brazil) are the most productive authors. The USA, Europe and East Asia are the most productive regions. Security, Standardization, Standards, Interoperability, Authentication, Privacy, and Cryptography are highly discussed research topics by the authors in CSI. This retrospective study explores the reach and credibility of CSI capturing active and significant involvements of the authors from different parts of the world.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104046"},"PeriodicalIF":4.1,"publicationDate":"2025-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144655799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Multiuser data integrity auditing atop blockchain with secure user revocation for cognitive IoT networks 基于区块链的多用户数据完整性审计，支持认知物联网网络的安全用户撤销

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces

Pub Date : 2025-07-07 DOI: 10.1016/j.csi.2025.104042

Min Xie , Yong Yu , Ruonan Chen , Yanqi Zhao , Jianting Ning , Xiaoyi Yang , Zoe L. Jiang

Cognitive computing over big data has advanced the cognitive Internet of Things (IoT), enhancing adaptive decision-making by the analysis of shared data, while posing challenges in the storage and multi-user sharing of large-scale real-time data. Decentralized cloud storage is a promising solution to reduce latency and prevent single-point failures, but a key factor in preventing erroneous decisions lies in the integrity of shared data. However, integrity auditing in decentralized and shared storage typically involves linear overheads, with revoked users potentially colluding with cloud providers to evade audits. To address these issues, we propose a blockchain-based multiuser data integrity auditing protocol for cognitive IoT, supporting secure user revocation and batch auditing in decentralized storage. Our protocol classifies group users into different categories and manages group users efficiently and dynamically. Besides, files stored across various storage nodes can be audited in batches and effectively updated based on novel block tags. Smart contracts deployed on the blockchain ensure fairness among participants. We formally prove the security of the protocol in the random oracle model and the algebraic group model, in particular, against collusion attacks. Finally, we evaluate the cost separately for on-chain operations and off-chain operations to show its practicality.

基于大数据的认知计算推动了认知物联网（IoT）的发展，通过对共享数据的分析增强了自适应决策，同时对大规模实时数据的存储和多用户共享提出了挑战。分散的云存储是一种很有前途的解决方案，可以减少延迟和防止单点故障，但防止错误决策的关键因素在于共享数据的完整性。然而，分散存储和共享存储中的完整性审计通常涉及线性开销，被撤销的用户可能与云提供商勾结以逃避审计。为了解决这些问题，我们提出了一种基于区块链的认知物联网多用户数据完整性审计协议，支持分散存储中的安全用户撤销和批处理审计。该协议将组用户划分为不同的类别，并对组用户进行高效、动态的管理。此外，存储在各个存储节点上的文件可以被批量审计，并根据新的块标记有效地更新。部署在区块链上的智能合约确保了参与者之间的公平。正式证明了该协议在随机oracle模型和代数群模型下的安全性，特别是对合算攻击的安全性。最后，我们分别对链上操作和链下操作的成本进行了评估，以证明其实用性。

{"title":"Multiuser data integrity auditing atop blockchain with secure user revocation for cognitive IoT networks","authors":"Min Xie , Yong Yu , Ruonan Chen , Yanqi Zhao , Jianting Ning , Xiaoyi Yang , Zoe L. Jiang","doi":"10.1016/j.csi.2025.104042","DOIUrl":"10.1016/j.csi.2025.104042","url":null,"abstract":"<div><div>Cognitive computing over big data has advanced the cognitive Internet of Things (IoT), enhancing adaptive decision-making by the analysis of shared data, while posing challenges in the storage and multi-user sharing of large-scale real-time data. Decentralized cloud storage is a promising solution to reduce latency and prevent single-point failures, but a key factor in preventing erroneous decisions lies in the integrity of shared data. However, integrity auditing in decentralized and shared storage typically involves linear overheads, with revoked users potentially colluding with cloud providers to evade audits. To address these issues, we propose a blockchain-based multiuser data integrity auditing protocol for cognitive IoT, supporting secure user revocation and batch auditing in decentralized storage. Our protocol classifies group users into different categories and manages group users efficiently and dynamically. Besides, files stored across various storage nodes can be audited in batches and effectively updated based on novel block tags. Smart contracts deployed on the blockchain ensure fairness among participants. We formally prove the security of the protocol in the random oracle model and the algebraic group model, in particular, against collusion attacks. Finally, we evaluate the cost separately for on-chain operations and off-chain operations to show its practicality.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104042"},"PeriodicalIF":4.1,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144581038","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Lattice-based dynamic decentralized anonymous credential scheme supporting batch verification 支持批验证的基于格的动态去中心化匿名凭证方案

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces

Pub Date : 2025-07-04 DOI: 10.1016/j.csi.2025.104039

Yihua Zhou, Shumiao Liu, Yuguang Yang, Weimin Shi, Zhenhu Ning

Anonymous credentials allow users to obtain credentials while protecting their privacy, which have significant application value in digital identity management systems. Anonymous credential schemes based on post-quantum assumptions mainly rely on a central issuing authority. Once the central server encounters single point of failure, it will cause the entire system to crash. The high computational complexity of credential verification algorithm severely restricts system scalability in high-concurrency identity management scenarios. More critically, existing schemes generally lack non-interactive batch verification algorithm, resulting in linear growth of verification time with the number of credentials when handling large-scale requests. Constructions relying on multiple fixed issuers to issue credentials in a decentralized manner have been proposed. Given that fixed issuers could not adapt to complex and changing network environments, we present a lattice-based decentralized anonymous credential system that supports dynamic changes in issuers to enhance system robustness. By introducing an innovative threshold signature, our system flexibly accommodates the joining or leaving of issuers for various reasons. Meanwhile, the system enables dynamic adjustments of thresholds without reset. By utilizing an efficient cryptographic accumulator, the system supports batch verification of credentials without revealing their contents. Experimental results demonstrate that our system outperforms previous systems in terms of performance. It is worth noting that our batch credential verification algorithm achieves constant time cost, independent of user’s credential size.

匿名凭证允许用户在获取凭证的同时保护其隐私，在数字身份管理系统中具有重要的应用价值。基于后量子假设的匿名证书方案主要依赖于一个中央颁发机构。一旦中央服务器出现单点故障，就会导致整个系统崩溃。在高并发身份管理场景下，证书验证算法的高计算复杂度严重制约了系统的可扩展性。更为关键的是，现有方案普遍缺乏非交互式批验证算法，导致在处理大规模请求时，验证时间随凭据数量线性增长。已经提出了依赖多个固定发行者以分散的方式颁发证书的结构。鉴于固定的发行者无法适应复杂多变的网络环境，我们提出了一种基于格子的去中心化匿名证书系统，支持发行者的动态变化，以增强系统的鲁棒性。通过引入创新的门槛签名，我们的系统可以灵活地适应发行者因各种原因加入或离开。同时，系统可以动态调整阈值而不复位。通过使用高效的密码累加器，系统支持对凭证进行批量验证，而不会泄露其内容。实验结果表明，我们的系统在性能方面优于以往的系统。值得注意的是，我们的批量证书验证算法实现了恒定的时间成本，与用户的证书大小无关。

{"title":"Lattice-based dynamic decentralized anonymous credential scheme supporting batch verification","authors":"Yihua Zhou, Shumiao Liu, Yuguang Yang, Weimin Shi, Zhenhu Ning","doi":"10.1016/j.csi.2025.104039","DOIUrl":"10.1016/j.csi.2025.104039","url":null,"abstract":"<div><div>Anonymous credentials allow users to obtain credentials while protecting their privacy, which have significant application value in digital identity management systems. Anonymous credential schemes based on post-quantum assumptions mainly rely on a central issuing authority. Once the central server encounters single point of failure, it will cause the entire system to crash. The high computational complexity of credential verification algorithm severely restricts system scalability in high-concurrency identity management scenarios. More critically, existing schemes generally lack non-interactive batch verification algorithm, resulting in linear growth of verification time with the number of credentials when handling large-scale requests. Constructions relying on multiple fixed issuers to issue credentials in a decentralized manner have been proposed. Given that fixed issuers could not adapt to complex and changing network environments, we present a lattice-based decentralized anonymous credential system that supports dynamic changes in issuers to enhance system robustness. By introducing an innovative threshold signature, our system flexibly accommodates the joining or leaving of issuers for various reasons. Meanwhile, the system enables dynamic adjustments of thresholds without reset. By utilizing an efficient cryptographic accumulator, the system supports batch verification of credentials without revealing their contents. Experimental results demonstrate that our system outperforms previous systems in terms of performance. It is worth noting that our batch credential verification algorithm achieves constant time cost, independent of user’s credential size.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104039"},"PeriodicalIF":4.1,"publicationDate":"2025-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144581037","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A novel clustering approach for recommendation systems using adaptive fuzzy clustering with Jensen–Shannon divergence 基于Jensen-Shannon散度的推荐系统自适应模糊聚类方法

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces

Pub Date : 2025-07-02 DOI: 10.1016/j.csi.2025.104035

Gökhan Kayhan, Naciye Aydin, Sercan Demirci

In today’s world, where users are surrounded by a multitude of products, recommender systems are employed to assist users in finding products of interest. Clustering methods are frequently utilized in recommender systems to suggest relevant products. Fuzzy clustering techniques, one of the most commonly used clustering methods, determine the degree of relevance of each product to a cluster through the membership matrix it generates. However, determining the number of clusters in these methods poses a challenge. This study proposes an Adaptive Fuzzy C-Means Jensen Shannon (AFCM-JS) algorithm, a fuzzy and interest-based clustering method that estimates the number of clusters. The proposed AFCM-JS algorithm is implemented on an artificial dataset consisting of 6 clusters and 1000 elements. The results of the study are compared with Fuzzy C-Means (FCM), Probabilistic C-Means (PCM), and Probabilistic Fuzzy C-Means (PFCM) methods, which are fuzzy-based clustering algorithms, and the interest-based method JS. To evaluate the comparison results, 7 different cluster validity indices and an accuracy metric are employed. AFCM-JS method consistently and accurately predicted the number of clusters when tested with different maximum cluster numbers. When the clustering ability of the method is tested with cluster validity indices and the accuracy metric, AFCM-JS is found to be successful. The performance of the AFCM-JS method is tested on a dataset created for a movie recommendation system with the aim of recommending movies to users. For this purpose, movie data is weighted with a Dirichlet function for action, adventure, comedy, drama, and horror genres, creating a dataset that includes the characteristics of these 5 movie genres. The AFCM-JS method is compared with 3 different fuzzy clustering methods using 7 different cluster validity indices with this created movie dataset. Additionally, the AFCM-JS algorithm is compared with the other 3 fuzzy clustering methods based on the accuracy metric. As a result of this comparison, the AFCM-JS method achieves the highest performance among the methods with 81.9366%. Furthermore, when the performance of the proposed method is compared in terms of cluster validity indices, the AFCM-JS method successfully predicts the appropriate number of clusters and effectively groups similar movies according to their genres, accomplishing the purpose.

在当今世界，用户被大量的产品所包围，推荐系统被用来帮助用户找到感兴趣的产品。聚类方法在推荐系统中经常被用来推荐相关的产品。模糊聚类技术是最常用的聚类方法之一，它通过生成的隶属矩阵来确定每个产品与聚类的关联程度。然而，在这些方法中确定簇的数量是一个挑战。本文提出了一种自适应模糊C-Means Jensen - Shannon （AFCM-JS）算法，这是一种基于兴趣的模糊聚类方法，用于估计聚类的数量。提出的AFCM-JS算法在一个包含6个聚类和1000个元素的人工数据集上实现。将研究结果与基于模糊聚类算法的Fuzzy C-Means （FCM）、Probabilistic C-Means （PCM）和Probabilistic Fuzzy C-Means （PFCM）方法以及基于兴趣的聚类方法JS进行了比较。为了评价比较结果，采用了7个不同的聚类效度指标和一个精度度量。AFCM-JS方法在不同最大聚类数的情况下，预测聚类数一致且准确。用聚类有效性指标和精度度量对该方法的聚类能力进行了测试，结果表明AFCM-JS方法是成功的。在为电影推荐系统创建的数据集上测试了AFCM-JS方法的性能，该数据集的目的是向用户推荐电影。为此，电影数据使用Dirichlet函数对动作、冒险、喜剧、戏剧和恐怖类型进行加权，创建一个包含这5种电影类型特征的数据集。利用所创建的电影数据集，使用7种不同的聚类有效性指标，将AFCM-JS方法与3种不同的模糊聚类方法进行比较。此外，基于精度度量，将AFCM-JS算法与其他3种模糊聚类方法进行了比较。通过比较，AFCM-JS方法的性能达到了81.9366%，是所有方法中性能最高的。此外，在聚类有效性指标方面比较了本文方法的性能，AFCM-JS方法成功地预测了合适的聚类数量，并有效地根据类型对相似电影进行了分组，达到了目的。

{"title":"A novel clustering approach for recommendation systems using adaptive fuzzy clustering with Jensen–Shannon divergence","authors":"Gökhan Kayhan, Naciye Aydin, Sercan Demirci","doi":"10.1016/j.csi.2025.104035","DOIUrl":"10.1016/j.csi.2025.104035","url":null,"abstract":"<div><div>In today’s world, where users are surrounded by a multitude of products, recommender systems are employed to assist users in finding products of interest. Clustering methods are frequently utilized in recommender systems to suggest relevant products. Fuzzy clustering techniques, one of the most commonly used clustering methods, determine the degree of relevance of each product to a cluster through the membership matrix it generates. However, determining the number of clusters in these methods poses a challenge. This study proposes an Adaptive Fuzzy C-Means Jensen Shannon (AFCM-JS) algorithm, a fuzzy and interest-based clustering method that estimates the number of clusters. The proposed AFCM-JS algorithm is implemented on an artificial dataset consisting of 6 clusters and 1000 elements. The results of the study are compared with Fuzzy C-Means (FCM), Probabilistic C-Means (PCM), and Probabilistic Fuzzy C-Means (PFCM) methods, which are fuzzy-based clustering algorithms, and the interest-based method JS. To evaluate the comparison results, 7 different cluster validity indices and an accuracy metric are employed. AFCM-JS method consistently and accurately predicted the number of clusters when tested with different maximum cluster numbers. When the clustering ability of the method is tested with cluster validity indices and the accuracy metric, AFCM-JS is found to be successful. The performance of the AFCM-JS method is tested on a dataset created for a movie recommendation system with the aim of recommending movies to users. For this purpose, movie data is weighted with a Dirichlet function for action, adventure, comedy, drama, and horror genres, creating a dataset that includes the characteristics of these 5 movie genres. The AFCM-JS method is compared with 3 different fuzzy clustering methods using 7 different cluster validity indices with this created movie dataset. Additionally, the AFCM-JS algorithm is compared with the other 3 fuzzy clustering methods based on the accuracy metric. As a result of this comparison, the AFCM-JS method achieves the highest performance among the methods with 81.9366%. Furthermore, when the performance of the proposed method is compared in terms of cluster validity indices, the AFCM-JS method successfully predicts the appropriate number of clusters and effectively groups similar movies according to their genres, accomplishing the purpose.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104035"},"PeriodicalIF":4.1,"publicationDate":"2025-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144535132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Success factors for standards during the technology life cycle 技术生命周期中标准的成功因素

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces

Pub Date : 2025-06-30 DOI: 10.1016/j.csi.2025.104043

Geerten van de Kaa , Henk J. de Vries

Technological developments such as the Internet of Things, and artificial intelligence result in new innovative systems. In these systems, ICT is integrated in products, services and processes. Interconnectivity gets crucial and standards should facilitate this. New standards complement existing ones and these may originate both from the ICT field and from other fields. These fields have different standardization cultures and often, multiple standards are competing. The question is which standard, if any, will achieve market success. We relate the success factors to the different phases of the technology life cycle. We assess the importance of these factors by using the Best Worst Method. In the discussion section, we argue how the importance of certain factors may change and which new factors pop up in an increasingly globalized and digital world. This should provide a basis for future research on market success of standards in this new context.

物联网和人工智能等技术发展带来了新的创新系统。在这些系统中，信息通信技术被集成到产品、服务和流程中。互联性变得至关重要，标准应该促进这一点。新标准是对现有标准的补充，这些标准可能来自信息和通信技术领域，也可能来自其他领域。这些领域有不同的标准化文化，而且经常有多种标准相互竞争。问题是，如果有的话，哪种标准会在市场上取得成功。我们将成功因素与技术生命周期的不同阶段联系起来。我们使用最佳最差方法来评估这些因素的重要性。在讨论部分，我们讨论了在日益全球化和数字化的世界中，某些因素的重要性可能会如何变化，以及哪些新因素会出现。这将为今后在这种新的背景下研究标准的市场成功提供基础。

引用次数: 0

Logarithmic identity-based ring signature over lattices and linkable variant 格上基于对数恒等的环签名及其可连接变分

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces

Pub Date : 2025-06-30 DOI: 10.1016/j.csi.2025.104036

Wen Gao , Tianyou Fu , Baodong Qin , Xiaoli Dong , Zhen Zhao , Momeng Liu

The ring signature is extensively utilized in many fields, including e-voting, cryptocurrency, blockchain settings, etc. This paper proposes an effective identity-based ring signature (IBRS) from the lattice assumption by using logarithmic size OR proofs of group action to make the ring signature able to cope with the challenges of quantum attacks. Our construction has been proven anonymous and unforgeable in the random oracle model (ROM) under the hardness of Module Small Integer Solution (MSIS) assumption from lattices, a hot quantum-resistant cryptographic primitive. The anonymity makes it possible for a signer to sign the same message twice or more without being detected by the verifier. This would bring repeated e-voting or double spending of the same money in blockchain. Therefore, as an additional work, we give a linkable variant. Compared with existing IBRS schemes with linear sizes, the size of our scheme is relatively short and achieves logarithmic communication cost with its ring scale

N

. Our research data show that the signature size of our proposal has significant advantages over several existing schemes with an increase of

N

. When the ring scale

N

is set to be 32 (512, resp.), our scheme has a signature size of 177.13KiB (179.75KiB, resp.), while the previous scheme has a size of at least 154.06KiB (2695.74KiB, resp.).

环签名广泛应用于电子投票、加密货币、区块链设置等领域。本文从格假设出发，利用群作用的对数大小或证明，提出了一种有效的基于身份的环签名（IBRS），使环签名能够应对量子攻击的挑战。在模小整数解（MSIS）假设的硬度下，我们的构造在随机oracle模型（ROM）中被证明是匿名的和不可伪造的。匿名性使签名者可以在不被验证者检测到的情况下对同一消息签名两次或更多次。这将带来重复的电子投票或在b区块链中重复花费相同的钱。因此，作为一个额外的工作，我们给出了一个可链接的变体。与线性尺寸与现有IBRS方案相比,我们的计划是相对较短的大小和规模达到对数沟通成本及其环N我们的研究数据表明,我们的建议的签名大小显著的优势,超过了现有方案规模环时增加N . N将32(512年,职责。),我们计划有一个签名的大小177.13简约(179.75简约,职责。),而先前的计划规模至少154.06简约(2695.74简约,职责)。

{"title":"Logarithmic identity-based ring signature over lattices and linkable variant","authors":"Wen Gao , Tianyou Fu , Baodong Qin , Xiaoli Dong , Zhen Zhao , Momeng Liu","doi":"10.1016/j.csi.2025.104036","DOIUrl":"10.1016/j.csi.2025.104036","url":null,"abstract":"<div><div>The ring signature is extensively utilized in many fields, including e-voting, cryptocurrency, blockchain settings, etc. This paper proposes an effective identity-based ring signature (IBRS) from the lattice assumption by using logarithmic size OR proofs of group action to make the ring signature able to cope with the challenges of quantum attacks. Our construction has been proven anonymous and unforgeable in the random oracle model (ROM) under the hardness of Module Small Integer Solution (MSIS) assumption from lattices, a hot quantum-resistant cryptographic primitive. The anonymity makes it possible for a signer to sign the same message twice or more without being detected by the verifier. This would bring repeated e-voting or double spending of the same money in blockchain. Therefore, as an additional work, we give a linkable variant. Compared with existing IBRS schemes with linear sizes, the size of our scheme is relatively short and achieves logarithmic communication cost with its ring scale <span><math><mi>N</mi></math></span>. Our research data show that the signature size of our proposal has significant advantages over several existing schemes with an increase of <span><math><mi>N</mi></math></span>. When the ring scale <span><math><mi>N</mi></math></span> is set to be 32 (512, resp.), our scheme has a signature size of 177.13KiB (179.75KiB, resp.), while the previous scheme has a size of at least 154.06KiB (2695.74KiB, resp.).</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104036"},"PeriodicalIF":4.1,"publicationDate":"2025-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144557322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

USBIPS framework: Protecting hosts from malicious USB peripherals USBIPS框架：保护主机免受恶意USB外设的攻击

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces

Pub Date : 2025-06-25 DOI: 10.1016/j.csi.2025.104040

Chun-Yi Wang , Fu-Hau Hsu

Universal Serial Bus (USB)-based attacks have increased in complexity in recent years. Modern attacks incorporate a wide range of attack vectors, from social engineering to signal injection. The security community is addressing these challenges using a growing set of fragmented defenses. Regardless of the vector of a USB-based attack, the most important risks concerning most people and enterprises are service crashes and data loss. The host OS manages USB peripherals, and malicious USB peripherals, such as those infected with BadUSB, can crash a service or steal data from the OS. Although USB firewalls have been proposed to thwart malicious USB peripherals, such as USBFilter and USBGuard, their effect is limited for preventing real-world intrusions. This paper focuses on building a security framework called USBIPS within Windows OSs to defend against malicious USB peripherals. This includes major efforts to explore the nature of malicious behavior and achieve persistent protection from USB-based intrusions. Herein, we first introduce an allowlisting-based method for USB access control. We then present a behavior-based detection mechanism focusing on attacks integrated into USB peripherals. Finally, we propose a novel approach that combines cross-layer methods to build the first generic security framework that thwarts USB-based intrusions. Within a centralized threat analysis framework, the approach provides persistent protection and may detect unknown malicious behavior. By addressing key security and performance challenges, these efforts help modern OSs against attacks from untrusted USB peripherals.

近年来，基于通用串行总线（USB）的攻击变得越来越复杂。现代攻击包含了广泛的攻击向量，从社会工程到信号注入。安全社区正在使用越来越多的分散防御来应对这些挑战。无论基于usb的攻击的载体是什么，大多数人和企业最重要的风险是服务崩溃和数据丢失。主机操作系统管理USB外设，恶意的USB外设（如感染了BadUSB的USB外设）可能导致服务崩溃或从操作系统窃取数据。尽管USB防火墙已经被提议用来阻止恶意的USB外设，如USBFilter和USBGuard，但它们的效果对于防止现实世界的入侵是有限的。本文的重点是在Windows操作系统中构建一个名为USBIPS的安全框架，以防御恶意USB外设。这包括主要努力探索恶意行为的本质，并实现对基于usb的入侵的持久保护。本文首先介绍了一种基于允许列表的USB访问控制方法。然后，我们提出了一种基于行为的检测机制，专注于集成到USB外设中的攻击。最后，我们提出了一种结合跨层方法来构建第一个通用安全框架的新方法，该框架可以阻止基于usb的入侵。在集中式威胁分析框架中，该方法提供持久保护，并可以检测未知的恶意行为。通过解决关键的安全和性能挑战，这些努力帮助现代操作系统抵御来自不受信任的USB外设的攻击。

{"title":"USBIPS framework: Protecting hosts from malicious USB peripherals","authors":"Chun-Yi Wang , Fu-Hau Hsu","doi":"10.1016/j.csi.2025.104040","DOIUrl":"10.1016/j.csi.2025.104040","url":null,"abstract":"<div><div>Universal Serial Bus (USB)-based attacks have increased in complexity in recent years. Modern attacks incorporate a wide range of attack vectors, from social engineering to signal injection. The security community is addressing these challenges using a growing set of fragmented defenses. Regardless of the vector of a USB-based attack, the most important risks concerning most people and enterprises are service crashes and data loss. The host OS manages USB peripherals, and malicious USB peripherals, such as those infected with BadUSB, can crash a service or steal data from the OS. Although USB firewalls have been proposed to thwart malicious USB peripherals, such as USBFilter and USBGuard, their effect is limited for preventing real-world intrusions. This paper focuses on building a security framework called USBIPS within Windows OSs to defend against malicious USB peripherals. This includes major efforts to explore the nature of malicious behavior and achieve persistent protection from USB-based intrusions. Herein, we first introduce an allowlisting-based method for USB access control. We then present a behavior-based detection mechanism focusing on attacks integrated into USB peripherals. Finally, we propose a novel approach that combines cross-layer methods to build the first generic security framework that thwarts USB-based intrusions. Within a centralized threat analysis framework, the approach provides persistent protection and may detect unknown malicious behavior. By addressing key security and performance challenges, these efforts help modern OSs against attacks from untrusted USB peripherals.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104040"},"PeriodicalIF":4.1,"publicationDate":"2025-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144524015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Quality assessment of GPT-3.5 and Gemini 1.0 Pro for SQL syntax GPT-3.5和Gemini 1.0 Pro SQL语法质量评估

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces

Pub Date : 2025-06-24 DOI: 10.1016/j.csi.2025.104041

Cosmina-Mihaela Rosca , Adrian Stancu

Nowadays, GPT-3.5 and Gemini 1.0 Pro are employed for various tasks, both for personal and professional use, in multiple domains like education, economy, computer science, etc. Given the increase in users, knowing the quality level of these artificial intelligence (AI) tools is important. Thus, the paper presents a comparative analysis of syntax accuracy generated for SQL databases utilizing the services of GPT-3.5 and Gemini 1.0 Pro. Firstly, the algorithms for testing GPT-3.5 and Gemini 1.0 Pro were developed. Secondly, five types of tests, which implied 700 queries, were conducted by considering requirements with low and high degrees of difficulty. The tests focus on syntax-generated accuracy using an experimental (NorthWind) database, syntax-generated accuracy study using a user-made database, syntax correction accuracy, different responses to the same question on the same account, and different responses to the same question on other accounts. The accuracy obtained for all tests revealed that the GPT-3.5 service has a value of 87 % for SQL syntax generation or correction, whereas the Gemini 1.0 Pro service has an accuracy of 80 %. These results underscore the effectiveness of GPT-3.5 and Gemini 1.0 Pro in assisting with SQL syntax tasks, albeit with differing levels of precision. The findings highlight the significance of human supervision and validation in ensuring the correctness of AI-generated responses, particularly in database-related tasks. The results affect developers and database administrators when selecting appropriate tools for query requirements. For now, replacing programmers with GPT-3.5 and Gemini 1.0 Pro is impossible.

如今，GPT-3.5和Gemini 1.0 Pro在教育、经济、计算机科学等多个领域被用于个人和专业用途的各种任务。鉴于用户的增加，了解这些人工智能（AI）工具的质量水平非常重要。因此，本文对使用GPT-3.5和Gemini 1.0 Pro服务生成的SQL数据库的语法准确性进行了比较分析。首先，开发了GPT-3.5和Gemini 1.0 Pro的测试算法。其次，通过考虑低难度和高难度的需求，进行了五种类型的测试，这意味着700个查询。测试的重点是使用实验性（NorthWind）数据库的语法生成准确性，使用用户自制数据库的语法生成准确性研究，语法更正准确性，同一帐户对同一问题的不同回答，以及其他帐户对同一问题的不同回答。所有测试获得的准确度显示，GPT-3.5服务在SQL语法生成或更正方面的准确度为87%，而Gemini 1.0 Pro服务的准确度为80%。这些结果强调了GPT-3.5和Gemini 1.0 Pro在协助SQL语法任务方面的有效性，尽管精度水平不同。研究结果强调了人类监督和验证在确保人工智能生成的响应的正确性方面的重要性，特别是在与数据库相关的任务中。在为查询需求选择合适的工具时，结果会影响开发人员和数据库管理员。目前，用GPT-3.5和Gemini 1.0 Pro取代程序员是不可能的。

{"title":"Quality assessment of GPT-3.5 and Gemini 1.0 Pro for SQL syntax","authors":"Cosmina-Mihaela Rosca , Adrian Stancu","doi":"10.1016/j.csi.2025.104041","DOIUrl":"10.1016/j.csi.2025.104041","url":null,"abstract":"<div><div>Nowadays, GPT-3.5 and Gemini 1.0 Pro are employed for various tasks, both for personal and professional use, in multiple domains like education, economy, computer science, etc. Given the increase in users, knowing the quality level of these artificial intelligence (AI) tools is important. Thus, the paper presents a comparative analysis of syntax accuracy generated for SQL databases utilizing the services of GPT-3.5 and Gemini 1.0 Pro. Firstly, the algorithms for testing GPT-3.5 and Gemini 1.0 Pro were developed. Secondly, five types of tests, which implied 700 queries, were conducted by considering requirements with low and high degrees of difficulty. The tests focus on syntax-generated accuracy using an experimental (NorthWind) database, syntax-generated accuracy study using a user-made database, syntax correction accuracy, different responses to the same question on the same account, and different responses to the same question on other accounts. The accuracy obtained for all tests revealed that the GPT-3.5 service has a value of 87 % for SQL syntax generation or correction, whereas the Gemini 1.0 Pro service has an accuracy of 80 %. These results underscore the effectiveness of GPT-3.5 and Gemini 1.0 Pro in assisting with SQL syntax tasks, albeit with differing levels of precision. The findings highlight the significance of human supervision and validation in ensuring the correctness of AI-generated responses, particularly in database-related tasks. The results affect developers and database administrators when selecting appropriate tools for query requirements. For now, replacing programmers with GPT-3.5 and Gemini 1.0 Pro is impossible.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104041"},"PeriodicalIF":4.1,"publicationDate":"2025-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144489567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain beyond immutability: Application firewalls on ethereum-based platforms 区块链超越不变性：基于以太坊平台的应用程序防火墙

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces

Pub Date : 2025-06-23 DOI: 10.1016/j.csi.2025.104038

Christian Delgado-von-Eitzen, Manuel José Fernández-Iglesias, Luis Anido-Rifón, Fernando A. Mikic-Fonte

Blockchain is a technology that gained relevance in various fields due to its transparency and security in recording information in a reliable and immutable manner. In particular, the adoption of private blockchain platforms based on the Ethereum technology grew significantly in enterprise environments. However, there are certain issues concerning privacy and access control that may pose significant challenges in scenarios where private transactions occur between user agents instead of nodes, that is, between blockchain accounts that are not necessarily attached to specific nodes. The Blockchain Application Firewall (BAF) is introduced as a conceptual framework that can be applied in cases where control over data access is needed, including private transactions between accounts. More specifically, the BAF is intended to complement a blockchain endpoint acting as an intermediary between users and blockchain services and data, monitoring and controlling incoming and outgoing traffic, according to an applied access policy. This work investigates BAF’s feasibility and effectiveness in enhancing the capabilities of Ethereum-based blockchains in the described scenarios. A proof-of-concept was implemented with Besu to assess its feasibility, providing evidence that BAF can act as an additional layer of control over data stored, helping to solve key limitations in practical implementations and allowing exploration of new use cases that could not be addressed so far.

区块链是一种以可靠和不可变的方式记录信息的透明性和安全性而在各个领域获得相关性的技术。特别是在企业环境中，基于以太坊技术的私有区块链平台的采用显著增长。但是，在私有事务发生在用户代理而不是节点之间（即不一定附加到特定节点的区块链帐户之间）的场景中，存在一些与隐私和访问控制有关的问题，这些问题可能会带来重大挑战。区块链应用程序防火墙（BAF）是作为一个概念性框架引入的，它可以应用于需要控制数据访问的情况，包括帐户之间的私有事务。更具体地说，BAF旨在补充区块链端点，作为用户与区块链服务和数据之间的中介，根据应用的访问策略监视和控制传入和传出流量。这项工作调查了BAF在所描述的场景中增强基于以太坊的区块链功能的可行性和有效性。Besu实现了概念验证，以评估其可行性，提供了BAF可以作为存储数据的额外控制层的证据，有助于解决实际实现中的关键限制，并允许探索迄今为止无法解决的新用例。

{"title":"Blockchain beyond immutability: Application firewalls on ethereum-based platforms","authors":"Christian Delgado-von-Eitzen, Manuel José Fernández-Iglesias, Luis Anido-Rifón, Fernando A. Mikic-Fonte","doi":"10.1016/j.csi.2025.104038","DOIUrl":"10.1016/j.csi.2025.104038","url":null,"abstract":"<div><div>Blockchain is a technology that gained relevance in various fields due to its transparency and security in recording information in a reliable and immutable manner. In particular, the adoption of private blockchain platforms based on the Ethereum technology grew significantly in enterprise environments. However, there are certain issues concerning privacy and access control that may pose significant challenges in scenarios where private transactions occur between user agents instead of nodes, that is, between blockchain accounts that are not necessarily attached to specific nodes. The Blockchain Application Firewall (BAF) is introduced as a conceptual framework that can be applied in cases where control over data access is needed, including private transactions between accounts. More specifically, the BAF is intended to complement a blockchain endpoint acting as an intermediary between users and blockchain services and data, monitoring and controlling incoming and outgoing traffic, according to an applied access policy. This work investigates BAF’s feasibility and effectiveness in enhancing the capabilities of Ethereum-based blockchains in the described scenarios. A proof-of-concept was implemented with Besu to assess its feasibility, providing evidence that BAF can act as an additional layer of control over data stored, helping to solve key limitations in practical implementations and allowing exploration of new use cases that could not be addressed so far.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104038"},"PeriodicalIF":4.1,"publicationDate":"2025-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144502422","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Human-centered interface design for a dynamic cyber-risk group-based training game 基于动态网络风险群体的培训游戏人机界面设计

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces

Pub Date : 2025-06-21 DOI: 10.1016/j.csi.2025.104030

Tony Delvecchio , Sander Zeijlemaker , Giancarlo De Bernardis , Michael Siegel

This study presents the benefits of employing a gesture-based natural user interface (NUI) for a scientifically grounded cyber-risk management collaborative game. Such a human-centered interface facilitates group-based training and enables board members to achieve better results collectively compared to operating individually. The main contribution of this tool is to enhance the group training leveraging on collective intelligence. To show that, the results and learning paths of single users and groups acquired from this game are compared. Moreover, the collaborative game provides executives and business leaders with insight into cyber-risk management issues, thereby improving their results through deeper learning. This work demonstrates that the interface is the key factor in the success of group cooperation. The idea, the design, and the improvement of the NUI are critical to make it possible to achieve these results.

本研究展示了采用基于手势的自然用户界面（NUI）进行科学基础的网络风险管理协作游戏的好处。这种以人为中心的界面促进了基于团队的培训，并使董事会成员能够获得比单独操作更好的结果。该工具的主要贡献是利用集体智慧来增强群体训练。为了证明这一点，比较了该游戏获得的单个用户和群体的学习结果和学习路径。此外，协作游戏为高管和商业领袖提供了对网络风险管理问题的洞察力，从而通过更深入的学习来改善他们的结果。研究表明，界面是群体合作成功的关键因素。NUI的理念、设计和改进对于实现这些结果至关重要。

引用次数: 0