With the rapid growth of multimedia data volume, there is an increasing need for efficient video transmission in applications such as virtual reality and future video streaming services. Semantic communication is emerging as a vital technique for ensuring efficient and reliable transmission in low-bandwidth, high-noise settings. However, most current approaches focus on joint source-channel coding (JSCC) that depends on end-to-end training. These methods often lack an interpretable semantic representation and struggle with adaptability to various downstream tasks. In this paper, we introduce the use of object-attribute-relation (OAR) as a semantic framework for videos to facilitate low bit-rate coding and enhance the JSCC process for more effective video transmission. We utilize OAR sequences for both low bit-rate representation and generative video reconstruction. Additionally, we incorporate OAR into the image JSCC model to prioritize communication resources for areas more critical to downstream tasks. Our experiments on traffic surveillance video datasets assess the effectiveness of our approach in terms of video transmission performance. The empirical findings demonstrate that our OAR-based video coding method not only outperforms H.265 coding at lower bit-rates but also synergizes with JSCC to deliver robust and efficient video transmission.
{"title":"Object-Attribute-Relation Representation-Based Video Semantic Communication","authors":"Qiyuan Du;Yiping Duan;Qianqian Yang;Xiaoming Tao;Mérouane Debbah","doi":"10.1109/JSAC.2025.3559115","DOIUrl":"10.1109/JSAC.2025.3559115","url":null,"abstract":"With the rapid growth of multimedia data volume, there is an increasing need for efficient video transmission in applications such as virtual reality and future video streaming services. Semantic communication is emerging as a vital technique for ensuring efficient and reliable transmission in low-bandwidth, high-noise settings. However, most current approaches focus on joint source-channel coding (JSCC) that depends on end-to-end training. These methods often lack an interpretable semantic representation and struggle with adaptability to various downstream tasks. In this paper, we introduce the use of object-attribute-relation (OAR) as a semantic framework for videos to facilitate low bit-rate coding and enhance the JSCC process for more effective video transmission. We utilize OAR sequences for both low bit-rate representation and generative video reconstruction. Additionally, we incorporate OAR into the image JSCC model to prioritize communication resources for areas more critical to downstream tasks. Our experiments on traffic surveillance video datasets assess the effectiveness of our approach in terms of video transmission performance. The empirical findings demonstrate that our OAR-based video coding method not only outperforms H.265 coding at lower bit-rates but also synergizes with JSCC to deliver robust and efficient video transmission.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 7","pages":"2446-2461"},"PeriodicalIF":0.0,"publicationDate":"2025-04-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143862374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The coexistence of heterogeneous sub-networks in 6G poses new security and trust concerns and thus calls for a perimeterless-security model. Blockchain radio access network (B-RAN) provides a trust-building approach via repeated interactions rather than relying on pre-established trust or central authentication. Such a trust-building process naturally supports dynamic trusted services across various service providers (SP) without the need for perimeter-based authentications; however, it remains vulnerable to environmental and system unreliability such as wireless channel uncertainty. In this study, we investigate channel unreliability in the trust-building framework based on repeated interactions for secure wireless services. We derive specific requirements for achieving cooperation between SPs and clients via a repeated game model and illustrate the implications of channel unreliability on sustaining trusted wireless services. We consider the framework design and optimization to guarantee SP-client cooperation, given the worst channel condition and/or the least cooperation willingness. Furthermore, we explore the maximum cooperation area to enhance service resilience and reveal the trade-off relationship between transmission efficiency, security integrity, and cooperative margin. Finally, we present simulations to demonstrate the system performance over fading channels and verify our results.
{"title":"Analysis of Channel Uncertainty in Trusted Wireless Services via Repeated Interactions","authors":"Bingwen Chen;Xintong Ling;Weihang Cao;Jiaheng Wang;Zhi Ding","doi":"10.1109/JSAC.2025.3560005","DOIUrl":"10.1109/JSAC.2025.3560005","url":null,"abstract":"The coexistence of heterogeneous sub-networks in 6G poses new security and trust concerns and thus calls for a perimeterless-security model. Blockchain radio access network (B-RAN) provides a trust-building approach via repeated interactions rather than relying on pre-established trust or central authentication. Such a trust-building process naturally supports dynamic trusted services across various service providers (SP) without the need for perimeter-based authentications; however, it remains vulnerable to environmental and system unreliability such as wireless channel uncertainty. In this study, we investigate channel unreliability in the trust-building framework based on repeated interactions for secure wireless services. We derive specific requirements for achieving cooperation between SPs and clients via a repeated game model and illustrate the implications of channel unreliability on sustaining trusted wireless services. We consider the framework design and optimization to guarantee SP-client cooperation, given the worst channel condition and/or the least cooperation willingness. Furthermore, we explore the maximum cooperation area to enhance service resilience and reveal the trade-off relationship between transmission efficiency, security integrity, and cooperative margin. Finally, we present simulations to demonstrate the system performance over fading channels and verify our results.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2248-2265"},"PeriodicalIF":0.0,"publicationDate":"2025-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143857784","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-21DOI: 10.1109/JSAC.2025.3560004
Esraa M. Ghourab;Mohamed Azab;Denis Gračanin;Mahmoud Al-Qutayri;Sami Muhaidat
Extended reality (XR) and 6G networks are set to transform mobile immersive experiences, with privacy and security being paramount in XR communications. Achieving secure and reliable XR experiences while meeting high-resolution and low-latency requirements is challenging for wireless networks. A novel security-aware cross-layer communication management framework is proposed, employing zero-trust spatiotemporal physical layer level manipulations for moving-target defense. Driven by deep reinforcement learning and real-time monitoring, the proposed framework adaptively reprograms the network configuration to maximize the user’s quality of experience (QoE), reduce the overall latency, and minimize the attacker’s intercept probability. The framework was evaluated in a simulated scenario featuring an indirect multi-hop communication setup. The results show that the proposed framework effectively and efficiently secures XR user communications while maintaining QoE, outperforming conventional Q-learning algorithms.
{"title":"Cross-Layer Management Framework for Enhancing XR-Based System Security in Zero-Trust Wireless Communications","authors":"Esraa M. Ghourab;Mohamed Azab;Denis Gračanin;Mahmoud Al-Qutayri;Sami Muhaidat","doi":"10.1109/JSAC.2025.3560004","DOIUrl":"10.1109/JSAC.2025.3560004","url":null,"abstract":"Extended reality (XR) and 6G networks are set to transform mobile immersive experiences, with privacy and security being paramount in XR communications. Achieving secure and reliable XR experiences while meeting high-resolution and low-latency requirements is challenging for wireless networks. A novel security-aware cross-layer communication management framework is proposed, employing zero-trust spatiotemporal physical layer level manipulations for moving-target defense. Driven by deep reinforcement learning and real-time monitoring, the proposed framework adaptively reprograms the network configuration to maximize the user’s quality of experience (QoE), reduce the overall latency, and minimize the attacker’s intercept probability. The framework was evaluated in a simulated scenario featuring an indirect multi-hop communication setup. The results show that the proposed framework effectively and efficiently secures XR user communications while maintaining QoE, outperforming conventional Q-learning algorithms.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2011-2024"},"PeriodicalIF":0.0,"publicationDate":"2025-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143857981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-16DOI: 10.1109/JSAC.2025.3560285
Małgorzata Wasilewska;Hanna Bogucka
Federated-Learning (FL) based Spectrum Sensing (SS) method is considered for the application in future cognitive radio communication systems due to its supreme performance in changing radio environments as compared to classic cooperative or non-cooperative SS. It also avoids transferring large training datasets with high-resolution localization data. The FL algorithm is the subject of poisoning attacks that can be random or coordinated. In this paper, we first evaluate the impact of such attacks on the FL-based SS performance. Next, we propose a zero-trust method based on continuous monitoring and classification of the sensors’ models to detect attacked models. These models are then eliminated from the global model construction in FL. Our method is semi-blind, i.e., it does not require an apriori knowledge of who are the genuine actors participating in FL. Simulation results of the system under various attacks (random or coordinated, moderate or very aggressive, deliberately increasing or decreasing the spectrum occupancy) show that our method decreases the SS probability of false alarms by 89 % and increases the SS probability of detection by 16 % in case of the most severe targeted attacks in the most critical SNR ranges.
{"title":"Protection Against Poisoning Attacks on Federated Learning-Based Spectrum Sensing $$ $ lg $$ $ }} ?>","authors":"Małgorzata Wasilewska;Hanna Bogucka","doi":"10.1109/JSAC.2025.3560285","DOIUrl":"10.1109/JSAC.2025.3560285","url":null,"abstract":"Federated-Learning (FL) based Spectrum Sensing (SS) method is considered for the application in future cognitive radio communication systems due to its supreme performance in changing radio environments as compared to classic cooperative or non-cooperative SS. It also avoids transferring large training datasets with high-resolution localization data. The FL algorithm is the subject of poisoning attacks that can be random or coordinated. In this paper, we first evaluate the impact of such attacks on the FL-based SS performance. Next, we propose a zero-trust method based on continuous monitoring and classification of the sensors’ models to detect attacked models. These models are then eliminated from the global model construction in FL. Our method is semi-blind, i.e., it does not require an apriori knowledge of who are the genuine actors participating in FL. Simulation results of the system under various attacks (random or coordinated, moderate or very aggressive, deliberately increasing or decreasing the spectrum occupancy) show that our method decreases the SS probability of false alarms by 89 % and increases the SS probability of detection by 16 % in case of the most severe targeted attacks in the most critical SNR ranges.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2042-2055"},"PeriodicalIF":0.0,"publicationDate":"2025-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10966417","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143841643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-16DOI: 10.1109/JSAC.2025.3560008
Mehreen Tahir;Tanjila Mawla;Feras Awaysheh;Sadi Alawadi;Maanak Gupta;Muhammad Intizar Ali
Federated Learning (FL) enables decentralized learning while preserving data privacy. However, ensuring security and optimizing resource utilization in FL remains challenging, particularly in untrusted environments. To address this, we propose SecureFedPROM, a novel zero-trust FL framework that integrates Attribute-Based Access Control (ABAC) for secure client authorization and Preference Ranking Organization Method for Enrichment of Evaluations (PROMETHEE) for dynamic, multi-criteria client selection. Unlike traditional FL client selection methods that prioritize security or efficiency, SecureFedPROM optimizes trustworthiness, computational efficiency, and performance, ensuring robust participation in each training round. We evaluate SecureFedPROM across multiple real-world datasets, demonstrating its superiority over state-of-the-art client selection protocols. Our results show that SecureFedPROM achieves a 7.19% improvement in model accuracy, accelerates convergence, and reduces the number of training rounds. Additionally, it minimizes wall-clock time and computational overhead, making it highly scalable for edge AI environments. These findings highlight the importance of integrating zero-trust security principles with multi-criteria decision-making to enhance security and efficiency in FL.
{"title":"SecureFedPROM: A Zero-Trust Federated Learning Approach With Multi-Criteria Client Selection","authors":"Mehreen Tahir;Tanjila Mawla;Feras Awaysheh;Sadi Alawadi;Maanak Gupta;Muhammad Intizar Ali","doi":"10.1109/JSAC.2025.3560008","DOIUrl":"10.1109/JSAC.2025.3560008","url":null,"abstract":"Federated Learning (FL) enables decentralized learning while preserving data privacy. However, ensuring security and optimizing resource utilization in FL remains challenging, particularly in untrusted environments. To address this, we propose SecureFedPROM, a novel zero-trust FL framework that integrates Attribute-Based Access Control (ABAC) for secure client authorization and Preference Ranking Organization Method for Enrichment of Evaluations (PROMETHEE) for dynamic, multi-criteria client selection. Unlike traditional FL client selection methods that prioritize security or efficiency, SecureFedPROM optimizes trustworthiness, computational efficiency, and performance, ensuring robust participation in each training round. We evaluate SecureFedPROM across multiple real-world datasets, demonstrating its superiority over state-of-the-art client selection protocols. Our results show that SecureFedPROM achieves a 7.19% improvement in model accuracy, accelerates convergence, and reduces the number of training rounds. Additionally, it minimizes wall-clock time and computational overhead, making it highly scalable for edge AI environments. These findings highlight the importance of integrating zero-trust security principles with multi-criteria decision-making to enhance security and efficiency in FL.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2025-2041"},"PeriodicalIF":0.0,"publicationDate":"2025-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10966024","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143898246","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-15DOI: 10.1109/JSAC.2025.3560046
Jiacheng Yao;Wei Shi;Wei Xu;Zhaohui Yang;A. Lee Swindlehurst;Dusit Niyato
Over-the-air computation (AirComp) has emerged as an essential approach for enabling communication-efficient federated learning (FL) over wireless networks. Nonetheless, the inherent analog transmission mechanism in AirComp-based FL (AirFL) intensifies challenges posed by potential Byzantine attacks. In this paper, we propose a novel Byzantine-robust FL paradigm for over-the-air transmissions, referred to as federated learning with secure adaptive clustering (FedSAC). FedSAC aims to protect a portion of the devices from attacks through zero trust architecture (ZTA) based Byzantine identification and adaptive device clustering. By conducting a one-step convergence analysis, we theoretically characterize the convergence behavior with different device clustering mechanisms and uneven aggregation weighting factors for each device. Building upon our analytical results, we formulate a joint optimization problem for the clustering and weighting factors in each communication round. To facilitate the targeted optimization, we propose a dynamic Byzantine identification method using historical reputation based on ZTA. Furthermore, we introduce a sequential clustering method, transforming the joint optimization into a weighting optimization problem without sacrificing the optimality. To optimize the weighting, we capitalize on the penalty convex-concave procedure (P-CCP) to obtain a stationary solution. Numerical results substantiate the superiority of the proposed FedSAC over existing methods in terms of both test accuracy and convergence rate.
{"title":"Byzantine-Resilient Over-the-Air Federated Learning Under Zero-Trust Architecture","authors":"Jiacheng Yao;Wei Shi;Wei Xu;Zhaohui Yang;A. Lee Swindlehurst;Dusit Niyato","doi":"10.1109/JSAC.2025.3560046","DOIUrl":"10.1109/JSAC.2025.3560046","url":null,"abstract":"Over-the-air computation (AirComp) has emerged as an essential approach for enabling communication-efficient federated learning (FL) over wireless networks. Nonetheless, the inherent analog transmission mechanism in AirComp-based FL (AirFL) intensifies challenges posed by potential Byzantine attacks. In this paper, we propose a novel Byzantine-robust FL paradigm for over-the-air transmissions, referred to as federated learning with secure adaptive clustering (FedSAC). FedSAC aims to protect a portion of the devices from attacks through zero trust architecture (ZTA) based Byzantine identification and adaptive device clustering. By conducting a one-step convergence analysis, we theoretically characterize the convergence behavior with different device clustering mechanisms and uneven aggregation weighting factors for each device. Building upon our analytical results, we formulate a joint optimization problem for the clustering and weighting factors in each communication round. To facilitate the targeted optimization, we propose a dynamic Byzantine identification method using historical reputation based on ZTA. Furthermore, we introduce a sequential clustering method, transforming the joint optimization into a weighting optimization problem without sacrificing the optimality. To optimize the weighting, we capitalize on the penalty convex-concave procedure (P-CCP) to obtain a stationary solution. Numerical results substantiate the superiority of the proposed FedSAC over existing methods in terms of both test accuracy and convergence rate.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"1954-1969"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the popularity of encryption protocols, machine learning (ML)-based traffic analysis technologies have attracted widespread attention. To adapt to modern high-speed bandwidth, recent research is dedicated to advancing zero-trust intrusion detection by offloading feature extraction and model inference into the network dataplane. Especially, with the rise of programmable switches, achieving line-speed ML inference becomes promising. However, existing research only considers a single switch node as a relay to conduct evaluation. This is far from real-world deployments involving multiple switches (given that zero-trust security assumes that threats can originate from anywhere, including within the network), particularly the multipath routing phenomenon that exists in practice. In this paper, we reveal practical challenges in the context of enabling line-speed model inference in the network dataplane. Furthermore, we propose FCPlane, the forwarding and computing integrated dataplane for zero-trust intrusion detection that aims to enable efficient load balancing while providing reliable traffic analysis results, even against multipath routing. The core idea is to reconcile forwarding and computation to the flowlet level, for which a tailor-made Markov chain model is designed. Based on two public traffic datasets, we evaluate seven state-of-the-art in-network traffic analysis models deployed in four types of topologies (three with multipath routing and one without) to explore performance impact and demonstrate the effectiveness of our proposal.
{"title":"Verify All Traffic: Towards Zero-Trust In-Network Intrusion Detection Against Multipath Routing","authors":"Ziming Zhao;Zhaoxuan Li;Xiaofei Xie;Zhipeng Liu;Tingting Li;Jiongchi Yu;Fan Zhang;Binbin Chen","doi":"10.1109/JSAC.2025.3560045","DOIUrl":"10.1109/JSAC.2025.3560045","url":null,"abstract":"With the popularity of encryption protocols, machine learning (ML)-based traffic analysis technologies have attracted widespread attention. To adapt to modern high-speed bandwidth, recent research is dedicated to advancing zero-trust intrusion detection by offloading feature extraction and model inference into the network dataplane. Especially, with the rise of programmable switches, achieving line-speed ML inference becomes promising. However, existing research only considers a single switch node as a relay to conduct evaluation. This is far from real-world deployments involving multiple switches (given that zero-trust security assumes that threats can originate from anywhere, including within the network), particularly the multipath routing phenomenon that exists in practice. In this paper, we reveal practical challenges in the context of enabling line-speed model inference in the network dataplane. Furthermore, we propose FCPlane, the forwarding and computing integrated dataplane for zero-trust intrusion detection that aims to enable efficient load balancing while providing reliable traffic analysis results, even against multipath routing. The core idea is to reconcile forwarding and computation to the flowlet level, for which a tailor-made Markov chain model is designed. Based on two public traffic datasets, we evaluate seven state-of-the-art in-network traffic analysis models deployed in four types of topologies (three with multipath routing and one without) to explore performance impact and demonstrate the effectiveness of our proposal.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2155-2171"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-15DOI: 10.1109/JSAC.2025.3560359
Jun Chen;Yong Fang;Ashish Khisti;Ayfer Özgür;Nir Shlezinger
This survey article focuses on the emerging connections between machine learning and data compression. While the fundamental limits of classical (lossy) data compression are well-established through rate-distortion theory, recent advancements have uncovered new theoretical analyses and application areas inspired by machine learning. We review recent works on task-based and goal-oriented compression, rate-distortion-perception theory, and compression for estimation and inference. Deep learning-based approaches have provided natural, data-driven methods for compression. Accordingly, we survey recent efforts in applying deep learning techniques to task-based or goal-oriented compression, as well as image/video compression and transmission. Additionally, we discuss the potential use of large language models for text compression. Finally, we outline future research directions in this promising field.
{"title":"Information Compression in the AI Era: Recent Advances and Future Challenges","authors":"Jun Chen;Yong Fang;Ashish Khisti;Ayfer Özgür;Nir Shlezinger","doi":"10.1109/JSAC.2025.3560359","DOIUrl":"10.1109/JSAC.2025.3560359","url":null,"abstract":"This survey article focuses on the emerging connections between machine learning and data compression. While the fundamental limits of classical (lossy) data compression are well-established through rate-distortion theory, recent advancements have uncovered new theoretical analyses and application areas inspired by machine learning. We review recent works on task-based and goal-oriented compression, rate-distortion-perception theory, and compression for estimation and inference. Deep learning-based approaches have provided natural, data-driven methods for compression. Accordingly, we survey recent efforts in applying deep learning techniques to task-based or goal-oriented compression, as well as image/video compression and transmission. Additionally, we discuss the potential use of large language models for text compression. Finally, we outline future research directions in this promising field.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 7","pages":"2333-2348"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836717","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Permissioned blockchain is a promising methodology to build zero-trust storage foundation with trusted data storage and sharing for the zero-trust network. However, the inherent full-backup feature of the permissioned blockchain poses potential data privacy risks and substantial storage costs, hindering its usage as a storage medium. These issues necessitate the usage of secure data deduplication technology to mitigate them. Unfortunately, current secure data deduplication schemes are predominantly designed with centralized cloud servers in mind and are not suitable for distributed blockchain systems. The reason is that the full backup feature of the permissioned blockchain renders a wide attack surface to offline brute-force and frequency analysis attacks. In response, we propose DedupChain, a secure blockchain-enabled storage system with deduplication for zero-trust networks. DedupChain employs a trusted execution environment (i.e., Inter SGX enclave) in conjunction with Oblivious RAM (ORAM) to offer a novel security guarantee named oblivious data deduplication, which empowers DedupChain with the ability to defend offline brute-force and frequency analysis attacks. DedupChain also proposes several novel techniques to address the security and efficiency issues raised by the SGX enclave. We implemented a system prototype of DedupChain and evaluated its performance metrics. Our experimental results show that DedupChain exhibits satisfactory operational delays, throughput, and storage overhead. Security analysis shows that DedupChain is robust enough to withstand several types of attacks. To the best of our knowledge, we are the first to apply secure data deduplication techniques to address data privacy and storage cost issues raised by permissioned blockchain when used as a zero-trust storage medium.
{"title":"DedupChain: A Secure Blockchain-Enabled Storage System With Deduplication for Zero-Trust Network","authors":"Saiyu Qi;Qiuhao Wang;Wei Wei;Xu Yang;Hongguang Zhao;Yuhao Liu;Xu Yang;Yong Qi","doi":"10.1109/JSAC.2025.3560043","DOIUrl":"10.1109/JSAC.2025.3560043","url":null,"abstract":"Permissioned blockchain is a promising methodology to build zero-trust storage foundation with trusted data storage and sharing for the zero-trust network. However, the inherent full-backup feature of the permissioned blockchain poses potential data privacy risks and substantial storage costs, hindering its usage as a storage medium. These issues necessitate the usage of secure data deduplication technology to mitigate them. Unfortunately, current secure data deduplication schemes are predominantly designed with centralized cloud servers in mind and are not suitable for distributed blockchain systems. The reason is that the full backup feature of the permissioned blockchain renders a wide attack surface to offline brute-force and frequency analysis attacks. In response, we propose DedupChain, a secure blockchain-enabled storage system with deduplication for zero-trust networks. DedupChain employs a trusted execution environment (i.e., Inter SGX enclave) in conjunction with Oblivious RAM (ORAM) to offer a novel security guarantee named oblivious data deduplication, which empowers DedupChain with the ability to defend offline brute-force and frequency analysis attacks. DedupChain also proposes several novel techniques to address the security and efficiency issues raised by the SGX enclave. We implemented a system prototype of DedupChain and evaluated its performance metrics. Our experimental results show that DedupChain exhibits satisfactory operational delays, throughput, and storage overhead. Security analysis shows that DedupChain is robust enough to withstand several types of attacks. To the best of our knowledge, we are the first to apply secure data deduplication techniques to address data privacy and storage cost issues raised by permissioned blockchain when used as a zero-trust storage medium.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2070-2086"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836711","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-15DOI: 10.1109/JSAC.2025.3560000
Xin Wang;Bo Yi;Qing Li;Shahid Mumtaz;Jianhui Lv
With the rapid advancement of technologies such as B5G/6G and edge computing, network scenarios are becoming increasingly complex and diverse, leading to the emergence of slicing networks. Virtualizing applications into distinct categories and establishing corresponding network slices ensures performance to a certain extent. However, the challenges posed by the complex slicing environment demand more fine-grained routing control and higher costs to locate requested content or services, areas where current state-of-the-art methods fall short. To address these challenges, this work introduces a system framework that integrates the principles of Segment Routing over IPv6 (SRv6). An SRv6 optimization layer is created between the control and infrastructure layers to manage slices effectively and enhance routing control. Additionally, we propose a novel policy routing method based on zero-trust and Graph Convolutional Network (GCN) technology. This method transforms actions into policies that can be flexibly deployed on SRv6 nodes, segment by segment. These actions encompass both routing and security measures, allowing for dynamic and flexible deployment of policies on each segment to achieve the desired goals. This integration of segment routing and zero-trust principles simplifies implementation and enhances security. Comprehensive experiments were conducted to evaluate the proposed method. The results demonstrate significant improvements over state-of-the-art methods, including a higher service acceptance rate, better resource utilization, and reduced average latency and packet loss rate.
{"title":"SRv6 and Zero-Trust Policy Enabled Graph Convolutional Neural Networks for Slicing Network Optimization","authors":"Xin Wang;Bo Yi;Qing Li;Shahid Mumtaz;Jianhui Lv","doi":"10.1109/JSAC.2025.3560000","DOIUrl":"10.1109/JSAC.2025.3560000","url":null,"abstract":"With the rapid advancement of technologies such as B5G/6G and edge computing, network scenarios are becoming increasingly complex and diverse, leading to the emergence of slicing networks. Virtualizing applications into distinct categories and establishing corresponding network slices ensures performance to a certain extent. However, the challenges posed by the complex slicing environment demand more fine-grained routing control and higher costs to locate requested content or services, areas where current state-of-the-art methods fall short. To address these challenges, this work introduces a system framework that integrates the principles of Segment Routing over IPv6 (SRv6). An SRv6 optimization layer is created between the control and infrastructure layers to manage slices effectively and enhance routing control. Additionally, we propose a novel policy routing method based on zero-trust and Graph Convolutional Network (GCN) technology. This method transforms actions into policies that can be flexibly deployed on SRv6 nodes, segment by segment. These actions encompass both routing and security measures, allowing for dynamic and flexible deployment of policies on each segment to achieve the desired goals. This integration of segment routing and zero-trust principles simplifies implementation and enhances security. Comprehensive experiments were conducted to evaluate the proposed method. The results demonstrate significant improvements over state-of-the-art methods, including a higher service acceptance rate, better resource utilization, and reduced average latency and packet loss rate.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2279-2292"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: