{"title":"PCPHE:基于同态加密的漏洞检测隐私比较协议","authors":"Lieyu Lv, Ling Xiong, Fagen Li","doi":"10.1016/j.jisa.2024.103805","DOIUrl":null,"url":null,"abstract":"<div><p>Nowadays, many security service providers have their own vulnerability databases and consider them as corporate property. How to ensure the normal use of client while protecting the privacy of these assets has become a problem that needs to be solved. This paper mainly introduces a privacy comparison protocol based on BGN and a version number standardization method, which can be used in scenarios of vulnerability database privacy comparison. Our scheme PCPHE adds random offsets and special preprocessing to avoid common factor attacks that may occur in privacy comparison, while ensuring that client does not know the specific vulnerability database content of the security service provider in a limited number of queries.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103805"},"PeriodicalIF":3.8000,"publicationDate":"2024-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"PCPHE: A privacy comparison protocol for vulnerability detection based on homomorphic encryption\",\"authors\":\"Lieyu Lv, Ling Xiong, Fagen Li\",\"doi\":\"10.1016/j.jisa.2024.103805\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Nowadays, many security service providers have their own vulnerability databases and consider them as corporate property. How to ensure the normal use of client while protecting the privacy of these assets has become a problem that needs to be solved. This paper mainly introduces a privacy comparison protocol based on BGN and a version number standardization method, which can be used in scenarios of vulnerability database privacy comparison. Our scheme PCPHE adds random offsets and special preprocessing to avoid common factor attacks that may occur in privacy comparison, while ensuring that client does not know the specific vulnerability database content of the security service provider in a limited number of queries.</p></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"84 \",\"pages\":\"Article 103805\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2024-06-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S221421262400108X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S221421262400108X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
PCPHE: A privacy comparison protocol for vulnerability detection based on homomorphic encryption
Nowadays, many security service providers have their own vulnerability databases and consider them as corporate property. How to ensure the normal use of client while protecting the privacy of these assets has become a problem that needs to be solved. This paper mainly introduces a privacy comparison protocol based on BGN and a version number standardization method, which can be used in scenarios of vulnerability database privacy comparison. Our scheme PCPHE adds random offsets and special preprocessing to avoid common factor attacks that may occur in privacy comparison, while ensuring that client does not know the specific vulnerability database content of the security service provider in a limited number of queries.
期刊介绍:
Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.