Mohammad Saidur Rahman , Ibrahim Khalil , Mohammed Atiquzzaman , Abdelaziz Bouras
{"title":"A lightweight practical consensus mechanism for supply chain blockchain","authors":"Mohammad Saidur Rahman , Ibrahim Khalil , Mohammed Atiquzzaman , Abdelaziz Bouras","doi":"10.1016/j.hcc.2024.100253","DOIUrl":"10.1016/j.hcc.2024.100253","url":null,"abstract":"<div><div>We present a consensus mechanism in this paper that is designed specifically for supply chain blockchains, with a core focus on establishing trust among participating stakeholders through a novel reputation-based approach. The prevailing consensus mechanisms, initially crafted for cryptocurrency applications, prove unsuitable for the unique dynamics of supply chain systems. Unlike the broad inclusivity of cryptocurrency networks, our proposed mechanism insists on stakeholder participation rooted in process-specific quality criteria. The delineation of roles for supply chain participants within the consensus process becomes paramount. While reputation serves as a well-established quality parameter in various domains, its nuanced impact on non-cryptocurrency consensus mechanisms remains uncharted territory. Moreover, recognizing the primary role of efficient block verification in blockchain-enabled supply chains, our work introduces a comprehensive reputation model. This model strategically selects a <em>leader node</em> to orchestrate the entire block mining process within the consensus. Additionally, we innovate with a Schnorr Multisignature-based block verification mechanism seamlessly integrated into our proposed consensus model. Rigorous experiments are conducted to evaluate the performance and feasibility of our pioneering consensus mechanism, contributing valuable insights to the evolving landscape of blockchain technology in supply chain applications.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 1","pages":"Article 100253"},"PeriodicalIF":3.2,"publicationDate":"2024-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143102311","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Christopher Morales-Gonzalez , Matthew Harper , Michael Cash , Lan Luo , Zhen Ling , Qun Z. Sun , Xinwen Fu
{"title":"On Building Automation System security","authors":"Christopher Morales-Gonzalez , Matthew Harper , Michael Cash , Lan Luo , Zhen Ling , Qun Z. Sun , Xinwen Fu","doi":"10.1016/j.hcc.2024.100236","DOIUrl":"10.1016/j.hcc.2024.100236","url":null,"abstract":"<div><p>Building Automation Systems (BASs) are seeing increased usage in modern society due to the plethora of benefits they provide such as automation for climate control, HVAC systems, entry systems, and lighting controls. Many BASs in use are outdated and suffer from numerous vulnerabilities that stem from the design of the underlying BAS protocol. In this paper, we provide a comprehensive, up-to-date survey on BASs and attacks against seven BAS protocols including BACnet, EnOcean, KNX, LonWorks, Modbus, ZigBee, and Z-Wave. Holistic studies of secure BAS protocols are also presented, covering BACnet Secure Connect, KNX Data Secure, KNX/IP Secure, ModBus/TCP Security, EnOcean High Security and Z-Wave Plus. LonWorks and ZigBee do not have security extensions. We point out how these security protocols improve the security of the BAS and what issues remain. A case study is provided which describes a real-world BAS and showcases its vulnerabilities as well as recommendations for improving the security of it. We seek to raise awareness to those in academia and industry as well as highlight open problems within BAS security.</p></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"4 3","pages":"Article 100236"},"PeriodicalIF":3.2,"publicationDate":"2024-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2667295224000394/pdfft?md5=5f78ccec6343d24a81a3bf545e6ddec0&pid=1-s2.0-S2667295224000394-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141951470","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ruiyao Shen , Hongliang Zhang , Baobao Chai , Wenyue Wang , Guijuan Wang , Biwei Yan , Jiguo Yu
{"title":"BAFL-SVM: A blockchain-assisted federated learning-driven SVM framework for smart agriculture","authors":"Ruiyao Shen , Hongliang Zhang , Baobao Chai , Wenyue Wang , Guijuan Wang , Biwei Yan , Jiguo Yu","doi":"10.1016/j.hcc.2024.100243","DOIUrl":"10.1016/j.hcc.2024.100243","url":null,"abstract":"<div><div>The combination of blockchain and Internet of Things technology has made significant progress in smart agriculture, which provides substantial support for data sharing and data privacy protection. Nevertheless, achieving efficient interactivity and privacy protection of agricultural data remains a crucial issues. To address the above problems, we propose a blockchain-assisted federated learning-driven support vector machine (BAFL-SVM) framework to realize efficient data sharing and privacy protection. The BAFL-SVM is composed of the FedSVM-RiceCare module and the FedPrivChain module. Specifically, in FedSVM-RiceCare, we utilize federated learning and SVM to train the model, improving the accuracy of the experiment. Then, in FedPrivChain, we adopt homomorphic encryption and a secret-sharing scheme to encrypt the local model parameters and upload them. Finally, we conduct a large number of experiments on a real-world dataset of rice pests and diseases, and the experimental results show that our framework not only guarantees the secure sharing of data but also achieves a higher recognition accuracy compared with other schemes.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 1","pages":"Article 100243"},"PeriodicalIF":3.2,"publicationDate":"2024-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141130358","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Balanced ID-OOD tradeoff transfer makes query based detectors good few shot learners","authors":"Yuantao Yin, Ping Yin, Xue Xiao, Liang Yan, Siqing Sun, Xiaobo An","doi":"10.1016/j.hcc.2024.100237","DOIUrl":"10.1016/j.hcc.2024.100237","url":null,"abstract":"<div><div>Fine-tuning is a popular approach to solve the few-shot object detection problem. In this paper, we attempt to introduce a new perspective on it. We formulate the few-shot novel tasks as a type of distribution shifted from its ground-truth distribution. We introduce the concept of imaginary placeholder masks to show that this distribution shift is essentially a composite of in-distribution (ID) and out-of-distribution(OOD) shifts. Our empirical investigation results show that it is significant to balance the trade-off between adapting to the available few-shot distribution and keeping the distribution-shift robustness of the pre-trained model. We explore improvements in the few-shot fine-tuning transfer in the few-shot object detection (FSOD) settings from three aspects. First, we explore the LinearProbe-Finetuning (LP-FT) technique to balance this trade-off to mitigate the feature distortion problem. Second, we explore the effectiveness of utilizing the protection freezing strategy for query-based object detectors to keep their OOD robustness. Third, we try to utilize ensembling methods to circumvent the feature distortion. All these techniques are integrated into a whole method called BIOT (<strong>B</strong>alanced <strong>I</strong>D-<strong>O</strong>OD <strong>T</strong>ransfer). Evaluation results show that our method is simple yet effective and general to tap the FSOD potential of query-based object detectors. It outperforms the current SOTA method in many FSOD settings and has a promising scaling capability.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 1","pages":"Article 100237"},"PeriodicalIF":3.2,"publicationDate":"2024-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141131903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"SoK: Decentralized Storage Network","authors":"","doi":"10.1016/j.hcc.2024.100239","DOIUrl":"10.1016/j.hcc.2024.100239","url":null,"abstract":"<div><p>Decentralized Storage Networks (DSNs) represent a paradigm shift in data storage methodology, distributing and housing data across multiple network nodes rather than relying on a centralized server or data center architecture. The fundamental objective of DSNs is to enhance security, reinforce reliability, and mitigate censorship risks by eliminating a single point of failure. Leveraging blockchain technology for functions such as access control, ownership validation, and transaction facilitation, DSN initiatives aim to provide users with a robust and secure alternative to traditional centralized storage solutions. This paper conducts a comprehensive analysis of the developmental trajectory of DSNs, focusing on key components such as Proof of Storage protocols, consensus algorithms, and incentive mechanisms. Additionally, the study explores recent optimization tactics, encountered challenges, and potential avenues for future research, thereby offering insights into the ongoing evolution and advancement within the DSN domain.</p></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"4 3","pages":"Article 100239"},"PeriodicalIF":3.2,"publicationDate":"2024-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2667295224000424/pdfft?md5=7bd1b5562f12045079ea7c3064e02e05&pid=1-s2.0-S2667295224000424-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141143993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shrikant D. Dhamdhere, M. Sivakkumar, V. Subramanian
{"title":"Cloud data security with deep maxout assisted data sanitization and restoration process","authors":"Shrikant D. Dhamdhere, M. Sivakkumar, V. Subramanian","doi":"10.1016/j.hcc.2024.100238","DOIUrl":"10.1016/j.hcc.2024.100238","url":null,"abstract":"<div><div>The potential of cloud computing, an emerging concept to minimize the costs associated with computing has recently drawn the interest of a number of researchers. The fast advancements in cloud computing techniques led to the amazing arrival of cloud services. But data security is a challenging issue for modern civilization. The main issues with cloud computing are cloud security as well as effective cloud distribution over the network. Increasing the privacy of data with encryption methods is the greatest approach, which has highly progressed in recent times. In this aspect, sanitization is also the process of confidentiality of data. The goal of this work is to present a deep learning-assisted data sanitization procedure for data security. The proposed data sanitization process involves the following steps: data preprocessing, optimal key generation, deep learning-assisted key fine-tuning, and Kronecker product. Here, the data preprocessing considers original data as well as the extracted statistical feature. Key generation is the subsequent process, for which, a self-adaptive Namib beetle optimization (SANBO) algorithm is developed in this research. Among the generated keys, appropriate keys are fine-tuned by the improved Deep Maxout classifier. Then, the Kronecker product is done in the sanitization process. Reversing the sanitization procedure will yield the original data during the data restoration phase. The study part notes that the suggested data sanitization technique guarantees cloud data security against malign attacks. Also, the analysis of proposed work in terms of restoration effectiveness and key sensitivity analysis is also done.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 1","pages":"Article 100238"},"PeriodicalIF":3.2,"publicationDate":"2024-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141145480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Exploring Personalized Internet of Things (PIoT), social connectivity, and Artificial Social Intelligence (ASI): A survey","authors":"","doi":"10.1016/j.hcc.2024.100242","DOIUrl":"10.1016/j.hcc.2024.100242","url":null,"abstract":"<div><p>Pervasive Computing has become more personal with the widespread adoption of the Internet of Things (IoT) in our day-to-day lives. The emerging domain that encompasses devices, sensors, storage, and computing of personal use and surroundings leads to Personal IoT (PIoT). PIoT offers users high levels of personalization, automation, and convenience. This proliferation of PIoT technology has extended into society, social engagement, and the interconnectivity of PIoT objects, resulting in the emergence of the Social Internet of Things (SIoT). The combination of PIoT and SIoT has spurred the need for autonomous learning, comprehension, and understanding of both the physical and social worlds. Current research on PIoT is dedicated to enabling seamless communication among devices, striking a balance between observation, sensing, and perceiving the extended physical and social environment, and facilitating information exchange. Furthermore, the virtualization of independent learning from the social environment has given rise to Artificial Social Intelligence (ASI) in PIoT systems. However, autonomous data communication between different nodes within a social setup presents various resource management challenges that require careful consideration. This paper provides a comprehensive review of the evolving domains of PIoT, SIoT, and ASI. Moreover, the paper offers insightful modeling and a case study exploring the role of PIoT in post-COVID scenarios. This study contributes to a deeper understanding of the intricacies of PIoT and its various dimensions, paving the way for further advancements in this transformative field.</p></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"4 3","pages":"Article 100242"},"PeriodicalIF":3.2,"publicationDate":"2024-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S266729522400045X/pdfft?md5=b97b12cf0359158d875f2dc4cb6bbd8d&pid=1-s2.0-S266729522400045X-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141138835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wenyue Wang , Biwei Yan , Baobao Chai , Ruiyao Shen , Anming Dong , Jiguo Yu
{"title":"EBIAS: ECC-enabled blockchain-based identity authentication scheme for IoT device","authors":"Wenyue Wang , Biwei Yan , Baobao Chai , Ruiyao Shen , Anming Dong , Jiguo Yu","doi":"10.1016/j.hcc.2024.100240","DOIUrl":"10.1016/j.hcc.2024.100240","url":null,"abstract":"<div><div>In the Internet of Things (IoT), a large number of devices are connected using a variety of communication technologies to ensure that they can communicate both physically and over the network. However, devices face the challenge of a single point of failure, a malicious user may forge device identity to gain access and jeopardize system security. In addition, devices collect and transmit sensitive data, and the data can be accessed or stolen by unauthorized user, leading to privacy breaches, which posed a significant risk to both the confidentiality of user information and the protection of device integrity. Therefore, in order to solve the above problems and realize the secure transmission of data, this paper proposed EBIAS, a secure and efficient blockchain-based identity authentication scheme designed for IoT devices. First, EBIAS combined the Elliptic Curve Cryptography (ECC) algorithm and the SHA-256 algorithm to achieve encrypted communication of the sensitive data. Second, EBIAS integrated blockchain to tackle the single point of failure and ensure the integrity of the sensitive data. Finally, we performed security analysis and conducted sufficient experiment. The analysis and experimental results demonstrate that EBIAS has certain improvements on security and performance compared with the previous schemes, which further proves the feasibility and effectiveness of EBIAS.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 1","pages":"Article 100240"},"PeriodicalIF":3.2,"publicationDate":"2024-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141131302","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A survey of acoustic eavesdropping attacks: Principle, methods, and progress","authors":"","doi":"10.1016/j.hcc.2024.100241","DOIUrl":"10.1016/j.hcc.2024.100241","url":null,"abstract":"<div><div>In today’s information age, eavesdropping has been one of the most serious privacy threats in information security, such as exodus spyware (Rudie et al., 2021) and pegasus spyware (Anatolyevich, 2020). And the main one of them is acoustic eavesdropping. Acoustic eavesdropping (George and Sagayarajan, 2023) is a technology that uses microphones, sensors, or other devices to collect and process sound signals and convert them into readable information. Although much research has been done in this area, there is still a lack of comprehensive investigation into the timeliness of this technology, given the continuous advancement of technology and the rapid development of eavesdropping methods. In this article, we have given a selective overview of acoustic eavesdropping, focusing on the methods of acoustic eavesdropping. More specifically, we divide acoustic eavesdropping into three categories: motion sensor-based acoustic eavesdropping, optical sensor-based acoustic eavesdropping, and RF-based acoustic eavesdropping. Within these three representative frameworks, we review the results of acoustic eavesdropping according to the type of equipment they use and the physical principles of each. Secondly, we also introduce several important but challenging applications of these acoustic eavesdropping methods. In addition, we compared the systems that meet the requirements of acoustic eavesdropping in real-world scenarios from multiple perspectives, including whether they are non-intrusive, whether they can achieve unconstrained word eavesdropping, and whether they use machine learning, etc. The general template of our article is as follows: firstly, we systematically review and classify the existing eavesdropping technologies, elaborate on their working mechanisms, and give corresponding formulas. Then, these eavesdropping methods were compared and analyzed, and each method’s effectiveness and technical difficulty were evaluated from multiple dimensions. In addition to an assessment of the current state of the field, we discuss the current shortcomings and challenges and give a fruitful direction for the future of acoustic eavesdropping research. We hope to continue to inspire researchers in this direction.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"4 4","pages":"Article 100241"},"PeriodicalIF":3.2,"publicationDate":"2024-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141138505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Data distribution inference attack in federated learning via reinforcement learning support","authors":"Dongxiao Yu , Hengming Zhang , Yan Huang , Zhenzhen Xie","doi":"10.1016/j.hcc.2024.100235","DOIUrl":"10.1016/j.hcc.2024.100235","url":null,"abstract":"<div><div>Federated Learning (FL) is currently a widely used collaborative learning framework, and the distinguished feature of FL is that the clients involved in training do not need to share raw data, but only transfer the model parameters to share knowledge, and finally get a global model with improved performance. However, recent studies have found that sharing model parameters may still lead to privacy leakage. From the shared model parameters, local training data can be reconstructed and thus lead to a threat to individual privacy and security. We observed that most of the current attacks are aimed at client-specific data reconstruction, while limited attention is paid to the information leakage of the global model. In our work, we propose a novel FL attack based on shared model parameters that can deduce the data distribution of the global model. Different from other FL attacks that aim to infer individual clients’ raw data, the data distribution inference attack proposed in this work shows that the attackers can have the capability to deduce the data distribution information behind the global model. We argue that such information is valuable since the training data behind a well-trained global model indicates the common knowledge of a specific task, such as social networks and e-commerce applications. To implement such an attack, our key idea is to adopt a deep reinforcement learning approach to guide the attack process, where the RL agent adjusts the pseudo-data distribution automatically until it is similar to the ground truth data distribution. By a carefully designed Markov decision proces (MDP) process, our implementation ensures our attack can have stable performance and experimental results verify the effectiveness of our proposed inference attack.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 1","pages":"Article 100235"},"PeriodicalIF":3.2,"publicationDate":"2024-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141036150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}