IEEE Transactions on Dependable and Secure Computing最新文献_第10页

VOSA: Verifiable and Oblivious Secure Aggregation for Privacy-Preserving Federated Learning VOSA:用于保护隐私的联合学习的可验证和不可忽略的安全聚合

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3226508

Yong Wang, Aiqing Zhang, Shu-Lin Wu, Shui Yu

{"title":"VOSA: Verifiable and Oblivious Secure Aggregation for Privacy-Preserving Federated Learning","authors":"Yong Wang, Aiqing Zhang, Shu-Lin Wu, Shui Yu","doi":"10.1109/TDSC.2022.3226508","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3226508","url":null,"abstract":"Federated learning has emerged as a promising paradigm by collaboratively training a global model through sharing local gradients without exposing raw data. However, the shared gradients pose a threat to privacy leakage of local data. The central server may forge the aggregated results. Besides, it is common that resource-constrained devices drop out in federated learning. To solve these problems, the existing solutions consider either only efficiency, or privacy preservation. It is still a challenge to design a verifiable and lightweight secure aggregation with drop-out resilience for large-scale federated learning. In this article, we propose VOSA, an efficient verifiable and oblivious secure aggregation protocol for privacy-preserving federated learning. We exploit aggregator oblivious encryption to efficiently mask users’ local gradients. The central server performs aggregation on the obscured gradients without revealing the privacy of local data. Meanwhile, each user can efficiently verify the correctness of the aggregated results. Moreover, VOSA adopts a dynamic group management mechanism to tolerate users’ dropping out with no impact on their participation in future learning process. Security analysis shows that the VOSA can guarantee the security requirements of privacy-preserving federated learning. The extensive experimental evaluations conducted on real-world datasets demonstrate the practical performance of the proposed VOSA with high efficiency.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3601-3616"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48306047","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 4

Smaug: A TEE-Assisted Secured SQLite for Embedded Systems Smaug:用于嵌入式系统的tee辅助安全SQLite

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3216020

D. Lu, Minqiang Shi, Xindi Ma, Ximeng Liu, Rui-Gang Guo, Tianfang Zheng, Yulong Shen, Xuewen Dong, Jianfeng Ma

{"title":"Smaug: A TEE-Assisted Secured SQLite for Embedded Systems","authors":"D. Lu, Minqiang Shi, Xindi Ma, Ximeng Liu, Rui-Gang Guo, Tianfang Zheng, Yulong Shen, Xuewen Dong, Jianfeng Ma","doi":"10.1109/TDSC.2022.3216020","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3216020","url":null,"abstract":"As one of the most popular relational databases for embedded devices, SQLite is lightweight to be embedded into applications without installing a specific database management system. However, simplicity and easy-to-use are double-edged swords; while bringing convenience, they also make data processing and storage risky. For example, an attacker can obtain data from a database file or memory and tamper with it once he has gained higher privileges, threatening the database's confidentiality and integrity. To address such security issues, based on a trusted execution environment (TEE) and a trusted platform module (TPM), we have proposed Smaug, a general secure scheme to ensure the confidentiality and integrity of SQLite and similar databases. With Smaug, all the critical data is stored in ciphertext, and data integrity protection is also provided. Besides, with TEE, all the sensitive operations are isolated from the untrusted environment, which can effectively resist attacks against memory. In addition, we use TPM to provide a solid root-of-trust (RoT) for the system. Finally, we have implemented a prototype system, and the performance evaluations have clarified the dominant factors that affect the system availability, providing a reference to the design and implementation of similar systems.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3617-3635"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47909093","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Crystal: Enhancing Blockchain Mining Transparency With Quorum Certificate Crystal：通过法定人数证书提高区块链挖矿透明度

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3216749

Jianyu Niu, Fangyu Gai, Runchao Han, Ren Zhang, Yinqian Zhang, Chen Feng

{"title":"Crystal: Enhancing Blockchain Mining Transparency With Quorum Certificate","authors":"Jianyu Niu, Fangyu Gai, Runchao Han, Ren Zhang, Yinqian Zhang, Chen Feng","doi":"10.1109/TDSC.2022.3216749","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3216749","url":null,"abstract":"Researchers have discovered a series of theoretical attacks against Bitcoin's Nakamoto consensus; the most damaging ones are selfish mining, double-spending, and consistency delay attacks. These attacks have one common cause: block withholding. This paper proposes Crystal, which leverages quorum certificates to resist block withholding misbehavior. Crystal continuously elects committees from miners and requires each block to have a quorum certificate, i.e., a set of signatures issued by members of its committee. Consequently, an attacker has to publish its blocks to obtain quorum certificates, rendering block withholding impossible. To build Crystal, we design a novel two-round committee election in a Sybil-resistant, unpredictable and non-interactive way, and a reward mechanism to incentivize miners to follow the protocol. Our analysis and evaluations show that Crystal can significantly mitigate selfish mining and double-spending attacks. For example, in Bitcoin, an attacker with 30% of the total computation power will succeed in double-spending attacks with a probability of 15.6% to break the 6-confirmation rule; however, in Crystal, the success probability for the same attacker falls to 0.62%. We provide formal end-to-end safety proofs for Crystal, ensuring no unknown attacks will be introduced. To the best of our knowledge, Crystal is the first protocol that prevents selfish mining and double-spending attacks while providing safety proof.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4154-4168"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46429936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Efficient Verifiable Unbounded-Size Database From Authenticated Matrix Commitment 基于认证矩阵承诺的高效可验证无界大小数据库

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3225283

Haining Yang, D. Feng, Jing Qin

{"title":"Efficient Verifiable Unbounded-Size Database From Authenticated Matrix Commitment","authors":"Haining Yang, D. Feng, Jing Qin","doi":"10.1109/TDSC.2022.3225283","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3225283","url":null,"abstract":"Verifiable database with update (VDB) enables the client to store a large dataset in the outsourced database, and then efficiently query and update the data with a new value. It is attractive for the merits of checking the validity of the queried data and detecting the malicious actions of tampering with the outsourced database concurrently. However, the database in the context of VDB is merely suitable to store a fixed-size dataset. Hence, VDB is inapplicable to the unbounded-size database that provides the capability to store and manage the arbitrary-size datasets in the incremental manners. To circumvent the weaknesses, we research on the verifiable unbounded-size database with update (VUSDB). The VUSDB is sufficient for multiple clients to store their own arbitrary-size datasets in the database that has already contained some datasets. In order to design a VUSDB scheme, we first put forward a primitive called authenticated matrix commitment and give a scheme. This primitive is qualified to commit to a collection of ordered data represented in the form of matrix, and assure the ownership of the opened data. Then we utilize the authenticated matrix commitment scheme to construct a VUSDB scheme. The performance evaluation shows that the proposed schemes are efficient and practical.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3873-3889"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45063104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Fair Cloud Auditing Based on Blockchain for Resource-Constrained IoT Devices 基于区块链的资源受限物联网设备公平云审计

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3207384

Lei Zhou, Anmin Fu, Guomin Yang, Yansong Gao, Shui Yu, R. Deng

{"title":"Fair Cloud Auditing Based on Blockchain for Resource-Constrained IoT Devices","authors":"Lei Zhou, Anmin Fu, Guomin Yang, Yansong Gao, Shui Yu, R. Deng","doi":"10.1109/TDSC.2022.3207384","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3207384","url":null,"abstract":"Internet of Things (IoT) devices upload their data into the cloud for storage because of their limited resources. However, cloud storage data has been subject to potential integrity threats, and consequently auditing techniques are demanded to ensure the integrity of stored data. Unfortunately, existing auditing approaches require owners to undertake expensive tag calculations, which is unsuitable for resource-constrained IoT devices. To resolve the issue, we present a Fair Cloud Auditing proposal by employing the Blockchain (FCAB). We combine certificateless signatures with the designed dynamic structure to constructively offload the cost of tag computation from the IoT device to the introduced fog node, significantly reducing the local burden. Considering that fog nodes may behave dishonestly during auditing, FCAB enables the IoT device to verify the audit result's authenticity by extracting reliable checking records from the blockchain, thereby achieving auditing fairness, which ensures that the honest cloud and fog node will gain the corresponding reward. Finally, FCAB is proved to satisfy tag unforgeability, proof unforgeability, privacy preserving, and auditing fairness. Experiment evaluations affirm that FCAB is computationally and communicationally efficient and retains a smaller and fixed computation locally at the data processing stage (mainly including tag computation) than existing auditing methods.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4325-4342"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45878550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

ESMAC: Efficient and Secure Multi-Owner Access Control With TEE in Multi-Level Data Processing ESMAC:有效和安全的多所有者访问控制与多层次的数据处理TEE

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3215977

Daniel Liu, Zheng Yan, Wenxiu Ding, Yuxuan Cai, Yaxing Chen, Zhiguo Wan

{"title":"ESMAC: Efficient and Secure Multi-Owner Access Control With TEE in Multi-Level Data Processing","authors":"Daniel Liu, Zheng Yan, Wenxiu Ding, Yuxuan Cai, Yaxing Chen, Zhiguo Wan","doi":"10.1109/TDSC.2022.3215977","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3215977","url":null,"abstract":"Traditional data access control schemes only prevent unauthorized access to private data with a single owner. They are not suitable for application in a Multi-Level Data Processing (MLDP) scenario, where data are processed by a series of parties who also insert new data. Hence, the accumulated dataset should be protected through access control handled by hierarchically-structured parties who are at least partial data owners in MLDP. Existing multi-owner access control schemes mainly focus on controlling access to co-owned data of multiple entities with the equal ownership, but seldom investigates how to apply access control in MLDP. In this paper, we base the off-the-shelf Trusted Execution Environment (TEE), Intel SGX, to propose an Efficient and Secure Multi-owner Access Control scheme (ESMAC) for access authorization in MLDP. Moreover, to prevent unauthorized data disclosure by non-root data owners aiming to gain extra profits, we further introduce undercover polices to supervise their behaviors. Specifically, we design a data protection scheme based on game theory to decide the payoffs and punishments of honest and dishonest data owners, which motivates data owners to behave honestly when claiming ownership over data. Through comprehensive security analysis and performance evaluation, we demonstrate ESMAC's security and effectiveness.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4052-4069"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42221405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Spotting Anomalies at the Edge: Outlier Exposure-Based Cross-Silo Federated Learning for DDoS Detection 发现边缘异常:基于离群暴露的跨孤岛联合学习DDoS检测

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3224896

V. Pourahmadi, H. Alameddine, M. A. Salahuddin, R. Boutaba

{"title":"Spotting Anomalies at the Edge: Outlier Exposure-Based Cross-Silo Federated Learning for DDoS Detection","authors":"V. Pourahmadi, H. Alameddine, M. A. Salahuddin, R. Boutaba","doi":"10.1109/TDSC.2022.3224896","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3224896","url":null,"abstract":"Distributed Denial-of-Service (DDoS) attacks are expected to continue plaguing service availability in emerging networks which rely on distributed edge clouds to offer critical, latency-sensitive applications. However, edge servers increase the network attack surface, which is exacerbated with the massive number of connected Internet of Things (IoT) devices that can be weaponized to launch DDoS attacks. Therefore, it is crucial to detect DDoS attacks early, i.e., at the network edge. In this paper, we empower the network edge with intelligent DDoS detection by learning from similarities between different data and DDoS attacks available across the edge servers. To this end, we develop a novel Outlier Exposure (OE)-enabled cross-silo Federated Learning framework, namely FedOE. FedOE enables distributed training of OE-based ML models using a limited number of labeled outliers (i.e., attack flows) experienced at edge servers. We propose a novel OE-based Autoencoder (oAE) that can better discriminate anomalies in comparison to the widely adopted traditional Autoencoder, using a tailored, OE-based loss function. We evaluate oAE in FedOE and demonstrate its ability to generalize to zero-day attacks, with just 50 labeled attack flows per edge server. The results show that oAE achieves a high F1-score for most DDoS attacks, outclassing its non-OE counterpart.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4002-4015"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41682319","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 5

ZeroProKeS: A Secure Zeroconf Key Establishment Protocol for Large-Scale Low-Cost Applications ZeroProKeS:用于大规模低成本应用的安全零配置密钥建立协议

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3207927

S. K. Sakib, G. Amariucai, Yong Guan

{"title":"ZeroProKeS: A Secure Zeroconf Key Establishment Protocol for Large-Scale Low-Cost Applications","authors":"S. K. Sakib, G. Amariucai, Yong Guan","doi":"10.1109/TDSC.2022.3207927","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3207927","url":null,"abstract":"Traditional approaches to authenticated key establishment include the use of PKI or trusted third parties. While certificate deployment is sub-optimal for large-scale, low-cost applications, the use of trusted third parties is subject to human error and leaked credentials. For this context, co-location can be a valuable resource, and it is often exploited through common randomness harvesting techniques, but these, in turn, suffer from low achievable rates and usually from restrictive assumptions about the environment. Recent techniques for exploiting co-location are based on the notion of quality time and rely on sophisticated throttled clue-issuing mechanisms that allow a device with enough time to spend in the vicinity of the transmitter to find a secret key by collecting enough consecutive clues. By contrast, attackers are afforded only limited time to listen to, or interact with, the clue transmitter. Previous work in this direction deals solely with passive attackers and uses high-overhead information throttling mechanisms. This paper introduces the active attacker model for the quality-time paradigm and proposes a simple solution, a Zeroconf Key Establishment Protocol (ZeroProKeS). Additionally, the paper shows how to efficiently expand the proposed protocol to adhere to any customized information transfer function between legitimate users.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3636-3652"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41523352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A new classification of genus Neoperla and systematic studies of other Perlinae (Plecoptera: Perlidae). Neoperla属的新分类及其他珀林科（Plecoptera: Perlidae）的系统研究。

IF 0.9 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-08-29 DOI: 10.11646/zootaxa.5339.2.1

Peter Zwick

引用次数: 0

Towards Robust Fingerprinting of Relational Databases by Mitigating Correlation Attacks. 通过减少相关攻击实现关系数据库的鲁棒指纹

IF 7 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-07-01 Epub Date: 2022-07-18 DOI: 10.1109/tdsc.2022.3191117

Tianxi Ji, Erman Ayday, Emre Yilmaz, Pan Li

{"title":"Towards Robust Fingerprinting of Relational Databases by Mitigating Correlation Attacks.","authors":"Tianxi Ji, Erman Ayday, Emre Yilmaz, Pan Li","doi":"10.1109/tdsc.2022.3191117","DOIUrl":"10.1109/tdsc.2022.3191117","url":null,"abstract":"<p><p>Database fingerprinting is widely adopted to prevent unauthorized data sharing and identify source of data leakages. Although existing schemes are robust against common attacks, their robustness degrades significantly if attackers utilize inherent correlations among database entries. In this paper, we demonstrate the vulnerability of existing schemes by identifying different correlation attacks: column-wise correlation attack, row-wise correlation attack, and their integration. We provide robust fingerprinting against these attacks by developing mitigation techniques, which can work as post-processing steps for any off-the-shelf database fingerprinting schemes and preserve the utility of databases. We investigate the impact of correlation attacks and the performance of mitigation techniques using a real-world database. Our results show (i) high success rates of correlation attacks against existing fingerprinting schemes (e.g., integrated correlation attack can distort 64.8% fingerprint bits by just modifying 14.2% entries in a fingerprinted database), and (ii) high robustness of mitigation techniques (e.g., after mitigation, integrated correlation attack can only distort 3% fingerprint bits). Additionally, the mitigation techniques effectively alleviate correlation attacks even if (i) attackers have access to correlation models directly computed from the original database, while the database owner uses inaccurate correlation models, (ii) or attackers utilizes higher order of correlations than the database owner.</p>","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"2939-2953"},"PeriodicalIF":7.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10877201/pdf/","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48304558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0