发布求助
文献互助 智能选刊 最新文献

2022 6th International Conference on Cryptography, Security and Privacy (CSP)最新文献

筛选
英文 中文
Evaluation Study on Privacy Policies of Express Companies Based on Cloud Model 基于云模型的快递公司隐私政策评价研究
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/csp55486.2022.00012
Qian Zhang, W. Xie, Xinxiang Pan
{"title":"Evaluation Study on Privacy Policies of Express Companies Based on Cloud Model","authors":"Qian Zhang, W. Xie, Xinxiang Pan","doi":"10.1109/csp55486.2022.00012","DOIUrl":"https://doi.org/10.1109/csp55486.2022.00012","url":null,"abstract":"In the era of the Internet of things (IoT), smart logistics is quietly rising, but user privacy security has become an important factor hindering its development. Because privacy policy plays a positive role in protecting user privacy and improving corporate reputation, it has become an important part of smart logistics and the focus of express companies. In this paper, through the construction of the privacy policy evaluation index system of express companies, aiming at qualitative indicators that are difficult to evaluate, we introduce the cloud model evaluation method that can combine the qualitative and quantitative together, and comprehensively evaluate the privacy policy of five express companies in China from four indicators: general situation, user informed consent, information security control and personal rights protection. The results show that: Overall, the privacy policies of the five express companies have not reached the \"good\" level, and there is a certain gap between the privacy policies of different express companies. From the comparison of indicators, the five express companies generally score relatively good; However, the overall score of information security control index is relatively poor, and the other two indexes are quite different. Cloud model evaluation method has strong applicability for the evaluation of express company privacy policy, which provides a reference for improving the privacy policy formulation and improving the privacy protection level of China’s express delivery industry in the era of IoT.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"109 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122423277","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Computational Refinements for Post-Quantum Elliptic Curve Security 后量子椭圆曲线安全性的计算改进
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00014
E. Sakk
{"title":"Computational Refinements for Post-Quantum Elliptic Curve Security","authors":"E. Sakk","doi":"10.1109/CSP55486.2022.00014","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00014","url":null,"abstract":"Computer security in a post-quantum world is a topic of great significance. The security of a vast number of public key encryption and key distribution techniques is dependent upon various number theoretic frameworks such as factoring, discrete logarithms and elliptic curves. Yet, variations on Shor’s algorithm have provided a theoretical basis for rendering such systems vulnerable to quantum attacks. In this work, we review quantum solutions for typical number theoretic problems. After leading up to elliptic curve systems, we highlight the relevance of computing modular inverses. Finally, refinements to quantum versions of the extended Euclidean algorithm are presented.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130495340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Two-Stage Out-Of-Box Method for Detecting Side-Channel Attacks in Cloud Computing 云计算中检测侧信道攻击的两阶段开箱即用方法
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00035
Jiangyong Shi, Ping Kuang, Yongjun Wang, Yuexiang Yang
{"title":"A Two-Stage Out-Of-Box Method for Detecting Side-Channel Attacks in Cloud Computing","authors":"Jiangyong Shi, Ping Kuang, Yongjun Wang, Yuexiang Yang","doi":"10.1109/CSP55486.2022.00035","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00035","url":null,"abstract":"In this paper, we proposed a two-stage out-of-box method for detecting side-channel attacks in cloud computing. The method detects side-channel attacks from outside of the virtual machine, utilizing hardware support of performance events and hypervisor's ability to introspect the virtual machine, which is robust and stealthy to attackers. By utilizing information of hardware performance counters to train a classification model, we can quickly locate the suspicious attacking virtual machine with 96.7% of precision and 95% of recall rate. By adjusting the sampling duration and interval, we can get a F1-score of 98.9%. By utilizing virtual machine introspection method to extract syscall information of suspicious virtual machine, we can precisely locate the suspicious process. Experiments demonstrate our method's effectiveness in detecting cache side-channel attacks.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"305 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124339347","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Teleporting Qubits Between Participants by Third-Party Center 第三方中心在参与者之间传送量子比特
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00008
Abdulbast A. Abushgra
{"title":"Teleporting Qubits Between Participants by Third-Party Center","authors":"Abdulbast A. Abushgra","doi":"10.1109/CSP55486.2022.00008","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00008","url":null,"abstract":"As many applied and theoretical challenges still face quantum computing in general and quantum cryptography in particular. The teleportation of qubits from one participant to another has been attracting most of the recent focus in this field. Quantum key distribution is a method as in the classical system that provides secret keys to secure communication channels between legitimate participants through various mechanisms. In this paper, a quantum key exchange protocol is designed to transfer qubits from a trusted third party to both communicators. The Third-Party Center (TPC) initiates secure exchanges between the sender (Alice) and the receiver (Bob). Only legitimate parties share indexes with TPC, where the TPC cannot forge the communication parameters. These parameters include photons applied under an EPR Paradox environment. Therefore, the legitimate parties can share data securely by using a third-party without many restrictions.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116920889","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Class of Software-Layer DoS Attacks in Node.js Web Apps 一类基于Node.js Web应用的软件层DoS攻击
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00028
Tuong Phi Lau
{"title":"A Class of Software-Layer DoS Attacks in Node.js Web Apps","authors":"Tuong Phi Lau","doi":"10.1109/CSP55486.2022.00028","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00028","url":null,"abstract":"Application-level DoS attacks are occurring more frequently and raise more serious threats. Such attacks can be performed advantageously in node.js web apps, as these apps are built by third-party npm packages. Adversaries may inject malicious data into its client requests submitted to a victim server. It then may manipulate program states to pass the malicious input to sensitive APIs as long-running operations which are resided in npm modules required in the node.js web app. Once the sensitive APIs (e.g. pattern matching) can be called with hard-to-match input string, it may impose degradation of the worker pool’s throughput of the web server to interrupt web services accessed by Internet users. This attack vector is defined as Module-driven DoS (MDoS).This paper presents a class of software-level DoS so called MDoS, and an automated approach implementing inter-modular analysis to detect vulnerable npm modules exploitable for these vulnerabilities. The proposed method is evaluated on a dataset of 17,000 modules downloaded from the npm ecosystem. As a result, the automated analysis flagged out 355 vulnerable modules. Using manual code inspection found 237 true positives of 35 exposed to the MDoS, including 214 modules exploitable for launching ReDoS and 23 remaining ones suspicious for executing ReadDoS attacks indirectly.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114147173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
RippleSign: Isogeny-Based Threshold Ring Signatures with Combinatorial Methods RippleSign:基于等同性的组合方法阈值环签名
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00010
Li Li, Maozhi Xu
{"title":"RippleSign: Isogeny-Based Threshold Ring Signatures with Combinatorial Methods","authors":"Li Li, Maozhi Xu","doi":"10.1109/CSP55486.2022.00010","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00010","url":null,"abstract":"Threshold ring signature schemes are widely used in blockchains and cryptocurrencies. Isogeny-based signature schemes benefit from short public key and signature sizes. In this paper, by using trapdoor commitments in ring signatures, we propose a decentralized post-quantum threshold ring signature scheme, RippleSign, based on isogenies between supersingular elliptic curves. Our scheme enjoys perfect anonymity and is un-forgeable under a chosen-message attack. In terms of practicality, our threshold scheme has signature size of 187 KB with 100 participants at the 128-bit security level. In addition, our scheme takes about 2 seconds to produce (2,3)-threshold ring signature.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"468 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115291483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Convex Hull Convolutive Non-negative Matrix Factorization Based Speech Enhancement For Multimedia Communication 基于凸壳卷积非负矩阵分解的多媒体通信语音增强
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00033
Dongxia Wang, Jie Cui, Jinghua Wang, Hua Tan, Ming Xu
{"title":"Convex Hull Convolutive Non-negative Matrix Factorization Based Speech Enhancement For Multimedia Communication","authors":"Dongxia Wang, Jie Cui, Jinghua Wang, Hua Tan, Ming Xu","doi":"10.1109/CSP55486.2022.00033","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00033","url":null,"abstract":"In this paper, an effective speech enhancement method is proposed for the next generation multimedia communication system. The priori knowledge of the enhancement stage is obtained by the modified Convex Hull Convolutive NMF with less information loss. To deal with the difficulty of its optimal gain estimation, an iterative algorithm is then introduced to update the coefficient matrix. The experimental results under different types of noise environment show that the proposed algorithm can reduce the signal distortions dramatically, and provide better enhancement performance than the benchmark algorithms simultaneously, especially under adverse conditions.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129525287","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Proactively Defensive Low-Level Decision Center Model of Endogenous Security 内生性安全的主动防御低级决策中心模型
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00017
Liang Feilin, Li Tao, Hu Aiqu
{"title":"A Proactively Defensive Low-Level Decision Center Model of Endogenous Security","authors":"Liang Feilin, Li Tao, Hu Aiqu","doi":"10.1109/CSP55486.2022.00017","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00017","url":null,"abstract":"With the development of 5g and next-generation networks, shell-based defenses are becoming increasingly unsuitable and become a burden and obstacle to information systems. The endogenous security defense system based on the bionic mechanism has entered people's field of vision. On this basis, this paper proposes a spinal-like low-level decision center model in the endogenous security system. It uses fuzzy cognitive maps and trusted computing to comprehensively analyze the information of the system, and makes decisions based on the needs of applications and tasks. Some case studies and experimental results prove the effectiveness and efficiency of the model.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"168 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117081514","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cyber-Security Enhanced Network Meta-Model and its Application 网络安全增强网络元模型及其应用
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00023
Xinli Xiong, Liang Guo, Yunfeng Zhang, Jingye Zhang
{"title":"Cyber-Security Enhanced Network Meta-Model and its Application","authors":"Xinli Xiong, Liang Guo, Yunfeng Zhang, Jingye Zhang","doi":"10.1109/CSP55486.2022.00023","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00023","url":null,"abstract":"In this paper, we expand the traditional graph model to include security information in cyberspace. And a meta-model in networks that contain both typical network elements and security information is proposed. Detailed definitions of nodes, edges, structures, and paths in a network are given to present security elements from both macroscopic and microcosmic perspectives. Meanwhile, two remarkable case studies, AI-driven penetration testing and cascading failures in routing networks are shown to demonstrate that our model is prevailing in solving frontier issues of security in cyberspace.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116253454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The Processing goes far beyond "the app" – Privacy issues of decentralized Digital Contact Tracing using the example of the German Corona-Warn-App 处理远远超出了“应用程序”——以德国Corona-Warn-App为例,分散数字联系人追踪的隐私问题
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00011
Rainer Rehak, C. R. Kühne
{"title":"The Processing goes far beyond \"the app\" – Privacy issues of decentralized Digital Contact Tracing using the example of the German Corona-Warn-App","authors":"Rainer Rehak, C. R. Kühne","doi":"10.1109/CSP55486.2022.00011","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00011","url":null,"abstract":"Since SARS-CoV-2 started spreading in Europe in early 2020, there has been a strong call for technical solutions to combat or contain the pandemic, with contact tracing apps at the heart of the debates. The EU’s General Data Protection Regulation (GDPR) requires controllers to carry out a data protection impact assessment (DPIA) where their data processing is likely to result in a high risk to the rights and freedoms (Art. 35 GDPR). A DPIA is a structured risk analysis that identifies and evaluates possible consequences of data processing relevant to fundamental rights in advance and describes the measures envisaged to address these risks or expresses the inability to do so.Based on the Standard Data Protection Model (SDM), we present the results of a scientific and methodologically clear DPIA. It shows that even a decentralized architecture involves numerous serious weaknesses and risks, including larger ones still left unaddressed in current implementations. It also found that none of the proposed designs operates on anonymous data or ensures proper anonymisation. It also showed that informed consent would not be a legitimate legal ground for the processing. For all points where data subjects’ rights are still not sufficiently safeguarded, we briefly outline solutions.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128063364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信