2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)最新文献

{"title":"Privacy Challenges and Solutions for Image Data Sharing","authors":"Liyue Fan","doi":"10.1109/TPS-ISA56441.2022.00017","DOIUrl":"https://doi.org/10.1109/TPS-ISA56441.2022.00017","url":null,"abstract":"Sharing image data benefits a wide range of applications, including social media, medical imaging, and intelligent systems. Image data often contain sensitive information, the sharing of which may inflict individual privacy concerns. Traditional image privacy techniques, such as pixelization and blurring, do not provide effective protection. In this paper, we discuss privacy challenges and solutions for image data sharing. Specifically, we review existing solutions based on cryptography and federated learning, and discuss recent results on differential privacy in image domain. While differential privacy provides provable guarantees, we identify specific privacy challenges for image data and point out several considerations for future research.","PeriodicalId":427887,"journal":{"name":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124327780","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Auditing Metaverse Requires Multimodal Deep Learning","authors":"Kritagya Upadhyay, R. Dantu, Yanyan He, Syed Badruddoja, Abiola Salau","doi":"10.1109/TPS-ISA56441.2022.00015","DOIUrl":"https://doi.org/10.1109/TPS-ISA56441.2022.00015","url":null,"abstract":"Metaverse is an integration of many different technologies like blockchain, AI, edge computing, virtual reality, and many more, simulating the physical world in a virtual environment with holograms and avatars representing individuals. The metaverse is still in the early developmental stages as various tech companies propose exciting and promising features the technology can offer. Despite the plethora of benefits, this can bring to its users, for it to be able to achieve its potential, the security of the digital infrastructure and assets needs to be carefully addressed. In this paper, we present the metaverse and the collection of technologies it comprises. We focus on the integrated auditing methodology of the metaverse in detail that requires multimodal deep learning, which incorporates blockchain-based smart contracts as well. We provide attention to identifying major security threats and vulnerabilities in the decentralized metaverse, which, in our opinion, may hinder the success of the metaverse. Finally, we conclude by proposing mitigation strategies for the discussed security threats via integrated multimodal deep learning and smart contract audit for the presented security vulnerabilities for the metaverse.","PeriodicalId":427887,"journal":{"name":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","volume":"125 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115577476","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Method of Constructing Malware Classification Dataset Using Clustering","authors":"Woo-Jin Joe, Hyong-Shik Kim","doi":"10.1109/TPS-ISA56441.2022.00025","DOIUrl":"https://doi.org/10.1109/TPS-ISA56441.2022.00025","url":null,"abstract":"Machine learning, which automatically learns models from data, is receiving a lot of attention as a solution to cope with the increasing number of malicious codes every year. However, since most malicious codes are variants developed by recycling existing malicious codes, there is a problem that the model is easily overfitted to the training set compared to other domains. Previous studies have tried to remove the variants using labels provided by vaccines, but it can lead to indiscriminate removal of malicious codes since the vaccine label is inaccurate. Therefore, we propose a method of constructing a dataset by performing clustering and randomly selecting one from a cluster. To demonstrate that the proposed method of constructing training set can prevent overfitting and improve the generalization performance, we experimented with three training sets: a set that variants are not removed, a set that duplicated families are removed using labels, and a set that duplicated families are removed by the proposed method. To measure generalization performance, we experimented with six test sets constructed by the similarity to the training sets. It was confirmed that models learned from the training set constructed by the proposed method performed better on four test sets than the other models.","PeriodicalId":427887,"journal":{"name":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131642834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Last Mile of Blockchains: RPC and Node-as-a-service","authors":"Zhongtang Luo, Rohan Murukutla, Aniket Kate","doi":"10.1109/TPS-ISA56441.2022.00044","DOIUrl":"https://doi.org/10.1109/TPS-ISA56441.2022.00044","url":null,"abstract":"While much research focuses on different methods to secure blockchain, information on the chain needs to be accessed by end-users to be useful. This position paper surveys different ways that end-users may access blockchains. We observe that between the two extremes of running a full node and fully utilizing a trusted third-party service, many solutions regarding light nodes are emerging. We analyze these solutions based on three basic properties of web communication: integrity, availability and privacy. We conclude that currently, the best way to access a blockchain while maintaining these three properties is still to run a full node. We consider it essential that future blockchain accessibility services should be built while considering these three expectations.","PeriodicalId":427887,"journal":{"name":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115310376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient Blockchain Enabled Attribute-based Access Control as a Service","authors":"Ritik Kumar, Balaji Palanisamy, S. Sural","doi":"10.1109/TPS-ISA56441.2022.00021","DOIUrl":"https://doi.org/10.1109/TPS-ISA56441.2022.00021","url":null,"abstract":"In recent years, Attribute-Based Access Control (ABAC) has become popular in organizations implementing fine grained control of access to their data, systems and other resources. However, migration from existing non-ABAC systems is not only time consuming, it also requires significant redesigning of application code. Providing ABAC as a cloud service can help in this process by eliminating the need for ab initio development of ABAC support in already running stable applications. While attractive from a management perspective, there is always a concern for security of the cloud service itself. In this paper, we propose ABAC as a service with security guarantee provided through the use of blockchain, specifically Ethereum. We build an effective functionality that enables user organizations to verify whether its access control data as well as access mediation decisions made by the cloud service were indeed done in an authorized manner. All the changes to the various ABAC components along with access history are added to the Ethereum blockchain using efficiently written smart contracts in Solidity. We have developed a prototype system on the Rinkeby Ethereum test network. Experimental results demonstrate that the proposed approach is effective and incurs only a modest additional cost.","PeriodicalId":427887,"journal":{"name":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","volume":"61 15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126745558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Investigating Organizational Factors Associated with GDPR Noncompliance using Privacy Policies: A Machine Learning Approach","authors":"A. Aberkane, S. V. Broucke, G. Poels","doi":"10.1109/TPS-ISA56441.2022.00023","DOIUrl":"https://doi.org/10.1109/TPS-ISA56441.2022.00023","url":null,"abstract":"The General Data Protection Regulation (GDPR) came into effect in May 2018 to ensure and safeguard data subjects’ rights. This enactment profoundly shaped, among other things, data processing organizations’ privacy policies to comply with the GDPR’s transparency requirements—for compliance with the GDPR is compulsory. Nevertheless, despite the potential goodwill to change, complying with the GDPR can be challenging for some organizations, e.g., small and medium-sized enterprises, due to, for example, a lack of resources. This study explores what factors may correlate with GDPR-compliance practices in organizations by analyzing the corresponding privacy policies. The contribution of this study is twofold. First, we have devised a classification model using machine learning (ML) and natural language processing (NLP) techniques to assess the GDPR-compliance practices promised in privacy policies regarding the GDPR core privacy policy requirement of Purpose. Using this model, we have collected a data set of 8 614 organizations active in the European Union (EU) containing organizational information and GDPR-compliance promises derived from organizations’ privacy policies, as made publicly available. Our second contribution is an analysis of the resulting classification to identify organizational factors related to the disclosure of the GDPR core privacy policy requirement of Purpose in organizations’ privacy policies.","PeriodicalId":427887,"journal":{"name":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122173949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MnemoSys: A Conditional Probability Estimation Protocol for Blockchain Audited Reputation Management","authors":"Daniel Rouhana, Peyton Lundquist, Tim Andersen, Gaby G. Dagher","doi":"10.1109/TPS-ISA56441.2022.00019","DOIUrl":"https://doi.org/10.1109/TPS-ISA56441.2022.00019","url":null,"abstract":"Reputation systems have been one method of solving the unique challenges that face distributed networks of independent operators. Fundamentally, historical performance must be considered in a way that attempts to predict future behav-ior, optimize present functionality, and provide some measure of immutable recording. In this paper, a three-part system, MnemoSys, is proposed to solve this diverse set of problems. First, historical performance is dynamically weighted and scored using geometrically expanding time windows. Second, a quorum is abstracted as a restricted Boltzmann machine to produce a conditional probability estimate of log-normal likelihood of good-faith behavior. Third, all rewards and punishments are recorded on an immutable, decentralized ledger. Our experimentation shows that when applied iteratively to an entire network, consistently under-performing nodes are removed, network stability is maintained even with high percentages of simulated error, and global network parameters are optimized in the long-term.","PeriodicalId":427887,"journal":{"name":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","volume":"150 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115168461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Universal Deduplication Architecture for Secure and Efficient Cloud Storage","authors":"Kevin Saric, G. Ramachandran, S. Pal, R. Jurdak, Surya Nepal","doi":"10.1109/TPS-ISA56441.2022.00012","DOIUrl":"https://doi.org/10.1109/TPS-ISA56441.2022.00012","url":null,"abstract":"Users now produce data at a rate that exceeds their ability to securely store and manage it all, provoking them to entrust their private files to Cloud Storage Providers (CSPs). These companies discreetly inspect users’ files to undertake deduplication, which stores only a single instance of files that are redundant across their user base. By undertaking deduplication in this way, the CSP acquires low-cost storage at the expense of user privacy. This paper proposes universal deduplication, an alternative approach which shifts the advantage of deduplication from the CSP to the users, while ensuring semantic security of the users’ transmitted data. Universal deduplication leverages indications of the trustworthiness of data availability on the Internet, paired with a format to automatically combine client-side deduplication and end-to-end encryption. By referencing data that is publicly available on the Internet, user files can be privately deduplicated without the need to transmit sensitive user data, while simultaneously reducing storage and encryption costs. An architecture for the implementation of universal deduplication is proposed in this paper, along with a preliminary investigation into the feasibility of the proposed concepts.","PeriodicalId":427887,"journal":{"name":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116718711","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ZAC: Efficient Zero-Knowledge Dynamic Universal Accumulator and Application to Zero-Knowledge Elementary Database","authors":"H. Dang, T. V. Phuong, Thuc Nguyen, Thang Hoang","doi":"10.1109/TPS-ISA56441.2022.00038","DOIUrl":"https://doi.org/10.1109/TPS-ISA56441.2022.00038","url":null,"abstract":"Zero-knowledge universal accumulator generates the succinct commitment to a set and produces the short (non) membership proof (universal) without leaking information about the set (zero-knowledge). In order to further support a generic set and zero-knowledge, existing techniques generally combine the zero-knowledge universal accumulator with other protocols, such as digital signatures and hashes to primes, which incur high overhead and may not be suitable for real-world use. It is desirable to commit a set of membership concealing the information with the optimal complexity. We devise ZAC, a new zero-knowledge Dynamic Universal Accumulator by taking the existing cryptographic primitives into account to produce a new efficient accumulator. Our underlying building blocks are Bloom Filter and vector commitment scheme in [19], utilizing the binary expression and aggregation to achieve efficiency, generic set support, zero-knowledge and universal properties. As a result, our scheme is improved in terms of proof size and proof time, also comparable to the RSA-based set accumulator in [8] in the verifying complexity. With 128 bit security, our proof size is 48 bytes while theirs is 1310 bytes and the running time of elliptic curve-based methods is faster than RSA-based counterpart. ZAC is proved to be complete, ϵ-sound and zero-knowledge. Extensively, based on ZAC as building block, we construct a new Zero-Knowledge Elementary Database (ZKEDB), which consumes 5 times less storage space, $mathcal{O}left( {log N} right)$ less bandwidth, and $mathcal{O}left( {log N} right)$ more efficient in proving and verification than the state-of-art work in [13] (where N is the domain space size). ZKEDB is proved to be complete, ϵ-sound and zero-knowledge. ZKEDB supports a new type of select top ℓ query, and can be extended to non-elementary databases.","PeriodicalId":427887,"journal":{"name":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","volume":"63 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125941702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Distributed Cyber-infrastructures and Artificial Intelligence in Hybrid Post-Quantum Era","authors":"A. Yavuz, Saif E. Nouma, Thang Hoang, Duncan Earl, Scott Packard","doi":"10.1109/TPS-ISA56441.2022.00014","DOIUrl":"https://doi.org/10.1109/TPS-ISA56441.2022.00014","url":null,"abstract":"Distributed cyber-infrastructures and Artificial Intelligence (AI) are transformative technologies that will play a pivotal role in the future of society and the scientific community. Internet of Things (IoT) applications harbor vast quantities of connected devices that collect a massive amount of sensitive information (e.g., medical, financial), which is usually analyzed either at the edge or federated cloud systems via AI/Machine Learning (ML) algorithms to make critical decisions (e.g., diagnosis). It is of paramount importance to ensure the security, privacy, and trustworthiness of data collection, analysis, and decision-making processes. However, system complexity and increased attack surfaces make these applications vulnerable to system breaches, single-point of failures, and various cyber-attacks. Moreover, the advances in quantum computing exacerbate the security and privacy challenges. That is, emerging quantum computers can break conventional cryptographic systems that offer cyber-security services, public key infrastructures, and privacy-enhancing technologies. Therefore, there is a vital need for new cyber-security paradigms that can address the resiliency, long-term security, and efficiency requirements of distributed cyber infrastructures.In this work, we propose a vision of distributed architecture and cyber-security framework that uniquely synergizes secure computation, Physical Quantum Key Distribution (PQKD), NIST Post- Quantum Cryptography (PQC) efforts, and AI/ML algorithms to achieve breach-resilient, functional and efficient cyber-security services. At the heart of our proposal lies a new Multi-Party Computation Quantum Network Core (MPC-QNC) that enables fast and yet quantum-safe execution of distributed computation protocols via integration of PQKD infrastructure and hardware- acceleration elements. We showcase the capabilities of MPC- QNC by instantiating it for Public Key Infrastructures (PKI) and federated ML in our HDQPKI and TPQ-ML, frameworks, respectively. HDQPKI (to the best of our knowledge) is the first hybrid and distributed post-quantum PKI that harnesses PQKD and NIST PQC standards to offer the highest level of quantum safety with a breach-resiliency against active adversaries. TPQ-ML presents a post-quantum secure and privacy-preserving federated ML infrastructure.","PeriodicalId":427887,"journal":{"name":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131982917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}