Lixia Xie , Bingdi Yuan , Hongyu Yang , Ze Hu , Laiwei Jiang , Liang Zhang , Xiang Cheng
{"title":"MRFM: A timely detection method for DDoS attacks in IoT with multidimensional reconstruction and function mapping","authors":"Lixia Xie , Bingdi Yuan , Hongyu Yang , Ze Hu , Laiwei Jiang , Liang Zhang , Xiang Cheng","doi":"10.1016/j.csi.2023.103829","DOIUrl":"10.1016/j.csi.2023.103829","url":null,"abstract":"<div><p>To address the slow response time of existing detection modules to the Internet of Things<span> (IoT) Distributed Denial of Service (DDoS) attacks, along with their low feature differentiation and poor detection performance, we propose MRFM, a timely detection method with multidimensional reconstruction and function mapping. Firstly, we employ a queue mechanism to capture and store incoming network traffic data within a predefined time frame. Subsequently, we introduce a multidimensional reconstruction neural network model, specifically designed to reconstruct quantitative features based on their respective indices by adjusting the loss function. This process is followed by the computation of multidimensional reconstruction errors and the transformation of vectors into mapping features, thereby augmenting the disparities among various types of traffic data and promoting the similarity within the same category of traffic data. Lastly, we extract frequency information from the qualitative feature matrix using information entropy calculations, enriching the feature profile of individual traffic instances. The experimental results on two benchmark datasets show that MRFM can effectively detect different types of DDoS attacks. Notably, MRFM consistently outperforms other existing methods, exhibiting an average metric improvement of up to 9.61 %.</span></p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"89 ","pages":"Article 103829"},"PeriodicalIF":5.0,"publicationDate":"2023-12-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139055029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fanfan Shen , Lin Shi , Jun Zhang , Chao Xu , Yong Chen , Yanxiang He
{"title":"BMSE: Blockchain-based multi-keyword searchable encryption for electronic medical records","authors":"Fanfan Shen , Lin Shi , Jun Zhang , Chao Xu , Yong Chen , Yanxiang He","doi":"10.1016/j.csi.2023.103824","DOIUrl":"10.1016/j.csi.2023.103824","url":null,"abstract":"<div><p><span><span>The storage of electronic medical records<span> (EMRs) is an area of extensive research, and healthcare systems often delegate this task to cloud service providers (CSP). Typically, CSP transmits the encrypted EMRs to a cloud server with a </span></span>searchable encryption scheme<span><span> for easy retrieval. However, the enormous power held by centralized CSP poses a potential threat to patients’ personal privacy, as it can lead to unauthorized access and misuse of medical data by both CSP and data users, such as doctors. This paper proposes a blockchain-based multi-keyword searchable encryption (BMSE) electronic medical record solution. The scheme consists of two parts. On the one hand, our solution involves the integration of blockchain technology and the utilization of </span>advanced encryption standard (AES) for symmetric </span></span>data encryption. Additionally, we employ attribute-based encryption (ABE) to encrypt the search index. This approach aims to address the issue of excessive power held by centralized CSP, which can potentially result in the compromise of patients’ privacy. On the other hand, we use the K-means algorithm to cluster the documents, and use the relevance score of keywords and documents as the search index to solve the problem of low efficiency of the existing multi-keyword searchable encryption schemes. Finally, we verify the safety of BMSE through safety analysis, and the experimental analysis shows that BMSE improves the search efficiency.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"89 ","pages":"Article 103824"},"PeriodicalIF":5.0,"publicationDate":"2023-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138821348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Chi Liu , Tianqing Zhu , Yuan Zhao , Jun Zhang , Wanlei Zhou
{"title":"Disentangling different levels of GAN fingerprints for task-specific forensics","authors":"Chi Liu , Tianqing Zhu , Yuan Zhao , Jun Zhang , Wanlei Zhou","doi":"10.1016/j.csi.2023.103825","DOIUrl":"10.1016/j.csi.2023.103825","url":null,"abstract":"<div><p><span>Image generation using </span>generative adversarial networks<span> (GANs) has raised new security challenges recently. One promising forensic solution is verifying whether or not a suspicious image contains a GAN fingerprint, a unique trace left behind by the source GAN. Previous methods mainly focused on GAN fingerprint extraction while underestimating the downstream forensic applications<span>, and the fingerprints are often single-level which only supports one specific forensic task. In this study, we investigate the problem of disentangling different levels of GAN fingerprints to satisfy the need for varying forensics tasks. Based on an analysis of fingerprint dependency revealing the existence of two levels of fingerprints in different signal domains, we proposed a decoupling representation framework to separate and extract two types of GAN fingerprints from different domains. An adversarial data augmentation strategy plus a transformation-invariant loss is added to the framework to enhance the robustness of fingerprints to image perturbations. Then we elaborated on three typical forensics tasks and the task-specific fingerprinting using different GAN fingerprints. Extensive experiments have verified our dependency analysis, the effectiveness and robustness of the proposed fingerprint extraction framework, and the applicability of task-specific fingerprinting in real-world and simulated scenarios.</span></span></p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"89 ","pages":"Article 103825"},"PeriodicalIF":5.0,"publicationDate":"2023-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138685811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Fast intensive validation on blockchain with scale-out dispute resolution","authors":"Mingming Wang , Qianhong Wu","doi":"10.1016/j.csi.2023.103820","DOIUrl":"10.1016/j.csi.2023.103820","url":null,"abstract":"<div><p>Blockchain heralds the dawn of decentralized applications that coordinate proper computations without requiring prior trust. Existing blockchain solutions, however, are incapable of dealing with intensive validation. Duplicated execution results in limited throughput and unacceptably high costs. Furthermore, the absence of secure incentive mechanisms derives undesired dilemmas among rational verifiers.</p><p><span>In this work, we present Lever-FS, a practical blockchain validation framework that makes intensive validation cost-efficient and incentive-compatible among rational verifiers. It is faster than previous constructions since full-fledged scalability is achieved over optimistic execution, dispute resolution, and backbone confirmation of every potential workload. Lever-FS first curtails the scale of each validation to a single node and introduces novel challenge-response games between potential adversaries and rational participants, optimistically optimizing validation redundancy according to the practical adversarial capability confronted. When there is a rich and stubborn adversary, the backstop protocol is then activated to resolve intricate disputes via a threshold voting supported by concurrent redundant executions. Throughout the game, compelling incentive design efficiently transfers the adversary’s budget to proliferated task rewards for subsequent executions, therefore allowing the user to lever sufficient endorsements for the correct verdict with minimum expense. In addition, fair incentive distribution mechanisms are designed to circumvent the well-known Verifier’s Dilemma. Finally, we accelerate Lever-FS with sharding to enable scale-out backbone confirmation, seamless </span>workload balancing, and optimized unanimous assertion across multiple independent validation instances.</p><p>Experiments reveal that Lever-FS significantly improves the throughput while lowering expenses of intensive validation with a slight tradeoff in latency. Compared to state-of-the-art alternatives, it removes their brittle reliance on altruism, dense interactions, or massive computational power. It is also robust to conceivable attacks on validation and performs distinguishable ability to purify Byzantine participants.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"89 ","pages":"Article 103820"},"PeriodicalIF":5.0,"publicationDate":"2023-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138686058","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Privacy-preserving compromised credential checking protocol for account protection","authors":"Xiaopeng Yu , Dianhua Tang , Zhen Zhao , Wei Zhao","doi":"10.1016/j.csi.2023.103823","DOIUrl":"10.1016/j.csi.2023.103823","url":null,"abstract":"<div><p>Hundreds of millions of accounts are sold on the Dark Web as a result of hacking. These stolen accounts can be used to maliciously log into the victim’s application, which is also known as credential stuffing attacks. Recently, to resist these attacks, several compromised credential checking (C3) services have been deployed to provide users with APIs to check whether their accounts have been exposed. However, these C3 services provide the security at the cost of high latency and bandwidth. There is also the problem implicitly trusting the server to properly handle the hash prefixes containing passwords. To solve these problems, we present an efficient C3 protocol for account protection, which enables a client to check whether its account appears in a database storing the compromised credentials, without disclosing the queried account to the server. Compared to existing C3 services, the proposed C3 protocol has <span><math><mrow><mn>10</mn><mo>∼</mo><mn>20</mn><mo>×</mo></mrow></math></span> and <span><math><mrow><mn>17</mn><mo>.</mo><mn>8</mn><mo>∼</mo><mn>20</mn><mo>.</mo><mn>7</mn><mtext>%</mtext></mrow></math></span><span> improvement in computational time for both the client and server during the online phase, respectively, while maintaining the same computational time for server during the preprocessing phase. Meanwhile, the proposed C3 protocol improves the communication cost of client-to-server by </span><span><math><mrow><mn>17</mn><mo>∼</mo><mn>33</mn><mo>×</mo></mrow></math></span> while maintaining the same communication cost of server-to-client.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"89 ","pages":"Article 103823"},"PeriodicalIF":5.0,"publicationDate":"2023-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138742741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"FFEC: Fast and forward-secure equivalence-based ciphertext comparability for multiple users in cloud environment","authors":"Sha Ma, Zhiqing Ye, Qiong Huang, Chengyu Jiang","doi":"10.1016/j.csi.2023.103821","DOIUrl":"10.1016/j.csi.2023.103821","url":null,"abstract":"<div><p><span><span>With the expansion of cloud computing, an increasing amount of sensitive data is being encrypted and stored in public clouds to alleviate storage and management burdens. Secure equivalence-based retrieval of </span>ciphertexts for multiple users is crucial in a cloud environment where diverse user data resides for processing purposes. </span>Public key encryption<span><span> with equality test (PKEET) has been introduced as a cryptographic tool to verify if two ciphertexts under different public keys contain the same message. However, existing PKEET schemes often face misuse of trapdoors due to their unlimited lifespan, potentially leading to unauthorized disclosure of user privacy. In this paper, we propose a novel approach called fast and forward-secure equivalence-based comparability (FFEC) for multiple users by employing a forward-secure PKEET (FS-PKEET). This restricts the </span>retrieval process<span> only to ciphertexts generated prior to the most recent trapdoor update. We present a concrete FS-PKEET scheme based on bilinear pairing<span> and demonstrate its security using Bilinear Diffie–Hellman (BDH) assumption in the random oracle model. Comprehensive performance evaluation shows that our work has much efficiency of decryption, trapdoor generation and test execution thanks to greatly reducing the cost of trapdoor generation and thus is practical for the application of secure ciphertext information retrieval in cloud environment.</span></span></span></p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"89 ","pages":"Article 103821"},"PeriodicalIF":5.0,"publicationDate":"2023-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138685815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A new modified Skew Tent Map and its application in pseudo-random number generator","authors":"Talha Umar, Mohammad Nadeem, Faisal Anwer","doi":"10.1016/j.csi.2023.103826","DOIUrl":"10.1016/j.csi.2023.103826","url":null,"abstract":"<div><p>Everyday, a vast amount of information is created and shared on the internet. Security steps and methods are needed to ensure the data is sent and stored safely. Random numbers are essential to cryptography because they are crucial to securing data. In recent years, the use of chaos theory has become increasingly important in producing pseudo-random number sequences in the field of cryptography. But the majority of fundamental chaotic maps have a variety of limitations, such as constrained chaotic regions, a low Lyapunov Exponent (LE), chaotic annulling conditions, and high computational cost. In this research, we construct a new chaotic map based on the skew tent map (STM) in order to find a better solution to these problems. The proposed chaotic map includes significantly enhanced chaotic behaviour and has a more comprehensive chaotic range and higher LE. Furthermore, two novels Pseudo-random Number Generators (PRNGs) based on a new M-STM chaotic map, have been built to investigate its application in security-related fields. The performance evaluations of these generators demonstrate their ability to generate pseudo-random number sequences that exhibit improved statistical properties efficiently.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"89 ","pages":"Article 103826"},"PeriodicalIF":5.0,"publicationDate":"2023-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138742268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yuchen Xiao , Lei Zhang , Yafang Yang , Wei Wu , Jianting Ning , Xinyi Huang
{"title":"Provably secure multi-signature scheme based on the standard SM2 signature scheme","authors":"Yuchen Xiao , Lei Zhang , Yafang Yang , Wei Wu , Jianting Ning , Xinyi Huang","doi":"10.1016/j.csi.2023.103819","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103819","url":null,"abstract":"<div><p><span><span><span>The multi-signature scheme plays a crucial role in addressing trust and authentication challenges in digital transactions and other scenarios by allowing multiple users to sign the same message. Among various signature schemes, the SM2 signature scheme stands out for its exceptional security and efficiency, making it widely adopted in numerous fields. In this paper, we propose the first </span>provably secure<span> multi-signature scheme based on the standard SM2 signature scheme, i.e., the scheme can be reduced to the standard SM2 signature scheme when there is only one signer. We prove that our scheme is existential unforgeability under chosen message attacks in the bijective random oracle model, based on the assumption that the </span></span>elliptic curve </span>discrete logarithm problem is hard. Compared with the existing multi-signature schemes based on the SM2 signature scheme in the same category, our scheme exhibits improved efficiency in terms of communication delay and computational cost.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"89 ","pages":"Article 103819"},"PeriodicalIF":5.0,"publicationDate":"2023-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138501478","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Secure decision tree classification with decentralized authorization and access control","authors":"Chen Wang , Jian Xu , Shanru Tan , Long Yin","doi":"10.1016/j.csi.2023.103818","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103818","url":null,"abstract":"<div><p><span><span><span>Outsourcing decision tree<span> classification services to the cloud is highly beneficial, yet raises critical privacy problems. In order to preserve data privacy, data owners may choose to upload encrypted data rather than raw data to the classification services. However, these solutions adopted today for encrypted data classification not only fall short in system flexibility and scalability, but also face the </span></span>single point of failure problem. In this paper, we design, implement, and evaluate a secure decision tree </span>classification scheme<span> that allows decentralized authorization and access control service (SDTC-DAAC). Firstly, we propose a new framework that decouples </span></span>data encryption<span> and data computation logic to achieve the separation of data storage and computation, which significantly improves upon the flexibility and effectiveness, thus achieving cross-system compatibility requirements. Secondly, we present an end-to-end encrypted access control mechanism<span> which enables authorized users from different parties to participate in calculations together. Finally, we further devise a scheme which serves decentralized storage service of data access control policies and access authorization without trusted intermediaries. Extensive property and performance analysis shows that SDTC-DAAC is effectiveness, as well as satisfying the security requirements for data privacy in an outsourcing environment.</span></span></p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"89 ","pages":"Article 103818"},"PeriodicalIF":5.0,"publicationDate":"2023-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138490617","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zi-Yuan Liu , Masahiro Mambo , Raylin Tso , Yi-Fan Tseng
{"title":"Anonymous hierarchical identity-based encryption with delegated traceability for cloud-based data sharing systems","authors":"Zi-Yuan Liu , Masahiro Mambo , Raylin Tso , Yi-Fan Tseng","doi":"10.1016/j.csi.2023.103817","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103817","url":null,"abstract":"<div><p><span><span>Cloud-based data sharing systems (DSS) have become prevalent due to their ample storage and convenient access control. To </span>protect sensitive data<span> privacy in DSS, anonymous identity-based encryption (IBE) is a promising approach, enabling encryption<span><span> using a recipient’s identity as a public key, while preventing identity and data leaks out of </span>ciphertexts. As complete anonymity risks abuse and illegal usage, Blazy et al. introduced the notion called anonymous IBE with traceable identities (AIBET) at ARES’19, allowing users with tracing keys to identify recipients from ciphertexts. Unfortunately, existing AIBET schemes lack tracing key delegation and only consider security in weaker models (</span></span></span><em>i.e.,</em> selective-identity attacks and chosen-plaintext attacks), posing risks of inconvenience and user privacy leaks. In this paper, we introduce a novel notion called anonymous hierarchical identity-based encryption with delegated traceability (AHIBEDT) for DSS. We formalize its syntax and define security notions in stronger models (<em>i.e.,</em> adaptive-identity attacks and chosen-ciphertext attacks). In addition, we demonstrate that a concrete AHIBEDT scheme can be simply obtained from a hierarchical IBE scheme and a one-time signature scheme. The comparison results indicate that, despite a substantial increase in communication and computational costs, our approach achieves better security and functionality.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"89 ","pages":"Article 103817"},"PeriodicalIF":5.0,"publicationDate":"2023-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138490616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}