Computer Standards & Interfaces最新文献

{"title":"Lattice-based dynamic universal accumulator: Design and application","authors":"Yong Zhao ,&nbsp;Shaojun Yang ,&nbsp;Xinyi Huang","doi":"10.1016/j.csi.2023.103807","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103807","url":null,"abstract":"<div><p>Dynamic universal accumulator is a crucial cryptography primitive. This type of accumulator can provide a succinct witness for a member (resp. nonmember) in order to make sure whether such member (resp. nonmember) is accumulated in a set, and supports deleting and adding operations from the accumulated set, as well as updating the existing witnesses. In recent years, lattice-based accumulator has given rise to increasing attention with the advent of quantum computing<span>. However, none of existing lattice-based accumulators is both universal and dynamic. Therefore, in this work, we first design a lattice-based dynamic universal accumulator scheme with undeniability and indistinguishability. And we construct a Stern-like zero-knowledge argument protocol about a fresh relation to show that this accumulator supports set membership proofs. Moreover, we use this accumulator and the protocol to construct a full dynamic group signature<span> with stateless updates from lattices, holding traceability and full anonymity. Furthermore, we give an implementation of our accumulator scheme, and the experiment results show that the update algorithms in this scheme have good practicability.</span></span></p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2023-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138465597","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"New tag-based signatures and their applications on linearly homomorphic signatures","authors":"Chengjun Lin ,&nbsp;Rui Xue ,&nbsp;Xinyi Huang ,&nbsp;Shaojun Yang","doi":"10.1016/j.csi.2023.103804","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103804","url":null,"abstract":"<div><p><span>Tag-based signature schemes can be efficiently converted into digital signature schemes using a generic transformation. However, there is no signature scheme that admits </span><span><math><mrow><mi>k</mi><mo>&gt;</mo><mn>1</mn></mrow></math></span><span> fold tag-collisions in the lattice environment as pointed by Ducas and Micciancio (2014). This work answers this problem in the stateful case. We use homomorphic hash functions and hash functions of tags to construct a SIS-based stateful tag-based signature (STS) scheme that admits </span><span><math><mrow><mi>k</mi><mo>&gt;</mo><mn>1</mn></mrow></math></span> fold tag-collisions. Messages are encoded prior to the signing procedure such that any <span><math><mi>k</mi></math></span><span> sequentially signed messages with the same tag form a basis for a vector subspace. The security analysis adopts a new abstraction called vector-space oriented partition. With the same technique, two STS schemes based on the CDH and the RSA assumptions, respectively, are proposed.</span></p><p>As an application of our STS schemes, we show that those having field (or quasi-field) as message space can be converted into linearly homomorphic signature (LHS) schemes. Therefore, we immediately obtain CDH/RSA-based LHS scheme in the standard model under the same weaker assumption. Our LHS schemes can be viewed as “removing the restriction on the homomorphic property” from the related STS schemes. They have similar public key and signature sizes as the existing counterparts.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2023-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134656262","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"StopGuess: A framework for public-key authenticated encryption with keyword search","authors":"Tao Xiang ,&nbsp;Zhongming Wang ,&nbsp;Biwen Chen ,&nbsp;Xiaoguo Li ,&nbsp;Peng Wang ,&nbsp;Fei Chen","doi":"10.1016/j.csi.2023.103805","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103805","url":null,"abstract":"<div><p><span>Public key encryption with </span>keyword search<span><span> (PEKS) allows users to search on encrypted data without leaking the keyword information from the </span>ciphertexts<span>. But it does not preserve keyword privacy within the trapdoors, because an adversary (e.g., untrusted server) might launch inside keyword-guessing attacks (IKGA) to guess keywords from the trapdoors. In recent years, public key<span> authenticated encryption with keyword search (PAEKS) has become a promising primitive to counter the IKGA. However, existing PAEKS schemes focus on the concrete construction of PAEKS, making them unable to support modular construction, intuitive proof, or flexible extension. In this paper, our proposal called “StopGuess” is the first elegant framework to achieve the above-mentioned features. StopGuess provides a general solution to eliminate IKGA, and we can construct a bundle of PAEKS schemes from different cryptographic assumptions under the framework. To show its feasibility, we present two generic constructions of PAEKS and their (pairing-based and lattice-based) instantiations in a significantly simpler and more modular manner. Besides, without additional costs, we extend PAEKS to achieve anonymity which preserves the identity of users; we integrate it with symmetric encryption to support data retrieval functionality which makes it practical in resource-constrained applications.</span></span></span></p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2023-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136571409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An extension of iStar for Machine Learning requirements by following the PRISE methodology","authors":"Jose M. Barrera ,&nbsp;Alejandro Reina-Reina ,&nbsp;Ana Lavalle ,&nbsp;Alejandro Maté ,&nbsp;Juan Trujillo","doi":"10.1016/j.csi.2023.103806","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103806","url":null,"abstract":"<div><p>The rise of Artificial Intelligence (AI) and Deep Learning has led to Machine Learning (ML) becoming a common practice in academia and enterprise. However, a successful ML project requires deep domain knowledge as well as expertise in a plethora of algorithms and data processing techniques. This leads to a stronger dependency and need for communication between developers and stakeholders where numerous requirements come into play. More specifically, in addition to functional requirements such as the output of the model (e.g. classification, clustering or regression), ML projects need to pay special attention to a number of non-functional and quality aspects particular to ML. These include explainability, noise robustness or equity among others. Failure to identify and consider these aspects will lead to inadequate algorithm selection and the failure of the project. In this sense, capturing ML requirements becomes critical. Unfortunately, there is currently an absence of ML requirements modeling approaches. Therefore, in this paper we present the first i* extension for capturing ML requirements and apply it to two real-world projects. Our study covers two main objectives for ML requirements: (i) allows domain experts to specify objectives and quality aspects to be met by the ML solution, and (ii) facilitates the selection and justification of the most adequate ML approaches. Our case studies show that our work enables better ML algorithm selection, preprocessing implementation tailored to each algorithm, and aids in identifying missing data. In addition, they also demonstrate the flexibility of our study to adapt to different domains.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2023-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548923000879/pdfft?md5=447b624c5e74240f674a13985fae98c9&pid=1-s2.0-S0920548923000879-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"109182520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Assessment of the Quality of the Text of Safety Standards with Industrial Semantic Technologies","authors":"Jose Luis de la Vara ,&nbsp;Hector Bahamonde ,&nbsp;Clara Ayora","doi":"10.1016/j.csi.2023.103803","DOIUrl":"10.1016/j.csi.2023.103803","url":null,"abstract":"<div><p>Most safety-critical systems are subject to rigorous assurance processes to justify that the systems are dependable. These processes are typically conducted in compliance with safety standards, e.g., DO-178C for software in aerospace. This can be a prerequisite so that a system is allowed to operate. However, following these standards can be challenging in practice because of issues in their text such as imprecision, ambiguity, and inconsistency. These issues can hinder compliance, delaying it and making it more expensive, or even preventing it. As a solution, we aim to define means that aid in the identification of the issues and thus facilitate their resolution. We have developed an approach for assessment of the quality of the text of safety standards with RQA - Quality Studio, an industrial tool for requirements quality analysis with semantic technologies. The approach is based on the extraction of analysis units from a standard, on the specification and exploitation of ontologies, and on the reuse of metrics provided by RQA - Quality Studio to evaluate text quality. The approach has been applied on the DO-178C standard, assessing its text as a whole and its different main individual parts. The quality of most of the text of the standard can be regarded as high. The most frequent issues in DO-178C are the use of passive voice, of synonyms, and of imprecise modal verbs. To the best of our knowledge, this is the first study that provides a means for a broad and detailed assessment of the quality of the text of safety standards, leading to the identification of specific aspects that could be improved in the text and indicating the extent to which quality issues affect it.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2023-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136153924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing cyber security in WSN using optimized self-attention-based provisional variational auto-encoder generative adversarial network","authors":"B. Meenakshi ,&nbsp;D. Karunkuzhali","doi":"10.1016/j.csi.2023.103802","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103802","url":null,"abstract":"<div><p>Wireless sensor network (WSN) is a multi-hop and self-organizing wireless network consists of fixed or moving sensors, this is one of the key components of the cyber physical system. It jointly senses, gathers, analyses, and transfer the data of detected objects in the network's service area before sending this data to the network's owner. The attacks like, Black hole, Gray hole, Flooding, scheduling are the usual WSN attacks that could quickly harm the system. A significant level of redundancy, network data's higher correlation, intrusion detection schemes for wireless sensor networks also have the drawbacks of poor identification rate, high computation overhead, and higher false alarm rate.</p></div><div><h3>Methods</h3><p>Initially, the data's are taken from WSN-DS. In pre-processing, it confiscates the data redundancy and missing value restore sunder Color Wiener filtering (CWF). In feature selection, the optimal features are selected using tasmanian devil optimization (TDO) algorithm. Based on the optimum features, the intruders in WSN data are categorized into normal and anomalous data utilizing SAPVAGAN. Hence, honey badger algorithm (HBA) is proposed to optimize the SAPVAGAN, which detects the WSN intrusion accurately.</p></div><div><h3>Results</h3><p>The proposed technique is performed in Python utilizing the WSN-DS dataset. Here, the performance measures, like recall, precision, f-measure, specificity, accuracy, RoC, computation time is evaluated. The proposed method provides 23.56%, 12.64%, and 15.63% higher accuracy, 23.14%, 16.78% and 20.04% lower computational time analyzed to the existing models, such as Intrusion Detection System in wireless sensor network using light GBM method (ECS-WSN-SLGBM), Intrusion Detection Scheme in wireless sensor network utilizing recurrent neural network (ECS-WSN-RNN) and Intrusion Detection Scheme for Wireless Sensor Networks utilizing whale optimized gate recurrent unit (ECS-WSN-WOGRU) respectively.</p></div><div><h3>Conclusion</h3><p>It combines advanced techniques such as self-attention, provisional learning, and generative adversarial networks. By leveraging self-attention, the model captures important features and relationships in the WSN data. The provisional allows the model to adapt to changing network dynamics. The component generates realistic sensor data and accurately identifies malicious inputs. Overall, this innovative approach improves security and adaptability in WSNs.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2023-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"109182521","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Attribute hiding subset predicate encryption: Quantum-resistant construction with efficient decryption","authors":"Yi-Fan Tseng","doi":"10.1016/j.csi.2023.103796","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103796","url":null,"abstract":"<div><p><span>Predicate encryption is well studied due to its flexibility in supporting fine-grained access control. In Katz et al. (2018) proposed a predicate encryption for a new predicate family, called subset predicate encryption. In such a scheme, a ciphertext and a private key are associated with sets. A private key can successfully decrypt a ciphertext if and only if the set for the private key is a subset of the set for the ciphertext. However, we found that, all the existing schemes are not able to hide the sets associated to ciphertexts, i.e., the information of receivers will be revealed. To enhance the privacy for receivers, we proposed the first subset predicate </span>encryption schemes<span> with weakly attribute hiding. Moreover, our first scheme is constructed over lattices, which is believed to be secure against quantum computers. The security of our scheme is formally proven in the standard model under well-studied complexity assumptions.</span></p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2023-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"109182341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An ontology-based secure design framework for graph-based databases","authors":"Manuel Paneque ,&nbsp;María del Mar Roldán-García ,&nbsp;Carlos Blanco ,&nbsp;Alejandro Maté ,&nbsp;David G. Rosado ,&nbsp;Juan Trujillo","doi":"10.1016/j.csi.2023.103801","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103801","url":null,"abstract":"<div><p>Graph-based databases are concerned with performance and flexibility. Most of the existing approaches used to design secure NoSQL databases are limited to the final implementation stage, and do not involve the design of security and access control issues at higher abstraction levels. Ensuring security and access control for Graph-based databases is difficult, as each approach differs significantly depending on the technology employed. In this paper, we propose the first technology-ascetic framework with which to design secure Graph-based databases. Our proposal raises the abstraction level by using ontologies to simultaneously model database and security requirements together. This is supported by the TITAN framework, which facilitates the way in which both aspects are dealt with. The great advantages of our approach are, therefore, that it: allows database designers to focus on the simultaneous protection of security and data while ignoring the implementation details; facilitates the secure design and rapid migration of security rules by deriving specific security measures for each underlying technology, and enables database designers to employ ontology reasoning in order to verify whether the security rules are consistent. We show the applicability of our proposal by applying it to a case study based on a hospital data access control.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2023-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S092054892300082X/pdfft?md5=0a9a1f4b56146a84734ebd49473c7240&pid=1-s2.0-S092054892300082X-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"109182342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Key-aggregate based access control encryption for flexible cloud data sharing","authors":"Jinlu Liu ,&nbsp;Jing Qin ,&nbsp;Wenchao Wang ,&nbsp;Lin Mei ,&nbsp;Huaxiong Wang","doi":"10.1016/j.csi.2023.103800","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103800","url":null,"abstract":"<div><p>Cloud computing has become the priority for users to store and share data due to its numerous tempting advantages. The “encryption-before-outsourcing” mechanism is necessary to protect data privacy against the semi-trusted cloud server. Key-Aggregate Cryptosystem (KAC) is a novel encryption paradigm for cloud data sharing. It enables users to decrypt multiple data encrypted with different keys using a constant size aggregate key. When selectively sharing data, the KAC effectively addresses the challenges of expensive key management in symmetric encryption (SE) and eliminates the need for multiple copies of ciphertexts in public key encryption (PKE). However, previous KAC schemes can only control what data users are allowed to receive by distributing aggregate keys, but not what data users can send. This limitation could potentially allow a malicious data owner to leak sensitive information by distributing aggregate keys to unauthorized users. Therefore, this paper aims to design the key-aggregate cryptosystem with bidirectional access control, which can control both what the user can receive and what the data owner can send. Inspired by access control encryption (ACE), we first propose a key-aggregate based access control encryption with user level (KA-ACE-UL) system that can control whether a sender can share his data with a receiver. Then, we investigate a finer-grained access control policy and propose a key-aggregate based access control encryption with user-data level (KA-ACE-UDL) system that can control the data classes a sender can share with a receiver. We instantiate the KA-ACE-UL and KA-ACE-UDL schemes based on Chu et al.’s KAC scheme. We prove our proposed schemes can achieve both secure data storage and controlled data sharing, ensuring security against unauthorized receivers and malicious senders. Finally, theoretical performance analysis and practical experiments show the efficiency of our proposed schemes.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2023-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49715953","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Network analysis in a peer-to-peer energy trading model using blockchain and machine learning","authors":"Saurabh Shukla ,&nbsp;Shahid Hussain ,&nbsp;Reyazur Rashid Irshad ,&nbsp;Ahmed Abdu Alattab ,&nbsp;Subhasis Thakur ,&nbsp;John G. Breslin ,&nbsp;M Fadzil Hassan ,&nbsp;Satheesh Abimannan ,&nbsp;Shahid Husain ,&nbsp;Syed Muslim Jameel","doi":"10.1016/j.csi.2023.103799","DOIUrl":"https://doi.org/10.1016/j.csi.2023.103799","url":null,"abstract":"<div><p>Existing technology like smart grid (SG) and smart meters play a significant role in meeting the everlasting demand of energy consumption, supply, and generation for peer-to-peer (P2P) energy trading between different distributed prosumers. Whereas blockchain when used with P2P energy trading plays a major role in cost and security by eliminating any involvement of outsiders and third parties. However, existing works related to the blockchain with P2P energy trading are engaged in increasing the cost related to resource allocation, latency, computational processing, and large network setup. The objective of this paper is to design and develop a three-tier architecture, an analytical model, and a hybrid algorithm for network analysis in a blockchain-based P2P energy trading system using reinforcement learning (RL) and feed forward neural network (FFNN) techniques. In this model, we will examine the various parameters and tradeoffs which affect the delay, throughput, and security in P2P energy trading. This will lead to profitable P2P energy trading between different distributed prosumers. By analyzing the simulation results of the proposed model and algorithm by benchmarking with the existing state-of-the-art techniques it's clear that the proposed algorithm shows marked improvement over network latency generated results. The simulation of the model is conducted using the iFogSim simulator, Ganache with Ethereum platform, Truffle, Python editor tool, and ATOM IDE with solidity.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2023-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49715616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}