Computer Standards & Interfaces最新文献_第4页

Success factors for standards during the technology life cycle 技术生命周期中标准的成功因素

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-30 DOI: 10.1016/j.csi.2025.104043

Geerten van de Kaa , Henk J. de Vries

引用次数: 0

Logarithmic identity-based ring signature over lattices and linkable variant 格上基于对数恒等的环签名及其可连接变分

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-30 DOI: 10.1016/j.csi.2025.104036

Wen Gao , Tianyou Fu , Baodong Qin , Xiaoli Dong , Zhen Zhao , Momeng Liu

{"title":"Logarithmic identity-based ring signature over lattices and linkable variant","authors":"Wen Gao , Tianyou Fu , Baodong Qin , Xiaoli Dong , Zhen Zhao , Momeng Liu","doi":"10.1016/j.csi.2025.104036","DOIUrl":"10.1016/j.csi.2025.104036","url":null,"abstract":"<div><div>The ring signature is extensively utilized in many fields, including e-voting, cryptocurrency, blockchain settings, etc. This paper proposes an effective identity-based ring signature (IBRS) from the lattice assumption by using logarithmic size OR proofs of group action to make the ring signature able to cope with the challenges of quantum attacks. Our construction has been proven anonymous and unforgeable in the random oracle model (ROM) under the hardness of Module Small Integer Solution (MSIS) assumption from lattices, a hot quantum-resistant cryptographic primitive. The anonymity makes it possible for a signer to sign the same message twice or more without being detected by the verifier. This would bring repeated e-voting or double spending of the same money in blockchain. Therefore, as an additional work, we give a linkable variant. Compared with existing IBRS schemes with linear sizes, the size of our scheme is relatively short and achieves logarithmic communication cost with its ring scale <span><math><mi>N</mi></math></span>. Our research data show that the signature size of our proposal has significant advantages over several existing schemes with an increase of <span><math><mi>N</mi></math></span>. When the ring scale <span><math><mi>N</mi></math></span> is set to be 32 (512, resp.), our scheme has a signature size of 177.13KiB (179.75KiB, resp.), while the previous scheme has a size of at least 154.06KiB (2695.74KiB, resp.).</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104036"},"PeriodicalIF":4.1,"publicationDate":"2025-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144557322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

USBIPS framework: Protecting hosts from malicious USB peripherals USBIPS框架：保护主机免受恶意USB外设的攻击

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-25 DOI: 10.1016/j.csi.2025.104040

Chun-Yi Wang , Fu-Hau Hsu

{"title":"USBIPS framework: Protecting hosts from malicious USB peripherals","authors":"Chun-Yi Wang , Fu-Hau Hsu","doi":"10.1016/j.csi.2025.104040","DOIUrl":"10.1016/j.csi.2025.104040","url":null,"abstract":"<div><div>Universal Serial Bus (USB)-based attacks have increased in complexity in recent years. Modern attacks incorporate a wide range of attack vectors, from social engineering to signal injection. The security community is addressing these challenges using a growing set of fragmented defenses. Regardless of the vector of a USB-based attack, the most important risks concerning most people and enterprises are service crashes and data loss. The host OS manages USB peripherals, and malicious USB peripherals, such as those infected with BadUSB, can crash a service or steal data from the OS. Although USB firewalls have been proposed to thwart malicious USB peripherals, such as USBFilter and USBGuard, their effect is limited for preventing real-world intrusions. This paper focuses on building a security framework called USBIPS within Windows OSs to defend against malicious USB peripherals. This includes major efforts to explore the nature of malicious behavior and achieve persistent protection from USB-based intrusions. Herein, we first introduce an allowlisting-based method for USB access control. We then present a behavior-based detection mechanism focusing on attacks integrated into USB peripherals. Finally, we propose a novel approach that combines cross-layer methods to build the first generic security framework that thwarts USB-based intrusions. Within a centralized threat analysis framework, the approach provides persistent protection and may detect unknown malicious behavior. By addressing key security and performance challenges, these efforts help modern OSs against attacks from untrusted USB peripherals.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104040"},"PeriodicalIF":4.1,"publicationDate":"2025-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144524015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Quality assessment of GPT-3.5 and Gemini 1.0 Pro for SQL syntax GPT-3.5和Gemini 1.0 Pro SQL语法质量评估

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-24 DOI: 10.1016/j.csi.2025.104041

Cosmina-Mihaela Rosca , Adrian Stancu

{"title":"Quality assessment of GPT-3.5 and Gemini 1.0 Pro for SQL syntax","authors":"Cosmina-Mihaela Rosca , Adrian Stancu","doi":"10.1016/j.csi.2025.104041","DOIUrl":"10.1016/j.csi.2025.104041","url":null,"abstract":"<div><div>Nowadays, GPT-3.5 and Gemini 1.0 Pro are employed for various tasks, both for personal and professional use, in multiple domains like education, economy, computer science, etc. Given the increase in users, knowing the quality level of these artificial intelligence (AI) tools is important. Thus, the paper presents a comparative analysis of syntax accuracy generated for SQL databases utilizing the services of GPT-3.5 and Gemini 1.0 Pro. Firstly, the algorithms for testing GPT-3.5 and Gemini 1.0 Pro were developed. Secondly, five types of tests, which implied 700 queries, were conducted by considering requirements with low and high degrees of difficulty. The tests focus on syntax-generated accuracy using an experimental (NorthWind) database, syntax-generated accuracy study using a user-made database, syntax correction accuracy, different responses to the same question on the same account, and different responses to the same question on other accounts. The accuracy obtained for all tests revealed that the GPT-3.5 service has a value of 87 % for SQL syntax generation or correction, whereas the Gemini 1.0 Pro service has an accuracy of 80 %. These results underscore the effectiveness of GPT-3.5 and Gemini 1.0 Pro in assisting with SQL syntax tasks, albeit with differing levels of precision. The findings highlight the significance of human supervision and validation in ensuring the correctness of AI-generated responses, particularly in database-related tasks. The results affect developers and database administrators when selecting appropriate tools for query requirements. For now, replacing programmers with GPT-3.5 and Gemini 1.0 Pro is impossible.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104041"},"PeriodicalIF":4.1,"publicationDate":"2025-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144489567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain beyond immutability: Application firewalls on ethereum-based platforms 区块链超越不变性：基于以太坊平台的应用程序防火墙

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-23 DOI: 10.1016/j.csi.2025.104038

Christian Delgado-von-Eitzen, Manuel José Fernández-Iglesias, Luis Anido-Rifón, Fernando A. Mikic-Fonte

{"title":"Blockchain beyond immutability: Application firewalls on ethereum-based platforms","authors":"Christian Delgado-von-Eitzen, Manuel José Fernández-Iglesias, Luis Anido-Rifón, Fernando A. Mikic-Fonte","doi":"10.1016/j.csi.2025.104038","DOIUrl":"10.1016/j.csi.2025.104038","url":null,"abstract":"<div><div>Blockchain is a technology that gained relevance in various fields due to its transparency and security in recording information in a reliable and immutable manner. In particular, the adoption of private blockchain platforms based on the Ethereum technology grew significantly in enterprise environments. However, there are certain issues concerning privacy and access control that may pose significant challenges in scenarios where private transactions occur between user agents instead of nodes, that is, between blockchain accounts that are not necessarily attached to specific nodes. The Blockchain Application Firewall (BAF) is introduced as a conceptual framework that can be applied in cases where control over data access is needed, including private transactions between accounts. More specifically, the BAF is intended to complement a blockchain endpoint acting as an intermediary between users and blockchain services and data, monitoring and controlling incoming and outgoing traffic, according to an applied access policy. This work investigates BAF’s feasibility and effectiveness in enhancing the capabilities of Ethereum-based blockchains in the described scenarios. A proof-of-concept was implemented with Besu to assess its feasibility, providing evidence that BAF can act as an additional layer of control over data stored, helping to solve key limitations in practical implementations and allowing exploration of new use cases that could not be addressed so far.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104038"},"PeriodicalIF":4.1,"publicationDate":"2025-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144502422","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Human-centered interface design for a dynamic cyber-risk group-based training game 基于动态网络风险群体的培训游戏人机界面设计

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-21 DOI: 10.1016/j.csi.2025.104030

Tony Delvecchio , Sander Zeijlemaker , Giancarlo De Bernardis , Michael Siegel

引用次数: 0

Certificateless searchable encryption with cryptographic reverse firewalls for IIoT 无证书可搜索加密与加密反向防火墙用于工业物联网

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-19 DOI: 10.1016/j.csi.2025.104034

Mazin Taha , Ting Zhong , Rashad Elhabob , Hu Xiong , Mohammed Amoon , Saru Kumari

{"title":"Certificateless searchable encryption with cryptographic reverse firewalls for IIoT","authors":"Mazin Taha , Ting Zhong , Rashad Elhabob , Hu Xiong , Mohammed Amoon , Saru Kumari","doi":"10.1016/j.csi.2025.104034","DOIUrl":"10.1016/j.csi.2025.104034","url":null,"abstract":"<div><div>Integrating the Industrial Internet of Things (IIoT) and cloud computing is increasingly prevalent in modern business. However, to safeguard data privacy in the cloud server (CS), sensitive information must be encrypted prior to uploading to a CS. The real challenge is searching encrypted data without compromising speed or security. Public Key Encryption with Keyword Search (PEKS) schemes enable the search of ciphertexts without exposing sensitive information. This article introduces a novel Certificateless Searchable Encryption with Cryptographic Reverse Firewalls (CL-SE-CRF). Meanwhile, the proposed scheme addresses the PEKS limitations by removing the requirement for conventional certificate management and addressing concerns related to key escrow. In addition, the security analysis demonstrates that the CL-SE-CRF scheme can prevent and resist keyword guessing attacks (KGA), algorithm substitution attacks (ASA), and chosen keyword attacks (CKA). Furthermore, experimental results demonstrate that the CL-SE-CRF significantly reduces communication and computation costs in the IIoT compared to similar protocols. Therefore, the proposed scheme is helpful for IIoT applications.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104034"},"PeriodicalIF":4.1,"publicationDate":"2025-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144522219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Breaking barriers in healthcare: A secure identity framework for seamless access 打破医疗保健中的障碍：实现无缝访问的安全身份框架

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-19 DOI: 10.1016/j.csi.2025.104020

Antonio López Martínez , Montassar Naghmouchi , Maryline Laurent , Joaquín García Alfaro , Manuel Gil Pérez , Antonio Ruiz Martínez

{"title":"Breaking barriers in healthcare: A secure identity framework for seamless access","authors":"Antonio López Martínez , Montassar Naghmouchi , Maryline Laurent , Joaquín García Alfaro , Manuel Gil Pérez , Antonio Ruiz Martínez","doi":"10.1016/j.csi.2025.104020","DOIUrl":"10.1016/j.csi.2025.104020","url":null,"abstract":"<div><div>The digitization of healthcare data has heightened concerns about security, privacy, and interoperability. Traditional centralized systems are vulnerable to cyberattacks and data breaches, risking the exposure of sensitive patient information and decreasing trust in digital healthcare services. In addition, healthcare stakeholders use various standards and formats, creating challenges for data sharing and seamless communication. To address these points, this article identifies all the healthcare stakeholders and translates each useful element of a patient’s electronic health record (EHR) into Fast Healthcare Interoperability Resources (FHIR), to propose a complete role-based access control model that specifies which FHIR resources an actor is allowed to access. To validate this role model, three new use cases are defined, in which the various stakeholders interact and access the FHIR resources. Moreover, specific smart contracts are detailed to implement the role model in an automated way and provide a robust access control mechanism within healthcare organizations. The feasibility of the proposed access control mechanism is demonstrated through proof-of-concept and test performance measurements. Finally, the solution is validated as a realistic solution adapted to the scale of a country based on health statistics.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104020"},"PeriodicalIF":4.1,"publicationDate":"2025-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144470925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain-aided secure and fair multi-view data outsourcing computation scheme 区块链辅助安全公平的多视图数据外包计算方案

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-18 DOI: 10.1016/j.csi.2025.104029

Xinrong Sun , Fanyu Kong , Yunting Tao , Pengyu Cui , Guoyan Zhang , Chunpeng Ge , Baodong Qin

{"title":"Blockchain-aided secure and fair multi-view data outsourcing computation scheme","authors":"Xinrong Sun , Fanyu Kong , Yunting Tao , Pengyu Cui , Guoyan Zhang , Chunpeng Ge , Baodong Qin","doi":"10.1016/j.csi.2025.104029","DOIUrl":"10.1016/j.csi.2025.104029","url":null,"abstract":"<div><div>With the widespread deployment of smart sensors, multi-view data has been widely used. Accordingly, multi-view processing algorithms are increasingly researched, among which the cluster-weighted kernel k-means method is an effective approach to dig up information of different views. However, large-scale multi-view data make it difficult to conduct processing algorithms. Therefore, outsourcing complex computations to servers based on privacy-preserving techniques is an effective solution that enables efficient multi-view data analysis. In previous secure outsourcing schemes, the efficiency of the outsourcing process and the fairness of outsourcing transactions are still challenging issues that have not been addressed. In this paper, we propose a blockchain-aided secure and fair multi-view data outsourcing computation scheme. We present an efficient matrix encryption method utilizing a novel secret key matrix to complete cluster-weighted kernel k-means algorithm securely. Different from previous works, we first apply the sparse symmetric orthogonal matrix to encrypt and decrypt sensitive data matrices, which avoids inverse or transposed secret key matrix computation and enhances the efficiency of the outsourcing process. Additionally, we introduce smart contracts to achieve fair outsourcing transactions aided by blockchain. We verify the returned result with the assistance of verifiers based on encrypted data, which improves the efficiency and security of outsourcing transactions. The experimental results indicate that our scheme is 4.72% to 8.52% superior to the state-of-the-art matrix outsourcing computation schemes and achieves 55.79% to 91.95% efficiency improvement compared to the original multi-view data processing method.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104029"},"PeriodicalIF":4.1,"publicationDate":"2025-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144470974","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Fuzzy Password Authentication Key Exchange protocol in universal composable framework for blockchain privacy protection b区块链隐私保护通用可组合框架中的模糊密码认证密钥交换协议

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-16 DOI: 10.1016/j.csi.2025.104032

Qihong Chen, Changgen Peng, Dequan Xu

引用次数: 0