Computer Standards & Interfaces最新文献_第6页

A secure data storage and sharing scheme for port supply chain based on blockchain and dynamic searchable encryption 基于区块链和动态可搜索加密的港口供应链安全数据存储和共享方案

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-07-11 DOI: 10.1016/j.csi.2024.103887

Jiatao Li , Dezhi Han , Tien-Hsiung Weng , Huafeng Wu , Kuan-Ching Li , Arcangelo Castiglione

{"title":"A secure data storage and sharing scheme for port supply chain based on blockchain and dynamic searchable encryption","authors":"Jiatao Li , Dezhi Han , Tien-Hsiung Weng , Huafeng Wu , Kuan-Ching Li , Arcangelo Castiglione","doi":"10.1016/j.csi.2024.103887","DOIUrl":"10.1016/j.csi.2024.103887","url":null,"abstract":"<div><p>The port supply chain can provide strong data support for smart port decision-making. However, the traditional port supply chain suffers from poor flexibility of centralized authority management, data asymmetry, low efficiency of encrypted data retrieval and high delay of data update. Therefore, a secure storage and sharing scheme for port supply chain data based on blockchain assistance is proposed in this work. First, a fine-grained access control model for the port supply chain is designed in the smart contract to achieve auditable and decentralized management of user privileges. Second, the whole process of dynamic searchable encrypted data storage and access is realized in the smart contract, which ensures data security and encrypted data access efficiency. Moreover, an off-chain auxiliary storage method is designed to alleviate the storage pressure of the blockchain. Moreover, a reliable smart contract interface is provided for user operation, which can effectively regulate the access and storage of data. In addition, a consensus mechanism for the port supply chain is proposed, which takes the credibility and seniority of the operators at all levels as an indicator of the consensus agreement rights and interests. It improves the consensus efficiency under the premise of guaranteeing the security of the consensus process and meets the high data throughput demand of the supply chain system. Finally, the proposed scheme is implemented in Hyperledger Fabric. The security analysis and experimental results show that our scheme is secure and efficient in large-scale port supply chain data scenarios, and the system is scalable.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"91 ","pages":"Article 103887"},"PeriodicalIF":4.1,"publicationDate":"2024-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141629740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Practically secure linear-map vector commitment and its applications 实用安全的线性映射向量承诺及其应用

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-07-09 DOI: 10.1016/j.csi.2024.103885

Meixia Miao , Siqi Zhao , Jiawei Li , Jianghong Wei , Willy Susilo

{"title":"Practically secure linear-map vector commitment and its applications","authors":"Meixia Miao , Siqi Zhao , Jiawei Li , Jianghong Wei , Willy Susilo","doi":"10.1016/j.csi.2024.103885","DOIUrl":"10.1016/j.csi.2024.103885","url":null,"abstract":"<div><p>The primitive of vector commitment scheme allows a user to commit to an ordered sequence of messages (i.e., a vector) and later open the commitment at any position subset of the vector. The most important and desirable feature of vector commitment schemes is that the size of the opening proof is sublinear in the length of the committed vector. The original vector commitment scheme has now been extended to support several new functionalities like aggregation, updatability and homomorphism, and has applications ranging from verifiable data streaming to stateless cryptocurrency. Among these extensions, the linear-map vector commitment (LVC) scheme enables a user to open a general linear map evaluated on the committed vector, rather than those messages of the committed vector as in the original vector commitment scheme. However, the existing LVC schemes are only proved to be secure under the idealized assumptions, i.e., using the algebraic group model, which might be unpractical in the real world. To this end, we eliminate the use of algebraic group model, and propose a practically secure LVC construction. Our construction achieves practical security by additionally generating degree proofs for polynomials that enable a verifier to check the degree of polynomials publicly. We prove the security of the proposed LVC construction in the standard model under a <span><math><mi>q</mi></math></span>-type complexity assumption over bilinear groups. Moreover, we demonstrate how to use the proposed LVC scheme to construct maintainable vector commitments and verifiable data streaming protocols. The theoretical comparison and experimental results indicate that our proposal provides stronger security guarantee, while being competitive in terms of efficiency.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"91 ","pages":"Article 103885"},"PeriodicalIF":4.1,"publicationDate":"2024-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141623150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Improving efficiency and security of Camenisch–Lysyanskaya signatures for anonymous credential systems 提高匿名凭证系统的卡梅尼施-利辛斯卡亚签名的效率和安全性

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-07-08 DOI: 10.1016/j.csi.2024.103886

Jia-Chng Loh, Fuchun Guo, Willy Susilo

{"title":"Improving efficiency and security of Camenisch–Lysyanskaya signatures for anonymous credential systems","authors":"Jia-Chng Loh, Fuchun Guo, Willy Susilo","doi":"10.1016/j.csi.2024.103886","DOIUrl":"10.1016/j.csi.2024.103886","url":null,"abstract":"<div><p>Camenisch–Lysyanskaya signature scheme with randomizability, namely CL signatures, at CRYPTO’04 has been well adopted for many privacy-preserving constructions, especially in the context of anonymous credential systems. Unfortunately, CL signatures suffer from linear size drawbacks. The signature size grows linearly based on the signing messages, which decreases the interest in practice, as each user may have multiple attributes (messages). Its standard EUF-CMA security was first proven under an interactive assumption. While the interactive assumption is not desirable in cryptography, Fuchsbauer et al. revisited its security at CRYPTO’18 by proving the scheme under the discrete logarithm (Dlog) assumption in the algebraic group model (AGM) that idealizes the adversary’s computation to be algebraic, yet the reduction loss is non-tight. In this work, we propose a new variant of CL signatures, namely CL+ signatures, that improves efficiency and security. The proposed CL+ signatures possess randomizability without the linear size drawback, such that signature size is a constant of three group elements. Besides, we prove the security of CL+ signatures can be tightly reduced to the DLog problem in AGM with only a loss factor of 3. Lastly, we show how CL+ signatures can also be instantiated to anonymous credential systems.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"91 ","pages":"Article 103886"},"PeriodicalIF":4.1,"publicationDate":"2024-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000552/pdfft?md5=1c1214ab7bbdb123b5edc48b58eb293e&pid=1-s2.0-S0920548924000552-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141693217","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Efficient multi-party PSI and its application in port management 高效的多方 PSI 及其在港口管理中的应用

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-07-06 DOI: 10.1016/j.csi.2024.103884

Mengyan Qiao , Lifei Wei , Dezhi Han , Huafeng Wu

{"title":"Efficient multi-party PSI and its application in port management","authors":"Mengyan Qiao , Lifei Wei , Dezhi Han , Huafeng Wu","doi":"10.1016/j.csi.2024.103884","DOIUrl":"10.1016/j.csi.2024.103884","url":null,"abstract":"<div><p>Private Set Intersection (PSI) technology is a cryptographic tool that allows the parties holding private data to determine the intersection of sets in a joint computation without revealing any additional privacy information. As a critical component of secure multi-party computation, this technology has been widely used in the security domain of artificial intelligence and data mining. With the emergence of the era of multi-source data sharing, protocols for private set intersection computation applicable to multiple participants have also emerged. However, the performance of existing multi-party private set intersection (MPSI) protocols is suboptimal when some participants use devices with limited communication or computational capabilities, such as mobile devices. To overcome the above issues, we design a cloud-aided multi-party private set intersection protocol (Cloud-Aided-MPSI) based on oblivious programmable pseudorandom functions (OPPRF) and oblivious key–value stores (OKVS). Due to the protocol efficiently outsourcing partial computational and communication tasks to cloud servers, our performance has been further enhanced compared to existing work. Through the Cloud-Aided-MPSI protocol, we propose a port scheduling protocol for coordinated management scenarios of ships arriving and departing from ports. The protocol effectively addresses the privacy protection concerns of port management when scheduling the arrival and departure of ships. We analyze the performance of this protocol.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"91 ","pages":"Article 103884"},"PeriodicalIF":4.1,"publicationDate":"2024-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141639251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Fast bicriteria streaming algorithms for submodular cover problem under noise models 噪声模型下亚模态覆盖问题的快速双标准流算法

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-29 DOI: 10.1016/j.csi.2024.103883

Bich-Ngan T. Nguyen , Phuong N.H. Pham , Canh V. Pham , Vaclav Snasel

引用次数: 0

Metric cake shop: A serious game for supporting education on ISO/IEC/IEEE 15939:2017 – Systems and software engineering – Measurement process in the context of an undergraduate software engineering course 公制蛋糕店：支持 ISO/IEC/IEEE 15939:2017 - 系统和软件工程 - 本科软件工程课程中的测量过程教育的严肃游戏

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-24 DOI: 10.1016/j.csi.2024.103879

Ivan García , Carla Pacheco , Itahí López , Jose A. Calvo-Manzano , Brenda L. Flores-Rios

{"title":"Metric cake shop: A serious game for supporting education on ISO/IEC/IEEE 15939:2017 – Systems and software engineering – Measurement process in the context of an undergraduate software engineering course","authors":"Ivan García , Carla Pacheco , Itahí López , Jose A. Calvo-Manzano , Brenda L. Flores-Rios","doi":"10.1016/j.csi.2024.103879","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103879","url":null,"abstract":"<div><p>The educational use of serious games has increased in recent years and their pedagogical benefits have been widely documented, especially for teaching specialized knowledge on Software Engineering at undergraduate level. The results achieved by several studies in this area show that it has been possible to increase the student interest and motivation in learning complex topics that tend to be difficult to understand when knowledge is imparted through traditional lectures, as is the case with software process standards. In this regard, the ISO/IEC/IEEE 15939:2017 standard describes a software measurement process, one of the main topics that must be addressed in any curriculum for undergraduate degree programs in Software Engineering. However, despite their relevance in industry, many students are leaving university without basic software measurement skills. With the aim of identifying serious games for teaching the software measurement process at undergraduate level, a Systematic Literature Review was conducted in order to collect, classify and analyze information which enabled the authors of this study to propose a serious game that improves the understanding and education on the ISO/IEC/IEEE 15939:2017 standard. The results from an empirical evaluation involving Computer Science undergraduates provided evidence that positive learning experiences occurred when playing the created serious game.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"91 ","pages":"Article 103879"},"PeriodicalIF":4.1,"publicationDate":"2024-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141483958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Agile governance practices by aligning CMMI V2.0 with portfolio SAFe 5.0 将 CMMI V2.0 与组合 SAFe 5.0 相结合的敏捷管理实践

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-22 DOI: 10.1016/j.csi.2024.103881

Valeria Henriquez , Jose A. Calvo-Manzano , Ana M. Moreno , Tomas San Feliu

引用次数: 0

Leveraging complex event processing for monitoring and automatically detecting anomalies in Ethereum-based blockchain networks 利用复杂事件处理监控和自动检测基于以太坊的区块链网络中的异常情况

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-22 DOI: 10.1016/j.csi.2024.103882

Jesús Rosa-Bilbao , Juan Boubeta-Puig , Jesús Lagares-Galán , Mark Vella

{"title":"Leveraging complex event processing for monitoring and automatically detecting anomalies in Ethereum-based blockchain networks","authors":"Jesús Rosa-Bilbao , Juan Boubeta-Puig , Jesús Lagares-Galán , Mark Vella","doi":"10.1016/j.csi.2024.103882","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103882","url":null,"abstract":"<div><p>Blockchain is a relatively recent technology that provides immutability, traceability and transparency of information, thus building trust in the digital society. Blockchain networks generate a large amount of logs which capture and describe data flowing through the network in the form of transactions, blocks and events. Monitoring these blockchain data from the off-chain world is needed to detect anomalies with the aim of mitigating the risks that may arise as a result of using blockchain technology. However, the real-time monitoring of these logs by off-chain systems has become a challenge from the beginning of 2018 when the blockchain networks reached a high number of daily transactions. In this paper, we propose a portable, maintainable and easily configurable architecture integrating blockchain and complex event processing technologies that allows for both the real-time monitoring of logs generated in Ethereum Virtual Machine (EVM)-compatible blockchain networks and the automatic detection of anomalies in these networks by matching event patterns. This architecture was tested by using vast amounts of blockchain data already publicly registered in Ethereum and Polygon networks. The results demonstrate that the proposed architecture is able to automatically detect anomalies which occur in different blockchain networks, making analytics of blockchain data possible by off-chain systems.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"91 ","pages":"Article 103882"},"PeriodicalIF":4.1,"publicationDate":"2024-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000515/pdfft?md5=894c93d9ed7ae669b6deb8fe4431f790&pid=1-s2.0-S0920548924000515-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141483952","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ISH: Isogeny-based Secret Handshakes with friendly communication costs ISH：基于同源性的秘密握手，通信成本友好

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-17 DOI: 10.1016/j.csi.2024.103880

Chao Chen , Fangguo Zhang , Zhiyuan An , Jing Zhang

{"title":"ISH: Isogeny-based Secret Handshakes with friendly communication costs","authors":"Chao Chen , Fangguo Zhang , Zhiyuan An , Jing Zhang","doi":"10.1016/j.csi.2024.103880","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103880","url":null,"abstract":"<div><p>Secret handshake schemes allow members from the same organization to authenticate each other anonymously. After its proposal, various schemes have been introduced to achieve advanced privacy protection. Regrettably, all the schemes based on number theoretic assumptions are insecure under quantum computers, and the known post-quantum designs are impractical because of the overhead cost (<span><math><mo>></mo></math></span> 10 MB). To fill the gap, we present the first isogeny-based secret handshake scheme (i.e., <span><math><mi>ISH</mi></math></span>) with a friendly communication cost (67 KB). In particular, we apply the CSI-FiSh signature scheme to generate group keys and credentials. For each zero-knowledge transcript in the credential, we generate a signature for handshake via the Fiat–Shamir paradigm, while it fails anonymous authentication. To fix the issue, we modify the Fiat–Shamir-type signature by embedding the CSIDH ephemeral private key into the challenge space. After verifying the modified signatures, two users recover the right ephemeral private key if they are in the same group, then they can negotiate a session key and authenticate each other. Our scheme is proved secure under the Group Action Inverse Problems (GAIP) in the random oracle model, and deniability, as an attractive property, also holds for <span><math><mi>ISH</mi></math></span>, enabling user’s ability to deny their interactions in the finished handshakes. Via choosing appropriate parameters, the communication cost surpasses all the existing post-quantum secret handshakes.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"91 ","pages":"Article 103880"},"PeriodicalIF":4.1,"publicationDate":"2024-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141483959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Pricing4APIs: A rigorous model for RESTful API pricings Pricing4APIs：RESTful API 定价的严格模型

IF 5 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-10 DOI: 10.1016/j.csi.2024.103878

Rafael Fresno-Aranda , Pablo Fernandez , Antonio Gamez-Diaz , Amador Duran , Antonio Ruiz-Cortes

{"title":"Pricing4APIs: A rigorous model for RESTful API pricings","authors":"Rafael Fresno-Aranda , Pablo Fernandez , Antonio Gamez-Diaz , Amador Duran , Antonio Ruiz-Cortes","doi":"10.1016/j.csi.2024.103878","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103878","url":null,"abstract":"<div><p>APIs are increasingly becoming new business assets for organizations and consequently, API functionality and its pricing should be precisely defined for customers. Pricing is typically composed by different plans that specify a range of limitations, e.g., a Free plan allows 100 monthly requests while a Gold plan has 10000 requests per month. In this context, the OpenAPI Specification (OAS) has emerged to model the functional part of an API, becoming a de facto industry standard and boosting a rich ecosystem of vendor-neutral tools to assist API providers and consumers. In contrast, there is no proposal for modeling API pricings (i.e., their plans and limitations) and this lack hinders the creation of tools that can leverage this information. To deal with this gap, this paper presents a pricing modeling framework that includes: (a) <em>Pricing4APIs</em> model, a comprehensive and rigorous model of API pricings, along <em>SLA4OAI</em>, a serialization that extends OAS; (b) an operation to validate the description of API pricings, with a toolset (<em>sla4oai-analyzer</em>) that has been developed to automate this operation. Additionally, we analyzed 268 real-world APIs to assess the expressiveness of our proposal and created a representative dataset of 54 pricing models to validate our framework.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"91 ","pages":"Article 103878"},"PeriodicalIF":5.0,"publicationDate":"2024-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141423423","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0