{"title":"DBAC-DSR-BT: A secure and reliable deep speech recognition based-distributed biometric access control scheme over blockchain technology","authors":"Oussama Mounnan , Larbi Boubchir , Otman Manad , Abdelkrim El Mouatasim , Boubaker Daachi","doi":"10.1016/j.csi.2024.103929","DOIUrl":"10.1016/j.csi.2024.103929","url":null,"abstract":"<div><div>Speech recognition systems have been widely employed in several fields including biometric access control. In such systems, handling sensitive data represents a real threat and risk to security and privacy, namely in the central environment. This paper proposes an innovative solution that integrates speech recognition power as a biometric modality with the decentralized and tamper-resistant nature of blockchain technology aims at designing, implementing, and evaluating an access control system that not only leverages the unique characteristics of speech recognition through the AutoEncoding Generative Adversarial Network (AE-GAN) model for user authentication but also ensures the enforcement of access policies and voice templates storage through two distinct Smart Contracts. The first smart contract aims at storing the ID of encrypted templates matched to the hash of the public address and encrypted attributes. While the second smart contract incorporates the security policy and takes charge of generating an access token if the conditions have been satisfied. Which makes it easier to upgrade specific components without affecting the entire system. Moreover, this architecture delegates the extraction features, conversion into template, encryption, and similarity calculation functions of encrypted templates using homomorphic encryption to an API to provide more security, privacy, scalability and interoperability and reduce the overhead within the blockchain. This API interacts with the smart contract using Oracle services that ensure the interaction between on-chain and off-chain, which provide a reliable, fine-grained, and robust scheme. The simulation of this proposed scheme proves its robustness, efficiency, and performance in terms of security, reliability, and resistance to several attacks.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103929"},"PeriodicalIF":4.1,"publicationDate":"2024-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142358059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shiyang Li , Wenjie Yang , Futai Zhang , Xinyi Huang , Rongmao Chen
{"title":"Practical two-party SM2 signing using multiplicative-to-additive functionality","authors":"Shiyang Li , Wenjie Yang , Futai Zhang , Xinyi Huang , Rongmao Chen","doi":"10.1016/j.csi.2024.103928","DOIUrl":"10.1016/j.csi.2024.103928","url":null,"abstract":"<div><div>Threshold signatures are important tools for addressing issues related to key management, certificate management, and cryptocurrencies. Among them, two-party SM2 signatures have received considerable interest recently. In this paper, we propose a fast and secure online/offline two-party SM2. By employing the re-sharing technique, we have successfully made the online phase of the signing process non-interactive while achieving nearly optimal computational efficiency. Additionally, in the offline phase, there is just a single call to the multiplicative-to-additive functionality based on Paillier encryption. Our protocol is existentially unforgeable under adaptive chosen message attacks in the random oracle model in the presence of a static adversary. Experimental results demonstrate that our proposed scheme outperforms previous similar schemes by approximately a factor of 2 in online computation and a factor of 3 in online communication. Our scheme can be applied in scenarios such as Certificate Authority (CA) and the signing of blockchain transactions to provide them with a more secure and flexible implementation method, enhancing the security and reliability of the systems.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103928"},"PeriodicalIF":4.1,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142314788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fengmei Tang , Yumei Li , Yudi Zhang , Willy Susilo , Bingbing Li
{"title":"Real-time privacy-preserved auditing for shared outsourced data","authors":"Fengmei Tang , Yumei Li , Yudi Zhang , Willy Susilo , Bingbing Li","doi":"10.1016/j.csi.2024.103927","DOIUrl":"10.1016/j.csi.2024.103927","url":null,"abstract":"<div><p>Health providers need to share patient information across healthcare networks efficiently and securely to improve medical and health services. Timely data synchronization among relevant parties is crucial for effectively containing and preventing the worsening of the condition. However, ensuring rapid information sharing while maintaining the security of sensitive patient data remains a pressing concern. In this paper, we introduce a cloud storage integrity auditing scheme that can protect auditors from procrastinating and preserve the privacy of sensitive information. Our proposed system requires healthcare institutions to encrypt sensitive patient data before uploading it to the cloud. It mandates the use of a data sanitizer for the secure processing of encrypted data blocks. Auditors must verify data integrity and promptly submit their audit results to the blockchain within a predefined time frame. Leveraging the time-sensitive nature of blockchain technology, healthcare institutions can monitor auditor compliance within the allotted validation timeframe. We conducted comprehensive security analysis and performance evaluations to demonstrate the feasibility and effectiveness of our solution in addressing the challenges of secure and timely cloud storage in healthcare settings.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103927"},"PeriodicalIF":4.1,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000965/pdfft?md5=415902120bc5d079b282f17d38c9e44f&pid=1-s2.0-S0920548924000965-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142270690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yongjun Ren , Long Chen , Yongmei Bai , Jiale Ye , Yekang Zhao
{"title":"Blockchain-based cross-domain query integrity verification mechanism for outsourced database","authors":"Yongjun Ren , Long Chen , Yongmei Bai , Jiale Ye , Yekang Zhao","doi":"10.1016/j.csi.2024.103926","DOIUrl":"10.1016/j.csi.2024.103926","url":null,"abstract":"<div><div>With the growth of cloud computing, more and more organizations are outsourcing data to cloud platforms for flexibility and cost-effectiveness. However, this also poses the risk of data tampering or forgery, especially in the case of cross-domain queries, where the integrity of the query results needs to be ensured and cross-domain authentication is performed at the same time. Traditional approaches rely on centralized third-party authentication authorities, which increases complexity and potential security risks. To address these issues, we propose a blockchain-based Cross-domain Query Integrity Verification (CQIV) mechanism for outsourced databases. The mechanism leverages the decentralization and non-tamperability of the blockchain to achieve efficient cross-domain authentication and query integrity verification without the need for a third-party certification authority. By constructing a cuckoo filter on the blockchain, the authentication efficiency is improved and the storage cost is reduced. In addition, Dynamically Adjustable Capacity Cuckoo Filter (DACF) is designed to optimize query efficiency. Finally, the effectiveness and practicality of the mechanism are verified by comprehensive security analysis and performance evaluation.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103926"},"PeriodicalIF":4.1,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142314787","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shenando Stals , Lynne Baillie , Ryan Shah , Jamie Iona Ferguson , Manuel Maarek
{"title":"Evaluating and validating the Serious Slow Game Jam methodology as a mechanism for co-designing serious games to improve understanding of cybersecurity for different demographics","authors":"Shenando Stals , Lynne Baillie , Ryan Shah , Jamie Iona Ferguson , Manuel Maarek","doi":"10.1016/j.csi.2024.103924","DOIUrl":"10.1016/j.csi.2024.103924","url":null,"abstract":"<div><div>We present an evaluation of a Serious Slow Game Jam (SSGJ) methodology as a mechanism for co-designing serious games in the application domain of cybersecurity, to evaluate how the SSGJ methodology contributed to improving the understanding of cybersecurity for different demographics. The aim of this study was to evaluate how the SSGJ contributed to improving the understanding of cybersecurity for young persons between the ages of 11 and 16 years old who had no formal training or education in cybersecurity, and to validate and compare these results to previous work where the same SSGJ methodology was used with a different target demographic (i.e.,M.Sc. students with no formal training or education in secure coding). To this end, we engaged 23 participants between the ages of 11 and 16 years old for 5 consecutive days over a one-week period, in a multidisciplinary SSGJ involving domain-specific, pedagogical, and game design knowledge, and encouraged engagement in-between scheduled events of the SSGJ. Findings show improved confidence of participants in their knowledge of cybersecurity, for both demographics, after undertaking the Serious Slow Game Jam (from 41.2% to 76.5% for young persons, and from 12.5% to 62.5% for M.Sc. students). Free-text answers specifically indicate an improved understanding of cybersecurity in general, and one specific security vulnerability, attack or defence for a quarter of young persons, and the trichotomy of security vulnerabilities, attacks, and defences for three quarters of the M.Sc. students. Also, confidence in knowledge of game design improved for both demographics (from 47.1% to 82.4% for young persons and from 12.5% to 75% for M.Sc. students). The SSGJ methodology also successfully engaged both demographics of participants in-between scheduled days. Finally, two serious games in the application domain of cybersecurity are presented that were co-designed during the SSGJ with participants and produced as an output of the SSGJs.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103924"},"PeriodicalIF":4.1,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fernando Pastor Ricós , Beatriz Marín , Tanja E.J. Vos , Rick Neeft , Pekka Aho
{"title":"Delta GUI change detection using inferred models","authors":"Fernando Pastor Ricós , Beatriz Marín , Tanja E.J. Vos , Rick Neeft , Pekka Aho","doi":"10.1016/j.csi.2024.103925","DOIUrl":"10.1016/j.csi.2024.103925","url":null,"abstract":"<div><p>Recent software development methodologies emphasize iterative and incremental evolution to align with stakeholders’ needs. This perpetual and rapid software evolution demands ongoing research into verification practices and technologies that ensure swift responsiveness and effective management of software delta increments. Strategies such as code review have been widely adopted for development and verification, ensuring readability and consistency in the delta increments of software projects. However, the integration of techniques to detect and visually report delta changes within the Graphical User Interface (GUI) software applications remains an underutilized process. In this paper, we set out to achieve two objectives. First, we aim to conduct a comprehensive review of existing studies concerning GUI change detection in desktop, web, and mobile applications to recognize common practices. Second, we introduce a novel change detection tool capable of highlighting delta GUI changes for this diverse range of applications. To accomplish our first objective, we performed a systematic mapping of the literature using the Scopus database. To address the second objective, we designed and developed a GUI change detection tool. This tool simultaneously transits and compares state models inferred by a scriptless testing tool, enabling the detection and highlighting of GUI changes to detect the widgets or functionalities that have been added, removed, or modified. Our study reveals the existence of a multitude of techniques for change detection in specific GUI systems with different objectives. However, there is no widely adopted technique suitable for the diverse range of existing desktop, web, and mobile applications. Our tool and findings demonstrate the effectiveness of using inferred state models to highlight between 8 and 20 GUI changes in software delta increments containing a large number of changes over months and between 4 and 6 GUI changes in delta increments of small iterations performed over multiple weeks. Moreover, some of these changes were recognized by the software developers as GUI failures that required a fix. Finally, we expose the motivation for using this technique to help developers and testers analyze GUI changes to validate delta increments and detect potential GUI failures, thereby fostering knowledge dissemination and paving the way to standard practices.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103925"},"PeriodicalIF":4.1,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000941/pdfft?md5=27a9fbf4beea136b7a89fef0ed16bc0d&pid=1-s2.0-S0920548924000941-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142151245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Web accessibility barriers and their cross-disability impact in eSystems: A scoping review","authors":"Nikolaos Droutsas, Fotios Spyridonis, Damon Daylamani-Zad, Gheorghita Ghinea","doi":"10.1016/j.csi.2024.103923","DOIUrl":"10.1016/j.csi.2024.103923","url":null,"abstract":"<div><p>Accessibility is an important component in the implementation of Web systems to ensure that these are usable, engaging, and enjoyable by all regardless of the level of ability, condition, or circumstances. Despite manifold efforts, the Web is still largely inaccessible for a plurality of reasons (<em>e.g.</em> poor navigation, lack of/unsuitable alternative text, complex Web forms) with significant impact on disabled users. The impact of Web accessibility barriers varies per disability, but current measures for the impact of barriers treat disabilities as a homogeneous group. In this work, we present a scoping review of the Web accessibility research landscape. Following a structured approach, 112 studies were reviewed, and findings are reported on common Web accessibility barriers and practices within the Web Accessibility Lifecycle. An assessment framework is further proposed to measure the impact of such barriers across disabled groups. Finally, the need for extensive qualitative research into organizational change and multinational studies on Web activity and disturbance by barriers per disabled user group are discussed as future avenues for accessibility research.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103923"},"PeriodicalIF":4.1,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000928/pdfft?md5=f921d53ae3864451cd5b1e92e1a7c0f1&pid=1-s2.0-S0920548924000928-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142229628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"GSParLib: A multi-level programming interface unifying OpenCL and CUDA for expressing stream and data parallelism","authors":"Dinei A. Rockenbach , Gabriell Araujo , Dalvan Griebler, Luiz Gustavo Fernandes","doi":"10.1016/j.csi.2024.103922","DOIUrl":"10.1016/j.csi.2024.103922","url":null,"abstract":"<div><p>The evolution of Graphics Processing Units (GPUs) has allowed the industry to overcome long-lasting problems and challenges. Many belong to the stream processing domain, whose central aspect is continuously receiving and processing data from streaming data producers such as cameras and sensors. Nonetheless, programming GPUs is challenging because it requires deep knowledge of many-core programming, mechanisms and optimizations for GPUs. Current GPU programming standards do not target stream processing and present programmability and code portability limitations. Among our main scientific contributions resides <span><span>GSParLib</span></span>, a C++ multi-level programming interface unifying <span>CUDA</span> and <span>OpenCL</span> for GPU processing on stream and data parallelism with negligible performance losses compared to manual implementations; <span><span>GSParLib</span></span> is organized in two layers: one for general-purpose computing and another for high-level structured programming based on parallel patterns; a methodology to provide unified and driver agnostic interfaces minimizing performance losses; a set of parallelism strategies and optimizations for GPU processing targeting stream and data parallelism; and new experiments covering GPU performance on applications exposing stream and data parallelism.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103922"},"PeriodicalIF":4.1,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142122719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"TDBAMLA: Temporal and dynamic behavior analysis in Android malware using LSTM and attention mechanisms","authors":"Harshal Devidas Misalkar , Pon Harshavardhanan","doi":"10.1016/j.csi.2024.103920","DOIUrl":"10.1016/j.csi.2024.103920","url":null,"abstract":"<div><p>The increasing ubiquity of Android devices has precipitated a concomitant surge in sophisticated malware attacks, posing critical challenges to cybersecurity infrastructures worldwide. Existing models have achieved significant strides in malware detection but often suffer from high false-positive rates, lower recall, and computational delays, thus demanding a more efficient and accurate system. Current techniques primarily rely on static features and simplistic learning models, leading to inadequate handling of temporal aspects and dynamic behaviors exhibited by advanced malware. These limitations compromise the detection of modern, evasive malware, and impede real-time analysis. This paper introduces a novel framework for Android malware detection that incorporates Temporal and Dynamic Behavior Analysis using Long Short-Term Memory (LSTM) networks and Attention Mechanisms. We further propose development of an efficient Grey Wolf Optimized (GWO) Decision Trees to find the most salient API call patterns associated with malwares. An Iterative Fuzzy Logic (IFL) layer is also deployed before classification to assess the \"trustworthiness\" of app metadata samples. For Ongoing Learning, we propose use of Deep Q-Networks (DQNs), which helps the reinforcement learning model to adapt more quickly to changes in the threat landscapes. By focusing on crucial system calls and behavioral characteristics in real-time, our model captures the nuanced temporal patterns often exhibited by advanced malwares. Empirical evaluations demonstrate remarkable improvements across multiple performance metrics. Compared to existing models, our approach enhances the precision of malware identification by 8.5 %, accuracy by 5.5 %, and recall by 4.9 %, while also achieving an 8.3 % improvement in the Area Under the Receiver Operating Characteristic Curve (AUC), with higher specificity and a 4.5 % reduction in identification delay. In malware pre-emption tasks, our model outperforms by improving precision by 4.3 %, accuracy by 3.9 %, recall by 4.9 %, AUC by 3.5 %, and increasing specificity by 2.9 %. These gains make our framework highly applicable for real-time detection systems, cloud-based security solutions, and threat intelligence services, thereby contributing to a safer Android ecosystem.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103920"},"PeriodicalIF":4.1,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142151842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mengjun Huang , Yue Luo , Jiwei He , Ling Zhen , Lianfan Wu , Yang Zhang
{"title":"Who are the best contributors? Designing a multimodal science communication interface based on the ECM, TAM and the Taguchi methods","authors":"Mengjun Huang , Yue Luo , Jiwei He , Ling Zhen , Lianfan Wu , Yang Zhang","doi":"10.1016/j.csi.2024.103921","DOIUrl":"10.1016/j.csi.2024.103921","url":null,"abstract":"<div><p>Science communication conducted through mobile devices and mobile applications is an efficient and widespread phenomenon that requires communicators and design practitioners to further develop suitable design elements and strategies for such platforms. The effective application of multimodal or multisensory design in interfaces provides users with rich experiences. However, there is a lack of guiding recommendations for user interface design in the citizen science community. This study investigated factors affecting users’ perceptions and behavioral intentions toward multimodal scientific communication interface designs and identified the optimal combinations of such factors for such designs. Through a focus group, we defined three design dimensions of a science communication interface: visual, auditory, and haptic. An online experiment involving 916 participants was then conducted and integrated the technology acceptance model, expectation–confirmation model, and Taguchi method to examine the hierarchical combinations with the greatest influence in each dimension. The results indicated that interface design combinations primarily focusing on visual elements, with auditory and haptic as secondary elements, can serve as effective tools for science communication. Moreover, layout, color tones, vibration intensity, and sound volume significantly affected users’ perceptions and behavioral intentions. As one of the few studies using the Taguchi method to explore the design of science communication interfaces, the present findings enrich the multimodal theory from the perspectives of design and communication, highlighting its value in science communication. This paper simultaneously provides insights into how to select and combine multimodal design elements in science communication interfaces, demonstrating the potential of such designs to affect a user perception, satisfaction, confirmation, and continued usage intention.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103921"},"PeriodicalIF":4.1,"publicationDate":"2024-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142151244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}