Computer Standards & Interfaces最新文献

{"title":"Blockchain-based efficient verifiable outsourced attribute-based encryption in cloud","authors":"Zesen Hou ,&nbsp;Jianting Ning ,&nbsp;Xinyi Huang ,&nbsp;Shengmin Xu ,&nbsp;Leo Yu Zhang","doi":"10.1016/j.csi.2024.103854","DOIUrl":"10.1016/j.csi.2024.103854","url":null,"abstract":"<div><p>Attribute-based encryption (ABE) has been widely applied in cloud services for access control. However, a large number of pairing operations required for decryption affect the wide use of ABE on lightweight devices. A general solution is to outsource the heavy computation to the cloud service provider (CSP), leaving the lighter computation to the data user. Nevertheless, it is impractical to assume that the CSP will provide free services. A recent ABE scheme with payable outsourced decryption <span><math><msub><mrow><mi>ABE</mi></mrow><mrow><mi>POD</mi></mrow></msub></math></span> (TIFS’20) provides a solution for the above payment issue. The CSP is generally untrusted, however, <span><math><msub><mrow><mi>ABE</mi></mrow><mrow><mi>POD</mi></mrow></msub></math></span> does not offer a verification mechanism for the data user to verify the correctness of the message. Moreover, the use of dual key pairs in <span><math><msub><mrow><mi>ABE</mi></mrow><mrow><mi>POD</mi></mrow></msub></math></span> incurs a significant computational overhead for data users during the key generation phase. We address the above issues by presenting a new <em>blockchain-based verifiable outsourced attribute-based encryption</em> system that enables data users to verify the correctness of plaintexts. We implement batch verification using homomorphic technical to optimize the verification process. We use the technique of dichotomous search to accurately locate problematic plaintexts. Additionally, we optimize three key-generation algorithms to transfer the computational cost from the data user to the key generation center. We offer the formal security models and the instantiation system with security analysis. As compared to <span><math><msub><mrow><mi>ABE</mi></mrow><mrow><mi>POD</mi></mrow></msub></math></span>, we further optimize the key-generation algorithms such that the computational overhead of transformation-key and verification-key generation for data users is reduced from O(<span><math><mi>Ω</mi></math></span>) to O(1) and reduced by half respectively, where <span><math><mi>Ω</mi></math></span> is the number of attributes.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140280919","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"KASE-AKA: Key-aggregate keyword searchable encryption against keyword guessing attack and authorization abuse","authors":"Caihui Lan ,&nbsp;Haifeng Li ,&nbsp;Caifen Wang ,&nbsp;Xiaodong Yang ,&nbsp;Hailong Yao","doi":"10.1016/j.csi.2024.103852","DOIUrl":"10.1016/j.csi.2024.103852","url":null,"abstract":"<div><p>Key-Aggregate Searchable (KASE) can enable a data owner to delegate search rights over a set of data files to multiple users through a single aggregated authorization key in multi-user data sharing environments. Despite the elegance of the KASE concept, designing a KASE scheme that simultaneously prevents authorization from being abused and resists offline keyword guessing attacks is a formidable challenge. To respond the challenge, we propose a secure Key Aggregation Keyword Searchable Encryption against Keyword Guessing Attack and Authorization Abuse (KASE-AKA) scheme. Compared with existing KASE schemes, our KASE-AKA scheme has the following merits: (1) supporting dynamic update of user data search right through a user data search right list maintained by the semi-trust cloud server. (2) preventing the authorization from being abused since the authorization key (aggregate key) associates the user’s public key, a subset of access rights, and a common secret value that only the cloud and data owner can collaboratively generate. (3) providing resistance against offline keyword guessing attacks. Correctness proof, security analysis and performance evaluation demonstrate that the proposed KASE-AKA scheme is provably secure, highly efficient and more feasible in practical application scenarios.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140151526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Covert communication via blockchain: Hiding patterns and communication patterns","authors":"Tao Zhang ,&nbsp;Qianhong Wu ,&nbsp;Qin Wang ,&nbsp;Tianxu Han ,&nbsp;Bingyu Li ,&nbsp;Yan Zhu","doi":"10.1016/j.csi.2024.103851","DOIUrl":"10.1016/j.csi.2024.103851","url":null,"abstract":"<div><p>Blockchain technology has demonstrated promising potential for covert communication. Although a series of studies have investigated blockchain-based covert communication, systematic research on the information-hiding patterns and covert communication patterns built on the blockchain is absent. This paper aims to conduct a comprehensive analysis of the related patterns. Based on intensive investigation, we abstract and propose a reference model for blockchain-based covert communication. We accordingly identify five types of covert communication patterns, each with different roles for covert senders and covert receivers, which enable one-to-one and one-to-many communication. Using Bitcoin as an example, we analyze the data distribution of covert channels within the block and transaction structure. Furthermore, we compare the hiding patterns and covert communication patterns and discuss the challenges and promising directions to achieve secure, robust, and cost-effective covert communication using blockchain. This work can provide valuable insights into the potential of blockchain technology for covert communication and lay the foundation for future research in this area.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140151519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Consensus algorithms based on collusion resistant publicly verifiable random number seeds","authors":"Ping Wang ,&nbsp;Longhuai Cao ,&nbsp;Yong Hu ,&nbsp;Zhiwei Sun","doi":"10.1016/j.csi.2024.103853","DOIUrl":"10.1016/j.csi.2024.103853","url":null,"abstract":"<div><p>Publicly verifiable random number seeds are widely used in distributed systems and applications, especially in consensus algorithms. The purpose was to distribute the tasks and benefits among the participants fairly. A secure and efficient consensus algorithm is the foundation and guarantee of blockchain. We have been working on more concise, fair, and secure blockchain consensus algorithms. In this paper, we propose a new, more concise, efficient, and publicly verifiable random number seed generation scheme based on the existing secret sharing scheme and one-way function. We combined it with two blockchain consensus algorithms to improve the security and efficiency of the original scheme.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140127120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Multi-type requirements traceability prediction by code data augmentation and fine-tuning MS-CodeBERT","authors":"Ali Majidzadeh,&nbsp;Mehrdad Ashtiani,&nbsp;Morteza Zakeri-Nasrabadi","doi":"10.1016/j.csi.2024.103850","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103850","url":null,"abstract":"<div><p>Requirement traceability is a crucial quality factor that highly impacts the software evolution process and maintenance costs. Automated traceability links recovery techniques are required for a reliable and low-cost software development life cycle. Pre-trained language models have shown promising results on many natural language tasks. However, using such pre-trained models for requirement traceability needs large and quality traceability datasets and accurate fine-tuning mechanisms. This paper proposes code augmentation and fine-tuning techniques to prepare the MS-CodeBERT pre-trained language model for various types of requirements traceability prediction including documentation-to-method, issue-to-commit, and issue-to-method links. Three program transformation operations, namely, Rename Variable, Swap Operands, and Swap Statements are designed to generate new quality samples increasing the sample diversity of the traceability datasets. A 2-stage and 3-stage fine-tuning mechanism is proposed to fine-tune the language model for the three types of requirement traceability prediction on provided datasets. Experiments on 14 Java projects demonstrate a 6.2% to 8.5% improvement in the precision, 2.5% to 5.2% improvement in the recall, and 3.8% to 7.3% improvement in the F1 score of the traceability prediction models compared to the best results from the state-of-the-art methods.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140030669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Is mouse dynamics information credible for user behavior research? An empirical investigation","authors":"Eduard Kuric ,&nbsp;Peter Demcak ,&nbsp;Matus Krajcovic ,&nbsp;Peter Nemcek","doi":"10.1016/j.csi.2024.103849","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103849","url":null,"abstract":"<div><p>Mouse dynamics, information on user’s interaction with a computer mouse, are in vogue in machine learning for purposes such as recommendations, personalization, prediction of user characteristics and behavioral biometrics. We point out a blind spot in current works involving mouse dynamics that originates in underestimating the gravity of the characteristics of the mouse device and configuration on the data that mouse dynamics are inferred from. In a controlled study with <span><math><mrow><mi>N</mi><mo>=</mo><mn>32</mn></mrow></math></span> participants, across three kinds of mouse interaction activities, we collect data for mouse dynamics utilizing a variety of mouse parameter configurations. We show that mouse dynamics commonly used in studies can be significantly altered by differences in mouse parameters. Out of 108 evaluated mouse dynamics metrics, 95 and 84 are affected between two conducted studies. A machine learning model’s performance can be warped by the mouse parameters being used. We demonstrate on a prediction task that mouse parameters cannot be approached uniformly and without consideration. We discuss methodological implications — how mouse dynamics studies should account for the diversity of mouse-related conditions.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000187/pdfft?md5=22261c4aa60a750f67561046e5e7ba1b&pid=1-s2.0-S0920548924000187-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140041900","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Revocable certificateless Provable Data Possession with identity privacy in cloud storage","authors":"Kai Zhang ,&nbsp;Zirui Guo ,&nbsp;Liangliang Wang ,&nbsp;Lei Zhang ,&nbsp;Lifei Wei","doi":"10.1016/j.csi.2024.103848","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103848","url":null,"abstract":"<div><p>Provable Data Possession (PDP) has gained widespread adoption for ensuring the integrity of data in remote cloud storage, where a data owner can delegate a third party auditor (TPA) to perform data auditing. To eliminate key escrow problem or complicated certificate management in classic solutions, numerous certificateless PDP schemes have been proposed while they failed to achieve efficient user revocation and protect user identity privacy. Therefore, we propose ReCIP, a revocable certificateless PDP scheme with identity privacy, where a TPA can perform public data integrity batch verification for a user while learning no useful knowledge about user identity privacy. Technically, we introduce a new user revocation strategy that directly revokes users’ secret keys, with no correlation to the number of data blocks in place for revocation time cost. To further boost the efficiency of ReCIP, we employ a semi-generic online–offline strategy to obtain an online–offline ReCIP (ReCIPoo) to reduce the time cost of tag generation. Moreover, we conduct a formal security proof of ReCIP, where the security is reduced to simple computational Diffie–Hellman problem and discrete logistic problem. Compared to state-of-the-art solutions, our ReCIPoo achieves comparable computation and communication cost while still achieving user revocation and protecting user identity privacy.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139992786","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hybrid collaborative filtering using matrix factorization and XGBoost for movie recommendation","authors":"Gopal Behera ,&nbsp;Sanjaya Kumar Panda ,&nbsp;Meng-Yen Hsieh ,&nbsp;Kuan-Ching Li","doi":"10.1016/j.csi.2024.103847","DOIUrl":"10.1016/j.csi.2024.103847","url":null,"abstract":"<div><p>Nowadays, e-commerce platforms, such as Amazon, Flipkart, Netflix and YouTube, extensively use recommender systems (RS) techniques. Collaborative filtering (CF) is used widely among all RS techniques. A CF analyzes the user’s preference from past data, like ratings, and then suggests actual items to the intended user. The existing techniques compute the similarity between users/items and predict the ratings. However, most of them indicate the user’s preference for the items using a single technique, which may produce poor results. This paper proposes a hybrid CF technique to enhance the movie recommendation (HCFMR). The HCFMR consists of two modules. The first module finds the prediction score with the help of matrix factorization (MF) and passes the prediction score as input to the prediction algorithm, i.e., extreme gradient boosting (XGBoost). The second module generates handcrafted features, such as similar users and movies, along with the user, item and global average. Finally, these features are supplied to the XGBoost to predict the rating score of the movie and recommend the topmost movie to the user. We conduct various simulations on real-world datasets to verify the effectiveness of the proposed technique against the baseline techniques. The exploratory outcomes signify that the HCFMR technique outperforms the baselines and provides a better prediction on the benchmark datasets.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139953919","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Detection of DDoS attacks in SDN-based VANET using optimized TabNet","authors":"Mohamed Ali Setitra,&nbsp;Mingyu Fan","doi":"10.1016/j.csi.2024.103845","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103845","url":null,"abstract":"<div><p>Vehicular Ad Hoc Network (VANET) serves as a crucial component in developing the Intelligent Transport System (ITS), which provides a range of services expected to increase road safety and improve the global driving experience. At the same time, Software Defined Network (SDN) is a promising solution for VANET communication security due to the risk related to the dynamic nature of the vehicular network. However, the centralized structure of SDN-based VANET exposes vulnerabilities to Distributed Denial of Service (DDoS) attacks, which can significantly impact the network’s performance. This work presents a deep learning technique for identifying DDoS attacks in SDN-based VANET, commonly called TabNet, a cutting-edge deep learning model for tabular data that generally surpasses traditional machine learning models regarding crucial performance metrics. The model underwent hyperparameter tuning and employed Adam optimization to enhance its performance. Comparative evaluations against other machine learning algorithms demonstrated the proposed model’s robustness, achieving an overall accuracy of 99.42%. Our suggested method presents a potential solution for detecting DDoS attacks in SDN-based VANET, outperforming conventional techniques in terms of accuracy and efficiency.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139907908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Elliptic code-based oblivious polynomial evaluation","authors":"Yang Yang,&nbsp;Peidong Guan,&nbsp;Haibo Tian,&nbsp;Fangguo Zhang","doi":"10.1016/j.csi.2024.103846","DOIUrl":"10.1016/j.csi.2024.103846","url":null,"abstract":"<div><p>Oblivious polynomial evaluation (OPE) constitutes a crucial element in various two-party computation protocols, including private set intersection, data mining, and oblivious keyword search. Consequently, the development of an efficient OPE protocol is of paramount significance. Leveraging the homomorphic properties of encryption algorithms offers an effective avenue for constructing such a protocol. In this paper, we propose an elliptic code-based symmetric homomorphic encryption scheme that incorporates concepts introduced by Armknecht et al. We also provide parameter selection tailored to various security levels. This encryption scheme accommodates arbitrary additions and a finite number of multiplication operations. Expanding on our encryption scheme, we introduce three practical and straightforward OPE protocols that are fully compatible with our encryption framework. We complement these protocols with a comprehensive security analysis. Our protocols not only achieve a high level of security but also exhibit efficiency, requiring only two message transmissions for the entire OPE process. Furthermore, our protocols can concurrently compute function values at multiple evaluation points, whether for distinct functions or the same function.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-02-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139928101","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}