Post-quantum convolution: signature aggregation based on enhancement gate SNARG

Author: ; Wan; Wang

Journal: IEEE on and

Publication time: 2025/02/21

Abstract: Blockchain Layer 2 solution aims to solve scalability problems in Layer 1 networks by improving transaction efficiency and alleviating congestion. is a well-known layer 2 extension protocol that uses an aggregate signature scheme based on concise non-interactive knowledge parameters (SNARG) to package transactions. The further promotion of the summary faces the challenge of balancing computing efficiency and communication costs. Furthermore, with the continuous development of quantum computing, the transition to back quantum cryptography is considered crucial to long-term security. Our main contribution is a polymerization signature scheme for post-quantum accumulation based on a new SNARG scheme. The proposed SNARG is based on a circuit with enhanced custom gates (called ECG circuits) and a quantum post-multilinear polynomial commitment scheme (). The former can represent more complex operations while also controlling the scale of witnesses. The latter achieves the proposed quantum-resistant security of SNARG and polymeric signatures. Our solution achieves lower aggregation and communication overhead compared to Orion-based aggregation signatures. Performance analysis shows that aggregation time is reduced by 38% and communication costs are reduced by 88%. As an additional contribution, we introduce a new polynomial interactive oracle proof() protocol for ECG circuits, which can be combined with a multilinear scheme to form a SNARG protocol with lower computational and communication overhead compared to existing schemes.

Original link

Server-side data insider attack detection architecture based on HSM

Author: Marc Dib;

Journal: IEEE on and

Publication time: 2025/02/21

Abstract: In this paper, we propose an HSM-based architecture to detect internal attacks on server-side data. Our proposed architecture combines four cryptography-based defense mechanisms: non-certificate-based process authentication (NBPA), hash-based field integrity (HBFI), Hash-based field availability (HBFA), and Hash-based Row (HBRA). The new architecture aims to detect predefined comprehensive attack models for server-side data customized for HSM-based architectures. The implementation results show that the throughput drop is mostly manageable (14% in NBPA, 30-50% in HBFI, 25% in HBFA, and 43.74% in combination of all mechanisms), indicating that some mechanisms are more or less appropriate depending on the situation. Furthermore, the HBRA mechanism performed well in terms of attack detection time (5 minutes for 1000 entries).

Original link

HELM: Navigate homomorphic encryption through gate and lookup table

author: ; ;

Journal: IEEE on and

Publication time: 2025/02/20

Abstract: As cloud computing continues to be widely adopted, protecting the confidentiality of data entrusted to third-party cloud service providers has become a key issue. While traditional encryption methods provide protection for data at rest and in transmission, they appear to be out of reach when it comes to the most important locations, i.e. during data processing. To address this limitation, we propose HELM, a framework for privacy-protected data processing using homomorphic encryption. HELM automatically converts any program (such as) represented in the Hardware Description Language (HDL) into equivalent homomorphic circuits, which can then be calculated efficiently using encrypted inputs. HELM has three encryption evaluation modes: a) a gate mode consisting of Boolean gates, b) a small-precision lookup table mode that significantly reduces the size of the circuit by combining multiple gates into a lookup table, and c) a high-precision lookup table mode tuned for multi-bit arithmetic evaluation. Finally, HELM introduces a scheduler that utilizes the inherent parallelism in arithmetic and Boolean circuits to effectively evaluate encryption programs. We use real-world applications such as ISCAS'85 and ISCAS'89 benchmark suites as well as real-world applications such as image filtering and neural network inference to evaluate HELM. In our experimental results, we report that HELM can be up to 65 times higher than previous work.

Original link

A Web service platform maximum similarity function encryption scheme that supports privacy protection

Author: Chen; Kaili Long; Xie; Qiqi Lai; Yilei Wang; Ni Li

Journal: IEEE on and

Publication time: 2025/02/20

Abstract: As a common metric, web platforms widely use the maximum similarity between two objects to provide matching services. However, the calculation of maximum similarity involves data from many sensitive or confidential users, and web platform servers are often untrusted, who may peek at the data out of curiosity and may even sell it to unauthorized entities to make profits. Therefore, how to calculate the maximum similarity while ensuring user data privacy has become a research hotspot in the field of functional encryption. Unfortunately, when dealing with this, they all leak some intermediate results to the web platform server. This paper proposes a new functional encryption scheme that supports the maximum similarity of privacy protection, which enables web service platforms to calculate maximum similarity without learning any other information about their data. In addition, we provide a formal analysis to demonstrate the safety of the proposed scheme, followed by some experimental evaluations and a comprehensive comparison with the related work. This shows that our solution is the first functional encryption to achieve maximum similarity without revealing intermediate results, while achieving higher security function privacy, as well as traditional data privacy.

Original link

RSNet: Regional-specific network for contactless palm vein authentication

Author: Dacan Luo; Huang; Weili Yang; M. Saad; Kang

Journal: IEEE on and

Publication time: 2025/02/20

Abstract: More palm features, such as veins and shapes obtained from magnified non-contact palm vein area of ​​interest (ROI), have been shown to improve recognition performance. However, some efforts have been made to make the most of these characteristics to mine identity information. To address this problem, we propose a region-specific network (RSNet) for contactless palm vein authentication. Our RSNet is a two-branch structure for global and local feature extraction. First, a region-based local feature enhancement block (RLEB) is proposed at the local branch to extract region-specific features. In RLEB, based on the physiological features of the palm vein and palm shape, the intermediate feature map is divided into three asymmetric plaques to extract diverse features and enhance the representation of local features. Then, a multi-scale aggregation block (MAB) is proposed that effectively aggregates multi-scale features at a more refined level. In addition, to guide global and local branch learning complementary features, differential loss is introduced during the training process to apply soft subspace orthogonal constraints between global and local vectors. Global branches are designed to help the learning process of local features and are not used for inference. A large number of experiments have proved the effectiveness and superiority of this method, and RSNet has achieved new latest certification performance (SOTA) for seven public contactless palm vein databases in open set scenarios.

Original link

FeCo: Improves intrusion detection capabilities in the Internet of Things through comparative learning

Author: Ning Wang; Shi; Yimin Chen; Lou; Y. Hou

Journal: IEEE on and

Publication time: 2025/02/20

Abstract: Over the past decade, the Internet of Things (IoT) has penetrated into our daily lives with a wide range of applications. However, the lack of sufficient security in IoT devices makes IoT systems vulnerable to various network-based cyber attacks that can cause serious damage. Recent work explores the use of machine learning to build anomaly detection models to defend against such attacks. In this paper, we propose FeCo, a joint contrast learning framework that is coordinated in cyber IoT devices to jointly learn intrusion detection models. FeCo utilizes federated learning to alleviate user privacy issues, because participating devices submit only their model parameters, not the original local data. Compared with previous work, we have developed a new representational learning method based on contrast learning, which can be more accurate for benign class learning. Compared with previous work, FeCo significantly improves the accuracy of intrusion detection. Furthermore, we implement a two-step feature selection scheme to avoid overfitting and reduce computation time. Through extensive experiments on NSL-KDD datasets and BaIoT datasets, we demonstrate that FeCo achieves up to 8% accuracy improvements compared to state-of-the-art technology and is robust to non-independent and homodistributed (non-IID) data. Our implementation of FeCo on Raspberry Pi devices further confirms the applicability of FeCo to resource-constrained IoT devices.

Original link

Understand the security risks of websites that use cloud storage to directly upload user files

Author: Chen; Yuwei Li; Lu; Zulie Pan; Yuan Chen Ji; Yu Chen

Journal: IEEE on and

Publication time: 2025/02/20

Abstract: With the increasing demand for website data storage, it has become increasingly common to use cloud storage services to store large amounts of user files. Today, a new file upload scenario has been introduced, allowing web users to upload files directly to cloud storage services. This new scenario provides convenience, but involves more roles (i.e., web users, web servers, and cloud storage services) and their interactions, bringing new security threats. In this article, we performed the first system security study in this scenario. Through in-depth analysis, we identified six new types of vulnerabilities and conducted real-world measurements of the top 500 websites in Alexa Rank. Among these websites, 182 (36.4%) use cloud storage services, indicating the widespread use of the cloud. We then conducted a detailed analysis of 28 popular websites that allow users to upload. Surprisingly, they all have at least one of six types of vulnerabilities. In total, we discovered 79 new vulnerabilities and reported them to the website responsibly. Many popular websites have responded positively, including Google, and CSDN. wait. We discuss the root causes of these vulnerabilities and propose possible mitigation methods. In short, our work is of great value to understand the security risks of website cloud storage services and to facilitate future research.

Original link

Grid-based non-interactive identity-based multi-signature scheme with public key aggregation

Author: Chen; Huang; Xiao; Li; Qiong Huang

Journal: IEEE on and

Publication time: 2025/02/19

Abstract: Due to limited computing and storage capabilities, wireless medical sensor networks (WMSNs) encounter considerable overhead when handling storage and verification of large numbers of signatures. Multi-signature allows a group of signers to generate a single compact signature on the same message, significantly reducing storage requirements and communication bandwidth in the WMSN. However, traditional multi-signature schemes are not quantum resistant, because their security assumptions will be compromised as quantum computing develops rapidly. Alternatively, lattice-based cryptography is widely believed to be able to withstand quantum computing attacks. In this paper, we introduce a non-interactive identity-based multi-signature scheme (IBMS-pka) that resists quantum attacks from grids with public key aggregation. By utilizing the small integer solution (SIS) assumption, our scheme proves safe in a random oracle model. Furthermore, our scheme allows users to select their system identity (e.g., physical IP address or email address) as public keys compared to PKI-based schemes and avoids additional communication costs compared to interactive schemes. At the same time, experiments show that our program is superior to other related work. Specifically, multi-signature generation has slightly higher efficiency compared to other related solutions, while multi-signature verification has greater enhancement. Furthermore, performance improvements become more obvious as the number of signers increases.

Original link

Policy-driven sanitary cross-domain access control with dynamic authorization

Author: Sun; Xu; Li; Zhang; Cong Wu; Yang

Journal: IEEE on and

Publication time: 2025/02/18

Abstract: The growing demand for secure and efficient data sharing highlights the importance of developing robust encryption solutions. However, many existing efforts overlook the following key issues: (1) unauthorized access caused by malicious information leakage on the sender; (2) no restrictions on participants' write and read permissions; (3) and lack of flexibility in the policy of dynamically specifying ciphertexts to multiple recipients. In this paper, we propose SCPA, a cross-domain access control scheme driven by disinfection and policy-driven dynamic authorization, dedicated to cloud-based data sharing. This scheme not only facilitates access control, including provisions that do not read and write, manages data that the sender allows to transmit and data that the receiver allows to obtain, but also supports dynamic sharing of a subset of data ciphertext with other recipients other than the initially approved recipient. We also provide comprehensive security proofs that strictly demonstrate the security of the invented SCPA. Furthermore, to evaluate the efficacy of our SCPA, we conducted thorough theoretical and experimental analysis, demonstrating its feasibility and superior performance.

Original link

Adaptive event trigger control of uncertain nonlinear full-state constraint CPS under spoof attack

Author: Zhang; Ben Niu; Wang; Zhao

Journal: IEEE on

Publication time: 2025/02/18

Abstract: Several adaptive event trigger control (ETC) strategies are proposed for a class of uncertain nonlinear network physical systems (CPS), under constant or time-varying full state constraints, and through spoofing attacks through advanced networks. Subsequently, by directly imposing constraints on the tradeoff state, two innovative asymptotic integral barrier functions (IBLF) were developed, thus eliminating the necessity of converting state constraints into error constraints required by traditional BLF-based methods. Furthermore, the controller designed using the relative/switch threshold event triggering strategy ensures that all signals within the entire closed-loop system remain bounded, constant or time-varying full-state constraints are not broken, and asymptotic stability is obtained without Zeno behavior. Finally, through an example, the simulation results verify the effectiveness of the proposed strategy.

Original link

S-: Fast and efficient defense against patch-based backdoor attacks

Author: Yang; Zhuo Ma; Yihua Li; Yang Liu; Liu; Ma

Journal: IEEE on and

Publication time: 2025/02/18

Abstract: Recent research highlights the serious threat posed by backdoor attacks when deep model training on data from untrusted sources. Despite various backdoor attack paradigms, patch-based approaches remain the most popular and effective way to poison. However, current defenses against such attacks often appear to be primary and highly inefficient, and sometimes take several days to achieve. To mitigate this, we propose a fast and efficient way to defend against patch-based backdoor attacks, called S-. S-Based on the model's high confidence in poisoned samples and the consistency of backdoor pixels, it quickly identifies whether the untrusted data set is backdoored and determines the backdoor label. S-election ratios ranging from 30 to 259 than existing backdoor attack detection schemes. Furthermore, we utilize exceptions of the backdoor pixels to invert the backdoor trigger, resulting in a 0.6 to 32-fold increase in similarity compared to the existing method. To obtain a clean model, the S-teake accurately locates the poisoned sample through similarity calculations with an accuracy of nearly 100%. Using the accuracy of the reverse trigger, the S-teake uses a repair method to convert the poisoned sample into a clean sample, with an accuracy of 8.16%.

Original link

Generate keys using untrusted internal eavesdroppers: Token-based anti-elimination

Author: Huici Wu; Yi Fang; Na Li; Xin Yuan; Wei; Nan

Journal: IEEE on and

Publication time: 2025/02/18

Abstract: Physical layer (PHY) key generation (SKG) has been widely studied as a promising method to achieve one-time security. The increase in SKG rates is a huge challenge, especially in the presence of untrusted internal assistants or eavesdroppers designed to eavesdrop on keys negotiated between legitimate parties. This paper proposes a token-based SKG scheme to solve the information leakage problem in internal eavesdropping attacks. The basic idea is to cover the random pilot with a protection token to confuse the eavesdroppers. Three scenarios: passive external eavesdropping, active internal eavesdropping with reconfigurable intelligent surface (RIS) assistance, and active internal eavesdropping with untrusted relay were considered and analyzed to evaluate the performance of the proposed anti-eavesdropping scheme. Theoretical analysis shows that the proposed token-based SKG scheme can protect key negotiation well, and can achieve zero information leakage even in the case of untrusted relay without direct links between Alice and Bob. In addition, a closed expression of key capacity (SKC) is obtained. Finally, the numerical results show that the proposed scheme is superior to the existing method. Using tokens with larger amplitude and phase differences, our approach achieves enhanced SKC performance in a variety of scenarios, including scenarios with passive eavesdroppers, RIS-assisted untrusted assistants, and untrusted relays.

Original link