查看更多>>摘要:Edge computing,which achieves quick data processing by sinking data computing and storage to the network edge,has grown rapidly along with the Internet of things.The new network architecture of edge computing brings new security challenges.Based on this,this paper investigates the edge computing security literature pub-lished in recent years and summarizes and analyzes research work on edge computing security from different attack surfaces.We start with the definition and architecture of edge computing.From the attack surface between device and edge server,as well as on edge servers,the research describes the security threats and defense methods of edge computing.In addition,the cause of the attack and the pros and cons of defense methods is introduced.The chal-lenges and future research directions of edge computing are given.
查看更多>>摘要:Recent results show that the differential properties within quadruples boom as a new inspiration in cryptanalysis of Advanced Encryption Standard(AES)-like constructions.These methods include the exchange at-tack proposed in Asiacrypt'19,the mixture differential attack proposed in ToSC'18,etc.,where the essential proper-ties are obtained by manually scrutinizing the structures of the AES-like constructions.This paper presents a novel framework and an automatic tool based on mixed integer linear programming to search for mixture differential dis-tinguishers for general constructions.This framework considers what equality patterns among quadruples can make a distinguisher and traces how the patterns propagate through cipher components with accurate probability estimation.With this tool,a 5-round AES distinguishing attack with lower complexity and more 6-round distinguishing attacks in the chosen plaintext scenarios are deduced.We prove that no exchange-type or mixture differential distinguisher exists for 7 and above rounds AES if the details of the Sbox and MixColumns matrix are not taken into account.
查看更多>>摘要:The scarcity of spectrum resources fails to meet the increasing throughput demands of vehicular net-works.There is an urgent need to maximize the utilization of spectrum bands in mobile networks.To ascertain the availability of spectrum bands,users should engage in wireless channel sensing and collaboration.However,spectrum sensing data always involves users'privacy,such as their location.This paper first introduces sensing trajectory infer-ence attack in cognitive vehicular networks and then proposes a data confusion-based privacy-preserving algorithm and a cryptonym array-based privacy-preserving aggregation scheme for spectrum sensing in cognitive vehicular net-works.Unlike existing methods,the proposed schemes transmit confused data during the aggregation process.This deliberate obfuscation makes it almost impossible to infer users'location from the transmitted data.The analysis demonstrates the resilience of the proposed schemes against sensing trajectory inference attack.
查看更多>>摘要:Because of the increasing number of threats in the IoT cloud,an advanced security mechanism is needed to guard data against hacking or attacks.A user authentication mechanism is also required to authenticate the user accessing the cloud services.The conventional cryptographic algorithms used to provide security mecha-nisms in cloud networks are often vulnerable to various cyber-attacks and inefficient against new attacks.Therefore,developing new solutions based on different mechanisms from traditional cryptography methods is required to pro-tect data and users'privacy from attacks.Different from the conventional cryptography method,we suggest a secure mutual authentication protocol based on the visual cryptography technique in this paper.We use visual cryptogra-phy to encrypt and decrypt the secret images.The mutual authentication is based on two secret images and tickets.The user requests the ticket from the authentication server(AS)to obtain the permission for accessing the cloud ser-vices.Three shared secret keys are used for encrypting and decrypting the authentication process.We analyze the protocol using the Barrows-Abadi-Needham(BAN)-logic method and the results show that the protocol is robust and can protect the user against various attacks.Also,it can provide a secure mutual authentication mechanism.
查看更多>>摘要:In recent years,low recall rates and high dependencies on data labelling have become the biggest ob-stacle to developing deep anomaly detection(DAD)techniques.Inspired by the success of generative adversarial net-works(GANs)in detecting anomalies in computer vision and imaging,we propose an anomaly detection model called FlowGANAnomaly for detecting anomalous traffic in network intrusion detection systems(NIDS).Unlike traditional GAN-based approaches,which are composed of a flow encoder,a convolutional encoder-decoder-encoder,a flow de-coder and a convolutional encoder,the architecture of this model consists of a generator(G)and a discriminator(D).FlowGANAnomaly maps the different types of traffic feature data from separate datasets to a uniform feature space,thus can capture the normality of network traffic data more accurately in an adversarial manner to mitigate the problem of the high dependence on data labeling.Moreover,instead of simply detecting the anomalies by the output of D,we proposed a new anomaly scoring method that integrates the deviation between the output of two Gs'convo-lutional encoders with the output of D as weighted scores to improve the low recall rate of anomaly detection.We conducted several experiments comparing existing machine learning algorithms and existing deep learning methods(AutoEncoder and VAE)on four public datasets(NSL-KDD,CIC-IDS2017,CIC-DDoS2019,and UNSW-NB15).The evaluation results show that FlowGANAnomaly can significantly improve the performance of anomaly-based NIDS.
查看更多>>摘要:Boolean satisfiability problem(SAT)is now widely applied in differential cryptanalysis and linear cryptanalysis for various cipher algorithms.It generated many excellent results for some ciphers,for example,Salsa20.In this research,we study the differential and linear propagations through the operations of addition,rotation and XOR(ARX),and construct the SAT models.We apply the models to CRAX to search differential trails and linear trails automatically.In this sense,our contribution can be broadly divided into two parts.We give the bounds for differential and linear cryptanalysis of Alzette both up to 12 steps,by which we present a 3-round differential attack and a 3-round linear attack for CRAX.We construct a 4-round key-recovery attack for CRAX with time complexity 289 times of 4-round encryption and data complexity 225.
查看更多>>摘要:Type-Ⅱ generalized Feistel network(GFN)has attracted a lot of attention for its simplicity and high parallelism.Impossible differential attack is one of the powerful cryptanalytic approaches for word-oriented block ci-phers such as Feistel-like ciphers.We deduce the impossible differential of Type-Ⅱ GFN by analyzing the Boolean function in the middle round.The main idea is to investigate the expression with the variable representing the plain-text(ciphertext)difference words for the internal state words.By adopting the miss-in-the-middle approach,we can construct the impossible differential of Type-Ⅱ GFN.As an illustration,we apply this approach to WARP,a lightweight 128-bit block cipher with a 128-bit key which was presented by Banik et al.at SAC 2020.The structure of WARP is a 32-branch Type-Ⅱ GFN.Therefore,we find two 21-round truncated impossible differentials and imple-ment a 32-round key recovery attack on WARP.For the 32-round key recovery attack on WARP,some observa-tions are used to mount an effective attack.Taking the advantage of the early abort technique,the data,time,and memory complexities are 2125.69 chosen plaintexts,2126.68 32-round encryptions,and 2100-bit,repectively.To the best of our knowledge,this is the best attack on WARP in the single-key scenario.
查看更多>>摘要:With the rise of artificial intelligence and cloud computing,machine-learning-as-a-service platforms,such as Google,Amazon,and IBM,have emerged to provide sophisticated tasks for cloud applications.These propri-etary models are vulnerable to model extraction attacks due to their commercial value.In this paper,we propose a time-efficient model extraction attack framework called SwiftTheft that aims to steal the functionality of cloud-based deep neural network models.We distinguish SwiftTheft from the existing works with a novel distribution estimation algorithm and reference model settings,finding the most informative query samples without querying the victim mod-el.The selected query samples can be applied to various cloud models with a one-time selection.We evaluate our proposed method through extensive experiments on three victim models and six datasets,with up to 16 models for each dataset.Compared to the existing attacks,SwiftTheft increases agreement(i.e.,similarity)by 8%while consum-ing 98%less selecting time.
查看更多>>摘要:Echo state network(ESN)as a novel artificial neural network has drawn much attention from time series prediction in edge intelligence.ESN is slightly insufficient in long-term memory,thereby impacting the predic-tion performance.It suffers from a higher computational overhead when deploying on edge devices.We firstly intro-duce the knowledge distillation into the reservoir structure optimization,and then propose the echo state network based on improved knowledge distillation(ESN-IKD)for edge intelligence to improve the prediction performance and reduce the computational overhead.The model of ESN-IKD is constructed with the classic ESN as a student net-work,the long and short-term memory network as a teacher network,and the ESN with double loop reservoir struc-ture as an assistant network.The student network learns the long-term memory capability of the teacher network with the help of the assistant network.The training algorithm of ESN-IKD is proposed to correct the learning direc-tion through the assistant network and eliminate the redundant knowledge through the iterative pruning.It can solve the problems of error learning and redundant learning in the traditional knowledge distillation process.Extensive ex-perimental simulation shows that ESN-IKD has a good time series prediction performance in both long-term and short-term memory,and achieves a lower computational overhead.
查看更多>>摘要:Cloud storage is now widely used,but its reliability has always been a major concern.Cloud block storage(CBS)is a famous type of cloud storage.It has the closest architecture to the underlying storage and can provide interfaces for other types.Data modifications in CBS have potential risks such as null reference or data loss.Formal verification of these operations can improve the reliability of CBS to some extent.Although separation logic is a mainstream approach to verifying program correctness,the complex architecture of CBS creates some challenges for verifications.This paper develops a proof system based on separation logic for verifying the CBS data modifica-tions.The proof system can represent the CBS architecture,describe the properties of the CBS system state,and specify the behavior of CBS data modifications.Using the interactive verification approach from Coq,the proof sys-tem is implemented as a verification tool.With this tool,the paper builds machine-checked proofs for the functional correctness of CBS data modifications.This work can thus analyze the reliability of cloud storage from a formal per-spective.
万方数据