3,698 publications found
Sort by
Efficient Multi-Party EdDSA Signature With Identifiable Aborts and its Applications to Blockchain

The security of secret keys for blockchain-based applications is increasingly important, partly because the theft of secret keys will render a significant financial loss. To guarantee the security of secret keys, many multi-party signature protocols have been proposed. However, few of them are designed for EdDSA-based blockchain that is developing in growth. The folklore and the NIST document for standardizing threshold schemes believe that a distributed hash evaluation is required to design multi-party EdDSA protocols, which leads to a relatively large overhead. In this paper, we present two practical multi-party EdDSA protocols for semi-honest and malicious settings. Our protocols eliminate the distributed hashing by securely maintaining a global state, which is feasible for EdDSA-based blockchain. Furthermore, we extend the malicious protocol to resist DoS attacks by identifying corrupted parties in case of execution aborts. We implemented our EdDSA protocols for different parties using Alibaba cloud servers with all instances of type ecs.t5-c1m2.large. Our protocol in the malicious setting takes 1.51-15.3 ms between 2 parties and 5 parties, and are two orders of magnitude faster than the recent threshold EdDSA protocol. These properties (efficient, identifiable abort, high compatibility) make the two protocols ideal for threshold wallets for EdDSA-based cryptocurrency.

Relevant
Everything Under Control: Secure Data Sharing Mechanism for Cloud-Edge Computing

Cloud-edge computing is a new paradigm for data sharing. Many computation tasks are assigned to multiple edge nodes to mitigate the computing burden of the cloud and data is also outsourced to them to provide real-time services for IoT devices. However, two major issues remain, namely data privacy and real-world deployment. According to the data privacy rights and principles that stated by General Data Protection Regulation (GDPR), data access control, restriction of data processing and finding inaccuracy data are critical issues that should be tackled in cloud-edge computing. Besides, since there are various types of devices and many of them are resource-constrained, how to efficiently apply deployment in cloud-edge computing is challenging for practice. In this work, we propose a new cryptographic primitive Controllable Outsourced Attribute-Based Proxy Re-Encryption (COAB-PRE) and a universal WebAssembly-based implementation framework for cross-platform deployment. In particular, COAB-PRE achieves bilateral and distributed access control whereby data producers and data consumers can both specify policies the other party must satisfy without a centralized access control server. The property, that we called controllable delegation, restricts the data processing on the edge nodes. COAB-PRE also supports comprehensive verifiability to find out a wrong result produced by the edge nodes and locate the misbehaved one. Moreover, we further discussed the potential property of COAB-PRE and put forward an improved scheme with high efficiency on devices. We also implemented our scheme using the approach and deployed it on different devices for experiment. All theoretical and experimental results indicate that our solution is secure and practical, and our implementation is suitable for cloud-edge computing.

Relevant
Jamming and Eavesdropping Defense Scheme Based on Deep Reinforcement Learning in Autonomous Vehicle Networks

As a legacy from conventional wireless services, illegal eavesdropping is regarded as one of the critical security challenges in Connected and Autonomous Vehicles (CAVs) network. Our work considers the use of Distributed Kalman Filtering (DKF) and Deep Reinforcement Learning (DRL) techniques to improve anti-eavesdropping communication capacity and mitigate jamming interference. Aiming to improve the security performance against smart eavesdropper and jammer, we first develop a DKF algorithm that is capable of tracking the attacker more accurately by sharing state estimates among adjacent nodes. Then, a design problem for controlling transmission power and selecting communication channel is established while ensuring communication quality requirements of the authorized vehicular user. Since the eavesdropping and jamming model is uncertain and dynamic, a hierarchical Deep Q-Network (DQN)-based architecture is developed to design the anti-eavesdropping power control and possibly channel selection policy. Specifically, the optimal power control scheme without prior information of the eavesdropping behavior can be quickly achieved first. Based on the system secrecy rate assessment, the channel selection process is then performed when necessary. Simulation results confirm that our jamming and eavesdropping defense technique enhances the secrecy rate as well as achievable communication rate compared with currently available techniques.

Relevant
Detecting Locally, Patching Globally: An End-to-End Framework for High Speed and Accurate Detection of Fingerprint Minutiae

Billions of fingerprint images are acquired and matched to protect the national borders and in a range of egovernance applications. Fast and accurate minutiae detection from fingerprint images is the key to advance fingerprint matching algorithms for large-scale applications. However, currently available fingerprint minutiae extraction methods are not accurate and fast enough to support such large-scale applications. This paper proposes a new method that uses a lightweight pixelwise local dilated neural network to extract local features and a patch-wise global neural network to recover the global features. It consolidates the local and global fingerprint features to generate a full-size minutiae location map, and then accurately localizes the minutiae positions by using a recursive connected components algorithm. We design a new loss function to accurately detect minutia orientation and incorporate a dynamic end-to-end loss to provide effective supervision in learning discriminant features. It is due to the proposed design and loss function that can enable higher accuracy with significantly less computations. We present reproducible experimental results from five publicly available contact-based and contactless databases that indicate significant improvement in the minutiae detection accuracy, which also leads to enhanced fingerprint matching accuracy. Since the minutiae represent key points in the fingerprint images, the proposed end-to-end minutiae detection method also has a potential to be employed in many other key points detection tasks.

Relevant
Information-Containing Adversarial Perturbation for Combating Facial Manipulation Systems

With the development of deep learning technology, the facial manipulation system has become powerful and easy to use. Such systems can modify the attributes of the given facial images, such as hair color, gender, and age. Malicious applications of such systems pose a serious threat to individuals’ privacy and reputation. Existing studies have proposed various approaches to protect images against facial manipulations. Passive defense methods aim to detect whether the face is real or fake, which works for posterior forensics but can not prevent malicious manipulation. Initiative defense methods protect images upfront by injecting adversarial perturbations into images to disrupt facial manipulation systems but can not identify whether the image is fake. To address the limitation of existing methods, we propose a novel two-tier protection method named Information-containing Adversarial Perturbation (IAP), which provides more comprehensive protection for facial images. We use an encoder to map a facial image and its identity message to a cross-model adversarial example which can disrupt multiple facial manipulation systems to achieve initiative protection. Recovering the message in adversarial examples with a decoder serves passive protection, contributing to provenance tracking and fake image detection. We introduce a feature-level correlation measurement that is more suitable to measure the difference between the facial images than the commonly used mean squared error. Moreover, we propose a spectral diffusion method to spread messages to different frequency channels, thereby improving the robustness of the message against facial manipulation. Extensive experimental results demonstrate that our proposed IAP can recover the messages from the adversarial examples with high average accuracy and effectively disrupt the facial manipulation systems.

Open Access
Relevant
Using Highly Compressed Gradients in Federated Learning for Data Reconstruction Attacks

Federated learning (FL) preserves data privacy by exchanging gradients instead of local training data. However, these private data can still be reconstructed from the exchanged gradients. Deep leakage from gradients (DLG) is a classical reconstruction attack that optimizes dummy data to real data by making the corresponding dummy and real gradients as similar as possible. Nevertheless, DLG fails with highly compressed gradients, which are crucial for communication-efficient FL. In this study, we propose an effective data reconstruction attack against highly compressed gradients, called highly compressed gradient leakage attack (HCGLA). In particular, HCGLA is characterized by the following three key techniques: 1) Owing to the unreasonable optimization objective of DLG in compression scenarios, we redesign a plausible objective function, ensuring that compressed dummy gradients are similar to the compressed real gradients. 2) Instead of simply initializing dummy data through random noise, as in DLG, we design a novel dummy data initialization method, Init-Generation, to compensate for information loss caused by gradient compression. 3) To further enhance reconstruction quality, we train an ad hoc denoising model using the methods of “first optimizing, next filtering, and then reoptimizing”. Extensive experiments on various benchmark data sets and mainstream models show that HCGLA is an effective reconstruction attack even against highly compressed gradients of 0.1%, whereas state-of-the-art attacks can only support 70% compression, thereby achieving a 700-fold improvement.

Relevant
Efficient and Provably Secure Data Selective Sharing and Acquisition in Cloud-Based Systems

Towards the large amount of data generated everyday, data selective sharing and acquisition is one of the most significant data services in cloud-based systems, which enables data owners to selectively share their data to some particular users, and users to selectively acquire some interested data. However, it is challenging to protect data security and user privacy during data selective sharing and selective acquisition, because cloud servers are curious about the data or user’s interests, and even send data to some unauthorized users or some uninterested users. In this paper, we propose an efficient and provably secure Data selective Sharing and Acquisition ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\sf DSA}$ </tex-math></inline-formula> ) scheme for cloud-based systems. Specifically, we first formulate a generic data selective sharing and acquisition problem in cloud-based systems by identifying several design goals in terms of correctness, soundness, security and efficiency. Then, we propose the <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\sf DSA}$ </tex-math></inline-formula> scheme to enable data owners to control the access of their data in a fine-grained manner, and enable users to refine the data acquisition without revealing their interests. Technically, a brand new cryptographic framework is developed to integrate attribute-based encryption with searchable encryption. Finally, we prove that the proposed <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\sf DSA}$ </tex-math></inline-formula> scheme is correct, sound, secure in the random oracle model, and efficient in practice.

Relevant
Security Analysis of Scan Obfuscation Techniques

Scan is the de-facto standard for testing, which provides high observability and test coverage by enabling direct access to chip memory elements. The scan-based Design-for-Testability (DfT) technique has also become the prime target of attackers whose aim is to extract the secret information embedded inside a chip by misusing its scan infrastructure. Several countermeasures have been proposed to protect the chip against scan-based attacks. Recently, obfuscation-based defense mechanisms have gained significant popularity, which protect scan data by corrupting some of the scan cell’s content. In this paper, we perform a detailed security analysis of three best-known obfuscation techniques, namely, static, dynamic, and advanced dynamic obfuscation techniques, designed to protect the AES crypto-chip. We exploit their vulnerabilities and propose a generic scan-based signature attack, leading to the leakage of the secret cipher key that too, using only one observable scan cell. We also propose upgrades to the two dynamic scan obfuscation techniques to patch the discovered vulnerabilities with negligible changes to the original design. In order to show the generality of the attack, we also applied our attack to the similar cipher PRESENT and seven other scan obfuscation techniques. The result shows that in addition to the above three best-known obfuscation techniques, five out of the seven other scan obfuscation techniques were also successfully broken by our generic attack.

Relevant