Showing papers in "IEEE Transactions on Dependable and Secure Computing in 2021"

SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities

Abstract: The detection of software vulnerabilities (or vulnerabilities for short) is an important problem that has yet to be tackled, as manifested by the many vulnerabilities reported on a daily basis. This calls for machine learning methods for vulnerability detection. Deep learning is attractive for this purpose because it alleviates the requirement to manually define features. Despite the tremendous success of deep learning in other application domains, its applicability to vulnerability detection is not systematically understood. In order to fill this void, we propose the first systematic framework for using deep learning to detect vulnerabilities in C/C++ programs with source code. The framework, dubbed Syntax-based, Semantics-based, and Vector Representations (SySeVR), focuses on obtaining program representations that can accommodate syntax and semantic information pertinent to vulnerabilities. Our experiments with 4 software products demonstrate the usefulness of the framework: we detect 15 vulnerabilities that are not reported in the National Vulnerability Database. Among these 15 vulnerabilities, 7 are unknown and have been reported to the vendors, and the other 8 have been “silently” patched by the vendors when releasing newer versions of the pertinent software products.

DeepChain: Auditable and Privacy-Preserving Deep Learning with Blockchain-Based Incentive

Abstract: Deep learning can achieve higher accuracy than traditional machine learning algorithms in a variety of machine learning tasks. Recently, privacy-preserving deep learning has drawn tremendous attention from information security community, in which neither training data nor the training model is expected to be exposed. Federated learning is a popular learning mechanism, where multiple parties upload local gradients to a server and the server updates model parameters with the collected gradients. However, there are many security problems neglected in federated learning, for example, the participants may behave incorrectly in gradient collecting or parameter updating, and the server may be malicious as well. In this article, we present a distributed, secure, and fair deep learning framework named DeepChain to solve these problems. DeepChain provides a value-driven incentive mechanism based on Blockchain to force the participants to behave correctly. Meanwhile, DeepChain guarantees data privacy for each participant and provides auditability for the whole training process. We implement a prototype of DeepChain and conduct experiments on a real dataset for different settings, and the results show that our DeepChain is promising.

Detecting Adversarial Image Examples in Deep Neural Networks with Adaptive Noise Reduction

Abstract: Recently, many studies have demonstrated deep neural network (DNN) classifiers can be fooled by the adversarial example, which is crafted via introducing some perturbations into an original sample. Accordingly, some powerful defense techniques were proposed. However, existing defense techniques often require modifying the target model or depend on the prior knowledge of attacks. In this paper, we propose a straightforward method for detecting adversarial image examples, which can be directly deployed into unmodified off-the-shelf DNN models. We consider the perturbation to images as a kind of noise and introduce two classic image processing techniques, scalar quantization and smoothing spatial filter , to reduce its effect. The image entropy is employed as a metric to implement an adaptive noise reduction for different kinds of images. Consequently, the adversarial example can be effectively detected by comparing the classification results of a given sample and its denoised version, without referring to any prior knowledge of attacks. More than 20,000 adversarial examples against some state-of-the-art DNN models are used to evaluate the proposed method, which are crafted with different attack techniques. The experiments show that our detection method can achieve a high overall F1 score of 96.39 percent and certainly raises the bar for defense-aware attacks.

PA-CRT: Chinese Remainder Theorem Based Conditional Privacy-Preserving Authentication Scheme in Vehicular Ad-Hoc Networks

Abstract: Existing security and identity-based vehicular communication protocols used in Vehicular Ad-hoc Networks (VANETs) to achieve conditional privacy-preserving mostly rely on an ideal hardware device called tamper-proof device (TPD) equipped in vehicles. Achieving fast authentication during the message verification process is usually challenging in such strategies and further they suffer performance constraints from resulting overheads. To address such challenges, this paper proposes a novel Chinese remainder theorem (CRT)-based conditional privacy-preserving authentication scheme for securing vehicular authentication. The proposed protocol only requires realistic TPDs, and eliminates the need for pre-loading the master key onto the vehicle's TPDs. Chinese remainder theorem can dynamically assist the trusted authorities (TAs) whilst generating and broadcasting new group keys to the vehicles in the network. The proposed scheme solves the leakage problem during side channel attacks, and ensures higher level of security for the entire system. In addition, the proposed scheme avoids using the bilinear pairing operation and map-to-point hash operation during the authentication process, which helps achieving faster verification even under increasing number of signature. Moreover, the security analysis shows that our proposed scheme is secure under the random oracle model and the performance analysis shows that our proposed scheme is efficient in reducing computation and communication overheads.

Adaptive Payload Distribution in Multiple Images Steganography Based on Image Texture Features

Abstract: With the coming era of cloud technology, cloud storage is an emerging technology to store massive digital images, which provides steganography a new fashion to embed secret information into massive images Specifically, a resourceful steganographer could embed a set of secret information into multiple images adaptively, and share these images in cloud storage with the receiver, instead of traditional single image steganography Nevertheless, it is still an open issue how to allocate embedding payload among a sequence of images for security performance enhancement This paper formulates adaptive payload distribution in multiple images steganography based on image texture features and provides the theoretical security analysis from the steganalyst's point of view Two payload distribution strategies based on image texture complexity and distortion distribution are designed and discussed respectively The proposed strategies can be employed together with these state-of-the-art single image steganographic algorithms The comparisons of the security performance against the modern universal pooled steganalysis are given Furthermore, this paper compares the per image detectability of these multiple images steganographic schemes against the modern single image steganalyzer Extensive experimental results show that the proposed payload distribution strategies could obtain better security performance

Searchable Symmetric Encryption with Forward Search Privacy

Abstract: Searchable symmetric encryption (SSE) has been widely applied in the encrypted database for queries in practice. Although SSE is powerful and feature-rich, it is always plagued by information leaks. Some recent attacks point out that forward privacy which disallows leakage from update operations, now becomes a basic requirement for any newly designed SSE schemes. However, the subsequent search operations can still leak a significant amount of information. To further strengthen security, we extend the definition of forward privacy and propose the notion of “forward search privacy”. Intuitively, it requires search operations over newly added documents do not leak any information about past queries. The enhanced security notion poses new challenges to the design of SSE. We address the challenges by developing the hidden pointer technique (HPT) and propose a new SSE scheme called Khons , which satisfies our security notion (with the original forward privacy notion) and is also efficient. We implemented Khons and our experiment results on large dataset (wikipedia) show that it is more efficient than existing SSE schemes with forward privacy.

Revocable Identity-Based Broadcast Proxy Re-Encryption for Data Sharing in Clouds

Abstract: Cloud computing has become prevalent due to its nature of massive storage and vast computing capabilities. Ensuring a secure data sharing is critical to cloud applications. Recently, a number of identity-based broadcast proxy re-encryption (IB-BPRE) schemes have been proposed to resolve the problem. However, the IB-BPRE requires a cloud user (Alice) who wants to share data with a bunch of other users (e.g., colleagues) to participate the group shared key renewal process because Alice's private key is a prerequisite for shared key generation. This, however, does not leverage the benefit of cloud computing and causes the inconvenience for cloud users. Therefore, a novel security notion named revocable identity-based broadcast proxy re-encryption (RIB-BPRE) is presented to address the issue of key revocation in this work. In a RIB-BPRE scheme, a proxy can revoke a set of delegates, designated by the delegator, from the re-encryption key. The performance evaluation reveals that the proposed scheme is efficient and practical.

Privacy-Preserving Attribute-Based Keyword Search in Shared Multi-owner Setting

Abstract: Ciphertext-Policy Attribute-Based Keyword Search (CP-ABKS) facilitates search queries and supports fine-grained access control over encrypted data in the cloud. However, prior CP-ABKS schemes were designed to support unshared multi-owner setting, and cannot be directly applied in the shared multi-owner setting (where each record is accredited by a fixed number of data owners), without incurring high computational and storage costs. In addition, due to privacy concerns on access policies, most existing schemes are vulnerable to off-line keyword-guessing attacks if the keyword space is of polynomial size. Furthermore, it is difficult to identify malicious users who leak the secret keys when more than one data user has the same subset of attributes. In this paper, we present a privacy-preserving CP-ABKS system with hidden access policy in Shared Multi-owner setting (basic ABKS-SM system), and demonstrate how it is improved to support malicious user tracing (modified ABKS-SM system). We then prove that the proposed ABKS-SM systems achieve selective security and resist off-line keyword-guessing attack in the generic bilinear group model. We also evaluate their performance using real-world datasets.

Distributed Attack Detection in a Water Treatment Plant: Method and Case Study

Abstract: The rise in attempted and successful attacks on critical infrastructure, such as power grid and water treatment plants, has led to an urgent need for the creation and adoption of methods for detecting such attacks often launched either by insiders or state actors. This paper focuses on one such method that aims at the detection of attacks that compromise one or more actuators and sensors in a plant either through successful intrusion in the plant's communication network or directly through the plant computers. The method, labelled as Distributed Attack Detection (DAD), detects attacks in real-time by identifying anomalies in the behavior of the physical process in the plant. Anomalies are identified by using monitors that are implementations of invariants derived from the plant design. Each invariant must hold either throughout the plant operation, or when the plant is in a given state. The effectiveness of DAD was assessed experimentally on an operational water treatment plant named SWaT that is a near-replica of commercially available large treatment plants. The method used in DAD was found to be effective in detecting stealthy and coordinated attacks.

$\mu$ μ VulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection

Abstract: Fine-grained software vulnerability detection is an important and challenging problem. Ideally, a detection system (or detector) not only should be able to detect whether or not a program contains vulnerabilities, but also should be able to pinpoint the type of a vulnerability in question. Existing vulnerability detection methods based on deep learning can detect the presence of vulnerabilities (i.e., addressing the binary classification or detection problem), but cannot pinpoint types of vulnerabilities (i.e., incapable of addressing multiclass classification). In this paper, we propose the first deep learning-based system for multiclass vulnerability detection, dubbed $\mu$ μ VulDeePecker. The key insight underlying $\mu$ μ VulDeePecker is the concept of code attention , which can capture information that can help pinpoint types of vulnerabilities, even when the samples are small. For this purpose, we create a dataset from scratch and use it to evaluate the effectiveness of $\mu$ μ VulDeePecker. Experimental results show that $\mu$ μ VulDeePecker is effective for multiclass vulnerability detection and that accommodating control-dependence (other than data-dependence) can lead to higher detection capabilities.

Efficient and Secure Decision Tree Classification for Cloud-Assisted Online Diagnosis Services

Abstract: Decision tree classification has become a prevailing technique for online diagnosis services. By outsourcing computation intensive tasks to a cloud server, cloud-assisted online diagnosis services are better ways for cases that the storage and computation requirements exceed the capability of medical institutions. With privacy concerns as well as intellectual property protection issues, the valuable diagnosis classifier and the sensitive user data should be protected against the cloud server. In this paper, we identify a work-flow for cloud-assisted online diagnosis services. We propose an efficient and secure decision tree classification scheme in the proposed work-flow. Specifically, the medical institution transforms a locally pre-trained decision tree classifier to a decision table, and later uses searchable symmetric encryption to encrypt the decision table. Then, the encrypted table is outsourced to the cloud server, and a user can submit encrypted physiological features to the cloud server and obtain an encrypted diagnosis prediction back. We provide formal security proofs to demonstrate that our scheme protects the confidentiality of the decision tree classifier and the user’s data. The performance analysis shows that our scheme achieves faster-than-linear classification speed. Experimental evaluations show that our scheme requires several micro-seconds to process a diagnosis request in the tested datasets.

A Lightweight Privacy-Preserving CNN Feature Extraction Framework for Mobile Sensing

Abstract: The proliferation of various mobile devices equipped with cameras results in an exponential growth of the amount of images. Recent advances in the deep learning with convolutional neural networks (CNN) have made CNN feature extraction become an effective way to process these images. However, it is still a challenging task to deploy the CNN model on the mobile sensors, which are typically resource-constrained in terms of the storage space, the computing capacity, and the battery life. Although cloud computing has become a popular solution, data security and response latency are always the key issues. Therefore, in this paper, we propose a novel lightweight framework for privacy-preserving CNN feature extraction for mobile sensing based on edge computing. To get the most out of the benefits of CNN with limited physical resources on the mobile sensors, we design a series of secure interaction protocols and utilize two edge servers to collaboratively perform the CNN feature extraction. The proposed scheme allows us to significantly reduce the latency and the overhead of the end devices while preserving privacy. Through theoretical analysis and empirical experiments, we demonstrate the security, effectiveness, and efficiency of our scheme.

Robust and Universal Seamless Handover Authentication in 5G HetNets

Abstract: The evolving fifth generation (5G) cellular networks will be a collection of heterogeneous and backward-compatible networks. With the increased heterogeneity and densification of 5G heterogeneous networks (HetNets), it is important to ensure security and efficiency of frequent handovers in 5G wireless roaming environments. However, existing handover authentication mechanisms still have challenging issues, such as anonymity, robust traceability and universality. In this paper, we address these issues by introducing RUSH, a Robust and Universal Seamless Handover authentication protocol for 5G HetNets. In RUSH, anonymous mutual authentication with key agreement is enabled for handovers by exploiting the trapdoor collision property of chameleon hash functions and the tamper-resistance of blockchains. RUSH achieves universal handover authentication for all the diverse mobility scenarios, as exemplified by the handover between 5G new radio and non-3GPP access regardless of the trustworthiness of non-3GPP access and the consistency of the core network. RUSH also achieves perfect forward secrecy, master key forward secrecy, known randomness secrecy, key escrow freeness and robust traceability. Our formal security proofs based on the BAN-logic and formal verification based on AVISPA indicate that RUSH resists various attacks. Comprehensive performance evaluation and comparisons show that RUSH outperforms other schemes in both computation and communication efficiencies.

Deep Learning and Visualization for Identifying Malware Families

Abstract: The growing threat of malware is becoming more and more difficult to ignore. In this paper, a malware feature images generation method is used to combine the static analysis of malicious code with the methods of recurrent neural networks (RNN) and convolutional neural networks (CNN). By using an RNN, our method considers not only the original information of malware but also the ability to associate the original code with timing characteristics; furthermore, the process reduces the dependence on category labels of malware. Then, we use minhash to generate feature images from the fusion of the original codes and the predictive codes from the RNN. Finally, we train a CNN to classify feature images. When we trained very few samples (the proportion of the sample size of training dataset to validation dataset was 1:30), we obtained accuracy over 92 percent. When we adjust the proportion to 3:1, the accuracy exceeds 99.5 percent. As shown in confusion matrices, our method obtains a good result, where the worst false positive rate of all the malware families is 0.0147 and the average false positive rate is 0.0058.

Secure Keyword Search and Data Sharing Mechanism for Cloud Computing

Abstract: The emergence of cloud infrastructure has significantly reduced the costs of hardware and software resources in computing infrastructure. To ensure security, the data is usually encrypted before it's outsourced to the cloud. Unlike searching and sharing the plain data, it is challenging to search and share the data after encryption. Nevertheless, it is a critical task for the cloud service provider as the users expect the cloud to conduct a quick search and return the result without losing data confidentiality. To overcome these problems, we propose a ciphertext-policy attribute-based mechanism with keyword search and data sharing (CPAB-KSDS) for encrypted cloud data. The proposed solution not only supports attribute-based keyword search but also enables attribute-based data sharing at the same time, which is in contrast to the existing solutions that only support either one of two features. Additionally, the keyword in our scheme can be updated during the sharing phase without interacting with the PKG. In this article, we describe the notion of CPAB-KSDS as well as its security model. Besides, we propose a concrete scheme and prove that it is against chosen ciphertext attack and chosen keyword attack secure in the random oracle model. Finally, the proposed construction is demonstrated practical and efficient in the performance and property comparison.

FS-PEKS: Lattice-Based Forward Secure Public-Key Encryption with Keyword Search for Cloud-Assisted Industrial Internet of Things

Abstract: Cloud-assisted Industrial Internet of Things (IIoT) relies on cloud computing to provide massive data storage services. To ensure the confidentiality, sensitive industrial data need to be encrypted before being outsourced to cloud storage server. Public-key encryption with keyword search (PEKS) enables users to search target encrypted data by keywords. However, most existing PEKS schemes are based on conventional hardness assumptions, which are vulnerable to adversaries equipped with quantum computers in the near future. Moreover, they suffer from key exposure, and thus the security would be broken once the keys are compromised. In this paper, we propose a forward secure PEKS scheme (FS-PEKS) based on lattice assumptions for cloud-assisted IIoT, which is post-quantum secure. We integrate a lattice-based delegation mechanism into FS-PEKS to achieve forward security, such that the security of the system is still guaranteed even the keys are compromised by the adversaries. We define the first formal security model on forward security of PEKS, and prove the security of FS-PEKS under the model. As the keywords of industrial data are with inherently low entropy, we further extend FS-PEKS to resist insider keyword guessing attacks (IKGA). The comprehensive performance evaluation demonstrates that FS-PEKS is practical for cloud-assisted IIoT.

Locally Differentially Private Heavy Hitter Identification

Abstract: The notion of Local Differential Privacy (LDP) enables users to answer sensitive questions while preserving their privacy. The basic LDP frequency oracle protocol enables the aggregator to estimate the frequency of any value. But when the domain of input values is large, finding the most frequent values, also known as the heavy hitters, by estimating the frequencies of all possible values, is computationally infeasible. In this paper, we propose an LDP protocol for identifying heavy hitters. In our proposed protocol, which we call Prefix Extending Method (PEM), users are divided into groups, with each group reporting a prefix of her value. We analyze how to choose optimal parameters for the protocol and identify two design principles for designing LDP protocols with high utility. Experiments show that under the same privacy guarantee and computational cost, PEM has better utility on both synthetic and real-world datasets than existing solutions.

Towards Achieving Keyword Search over Dynamic Encrypted Cloud Data with Symmetric-Key Based Verification

Abstract: Verifiable Searchable Symmetric Encryption, as an important cloud security technique, allows users to retrieve the encrypted data from the cloud through keywords and verify the validity of the returned results. Dynamic update for cloud data is one of the most common and fundamental requirements for data owners in such schemes. To the best of our knowledge, the existing verifiable SSE schemes supporting data dynamic update are all based on asymmetric-key cryptography verification, which involves time-consuming operations. The overhead of verification may become a significant burden due to the sheer amount of cloud data. Therefore, how to achieve keyword search over dynamic encrypted cloud data with efficient verification is a critical unsolved problem. To address this problem, we explore achieving keyword search over dynamic encrypted cloud data with symmetric-key based verification and propose a practical scheme in this paper. In order to support the efficient verification of dynamic data, we design a novel Accumulative Authentication Tag ( AAT ) based on the symmetric-key cryptography to generate an authentication tag for each keyword. Benefiting from the accumulation property of our designed AAT , the authentication tag can be conveniently updated when dynamic operations on cloud data occur. In order to achieve efficient data update, we design a new secure index composed by a search table ST based on the orthogonal list and a verification list VL containing AATs. Owing to the connectivity and the flexibility of ST, the update efficiency can be significantly improved. The security analysis and the performance evaluation results show that the proposed scheme is secure and efficient.

Traceable Monero: Anonymous Cryptocurrency with Enhanced Accountability

Abstract: Monero provides a high level of anonymity for both users and their transactions. However, many criminal activities might be committed with the protection of anonymity in cryptocurrency transactions. Thus, user accountability (or traceability) is also important in Monero transactions, which is unfortunately lacking in the current literature. In this paper, we fill this gap by introducing a new cryptocurrency named Traceable Monero to balance the user anonymity and accountability. Our framework relies on a tracing authority, but is optimistic, in that it is only involved when investigations in certain transactions are required. We formalize the system model and security model of Traceable Monero. We present a detailed construction of Traceable Monero by overlaying Monero with two types of tracing mechanisms, tracing the one-time addresses with money flows and tracing the long-term addresses. We prove the security of Traceable Monero and implement a prototype of the system, which demonstrates that Traceable Monero incurs merely a very small overhead in generating and verifying a transaction compared to Monero transactions.

RS-HABE: Revocable-Storage and Hierarchical Attribute-Based Access Scheme for Secure Sharing of e-Health Records in Public Cloud

Abstract: Personal e-health records (EHR) enable medical workers (e.g., doctors and nurses) to conveniently and quickly access each patient’s medical history through the public cloud, which greatly facilitates patients’ visits and makes telemedicine possible. Additionally, since EHR involve patients’ personal privacy information, EHR holders would hesitate to directly outsource their data to cloud servers. A natural and favorite manner of conquering this issue is to encrypt these outsourced EHR such that only authorized medical workers can access them. Specifically, the ciphertext-policy attribute-based encryption (CP-ABE) supports fine-grained access over encrypted data and is considered to be a perfect solution of securely sharing EHR in the public cloud. In this paper, to strengthen the system security and meet the requirement of specific applications, we add functionalities of user revocation, secret key delegation and ciphertext update to the original ABE, and propose a revocable-storage hierarchical attribute-based encryption (RS-HABE) scheme, as the core building of establishing a framework for secure sharing of EHR in public cloud. The proposed RS-HABE scheme features of forward security (a revoked user can no longer access previously encrypted data) and backward security (a revoked user also cannot access subsequently encrypted data) simultaneously, and is proved to be selectively secure under a complexity assumption in bilinear groups, without random oracles. The theoretical analysis indicates that the proposed scheme surpasses existing similar works in terms of functionality and security, at the acceptable cost of computation overhead. Moreover, we implement the proposed scheme and present experiments to demonstrate its practicability.

Invisible Backdoor Attacks on Deep Neural Networks Via Steganography and Regularization

Abstract: Deep neural networks (DNNs) have been proven vulnerable to backdoor attacks, where hidden features (patterns) trained to a normal model, which is only activated by some specific input (called triggers), trick the model into producing unexpected behavior. In this article, we create covert and scattered triggers for backdoor attacks, invisible backdoors , where triggers can fool both DNN models and human inspection. We apply our invisible backdoors through two state-of-the-art methods of embedding triggers for backdoor attacks. The first approach on Badnets embeds the trigger into DNNs through steganography. The second approach of a trojan attack uses two types of additional regularization terms to generate the triggers with irregular shape and size. We use the Attack Success Rate and Functionality to measure the performance of our attacks. We introduce two novel definitions of invisibility for human perception; one is conceptualized by the Perceptual Adversarial Similarity Score (PASS) and the other is Learned Perceptual Image Patch Similarity (LPIPS). We show that the proposed invisible backdoors can be fairly effective across various DNN models as well as four datasets MNIST, CIFAR-10, CIFAR-100, and GTSRB, by measuring their attack success rates for the adversary, functionality for the normal users, and invisibility scores for the administrators. We finally argue that the proposed invisible backdoor attacks can effectively thwart the state-of-the-art trojan backdoor detection approaches.

A Game-Theoretical Approach for MitigatingEdge DDoS Attack

Abstract: Edge computing (EC) is an emerging paradigm that extends cloud computing by pushing computing resources onto edge servers that are attached to base stations or access points at the edge of the cloud in close proximity with end-users Due to edge servers' geographic distribution, the EC paradigm is challenged by many new security threats, including the notorious distributed Denial-of-Service (DDoS) attack In the EC environment, edge servers usually have constrained processing capacities due to their limited sizes Thus, they are particularly vulnerable to DDoS attacks DDoS attacks in the EC environment render existing DDoS mitigation approaches obsolete with its new characteristics In this paper, we make the first attempt to tackle the edge DDoS mitigation (EDM) problem We model it as a constraint optimization problem and prove its NP-hardness To solve this problem, we propose an optimal approach named EDMOpti and a novel game-theoretical approach named EDMGame for mitigating edge DDoS attacks EDMGame formulates the EDM problem as a potential EDM Game that admits a Nash equilibrium and employs a decentralized algorithm to find the Nash equilibrium as the solution Through theoretical analysis and experimental evaluation, we demonstrate that our approaches can solve the EDM problem effectively and efficiently

Revocable Attribute-Based Encryption with Data Integrity in Clouds

Abstract: Cloud computing enables enterprises and individu-1 als to outsource and share their data. This way, cloud computing 2 eliminates the heavy workload of local information infrastruc-3 ture. Attribute-based encryption has become a promising solution 4 for encrypted data access control in clouds due to the ability 5 to achieve one-to-many encrypted data sharing. Revocation is a 6 critical requirement for encrypted data access control systems. 7 After outsourcing the encrypted attribute-based ciphertext to the 8 cloud, the data owner may want to revoke some recipients that 9 were authorized previously, which means that the outsourced 10 attribute-based ciphertext needs to be updated to a new one 11 that is under the revoked policy. The integrity issue arises when 12 the revocation is executed. When a new ciphertext with the 13 revoked access policy is generated by the cloud server, the data 14 recipient cannot be sure that the newly generated ciphertext 15 guarantees to be decrypted to the same plaintext as the originally 16 encrypted data, since the cloud server is provided by a third 17 party, which is not fully trusted. In this paper, we consider 18 a new security requirement for the revocable attribute-based 19 encryption schemes: integrity. We introduce a formal definition 20 and security model for the revocable attribute-based encryption 21 with data integrity protection (RABE-DI). Then, we propose 22 a concrete RABE-DI scheme and prove its confidentiality and 23 integrity under the defined security model. Finally, we present 24 an implementation result and provide performance evaluation 25 which shows that our scheme is efficient and practical. 26

Efficient Cyber Attacks Detection in Industrial Control Systems Using Lightweight Neural Networks and PCA

Abstract: Industrial control systems (ICSs) are widely used and vital to industry and society. Their failure can have severe impact on both the economy and human life. Hence, these systems have become an attractive target for physical and cyber attacks alike. In this paper, we examine an attack detection method based on simple and lightweight neural networks, namely, 1D convolutional neural networks and autoencoders. We apply these networks to both the time and frequency domains of the data and discuss the pros and cons of each representation approach. The suggested method is evaluated on three popular public datasets, and detection rates matching or exceeding previously published detection results are achieved, while demonstrating a small footprint, short training and detection times, and generality. We also show the effectiveness of PCA, which, given proper data preprocessing and feature selection, can provide high attack detection rates in many settings. Finally, we study the proposed method's robustness against adversarial attacks that exploit inherent blind spots of neural networks to evade detection while achieving their intended physical effect. Our results show that the proposed method is robust to such evasion attacks: in order to evade detection, the attacker is forced to sacrifice the desired physical impact on the system.

An Efficient NIZK Scheme for Privacy-Preserving Transactions Over Account-Model Blockchain

Abstract: We introduce the abstract framework of decentralized smart contracts system with balance and transaction amount hiding property over account-model blockchain. To build a concrete system with such properties, we utilize a homomorphic public-key encryption scheme and construct a highly efficient non-interactive zero knowledge (NIZK) argument based upon the encryption scheme to ensure the validity of the transactions. Our NIZK scheme is perfect zero knowledge in the common reference string model, while its soundness holds in the random oracle model. Compared to previous similar constructions, our proposed NIZK argument dramatically improves the time efficiency in generating a proof, at the cost of relatively longer proof size.

Reliable and Privacy-Preserving Truth Discovery for Mobile Crowdsensing Systems

Abstract: Truth discovery has received considerable attention in mobile crowdsensing systems. In real practice, it is vital to resolve conflicts among a large amount of sensory data and estimate the truthful information. Although truth discovery has been widely explored to improve aggregation accuracy, numerous security and privacy issues still need to be addressed. Existing schemes either do not guarantee the privacy of each participating user, or fail to consider practical needs in crowdsensing systems. In this paper, we present two reliable and privacy-preserving truth discovery schemes for different scenarios. Our first design is fit for applications where users are relatively stable. By employing the homomorphic Paillier encryption, one-way hash chain, and super-increasing sequence techniques, this approach not only guarantees strong privacy, but also is highly efficient and practical. Our second design suits applications where users are frequently moving. In such an application, we explore data perturbation and homomorphic Paillier encryption to shift all user workloads to the server side, without compromising users’ privacy. Through detailed security analysis, we demonstrate that both schemes are secure, practical, and privacy-preserving. Moreover, extensive experiments based on real world and simulated mobile crowdsensing systems, we demonstrate the efficiency of our proposed schemes.

Software Vulnerability Discovery via Learning Multi-Domain Knowledge Bases

Abstract: Machine learning (ML) has great potential in automated code vulnerability discovery. However, automated discovery application driven by off-the-shelf machine learning tools often performs poorly due to the shortage of high-quality training data. The scarceness of vulnerability data is almost always a problem for any developing software project during its early stages, which is referred to as the cold-start problem. This article proposes a framework that utilizes transferable knowledge from pre-existing data sources. In order to improve the detection performance, multiple vulnerability-relevant data sources were selected to form a broader base for learning transferable knowledge. The selected vulnerability-relevant data sources are cross-domain, including historical vulnerability data from different software projects and data from the Software Assurance Reference Database (SARD) consisting of synthetic vulnerability examples and proof-of-concept test cases. To extract the information applicable in vulnerability detection from the cross-domain data sets, we designed a deep-learning-based framework with Long-short Term Memory (LSTM) cells. Our framework combines the heterogeneous data sources to learn unified representations of the patterns of the vulnerable source codes. Empirical studies showed that the unified representations generated by the proposed deep learning networks are feasible and effective, and are transferable for real-world vulnerability detection. Our experiments demonstrated that by leveraging two heterogeneous data sources, the performance of our vulnerability detection outperformed the static vulnerability discovery tool Flawfinder . The findings of this article may stimulate further research in ML-based vulnerability detection using heterogeneous data sources.

The Feasibility of Injecting Inaudible Voice Commands to Voice Assistants

Abstract: Voice assistants (VAs) such as Siri and Google Now have become an increasingly popular human-machine interaction method and have made various systems voice controllable. Prior work on attacking voice assistants shows that the hidden voice commands that are incomprehensible to people can control the VAs. Hidden voice commands, though ‘hidden’, are nonetheless audible. In this work, we design a completely inaudible attack, DolphinAttack , that modulates voice commands on ultrasonic carriers to achieve inaudibility. By leveraging the nonlinearity of the microphone circuits, the modulated low-frequency audio commands can be successfully demodulated, recovered, and more importantly interpreted by the voice assistants. We validate DolphinAttack on popular voice assistants, including Siri, Google Now, S Voice, HiVoice, Cortana, Alexa, etc. By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to turn on the airplane mode, and even manipulating the navigation system in an Audi automobile. We propose hardware and software defense solutions. We validate that it is feasible to detect DolphinAttack by classifying the audios using supported vector machine (SVM), and suggest to re-design voice assistants to be resilient to inaudible voice command attacks.

Shielding Collaborative Learning: Mitigating Poisoning Attacks Through Client-Side Detection

Abstract: Collaborative learning allows multiple clients to train a joint model without sharing their data with each other. Each client performs training locally and then submits the model updates to a central server for aggregation. Since the server has no visibility into the process of generating the updates, collaborative learning is vulnerable to poisoning attacks where a malicious client can generate a poisoned update to introduce backdoor functionality to the joint model. The existing solutions for detecting poisoned updates, however, fail to defend against the recently proposed attacks, especially in the non-IID (independent and identically distributed) setting. In this article, we present a novel defense scheme to detect anomalous updates in both IID and non-IID settings. Our key idea is to realize client-side cross-validation, where each update is evaluated over other clients’ local data. The server will adjust the weights of the updates based on the evaluation results when performing aggregation. To adapt to the unbalanced distribution of data in the non-IID setting, a dynamic client allocation mechanism is designed to assign detection tasks to the most suitable clients. During the detection process, we also protect the client-level privacy to prevent malicious clients from knowing the participations of other clients, by integrating differential privacy with our design without degrading the detection performance. Our experimental evaluations on three real-world datasets show that our scheme is significantly robust to two representative poisoning attacks.

A Verifiable and Fair Attribute-based Proxy Re-encryption Scheme for Data Sharing in Clouds

Abstract: To manage outsourced encrypted data sharing in clouds, attribute-based proxy re-encryption (ABPRE) has become an elegant primitive. In ABPRE, a cloud server can transform an original recipient's ciphertext to a new one of a shared user's. As the transformation is computation consuming, a malicious cloud server may return an incorrect re-encrypted ciphertext to save its computation resources. Moreover, a shared user may accuse the cloud server of returning an incorrect re-encrypted ciphertext to refuse to pay the cost of using the cloud service. However, existing ABPRE schemes do not support a mechanism to achieve verifiability and fairness. In this paper, a novel verifiable and fair attribute-based proxy re-encryption (VF-ABPRE) scheme is introduced to support verifiability and fairness. The verifiability enables a shared user to verify whether the re-encrypted ciphertext returned by the server is correct and the fairness ensures a cloud server escape from malicious accusation if it has indeed conducted the re-encryption operation honestly. Additionally, we conduct a performance experiment to show the efficiency and practicality of the new VF-ABPRE scheme.