2022 Vol. 59 No. 10
2022, 59(10): 2101-2108.
DOI: 10.7544/issn1000-1239.qy20221001
2022, 59(10): 2109-2129.
DOI: 10.7544/issn1000-1239.20220665
Abstract:
In the intelligent era of the Internet of everything, artificial intelligence technology represented by deep learning is changing many aspects of industrial production and human lifestyle. At the same time, with the maturity and development of the cloud-edge computing architecture, edge computing is increasingly moving towards the center stage of the intelligent era. lightweight models are deployed on embedded and IoT devices with limited computing resources. Although the artificial intelligence technology is becoming popular, its robustness and fragility to adversarial attacks have brought great security risks to the wide application of artificial intelligence systems. In response to this problem, domestic and foreign academia as well as the industry have carried out related research on artificial intelligence security, among which the research on adversarial attack and defense for deep learning has become a current hot topic. This paper focuses on the security issues of artificial intelligence technology under the cloud-edge-terminal scenarios, summarizes the countermeasures and defense technologies for large-scale neural networks and lightweight neural networks, and conducts a systematic review of related theories and research methods. First, several mainstream adversarial attack generation methods are reviewed and summarized. Secondly, from the perspective of robust prior, the existing adversarial defense work are divided into three categories: defense based on adversarial training, defense based on regularization and defense based on model structure. In this paper, the existing research work is systematically analyzed, and the strengths and weaknesses of current research are summarized. Finally, the current challenges and potential future research directions of adversarial attack and defense against deep learning models undet the cloud-edge-terminal scenarios are discussed.
In the intelligent era of the Internet of everything, artificial intelligence technology represented by deep learning is changing many aspects of industrial production and human lifestyle. At the same time, with the maturity and development of the cloud-edge computing architecture, edge computing is increasingly moving towards the center stage of the intelligent era. lightweight models are deployed on embedded and IoT devices with limited computing resources. Although the artificial intelligence technology is becoming popular, its robustness and fragility to adversarial attacks have brought great security risks to the wide application of artificial intelligence systems. In response to this problem, domestic and foreign academia as well as the industry have carried out related research on artificial intelligence security, among which the research on adversarial attack and defense for deep learning has become a current hot topic. This paper focuses on the security issues of artificial intelligence technology under the cloud-edge-terminal scenarios, summarizes the countermeasures and defense technologies for large-scale neural networks and lightweight neural networks, and conducts a systematic review of related theories and research methods. First, several mainstream adversarial attack generation methods are reviewed and summarized. Secondly, from the perspective of robust prior, the existing adversarial defense work are divided into three categories: defense based on adversarial training, defense based on regularization and defense based on model structure. In this paper, the existing research work is systematically analyzed, and the strengths and weaknesses of current research are summarized. Finally, the current challenges and potential future research directions of adversarial attack and defense against deep learning models undet the cloud-edge-terminal scenarios are discussed.
2022, 59(10): 2130-2163.
DOI: 10.7544/issn1000-1239.20220800
Abstract:
With the gradual acceleration of the global digitalization process, data has now become an important factor of production in society. The flow of data has created infinite value for the society, but it also has huge hidden privacy risks. With the introduction of the EU General Data Protection Regulation (GDPR), personal data security has become a sensitive topic in the era of big data, and it has been paid more and more attention by researchers. Firstly, we review the development of data privacy security, introduce the EU General Data Protection Regulation (GDPR) and analyze its applications and influences. Secondly, we summarize the domestical and abroad related research literatures in recent years. We divide the GDPR compliance into three aspects: GDPR violation analysis, privacy policy analysis and GDPR model framework, and analyze the research status of these three aspects. We analyze the data technology based on GDPR, and discuss the application of GDPR in specific fields such as blockchain and Internet of Things respectively. Finally, according to the limitations of the existing research work, we summarize the main challenges and opportunities of data privacy security research based on GDPR, and put forward some inspirations for data privacy protection in China.
With the gradual acceleration of the global digitalization process, data has now become an important factor of production in society. The flow of data has created infinite value for the society, but it also has huge hidden privacy risks. With the introduction of the EU General Data Protection Regulation (GDPR), personal data security has become a sensitive topic in the era of big data, and it has been paid more and more attention by researchers. Firstly, we review the development of data privacy security, introduce the EU General Data Protection Regulation (GDPR) and analyze its applications and influences. Secondly, we summarize the domestical and abroad related research literatures in recent years. We divide the GDPR compliance into three aspects: GDPR violation analysis, privacy policy analysis and GDPR model framework, and analyze the research status of these three aspects. We analyze the data technology based on GDPR, and discuss the application of GDPR in specific fields such as blockchain and Internet of Things respectively. Finally, according to the limitations of the existing research work, we summarize the main challenges and opportunities of data privacy security research based on GDPR, and put forward some inspirations for data privacy protection in China.
2022, 59(10): 2164-2189.
DOI: 10.7544/issn1000-1239.20220507
Abstract:
In recent years, artificial intelligence algorithms represented by deep learning have been successfully used in the fields such as financial security, automatic driving, medical diagnosis. However, the emergence of adversarial attacks has brought huge security risks to the application of image classification, which is a basic visual task in the above fields. Improving the ability of deep learning model to resist adversarial attacks (i.e., the adversarial robustness) has become a feasible technique to effectively alleviate this problem. In order to evaluate the adversarial robustness of deep learning model scientifically and comprehensively, many scholars have carried out in-depth research on adversarial robustness evaluation from the perspectives of benchmark evaluation and index evaluation. This paper reviews the adversarial robustness mainly from the perspective of index evaluation. Firstly, we introduce the concepts related to adversarial examples and the reasons for their existence, and summarize the evaluation criteria that should be followed in the evaluation of adversarial robustness. Secondly, we focus on sorting out existing adversarial robustness evaluation indicators from two aspects of attacked model and test data. Then, the mainstream image classification datasets and the adversarial attack-defense integration tools are analyzed and summarized to lay a foundation for the follow-up relative research. Finally, the advantages and disadvantages of the current research and the potential future research direction are discussed. This paper aims to provide practitioners or learners in related fields with a comprehensive, systematic and objective overview of adversarial robustness evaluation index for image categorization.
In recent years, artificial intelligence algorithms represented by deep learning have been successfully used in the fields such as financial security, automatic driving, medical diagnosis. However, the emergence of adversarial attacks has brought huge security risks to the application of image classification, which is a basic visual task in the above fields. Improving the ability of deep learning model to resist adversarial attacks (i.e., the adversarial robustness) has become a feasible technique to effectively alleviate this problem. In order to evaluate the adversarial robustness of deep learning model scientifically and comprehensively, many scholars have carried out in-depth research on adversarial robustness evaluation from the perspectives of benchmark evaluation and index evaluation. This paper reviews the adversarial robustness mainly from the perspective of index evaluation. Firstly, we introduce the concepts related to adversarial examples and the reasons for their existence, and summarize the evaluation criteria that should be followed in the evaluation of adversarial robustness. Secondly, we focus on sorting out existing adversarial robustness evaluation indicators from two aspects of attacked model and test data. Then, the mainstream image classification datasets and the adversarial attack-defense integration tools are analyzed and summarized to lay a foundation for the follow-up relative research. Finally, the advantages and disadvantages of the current research and the potential future research direction are discussed. This paper aims to provide practitioners or learners in related fields with a comprehensive, systematic and objective overview of adversarial robustness evaluation index for image categorization.
2022, 59(10): 2190-2211.
DOI: 10.7544/issn1000-1239.20220510
Abstract:
In recent years, Internet of things (IoT) security incidents have occurred frequently. As an important security mechanism, IoT access control plays an important role. However, the existing Internet access control policies cannot be directly applied to the IoT scenarios because of the differences between IoT and Internet. At present, the IoT access control schemes have not paid attention to the security issues. Once the IoT access control is broken, it will cause serious consequences such as privacy data leakage and authority abuse. Thus, it is urgent to comprehensively study the security issues and solutions for access control of IoT. According to the complex architecture, the variety of devices, low storage and computing performance of IoT, the protection surface and trust relationship in IoT access control is combed, the trust chain is built and the risk transmission law in the trust chain is discussed. Around the protection surface and trust chain, we summarize the existing access control attack surface from the perception layer, network layer, and application layer, and analyze the existing security risks. In view of these security risks, we present the necessary access control security demand, including mechanism improvement, attack surface answer, multilevel authentication and authorization, and the combination with specific scenarios. Based on the requirements, the existing security solutions and targeted access control framework are summarized. Finally, we discuss the challenges faced in IoT access control and point out the future research direction that consists of an in-depth study on access control of the cloud platform of IoT, IoT cloud docking standardization, and the introduction of zero trust concept.
In recent years, Internet of things (IoT) security incidents have occurred frequently. As an important security mechanism, IoT access control plays an important role. However, the existing Internet access control policies cannot be directly applied to the IoT scenarios because of the differences between IoT and Internet. At present, the IoT access control schemes have not paid attention to the security issues. Once the IoT access control is broken, it will cause serious consequences such as privacy data leakage and authority abuse. Thus, it is urgent to comprehensively study the security issues and solutions for access control of IoT. According to the complex architecture, the variety of devices, low storage and computing performance of IoT, the protection surface and trust relationship in IoT access control is combed, the trust chain is built and the risk transmission law in the trust chain is discussed. Around the protection surface and trust chain, we summarize the existing access control attack surface from the perception layer, network layer, and application layer, and analyze the existing security risks. In view of these security risks, we present the necessary access control security demand, including mechanism improvement, attack surface answer, multilevel authentication and authorization, and the combination with specific scenarios. Based on the requirements, the existing security solutions and targeted access control framework are summarized. Finally, we discuss the challenges faced in IoT access control and point out the future research direction that consists of an in-depth study on access control of the cloud platform of IoT, IoT cloud docking standardization, and the introduction of zero trust concept.
2022, 59(10): 2212-2232.
DOI: 10.7544/issn1000-1239.20220493
Abstract:
Recently, building truth estimation mechanism and participant incentive mechanism upon blockchain-based mobile crowd sensing systems attracts more and more attention. Unlike the traditional mobile crowd sensing system that relies on a centralized platform to host the sensing tasks, due to its decentralized structure, transparent operation and immutability nature, such a system built upon the blockchain is more safe and more interactive. However, the existing researches separately focus on building truth estimation mechanism and participant incentive mechanism, which may lead to the performance limitation in practice. Therefore, in this paper, we propose a participant incentive mechanism based on truth estimation of privacy-preserving data for blockchain-based mobile crowd sensing systems. In fact, it consists of two procedures, the privacy-aware truth estimation procedure (PATD) and the privacy-friendly participant incentive procedure (PFPI), both of which are built by applying Cheon, Kim, Kim, and Song’s homomorphic encryption mechanism (CKKS). Due to the low accuracy of data collection devices, the collected data usually mixes with some noise. The collectors encrypt their noisy data. Then PATD utilizes the encrypted data submitted by the collectors to do some calculations and regards the corresponding decrypted result as the truth estimation. The privacy of submitted data can be protected since the data for truth estimation is encrypted by utilizing CKKS. It can also guarantee that the decrypted truth estimation has the high accuracy. Additionally, PFPI can attract more participants by satisfying the truthfulness and individual rationality, and also achieve a high social welfare. The privacy of participants’ bids is protected by utilizing CKKS. Finally, numerous experiments are conducted to validate the desirable properties of our proposed mechanism, where the results show that compared with the state-of-the-art approaches, it has better performance.
Recently, building truth estimation mechanism and participant incentive mechanism upon blockchain-based mobile crowd sensing systems attracts more and more attention. Unlike the traditional mobile crowd sensing system that relies on a centralized platform to host the sensing tasks, due to its decentralized structure, transparent operation and immutability nature, such a system built upon the blockchain is more safe and more interactive. However, the existing researches separately focus on building truth estimation mechanism and participant incentive mechanism, which may lead to the performance limitation in practice. Therefore, in this paper, we propose a participant incentive mechanism based on truth estimation of privacy-preserving data for blockchain-based mobile crowd sensing systems. In fact, it consists of two procedures, the privacy-aware truth estimation procedure (PATD) and the privacy-friendly participant incentive procedure (PFPI), both of which are built by applying Cheon, Kim, Kim, and Song’s homomorphic encryption mechanism (CKKS). Due to the low accuracy of data collection devices, the collected data usually mixes with some noise. The collectors encrypt their noisy data. Then PATD utilizes the encrypted data submitted by the collectors to do some calculations and regards the corresponding decrypted result as the truth estimation. The privacy of submitted data can be protected since the data for truth estimation is encrypted by utilizing CKKS. It can also guarantee that the decrypted truth estimation has the high accuracy. Additionally, PFPI can attract more participants by satisfying the truthfulness and individual rationality, and also achieve a high social welfare. The privacy of participants’ bids is protected by utilizing CKKS. Finally, numerous experiments are conducted to validate the desirable properties of our proposed mechanism, where the results show that compared with the state-of-the-art approaches, it has better performance.
2022, 59(10): 2233-2246.
DOI: 10.7544/issn1000-1239.20220482
Abstract:
Payment channel networks have received widespread attention as an important means of scaling blockchains. Among them, the main factors affecting the selection of payment channel cross-blockchain routing include path distance, node fee quotation, etc. The existing work mainly conducts in-depth research on one of the above factors. A comprehensive evaluation function of node quality is defined, including multiple factors such as node fee quotation, path distance and historical reputation. We design a routing scheme for multi-factor reverse Vickrey auction (MFRA) to achieve a comprehensive selection of the quality of candidate intermediate nodes in the process of cross-blockchain payment routing. The MFRA routing scheme establishes the equivalent bidding function of candidate nodes, which is used to convert non-price attribute factors of node quality into price attributes. In the MFRA routing scheme, we introduce the based-2 exponential mechanism to achieve differential privacy for the equivalent bid price, which ensures the quotation anti-leak of participating nodes in the auction routing process. The security analysis and performance evaluation show that the MFRA routing scheme can effectively protect the quotation privacy of transaction participating nodes while reducing the node fee overhead, and realize efficient multi-hop cross-blockchain payment.
Payment channel networks have received widespread attention as an important means of scaling blockchains. Among them, the main factors affecting the selection of payment channel cross-blockchain routing include path distance, node fee quotation, etc. The existing work mainly conducts in-depth research on one of the above factors. A comprehensive evaluation function of node quality is defined, including multiple factors such as node fee quotation, path distance and historical reputation. We design a routing scheme for multi-factor reverse Vickrey auction (MFRA) to achieve a comprehensive selection of the quality of candidate intermediate nodes in the process of cross-blockchain payment routing. The MFRA routing scheme establishes the equivalent bidding function of candidate nodes, which is used to convert non-price attribute factors of node quality into price attributes. In the MFRA routing scheme, we introduce the based-2 exponential mechanism to achieve differential privacy for the equivalent bid price, which ensures the quotation anti-leak of participating nodes in the auction routing process. The security analysis and performance evaluation show that the MFRA routing scheme can effectively protect the quotation privacy of transaction participating nodes while reducing the node fee overhead, and realize efficient multi-hop cross-blockchain payment.
2022, 59(10): 2247-2260.
DOI: 10.7544/issn1000-1239.20220529
Abstract:
Cloud storage provides data hosting services, which solves the issue of local data management and sharing restrictions. Existing audit methods used for securing the cloud data usually have a serious security flaw: if the signature key is revealed, the audit proposal that relies on the key to produce signatures would no longer guarantee the data integrity. In addition, most audit schemes assume that there is only one fixed auditor throughout the auditing process. However, due to being compromised, bribed, or lacking resources, the auditor may not be able to perform audit agency services anymore. Therefore, we propose a cloud secure auditing scheme supporting key update and auditor replacement, named AKUAR. In the model, AKUAR utilizes bilinear pairs and proxy re-signature idea to develop an efficient key and tag update mechanism, wherein the cloud server undertakes the computationally intensive tag update operations and only a little amount of cost is incurred in the local side. In addition, when the fog node acting as the auditor terminates the audit, the new fog node can carry on the integrity audit in its place, realizing the sustainability of the audit service and preventing disclosure of the new signature key to the old fog node. Finally, security analysis demonstrates that AKUAR is provably secure, and performance evaluations also confirm that AKUAR only introduces a modest amount of acceptable computational and communication costs during the tag generation and key update phases.
Cloud storage provides data hosting services, which solves the issue of local data management and sharing restrictions. Existing audit methods used for securing the cloud data usually have a serious security flaw: if the signature key is revealed, the audit proposal that relies on the key to produce signatures would no longer guarantee the data integrity. In addition, most audit schemes assume that there is only one fixed auditor throughout the auditing process. However, due to being compromised, bribed, or lacking resources, the auditor may not be able to perform audit agency services anymore. Therefore, we propose a cloud secure auditing scheme supporting key update and auditor replacement, named AKUAR. In the model, AKUAR utilizes bilinear pairs and proxy re-signature idea to develop an efficient key and tag update mechanism, wherein the cloud server undertakes the computationally intensive tag update operations and only a little amount of cost is incurred in the local side. In addition, when the fog node acting as the auditor terminates the audit, the new fog node can carry on the integrity audit in its place, realizing the sustainability of the audit service and preventing disclosure of the new signature key to the old fog node. Finally, security analysis demonstrates that AKUAR is provably secure, and performance evaluations also confirm that AKUAR only introduces a modest amount of acceptable computational and communication costs during the tag generation and key update phases.
2022, 59(10): 2261-2274.
DOI: 10.7544/issn1000-1239.20220504
Abstract:
In recent years, local differential privacy has received much attention because of its advantages of not requiring trusted third parties, less interaction, and high efficiency. However, the existing frequency estimation mechanism under local differential privacy for set-valued data fails to take into account the privacy sensitivity differences of inputs, and treats all data equally, which will over-protect the non-sensitive data and lead to low accuracy of estimation results. To address this problem, the set-valued data utility-optimized local differential privacy (SULDP) model is defined. SULDP considers the case that the original data domain contains both sensitive and non-sensitive values, and allows for a reduction in the protection of non-sensitive values without weakening the protection of sensitive values. Further, five frequency estimation mechanisms suGRR, suGRR-Sample, suRAP, suRAP-Sample and suWheel are proposed under the SULDP model. Theoretical analysis confirms that the proposed schemes can achieve exactly the same protection on sensitive data compared with local differential privacy mechanisms, and improve the accuracy by loosening the protection of non-sensitive data. Finally, the new schemes are evaluated on real and simulated datasets, and the experimental results demonstrate that the proposed five mechanisms can effectively reduce the estimation error and improve the data utility, among which suWheel mechanism achieves best performance.
In recent years, local differential privacy has received much attention because of its advantages of not requiring trusted third parties, less interaction, and high efficiency. However, the existing frequency estimation mechanism under local differential privacy for set-valued data fails to take into account the privacy sensitivity differences of inputs, and treats all data equally, which will over-protect the non-sensitive data and lead to low accuracy of estimation results. To address this problem, the set-valued data utility-optimized local differential privacy (SULDP) model is defined. SULDP considers the case that the original data domain contains both sensitive and non-sensitive values, and allows for a reduction in the protection of non-sensitive values without weakening the protection of sensitive values. Further, five frequency estimation mechanisms suGRR, suGRR-Sample, suRAP, suRAP-Sample and suWheel are proposed under the SULDP model. Theoretical analysis confirms that the proposed schemes can achieve exactly the same protection on sensitive data compared with local differential privacy mechanisms, and improve the accuracy by loosening the protection of non-sensitive data. Finally, the new schemes are evaluated on real and simulated datasets, and the experimental results demonstrate that the proposed five mechanisms can effectively reduce the estimation error and improve the data utility, among which suWheel mechanism achieves best performance.
2022, 59(10): 2275-2285.
DOI: 10.7544/issn1000-1239.20220485
Abstract:
The overall structure is an important feature of block cipher and also the primary research object. It has a great influence on the performance of hardware and software in the selection of rounds of block cipher. In the design process of the AES-like ciphers, when using a matrix with a non-optimal branch number for the MixColumns operation, the choice of the vector permutation, i.e., an alternative for ShiftRows, can actually improve the security of the primitive. uBlock-like structure is an AES-like structure. In this paper, we investigate the characteristics and diffusivity of uBlock-like structures, the lower bound of the number of full diffusion rounds and the equivalence class division criteria, and then we propose a search strategy for optimal vector permutations of uBlock-like structures. According to the optimal number of full diffusion rounds, the optimal branch number of the super diffusion layer, and the special properties of the diffusion layer of uBlock-like structure, we prove that the left and right vector permutations cannot be the identity transformation, and a series of optimal vector permutations of uBlock-like structures are given. The search strategy greatly reduces the number of permutation pairs that need to be tested and provides technical support for the design of uBlock-like algorithms.
The overall structure is an important feature of block cipher and also the primary research object. It has a great influence on the performance of hardware and software in the selection of rounds of block cipher. In the design process of the AES-like ciphers, when using a matrix with a non-optimal branch number for the MixColumns operation, the choice of the vector permutation, i.e., an alternative for ShiftRows, can actually improve the security of the primitive. uBlock-like structure is an AES-like structure. In this paper, we investigate the characteristics and diffusivity of uBlock-like structures, the lower bound of the number of full diffusion rounds and the equivalence class division criteria, and then we propose a search strategy for optimal vector permutations of uBlock-like structures. According to the optimal number of full diffusion rounds, the optimal branch number of the super diffusion layer, and the special properties of the diffusion layer of uBlock-like structure, we prove that the left and right vector permutations cannot be the identity transformation, and a series of optimal vector permutations of uBlock-like structures are given. The search strategy greatly reduces the number of permutation pairs that need to be tested and provides technical support for the design of uBlock-like algorithms.
2022, 59(10): 2286-2298.
DOI: 10.7544/issn1000-1239.20220471
Abstract:
Private set intersection (PSI) allows participants who hold private sets to securely obtain the set intersection without revealing information about any elements other than the intersection. Most of the existing two-party/multi-party PSI protocols are based on the oblivious transfer (OT) protocol, which not only has high efficiency, but also brings huge cost of communication. However, expanding network bandwidth is very expensive or even infeasible in many scenarios, and there are few computationally efficient multi-party PSI protocols that do not rely on OT protocols. In this paper, three-party private set intersection computing protocols are constructed based on one round key agreement. The protocols are proved secure assuming the collusion attack of any two parties in the semi-honest model and malicious model, respectively. Through experimental simulation, in the large set scenario, compared with the existing OT-based multi-party PSI protocol, the three-party private set intersection computation protocols have the optimal number of communication rounds, and the amounts of communication is reduced by 89%~98%. In small set scenarios (500 items or less), compared with similar PSI protocols for weak communication networks, the protocols in our paper have optimal runtime and communication load, especially, and they get 10~25 times faster than PSI protocol relying on homomorphic encryption.
Private set intersection (PSI) allows participants who hold private sets to securely obtain the set intersection without revealing information about any elements other than the intersection. Most of the existing two-party/multi-party PSI protocols are based on the oblivious transfer (OT) protocol, which not only has high efficiency, but also brings huge cost of communication. However, expanding network bandwidth is very expensive or even infeasible in many scenarios, and there are few computationally efficient multi-party PSI protocols that do not rely on OT protocols. In this paper, three-party private set intersection computing protocols are constructed based on one round key agreement. The protocols are proved secure assuming the collusion attack of any two parties in the semi-honest model and malicious model, respectively. Through experimental simulation, in the large set scenario, compared with the existing OT-based multi-party PSI protocol, the three-party private set intersection computation protocols have the optimal number of communication rounds, and the amounts of communication is reduced by 89%~98%. In small set scenarios (500 items or less), compared with similar PSI protocols for weak communication networks, the protocols in our paper have optimal runtime and communication load, especially, and they get 10~25 times faster than PSI protocol relying on homomorphic encryption.
2022, 59(10): 2299-2308.
DOI: 10.7544/issn1000-1239.20220486
Abstract:
The automatic search method based on MILP (mixed integer linear programming) has been widely used to search the differential characteristic of cryptographic algorithms, and has formed a complete framework. The basic principle of the framework is to use linear inequalities to describe the operations of cryptographic algorithms. The framework is easy to search the differential characteristics of the ciphers based on the S-box with the state of 4-bit. However, for the ciphers based on S-box with the state of 8-bit, the search model based on this framework has a large amount of computation, so that it can hardly find differential characteristics. SM4 algorithm was issued by the Chinese government in 2006. It was the national cryptographic industry standard in 2012 and was the national standard in 2016. SM4 is an iterative block cipher. The block size is 128-bit, and each round contains four 8-bit S-boxes. In order to efficiently search the differential characteristics of SM4, we propose an improved method to search difference characteristic based on MILP. For 19-round SM4, we not only obtain a differential characteristic with probability 2\+\{-124\}, but also get a differential characteristic with probability 2\+\{-124\}, which is the best differential characteristic using the automatic search method based on MILP.
The automatic search method based on MILP (mixed integer linear programming) has been widely used to search the differential characteristic of cryptographic algorithms, and has formed a complete framework. The basic principle of the framework is to use linear inequalities to describe the operations of cryptographic algorithms. The framework is easy to search the differential characteristics of the ciphers based on the S-box with the state of 4-bit. However, for the ciphers based on S-box with the state of 8-bit, the search model based on this framework has a large amount of computation, so that it can hardly find differential characteristics. SM4 algorithm was issued by the Chinese government in 2006. It was the national cryptographic industry standard in 2012 and was the national standard in 2016. SM4 is an iterative block cipher. The block size is 128-bit, and each round contains four 8-bit S-boxes. In order to efficiently search the differential characteristics of SM4, we propose an improved method to search difference characteristic based on MILP. For 19-round SM4, we not only obtain a differential characteristic with probability 2\+\{-124\}, but also get a differential characteristic with probability 2\+\{-124\}, which is the best differential characteristic using the automatic search method based on MILP.
2022, 59(10): 2309-2322.
DOI: 10.7544/issn1000-1239.20220494
Abstract:
In recent years, forward and backward security dynamic symmetric searchable encryption (DSSE) has attracted widespread attention, because it can against file injection attacks and restrict server learning information about deleted documents. However, most dynamic symmetric searchable encryption schemes that meet forward and backward security could only support single keyword search. In the NDSS 2021 conference, Patranabis et al. proposed a dynamic searchable encryption scheme that supported conjunctive keyword search and met forward and backward security. However, this scheme can not get accurate search results in some cases and can not support multi-user query, either. By improving the oblivious cross tags (OXT) protocol, a multi-user dynamic symmetric searchable encryption scheme that supports conjunctive keyword search is proposed. The scheme introduces a one-time blinding factor by using the property that the elements in the finite field have multiplicative inverse elements, and implements the function of multiple clients query combined with digital envelope technology. Scheme analysis and experiments show that the proposed scheme meets the forward security and backward security. It can not only provide accurate conjunctive keyword search function, but also support multi-user query, and the computation efficiency is only related to update times of the keyword with the lowest update times.
In recent years, forward and backward security dynamic symmetric searchable encryption (DSSE) has attracted widespread attention, because it can against file injection attacks and restrict server learning information about deleted documents. However, most dynamic symmetric searchable encryption schemes that meet forward and backward security could only support single keyword search. In the NDSS 2021 conference, Patranabis et al. proposed a dynamic searchable encryption scheme that supported conjunctive keyword search and met forward and backward security. However, this scheme can not get accurate search results in some cases and can not support multi-user query, either. By improving the oblivious cross tags (OXT) protocol, a multi-user dynamic symmetric searchable encryption scheme that supports conjunctive keyword search is proposed. The scheme introduces a one-time blinding factor by using the property that the elements in the finite field have multiplicative inverse elements, and implements the function of multiple clients query combined with digital envelope technology. Scheme analysis and experiments show that the proposed scheme meets the forward security and backward security. It can not only provide accurate conjunctive keyword search function, but also support multi-user query, and the computation efficiency is only related to update times of the keyword with the lowest update times.
2022, 59(10): 2323-2337.
DOI: 10.7544/issn1000-1239.20220498
Abstract:
The rise of distributed deep learning in the open network brings potential risks of data leakage. As one of the core information media in the construction of distributed learning systems, the training gradient is the joint product between the model and the training data of the local clients, which contains the private information of the corresponding user. Therefore, the research in recent years has witnessed the discovery of a number of new attack surfaces, where data reconstruction attacks probably pose the severest threats on user privacy: From the average gradient of a deep neural network (DNN) on a training batch only, an attacker can reconstruct every individual sample in the batch with almost no distortion. However, existing data reconstruction attacks mostly stay at a demonstrative and experimental level. Little is known on the underlying mechanism of data reconstruction attacks. Although a very recent work reveals a training batch which satisfies a certain neuron activation exclusivity condition can be reconstructed within a provable upper bound on the reconstruction error, our empirical results show the probability of a realistic batch to satisfy their proposed exclusivity condition is scarce, which may be impractical for in-the-wild attacks. To enhance the effectiveness and the coverage of the theory-oriented attack, we propose a novel neuron activation manipulation algorithm based on linear programming techniques, which automatically generates small perturbations to each sample in the target batch to satisfy the exclusivity condition. Therefore, the perturbed batch can be provably reconstructed with the theory-oriented attack, leading to privacy breach. In practice, by deploying our proposed algorithm at the local client, an honest-but-curious distributed learning server can fish deep data leakage from the average gradients submitted by the clients during the training. Extensive experiments on 5 datasets spanning face recognition and intelligent diagnosis applications show that our proposed approach increases the size of reconstructable training batches from 8 to practical training batch sizes, and accelerates the attack process by 10 times. Meanwhile, the reconstructed results have competitive quality to the results of existing data reconstruction attacks.
The rise of distributed deep learning in the open network brings potential risks of data leakage. As one of the core information media in the construction of distributed learning systems, the training gradient is the joint product between the model and the training data of the local clients, which contains the private information of the corresponding user. Therefore, the research in recent years has witnessed the discovery of a number of new attack surfaces, where data reconstruction attacks probably pose the severest threats on user privacy: From the average gradient of a deep neural network (DNN) on a training batch only, an attacker can reconstruct every individual sample in the batch with almost no distortion. However, existing data reconstruction attacks mostly stay at a demonstrative and experimental level. Little is known on the underlying mechanism of data reconstruction attacks. Although a very recent work reveals a training batch which satisfies a certain neuron activation exclusivity condition can be reconstructed within a provable upper bound on the reconstruction error, our empirical results show the probability of a realistic batch to satisfy their proposed exclusivity condition is scarce, which may be impractical for in-the-wild attacks. To enhance the effectiveness and the coverage of the theory-oriented attack, we propose a novel neuron activation manipulation algorithm based on linear programming techniques, which automatically generates small perturbations to each sample in the target batch to satisfy the exclusivity condition. Therefore, the perturbed batch can be provably reconstructed with the theory-oriented attack, leading to privacy breach. In practice, by deploying our proposed algorithm at the local client, an honest-but-curious distributed learning server can fish deep data leakage from the average gradients submitted by the clients during the training. Extensive experiments on 5 datasets spanning face recognition and intelligent diagnosis applications show that our proposed approach increases the size of reconstructable training batches from 8 to practical training batch sizes, and accelerates the attack process by 10 times. Meanwhile, the reconstructed results have competitive quality to the results of existing data reconstruction attacks.
2022, 59(10): 2338-2347.
DOI: 10.7544/issn1000-1239.20220514
Abstract:
The wide application of machine learning technology makes user data face a serious risk of privacy leakage, and the privacy-preserving distributed machine learning protocol based on secure multi-party computation technology has become a widely concerned research field. In order to obtain a more efficient protocol, Chaudhari et al. proposed the Trident quadrilateral protocol framework. On the basis of the tripartite protocol, an honest participant is introduced as a trusted third party to execute the protocol, and the Swift framework proposed by Koti et al. is to select an honest participant as a trusted third party to complete the protocol through a screening process under the background of a three-party protocol with honest majority of participants. The framework to an honest-majority quadrilateral protocol is generalized. Under such a computing framework, a trusted third party obtains sensitive data of all users, which violates the original intention of secure multi-party computation. To solve this problem, a four-party machine learning protocol based on (2,4) secret sharing is designed. By improving the honest party screening process of the Swift framework, two honest parties can be determined and a semi-honest secure two-party computing protocol which can efficiently complete computing tasks is executed. The protocol transfers 25% of the communication load from the online phase to the offline phase, which improves the efficiency of the online phase of the scheme.
The wide application of machine learning technology makes user data face a serious risk of privacy leakage, and the privacy-preserving distributed machine learning protocol based on secure multi-party computation technology has become a widely concerned research field. In order to obtain a more efficient protocol, Chaudhari et al. proposed the Trident quadrilateral protocol framework. On the basis of the tripartite protocol, an honest participant is introduced as a trusted third party to execute the protocol, and the Swift framework proposed by Koti et al. is to select an honest participant as a trusted third party to complete the protocol through a screening process under the background of a three-party protocol with honest majority of participants. The framework to an honest-majority quadrilateral protocol is generalized. Under such a computing framework, a trusted third party obtains sensitive data of all users, which violates the original intention of secure multi-party computation. To solve this problem, a four-party machine learning protocol based on (2,4) secret sharing is designed. By improving the honest party screening process of the Swift framework, two honest parties can be determined and a semi-honest secure two-party computing protocol which can efficiently complete computing tasks is executed. The protocol transfers 25% of the communication load from the online phase to the offline phase, which improves the efficiency of the online phase of the scheme.
2022, 59(10): 2348-2361.
DOI: 10.7544/issn1000-1239.20220509
Abstract:
Artificial intelligence has been widely used in network intrusion detection systems. Due to the concept drift of traffic samples, the models used for malicious traffic identification must be updated frequently to adapt to new feature distributions. The effectiveness of the updated model depends on the quality of the new training samples, so it is essential to prevent data contamination. However, contamination filtering of traffic samples still relies on expert experience, which leads to the problems such as the immense workload of sample screening, unstable model accuracy, and vulnerability to poisoning attacks during the model update. Existing works cannot achieve contamination filtering or model repair while maintaining model performance. We design a general model update method for intelligent network intrusion detection systems to solve the above problems. In this paper, we first design the EdgeGAN algorithm to make the generative adversarial network fit the model edge example distribution through fuzzing. Then a subset of contaminated examples is identified by examining the MSE values of the new training samples and the original model and checking the F\-β scores of the updated model on the old edge examples. The influence of poisoned examples is suppressed by letting the model learn malicious edge examples, and the model is guaranteed to recover quickly after poisoning. Finally, the effectiveness of the update method on contamination filtering and model restoration is verified by experimental testing on 5 typical intelligent network intrusion detection systems. Compared with the state-of-the-art methods, the new method improves the detection rate of poisoned examples by 12.50% and the restoration effect of poisoned models by 6.38%. The method is applicable to protect the update process of any common intelligent network intrusion detection systems, which can reduce the manual sample screening work, effectively reduce the cost of poison detection and model repair, and provide guarantees for model performance and robustness. The new method can also protect similar intelligent threat detection models.
Artificial intelligence has been widely used in network intrusion detection systems. Due to the concept drift of traffic samples, the models used for malicious traffic identification must be updated frequently to adapt to new feature distributions. The effectiveness of the updated model depends on the quality of the new training samples, so it is essential to prevent data contamination. However, contamination filtering of traffic samples still relies on expert experience, which leads to the problems such as the immense workload of sample screening, unstable model accuracy, and vulnerability to poisoning attacks during the model update. Existing works cannot achieve contamination filtering or model repair while maintaining model performance. We design a general model update method for intelligent network intrusion detection systems to solve the above problems. In this paper, we first design the EdgeGAN algorithm to make the generative adversarial network fit the model edge example distribution through fuzzing. Then a subset of contaminated examples is identified by examining the MSE values of the new training samples and the original model and checking the F\-β scores of the updated model on the old edge examples. The influence of poisoned examples is suppressed by letting the model learn malicious edge examples, and the model is guaranteed to recover quickly after poisoning. Finally, the effectiveness of the update method on contamination filtering and model restoration is verified by experimental testing on 5 typical intelligent network intrusion detection systems. Compared with the state-of-the-art methods, the new method improves the detection rate of poisoned examples by 12.50% and the restoration effect of poisoned models by 6.38%. The method is applicable to protect the update process of any common intelligent network intrusion detection systems, which can reduce the manual sample screening work, effectively reduce the cost of poison detection and model repair, and provide guarantees for model performance and robustness. The new method can also protect similar intelligent threat detection models.
2022, 59(10): 2362-2375.
DOI: 10.7544/issn1000-1239.20220525
Abstract:
Integrity measurement architecture (IMA) is an important component of trusted computing. However, existing IMA schemes possess a number of practical limitations when applied in embedded systems. In this paper, we propose dynamic integrity measurement architecture at kernel-level (DIMAK), an effective and efficient runtime integrity measurement architecture for embedded Linux systems. DIMAK supports just-in-time integrity measurement for code texts and static data in both kernel and user space, as well as dynamic linking information maintained by position independent executables (PIE). Exploiting the process, memory and page management mechanism of Linux kernel, DIMAK is capable of measuring the to-be-measured contents at physical-page-level, hence avoids potential time-of-check to time-of-use (TOCTTOU) vulnerability that has been discovered in existing techniques. On top of that, by proposing a predictive integrity baseline generation technique for the relocation and dynamic linking information of ELF files, the proposed architecture achieves better completeness than the state-of-the-art schemes in case of responding to threats like hooking-based control flow hijacking and dynamically loaded malware. Also, with a novel trusted software hot-fix protocol, the proposed architecture becomes the first IMA scheme capable of correctly distinguishing on-the-fly software patching behaviors from malicious code loading. Given different types of contents to be measured, DIMAK generates the corresponding integrity baselines at a variety of timings, e.g., during off-line phase, system booting, process loading or dynamic code loading, thus ensures correctness of the architecture’s integrity measurement for all possible scenarios. Experiments on real commercial embedded devices have also shown that performance overhead caused by DIMAK is sufficiently acceptable for embedded devices.
Integrity measurement architecture (IMA) is an important component of trusted computing. However, existing IMA schemes possess a number of practical limitations when applied in embedded systems. In this paper, we propose dynamic integrity measurement architecture at kernel-level (DIMAK), an effective and efficient runtime integrity measurement architecture for embedded Linux systems. DIMAK supports just-in-time integrity measurement for code texts and static data in both kernel and user space, as well as dynamic linking information maintained by position independent executables (PIE). Exploiting the process, memory and page management mechanism of Linux kernel, DIMAK is capable of measuring the to-be-measured contents at physical-page-level, hence avoids potential time-of-check to time-of-use (TOCTTOU) vulnerability that has been discovered in existing techniques. On top of that, by proposing a predictive integrity baseline generation technique for the relocation and dynamic linking information of ELF files, the proposed architecture achieves better completeness than the state-of-the-art schemes in case of responding to threats like hooking-based control flow hijacking and dynamically loaded malware. Also, with a novel trusted software hot-fix protocol, the proposed architecture becomes the first IMA scheme capable of correctly distinguishing on-the-fly software patching behaviors from malicious code loading. Given different types of contents to be measured, DIMAK generates the corresponding integrity baselines at a variety of timings, e.g., during off-line phase, system booting, process loading or dynamic code loading, thus ensures correctness of the architecture’s integrity measurement for all possible scenarios. Experiments on real commercial embedded devices have also shown that performance overhead caused by DIMAK is sufficiently acceptable for embedded devices.
