Query:
学者姓名:公备
Refining:
Year
Type
Indexed by
Source
Complex
Co-Author
Language
Clean All
Abstract :
Overprivilege Attack, a widely reported phenomenon in IoT that accesses unauthorized or excessive resources, is notoriously hard to prevent, trace and mitigate. In this paper, we propose TBAC, a Tokoin-Based Access Control model enabled by blockchain and Trusted Execution Environment (TEE) technologies, to offer fine-grained access control and strong auditability for IoT. TBAC materializes the virtual access power into a definite-amount, secure and accountable cryptographic coin, termed "tokoin" (token+coin), and manages it using atomic and accountable state-transition functions in a blockchain. A tokoin carries a fine-grained policy defined by the resource owner to specify the requirements to be satisfied before an access is granted, and the behavioral constraints that describe the correct procedure to follow during access. The strong-auditability is achieved with blockchain and a TEE-enabled trusted access control object (TACO) to ensure that all access activities are securely monitored and auditable. We prototype TBAC by implementing all its functions with well-studied cryptographic primitives over different blockchain platforms, building a TACO on top of the ARM Cortex-M33 TEE microcontroller, and constructing a user-friendly APP for regular users. A case study is finally presented to demonstrate how TBAC is employed to enable autonomous and secure in-home cargo delivery.
Keyword :
Access control Access control access procedure control access procedure control Program processors Program processors Internet of Things Internet of Things Microcontrollers Microcontrollers auditability auditability overprivilege attack overprivilege attack Fine-grained access control Fine-grained access control Blockchains Blockchains User interfaces User interfaces blockchain blockchain trusted execution environment (TEE) trusted execution environment (TEE) IoT IoT Prototypes Prototypes
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Liu, Chunchi , Xu, Minghui , Guo, Hechuan et al. TBAC: A Tokoin-Based Accountable Access Control Scheme for the Internet of Things [J]. | IEEE TRANSACTIONS ON MOBILE COMPUTING , 2024 , 23 (5) : 6133-6148 . |
| MLA | Liu, Chunchi et al. "TBAC: A Tokoin-Based Accountable Access Control Scheme for the Internet of Things" . | IEEE TRANSACTIONS ON MOBILE COMPUTING 23 . 5 (2024) : 6133-6148 . |
| APA | Liu, Chunchi , Xu, Minghui , Guo, Hechuan , Cheng, Xiuzhen , Xiao, Yinhao , Yu, Dongxiao et al. TBAC: A Tokoin-Based Accountable Access Control Scheme for the Internet of Things . | IEEE TRANSACTIONS ON MOBILE COMPUTING , 2024 , 23 (5) , 6133-6148 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
Although attribute-based signcryption (ABSC) offers a promising technology to ensure the security of IoT data sharing, it faces a two-fold challenge in practical implementation, namely, the linearly increasing computation and communication costs and the heavy load of single authority based key management. To this end, we propose a Secure and Lightweight Multi-authority ABSC scheme called SLIM in this paper. The signcryption and de-signcryption costs of devices are reduced to a small constant by offloading most of the computation to the edge server. To minimize communication and storage costs, a short and constant-size ciphertext is designed. Moreover, we adopt a hierarchical multi-authority architecture, setting up multiple attribute authorities that manage keys independently to prevent the bottleneck. Rigorous security analysis proves that the SLIM scheme can resist adaptive chosen ciphertext attacks and adaptive chosen message attacks under the standard model. Simulation experiments demonstrate the correctness of our theoretical derivations and the cost reduction of the SLIM scheme in computation, communication and storage.
Keyword :
access control access control multi-authority multi-authority outsourced computation outsourced computation Attribute-based signcryption Attribute-based signcryption constant-size ciphertext constant-size ciphertext
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Gong, Bei , Guo, Chong , Guo, Chen et al. SLIM: A Secure and Lightweight Multi-Authority Attribute-Based Signcryption Scheme for IoT [J]. | IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY , 2024 , 19 : 1299-1312 . |
| MLA | Gong, Bei et al. "SLIM: A Secure and Lightweight Multi-Authority Attribute-Based Signcryption Scheme for IoT" . | IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 19 (2024) : 1299-1312 . |
| APA | Gong, Bei , Guo, Chong , Guo, Chen , Sun, Yao , Waqas, Muhammad , Chen, Sheng . SLIM: A Secure and Lightweight Multi-Authority Attribute-Based Signcryption Scheme for IoT . | IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY , 2024 , 19 , 1299-1312 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
The Industrial Internet of Things (IIoT), through the extensive deployment of devices for sensing, transmitting, and analyzing production states, can provide users with more comprehensive services and enhance production and manufacturing efficiency. However, most IIoT devices are limited by software and hardware resources, and existing mature security mechanisms are no longer suitable due to high-computing and communication costs. This weakness makes these devices highly susceptible to illegal attacks, such as counterfeiting, leading to a decline in service quality of IIoT. Therefore, to ensure the secure and efficient verification of the legitimacy of numerous IIoT devices, scholars have employed numerous viable solutions. However, many existing solutions have difficulty achieving a balance between the limited resources and security requirements of IIoT, resulting in certain shortcomings. To address this, we first propose a lightweight certificateless signature scheme without pairing, which can achieve unforgeability and reduce computation pressure by batch verification for multiple signatures. Furthermore, we propose a lightweight certificateless mutual authentication scheme (LCLMA-BS) for the IIoT. LCLMA-BS is capable of conducting key agreement for both authentication parties and batch authentication for multiple participants. Moreover, through analysis and proof, LCLMA-BS is shown to have various security properties, such as perfect forward and backward security and known session-specific temporary information security. Finally, the simulation results indicate that our signature and LCLMA-BS exhibit higher computational efficiency and communication efficiency, demonstrating better suitability for the IIoT.
Keyword :
Production Production Servers Servers Industrial Internet of Things Industrial Internet of Things Certificateless Certificateless Cloud computing Cloud computing Authentication Authentication signature signature Security Security Industrial Internet of Things (IIoT) Industrial Internet of Things (IIoT) Mathematical models Mathematical models mutual authentication mutual authentication
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Yin, Deshuai , Gong, Bei . A Lightweight Certificateless Mutual Authentication Scheme Based on Signatures for IIoT [J]. | IEEE INTERNET OF THINGS JOURNAL , 2024 , 11 (16) : 26852-26865 . |
| MLA | Yin, Deshuai et al. "A Lightweight Certificateless Mutual Authentication Scheme Based on Signatures for IIoT" . | IEEE INTERNET OF THINGS JOURNAL 11 . 16 (2024) : 26852-26865 . |
| APA | Yin, Deshuai , Gong, Bei . A Lightweight Certificateless Mutual Authentication Scheme Based on Signatures for IIoT . | IEEE INTERNET OF THINGS JOURNAL , 2024 , 11 (16) , 26852-26865 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
Blockchain-based Industrial Internet of Things (IIoT) integrates the blockchain technology into the traditional IIoT infrastructure to provide secure and collaborative services. In IIoT, the traffic is usually encrypted using a cipher suite (SSL/TLS) for secure communication, which makes it hard for middleboxes (MBs) to detect malicious activity in the traffic. To address this problem, secure MBs that directly perform encrypted traffic inspection have been presented. Recently, a new privacy preserving deep packet inspection (DPI) system on MB for IoT scenarios was proposed, but it suffered from the following two limitations: 1) no support for fast token detection and 2) no support for tracing abnormal sources. To address the two limitations, we propose BTDPI, a privacy-preserving traceable DPI system that efficiently performs inspection over encrypted traffic in blockchain-based IIoT. Technically, we adopt a two-layer filter architecture to improve the efficiency of detection and moreover introduce a new online-offline certificateless aggregate signature with smart contract to design an identity traceability mechanism. The experiment result shows that BTDPI runs 26.7x faster for token detection with 3000 tokens and 3000 rules than the state-of-the-art work.
Keyword :
Industrial Internet of Things (IIoT) Industrial Internet of Things (IIoT) encrypted traffic inspection encrypted traffic inspection Blockchain Blockchain
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Zhang, Kai , Deng, Minjun , Gong, Bei et al. Privacy-Preserving Traceable Encrypted Traffic Inspection in Blockchain-Based Industrial IoT [J]. | IEEE INTERNET OF THINGS JOURNAL , 2024 , 11 (2) : 3484-3496 . |
| MLA | Zhang, Kai et al. "Privacy-Preserving Traceable Encrypted Traffic Inspection in Blockchain-Based Industrial IoT" . | IEEE INTERNET OF THINGS JOURNAL 11 . 2 (2024) : 3484-3496 . |
| APA | Zhang, Kai , Deng, Minjun , Gong, Bei , Miao, Yinbin , Ning, Jianting . Privacy-Preserving Traceable Encrypted Traffic Inspection in Blockchain-Based Industrial IoT . | IEEE INTERNET OF THINGS JOURNAL , 2024 , 11 (2) , 3484-3496 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
Although 5G and beyond communication technology empower a large number of edge heterogeneous devices and applications, the stringent security remains a major concern when dealing with the millions of edge computing tasks in the highly dynamic heterogeneous networks (HDHNs). Blockchains contribute significantly to addressing security challenges by guaranteeing the reliability of data and information. Since the node's mobility, there are risks of exiting the network and leaving the remaining tasks noncomputed. Therefore, we model the cost function of offloaded computing tasks as a dynamic stochastic game. To reduce the computational complexity, the Time-Variant Mean-Field term (TVMF) is adopted to solve the cost-optimized problem. What's more, we design an Adaptivity-Aware Practical byzantine fault tolerance consensus Protocol (AAPP) to dynamically formulate domains, execute leader node selection with regard to task completion and quickly verify computational results. In addition, a Dynamic Multi-domain Fractional Repetition uncoded repair storage (DMFR) scheme with variant redundancy is proposed to reduce the storage pressure and repair overhead. The simulation is implemented to demonstrate our scheme outperforms the benchmarks in terms of cost and time overhead.
Keyword :
Games Games mean-field game mean-field game Dynamic scheduling Dynamic scheduling blockchains blockchains Dynamic networks Dynamic networks fractional repetition code fractional repetition code tasks offload tasks offload Wireless communication Wireless communication Task analysis Task analysis Mobile handsets Mobile handsets Maintenance engineering Maintenance engineering Costs Costs
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Bai, Fenhua , Shen, Tao , Yu, Zhuo et al. Blockchain-Enhanced Time-Variant Mean Field-Optimized Dynamic Computation Sharing in Mobile Network [J]. | IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS , 2024 , 23 (9) : 12140-12156 . |
| MLA | Bai, Fenhua et al. "Blockchain-Enhanced Time-Variant Mean Field-Optimized Dynamic Computation Sharing in Mobile Network" . | IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS 23 . 9 (2024) : 12140-12156 . |
| APA | Bai, Fenhua , Shen, Tao , Yu, Zhuo , Song, Jian , Gong, Bei , Waqas, Muhammad et al. Blockchain-Enhanced Time-Variant Mean Field-Optimized Dynamic Computation Sharing in Mobile Network . | IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS , 2024 , 23 (9) , 12140-12156 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
The popularity of the Internet of Things (IoT) has enabled a large number of vulnerable devices to connect to the Internet, bringing huge security risks. As a network-level security authentication method, device fingerprint based on machine learning has attracted considerable attention because it can detect vulnerable devices in complex and heterogeneous access phases. However, flexible and diversified IoT devices with limited resources increase difficulty of the device fingerprint authentication method executed in IoT, because it needs to retrain the model network to deal with incremental features or types. To address this problem, a device fingerprinting mechanism based on a Broad Learning System (BLS) is proposed in this paper. The mechanism firstly characterizes IoT devices by traffic analysis based on the identifiable differences of the traffic data of IoT devices, and extracts feature parameters of the traffic packets. A hierarchical hybrid sampling method is designed at the preprocessing phase to improve the imbalanced data distribution and reconstruct the fingerprint dataset. The complexity of the dataset is reduced using Principal Component Analysis (PCA) and the device type is identified by training weights using BLS. The experimental results show that the proposed method can achieve state-of-the-art accuracy and spend less training time than other existing methods.
Keyword :
Broad learning system Broad learning system Class imbalance Class imbalance Device fingerprint Device fingerprint Traffic analysis Traffic analysis Access authentication Access authentication
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Zhang, Yu , Gong, Bei , Wang, Qian . BLS-identification: A device fingerprint classification mechanism based on broad learning for Internet of Things [J]. | DIGITAL COMMUNICATIONS AND NETWORKS , 2024 , 10 (2) : 728-739 . |
| MLA | Zhang, Yu et al. "BLS-identification: A device fingerprint classification mechanism based on broad learning for Internet of Things" . | DIGITAL COMMUNICATIONS AND NETWORKS 10 . 2 (2024) : 728-739 . |
| APA | Zhang, Yu , Gong, Bei , Wang, Qian . BLS-identification: A device fingerprint classification mechanism based on broad learning for Internet of Things . | DIGITAL COMMUNICATIONS AND NETWORKS , 2024 , 10 (2) , 728-739 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
With the widespread adoption of Internet of Things (IoT) devices, remote attestation is crucial for ensuring their security. However, current schemes that require a central verifier or interactive approaches are expensive and inefficient for collaborative autonomous systems. Furthermore, the security of the software state cannot be guaranteed before or between successive attestations, leaving devices vulnerable to Time-Of-Check-Time-Of- Use (TOCTOU) attacks, as well as confidentiality issues arising from pre-sharing software information with the verifier. Therefore, we propose the Secure mutual Attestation against TOCTOU Zero-Knowledge proof based for IoT devices (ZKSA), which allows devices to mutually attest without a central verifier, and the attestation result is transparent while preserving confidentiality. We implement a ZKSA prototype on a Raspberry Pi 3B, demonstrating its feasibility and security. Even if malware is removed before the next attestation, it will be detected and the detection time is typically constant. Simulations show that compared to other schemes for mutual attestation, such as DIAT and CFRV, ZKSA exhibits scalability. When the prover attests to numerous verifier devices, ZKSA reduces the verification time from linear to constant.
Keyword :
IoT devices security IoT devices security TOCTOU attacks TOCTOU attacks Remote attestation Remote attestation Software state Software state Zero-knowledge proof Zero-knowledge proof
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Bai, Fenhua , Wang, Zikang , Zeng, Kai et al. ZKSA: Secure mutual Attestation against TOCTOU Zero-knowledge Proof based for IoT Devices [J]. | COMPUTERS & SECURITY , 2024 , 148 . |
| MLA | Bai, Fenhua et al. "ZKSA: Secure mutual Attestation against TOCTOU Zero-knowledge Proof based for IoT Devices" . | COMPUTERS & SECURITY 148 (2024) . |
| APA | Bai, Fenhua , Wang, Zikang , Zeng, Kai , Zhang, Chi , Shen, Tao , Zhang, Xiaohui et al. ZKSA: Secure mutual Attestation against TOCTOU Zero-knowledge Proof based for IoT Devices . | COMPUTERS & SECURITY , 2024 , 148 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
Deep learning is a thriving field currently stuffed with many practical applications and active research topics. It allows computers to learn from experience and to understand the world in terms of a hierarchy of concepts, with each being defined through its relations to simpler concepts. Relying on the strong capabilities of deep learning, we propose a convolutional generative adversarial network-based (Conv-GAN) framework titled MalFox, targeting adversarial malware example generation against third-party black-box malware detectors. Motivated by the rival game between malware authors and malware detectors, MalFox adopts a confrontational approach to produce perturbation paths, with each formed by up to three methods (namely Obfusmal, Stealmal, and Hollowmal) to generate adversarial malware examples. To demonstrate the effectiveness of MalFox, we collect a large dataset consisting of both malware and benignware programs, and investigate the performance of MalFox in terms of accuracy, detection rate, and evasive rate of the generated adversarial malware examples. Our evaluation indicates that the accuracy can be as high as 99.0% which significantly outperforms the other 12 well-known learning models. Furthermore, the detection rate is dramatically decreased by 56.8% on average, and the average evasive rate is noticeably improved by up to 56.2%.
Keyword :
Engines Engines Electronic mail Electronic mail Closed box Closed box Detectors Detectors Malware Malware Perturbation methods Perturbation methods deep learning deep learning Adversarial malware examples Adversarial malware examples malware malware Computer viruses Computer viruses generative adversarial network generative adversarial network
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Zhong, Fangtian , Cheng, Xiuzhen , Yu, Dongxiao et al. MalFox: Camouflaged Adversarial Malware Example Generation Based on Conv-GANs Against Black-Box Detectors [J]. | IEEE TRANSACTIONS ON COMPUTERS , 2024 , 73 (4) : 980-993 . |
| MLA | Zhong, Fangtian et al. "MalFox: Camouflaged Adversarial Malware Example Generation Based on Conv-GANs Against Black-Box Detectors" . | IEEE TRANSACTIONS ON COMPUTERS 73 . 4 (2024) : 980-993 . |
| APA | Zhong, Fangtian , Cheng, Xiuzhen , Yu, Dongxiao , Gong, Bei , Song, Shuaiwen , Yu, Jiguo . MalFox: Camouflaged Adversarial Malware Example Generation Based on Conv-GANs Against Black-Box Detectors . | IEEE TRANSACTIONS ON COMPUTERS , 2024 , 73 (4) , 980-993 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
Edge intelligence is a critical enabler of intelligent application services in the Internet of Things (IoT). However, due to complex environmental factors, edge devices are subject to constant dynamic changes, which can result in security threats and sensitive information leakage. Therefore, it is essential to investigate data stream online analysis and detection strategies and implement an online releasing mechanism to ensure sensitive information is not leaked. Existing work rarely addresses these issues simultaneously or has poor performance, which poses a challenge. To address this challenge, we propose an intelligent edge dual-structure ensemble method (IEDSEM), consisting of three key components: 1) data preprocessing; 2) drift detection data analytics (IEDSEM-DDDA); and 3) privacy-preserving data releasing (IEDSEM-PPDR). Data preprocessing is used primarily to enhance the quality of data streams to improve the performance of model learning. IEDSEM-DDDA involves three sequential operations: 1) dynamic feature selection; 2) model learning and selection and 3) online model ensemble deployment to achieve anomaly detection of online data streams. Meanwhile, IEDSEM-PPDR uses differential privacy and online optimization operations to achieve intelligent hierarchical protection of edge data. To validate the performance of our proposed IEDSEM method, we conducted two comprehensive simulation experiments on real data machines, verifying the accuracy of the concept drift component detection and the privacy optimization performance of the privacy-preserving component, respectively. Simulation results show that compared with several other advanced high-performance algorithms, our algorithm has over 99% accuracy in data stream analysis detection and more outstanding privacy-preserving ability.
Keyword :
Data releasing Data releasing drift detection drift detection intelligent edge intelligent edge privacy preserving privacy preserving dual structure dual structure
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Zhang, Jiangjiang , Gong, Bei , Wang, Qian et al. An Intelligent Edge Dual-Structure Ensemble Method for Data Stream Detection and Releasing [J]. | IEEE INTERNET OF THINGS JOURNAL , 2024 , 11 (1) : 863-879 . |
| MLA | Zhang, Jiangjiang et al. "An Intelligent Edge Dual-Structure Ensemble Method for Data Stream Detection and Releasing" . | IEEE INTERNET OF THINGS JOURNAL 11 . 1 (2024) : 863-879 . |
| APA | Zhang, Jiangjiang , Gong, Bei , Wang, Qian , Wu, Yong , Zheng, Guiping . An Intelligent Edge Dual-Structure Ensemble Method for Data Stream Detection and Releasing . | IEEE INTERNET OF THINGS JOURNAL , 2024 , 11 (1) , 863-879 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
本发明公开了一种基于数据挖掘技术的以太坊庞氏骗局合约检测方法,首先在数据获取,根据数据集中的合约地址,获取每一个合约得字节码和交易记录;在特征提取阶段,将合约字节码反汇编为操作码序列,通过n‑gram算法提取合约操作码的上下文特征,同时根据合约交易记录提取合约的账户特征,将操作码特征和账户特征进行结合,作为模型的输入;接着在模型训练阶段,针对合约特征数据集存在的类不平衡问题,采用ADASYN算法对训练集进行过采样,然后使用性能较好的AdaBoost对数据集进行训练,实现对庞氏骗局智能合约的检测。实验证明,该模型的相关评测指标取得了显著的提升,可以有效的检测出以太坊上的庞氏骗局智能合约。
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | 黄静 , 王梦晓 , 韩红桂 et al. 一种基于数据挖掘技术的以太坊庞氏骗局合约检测方法 : CN202310010369.X[P]. | 2023-01-04 . |
| MLA | 黄静 et al. "一种基于数据挖掘技术的以太坊庞氏骗局合约检测方法" : CN202310010369.X. | 2023-01-04 . |
| APA | 黄静 , 王梦晓 , 韩红桂 , 吴启辉 , 公备 , 郭少勇 et al. 一种基于数据挖掘技术的以太坊庞氏骗局合约检测方法 : CN202310010369.X. | 2023-01-04 . |
| Export to | NoteExpress RIS BibTex |
Export
| Results: |
Selected to |
| Format: |
