Subjects -> LAW (Total: 1397 journals)
    - CIVIL LAW (30 journals)
    - CONSTITUTIONAL LAW (52 journals)
    - CORPORATE LAW (65 journals)
    - CRIMINAL LAW (28 journals)
    - CRIMINOLOGY AND LAW ENFORCEMENT (161 journals)
    - FAMILY AND MATRIMONIAL LAW (23 journals)
    - INTERNATIONAL LAW (161 journals)
    - JUDICIAL SYSTEMS (23 journals)
    - LAW (843 journals)
    - LAW: GENERAL (11 journals)

CRIMINOLOGY AND LAW ENFORCEMENT (161 journals)                     

Showing 1 - 160 of 160 Journals sorted alphabetically
Acta Criminologica : Southern African Journal of Criminology     Full-text available via subscription  
Advances in Cement Research     Hybrid Journal   (Followers: 7)
African Safety Promotion     Full-text available via subscription   (Followers: 4)
African Security Review     Partially Free   (Followers: 7)
Aggression and Violent Behavior     Hybrid Journal   (Followers: 364)
Aggressive Behavior     Hybrid Journal   (Followers: 16)
Annual Review of Criminology     Full-text available via subscription   (Followers: 8)
Asian Journal of Criminology     Hybrid Journal   (Followers: 9)
Australian and New Zealand Journal of Criminology     Hybrid Journal   (Followers: 419)
Australian Journal of Forensic Sciences     Hybrid Journal   (Followers: 352)
Biometric Technology Today     Full-text available via subscription   (Followers: 4)
Boletín Criminológico     Open Access  
Brill Research Perspectives in Transnational Crime     Full-text available via subscription   (Followers: 1)
British Journal of Criminology     Hybrid Journal   (Followers: 405)
Campbell Systematic Reviews     Open Access   (Followers: 4)
Canadian Graduate Journal of Sociology and Criminology     Open Access   (Followers: 6)
Canadian Journal of Criminology and Criminal Justice / La Revue canadienne de criminologie et de justice pénale     Full-text available via subscription   (Followers: 15)
Canadian Society of Forensic Science Journal     Hybrid Journal   (Followers: 255)
Champ pénal/Penal field     Open Access  
Computer Fraud & Security     Full-text available via subscription   (Followers: 269)
Computer Law & Security Review     Hybrid Journal   (Followers: 23)
Contemporary Challenges : The Global Crime, Justice and Security Journal     Open Access   (Followers: 3)
Contemporary Justice Review: Issues in Criminal, Social, and Restorative Justice     Hybrid Journal   (Followers: 39)
Corrections : Policy, Practice and Research     Hybrid Journal   (Followers: 2)
Crime & Delinquency     Hybrid Journal   (Followers: 89)
Crime and Justice     Full-text available via subscription   (Followers: 27)
Crime Prevention and Community Safety     Hybrid Journal   (Followers: 127)
Crime Psychology Review     Hybrid Journal   (Followers: 2)
Crime Science     Open Access   (Followers: 67)
Crime, Histoire & Sociétés     Open Access   (Followers: 10)
Crime, Security and Society     Open Access   (Followers: 2)
Criminal Justice and Behavior     Hybrid Journal   (Followers: 69)
Criminal Justice Ethics     Hybrid Journal   (Followers: 10)
Criminal Justice Matters     Hybrid Journal   (Followers: 9)
Criminal Justice Policy Review     Hybrid Journal   (Followers: 30)
Criminal Justice Review     Hybrid Journal   (Followers: 14)
Criminal Justice Studies: A Critical Journal of Crime, Law and Society     Hybrid Journal   (Followers: 24)
Criminal Law and Philosophy     Hybrid Journal   (Followers: 13)
Criminal Law Forum     Hybrid Journal   (Followers: 8)
Criminocorpus, revue hypermédia     Open Access  
Criminological Studies     Open Access   (Followers: 1)
Criminologie     Open Access   (Followers: 3)
Criminology and Criminal Justice     Hybrid Journal   (Followers: 51)
Crítica Penal y Poder     Open Access  
Critical Criminology     Hybrid Journal   (Followers: 24)
Critical Studies on Terrorism     Hybrid Journal   (Followers: 57)
Cryptologia     Hybrid Journal   (Followers: 3)
Current Issues in Criminal Justice     Hybrid Journal   (Followers: 15)
Datenschutz und Datensicherheit - DuD     Hybrid Journal  
Delito y Sociedad : Revista de Ciencias Sociales     Open Access  
Derecho Penal y Criminología     Open Access   (Followers: 2)
Detection     Open Access   (Followers: 3)
Dynamics of Asymmetric Conflict: Pathways toward terrorism and genocide     Hybrid Journal   (Followers: 12)
EDPACS: The EDP Audit, Control, and Security Newsletter     Hybrid Journal  
Estudios Penales y Criminológicos     Open Access  
EURASIP Journal on Information Security     Open Access   (Followers: 7)
European Journal of Crime, Criminal Law and Criminal Justice     Hybrid Journal   (Followers: 262)
European Journal of Criminology     Hybrid Journal   (Followers: 33)
European Journal of Probation     Hybrid Journal  
European Journal on Criminal Policy and Research     Hybrid Journal   (Followers: 9)
European Polygraph     Open Access  
European Review of Organised Crime     Open Access   (Followers: 54)
Feminist Criminology     Hybrid Journal   (Followers: 17)
Forensic Science International     Hybrid Journal   (Followers: 362)
Forensic Science International : Reports     Open Access   (Followers: 5)
Forensic Science International: Genetics     Hybrid Journal   (Followers: 15)
Forensic Science, Medicine, and Pathology     Hybrid Journal   (Followers: 26)
Forensic Toxicology     Hybrid Journal   (Followers: 18)
Global Crime     Hybrid Journal   (Followers: 277)
Health & Justice     Open Access   (Followers: 6)
Homicide Studies     Hybrid Journal   (Followers: 8)
IEEE Security & Privacy Magazine     Full-text available via subscription   (Followers: 29)
IEEE Transactions on Dependable and Secure Computing     Hybrid Journal   (Followers: 16)
IEEE Transactions on Information Forensics and Security     Hybrid Journal   (Followers: 24)
Incarceration     Full-text available via subscription  
Information Security Journal : A Global Perspective     Hybrid Journal   (Followers: 10)
International Annals of Criminology     Hybrid Journal  
International Criminal Justice Review     Hybrid Journal   (Followers: 14)
International Criminal Law Review     Hybrid Journal   (Followers: 18)
International Criminology     Hybrid Journal   (Followers: 5)
International Journal for Crime, Justice and Social Democracy     Open Access   (Followers: 7)
International Journal of Applied Cryptography     Hybrid Journal   (Followers: 9)
International Journal of Comparative and Applied Criminal Justice     Hybrid Journal   (Followers: 5)
International Journal of Conflict and Violence     Open Access   (Followers: 25)
International Journal of Criminology and Sociology     Open Access   (Followers: 1)
International Journal of Discrimination and the Law     Hybrid Journal   (Followers: 6)
International Journal of Electronic Security and Digital Forensics     Hybrid Journal   (Followers: 11)
International Journal of Information and Coding Theory     Hybrid Journal   (Followers: 6)
International Journal of Police Science and Management     Full-text available via subscription   (Followers: 327)
International Journal of Prisoner Health     Hybrid Journal   (Followers: 17)
International Journal of Punishment and Sentencing, The     Full-text available via subscription   (Followers: 8)
International Review of Victimology     Hybrid Journal   (Followers: 19)
Journal of Addictions & Offender Counseling     Partially Free   (Followers: 6)
Journal of Adult Protection, The     Hybrid Journal   (Followers: 16)
Journal of Aggression, Conflict and Peace Research     Hybrid Journal   (Followers: 48)
Journal of Computer Security     Hybrid Journal   (Followers: 12)
Journal of Computer Virology and Hacking Techniques     Hybrid Journal   (Followers: 6)
Journal of Contemporary Criminal Justice     Hybrid Journal   (Followers: 24)
Journal of Correctional Education     Full-text available via subscription   (Followers: 3)
Journal of Crime and Justice     Hybrid Journal   (Followers: 14)
Journal of Criminal Justice     Hybrid Journal   (Followers: 57)
Journal of Criminal Justice Education     Hybrid Journal   (Followers: 7)
Journal of Criminal Psychology     Hybrid Journal   (Followers: 135)
Journal of Criminological Research, Policy and Practice     Hybrid Journal   (Followers: 71)
Journal of Criminology     Open Access   (Followers: 13)
Journal of Criminology and Forensic Science     Open Access   (Followers: 9)
Journal of Developmental and Life-Course Criminology     Hybrid Journal  
Journal of Ethnicity in Criminal Justice     Hybrid Journal   (Followers: 3)
Journal of Forensic and Legal Medicine     Hybrid Journal   (Followers: 286)
Journal of Forensic Practice     Hybrid Journal   (Followers: 68)
Journal of Forensic Psychiatry & Psychology     Hybrid Journal   (Followers: 51)
Journal of Forensic Sciences     Hybrid Journal   (Followers: 368)
Journal of Gender-Based Violence     Hybrid Journal   (Followers: 13)
Journal of Genocide Research     Hybrid Journal   (Followers: 13)
Journal of Illicit Economies and Development     Open Access  
Journal of International Criminal Justice     Hybrid Journal   (Followers: 40)
Journal of Investigative Psychology and Offender Profiling     Hybrid Journal   (Followers: 12)
Journal of Learning Disabilities and Offending Behaviour     Hybrid Journal   (Followers: 30)
Journal of Penal Law & Criminology     Open Access   (Followers: 2)
Journal of Perpetrator Research     Open Access   (Followers: 1)
Journal of Policing, Intelligence and Counter Terrorism     Hybrid Journal   (Followers: 428)
Journal of Quantitative Criminology     Hybrid Journal   (Followers: 32)
Journal of Scandinavian Studies in Criminology and Crime Prevention     Hybrid Journal   (Followers: 10)
Journal of Strategic Security     Open Access   (Followers: 11)
Justice Evaluation Journal     Hybrid Journal  
Justice Research and Policy     Full-text available via subscription  
Juvenile and Family Court Journal     Hybrid Journal   (Followers: 34)
Kriminologia ikasten : Irakaskuntzarako aldizkaria     Open Access  
Kriminologisches Journal     Full-text available via subscription  
Law, Innovation and Technology     Hybrid Journal   (Followers: 15)
Nordic Journal of Criminology     Hybrid Journal   (Followers: 1)
Occasional Series in Criminal Justice and International Studies     Full-text available via subscription   (Followers: 3)
Police Journal : Theory, Practice and Principles     Hybrid Journal   (Followers: 322)
Police Quarterly     Hybrid Journal   (Followers: 306)
Policing: A Journal of Policy and Practice     Hybrid Journal   (Followers: 306)
Policing: An International Journal of Police Strategies & Management     Hybrid Journal   (Followers: 334)
Policy & Internet     Hybrid Journal   (Followers: 11)
Política Criminal     Open Access  
Psychology of Violence     Full-text available via subscription   (Followers: 16)
Psychology, Crime & Law     Hybrid Journal   (Followers: 27)
Punishment & Society     Hybrid Journal   (Followers: 38)
Research and Reports in Forensic Medical Science     Open Access   (Followers: 7)
Revista Arbitrada de Ciencias Jurídicas y Criminalísticas Iustitia Socialis     Open Access  
Revista Brasileira de Criminalística     Open Access  
Revista de Estudios Jurídicos y Criminológicos     Open Access  
Revista de Movimentos Sociais e Conflitos     Open Access  
Revista Digital de la Maestría en Ciencias Penales     Open Access  
Rivista di Studi e Ricerche sulla criminalità organizzata     Open Access  
Science & Global Security: The Technical Basis for Arms Control, Disarmament, and Nonproliferation Initiatives     Hybrid Journal   (Followers: 4)
Security and Defence Quarterly     Open Access   (Followers: 6)
Security Journal     Hybrid Journal   (Followers: 23)
Sexual Abuse in Australia and New Zealand     Full-text available via subscription   (Followers: 10)
South African Crime Quarterly     Open Access   (Followers: 4)
The Howard Journal of Criminal Justice     Hybrid Journal   (Followers: 9)
Theory and Practice of Forensic Science     Open Access   (Followers: 1)
Trauma, Violence, & Abuse     Hybrid Journal   (Followers: 58)
Trends in Organized Crime     Hybrid Journal   (Followers: 398)
URVIO - Revista Latinoamericana de Estudios de Seguridad     Open Access  
Women & Criminal Justice     Hybrid Journal   (Followers: 271)
Women Against Violence : An Australian Feminist Journal     Full-text available via subscription   (Followers: 15)

           

Similar Journals
Journal Cover
IEEE Transactions on Information Forensics and Security
Journal Prestige (SJR): 1.274
Citation Impact (citeScore): 7
Number of Followers: 24  
 
  Hybrid Journal Hybrid journal (It can contain Open Access articles)
ISSN (Print) 1556-6013
Published by IEEE Homepage  [228 journals]
  • Practical Multi-Party Private Set Intersection Protocols

    • Free pre-print version: Loading...

      Authors: Aslı Bay;Zekeriya Erkin;Jaap-Henk Hoepman;Simona Samardjiska;Jelle Vos;
      Pages: 1 - 15
      Abstract: Privacy-preserving techniques for processing sets of information have attracted the research community’s attention in recent years due to society’s increasing dependency on the availability of data at any time. One of the fundamental problems in set operations is known as Private Set Intersection (PSI). The problem requires two parties to compute the intersection between their sets while preserving correctness and privacy. Although several efficient two-party PSI protocols already exist, protocols for PSI in the multi-party setting (MPSI) currently scale poorly with a growing number of parties, even though this applies to many real-life scenarios. This paper fills this gap by proposing two multi-party protocols based on Bloom filters and threshold homomorphic PKEs, which are secure in the semi-honest model. The first protocol is a multi-party PSI, whereas the second provides a more subtle functionality -threshold multi-party PSI (T-MPSI) - which outputs items of the server that appear in at least some number of other private sets. The protocols are inspired by the Davidson-Cid protocol based on Bloom filters. We compare our MPSI protocol against Kolesnikov et al., which is among the fastest known MPSI protocols. Our MPSI protocol performs better than Kolesnikov et al. in terms of run time, given that the sets are small and there is a large number of parties. Our T-MPSI protocol performs better than other existing works: the computational and communication complexities are linear in the number of elements in the largest set given a fixed number of colluding parties. We conclude that our MPSI and T-MPSI protocols are practical solutions suitable for emerging use-case scenarios with many parties, where previous solutions did not scale well.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • A Randomized Filtering Strategy Against Inference Attacks on Active
           Steering Control Systems

    • Free pre-print version: Loading...

      Authors: Ehsan Nekouei;Mohammad Pirani;Henrik Sandberg;Karl H. Johansson;
      Pages: 16 - 27
      Abstract: In this paper, we develop a framework against inference attacks aimed at inferring the values of the controller gains of an active steering control system (ASCS). We first show that an adversary with access to the shared information by a vehicle, via a vehicular ad hoc network (VANET), can reliably infer the values of the controller gains of an ASCS. This vulnerability may expose the driver as well as the manufacturer of the ASCS to severe financial and safety risks. To protect controller gains of an ASCS against inference attacks, we propose a randomized filtering framework wherein the lateral velocity and yaw rate states of a vehicle are processed by a filter consisting of two components: a nonlinear mapping and a randomizer. The randomizer randomly generates a pair of pseudo gains which are different from the true gains of the ASCS. The nonlinear mapping performs a nonlinear transformation on the lateral velocity and yaw rate states. The nonlinear transformation is in the form of a dynamical system with a feedforward-feedback structure which allows real-time and causal implementation of the proposed privacy filter. The output of the filter is then shared via the VANET. The optimal design of randomizer is studied under a privacy constraint that determines the protection level of controller gains against inference attacks, and is in terms of mutual information. It is shown that the optimal randomizer is the solution of a convex optimization problem. By characterizing the distribution of the output of the filter, it is shown that the statistical distribution of the filter’s output depends on the pseudo gains rather than the true gains. Using information-theoretic inequalities, we analyze the inference ability of an adversary in estimating the control gains based on the output of the filter. Our analysis shows that the performance of any estimator in recovering the controller gains of an ASCS based on the output of the filter is limited by the pri-acy constraint. The performance of the proposed privacy filter is compared with that of an additive noise privacy mechanism. Our numerical results show that the proposed privacy filter significantly outperforms the additive noise mechanism, especially in the low distortion regime.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Poligraph: Intrusion-Tolerant and Distributed Fake News Detection System

    • Free pre-print version: Loading...

      Authors: Guohou Shan;Boxin Zhao;James R. Clavin;Haibin Zhang;Sisi Duan;
      Pages: 28 - 41
      Abstract: We present Poligraph, an intrusion-tolerant and decentralized fake news detection system. Poligraph aims to address architectural, system, technical, and social challenges of building a practical, long-term fake news detection platform. We first conduct a case study for fake news detection at authors’ institute, showing that machine learning-based reviews are less accurate but timely, while human reviews, in particular, experts reviews, are more accurate but time-consuming. This justifies the need for combining both approaches. At the core of Poligraph is two-layer consensus allowing seamlessly combining machine learning techniques and human expert determination. We construct the two-layer consensus using Byzantine fault-tolerant (BFT) and asynchronous threshold common coin protocols. We prove the correctness of our system in terms of conventional definitions of security in distributed systems (agreement, total order, and liveness) as well as new review validity (capturing the accuracy of news reviews). We also provide theoretical foundations on parameter selection for our system. We implement Poligraph and evaluate its performance on Amazon EC2 using a variety of news from online publications and social media. We demonstrate Poligraph achieves throughput of more than 5,000 transactions per second and latency as low as 0.05 second. The throughput of Poligraph is only marginally ( ${4%}$ – ${7%}$ ) slower than that of an unreplicated, single-server implementation. In addition, we conduct a real-world case study for the review of fake and real news among both experts and non-experts, which validates the practicality of our approach.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Iris Liveness Detection Using a Cascade of Dedicated Deep Learning
           Networks

    • Free pre-print version: Loading...

      Authors: Juan E. Tapia;Sebastian Gonzalez;Christoph Busch;
      Pages: 42 - 52
      Abstract: Iris pattern recognition has significantly improved the biometric authentication field due to its high stability and uniqueness. Such physical characteristics have played an essential role in security applications and other related areas. However, presentation attacks, also known as spoofing techniques, can bypass biometric authentication systems using artefacts such as printed images, artificial eyes, textured contact lenses, etc. Many liveness detection methods that improve the robustness of these systems have been proposed. The first International Iris Liveness Detection competition, where the effectiveness of liveness detection methods is evaluated, was first launched in 2013, and its latest iteration was held in 2020. In this paper, we present the approach that won the LivDet-Iris 2020 competition using two-class scenarios (bona fide iris images vs. presentation attack iris images). Additionally, we propose new three-class and four-class scenarios that complement the competition results. These methods use a serial architecture based on a MobileNetV2 modification, trained from scratch to classify bona fide iris images versus presentation attack images. The bona fide class consists of live iris images, whereas the attack presentation instrument classes consist of cadaver, printed, and contact lenses images, for a total of four species. All the images were pre-processed and weighted per class to present a fair evaluation. This approach is primarily focused on detecting the bona fide class over improving the detection of presentation attack instruments. For the two, three, and four classes scenarios BPCER10 values of 0.99%, 0.16%, and 0.83% were obtained respectively, whereas for the BPCER20 values of 3.09%, 0.16%, and 3.77% were obtained, with the best model overall being the proposed 3-class serial model. This work reaches compe-itive results according to the reported results in the LivDet-Iris 2020 competition.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • On the Physical Layer Security of Untrusted Millimeter Wave Relaying
           Networks: A Stochastic Geometry Approach

    • Free pre-print version: Loading...

      Authors: Mohammad Ragheb;S. Mostafa Safavi Hemami;Ali Kuhestani;Derrick Wing Kwan Ng;Lajos Hanzo;
      Pages: 53 - 68
      Abstract: The physical layer security (PLS) of millimeter wave (mmWave) communication systems is investigated, where the secure source-to-destination communication is assisted by an untrusted relay selected from a group of them and there are also several passive eavesdroppers (Eves) in the network. In the considered system model, while the distributions of the untrusted relays and Eves follow a homogeneous Poisson Point Process (PPP). To maximize the instantaneous secrecy rate, a novel joint relay selection and power allocation (JRP) method is developed where the destination and source aim for jamming the reception of both the untrusted relays and passive Eves. New expressions of the optimal power allocation (OPA) are derived for both non-colluding Eves (NCE) and colluding Eves (CE). Subsequently, by considering the impact of potential blockages, new closed-form equations are derived for analyzing the system’s ergodic secrecy rate (ESR) and secrecy outage probability (SOP) for transmission over fading mmWave channels. Finally, numerical examples are provided for demonstrating the superiority of our proposed JRP method over the relevant benchmarks found in the literature. Interestingly, the ESR increases with the density of untrusted relays for both the NCE and CE scenarios, which is a benefit of the improved probability of selecting a relay with a stronger second-hop channel. Furthermore, in the low transmit power regime, employing relatively low mmWave frequencies achieves better ESR, while in the high transmit power regime, high mmWave frequencies provide higher ESR.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Privacy-Preserving Object Detection for Medical Images With Faster R-CNN

    • Free pre-print version: Loading...

      Authors: Yang Liu;Zhuo Ma;Ximeng Liu;Siqi Ma;Kui Ren;
      Pages: 69 - 84
      Abstract: In this paper, we propose a lightweight privacy-preserving Faster R-CNN framework (SecRCNN) for object detection in medical images. Faster R-CNN is one of the most outstanding deep learning models for object detection. Using SecRCNN, healthcare centers can efficiently complete privacy-preserving computations of Faster R-CNN via the additive secret sharing technique and edge computing. To implement SecRCNN, we design a series of interactive protocols to perform the three stages of Faster R-CNN, namely feature map extraction, region proposal and regression and classification. To improve the efficiency of SecRCNN, we improve the existing secure computation sub-protocols involved in SecRCNN, including division, exponentiation and logarithm. The newly proposed sub-protocols can dramatically reduce the number of messages exchanged during the iterative approximation process based on the coordinate rotation digital computer algorithm. Moreover, the effectiveness, efficiency and security of SecRCNN are demonstrated through comprehensive theoretical analysis and extensive experiments. The experimental findings show that the communication overhead in computing division, logarithm and exponentiation decreases to 36.19%, 73.82% and 43.37%, respectively.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Role of Shared Key for Secure Communication Over 2-User Gaussian
           Z-Interference Channel

    • Free pre-print version: Loading...

      Authors: Uppalapati Somalatha;Parthajit Mohapatra;
      Pages: 85 - 98
      Abstract: In this paper, the role of secret key with finite rate is studied to enhance the secrecy performance of the system when users are operating in interference limited scenarios. To address this problem, a 2-user Gaussian Z-interference channel with secrecy constraint at the receiver is considered. The paper proposes novel achievable schemes, where the schemes differ from each other based on how the key has been used in the encoding process. The first achievable scheme uses a combination of key rate splitting, one-time pad, stochastic encoding and superposition coding. In this scheme, one part of the key is used for one-time pad and the remaining part of the key is used for stochastic encoding. The encoding is performed such that the receiver experiencing interference can decode some part of the interference without violating the secrecy constraint. As a special case of the derived result, one can obtain the secrecy rate region when the key is completely used for one-time pad or part of the stochastic encoding. The second scheme uses the shared key to encrypt the message using one-time pad and in contrast to the previous case no interference is decoded at the receiver. The paper also derives outer bound on the sum rate and secrecy rate. The main novelty of deriving outer bound lies in the selection of side information provided to the receiver and using the secrecy constraint. The derived outer bounds are found to be tight for certain channel conditions and rate of the key. The scaling behaviour of key rate is also explored for different schemes using the notion of secure generalized degrees of freedom. The optimality of different schemes are characterized for some specific cases. The developed results show the importance of key rate splitting in enhancing the secrecy performance of the system.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Secure Millimeter-Wave Ad Hoc Communications Using Physical Layer Security

    • Free pre-print version: Loading...

      Authors: Yuanyu Zhang;Yulong Shen;Xiaohong Jiang;Shoji Kasahara;
      Pages: 99 - 114
      Abstract: Millimeter-wave (mmWave) communications are highly promising to improve the capacity of modern wireless networks, while the physical layer security (PLS) techniques hold great potential to enhance the critical secrecy performance therein. By carefully exploiting the significant signal difference between the Non-Light-of-Sight (NLoS) and Line-of-Sight (LoS) mmWave links, this paper proposes a Sight-based Cooperative Jamming (SCJ) scheme to improve the PLS performance of mmWave ad hoc communications. In this scheme, each potential jammer that has no LoS link to its nearest receiver but may have LoS links to eavesdroppers is selected with a certain probability to generate artificial noise such that channel advantages at legitimate receivers can be achieved. For performance modeling of the new jamming scheme, novel and efficient theoretical approximation approaches are firstly developed to enable the challenging issue of interference distribution modeling to be tackled, and then a theoretical framework based on stochastic geometry is proposed to capture the secrecy transmission capacity behavior under the SCJ scheme. Finally, extensive numerical results are provided to illustrate the SCJ scheme under various network scenarios.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Person Re-Identification by Context-Aware Part Attention and Multi-Head
           Collaborative Learning

    • Free pre-print version: Loading...

      Authors: Dongming Wu;Mang Ye;Gaojie Lin;Xin Gao;Jianbing Shen;
      Pages: 115 - 126
      Abstract: Most existing works solve the video-based person re-identification (re-ID) problem by computing the representation of each frame independently and finally aggregate the frame-level features. However, these methods often suffer from the challenging factors in videos, such as serious occlusion, background clutter and pose variation. To address these issues, we propose a novel multi-level Context-aware Part Attention (CPA) model to learn discriminative and robust local part features. It is featured in two aspects: 1) the context-aware part attention module improves the robustness by capturing the global relationship among different body parts across different video frames, and 2) the attention module is further extended to multi-level attention mechanism which enhances the discriminability by simultaneously considering low- to high-level features in different convolutional layers. In addition, we propose a novel multi-head collaborative training scheme to improve the performance, which is collaboratively supervised by multiple heads with the same structure but different parameters. It contains two consistency regularization terms, which consider both multi-head and multi-frame consistency to achieve better results. The multi-level CPA model is designed for feature extraction, while the multi-head collaborative training scheme is designed for classifier supervision. They jointly improve our re-ID model from two complementary directions. Extensive experiments demonstrate that the proposed method achieves much better or at least comparable performance compared to the state-of-the-art on four video re-ID datasets.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Gendered Differences in Face Recognition Accuracy Explained by Hairstyles,
           Makeup, and Facial Morphology

    • Free pre-print version: Loading...

      Authors: Vítor Albiero;Kai Zhang;Michael C. King;Kevin W. Bowyer;
      Pages: 127 - 137
      Abstract: Media reports have accused face recognition of being “biased”, “sexist” and “racist”. There is consensus in the research literature that face recognition accuracy is lower for females, who often have both a higher false match rate and a higher false non-match rate. However, there is little published research aimed at identifying the cause of lower accuracy for females. For instance, the 2019 Face Recognition Vendor Test that documents lower female accuracy across a broad range of algorithms and datasets also lists “Analyze cause and effect” under the heading “What we did not do”. We present the first experimental analysis to identify major causes of lower face recognition accuracy for females on datasets where previous research has observed this result. Controlling for equal amount of visible face in the test images mitigates the apparent higher false non-match rate for females. Additional analysis shows that makeup-balanced datasets further improves females to achieve lower false non-match rates. Finally, a clustering experiment suggests that images of two different females are inherently more similar than of two different males, potentially accounting for a difference in false match rates.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Dual-Branch Meta-Learning Network With Distribution Alignment for Face
           Anti-Spoofing

    • Free pre-print version: Loading...

      Authors: Yunpei Jia;Jie Zhang;Shiguang Shan;
      Pages: 138 - 151
      Abstract: Existing face anti-spoofing (FAS) methods fail to generalize well to unseen domains with different data distribution from the training domains, due to the distribution discrepancies between various domains. To extract domain-invariant features for unseen domains, this work proposes a Dual-Branch Meta-learning Network (DBMNet) with distribution alignment for face anti-spoofing. Specifically, DBMNet consists of a feature embedding (FE) branch and a depth estimating (DE) branch for real and fake face discrimination. Each branch acts as a meta-learner and is optimized by step-adjusted meta-learning that can adaptively select the best number of meta-train steps. In order to mitigate distribution discrepancies between domains, we introduce two distribution alignment losses to directly regularize the two meta-learners, i.e., the triplet loss for FE branch and the depth loss for DE branch, respectively. Both of them are designed as part of the meta-train and meta-test objectives, which contribute to higher-order derivatives on the parameters during the meta-optimization for further seeking domain-invariant features. Extensive ablation studies and comparisons with the state-of-the-art methods show the effectiveness of our method for better generalization.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Differential Privacy for Tensor-Valued Queries

    • Free pre-print version: Loading...

      Authors: Jungang Yang;Liyao Xiang;Ruidong Chen;Weiting Li;Baochun Li;
      Pages: 152 - 164
      Abstract: Private individual information are increasingly exposed through high-dimensional and high-order data, with the wide deployment of learning techniques. These data are typically expressed in form of tensors, but there is no principled way to guarantee privacy for tensor-valued queries. Conventional differential privacy is typically applied to scalar values without a precise definition on the shape of the queried data. Realizing that the conventional mechanisms do not take the data structural information into account, we propose Tensor Variate Gaussian (TVG), a new $(epsilon,delta) $ -differential privacy mechanism for tensor-valued queries. We further introduce two mechanisms based on TVG with an improved utility by imposing the unimodal differentially-private noise. With the utility space available, the proposed mechanisms can be instantiated with an optimized utility, and the optimization problem has a closed-form solution scalable to large-scale problems. Finally, we experimentally test our mechanisms on a variety of datasets and models, demonstrating that TVG is superior than other state-of-the-art mechanisms on tensor-valued queries.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Data Disclosure With Non-Zero Leakage and Non-Invertible Leakage Matrix

    • Free pre-print version: Loading...

      Authors: Amirreza Zamani;Tobias J. Oechtering;Mikael Skoglund;
      Pages: 165 - 179
      Abstract: We study a statistical signal processing privacy problem, where an agent observes useful data $Y$ and wants to reveal the information to a user. Since the useful data is correlated with the private data $X$ , the agent employs a privacy mechanism to generate data $U$ that can be released. We study the privacy mechanism design that maximizes the revealed information about $Y$ while satisfying a strong $ell _{1}$ -privacy criterion. When a sufficiently small leakage is allowed, we show that the optimizer distributions of the privacy mechanism design problem have a specific geometry, i.e., they are perturbations of fixed vector distributions. This geometrical structure allows us to use a local approximation of the conditional entropy. By using this approximation the original optimization problem can be reduced to a linear program so that an approximate solution for the optimal privacy mechanism can be easily obtained. The main contribution of this work is to consider a non-invertible leakage matrix with non-zero leakage. In our first example, inspired by a watermark application, we first demonstrate the accuracy of the approximation. Then, we employ different measures for utility and privacy leakage to compare the privacy-utility trade-off using our approach with other methods. In particular, we show that by allowing small leakage, significant utility can be achieved using our method compared to the case where no leakage is allowed. In the second and third examples which are based on the MNIST data set and medical applications, we illustrate the suggested design for disclosed data $U$ . It has been shown that the letters of $Y$ which are disclosing more information about $X$ are combined (randomized) to produce a new letter of $U$ .
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Fundamental Limits-Achieving Polar Code Designs for Biometric
           Identification and Authentication

    • Free pre-print version: Loading...

      Authors: Linghui Zhou;Tobias J. Oechtering;Mikael Skoglund;
      Pages: 180 - 195
      Abstract: In this work, we present polar code designs that offer a provably optimal solution for biometric identification and authentication systems under noisy enrollment for certain sources and observation channels. We consider a discrete memoryless biometric source and discrete symmetric memoryless observation channels. It is shown that the proposed polar code designs achieve the fundamental limits with privacy and secrecy constraints. Depending on how the secret keys are extracted and whether the privacy leakage rate should be close to zero, we consider four related setups, which are (i) the generated secret key system, (ii) the chosen secret key system, (iii) the generated secret key system with zero leakage, and (iv) the chosen secret key system with zero leakage. For the first two setups, (i) and (ii), the privacy level is characterized by the privacy leakage rate. For the last two setups (iii) and (iv), private keys are additionally employed to achieve close to zero privacy leakage rate. In setups (i) and (iii), it is assumed that the secret keys are generated, i.e., extracted from biometric information. While in setups (ii) and (iv), secret keys provided to the system are chosen uniformly at random from some trustful source. This work provides the first examples of fundamental limits-achieving code designs for identification and authentication. Moreover, since the code designs are based on polar codes and many existing works study low-complexity and short block-length polar coding, the proposed code designs in this work provide the code design structure and a framework for the application of biometric identification and authentication.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • C2CL: Contact to Contactless Fingerprint Matching

    • Free pre-print version: Loading...

      Authors: Steven A. Grosz;Joshua J. Engelsma;Eryun Liu;Anil K. Jain;
      Pages: 196 - 210
      Abstract: Matching contactless fingerprints or finger photos to contact-based fingerprint impressions has received increased attention in the wake of COVID-19 due to the superior hygiene of the contactless acquisition and the widespread availability of low cost mobile phones capable of capturing photos of fingerprints with sufficient resolution for verification purposes. This paper presents an end-to-end automated system, called C2CL, comprised of a mobile finger photo capture app, preprocessing, and matching algorithms to handle the challenges inhibiting previous cross-matching methods; namely i) low ridge-valley contrast of contactless fingerprints, ii) varying roll, pitch, yaw, and distance of the finger to the camera, iii) non-linear distortion of contact-based fingerprints, and vi) different image qualities of smartphone cameras. Our preprocessing algorithm segments, enhances, scales, and unwarps contactless fingerprints, while our matching algorithm extracts both minutiae and texture representations. A sequestered dataset of 9, 888 contactless 2D fingerprints and corresponding contact-based fingerprints from 206 subjects (2 thumbs and 2 index fingers for each subject) acquired using our mobile capture app is used to evaluate the cross-database performance of our proposed algorithm. Furthermore, additional experimental results on 3 publicly available datasets show substantial improvement in the state-of-the-art for contact to contactless fingerprint matching (TAR in the range of 96.67% to 98.30% at FAR=0.01%).
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • On Maximizing the Sum Secret Key Rate for Reconfigurable Intelligent
           Surface-Assisted Multiuser Systems

    • Free pre-print version: Loading...

      Authors: Guyue Li;Chen Sun;Wei Xu;Marco Di Renzo;Aiqun Hu;
      Pages: 211 - 225
      Abstract: Channel reciprocity-based key generation (CRKG) has recently emerged as a new technique to address the problem of key distribution in wireless networks. However, as this approach relies upon the characteristics of fading channels, the corresponding secret key rate may be low when the communication link is blocked. To enhance the applicability of CRKG in harsh propagation scenarios, this paper introduces a novel multiuser key generation scheme, which is referred to as RIS-assisted multiuser key generation (RMK) that leverages the reconfigurable intelligent surface (RIS) technology for appropriately shaping the environment and enhancing the sum secret key rate between an access point and multiple users. In the RMK scheme, an RIS-induced channel, rather than the direct channel, serves as the key source. We derive a general closed-form expression of the secret key rate and optimize the configuration of the RIS to maximize the sum secret key rate over independent and correlated fading channels in the presence of multiple users. In the presence of independent fading, we introduce a low-complexity algorithm based on the Karush-Kuhn-Tucker (KKT) condition. In the presence of correlated fading, the optimization problem is non-convex and challenging to solve. To tackle it, we propose a new optimization algorithm based on the semi-definite relaxation (SDR) and successive convex approximation (SCA) methods. Simulation results demonstrate that the proposed RMK scheme outperforms existing RIS-assisted algorithms and achieves a near-optimal sum secret key rate over independent and correlated fading channels.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • High Resolution Fingerprint Retrieval Based on Pore Indexing and Graph
           Comparison

    • Free pre-print version: Loading...

      Authors: Yuanrong Xu;Yao Lu;Fanglin Chen;Guangming Lu;David Zhang;
      Pages: 226 - 236
      Abstract: Fingerprint retrieval aims to identify a query fingerprint image in a large database using indexing algorithms. Because of the abundant level 3 pore features within high-resolution fingerprint images, pore-based fingerprint retrieval algorithms have been rapidly developed. These retrieval algorithms, however, suffer from severe calculation-consuming problems with the pores increasing. This paper proposes a pore-based fingerprint retrieval method for high-resolution fingerprint images. The proposed method consists of two main steps. 1) In the pore indexing step, an indexing space is constructed using the binary codes of pores in enrolled images. Then, a designed graph-based searching algorithm searches the nearest neighbors of pores from the query image to construct one-to-many correspondences. 2) In the refinement step, the one-to-many correspondences are refined by a random walker-based graph comparison algorithm to remove the false correspondences. The remained nearest neighbors are used to calculate the similarities between the query image and the enrolled images. The proposed method is evaluated on two databases, showing that our method achieves better retrieval accuracies with a higher speed than the existing pore-based retrieval algorithms.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Leia: A Lightweight Cryptographic Neural Network Inference System at the
           Edge

    • Free pre-print version: Loading...

      Authors: Xiaoning Liu;Bang Wu;Xingliang Yuan;Xun Yi;
      Pages: 237 - 252
      Abstract: The advances in machine learning have revealed its great potential for emerging mobile applications such as face recognition and voice assistant. Models trained via a Neural Network (NN) can offer accurate and efficient inference services for mobile users. Unfortunately, the current deployment of such service encounters privacy concerns. Directly offloading the model to the mobile device violates model privacy of the model owner, while feeding user input to the service compromises user privacy. To address this issue, we propose Leia, a lightweight cryptographic NN inference system at the edge. Leia is designed from two mobile-friendly perspectives. First, it leverages the paradigm of edge computing wherein the inference procedure keeps the model closer to the mobile user to foster low latency service. Specifically, Leia’s architecture consists of two non-colluding edge services to obliviously perform NN inference on the encoded user data and model. Second, Leia’s realization makes the judicious use of potentially constrained computational and communication resources in edge devices. We adapt the Binarized Neural Network (BNN), a trending flavor of NN with low inference overhead, and purely choose the lightweight secret sharing techniques to realize secure blocks of BNN. We implement Leia and deploy it on Raspberry Pi. Empirical evaluations on benchmark and medical datasets via various models demonstrate the practicality of Leia.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Robust Secure Beamforming for Intelligent Reflecting Surface Assisted
           Full-Duplex MISO Systems

    • Free pre-print version: Loading...

      Authors: Yimeng Ge;Jiancun Fan;
      Pages: 253 - 264
      Abstract: This paper investigates a full-duplex (FD) secure communication system with the assistance of an intelligent reflecting surface (IRS). Compared with the traditional FD system, the IRS-assisted FD communication not only greatly improves the spectrum efficiency but also provides a new way to enhance physical layer security due to the overlapping of multiple signals at the eavesdropper. Furthermore, we consider a more practical scenario without perfect channel state information (CSI) because it is very difficult to obtain the perfect CSI especially for cascaded channels via IRS. In addition, the eavesdropper is usually passive and hidden which will not actively exchange CSI with the user, which leads to an obstacle for obtaining the perfect CSI of eavesdropping channels. To this end, a worst-case achievable security rate (ASR) optimization problem is formulated under the bounded CSI error model. Due to the existence of non-convexity and highly coupled variables, this problem is extremely challenging. To directly tackle the nonconvexity of the considered optimization problem, similar to successive convex approximation (SCA), we first transform the original problem into its equivalent convex optimization problem directly, and finally obtain the optimal solution of the original non-convex problem by iteratively calculating the convex optimization problem. On this basis, we iteratively solve the transmission beamforming and IRS phase shift through Alternate Optimization (AO). In particular, when optimizing the phase shift coefficient, a penalty convex-concave procedure solution is proposed. Simulation results demonstrate that our proposed robust secure beamforming scheme can effectively improve ASR, and also outperforms the nonrobust one.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Privacy-Preserved Distributed Learning With Zeroth-Order Optimization

    • Free pre-print version: Loading...

      Authors: Cristiano Gratton;Naveen K. D. Venkategowda;Reza Arablouei;Stefan Werner;
      Pages: 265 - 279
      Abstract: We develop a privacy-preserving distributed algorithm to minimize a regularized empirical risk function when the first-order information is not available and data is distributed over a multi-agent network. We employ a zeroth-order method to minimize the associated augmented Lagrangian function in the primal domain using the alternating direction method of multipliers (ADMM). We show that the proposed algorithm, named distributed zeroth-order ADMM (D-ZOA), has intrinsic privacy-preserving properties. Most existing privacy-preserving distributed optimization/estimation algorithms exploit some perturbation mechanism to preserve privacy, which comes at the cost of reduced accuracy. Contrarily, by analyzing the inherent randomness due to the use of a zeroth-order method, we show that D-ZOA is intrinsically endowed with $(epsilon,delta)-$ differential privacy. In addition, we employ the moments accountant method to show that the total privacy leakage of D-ZOA grows sublinearly with the number of ADMM iterations. D-ZOA outperforms the existing differentially-private approaches in terms of accuracy while yielding similar privacy guarantee. We prove that D-ZOA reaches a neighborhood of the optimal solution whose size depends on the privacy parameter. The convergence analysis also reveals a practically important trade-off between privacy and accuracy. Simulation results verify the desirable privacy-preserving properties of D-ZOA and its superiority over the state-of-the-art algorithms as well as its network-wide convergence.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • ScoreGAN: A Fraud Review Detector Based on Regulated GAN With Data
           Augmentation

    • Free pre-print version: Loading...

      Authors: Saeedreza Shehnepoor;Roberto Togneri;Wei Liu;Mohammed Bennamoun;
      Pages: 280 - 291
      Abstract: The promising performance of Deep Neural Networks (DNNs) in text classification has attracted researchers to use them for fraud review detection. However, the lack of trusted labeled data has limited the performance of the current solutions in detecting fraud reviews. The Generative Adversarial Network (GAN) as a semi-supervised method has been demonstrated to be effective for data augmentation purposes. The state-of-the-art solutions utilize GANs to overcome the data scarcity problem. However, they fail to incorporate the behavioral clues in fraud generation. Additionally, state-of-the-art approaches overlook the possible bot-generated reviews in the dataset. Finally, they also suffer from a common limitation in the generalization and stability of the GAN, slowing down the training procedure. In this work, we propose ScoreGAN for fraud review detection that makes use of both review text and review rating scores in the generation and detection process. Scores are incorporated through Information Gain Maximization (IGM) into the loss function for three reasons. One is to generate score-correlated reviews based on the scores given to the generator. Second, the generated reviews are employed to train the discriminator, allowing the discriminator to correctly label the possible bot-generated reviews through joint representations learned from the concatenation of GLobal Vector for Word representation (GLoVe) extracted from the text and the score. Finally, it can be used to improve the stability and generalization of the GAN. Results show that the proposed framework outperformed the existing state-of-the-art FakeGAN framework, in terms of AP by 7%, and 5% on the Yelp and TripAdvisor datasets, respectively.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • On the Impact of Pollution Attacks on Coding-Based Distributed Storage
           Systems

    • Free pre-print version: Loading...

      Authors: Rossano Gaeta;
      Pages: 292 - 302
      Abstract: Coding-based distributed storage systems (DSS) are employed in many diverse heterogeneous settings, e.g., cloud storage data centers, peer-to-peer systems, wireless sensor networks, fog/edge computing system, to provide better throughput, latency, reliability, scalability, load adaptation, geographical migration and fault tolerance with respect to traditional monolithic enterprise storage systems. Despite the undoubted advantages offered by coding, reliability and security are jeopardized by a pollution attack that can easily disrupt the entire system and degrade performance. In this paper we take an abstract view of a DSS and we investigate by means of mathematical modeling what are the availability, robustness, and timeliness of heterogeneous, coding-based DSS when storage nodes (SN) are unreliable and can be malicious. To this end, we focus on a class of allocations of coded fragments to SNs that we call feasible allocations; the model takes into account both reliability and reactivity of SNs. We define robust availability and timeliness of feasible allocations that we use to characterize the overall performance and robustness of the DSS in a reference scenario. Our analysis reveals that code redundancy is a double-edged sword in a DSS where malicious SNs come into play and that there exists an optimal value of code redundancy regardless all system parameters that maximizes the number of malicious SNs that can be tolerated to achieve maximum DSS performance. We also found that larger codes are preferred over short ones as they yield superior DSS performance in the presence of malicious SNs. Furthermore, when multiple feasible allocations yield the highest DSS performance timeliness can be used as a guide for the choice. Finally, heterogeneity plays a role in determining the timeliness of the maximally spread allocations in the case of targeted attacks.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Gradient Leakage Attack Resilient Deep Learning

    • Free pre-print version: Loading...

      Authors: Wenqi Wei;Ling Liu;
      Pages: 303 - 316
      Abstract: Gradient leakage attacks are considered one of the wickedest privacy threats in deep learning as attackers covertly spy gradient updates during iterative training without compromising model training quality, and yet secretly reconstruct sensitive training data using leaked gradients with high attack success rate. Although deep learning with differential privacy is a defacto standard for publishing deep learning models with differential privacy guarantee, we show that differentially private algorithms with fixed privacy parameters are vulnerable against gradient leakage attacks. This paper investigates alternative approaches to gradient leakage resilient deep learning with differential privacy (DP). First, we analyze existing implementation of deep learning with differential privacy, which use fixed noise variance to injects constant noise to the gradients in all layers using fixed privacy parameters. Despite the DP guarantee provided, the method suffers from low accuracy and is vulnerable to gradient leakage attacks. Second, we present a gradient leakage resilient deep learning approach with differential privacy guarantee by using dynamic privacy parameters. Unlike fixed-parameter strategies that result in constant noise variance, different dynamic parameter strategies present alternative techniques to introduce adaptive noise variance and adaptive noise injection which are closely aligned to the trend of gradient updates during differentially private model training. Finally, we describe four complementary metrics to evaluate and compare alternative approaches. Extensive experiments on six benchmark datasets show that differentially private deep learning with dynamic privacy parameters outperforms the deep learning using fixed DP parameters, and existing adaptive clipping approaches in all aspects: compelling accuracy performance, strong differential privacy guarantee, and high attack resilience.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Privacy-Preserving Aggregation-Authentication Scheme for Safety Warning
           System in Fog-Cloud Based VANET

    • Free pre-print version: Loading...

      Authors: Yafang Yang;Lei Zhang;Yunlei Zhao;Kim-Kwang Raymond Choo;Yan Zhang;
      Pages: 317 - 331
      Abstract: As cities become smarter, the importance of vehicular ad hoc networks (VANETs) will be increasingly pronounced. To support latency- and time-sensitive applications, there have been attempts to utilize fog-cloud computing in VANETs. There are, however, a number of limitations in existing fog-cloud based VANET deployments, ranging from computation and communication bottlenecks to privacy leakage to costly certificate/ pseudonym management to key escrow, and so on. Therefore, in this paper we propose a privacy-preserving aggregation authentication scheme (PPAAS). The scheme is designed for deployment in a safety warning system for fog-cloud based VANETs. Specifically, the PPAAS scheme is realized using a novel efficient anonymous certificateless aggregation signcryption scheme (CASS) proposed in this paper, and allows a fog node to aggregate signcrypted traffic-related messages from surrounding vehicles into an aggregated ciphertext and unsigncrypt them in a batch. We then evaluate the security of PPAAS and demonstrate that it supports confidentiality, authentication, and (efficient) conditional privacy, and key escrow freeness. In particular, our scheme is the first in the literature to achieve efficient conditional privacy, which avoids the need for costly pseudonym management. We also demonstrate that the scheme is practical, based on our simulation results.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Asymptotically Guaranteed Anti-Jamming Spread Spectrum Random Access
           Without Pre-Shared Secret

    • Free pre-print version: Loading...

      Authors: Ángeles Vázquez-Castro;
      Pages: 332 - 343
      Abstract: Our main contribution is the design of a spread spectrum random access scheme without pre-shared secret with asymptotically guaranteed availability against electronic/cyber-based jamming attacks. In order to establish asymptotic anti-jamming guarantees, first we develop the system model and show that for reactive jamming (only limited by the laws of physical propagation), the required location for a successful attack can be controlled by design. Then, for non-reactive protocol-aware jamming, we map a random selection of (publicly known) spreading codes to the computational birthday problem. Differently to the related literature, we formulate the birthday problem using entropic measures (Rényi entropy), which allows to obtain the optimal spreading code set sizes that guarantee asymptotically zero collision probability. Accordingly, the birthday attack is the best strategy to optimize the (trial and error) blind acquisition at the legitimate detector. We obtain numerical results that illustrate how to use our entropic method as a system design degree of freedom to identify realistic spreading code set sizes. We also derive an upper bound of the detection latency. Finally, we show that the resulting anti-jamming throughput is higher than the throughput under conventional operation (i.e. without anti-jamming guarantees) due to the control of collision probability by-design.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Multi-View Evolutionary Training for Unsupervised Domain Adaptive Person
           Re-Identification

    • Free pre-print version: Loading...

      Authors: Jianyang Gu;Weihua Chen;Hao Luo;Fan Wang;Hao Li;Wei Jiang;Weijie Mao;
      Pages: 344 - 356
      Abstract: Clustering-based approaches have been successfully applied to unsupervised domain adaptation (UDA) tasks for person re-identification (Re-ID), where no annotations are provided in target domain. However, the clustering process is sensitive to noises, leading to imperfect pseudo labels that could damage the training performance. In this work, we propose a Multi-view Evolutionary Training (MET) method to effectively reduce noises in clustering results from two dimensions. First, to improve the clustering accuracy at each time frame (i.e. snapshot quality), a Multi-view Diffusion (MvD) module is proposed. Through capturing data relationships from multiple viewpoints and aggregating their information, noises and bias from each individual viewpoint can be eliminated, and more reliable similarity matrix can be produced for clustering. Second, to improve the temporal consistency between clustering at different iterations, i.e. temporal consistency, we propose an Evolutionary Local Refinement (ELR) module, which utilizes the previous clustering results to guide and improve current results, and further make the training process more stable and robust. Extensive experiments demonstrate that our method can provide clustering results with high quality, and achieve state-of-the-art performance on UDA Re-ID.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Model Inversion Attack by Integration of Deep Generative Models:
           Privacy-Sensitive Face Generation From a Face Recognition System

    • Free pre-print version: Loading...

      Authors: Mahdi Khosravy;Kazuaki Nakamura;Yuki Hirose;Naoko Nitta;Noboru Babaguchi;
      Pages: 357 - 372
      Abstract: Cybersecurity in front of attacks to a face recognition system is an emerging issue in the cloud era, especially due to its strong bonds with the privacy of the users registered to the system. A possible attack is the model inversion attack (MIA) which aims to reveal the identity of a targeted user by generating the most proper datapoint input to the system with maximum corresponding confidence score at the output. The generated data of a registered user can be maliciously used as a serious invasion of the user privacy. In literature, MIA processes are categorized into white-box and black-box scenarios which are respectively with and without information about the system structure, parameters, and partially about the users. This research work assumes the MIA under semi-white box scenario of availability of system model structure and parameters but not any user data information, and verifies it as a severe threat even for a deep-learning-based face recognition system despite its complex structure and the diversity of registered user data. The alert state is promoted by Deep MIA which is the integration of deep generative models in MIA, and $alpha $ -GAN integrated MIA-initilized by a face based seed ( $alpha $ -GAN-MIA-FS) is proposed. As a novel MIA search strategy, a pre-trained deep generative model with capability of generating a face image from a random feature vector is used for narrowing down the image search space to the feature vectors space, which has much lower dimensions. This allows the MIA process to efficiently search for a low-dimensional feature vector whose corresponding face image maximizes the confidence score. We have experimentally evaluated the proposed method by two objective criteria and three subjective criteria in comparison to $alpha $ -GAN-integrated MIA initialized with a random seed ( $alpha $ -GAN-MIA-RS), DCGAN-integrated MIA (DCGAN-MIA), and the conventional MIA. The evaluation results approve the efficiency and superiority of the proposed technique in generating natural looking face clones with high recognizability as the targeted users.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Generating Adversarial Images in Quantized Domains

    • Free pre-print version: Loading...

      Authors: Benoit Bonnet;Teddy Furon;Patrick Bas;
      Pages: 373 - 385
      Abstract: Many adversarial attacks produce floating-point tensors which are no longer adversarial when converted to raster or JPEG images due to rounding. This paper proposes a method dedicated to quantize adversarial perturbations. This “smart” quantization is conveniently implemented as versatile post-processing. It can be used on top of any white-box attack targeting any model. Its principle is tantamount to a constrained optimization problem aiming to minimize the quantization error while keeping the image adversarial after quantization. A Lagrangian formulation is proposed and an appropriate search of the Lagrangian multiplier enables to increase the success rate. We also add a control mechanism of the $ell _infty $ -distortion. Our method operates in both spatial and JPEG domains with little complexity. This study shows that forging adversarial images is not a hard constraint: our quantization does not introduce any extra distortion. Moreover, adversarial images quantized as JPEG also challenge defenses relying on the robustness of neural networks against JPEG compression.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Dynamic Tri-Level Relation Mining With Attentive Graph for Visible
           Infrared Re-Identification

    • Free pre-print version: Loading...

      Authors: Mang Ye;Cuiqun Chen;Jianbing Shen;Ling Shao;
      Pages: 386 - 398
      Abstract: Matching the daytime visible and nighttime infrared person images, namely visible infrared person re-identification (VI-ReID), is a challenging cross-modality retrieval problem. Due to the difficulty of data collection and annotation in nighttime surveillance, VI-ReID usually suffers from noise problems, making it challenging to directly learn part discriminative features. In order to improve the discriminability and enhance the robustness against noisy images, this paper proposes a novel dynamic tri-level relation mining (DTRM) framework by simultaneously exploring channel-level, part-level intra-modality, and graph-level cross-modality relation cues. To address the misalignment within the person images, we design an intra-modality weighted-part attention (IWPA) to construct part-aggregated representation. It adaptively integrates the body part relation into the local feature learning with a residual batch normalization (RBN) connection scheme. Besides, a cross-modality graph structured attention (CGSA) is incorporated to improve the global feature learning by utilizing the contextual relation between images from two modalities. This module reduces the negative effects of noisy images. To seamlessly integrate two components, a parameter-free dynamic aggregation strategy is designed in a progressive joint learning manner. To further improve the performance, we additionally design a simple yet effective channel-level learning strategy by exploiting the rich channel information of visible images, which significantly reinforces the performance without modifying the network structure or changing the training process. Extensive experiments on two visible infrared re-identification datasets have verified the effectiveness under various settings. Code is available at: https://github.com/mangye16/DDAG
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Implicit and Explicit Feature Purification for Age-Invariant Facial
           Representation Learning

    • Free pre-print version: Loading...

      Authors: Jiu-Cheng Xie;Chi-Man Pun;Kin-Man Lam;
      Pages: 399 - 412
      Abstract: This paper presents a new method, named implicit and explicit feature purification (IEFP), for age-invariant face recognition. Facial features extracted from a face image contain the information about the identity, age, and other attributes. For age-invariant face recognition, it is important to remove the irrelevant information, and retain the identity information only, in the facial features. Through the two proposed feature purification mechanisms, our framework can produce facial-feature embeddings that preserve identity information as much as possible and are insensitive to age variations. Specifically, on the one hand, a special network module is devised to implicitly purify the original facial features obtained from a face encoder. On the other hand, to obtain purer facial feature representations for age-invariant face recognition, irrelevant information within the implicitly purified features, such as the age, is further removed. This is realized by using a regularizer, based on information theory, to explicitly minimize the correlation between identity-related features and age-related features. Comprehensive ablation studies show that these two feature purification schemes can work independently, as well as collaboratively, to achieve better performance. Extensive evaluations on several benchmark data sets show that the IEFP method is on par with those competitors learned on far more favorable training samples, and it achieves the best performance in a fair comparison. Furthermore, we provide mathematical interpretation to explain the effectiveness of our approach, and find that it tends to generate low-rank, yet high-dimensional, representations for age-invariant face recognition.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Salience-Aware Face Presentation Attack Detection via Deep Reinforcement
           Learning

    • Free pre-print version: Loading...

      Authors: Bingyao Yu;Jiwen Lu;Xiu Li;Jie Zhou;
      Pages: 413 - 427
      Abstract: In this paper, we propose a salience-aware face presentation attack detection (SAFPAD) approach, which takes advantage of deep reinforcement learning to exploit the salient local part information in face images. Most existing deep face presentation attack detection approaches extract features from the entire image or several fixed regions. However, the discriminative information beneficial for presentation attack detection is unevenly distributed in the image due to the illumination and presentation attack instrument variation, so treating all regions equally fails to highlight the most discriminative information which is important for more accurate and robust face presentation attack detection. To address this, we propose to identify the discriminative salient parts using deep reinforcement learning and focus on them to alleviate the adverse effects of redundant information in the face images. We fuse the high-level features and the local features which guide the policy network to exploit discriminative patches and assist the classification network to predict more accurate results. We jointly train the SAFPAD model with deep reinforcement learning to generate salient locations. Extensive experiments on five public datasets demonstrate that our approach achieves very competitive performance due to the concentrated employment of salient local information.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Fast Privacy-Preserving Text Classification Based on Secure Multiparty
           Computation

    • Free pre-print version: Loading...

      Authors: Amanda Resende;Davis Railsback;Rafael Dowsley;Anderson C. A. Nascimento;Diego F. Aranha;
      Pages: 428 - 442
      Abstract: We propose a privacy-preserving Naive Bayes classifier and apply it to the problem of private text classification. In this setting, a party (Alice) holds a text message, while another party (Bob) holds a classifier. At the end of the protocol, Alice will only learn the result of the classifier applied to her text input and Bob learns nothing. Our solution is based on Secure Multiparty Computation (SMC). Our Rust implementation provides a fast and secure solution for the classification of unstructured text. Applying our solution to the case of spam detection (the solution is generic, and can be used in any other scenario in which the Naive Bayes classifier can be employed), we can classify an SMS as spam or ham in less than 340ms in the case where the dictionary size of Bob’s model includes all words ( $n = 5200$ ) and Alice’s SMS has at most $m = 160$ unigrams. In the case with $n = 369$ and $m = 8$ (the average of a spam SMS in the database), our solution takes only 21ms.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Robust Image Forgery Detection Against Transmission Over Online Social
           Networks

    • Free pre-print version: Loading...

      Authors: Haiwei Wu;Jiantao Zhou;Jinyu Tian;Jun Liu;Yu Qiao;
      Pages: 443 - 456
      Abstract: The increasing abuse of image editing software causes the authenticity of digital images questionable. Meanwhile, the widespread availability of online social networks (OSNs) makes them the dominant channels for transmitting forged images to report fake news, propagate rumors, etc. Unfortunately, various lossy operations, e.g., compression and resizing, adopted by OSNs impose great challenges for implementing the robust image forgery detection. To fight against the OSN-shared forgeries, in this work, a novel robust training scheme is proposed. Firstly, we design a baseline detector, which won the top ranking in a recent certificate forgery detection competition. Then we conduct a thorough analysis of the noise introduced by OSNs, and decouple it into two parts, i.e., predictable noise and unseen noise, which are modelled separately. The former simulates the noise introduced by the disclosed (known) operations of OSNs, while the latter is designed to not only complete the previous one, but also take into account the defects of the detector itself. We further incorporate the modelled noise into a robust training framework, significantly improving the robustness of the image forgery detector. Extensive experimental results are presented to validate the superiority of the proposed scheme compared with several state-of-the-art competitors, especially in the scenarios of detecting OSN-transmitted forgeries. Finally, to promote the future development of the image forgery detection, we build a public forgeries dataset based on four existing datasets through the uploading and downloading of four most popular OSNs. The data and code of this work are available at https://github.com/HighwayWu/ImageForensicsOSN.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • PulseEdit: Editing Physiological Signals in Facial Videos for Privacy
           Protection

    • Free pre-print version: Loading...

      Authors: Mingliang Chen;Xin Liao;Min Wu;
      Pages: 457 - 471
      Abstract: Recent studies have shown that physiological signals such as heart beat and breathing can be remotely captured from human faces using a regular color camera under ambient light. This technology, referred to as remote photoplethysmography (rPPG), can be used to collect the physiological status of users who are in front of a camera, which may raise privacy concerns. To avoid the privacy abuse of the rPPG technology, this paper develops PulseEdit, a novel and efficient algorithm that can edit the physiological signals in facial videos without affecting visual appearance and thus protect the user’s physiological signal from disclosure. PulseEdit can either remove the trace of the physiological signal in a video or transform the video to contain a target physiological signal chosen by a user. Experimental results show that PulseEdit can effectively edit physiological signals in facial videos and prevent heart rate measurement based on rPPG. It is possible to utilize PulseEdit in adversarial scenarios against rPPG-based visual security algorithms. We present analyses on the performance of PulseEdit against rPPG-based liveness detection and rPPG-based deepfake detection, and demonstrate its ability to circumvent these visual security algorithms and its important role in supporting the design of attack-resilient systems.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Synchronized Provable Data Possession Based on Blockchain for Digital Twin

    • Free pre-print version: Loading...

      Authors: Tian Li;Huaqun Wang;Debiao He;Jia Yu;
      Pages: 472 - 485
      Abstract: In the digital twin environment, the fusion data onto physical entities in the physical space are mapped to multiple virtual spaces for digital modeling and intelligent simulation in different dimensions. In real intelligent manufacturing scenarios, heterogeneous multi-source fusion data are collected at the same time period. So they are consistent in time state. For the autonomous digital twin system, time states verification and integrity checking are basic security factors. Provable data possession technology can check the integrity of data onto virtual spaces. The blockchain can provide the synchronization interface to make distributed entities to obtain the trusted time state value. Considering the privacy, the blockchain can also provide anonymous services for entities. Therefore, we propose the blockchain-based synchronized provable data possession scheme (named BSPDP) for digital twin. In our scheme, the selection of verifier is flexible. Since virtual spaces may be maliciously framed to pay compensation, we use tag verification to prevent honest virtual spaces from being framed. Under the assumption of RSA, the proposed BSPDP is provably secure. Finally, the performance analysis demonstrates that BSPDP is practical. The experimental results show that BSPDP is effective and attractive for digital twin.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Dynamic Network Security Function Enforcement via Joint Flow and Function
           Scheduling

    • Free pre-print version: Loading...

      Authors: Qi Li;Xinhao Deng;Zhuotao Liu;Yuan Yang;Xiaoyue Zou;Qian Wang;Mingwei Xu;Jianping Wu;
      Pages: 486 - 499
      Abstract: Network Function Virtualization (NFV) is a new networking paradigm to enable dynamic network function deployment in networks. Existing studies focused on optimized function deployment and management in NFV. Unfortunately, these studies did not well address the problem of efficient security function enforcement in networks, which is the goal of deploying network functions (NFs), i.e., for real-time security function enforcement on the traffic, since optimal function deployment does not mean efficient security function enforcement on network traffic. In particular, they incurred significant NF enforcement cost. In order to address this issue, in this paper, we propose ${textsf {FuncE}}$ that aims to solve the efficient real-time security function enforcement problem by developing unified dynamic flow and function scheduling. We formulate the problem as an integer linear programming problem and prove that it is NP-hard. We tackle the problem by decomposing it and developing heuristics to achieve near-optimal solutions. We conduct comprehensive experiments by using real topologies to demonstrate the effectiveness of the ${textsf {FuncE}}$ design. The experimental results demonstrate that ${textsf {FuncE}}$ achieves near-optimal network function enforcement, which incurs over 100 times less latency than the existing the optimal solver. In particular, compared to the state-of-art defenses, ${textsf {FuncE}}$ processes the same number of candidate flows using over 50% less VNFs, while ensuring the same level of function enforcement.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • ForgeryNIR: Deep Face Forgery and Detection in Near-Infrared Scenario

    • Free pre-print version: Loading...

      Authors: Yukai Wang;Chunlei Peng;Decheng Liu;Nannan Wang;Xinbo Gao;
      Pages: 500 - 515
      Abstract: Deep face forgery and detection is an emerging topic due to the development of GANs. Face forgery detection relies greatly on existing databases for evaluation and adequate training examples for data-hungry machine learning algorithms. However, considering the wide application of face recognition in near-infrared scenarios, there is no publicly available face forgery database that includes near-infrared modality currently. In this paper, we present an attempt at constructing a large-scale dataset for face forgery detection in the near-infrared modality and propose a new forgery detection method based on knowledge distillation named cross-modality knowledge distillation aiming to use a teacher model which is pre-trained on the visible light-based (VIS) big data to guide the student model with a small amount of near-infrared (NIR) data. The proposed near-infrared face forgery dataset, named ForgeryNIR, contains a total of over 50,000 real and fake identities. A number of perturbations are applied to help simulate real-world scenarios. All source images in ForgeryNIR are collected from CASIA NIR-VIS 2.0, and fake images are generated via multiple GAN techniques. The proposed dataset fills the gap of face forgery detection research in the near-infrared modality. A comprehensive study on six representative detection baselines is conducted to evaluate the performance of face forgery detection algorithms in the NIR domain. We further construct a hard testing set, named ForgeryNIR+, which contains forged images that have bypassed existing face forgery detection methods. The proposed datasets will be publicly available and aim to help boost further research on face forgery detection, as well as NIR face detection and recognition.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Person Re-Identification With Hierarchical Discriminative Spatial
           Aggregation

    • Free pre-print version: Loading...

      Authors: Mingyang Zhang;Yang Xiao;Fu Xiong;Shuai Li;Zhiguo Cao;Zhiwen Fang;Joey Tianyi Zhou;
      Pages: 516 - 530
      Abstract: Practically, person re-identification (re-ID) may suffer from the critical spatial misalignment problem due to inaccurate human detection, variation on human pose and camera viewpoint, etc. To address this, a hierarchical discriminative spatial aggregation method is proposed. The key idea is to conduct spatial aggregation on local human parts via global average-pooling to acquire the strong spatial misalignment tolerance, with VALD encoding on the local parts for facilitating discriminative power jointly. This proposition is built on NetVLAD to ensure end-to-end deep learning capacity. Due to the fine-grained property of person re-ID task that has not been well concerned by the original NetVLAD model for scene recognition, a feature refinement layer that consists of 1 fully-connected (FC) layer and 2 batch normalization (BN) layers is added on top of the raw NetVLAD layer to enhance the discriminative power and training convergence. And, a human body occlusion and background component dropout manner is also proposed to resist the effect of serious occlusion. Technically, a refined codeword initialization manner is proposed to alleviate the potential codeword imbalance problem caused by naive random initialization. The proposed discriminative spatial aggregation approach is then conducted on multi-resolution convolutional feature map layers hierarchically via early feature fusion, to involve richer semantic and fine-grained visual clues jointly. Wide-range experiments on 6 datasets (i.e., CUHK03, DukeMTMC-reID, Occluded-DukeMTMC, Market-1501, MSMT17 and Occluded-REID) verifies the effectiveness of our proposition. The source code and supporting material is available at https://github.com/zmyme/HDSA-reID.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Three Birds With One Stone: User Intention Understanding and Influential
           Neighbor Disclosure for Injection Attack Detection

    • Free pre-print version: Loading...

      Authors: Zhihai Yang;Qindong Sun;Zhaoli Liu;
      Pages: 531 - 546
      Abstract: Recommender system, as a data-driven way to help customers locate products that match their interests, is increasingly critical for providing competitive customer suggestions in many web services. However, recommender systems are highly vulnerable to malicious injection attacks due to their fundamental vulnerabilities and openness. With the endless emergence of new attacks, how to provide a feasible way for defending different malicious threats against online recommendations is still an under-explored issue. In this paper, we explore a new way to defend malicious injection attacks through user intention understanding and influential neighbour disclosure. Specifically, we propose a detection approach, termed TBOS (Three Birds with One Stone), to deal with different malicious threats. In TBOS, we first develop the discrimination of attack target by combining global influence evaluation and risk attitude estimation of users. In order to make TBOS controllable, second, we propose to incorporate an optimal denoising mechanism to remove disturbed information before detection. To enhance the representativeness and predictability of detection model, finally, we propose to leverage a behavioral label propagation mechanism based on constructed label space for the determination of malicious injection behaviors. Extensive experiments on both synthetic and real data demonstrate that TBOS outperforms all baselines in different cases. Particularly, the detection performance of TBOS can achieve an improvement of 6.08% FAR (false alarm rate) for optimal-injection attacks, an improvement of 3.83% FAR in average for co-visitation injection attacks, as well as an improvement of 2.3% for profile injection attacks over benchmarks in terms of FAR while keepi-g the highest DR (detection rate). Additional experiments on real-world data show that TBOS brings an improvement with the advantage of 6.5% FAR in average compared with baselines.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Improving Generalization by Commonality Learning in Face Forgery Detection

    • Free pre-print version: Loading...

      Authors: Peipeng Yu;Jianwei Fei;Zhihua Xia;Zhili Zhou;Jian Weng;
      Pages: 547 - 558
      Abstract: This paper proposes a commonality learning strategy for face video forgery detection to improve the generalization. Considering various face forgery methods could leave certain similar forgery traces in videos, we attempt to learn the common forgery features from different forgery databases, so as to achieve better generalization in the detection of unknown forgery methods. Firstly, the Specific Forgery Feature Extractors (SFFExtractors) are trained separately for each of given forgery methods. We utilize the U-net structure and consider the triplet loss, location loss, classification loss, and automatic weighted loss to ensure the detection ability of SFFExtractors on the corresponding forgery methods. Next, the Common Forgery Feature Extractor (CFFExtractor) is trained under the supervision of SFFExtractors to explore the commonality of the forgery traces caused by different forgery methods. The extracted common forgery feature is expected to have a good generalization. The experimental results on FaceForensic++ show that the SFFExtractors outperform many state-of-the-arts in face forgery detection. The generalization performance of the CFFExtractor is verified on FaceForensic++, DFDC, and CelebDF. It is proved that commonality learning can be an effective strategy to improve generalization.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • FineDIFT: Fine-Grained Dynamic Information Flow Tracking for Data-Flow
           Integrity Using Coprocessor

    • Free pre-print version: Loading...

      Authors: Kejun Chen;Orlando Arias;Qingxu Deng;Daniela Oliveira;Xiaolong Guo;Yier Jin;
      Pages: 559 - 573
      Abstract: Dynamic Information Flow Tracking (DIFT) is a technique that facilitates run-time data-flow analysis on a running process, allowing a system to overcome the limitations of finding data dependencies statically at compilation time. DIFT serves as the backbone for applications including data-flow integrity (DFI). However, previous uses of DIFT towards DFI often have large overhead in terms of hardware, software or both, and often cannot provide fine-granularity tracking for software object, such as variables. To address these limitations, we present FineDIFT as a DFI framework which utilizes DIFT to generate a live data-flow graph of a running process and perform hardware-based assisted analysis at fine-granularity, thus being able to enforce the application’s Data-Flow Graph (DFG). We provide a sample implementation on a RISC-V core with a performance overhead of 5.03% for BEEBS benchmarks and hardware overhead of 6% LUTs and 8% Flip-Flops in the FPGA implementation, if excluding the Content-Addressable Memory (CAM) like structure used for metadata storage. With CAM-like structure being synthesized using FPGA logic, the total hardware overhead is $approx 2 times $ LUTs and 33% Flip-Flops compared to the original RISC-V core. We also use the real-world application and customized vulnerable application to demonstrate the effectiveness of the proposed framework in protecting computing systems.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Efficient Profiled Side-Channel Analysis of Masked Implementations,
           Extended

    • Free pre-print version: Loading...

      Authors: Olivier Bronchain;François Durvaux;Loïc Masure;François-Xavier Standaert;
      Pages: 574 - 584
      Abstract: We extend the study of efficient profiled attacks on masking schemes initiated by Lerman and Markowitch (TIFS, 2019) in different directions. First, we study both the profiling complexity and the online attack complexity of different profiled distinguishers. Second, we extend the range of the noise levels of their experiments, in order to cover (higher-noise) contexts where masking is effective. Third, we further contextualize the investigated distinguishers (e.g., in terms of adversarial capabilities and a priori assumptions on the leakage probability density function). Finally, we complete the list of distinguishers considered in this previous work and add expectation-maximization, soft analytical side-channel attacks and multi-layer perceptrons in our comparisons. Our results allow shedding an interesting new light on the respective strengths and weaknesses of these different statistical tools, both in the context of a side-channel security evaluation and for concrete attacks. In particular, they confirm the experimental relevance of evaluation shortcuts leveraging the masking randomness during profiling, in order to speed up the evaluation process.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Everybody’s Talkin’: Let Me Talk as You Want

    • Free pre-print version: Loading...

      Authors: Linsen Song;Wayne Wu;Chen Qian;Ran He;Chen Change Loy;
      Pages: 585 - 598
      Abstract: We present a method to edit a target portrait footage by taking a sequence of audio as input to synthesize a photo-realistic video. This method is unique because it is highly dynamic. It does not assume a person-specific rendering network yet capable of translating one source audio into one random chosen video output within a set of speech videos. Instead of learning a highly heterogeneous and nonlinear mapping from audio to the video directly, we first factorize each target video frame into orthogonal parameter spaces, i.e., expression, geometry, and pose, via monocular 3D face reconstruction. Next, a recurrent network is introduced to translate source audio into expression parameters that are primarily related to the audio content. The audio-translated expression parameters are then used to synthesize a photo-realistic human subject in each video frame, with the movement of the mouth regions precisely mapped to the source audio. The geometry and pose parameters of the target human portrait are retained, therefore preserving the context of the original video footage. Finally, we introduce a novel video rendering network and a dynamic programming method to construct a temporally coherent and photo-realistic video. Extensive experiments demonstrate the superiority of our method over existing approaches. Our method is end-to-end learnable and robust to voice variations in the source audio.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Covert, Low-Delay, Coded Message Passing in Mobile (IoT) Networks

    • Free pre-print version: Loading...

      Authors: Pei Peng;Emina Soljanin;
      Pages: 599 - 611
      Abstract: We introduce a gossip-like protocol for covert message passing between Alice and Bob as they move in an area watched over by a warden Willie. The area hosts a multitude of Internet of (Battlefield) Things (Io $beta text{T}$ ) objects. Alice and Bob perform random walks on a random regular graph. The Io $beta text{T}$ objects reside on the vertices of this graph, and some can serve as relays between Alice and Bob. The protocol starts with Alice splitting her message into small chunks, which she can covertly deposit to the relays she encounters. The protocol ends with Bob collecting the chunks. Alice may encode her data before the dissemination. Willie can either perform random walks as Alice and Bob do or conduct uniform surveillance of the area. In either case, he can only observe one relay at a time. We evaluate the system performance by the covertness probability and the message passing delay. In our protocol, Alice splits her message to increase the covertness probability and adds (coded) redundancy to reduce the transmission delay. The performance metrics depend on the graph, communications delay, and code parameters. We show that, in most scenarios, it is impossible to find the design parameters that simultaneously maximize the covertness probability and minimize the message delay.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Aggregation and Transformation of Vector-Valued Messages in the Shuffle
           Model of Differential Privacy

    • Free pre-print version: Loading...

      Authors: Mary Scott;Graham Cormode;Carsten Maple;
      Pages: 612 - 627
      Abstract: Advances in communications, storage and computational technology allow significant quantities of data to be collected and processed by distributed devices. Combining the information from these endpoints can realize significant societal benefit but presents challenges in protecting the privacy of individuals, especially important in an increasingly regulated world. Differential privacy (DP) is a technique that provides a rigorous and provable privacy guarantee for aggregation and release. The Shuffle Model for DP has been introduced to overcome challenges regarding the accuracy of local-DP algorithms and the privacy risks of central-DP. In this work we introduce a new protocol for vector aggregation in the context of the Shuffle Model. The aim of this paper is twofold; first, we provide a single message protocol for the summation of real vectors in the Shuffle Model, using advanced composition results. Secondly, we provide an improvement on the bound on the error achieved through using this protocol through the implementation of a Discrete Fourier Transform, thereby minimizing the initial error at the expense of the loss in accuracy through the transformation itself. This work will further the exploration of more sophisticated structures such as matrices and higher-dimensional tensors in this context, both of which are reliant on the functionality of the vector case.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Rate-Splitting Multiple Access for Communications and Jamming in
           Multi-Antenna Multi-Carrier Cognitive Radio Systems

    • Free pre-print version: Loading...

      Authors: Onur Dizdar;Bruno Clerckx;
      Pages: 628 - 643
      Abstract: With the increasing number of wireless communication systems and the demand for bandwidth, the wireless medium has become a congested and contested environment. Operating under such an environment brings several challenges, especially for military communication systems, which need to guarantee reliable communication while avoiding interfering with other friendly or neutral systems and denying the enemy systems of service. In this work, we investigate a novel application of Rate-Splitting Multiple Access (RSMA) for joint communications and jamming with a Multi-Carrier (MC) waveform in a multi-antenna Cognitive Radio (CR) system. RSMA is a robust multiple access scheme for downlink multi-antenna wireless networks. RSMA relies on multi-antenna Rate-Splitting (RS) strategy at the transmitter and Successive Interference Cancellation (SIC) at the receivers. By employing RSMA at the secondary transmitter, our aim is to simultaneously communicate with Secondary Users (SUs) and jam Adversarial Users (AUs) to disrupt their communications while limiting the interference to Primary Users (PUs) in a setting where all users perform broadband communications by MC waveforms in their respective networks. We consider the practical setting of imperfect CSI at Transmitter (CSIT) for the SUs and PUs, and statistical CSIT for AUs. We formulate a problem to obtain optimal precoders which maximize the mutual information under interference and jamming power constraints. We propose an Alternating Optimization-Alternating Direction Method of Multipliers (AO-ADMM) based algorithm for solving the resulting non-convex problem. We perform an analysis based on Karush-Kuhn-Tucker (KKT) conditions to determine the optimal jamming and interference power thresholds that guarantee the feasibility of problem and propose a practical algorithm to calculate the interference power threshold. By simulation results, we demonstrate that RSMA achieves a higher sum-rate performance than Space Division Multiple -ccess (SDMA) and Non-Orthogonal Multiple Access (NOMA).
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Reinforcement Learning Enabled Intelligent Energy Attack in Green IoT
           Networks

    • Free pre-print version: Loading...

      Authors: Long Li;Yu Luo;Jing Yang;Lina Pu;
      Pages: 644 - 658
      Abstract: In this paper, we study a new security issue brought by the renewable energy feature in green Internet of Things (IoT) network. We define a new attack method, called the malicious energy attack, where the attacker can charge specific nodes to manipulate routing paths. By intelligently selecting the victim nodes, the attacker can “encourage” most of the data traffic into passing through a compromised node and harm the information security. The performance of the energy attack depends on the charging strategies. We develop two reinforcement-learning enabled algorithms, namely, Q- learning enabled intelligent energy attack (Q-IEA) and Policy Gradient enabled intelligent energy attack (PG-IEA). Through interacting with the network environment, the attacker can intelligently take attack actions without knowing the private information of the IoT network. This can greatly enhance the adaptability of the attacker to different network settings. Simulation results verify that the proposed IEA methods can considerably increase the amount of traffic traveling through the compromised node. Compared with the network without attack, an additional 53.3% data traffic is lured to the compromised node, which is more than 4 times higher than the performance of Random Attack.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Private and Secure Distributed Matrix Multiplication Schemes for
           Replicated or MDS-Coded Servers

    • Free pre-print version: Loading...

      Authors: Jie Li;Camilla Hollanti;
      Pages: 659 - 669
      Abstract: In this paper, we study the problem of private and secure distributed matrix multiplication (PSDMM), where a user having a private matrix $A$ and $N$ non-colluding servers sharing a library of $L$ ( $L>1$ ) matrices $B^{(0)}, B^{(1)},ldots,B^{(L-1)}$ , for which the user wishes to compute $AB^{(theta)}$ for some $theta in [0, L$ ) without revealing any information of the matrix $A$ to the servers, and keeping the index $theta $ private to the servers. Previous work is limited to the case that the shared library (i.e., the matrices $B^{(0)}, B^{(1)},ldots,B^{(L-1)}$ ) is stored across the servers in a replicated form and schemes are very scarce in the literature, there is still much room for improvement. In this paper, we propose two PSDMM schemes, where one is limited to the case that the shared library is stored across the servers in a replicated form but has a better performance than state-of-the-art schemes in that it can achieve a smaller recovery threshold and download cost. The other one focuses on the case that the shared library is stored across the servers in an MDS-coded form, which requires less storage in the servers. The second PSDMM code does not subsume the first one even if the underl-ing MDS code is degraded to a repetition code as they are totally two different schemes.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Design of False Data Injection Attack on Distributed Process Estimation

    • Free pre-print version: Loading...

      Authors: Moulik Choraria;Arpan Chattopadhyay;Urbashi Mitra;Erik G. Ström;
      Pages: 670 - 683
      Abstract: Herein, design of false data injection attack on a distributed cyber-physical system is considered. A stochastic process with linear dynamics and Gaussian noise is measured by multiple agent nodes, each equipped with multiple sensors. The agent nodes form a multi-hop network among themselves. Each agent node computes an estimate of the process by using its sensor observation and messages obtained from neighboring nodes, via Kalman-consensus filtering. An external attacker, capable of arbitrarily manipulating the sensor observations of some or all agent nodes, injects errors into those sensor observations. The goal of the attacker is to steer the estimates at the agent nodes as close as possible to a pre-specified value, while respecting a constraint on the attack detection probability. To this end, a constrained optimization problem is formulated to find the optimal parameter values of a certain class of linear attacks. The parameters of linear attack are learnt on-line via a combination of stochastic approximation based update of a Lagrange multiplier, and an optimization technique involving either the Karush-Kuhn-Tucker (KKT) conditions or online stochastic gradient descent. The problem turns out to be convex for some special cases. Desired convergence of the proposed algorithms are proved by exploiting the convexity and properties of stochastic approximation algorithms. Finally, numerical results demonstrate the efficacy of the attack.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • On Exploiting Message Leakage in (Few) NIST PQC Candidates for Practical
           Message Recovery Attacks

    • Free pre-print version: Loading...

      Authors: Prasanna Ravi;Shivam Bhasin;Sujoy Sinha Roy;Anupam Chattopadhyay;
      Pages: 684 - 699
      Abstract: In this work, we propose generic and practical side-channel attacks for message recovery in post-quantum lattice-based public key encryption (PKE) and key encapsulation mechanisms (KEM). The targeted schemes are based on the well known Learning With Errors (LWE) and Learning With Rounding (LWR) problem and include three finalists and six semi-finalist candidates of the ongoing NIST’s standardization process for post-quantum cryptography. Notably, we propose to exploit inherent ciphertext malleability properties of LWE/LWR-based PKEs as a powerful tool for side-channel assisted message recovery attacks. The use of ciphertext malleability widens the scope of previous attacks with the ability to target multiple operations for message recovery. Moreover, our attacks are adaptable to different implementation variants and are also applicable to implementations protected with concrete shuffling and masking side-channel countermeasures. Our work mainly highlights the presence of inherent algorithmic properties in LWE/LWR-based schemes that can aid side-channel attacks for message recovery, thereby stressing on the need for strong side-channel countermeasures against message recovery for LWE/LWR-based schemes.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • APIVADS: A Novel Privacy-Preserving Pivot Attack Detection Scheme Based on
           Statistical Pattern Recognition

    • Free pre-print version: Loading...

      Authors: Rafael Salema Marques;Haider Al-Khateeb;Gregory Epiphaniou;Carsten Maple;
      Pages: 700 - 715
      Abstract: Advanced cyber attackers often “pivot” through several devices in such complex infrastructure to obfuscate their footprints and overcome connectivity restrictions. However, prior pivot attack detection strategies present concerning limitations. This paper addresses an improvement of cyber defence with APIVADS, a novel adaptive pivoting detection scheme based on traffic flows to determine cyber adversaries’ presence based on their pivoting behaviour in simple and complex interconnected networks. Additionally, APIVADS is agnostic regarding transport and application protocols. The scheme is optimized and tested to cover remotely connected locations beyond a corporate campus’s perimeters. The scheme considers a hybrid approach between decentralized host-based detection of pivot attacks and a centralized approach to aggregate the results to achieve scalability. Empirical results from our experiments show the proposed scheme is efficient and feasible. For example, a 98.54% detection accuracy near real-time is achievable by APIVADS differentiating ongoing pivot attacks from regular enterprise traffic as TLS, HTTPS, DNS and P2P over the internet.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Revealing Task-Relevant Model Memorization for Source-Protected
           Unsupervised Domain Adaptation

    • Free pre-print version: Loading...

      Authors: Baoyao Yang;Andy Jinhua Ma;Pong C. Yuen;
      Pages: 716 - 731
      Abstract: Source-data-free unsupervised domain adaptation (SF-UDA) is an approach to improve model performance in the target domain without accessing the source data. Some SF-UDA methods have been proposed and achieved promising results using the information from source-model parameters. However, current research on information security confirms the ability of a well-trained model to memorize its training data. Therefore, SF-UDA methods that access model parameters remain at risk of privacy disclosure. This paper introduces a new topic of source-protected UDA (SP-UDA) that adapts the source model to the target domain while protecting the source-domain data and model privacy. In SP-UDA, only a black-box source model and a set of unlabeled target data are available for domain adaptation. We consider SP-UDA from a new perspective of model memorization revelation. A Source-Protected Generative Model (SPGM) is developed to reveal task-relevant memorization from the source model. SPGM directly distills the inverse process of the source model without access to source-model parameters to meet the privacy protection objective in SP-UDA. The SPGM is learned under the supervision of a newly designed metric named privacy-protected transfer (PPT). The PPT metric measures the transferability and desensitization of the generated data to encourage the SPGM to extract task-relevant information rather than the unintended memorization. A set of desensitized pseudo data is then generated as substitutes for the real source data in UDA. The performance of the proposed method has been validated in four cross-dataset recognition applications with encouraging results.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Safe Exploration in Wireless Security: A Safe Reinforcement Learning
           Algorithm With Hierarchical Structure

    • Free pre-print version: Loading...

      Authors: Xiaozhen Lu;Liang Xiao;Guohang Niu;Xiangyang Ji;Qian Wang;
      Pages: 732 - 743
      Abstract: Most safe reinforcement learning (RL) algorithms depend on the accurate reward that is rarely available in wireless security applications and suffer from severe performance degradation for the learning agents that have to choose the policy from a large action set. In this paper, we propose a safe RL algorithm, which uses a policy priority-based hierarchical structure to divide each policy into sub-policies with different selection priorities and thus compresses the action set. By applying inter-agent transfer learning to initialize the learning parameters, this algorithm accelerates the initial exploration of the optimal policy. Based on a security criterion that evaluates the risk value, the sub-policy distribution formulation avoids the dangerous sub-policies that cause learning failure such as severe network security problems in wireless security applications, e.g., Internet services interruption. We also propose a deep safe RL and design four deep neural networks in each sub-policy selection to further improve the learning efficiency for the learning agents that support four convolutional neural networks (CNNs): The Q-network evaluates the long-term expected reward of each sub-policy under the current state, and the E-network evaluates the long-term risk value. The target Q and E-networks update the learning parameters of the corresponding CNN to improve the policy exploration stability. As a case study, our proposed safe RL algorithms are implemented in the anti-jamming communication of unmanned aerial vehicles (UAVs) to select the frequency channel and transmit power to the ground node. Experimental results show that our proposed schemes significantly improve the UAV communication performance, save the UAV energy and increase the reward compared with the benchmark against jamming.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Valkyrie: Vulnerability Assessment Tool and Attack for Provably-Secure
           Logic Locking Techniques

    • Free pre-print version: Loading...

      Authors: Nimisha Limaye;Satwik Patnaik;Ozgur Sinanoglu;
      Pages: 744 - 759
      Abstract: Protection of the design intellectual property (IP) has become a pertinent need owing to the globalized integrated circuit (IC) supply chain. Logic locking has been perceived as a holistic solution ensuring protection against multiple supply chain entities. The research community has proposed many logic locking techniques, out of which provably-secure logic locking (PSLL) techniques have gathered traction due to their algorithmic and mathematical security guarantees. However, there has been a perpetual cat-and-mouse game between the attackers and the defenders. Although these logic locking techniques are provably secure, they are typically short-lived due to the weaknesses in their hardware/structural implementation that attacks exploit. We attribute this cat-and-mouse game to the lack of a diagnostic tool for PSLL techniques for security-enforcing designers and raise the question, “Can a designer proactively diagnose the hardware implementation of a PSLL technique for structural vulnerabilities before taking the design to silicon'” In this work, we first review the recent PSLL techniques to extract generic properties, based on which we develop a first-of-its-kind security diagnostic tool (Valkyrie) that a security-enforcing designer can use to assess the structural vulnerabilities before taking the design to silicon. We also propose a generic circuit-recovery attack, validating the tool results to assure the community that if the tool identifies a vulnerability, it can always be exploited. Thus, our attack acts as a cautionary tale to the designer. We make these claims after verifying the efficacy of our tool and attack on 15 (seven broken and eight unbroken) PSLL techniques for different synthesis tools, technology libraries, and abstraction levels across a dataset of more than 20,000 locked designs. We observe 100% success in all these cases. Our diagnosti- tool (which we open-source) can thus serve as a vehicle to test the structural resilience of the hardware implementation of any newly developed PSLL technique. We envision Valkyrie bringing a much-needed control over the cat-and-mouse game that the PSLL research has been trapped in.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Achieving Covert Wireless Communication With a Multi-Antenna Relay

    • Free pre-print version: Loading...

      Authors: Lu Lv;Zan Li;Haiyang Ding;Naofal Al-Dhahir;Jian Chen;
      Pages: 760 - 773
      Abstract: We investigate covert wireless communication in a multi-antenna relay network, where the relay transmits its own covert message to the destination when assisting the source’s information delivery, and the source acts as a warden to detect this covert transmission. Based on whether the channel state information of the relay-destination link is available at the source or not, we propose two relay beamforming schemes, namely random beamforming and maximum-ratio transmission (MRT) beamforming schemes, to guarantee the reception reliability at the destination while deliberately introducing uncertainty to the source to degrade its detection. Under the worst-case covert communication scenario where the source is capable of optimizing its detection threshold, analytical expressions for the minimum detection error probability achieved by each of the proposed schemes are derived to evaluate the detection limits of the source. By utilizing the above analytical results as the covertness constraint, an optimization problem of transmit power allocation for each scheme is formulated and solved to maximize the covert rate. The impact of imperfect channel state information on the covert communication performance is also examined. Simulation results are performed to confirm the accuracy of the derived analytical results and quantify the communication covertness enhancement of the proposed schemes. Our results also show that the MRT beamforming scheme offers a higher covert rate than that of the random beamforming scheme, especially when the covertness constraint becomes loose and/or the number of antennas at the relay increases.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Towards Scalable and Channel-Robust Radio Frequency Fingerprint
           Identification for LoRa

    • Free pre-print version: Loading...

      Authors: Guanxiong Shen;Junqing Zhang;Alan Marshall;Joseph R. Cavallaro;
      Pages: 774 - 787
      Abstract: Radio frequency fingerprint identification (RFFI) is a promising device authentication technique based on transmitter hardware impairments. The device-specific hardware features can be extracted at the receiver by analyzing the received signal and used for authentication. In this paper, we propose a scalable and channel-robust RFFI framework achieved by deep learning powered radio frequency fingerprint (RFF) extractor and channel independent features. Specifically, we leverage deep metric learning to train an RFF extractor, which has excellent generalization ability and can extract RFFs from previously unseen devices. Any devices can be enrolled via the pre-trained RFF extractor and the RFF database can be maintained efficiently for allowing devices to join and leave. Wireless channel impacts the RFF extraction and is tackled by exploiting channel independent features and data augmentation. We carried out extensive experimental evaluation involving 60 commercial off-the-shelf LoRa devices and a USRP N210 software defined radio platform. The results have successfully demonstrated that our framework can achieve excellent generalization abilities for rogue device detection and device classification as well as effective channel mitigation.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • CruParamer: Learning on Parameter-Augmented API Sequences for Malware
           Detection

    • Free pre-print version: Loading...

      Authors: Xiaohui Chen;Zhiyu Hao;Lun Li;Lei Cui;Yiran Zhu;Zhenquan Ding;Yongji Liu;
      Pages: 788 - 803
      Abstract: Learning on execution behaviour, i.e., sequences of API calls, is proven to be effective in malware detection. In this paper, we present CruParamer, a deep neural network based malware detection approach for Windows platform that performs learning on sequences of parameter-augmented APIs. It first employs rule-based and clustering-based classification to assess the sensitivity of a parameter to malicious behaviour, and further labels the API following the run-time parameters with varying degrees of sensitivities. Then, it encodes the APIs by concatenating the native embedding and the sensitive embedding of labelled APIs, for characterizing the relationship between successive labelled APIs and their correspondence in terms of security semantics. Finally, it feeds the sequences of API embedding into the deep neural network for training a binary classifier to detect malware. In addition to presenting the design, we have implemented CruParamer and evaluated it on two datasets. The results demonstrate that CruParamer outperforms naïve models when taking raw APIs as input, proving the effectiveness of CruParamer. Moreover, we have evaluated the impact of mimicry and adversarial attacks on our model, and the results verify the robustness of CruParamer.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Towards Privacy-Preserving Spatial Distribution Crowdsensing: A Game
           Theoretic Approach

    • Free pre-print version: Loading...

      Authors: Yanbing Ren;Xinghua Li;Yinbin Miao;Bin Luo;Jian Weng;Kim-Kwang Raymond Choo;Robert H. Deng;
      Pages: 804 - 818
      Abstract: Acquiring the spatial distribution of users in mobile crowdsensing (MCS) brings many benefits to users (e.g., avoiding crowded areas during the COVID-19 pandemic). Although the leakage of users’ location privacy has received a lot of research attention, existing works still ignore the rationality of users, resulting that users may not obtain satisfactory spatial distribution even if they provide true location information. To solve the problem, we employ game theory with incomplete information to model the interactions among users and seek an equilibrium state through learning approaches of the game. Specifically, we first model the service as a game in the satisfaction form and define the equilibrium for this service. Then, we design a LEFS algorithm for the privacy strategy learning of users when their satisfaction expectations are fixed, and further design LSRE that allows users to have dynamic satisfaction expectations. We theoretically analyze the convergence conditions and characteristics of the proposed algorithms, along with the privacy protection level obtained by our solution. We conduct extensive experiments to show the superiority and various performances of our proposal, which illustrates that our proposal can get more than 85% advantage in terms of the sensing distribution availability compared to the traditional spatial cloaking based solutions.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Self-Adversarial Training Incorporating Forgery Attention for Image
           Forgery Localization

    • Free pre-print version: Loading...

      Authors: Long Zhuo;Shunquan Tan;Bin Li;Jiwu Huang;
      Pages: 819 - 834
      Abstract: Image editing techniques enable people to modify the content of an image without leaving visual traces and thus may cause serious security risks. Hence the detection and localization of these forgeries become quite necessary and challenging. Furthermore, unlike other tasks with extensive data, there is usually a lack of annotated forged images for training due to annotation difficulties. In this paper, we propose a self-adversarial training strategy and a reliable coarse-to-fine network that utilizes a self-attention mechanism to localize forged regions in forgery images. The self-attention module is based on a Channel-Wise High Pass Filter block (CW-HPF). CW-HPF leverages inter-channel relationships of features and extracts noise features by high pass filters. Based on the CW-HPF, a self-attention mechanism, called forgery attention, is proposed to capture rich contextual dependencies of intrinsic inconsistency extracted from tampered regions. Specifically, we append two types of attention modules on top of CW-HPF respectively to model internal interdependencies in spatial dimension and external dependencies among channels. We exploit a coarse-to-fine network to enhance the noise inconsistency between original and tampered regions. More importantly, to address the issue of insufficient training data, we design a self-adversarial training strategy that expands training data dynamically to achieve more robust performance. Specifically, in each training iteration, we perform adversarial attacks against our network to generate adversarial examples and train our model on them. The proposed method is based on the assumption of content-changed manipulations. Extensive experimental results demonstrate that our proposed algorithm steadily outperforms state-of-the-art methods by a clear margin in different benchmark datasets.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Dynamically Generate Password Policy via Zipf Distribution

    • Free pre-print version: Loading...

      Authors: Yang Xiao;Jianping Zeng;
      Pages: 835 - 848
      Abstract: Password composition policies are helpful in strengthening password’s resistance against guessing attacks. Sadly, existing off-the-shelf composition policies often remain static, which creates potential security vulnerability. In this paper, we propose a new adaptive password policy generation framework called HTPG. Based on the Zipf distribution of passwords, HTPG classifies all passwords in data set into two categories, that is, head passwords and tail passwords. We find that head passwords are vulnerable and high-value for attackers because they are most frequently used, while tail passwords have higher strength than head passwords. According to this fact, HTPG dynamically generates policies to enhance head passwords by modifying them so as to be closer to tail passwords on feature space. By introducing the idea of machine learning, we propose a policy sort method based on information gain ratio to help user choose more effective policies in enhancing head passwords. HTPG can effectively improve the security of entire password data set and make the password distribution more uniform. Experiments show that the number of cracked head passwords decreases 69% on average, compared with the original head passwords, by adopting policies generated by HTPG. Surveys on usability show that 80.23% enhanced passwords can be recalled by those who remember the corresponding original passwords.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Privacy-Preserving Aggregate Mobility Data Release: An
           Information-Theoretic Deep Reinforcement Learning Approach

    • Free pre-print version: Loading...

      Authors: Wenjing Zhang;Bo Jiang;Ming Li;Xiaodong Lin;
      Pages: 849 - 864
      Abstract: It is crucial to protect users’ location traces against inference attacks on aggregate mobility data collected from multiple users in various real-world applications. Most of the existing works on aggregate mobility data are focusing on inference attacks rather than designing privacy-preserving release mechanisms, and a few differential private release mechanisms suffer from poor utility-privacy tradeoffs. In this paper, we propose optimal centralized privacy-preserving aggregate mobility data release mechanisms (PAMDRMs) that minimize the leakage from an information-theoretic perspective by releasing perturbed versions of the raw aggregate location. Specifically, we use mutual information to measure user-level and aggregate-level privacy leakage separately, and formulate leakage minimization problems under utility constraints. As directly solving the optimization problems incur exponential complexity w.r.t. users’ trace length, we transform them into belief state Markov Decision Processes (MDPs), with a focus on the MDP formulation for the user-level privacy problem. We build reinforcement learning (RL) models and leverage the efficient Asynchronous Advantage Actor-Critic RL algorithm to derive the solutions to the MDPs as our optimal PAMDRMs. We compare them with two state-of-the-art privacy protection mechanisms PDPR (context-aware local design) and DMLM (context-free centralized design) in terms of mutual information leakage and adversary’s attack success (evaluated by her expected estimation error and Jensen-Shannon Divergence-based error). Extensive experimental results on both synthetic and real-world datasets demonstrate that the user-level PAMDRM performs the best on both measures thanks to its context-aware property and centralized design. Even though the aggregate-level PAMDRM achieves better privacy-utility tradeoff than the other two, it does not always perform better than them on adversarial suc-ess, highlighting the necessity of considering privacy measures from different perspectives to avoid overestimating the level of privacy offered to users. Lastly, we discuss an alternative, fully data-driven approach to derive the optimal PAMDRM by leveraging adversarial training on limited data samples.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Towards More Discriminative and Robust Iris Recognition by Learning
           Uncertain Factors

    • Free pre-print version: Loading...

      Authors: Jianze Wei;Huaibo Huang;Yunlong Wang;Ran He;Zhenan Sun;
      Pages: 865 - 879
      Abstract: The uncontrollable acquisition process limits the performance of iris recognition. In the acquisition process, various inevitable factors, including eyes, devices, and environment, hinder the iris recognition system from learning a discriminative identity representation. This leads to severe performance degradation. In this paper, we explore uncertain acquisition factors and propose uncertainty embedding (UE) and uncertainty-guided curriculum learning (UGCL) to mitigate the influence of acquisition factors. UE represents an iris image using a probabilistic distribution rather than a deterministic point (binary template or feature vector) that is widely adopted in iris recognition methods. Specifically, UE learns identity and uncertainty features from the input image, and encodes them as two independent components of the distribution, mean and variance. Based on this representation, an input image can be regarded as an instantiated feature sampled from the UE, and we can also generate various virtual features through sampling. UGCL is constructed by imitating the progressive learning process of newborns. Particularly, it selects virtual features to train the model in an easy-to-hard order at different training stages according to their uncertainty. In addition, an instance-level enhancement method is developed by utilizing local and global statistics to mitigate the data uncertainty from image noise and acquisition conditions in the pixel-level space. The experimental results on six benchmark iris datasets verify the effectiveness and generalization ability of the proposed method on same-sensor and cross-sensor recognition.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Efficient and Privacy-Preserving Similarity Query With Access Control in
           eHealthcare

    • Free pre-print version: Loading...

      Authors: Yandong Zheng;Rongxing Lu;Yunguo Guan;Songnian Zhang;Jun Shao;Hui Zhu;
      Pages: 880 - 893
      Abstract: Similarity queries, giving a way to disease diagnosis based on similar patients, have wide applications in eHealthcare and are essentially demanded to be processed under fine-grained access policies due to the high sensitivity of healthcare data. One efficient and flexible way to implement such queries is to outsource healthcare data and the corresponding query services to a powerful cloud. Nevertheless, considering data privacy, healthcare data are usually outsourced in an encrypted form and required to be accessed in a privacy-preserving way. In the past years, many schemes have been proposed for privacy-preserving similarity queries. However, none of them is applicable to achieve data access control and access pattern privacy preservation. Aiming at this challenge, we propose an efficient and access pattern privacy-preserving similarity range query scheme with access control (named EPSim-AC). In our proposed scheme, we first design a novel tree structure, called $k$ -d-PB tree, to index healthcare data and introduce an efficient $k$ -d-PB tree based similarity query algorithm with access control. Second, to balance the search efficiency and access pattern privacy of $k$ -d-PB tree, we also define a weakened access pattern privacy, called $k$ -d-PB tree’s $beta $ -access pattern unlinkability. After that, we preserve the privacy of $k$ -d-PB tree based similarity queries with access control through a symmetric homomorphic encryption scheme and present our detailed EPSim-AC scheme. Finally, we analyze the security of our-scheme and also conduct extensive experiments to evaluate its performance. The results demonstrate that our scheme can guarantee $k$ -d-PB tree’s $beta $ -access pattern unlinkability and has high efficiency.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • 1-Round Distributed Key Generation With Efficient Reconstruction Using
           Decentralized CP-ABE

    • Free pre-print version: Loading...

      Authors: Liang Zhang;Feiyang Qiu;Feng Hao;Haibin Kan;
      Pages: 894 - 907
      Abstract: Distributed key generation (DKG) is widely used in multi-party computation and decentralized applications. DKG has two phases, namely sharing and reconstruction. Most of the prior DKG protocols need at least 2 rounds for the sharing phase, in case some party raises a dispute. The existing 1-round DKG protocol [Fouque et al., PKC’01], built based on a publicly verifiable secret sharing (PVSS) scheme, assumes a static adversary model and its reconstruction phase requires $O(n^{2})$ communication complexity. Motivated by the observation that a ciphertext-policy attribute-based encryption (CP-ABE) scheme hides secret sharing (SS) in ciphertext, we utilize decentralized CP-ABE to achieve the first adaptively secure 1-round DKG protocol. Firstly, a CP-ABE scheme enables the ciphertexts in DKG to be externally decrypted, making our protocol superior to the PVSS-based DKG protocol in reconstruction. The communication and computation complexities are both lowered to $O(n)$ thanks to the constant-sized decryption key and the proposed batch decryption. The use of CP-ABE also makes our DKG protocol storage-friendly, i.e., the parties store no ciphertext after the sharing phase. Secondly, we add non-interactive zero-knowledge (NIZK) proofs to make the CP-ABE ciphertext publicly verifiable by leveraging the sigma protocol and the Fiat-Shamir heuristic. Thirdly, we demonstrate our protocol’s feasibility by presenting a proof-of-concept implementation over Ethereum, which is used as a public channel and a trustworthy computation platform. The implementation is a non-trivial task due to Ethereum’s incompatibility with the bilinear mapping group.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Latent Fingerprint Indexing: Robust Representation and Adaptive Candidate
           List

    • Free pre-print version: Loading...

      Authors: Shan Gu;Jianjiang Feng;Jiwen Lu;Jie Zhou;
      Pages: 908 - 923
      Abstract: Efficiently identifying the mated gallery fingerprint of a latent fingerprint in a large database requires a highly accurate and efficient fingerprint matching algorithm. The common strategy to achieve this goal is to combine an efficient indexing algorithm with a slow but accurate matching algorithm. Despite of the importance of latent indexing, it has received far less attention than rolled and plain fingerprint indexing. Due to the small fingerprint area, poor image quality and huge variety in information quantity of latent fingerprints, existing rolled and plain fingerprint indexing approaches cannot be simply migrated to the latent fingerprint indexing. In this paper, we propose (1) a multi-scale fixed-length representation approach for latent fingerprint indexing, and (2) a fingerprint information quantity estimation approach for adaptive candidate list reduction. The representation scheme is designed to deal with small finger area and low image quality of latents. The information quantity of a latent is a predictor of the indexing score of its mated gallery fingerprint and thus can be used to determine a proper threshold for its candidate list. Extensive experimental results on NIST SD27, MOLF, N2N, and Hisign latent fingerprint databases show that the proposed method achieved the state-of-the-art indexing accuracy on latent fingerprints, and significantly improved the efficiency of state-of-the-art latent matching algorithm.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Multiclass Classification-Based Side-Channel Hybrid Attacks on Strong PUFs

    • Free pre-print version: Loading...

      Authors: Wei Liu;Ruiming Wang;Xuyan Qi;Liehui Jiang;Jing Jing;
      Pages: 924 - 937
      Abstract: Physical unclonable functions (PUFs) are promising solutions for low-cost device authentication; hence, ignoring the security of PUFs is becoming increasingly difficult. Generally, strong PUFs are vulnerable to classical machine learning (ML) attacks; however, classical ML attacks do not perform well on strong PUFs with complex structures. Side-channel analysis (SCA) hybrid attacks provide efficient approaches to modeling XOR APUF. However, owing to the inadequate exploitation of all available data, recent SCA hybrid attacks may fail on novel PUF designs, such as MPUF and iPUF. Thus, herein, we introduce a method that combines challenge-response pairs with side-channel information to construct challenge-synthetic-feature pairs (CSPs) via feature cross, thereby making it possible to model strong PUFs through multiclass classification. We propose multiclass classification-based SCA hybrid attacks to model strong PUFs with complex structures. When provided with CSPs, the proposed hybrid attacks use a feed-forward neural network with a softmax activation function to build combined models of PUFs. The combined models predict class labels for given challenges and then reveal responses through simple mappings from these labels. Experimental results show that the proposed attacks could model 16-XOR APUF, (128,5)-MPUF, (8,8)-iPUF, and (2,16)-iPUF with accuracies exceeding 94%. Compared with state-of-the-art modeling techniques, the proposed attack has advantages in terms of modeling accuracy, time cost, and the size of required training data.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • STOP: A Service Oriented Internet Purification Against Link Flooding
           Attacks

    • Free pre-print version: Loading...

      Authors: Ning Lu;Junwei Zhang;Ximeng Liu;Wenbo Shi;Jianfeng Ma;
      Pages: 938 - 953
      Abstract: Internet purification is a necessary technique to defend against Distributed Denial-of-Service (DDoS) attack. It can help Internet Service Provider (ISP) to completely and precisely scrub attack traffic through establishing the sender-receiver pair based filtering rules in networks. However, when faced with the Link Flooding Attacks (LFA), a new kind of DDoS, existing relevant schemes suffer the drawbacks, including the weak willingness of defense cooperation between Autonomous Systems (ASes), lower filtering efficiency and poor robustness. For this, we propose STOP, a service-oriented Internet purification technique designed to defend against LFA. In STOP, malicious traffic filtering is viewed as a value-added service and each filter contributor (i.e., AS) can get some benefit from it. This helps ASes to strengthen the willing of defense cooperation. Moreover, we devise a filter recommendation algorithm to maximize the filtering efficiency, with minimum service cost and bandwidth damages. Furthermore, in the face of the strategic threats that aim to paralyze or bypass STOP, we devise relevant defense techniques to make it more robust. Through rigorous mathematical analysis and extensive experiments based on real-world topology, we demonstrate that compared with prior work, STOP increases the filtering efficiency by 12%.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Single-Leader-Multiple-Followers Stackelberg Security Game With Hypergame
           Framework

    • Free pre-print version: Loading...

      Authors: Zhaoyang Cheng;Guanpu Chen;Yiguang Hong;
      Pages: 954 - 969
      Abstract: In this paper, we employ a hypergame framework to analyze the single-leader-multiple-followers (SLMF) Stackelberg security game with two typical misinformed situations: misperception and deception. We provide a stability criterion with the help of hyper Nash equilibrium (HNE) to investigate both strategic stability and cognitive stability of equilibria in SLMF games with misinformation. In fact, we find mild stable conditions such that the equilibria with misperception and deception can become HNE. Moreover, we discuss the robustness of the equilibria to reveal whether players have the ability to keep their profits under the influence of some misinformation.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Circumferential Local Ternary Pattern: New and Efficient Feature
           Descriptors for Anti-Counterfeiting Pattern Identification

    • Free pre-print version: Loading...

      Authors: Zhaohui Zheng;Bichao Xu;Jianping Ju;Zhongyuan Guo;Changhui You;Qiang Lei;Qiang Zhang;
      Pages: 970 - 981
      Abstract: An important aspect of querying whether a product is likely to be forged is to identify its anti-counterfeiting label. However, the use of image processing technology for label-specific texture analysis to quickly and effectively identify the anti-counterfeiting label has been widely studied. Aiming at the defects of the local binary pattern (LBP) and its variants in texture identification, this paper proposes a new texture model for anti-counterfeiting identification, that is, the circular local ternary pattern (CLTP). The highlight of our technology is that it extracts the effective local texture descriptors by using the random features of inkjet printing. This allows for the technology to not only resist the interference of noise and illumination in images of anti-counterfeiting patterns but also to encode and reorganize the fine linear shape structure. Specifically, this paper extracts the CLTP texture feature in the corresponding key areas and forms the final feature histogram vector for comparison through the one-to-one correspondence between the sample image and the inspected image of anti-counterfeiting pattern. Experiments prove that our method not only has high discrimination, stability and effectiveness but also provides a convenient and practical idea for anti-counterfeiting technology.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • NeuralD: Detecting Indistinguishability Violations of Oblivious RAM With
           Neural Distinguishers

    • Free pre-print version: Loading...

      Authors: Pingchuan Ma;Zhibo Liu;Yuanyuan Yuan;Shuai Wang;
      Pages: 982 - 997
      Abstract: Adversaries can deduce confidential information processed by a program by analyzing its memory access patterns. Oblivious RAM (ORAM) converts a sequence of program memory accesses to an oblivious form, hence preventing adversarial inference. In recent years, a flourishing growth of sophisticated and effective ORAM protocols has occurred. Nonetheless, due to the complexity of these protocols, some of them contain defects in their implementations or even in their design, jeopardizing their obliviousness when processing certain memory access sequences. In this paper, we present NeuralD, a practical tool for testing ORAM protocols and detecting violations of their stated obliviousness. We train a neural distinguisher to form a probabilistic testing oracle capable of determining with a bounded high probability if a pair of ORAM inputs violates the obliviousness guarantee. NeuralD incorporates a set of techniques and optimizations to provide a highly effective and practical testing pipeline. Additionally, it features a delta debugging-like method to minimize error-triggering inputs (i.e., counterexamples) — developers can use these counterexamples to debug their ORAM protocols and identify root problems. NeuralD is evaluated using well-known ORAM protocols and real-world ORAM applications (e.g., secure key-value storage). Within a few minutes, NeuralD can detect subtle violations of stated obliviousness.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Detecting Overlapped Objects in X-Ray Security Imagery by a Label-Aware
           Mechanism

    • Free pre-print version: Loading...

      Authors: Cairong Zhao;Liang Zhu;Shuguang Dou;Weihong Deng;Liang Wang;
      Pages: 998 - 1009
      Abstract: One of the key challenges to the X-ray security check is to detect the overlapped items in backpacks or suitcases in the X-ray images. Most existing methods improve the robustness of models to the object overlapping problem by enhancing the underlying visual information such as colors and edges. However, this strategy ignores the situations that the objects have similar visual clues as to the background, and objects overlapping each other. Since the two cases rarely appear in existing datasets, we contribute a novel dataset – Cutters and Liquid Containers X-ray Dataset (CLCXray) to complete the related research. Furthermore, we propose a novel Label-aware Mechanism (LA) to tackle the object overlapping problem. Particularly, LA establishes the associations between feature channels and different labels and adjusts the features according to the assigned labels (or pseudo labels) to help improve the prediction results. Extensive experiments demonstrate that the LA is accurate and robust to detect overlapped objects, and also validate the effectiveness and the good generalization of the LA for arbitrary state-of-the-art (SOTA) methods. Furthermore, experimental results show that the network constructed by the LA is superior to the SOTA models on OPIXray and CLCXray, especially solving the challenges of the subset of the highly overlapped objects.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Detection of Spoofing Attacks in Aeronautical Ad-Hoc Networks Using Deep
           Autoencoders

    • Free pre-print version: Loading...

      Authors: Tiep M. Hoang;Trinh van Chien;Thien van Luong;Symeon Chatzinotas;Björn Ottersten;Lajos Hanzo;
      Pages: 1010 - 1023
      Abstract: We consider an aeronautical ad-hoc network relying on aeroplanes operating in the presence of a spoofer. The aggregated signal received by the terrestrial base station is considered as “clean” or “normal”, if the legitimate aeroplanes transmit their signals and there is no spoofing attack. By contrast, the received signal is considered as “spurious” or “abnormal” in the face of a spoofing signal. An autoencoder (AE) is trained to learn the characteristics/features from a training dataset, which contains only normal samples associated with no spoofing attacks. The AE takes original samples as its input samples and reconstructs them at its output. Based on the trained AE, we define the detection thresholds of our spoofing discovery algorithm. To be more specific, contrasting the output of the AE against its input will provide us with a measure of geometric waveform similarity/dissimilarity in terms of the peaks of curves. To quantify the similarity between unknown testing samples and the given training samples (including normal samples), we first propose a so-called deviation-based algorithm. Furthermore, we estimate the angle of arrival (AoA) from each legitimate aeroplane and propose a so-called AoA-based algorithm. Then based on a sophisticated amalgamation of these two algorithms, we form our final detection algorithm for distinguishing the spurious abnormal samples from normal samples under a strict testing condition. In conclusion, our numerical results show that the AE improves the trade-off between the correct spoofing detection rate and the false alarm rate as long as the detection thresholds are carefully selected.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Your Model Trains on My Data' Protecting Intellectual Property of
           Training Data via Membership Fingerprint Authentication

    • Free pre-print version: Loading...

      Authors: Gaoyang Liu;Tianlong Xu;Xiaoqiang Ma;Chen Wang;
      Pages: 1024 - 1037
      Abstract: In recent years, data has become the new oil that fuels various machine learning (ML) applications. Just as the oil refining, providing data to an ML model is a product of massive costs and expertise efforts. However, how to protect the intellectual property (IP) of the training data in ML remains largely open. In this paper, we present MeFA, a novel framework for detecting training data IP embezzlement via Membership Fingerprint Authentication, which is able to determine whether a suspect ML model is trained on the to be protected target data or not. The key observation is that a part of data has a similar influence on the prediction behavior of different ML models. On this basis, MeFA leverages membership inference techniques to extract these data as the fingerprints of the target data and constructs an authentication model to verify the data’s ownership by identifying the obtained membership fingerprints. MeFA has several salient features. It does not assume any knowledge of the suspect model except for its black-box prediction API, through which we can merely get the prediction output of a given input, and also does not require any modification to the dataset or the training process, since it takes advantage of the inherent membership property of the data. As a by-product, MeFA can also serve as a post-protection to verify the ownership of ML models, without modifying the training process of the model. Extensive experiments on three realistic datasets and seven types of ML models validate the effectiveness of MeFA, and demonstrate that it is also robust to scenarios when the training data is partially used or preprocessed with representative membership inference defenses.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Decision-Based Adversarial Attack With Frequency Mixup

    • Free pre-print version: Loading...

      Authors: Xiu-Chuan Li;Xu-Yao Zhang;Fei Yin;Cheng-Lin Liu;
      Pages: 1038 - 1052
      Abstract: It has been widely observed that deep neural networks are highly vulnerable to adversarial examples. Decision-based attacks could generate adversarial examples based solely on top-1 labels returned by the target model. However, they typically make excessive queries and could not bypass detection effectively. To comprehensively assess a decision-based attack, besides its query efficiency, the performance against detection is also a concern. Considering that previous detections consume massive resources and always mistakenly recognize benign video frames as malicious attacks, we design a lightweight detection called boundary detection to overcome the above limitations, whose success reveals serious limitations of existing decision-based attacks. To develop more powerful attacks, we first present f-mixup as a basic method to produce candidate adversarial examples in the frequency domain. Using f-mixup as the building block, we propose f-attack as a complete decision-based attack. With the help of several natural images, f-attack could both work well with limited (hundreds of) queries and bypass detection effectively. Nevertheless, if the attacker could make relatively adequate (thousands of) queries and the target model is not equipped with detection, f-attack will lag behind existing decision-based attacks. We additionally introduce frequency binary search based on f-mixup, which serves as a plug-and-play module for existing decision-based attacks to further improve their query efficiency. Experimental results verify the effectiveness of our proposed methods.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Rphx: Result Pattern Hiding Conjunctive Query Over Private Compressed
           Index Using Intel SGX

    • Free pre-print version: Loading...

      Authors: Qin Jiang;Ee-Chien Chang;Yong Qi;Saiyu Qi;Pengfei Wu;Jianfeng Wang;
      Pages: 1053 - 1068
      Abstract: Deploying data storage and query service in an untrusted cloud server raises critical privacy and security concerns. This paper focuses on the fundamental problem of processing conjunctive keyword queries over an untrusted cloud in a privacy-preserving manner. Previous tree-based searchable symmetric encryption (SSE) schemes, such as IBTree and VBTree, can process conjunctive keyword queries in a secure and efficient way. However, these schemes cannot address “Result Pattern (RP)” leakage, which can be used to recover the keywords contained in a conjunctive keyword query. To combat this challenging problem, we propose a result pattern hiding conjunctive query scheme named Rphx using Intel SGX. In particular, we first propose a new “SGX-aware” compressed index named VIBT by combining variable-length bloom filter tree, matryoshka filter and online cipher. To achieve RP hiding, we then introduce a new tree-based SSE scheme named Rphx by deploying VIBT to Intel SGX. Security analysis shows that Rphx can enhance the security requirements by hiding RP leakage under the IND-CKA2 security model. Experimental results show that VIBT gains at least $30times $ improvement in storage efficiency and Rphx can achieve comparable search efficiency comparing with previous works.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Good Learning, Bad Performance: A Novel Attack Against RL-Based Congestion
           Control Systems

    • Free pre-print version: Loading...

      Authors: Zijie Yang;Jiahao Cao;Zhuotao Liu;Xiaoli Zhang;Kun Sun;Qi Li;
      Pages: 1069 - 1082
      Abstract: Reinforcement Learning (RL) has been applied to solve decision-making problems in computer network designs, especially in TCP congestion control. As RL-based congestion control methods enable powerful learning abilities, it achieves competitive performance and adaptiveness advantages over the traditional methods. However, RL-based systems suffer from adversarial attacks that generate perturbations to significantly degrade the performance. In this paper, we conduct a comprehensive study of adversarial attacks against RL-based congestion control systems. Unlike the state-of-the-art adversarial attacks on images where an attacker can easily obtain the input states to introduce perturbations, the attacker cannot directly obtain the input states in congestion control settings that are only available to the agents. It is challenging to add effective perturbations without knowing the input states for RL-based congestion control models. To solve the challenge, we develop an adversarial attack to estimate states of the target agent, craft adversarial perturbations, and apply the generated perturbations in an automated fashion. We evaluate how our adversarial attack affects the target agent’s decision-making process. Our experiments illustrate that our attack can effectively reduce about 50% average throughput while increasing more than 36x latency and 45% packet loss rate.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Lightweight Privacy-Preserving GAN Framework for Model Training and Image
           Synthesis

    • Free pre-print version: Loading...

      Authors: Yang Yang;Ke Mu;Robert H. Deng;
      Pages: 1083 - 1098
      Abstract: Generative adversarial network (GAN) has excellent performance for data generation and is widely used in image synthesis. Outsourcing GAN to cloud platform is a popular way to save local computation resources and improve the efficiency, but it still faces the privacy leakage concerns: (1) the sensitive information of the training dataset may be disclosed in the cloud; (2) the trained model may reveal the privacy of training samples since it extracts the characteristics from the data. In this paper, we propose a lightweight privacy-preserving GAN framework (LP-GAN) for model training and image synthesis based on secret sharing scheme. Specifically, we design a series of efficient secure interactive protocols for different layers (convolution, batch normalization, ReLU, Sigmoid) of neural network (NN) used in GAN. Our protocols are scalable to build secure training or inference tasks for NN-based applications. We utilize edge computing to reduce the latency and all the protocols are executed on two edge servers collaboratively. Compared with the existing schemes, the proposed solution greatly improves efficiency, reduces communication overhead, and guarantees the privacy. We prove the correctness and security of LP-GAN by theoretical analysis. Extensive experiments on different real-world datasets demonstrate the effectiveness, accuracy, and efficiency of our scheme.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Adversarial Detection by Latent Style Transformations

    • Free pre-print version: Loading...

      Authors: Shuo Wang;Surya Nepal;Alsharif Abuadbba;Carsten Rudolph;Marthie Grobler;
      Pages: 1099 - 1114
      Abstract: Detection-based defense approaches are effective against adversarial attacks without compromising the structure of the protected model. However, they could be bypassed by stronger adversarial attacks and are limited in their ability to handle high-fidelity images. In this paper, we explore an effective detection-based defense against adversarial attacks on images (including high-resolution images) by extending the investigation beyond a single-instance perspective to incorporate its transformations as well. Our intuition is that the essential characteristics of a valid image are generally not affected by non-essential style transformations, for example, a slight variation in the facial expression of a portrait would not alter its identification. In contrast, adversarial examples are designed to affect only a single instance at a time, with unpredictable effects on a set of transformations of the instance. Consequently, we leverage a controllable generative mechanism to conduct the non-essential style transformations for a given image via modification along the style axis in the latent space. Next, the consistency of prediction between the given input and its style transformations is used to distinguish adversarial instances. Based on experiments on three image datasets, including high-resolution images, we demonstrated that our defense could detect 90–100 percent of adversarial examples produced by various state-of-the-art adversarial attacks, with a low false-positive rate.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • ROSE: Robust Searchable Encryption With Forward and Backward Security

    • Free pre-print version: Loading...

      Authors: Peng Xu;Willy Susilo;Wei Wang;Tianyang Chen;Qianhong Wu;Kaitai Liang;Hai Jin;
      Pages: 1115 - 1130
      Abstract: Dynamic searchable symmetric encryption (DSSE) has been widely recognized as a promising technique to delegate update and search queries over an outsourced database to an untrusted server while guaranteeing the privacy of data. Many efforts on DSSE have been devoted to obtaining a good tradeoff between security and performance. However, it appears that all existing DSSE works miss studying on what will happen if the DSSE client issues irrational update queries carelessly, such as duplicate update queries and delete queries to remove non-existent entries (that have been considered by many popular database system in the setting of plaintext). In this scenario, we find that (1) most prior works lose their claimed correctness or security, and (2) no single approach can achieve correctness, forward and backward security, and practical performance at the same time. To address this problem, we study for the first time the notion of robustness of DSSE. Generally, we say that a DSSE scheme is robust if it can keep the same correctness and security even in the case of misoperations. Then, we introduce a new cryptographic primitive named key-updatable pseudo-random function and apply this primitive to constructing ROSE, a robust DSSE scheme with forward and backward security. Finally, we demonstrate the efficiency of ROSE and give the experimental comparisons.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • An Opportunistic Power Control Scheme for Mitigating User Location
           Tracking Attacks in Cellular Networks

    • Free pre-print version: Loading...

      Authors: Inkyu Bang;Taehoon Kim;Han Seung Jang;Dan Keun Sung;
      Pages: 1131 - 1144
      Abstract: Cellular networks have been successfully evolved over the decades. Especially, Long-Term Evolution (LTE) has been exceedingly successful and the security threats against LTE systems have increased rapidly. Particularly, tracking LTE user devices has been shown to be effective as the temporary user identifiers (IDs) are easily extracted and used to locate targeted devices by passive eavesdroppers. We notice that naive approaches, such as frequent updates of temporary user IDs, are insufficient to mitigate user-tracking attacks since the new and old temporary IDs for the same user device are easily linkable by adversaries who can measure the wireless channel characteristics between the user device and herself. In this paper, we propose an opportunistic uplink power control scheme to minimize the probability of successful user tracking by an adversary whose location is unknown. We devise the notion of average inference error probability in order to measure the level of users’ location privacy. Moreover, we derive the closed-form expression of the approximated average inference error probability and formulate an optimization problem to maximize the average inference error probability under a constraint of an allowable power budget for each user. Against a passive adversary, our proposed power control scheme effectively degrades an adversary’s inference ability by 50% when 10 users are scheduled in each transmission time slot, which will lead to almost 100% inference error at the adversary over multiple time slots.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Person Re-Identification Through Wi-Fi Extracted Radio Biometric
           Signatures

    • Free pre-print version: Loading...

      Authors: Danilo Avola;Marco Cascio;Luigi Cinque;Alessio Fagioli;Chiara Petrioli;
      Pages: 1145 - 1158
      Abstract: Person re-identification (Re-ID) is a challenging task that tries to recognize a person across different cameras, and that can prove useful in video surveillance as well as in forensics and security applications. However, traditional Re-ID systems analyzing image or video sequences suffer from well-known issues such as illumination changes, occlusions, background clutter, and long-term re-identification. To simultaneously address all these difficult problems, we explore a Re-ID solution based on an alternative medium that is inherently not affected by them, i.e., the Wi-Fi technology. The latter, due to the widespread use of wireless communications, has grown rapidly and is already enabling the development of Wi-Fi sensing applications, such as human localization or counting. These sensing procedures generally exploit Wi-Fi signals variations that are a direct consequence, among other things, of human presence, and which can be observed through the channel state information (CSI) of Wi-Fi access points. Following this rationale, in this paper, for the first time in literature, we show how the pervasive Wi-Fi technology can also be directly exploited for person Re-ID. More accurately, Wi-Fi signals amplitude and phase are extracted from CSI measurements and analyzed through a two-branch deep neural network working in a siamese-like fashion. The designed pipeline can extract meaningful features from signals, i.e., radio biometric signatures, that ultimately allow the person Re-ID. The effectiveness of the proposed system is evaluated on a specifically collected dataset, where remarkable performances are obtained; suggesting that Wi-Fi signal variations differ between different people and can consequently be used for their re-identification.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • SPoTKD: A Protocol for Symmetric Key Distribution Over Public Channels
           Using Self-Powered Timekeeping Devices

    • Free pre-print version: Loading...

      Authors: Mustafizur Rahman;Liang Zhou;Shantanu Chakrabartty;
      Pages: 1159 - 1171
      Abstract: In this paper, we propose a novel class of symmetric key distribution protocol that leverages basic security primitives offered by low-cost, hardware chipsets containing millions of synchronized self-powered timers. The keys are derived from the temporal dynamics of a physical, micro-scale time-keeping device which makes the keys immune to any potential side-channel attacks, malicious tampering, or snooping. Using the behavioral model of the self-powered timers, we first show that the derived key-strings can pass the randomness test as defined by the National Institute of Standards and Technology (NIST) suite. The key-strings are then used in two SPoTKD (Self-Powered Timer Key Distribution) protocols that exploit the timer’s dynamics as one-way functions: (a) protocol 1 facilitates secure communications between a user and a remote Server; and (b) protocol 2 facilitates secure communications between two users. In this paper, we investigate the security of these protocols under standard model and against different adversarial attacks. Using Monte-Carlo simulations, we also investigate the robustness of these protocols in the presence of real-world operating conditions and propose error-correcting SPoTKD protocols to mitigate these noise-related artifacts.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Secure Frequency Control of Hybrid Power System Under DoS Attacks via Lie
           Algebra

    • Free pre-print version: Loading...

      Authors: Zihao Cheng;Dong Yue;Shigen Shen;Songlin Hu;Lei Chen;
      Pages: 1172 - 1184
      Abstract: Secure frequency control of multi-area hybrid power systems with wind power is a research problem involving active defense, vulnerability, and resilience. Considering the scenario that Denial-of-Service (DoS) attack intrude into the control channels of thermal power and wind farm, the hybrid power system is modeled by a switched system with four subsystems. Then, the exponential stability of hybrid power system is studied under arbitrary DoS attack. An active defense scheme is proposed to design switched control gains by Lie algebra method achieved by a distributed consensus method. Furthermore, following the resulted exponential stability, the load disturbance attenuant performance of frequency control is studied by the proposed concepts of vulnerability point and resilience point. Under a class of event-DoS attack model, the estimation method of vulnerability point and resilience point is given. Finally, simulations of a three-area hybrid power system and NE39bus test system are carried out to verify our theories.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • ECUPrint—Physical Fingerprinting Electronic Control Units on CAN Buses
           Inside Cars and SAE J1939 Compliant Vehicles

    • Free pre-print version: Loading...

      Authors: Lucian Popa;Bogdan Groza;Camil Jichici;Pal-Stefan Murvay;
      Pages: 1185 - 1200
      Abstract: We fingerprint 54 ECUs from 10 cars, one of them being a heavy-duty vehicle that is compliant to the SAE J1939 standard. These later specifications implemented in commercial vehicles offer concrete sender addresses in every CAN frame, making physical characteristics easier to link to specific ECUs. This is not the case for traffic collected inside passenger cars where the allocation of CAN bus identifiers is non-uniform, without explicit sender and receiver addresses, making ECU identification more challenging. While previous research has shown good separation between ECUs even when single features are used, e.g., skews or maximum voltage level, prior results are based on a small number of cars, while our larger experimental basis proves that single features are likely insufficient to separate between a large number of ECUs. Concretely, for a crisp separation, at least four features seem to be needed, i.e., mean voltage, max voltage, bit time and plateau time, while clock skews or any single voltage feature lead to overlaps. We provide clear experimental bounds on the intra and inter-distances regarding skews and voltage features, not neglecting environmental variations which may occur when the car is running.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Learning Meta Pattern for Face Anti-Spoofing

    • Free pre-print version: Loading...

      Authors: Rizhao Cai;Zhi Li;Renjie Wan;Haoliang Li;Yongjian Hu;Alex C. Kot;
      Pages: 1201 - 1213
      Abstract: Face Anti-Spoofing (FAS) is essential to secure face recognition systems and has been extensively studied in recent years. Although deep neural networks (DNNs) for the FAS task have achieved promising results in intra-dataset experiments with similar distributions of training and testing data, the DNNs’ generalization ability is limited under the cross-domain scenarios with different distributions of training and testing data. To improve the generalization ability, recent hybrid methods have been explored to extract task-aware handcrafted features (e.g., Local Binary Pattern) as discriminative information for the input of DNNs. However, the handcrafted feature extraction relies on experts’ domain knowledge, and how to choose appropriate handcrafted features is underexplored. To this end, we propose a learnable network to extract Meta Pattern (MP) in our learning-to-learn framework. By replacing handcrafted features with the MP, the discriminative information from MP is capable of learning a more generalized model. Moreover, we devise a two-stream network to hierarchically fuse the input RGB image and the extracted MP by using our proposed Hierarchical Fusion Module (HFM). We conduct comprehensive experiments and show that our MP outperforms the compared handcrafted features. Also, our proposed method with HFM and the MP can achieve state-of-the-art performance on two different domain generalization evaluation benchmarks.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • snWF: Website Fingerprinting Attack by Ensembling the Snapshot of Deep
           Learning

    • Free pre-print version: Loading...

      Authors: Yanbin Wang;Haitao Xu;Zhenhao Guo;Zhan Qin;Kui Ren;
      Pages: 1214 - 1226
      Abstract: The website fingerprinting (WF) attack enables a local eavesdropper to identify which website a client is visiting under encrypted network connections. By leveraging deep neural networks, the state-of-the-art WF attacks achieve high accuracy in classic experimental scenes. However, due to the high variance of neural networks, those attacks are sensitive to the specific information in the data and would result in less-than-ideal performance on data outside the training set or on data that is impacted by the effect of concept drift. In this paper, we present snWF, a novelWF attack, which leverages an out-of-the ordinary ensemble to reduce the variance of neural networks and improve the robustness of the attack. In a large open-world setting with 400,000 websites, snWF manages to determine whether a user is visiting a monitored website, with a true positive rate of 98.1% and a false positive rate of 5.7%. We also evaluated snWF in a more realistic attack scenario, termed as wide-world, to examine whether snWF can correctly classify websites that even an adversary has not seen before, and we found that snWF achieves a higher classification accuracy than the state-of-the-art attacks in this new setting. In addition, in the face of concept drift, snWF is found to be more resilient than any other attacks. Moreover, we are the first to reveal that under concept drift WF attacks suffer more severe performance degradation in a open-world setting than in a closed-world setting.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Redactable Blockchain in Decentralized Setting

    • Free pre-print version: Loading...

      Authors: Jinhua Ma;Shengmin Xu;Jianting Ning;Xinyi Huang;Robert H. Deng;
      Pages: 1227 - 1242
      Abstract: Immutability has been widely accepted as a fundamental property protecting the security of blockchain technology. However, this property impedes the development of blockchain because of the abuse of blockchain storage and legal obligations. To mitigate this issue, a novel construction of blockchain, called redactable blockchain, was introduced. It enables a central authority to issue the rewriting privilege to a particular party who can rewrite a registered object, e.g., a block or a transaction, in a controlled way. Unfortunately, the central authority must be fully trusted and is an obvious target suffering from various attacks. In this paper, we introduce a redactable blockchain controlled at a fine-grained level in a decentralized setting. In our solution, the rewriting privilege is issued by multiple authorities for reducing the vulnerability of the centralized setting. To formalize our solution, we introduce a novel cryptographic notion, called decentralized policy-based chameleon hash (DPCH), with the formal definition and security model. By applying several simple cryptographic tools, such as chameleon hash, digital signature, and multi-authority attribute-based encryption, we present the generic construction of DPCH along with rigorous security proofs. By applying RSA-based chameleon hash and BLS short signature, we give a practical instantiation of DPCH with performance evaluation. The comprehensive evaluation shows that our solution has superior performance than the state-of-the-art solution.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Query2Set: Single-to-Multiple Partial Fingerprint Recognition Based on
           Attention Mechanism

    • Free pre-print version: Loading...

      Authors: Shengjie Chen;Zhenhua Guo;Xiu Li;Dongliang Yang;
      Pages: 1243 - 1253
      Abstract: Currently, fingerprint authentication systems in mobile devices, which have limited-size fingerprint sensors, are mainly based on partial fingerprint matching algorithms. To cover all areas of the finger, the system usually collects multiple partially overlapping partial fingerprints during the enrollment. Existing recognition methods either perform score-level fusion after single-to-single matching, or perform single-to-single matching after image-level mosaicking. However, these two-stage methods have the risk of discarding some real information or introducing some fake information. In this paper, we define this “query2set” task and propose a novel single-to-multiple partial fingerprint recognition method based on atttention mechanism. Our end-to-end deep model can adaptively extract and fuse appropriate features from a set of fingerprints for matching based on the input query fingerprint. Experiments indicate that our method outperforms several state-of-the-art single-to-single approaches and provides a new insight of fingerprint recognition on mobile devices.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Learning Multi-Granularity Temporal Characteristics for Face Anti-Spoofing

    • Free pre-print version: Loading...

      Authors: Zhuo Wang;Qiangchang Wang;Weihong Deng;Guodong Guo;
      Pages: 1254 - 1269
      Abstract: Face anti-spoofing (FAS) is essential for securing face recognition systems. Despite the decent performance, few existing works fully leverage temporal information. This would inevitably lead to inferior performance because real and fake faces tend to share highly similar spatial appearances, while important temporal features between consecutive frames are neglected. In this work, we propose a temporal transformer network (TTN) to learn multi-granularity temporal characteristics for FAS. It mainly consists of temporal difference attentions (TDA), a pyramid temporal aggregation (PTA), and a temporal depth difference loss (TDL). Firstly, the vision transformer (ViT) is used as the backbone where comprehensive local patches are utilized to provide subtle differences between live and spoof faces. Then, instead of learning temporal features on global faces which may miss some important local cues, the TDA is developed to extract motion-sensitive cues on each of the comprehensive local patches. Moreover, the TDA is inserted into different layers of the ViT, learning multi-scale motion-sensitive local cues to improve the FAS performance. Secondly, it is observed that different subjects may have different visual tempos in some actions, making it necessary to model different temporal speeds. Our PTA aggregates temporal features at various tempos, which could build short-range and long-range relations among multiple frames. Thirdly, depth maps for real parts may change continuously, while they remain zeros for spoof regions. In order to locate motion features on facial parts, the TDL is proposed to guide the network to locate spoof facial parts where motion patterns between neighboring frames are set as the ground truth. To the best of our knowledge, this work is the first attempt to learn temporal characteristics via transformers. Both qualitative and quantitative results on several challenging tasks demonstrate the usefulness and effectiveness of our proposed methods.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Co-Design of Observer-Based Fault Detection Filter and Dynamic
           Event-Triggered Controller for Wind Power System Under Dual Alterable DoS
           Attacks

    • Free pre-print version: Loading...

      Authors: Jin Yang;Qishui Zhong;Kaibo Shi;Shouming Zhong;
      Pages: 1270 - 1284
      Abstract: In this article, a novel co- design approach of observed-based fault detection filter (FDF) and dynamic event-triggered controller is proposed for multi-area wind power system under dual alterable aperiodic (DAA) denial-of-service (DoS) attacks. It is the first attempt to design an observed-based FDF for wind power system considering actuator fault signal. And a tolerable actuator fault threshold function is constructed to warn the occurrence of fault signal. Then, considering the bandwidth limitation of network communication, a novel dynamic event-triggered scheme is proposed to decrease the occupation of communication channel. Furthermore, the DAA DoS attacks presented in this work have different blocking effects on data transmission in different network channel. On account of the existence of aperiodic DoS attacks, the general load frequency control model for wind power system is reconstructed as a new switched system. Based on the reconstructed model, the stability with an $H_{infty }$ performance index is demonstrated by constructing appropriate polynomial Lyapunov-Krasovskii functionals. Besides, the FDF and dynamic event-triggered controller can be achieved by solving linear matrix inequalities. Finally, some contradistinctive case studies are given to illustrate the feasibility and effectiveness of the approaches proposed in this article.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • RF Impairment Model-Based IoT Physical-Layer Identification for Enhanced
           Domain Generalization

    • Free pre-print version: Loading...

      Authors: Sekhar Rajendran;Zhi Sun;
      Pages: 1285 - 1299
      Abstract: For small, inexpensive, and power-constrained IoT devices, Radiofrequency fingerprinting (RF-fingerprinting) has emerged as a cost-effective security solution. Robustness and permanence of the RF-fingerprints (RFFs) are major challenges since this solution’s inception. This is due to domain-related complications such as environmental effects and time-varying device-related perturbations. Since data from domains have divergent distributions, blindly plugging in Machine learning algorithms can overfit domain-related residuals rather than the fingerprint. Recent popular methods like blind channel equalization-based solutions only partially solve this problem while adversely affecting the RFF’s user capacity. Our paper presents a solution to overcome the domain generalization of these computationally intensive feature mining methods in a real-world wireless domain while retaining the fingerprints’ richness. We perform a reverse analysis of a typical RFIC and create a parametric RF-impairment distribution model currently missing in the literature. Then, we use this model to tailor a knowledge-based parametric signal processing and conditioning method, which would create an optimum signal representation of the RFF for ML algorithms. Additionally, our method can significantly reduce the dimensionality of the data needed to train the ML algorithms, eliminate noise, and simplify the classifier needed for RF-fingerprinting. We present our results after evaluation using real-world cross-domain experiments under varying domain conditions with COTS IoT microchips (SX1276).
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Secure Active and Passive Beamforming in IRS-Aided MIMO Systems

    • Free pre-print version: Loading...

      Authors: Saba Asaad;Yifei Wu;Ali Bereyhi;Ralf R. Müller;Rafael F. Schaefer;H. Vincent Poor;
      Pages: 1300 - 1315
      Abstract: In intelligent reflecting surface (IRS)-aided multiple-input multiple-output (MIMO) systems, the IRS can be utilized to suppress the information leakage towards malicious terminals. This can lead to significant secrecy gains. This work exploits these gains via a tractable joint design of downlink beamformers and IRS phase-shifts. In this respect, we consider a generic IRS-aided MIMO wiretap setting and invoke fractional programming and alternating optimization to iteratively find the beamformers and phase-shifts that maximize the achievable weighted secrecy sum-rate. Our design is comprised of two low-complexity algorithms. Performance of the proposed algorithms are numerically evaluated and compared to the benchmark. The results reveal that integrating IRSs into MIMO systems not only boosts the secrecy performance, but also improves the robustness against passive eavesdropping.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Content-Aware Detection of Temporal Metadata Manipulation

    • Free pre-print version: Loading...

      Authors: Rafael Padilha;Tawfiq Salem;Scott Workman;Fernanda A. Andaló;Anderson Rocha;Nathan Jacobs;
      Pages: 1316 - 1327
      Abstract: Most pictures shared online are accompanied by temporal metadata (i.e., the day and time they were taken), which makes it possible to associate an image content with real-world events. Maliciously manipulating this metadata can convey a distorted version of reality. In this work, we present the emerging problem of detecting timestamp manipulation. We propose an end-to-end approach to verify whether the purported time of capture of an outdoor image is consistent with its content and geographic location. We consider manipulations done in the hour and/or month of capture of a photograph. The central idea is the use of supervised consistency verification, in which we predict the probability that the image content, capture time, and geographical location are consistent. We also include a pair of auxiliary tasks, which can be used to explain the network decision. Our approach improves upon previous work on a large benchmark dataset, increasing the classification accuracy from 59.0% to 81.1%. We perform an ablation study that highlights the importance of various components of the method, showing what types of tampering are detectable using our approach. Finally, we demonstrate how the proposed method can be employed to estimate a possible time-of-capture in scenarios in which the timestamp is missing from the metadata.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Efficient Steganography in JPEG Images by Minimizing Performance of
           Optimal Detector

    • Free pre-print version: Loading...

      Authors: Rémi Cogranne;Quentin Giboulot;Patrick Bas;
      Pages: 1328 - 1343
      Abstract: Since the introduction of adaptive steganography, most of the recent research works seek at designing cost functions that are evaluated against steganalysis methods. While those approaches have been successful, they rely on intuitive principles and ad-hoc costs associated with each pixel or Discrete Cosine Transform (DCT) coefficient. Beyond the empirical assessments, the insights one can get from such approaches are very limited. On the opposite, this paper presents an original method for steganography in JPEG images that exploits a statistical model of the DCT coefficients. Within the framework of hypothesis testing theory, we use a statistical model of covers to derive the analytical expression of the most powerful detector. The objective of the steganographer is to minimize the statistical performance of this “omniscient detector” which represents a “worst-case” scenario for security. This paper shows how this method allows designing effective steganography, in terms of both security and computational complexity, in the two main use cases: when having only one single JPEG image and when the uncompressed image is available, case also known as Side-Informed (SI). A wide range of numerical comparisons shows that the proposed method outperforms the current state-of-the-art especially against the latest and most accurate steganalysis approaches based on Deep Learning.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Heterogeneous Face Recognition via Face Synthesis With Identity-Attribute
           Disentanglement

    • Free pre-print version: Loading...

      Authors: Ziming Yang;Jian Liang;Chaoyou Fu;Mandi Luo;Xiao-Yu Zhang;
      Pages: 1344 - 1358
      Abstract: Heterogeneous Face Recognition (HFR) aims to match faces across different domains (e.g., visible to near-infrared images), which has been widely applied in authentication and forensics scenarios. However, HFR is a challenging problem because of the large cross-domain discrepancy, limited heterogeneous data pairs, and large variation of facial attributes. To address these challenges, we propose a new HFR method from the perspective of heterogeneous data augmentation, named Face Synthesis with Identity-Attribute Disentanglement (FSIAD). Firstly, the identity-attribute disentanglement (IAD) decouples face images into identity-related representations and identity-unrelated representations (called attributes), and then decreases the correlation between identities and attributes. Secondly, we devise a face synthesis module (FSM) to generate a large number of images with stochastic combinations of disentangled identities and attributes for enriching the attribute diversity of synthetic images. Both the original images and the synthetic ones are utilized to train the HFR network for tackling the challenges and improving the performance of HFR. Extensive experiments on five HFR databases validate that FSIAD obtains superior performance than previous HFR approaches. Particularly, FSIAD obtains 4.8% improvement over state of the art in terms of VR@FAR=0.01% on LAMP-HQ, the largest HFR database so far.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • An Efficient Identity-Based Provable Data Possession Protocol With
           Compressed Cloud Storage

    • Free pre-print version: Loading...

      Authors: Yang Yang;Yanjiao Chen;Fei Chen;Jing Chen;
      Pages: 1359 - 1371
      Abstract: Cloud storage is more and more prevalent in practice, and thus how to check its integrity becomes increasingly essential. A classical solution is identity-based (ID-based) provable data possession (PDP), which supports certificateless cloud storage auditing without entire user data. However, existing ID-PDP protocols always require that cloud users outsource data blocks, authenticators and a small-sized file tag to the cloud, and make use of the heavy elliptic curve cryptography over bilinear pairing. These disadvantages would result in vast storage, communication, and computation costs, which is unexpected, especially for resource-limited cloud users. To improve the performance, this paper proposes a novel cryptographic primitive: ID-based PDP with compressed cloud storage. In this model, cloud storage auditing can be achieved by using only encrypted data blocks in a self-verified way, and original data blocks can be reconstructed from the outsourced data. Thus, data owners no longer need to store original data blocks on the cloud. We also use some basic algebraic operations to realize a concrete ID-based PDP protocol with compressed cloud storage, which is quite efficient due to no heavy cryptographic operations involved. The proposed protocol can easily be extended to support the other practical functions by using the primitive replacement technique. The proposed protocol is strictly proven to have the properties of correctness, privacy, unforgeability and detectability. Finally, we give plenty of theoretical analysis and experimental results to validate the efficiency of the proposed protocol.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Stealthy Backdoors as Compression Artifacts

    • Free pre-print version: Loading...

      Authors: Yulong Tian;Fnu Suya;Fengyuan Xu;David Evans;
      Pages: 1372 - 1387
      Abstract: Model compression is a widely-used approach for reducing the size of deep learning models without much accuracy loss, enabling resource-hungry models to be compressed for use on resource-constrained devices. In this paper, we study the risk that model compression could provide an opportunity for adversaries to inject stealthy backdoors. In a backdoor attack on a machine learning model, an adversary produces a model that performs well on normal inputs but outputs targeted misclassifications on inputs containing a small trigger pattern. We design stealthy backdoor attacks such that the full-sized model released by adversaries appears to be free from backdoors (even when tested using state-of-the-art techniques), but when the model is compressed it exhibits a highly effective backdoor. We show this can be done for two common model compression techniques—model pruning and model quantization—even in settings where the adversary has limited knowledge of how the particular compression will be done. Our findings demonstrate the importance of performing security tests on the models that will actually be deployed not in their precompressed version. Our implementation is available at https://github.com/yulongtzzz/Stealthy-Backdoors-as-Compression-Artifacts.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • EC-SVC: Secure CAN Bus In-Vehicle Communications With Fine-Grained Access
           Control Based on Edge Computing

    • Free pre-print version: Loading...

      Authors: Donghyun Yu;Ruei-Hau Hsu;Jemin Lee;Sungjin Lee;
      Pages: 1388 - 1403
      Abstract: In-vehicle communications are not designed for message exchange between the vehicles and outside systems originally. Thus, the security design of message protection is insufficient. Moreover, the internal devices do not have enough resources to process the additional security operations. Nonetheless, due to the characteristic of the in-vehicle network in which messages are broadcast, secure message transmission to specific receivers must be ensured. With consideration of the facts aforementioned, this work addresses resource problems by offloading secure operations to high-performance devices, and uses attribute-based access control to ensure the confidentiality of messages from attackers and unauthorized users. In addition, we reconfigure existing access control based cryptography to address new vulnerabilities arising from the use of edge computing and attribute-based access control. Thus, this paper proposes an edge computing-based security protocol with fine-grained attribute-based encryption using a hash function, symmetric-based cryptography, and reconfigured cryptographic scheme. In addition, this work formally proves the reconfigured cryptographic scheme and security protocol, and evaluates the feasibility of the proposed security protocol in various aspects using the CANoe software.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Unified Performance Evaluation Method for Perceptual Image Hashing

    • Free pre-print version: Loading...

      Authors: Xinran Li;Chuan Qin;Zichi Wang;Zhenxing Qian;Xinpeng Zhang;
      Pages: 1404 - 1419
      Abstract: In recent decades, a large number of perceptual image hashing schemes have been designed to secure the authenticity and integrity of digital images. However, the feasible criterion to evaluate the performances of hashing schemes has not been developed yet. To this end, a unified performance evaluation method for perceptual image hashing schemes is proposed in this paper. The proposed evaluation method contains six modules: robustness, discrimination, tampering detection, security, computational efficiency and hash length. The order relationship analysis (ORA) is employed to assign the score proportion of each module in accordance with the relative importance of performance, which allows the customizability of user. The real scores of modules and the outputted final score can reflect the performances of perceptual image hashing schemes intuitively and convincingly. Experimental results demonstrate that the proposed evaluation method is practical and effective for the complete and comprehensive evaluation of perceptual image hashing schemes.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • VILS: A Verifiable Image Licensing System

    • Free pre-print version: Loading...

      Authors: Haixia Chen;Xinyi Huang;Jianting Ning;Futai Zhang;Chao Lin;
      Pages: 1420 - 1434
      Abstract: Image licensing regulates the scope, type, and limitations of using an image through an agreement. However, it is challenging to verify whether an agreement has been fulfilled honestly. Existing techniques, such as watermarking and perceptual hashing, help check image originality and editing operations specified in the agreement, but fail to achieve editor designation. In this paper, we propose a verifiable image licensing system (VILS) which provides an effective solution to verify if a received image is used legally according to its licensing agreement. The core building block of our design is a new kind of cryptographic primitive, called accumulator with a designated entity. The new accumulator helps achieve not only editing restriction, but also editor designation in image authentication. Our VILS has the following two appealing features: (1) Authorization: Only an authorized licensee who edits an image with operations declared in a licensing agreement can produce valid images; (2) Efficiency: The verification of VILS is efficient and independent of the number of operations or image size. Compared with the most relevant schemes from the state-of-the-art, the new design enriches the functionality of image authentication but reduces the verification time by 40%.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Domain-Private Factor Detachment Network for NIR-VIS Face Recognition

    • Free pre-print version: Loading...

      Authors: Weipeng Hu;Haifeng Hu;
      Pages: 1435 - 1449
      Abstract: Near-InfraRed and VISual (NIR-VIS) face matching, as one of the most representative tasks in Heterogeneous Face Recognition (HFR), aims at retrieving a face image across different domains. With the development of deep learning and the growing demand for intelligent surveillance, it has aroused more and more research attention in the computer vision community. However, due to the dramatic modality gap between NIR and VIS images, the task of NIR-VIS face recognition becomes practically very challenging. In this paper, we propose a novel Domain-private Factor Detachment (DFD) network to disentangle domain-dependent factors and achieve identity information distillation. Our approach consists of three key components, including Domain-identity Representation Learning (DiRL), Cross-domain Factor Detachment (CdFD) and Cross-domain Aggregation Learning (CAL). Firstly, the proposed DiRL aims to achieve domain-specific information distillation and learn identity-related representations. Specifically, three sub-networks, i.e., NIR sub-Network (NIR-Net), VIS sub-Network (VIS-Net) and IDentity-dependent sub-Network (ID-Net) are designed to learn NIR facial representations, VIS facial representations and identity-dependent representations, respectively, and they can promote each other to facilitate the learning of identity-discriminative representations. Secondly, considering that the entangled modal components in face representations negatively affect the subsequent matching process, to reduce modality-related components, we model the cross-modal face matching problem into three parts, comprising Identity Variation (IV), Inter-Spectrum Variation (ISV) and Identity-Domain Variation (IDV). The CdFD is presented to eliminate ISV components and IDV components by introducing inter-spectrum invariant constraint and identity-domain invariant constraint, so that cross-modal face recognition can be performed under pure identity information differences without modal interference. Finally,-the CAL is developed to learn modality-invariant yet discriminative representations by exploring within-class aggregation, negative pair separability and cross-domain positive pair compactness. Experimental results on multiple challenging databases demonstrate the effectiveness of the DFD approach.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • MMAuth: A Continuous Authentication Framework on Smartphones Using
           Multiple Modalities

    • Free pre-print version: Loading...

      Authors: Zhihao Shen;Shun Li;Xi Zhao;Jianhua Zou;
      Pages: 1450 - 1465
      Abstract: With the wide use of smartphones, more private data are collected and saved in the smartphones. This raises higher requirements for secure and effective user authentication scheme. Continuous authentication leverages behavioral biometrics as identity information and shows promising characteristics for user verification in a continuous and passive means. However, most studies require users to operate the smartphones in a specific mobile application or perform user-defined touch operations. This paper studies the continuous authentication on smartphones in the wild, where it is hard to characterize touching behavior accurately due to the complexity of usage context and cross-use of various types of touch gestures. Towards this end, in this paper, we propose a continuous authentication framework using multiple modalities, named as MMAuth, which integrates the heterogeneous information of user identity from multiple modalities (e.g., motion movement pattern, touch dynamics, usage context). A time-extended behavioral feature set (TEB) and a deep learning based one-class classifier (DeSVDD) are developed for performing more accurate authentication. Evaluations are conducted using a novel unconstrained smartphone usage dataset collected from 100 volunteers in real world as well as a public laboratory dataset. Extensive experimental results demonstrate that the state-of-the-art authentication performance of MMAuth in both unconstrained and laboratory environment, and the effectiveness of its two proposed modules (the TEB feature set and the DeSVDD classifier). Additional experiments on system robustness, in terms of usability to different touch gestures, sensitivity to various mobile applications, and scalability to user space, are also provided to examine the applicability of MMAuth.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • One Parameter Defense—Defending Against Data Inference Attacks via
           Differential Privacy

    • Free pre-print version: Loading...

      Authors: Dayong Ye;Sheng Shen;Tianqing Zhu;Bo Liu;Wanlei Zhou;
      Pages: 1466 - 1480
      Abstract: Machine learning models are vulnerable to data inference attacks, such as membership inference and model inversion attacks. In these types of breaches, an adversary attempts to infer a data record’s membership in a dataset or even reconstruct this data record using a confidence score vector predicted by the target model. However, most existing defense methods only protect against membership inference attacks. Methods that can combat both types of attacks require a new model to be trained, which may not be time-efficient. In this paper, we propose a differentially private defense method that handles both types of attacks in a time-efficient manner by tuning only one parameter, the privacy budget. The central idea is to modify and normalize the confidence score vectors with a differential privacy mechanism which preserves privacy and obscures membership and reconstructed data. Moreover, this method can guarantee the order of scores in the vector to avoid any loss in classification accuracy. The experimental results show the method to be an effective and timely defense against both membership inference and model inversion attacks with no reduction in accuracy.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Security Optimization for an AF MIMO Two-Way Relay-Assisted Cognitive
           Radio Nonorthogonal Multiple Access Networks With SWIPT

    • Free pre-print version: Loading...

      Authors: Changjie Hu;Quanzhong Li;Qi Zhang;Jiayin Qin;
      Pages: 1481 - 1496
      Abstract: This paper investigates the physical layer security issue in an amplify-and-forward (AF) multi-input multi-output (MIMO) two-way relay assisted cognitive radio (CR) nonorthogonal multiple access (NOMA) network, where the simultaneous wireless information and power transfer (SWIPT) technology is employed to improve network energy efficiency. We consider the scenario that a pair of primary users and two pairs of secondary users (SUs) exchange information via a MIMO two-way relay, where the edge SU of each SU pair is untrusted and tries to wiretap the central SU’s information. For ensuring security, we aim to maximize the sum achievable secrecy rate (SASR) by jointly optimizing the power allocation at all users, power splitting factor and relay beamforming subject to the quality of service (QoS), energy harvesting and transmit power constraints. The formulated optimization problem is highly nonconvex due to coupling variables, thus it is challenging to solve. An effective path-following (PF)-based algorithm is proposed, which is proven to converge to a stationary point. Theoretical and simulation results show that the proposed PF-based algorithm has lower complexity than the state-of-art algorithm. To further reduce complexity, we proposed a zero-forcing (ZF)-based scheme. Numerical simulations show that the proposed PF-based algorithm achieves the same SASR as the state-of-art algorithm with moderate complexity, while the proposed ZF-based scheme strikes a good balance between performance and complexity.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • PhishSim: Aiding Phishing Website Detection With a Feature-Free Tool

    • Free pre-print version: Loading...

      Authors: Rizka Widyarini Purwanto;Arindam Pal;Alan Blair;Sanjay Jha;
      Pages: 1497 - 1512
      Abstract: In this paper, we propose a feature-free method for detecting phishing websites using the Normalized Compression Distance (NCD), a parameter-free similarity measure which computes the similarity of two websites by compressing them, thus eliminating the need to perform any feature extraction. It also removes any dependence on a specific set of website features. This method examines the HTML of webpages and computes their similarity with known phishing websites, in order to classify them. We use the Furthest Point First algorithm to perform phishing prototype extractions, in order to select instances that are representative of a cluster of phishing webpages. We also introduce the use of an incremental learning algorithm as a framework for continuous and adaptive detection without extracting new features when concept drift occurs. On a large dataset, our proposed method significantly outperforms previous methods in detecting phishing websites, with an AUC score of 98.68%, a high true positive rate (TPR) of around 90%, while maintaining a low false positive rate (FPR) of 0.58%. Our approach uses prototypes, eliminating the need to retain long term data in the future, and is feasible to deploy in real systems with a processing time of roughly 0.3 seconds.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • A Unified Framework for Biphasic Facial Age Translation With
           Noisy-Semantic Guided Generative Adversarial Networks

    • Free pre-print version: Loading...

      Authors: Muyi Sun;Jian Wang;Jian Liu;Jianshu Li;Tao Chen;Zhenan Sun;
      Pages: 1513 - 1527
      Abstract: Biphasic facial age translation aims at predicting the appearance of the input face at any age. Facial age translation has received considerable research attention in the last decade due to its practical value in cross-age face recognition and various entertainment applications. However, most existing methods model age changes between holistic images, regardless of the human face structure and the age-changing patterns of individual facial components. Consequently, the lack of semantic supervision will cause infidelity of generated faces in detail. To this end, we propose a unified framework for biphasic facial age translation with noisy-semantic guided generative adversarial networks. Structurally, we project the class-aware noisy semantic layouts to “soft” latent maps for the following injection operation on the individual facial parts. In particular, we introduce two sub-networks, ProjectionNet and ConstraintNet. ProjectionNet introduces the low-level structural semantic information with noise map and produces “soft” latent maps. ConstraintNet disentangles the high-level spatial features to constrain the “soft” latent maps, which endows more age-related context into the “soft” latent maps. Specifically, attention mechanism is employed in ConstraintNet for feature disentanglement. Meanwhile, in order to mine the strongest mapping ability of the network, we embed two types of learning strategies in the training procedure, supervised self-driven generation and unsupervised condition-driven cycle-consistent generation. As a result, extensive experiments conducted on MORPH and CACD datasets demonstrate the prominent ability of our proposed method which achieves state-of-the-art performance.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Multi-User Beam Training and Transmission Design for Covert
           Millimeter-Wave Communication

    • Free pre-print version: Loading...

      Authors: Jiayu Zhang;Min Li;Min-Jian Zhao;Xiaoyu Ji;Wenyuan Xu;
      Pages: 1528 - 1543
      Abstract: Millimeter-wave (mmWave) communication has emerged as a promising means for supporting high-rate covert communication. However, the use of antenna arrays with beamforming at mmWave requires precise beam alignment between legitimate parties, and this procedure may entail large beam training overhead and create additional signal leakage to eavesdroppers. In this work, we consider a multi-user mmWave communication system and address the problem of designing proper covert beam training and data transmission between legitimate parties Alice and Bobs, while keeping the underlying communication undetectable from warden Willie. We first propose a novel Covert Multi-user Beam Training Strategy (CMBTS) that adopts multi-finger beam codebook to reduce the probability of communication being detected and to enable simultaneous training for multiple users. With the proposed CMBTS, a joint optimization framework for covert beam training and data transmission with a friendly jammer is developed to maximize the effective covert throughput while ensuring the covertness constraint at warden is met. We further propose an algorithm that combines successive convex approximation and inexact block coordinate descent methods to solve the problem efficiently. Numerical results validate the effectiveness of the CMBTS proposed and confirm its superior performance as compared to several beam training baselines (including exhaustive and hierarchical search) tailored to the covert communication setup considered. Among them, CMBTS achieves the best successful alignment probability and the largest effective covert throughput yet with the least training overhead.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • A Unified Framework for Bidirectional Prototype Learning From Contaminated
           Faces Across Heterogeneous Domains

    • Free pre-print version: Loading...

      Authors: Meng Pang;Binghui Wang;Siyu Huang;Yiu-Ming Cheung;Bihan Wen;
      Pages: 1544 - 1557
      Abstract: Existing heterogeneous face synthesis (HFS) methods focus on performing accurate image-to-image translation across domains, while they cannot effectively remove the nuisance facial variations such as poses, expressions or occlusions. To address such challenges, this paper studies a new practical heterogeneous prototype learning (HPL) problem. To be specific, given a face image contaminated by facial variations from a source domain, HPL aims to reconstruct the variation-free prototype in a specified target domain. To tackle HPL, we propose a unified and end-to-end framework named bidirectional heterogeneous prototype learning (BHPL). As a bidirectional learning framework, BHPL is able to simultaneously reconstruct the heterogeneous prototypes across source-to-target as well as target-to-source domains. Furthermore, BHPL is capable of learning the identity prototype features for the contaminated face images from both source and target domains in order to perform robust heterogeneous face recognition. BHPL consists of an encoder-decoder structural generator and two dual-task discriminators, which play an adversarial game such that the generator learns the identity prototype feature and generates the cross-domain identity-preserved prototype for each input face image from both domains, and the discriminators accurately predict face identity and distinguish real versus fake prototypes. Empirically studies on multiple heterogeneous face datasets containing facial variations demonstrate the effectiveness of BHPL.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Enhancing Leakage Prevention for MapReduce

    • Free pre-print version: Loading...

      Authors: Yongzhi Wang;Xiaoyu Zhang;Yao Wu;Yulong Shen;
      Pages: 1558 - 1572
      Abstract: When public clouds become the platform of choice for MapReduce processing, users are placing higher demands on the privacy of the job data and program. A number of solutions employed trusted hardware to protect MapReduce tasks. However, existing works pointed out that simply protecting individual nodes in the MapReduce cluster with trusted hardware and protecting cross-node communication with encryption still leak information from side-channels. Specifically, attackers can derive data information by observing and manipulating cross-node communication traffic volumes. Although existing works proposed some solutions to prevent such leakage, in this paper, we show that previous solutions still leak critical job information. Additionally, our study shows that previous solutions have limitations from other aspects, including data restriction, partition function restriction, reliability issue, and high overheads. To address all the discovered limitations, we introduced the Strong Shuffle solution. Our analysis and experimental results showed that our solution has reduced the information leakage and addressed other discovered limitations. To support Strong Shuffle, we proposed a variant Bloom Filter, named Group-based Dynamic Bloom Filter (GDBF). Our theoretical analysis showed that GDBF has lower performance and storage overhead than the traditional Scalable Bloom Filter.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Efficient Verifiably Encrypted ECDSA-Like Signatures and Their
           Applications

    • Free pre-print version: Loading...

      Authors: Xiao Yang;Mengling Liu;Man Ho Au;Xiapu Luo;Qingqing Ye;
      Pages: 1573 - 1582
      Abstract: Verifiably encrypted signature (VES) allows a signer to encrypt a signature under the public key of a trusted third party (aka adjudicator) in a verifiable manner. Recently, Yang et al. proposed a practical verifiably encrypted signature scheme for ECDSA and initiated the study of escrow protocol for Bitcoin via VES. This paper generalizes and improves the VES scheme of Yang et al., such that it covers a family of signatures with similar structures, including ECDSA, Schnorr and their variants. Our construction is very efficient: comparing with Yang et al. ’s construction, the size of the resulting VES (for ECDSA) is reduced by more than 25 times. The only caveat is that the adjudicator is required to store a look-up table of size around 270MB. Our scheme naturally gives rise to escrow protocols for mainstream cryptocurrencies that employ ECDSA-like signatures to authorise transaction, including Bitcoin, Ethereum, Cardano, Chainlink, etc.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Self-Secure Capacity-Achieving Feedback Schemes of Gaussian
           Multiple-Access Wiretap Channels With Degraded Message Sets

    • Free pre-print version: Loading...

      Authors: Bin Dai;Chong Li;Yingbin Liang;Zheng Ma;Shlomo Shamai;
      Pages: 1583 - 1596
      Abstract: It has been shown that the SK scheme, which was proposed by Schalkwijk and Kailath, is a self-secure capacity-achieving (SSCA) feedback scheme for the Gaussian wiretap channel, i.e., the SK scheme not only achieves the feedback capacity of the Gaussian channel, but also is secure by itself and achieves the feedback secrecy capacity of the Gaussian wiretap channel. For the multi-user wiretap channels, very recently, it has been shown that Ozarow’s capacity-achieving feedback scheme for the two-user Gaussian multiple-access channel (GMAC) is the SSCA feedback scheme for the two-user Gaussian multiple-access wiretap channel (GMAC-WT). In this paper, first, we propose a SSCA feedback scheme for the two-user GMAC-WT with degraded message sets (GMAC-WT-DMS). Next, we extend the above scheme to the two-user GMAC-WT-DMS with noncausal channel state information at the transmitters (NCSIT), and show that the extended scheme is also a SSCA feedback scheme. Finally, we derive outer bounds on the secrecy capacity regions of the two-user GMAC-WT-DMS with or without NCSIT, and numerical results show the rate gains by the feedback.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Report When Malicious: Deniable and Accountable Searchable
           Message-Moderation System

    • Free pre-print version: Loading...

      Authors: Peng Jiang;Baoqi Qiu;Liehuang Zhu;
      Pages: 1597 - 1609
      Abstract: Encrypted retrieval ensures the secure retrieval over the encrypted data without sacrificing the confidentiality. Its applications in the database systems have brought this primitive under the spotlight. Once the malicious sender sends the wrong message, conventional encrypted retrieval is arduous to provide message-moderation and even abuse reporting arises when any receiver is allowed to fabricate and convince a malicious message. We introduce the idea of searchable message-moderation, a newly exquisite framework named CleanSE that enables the system to simultaneously provide encrypted retrieval and fallacious reporting resistance. In a nutshell, CleanSE is achieved via a securely technical combination of asymmetric message franking and searchable encryption. We design two CleanSE schemes. The first, called Recon, leverages designated verifier signatures to generate a report proof such as to prevent fallacious report and undeniability, and assists with designated-server searchable encryption to protect confidentiality and privacy. Our improved scheme is called Reclean. Compared with Recon, Reclean adds an additional algorithm, $mathsf {Clean}$ , to filter forged message and employs asymmetric message franking to provide stronger deniability and accountability. We implement and evaluate prototype of our CleanSE system to highlight its feasibility and practicality.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Noise-Based-Protection Message Dissemination Method for Insecure
           Opportunistic Underwater Sensor Networks

    • Free pre-print version: Loading...

      Authors: Linfeng Liu;Zhiyuan Xi;Jiagao Wu;Jia Xu;
      Pages: 1610 - 1623
      Abstract: Opportunistic Underwater Sensor Networks (OUSNs) are deployed for various underwater applications, such as underwater creature tracking and tactical surveillance. In an OUSN invaded by some eavesdroppers, the data messages disseminated by sensor nodes are probably stolen (captured and cracked) by the eavesdroppers. The data messages are disseminated through acoustic waves which could be altered by the environmental noises, i.e., the acoustic waves containing data messages could be superimposed by the environmental noises. To protect the data messages from being stolen by eavesdroppers and guarantee the required delivery ratio of data messages, we propose a Noise-based-protection Message Dissemination Method (NMDM). In NMDM, the acoustic waves containing data messages are superposed by the environmental noises and converted into some pseudo data messages. The environmental noises around source nodes are identified, encoded, and encrypted into some noise messages. Then, the pseudo data messages and noise messages are individually disseminated to the sink node. Such mechanism makes the eavesdroppers difficult to steal the data messages. Besides, the required delivery ratio of data messages is achieved by measuring the similarities between the nodes and the sink node, i.e., the pseudo data messages and noise messages are preferentially disseminated to the nodes with larger similarities to the sink node. Finally, simulation results demonstrate the superior performance of NMDM. NMDM can reduce the theft ratio of data messages and guarantee the required delivery ratio of data messages effectively.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Information Leakage in Code-Based Masking: A Systematic Evaluation by
           Higher-Order Attacks

    • Free pre-print version: Loading...

      Authors: Wei Cheng;Sylvain Guilley;Jean-Luc Danger;
      Pages: 1624 - 1638
      Abstract: Code-based masking is a recent line of research on masking schemes aiming at provably counteracting side-channel attacks. It generalizes and unifies many masking schemes within a coding-theoretic formalization. In code-based masking schemes, the tuning parameters are the underlying linear codes, whose choice significantly affects the side-channel resilience. In this paper, we investigate the exploitability of the information leakage in code-based masking and present attack-based evaluation results of higher-order optimal distinguisher (HOOD). Particularly, we consider two representative instances of code-based masking, namely inner product masking (IPM) and Shamir’s secret sharing (SSS) based masking. Our results do confirm the state-of-the-art theoretical derivatives in an empirical manner with numerically simulated measurements. Specifically, theoretical results are based on quantifying information leakage; we further complete the panorama with attack-based evaluations by investigating the exploitability of the leakage. Moreover, we classify all possible candidates of linear codes in IPM with 2 and 3 shares and (3, 1)-SSS based masking, and highlight both optimal and worst codes for them. Relying on our empirical evaluations, we therefore recommend investigating the coding-theoretic properties to find the best linear codes in strengthening instances of code-based masking. As for applications, our attack-based evaluation directly empowers designers, by employing optimal linear codes, to enhance the protection of code-based masking. Our framework leverages simulated leakage traces, hence allowing for source code validation or patching in case it is found to be attackable.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • ShieldFL: Mitigating Model Poisoning Attacks in Privacy-Preserving
           Federated Learning

    • Free pre-print version: Loading...

      Authors: Zhuoran Ma;Jianfeng Ma;Yinbin Miao;Yingjiu Li;Robert H. Deng;
      Pages: 1639 - 1654
      Abstract: Privacy-Preserving Federated Learning (PPFL) is an emerging secure distributed learning paradigm that aggregates user-trained local gradients into a federated model through a cryptographic protocol. Unfortunately, PPFL is vulnerable to model poisoning attacks launched by a Byzantine adversary, who crafts malicious local gradients to harm the accuracy of the federated model. To resist model poisoning attacks, existing defense strategies focus on identifying suspicious local gradients over plaintexts. However, the Byzantine adversary submits encrypted poisonous gradients to circumvent existing defense strategies in PPFL, resulting in encrypted model poisoning. To address the issue, in this paper we design a privacy-preserving defense strategy using two-trapdoor homomorphic encryption (referred to as ShieldFL), which can resist encrypted model poisoning without compromising privacy in PPFL. Specially, we first present the secure cosine similarity method aiming to measure the distance between two encrypted gradients. Then, we propose the Byzantine-tolerance aggregation using cosine similarity, which can achieve robustness for both Independently Identically Distribution (IID) and non-IID data. Extensive evaluations on three benchmark datasets (i.e., MNIST, KDDCup99, and Amazon) show that ShieldFL outperforms existing defense strategies. Especially, ShieldFL can achieve 30%-80% accuracy improvement to defend two state-of-the-art model poisoning attacks in both non-IID and IID settings.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Privacy-Preserving Color Image Feature Extraction by Quaternion Discrete
           Orthogonal Moments

    • Free pre-print version: Loading...

      Authors: Xiuli Bi;Chao Shuai;Bo Liu;Bin Xiao;Weisheng Li;Xinbo Gao;
      Pages: 1655 - 1668
      Abstract: To implement image storage and computation in cloud servers without violating users’ privacy, privacy-preserving feature extraction has been a new research interest. The existing works are mainly designed for grayscale images. For color images, they tend to convert them to grayscale images or obtain the results of the combination of single-channel processes. While the capabilities of features extracted from the encrypted color images will be affected if color information and inter-relationship between color channels are ignored. To fully preserve features of color images, we introduce quaternion theory to encode each color image and propose an improved vector homomorphic encryption scheme (IVHE) to encrypt quaternion-based color images. IVHE helps protect image content and keep vector characteristics of color images. Based on IVHE, the framework for feature extraction of privacy-preserving Quaternion Discrete Orthogonal Moments (PPQDOMs) is presented. Theoretical analyses prove that Quaternion Discrete Orthogonal Moments (QDOMs) can be extracted from the encrypted color images by PPQDOMs. Furthermore, we apply three common Discrete Orthogonal Moments to the proposed framework to evaluate its performance. Experimental results demonstrate that the proposed framework can protect color image content and perform well compared to QDOMs in image reconstruction and image recognition.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Towards Spoofing Resistant Next Generation IoT Networks

    • Free pre-print version: Loading...

      Authors: Mohammad Reza Nosouhi;Keshav Sood;Marthie Grobler;Robin Doss;
      Pages: 1669 - 1683
      Abstract: The potential vulnerability to wireless spoofing attacks is still a critical concern for Next Generation Internet of Things (NGIoT) networks which may result in catastrophic consequences in mission–critical applications. Conventional solutions may impose additional signal processing, protocol, and latency overheads which are inappropriate for NGIoT networks designed to provide high–speed and low–latency connections for a large number of resource–constrained IoT devices. In this paper, we utilize the uniqueness of beam pattern features in mmWave–enabled devices and propose a scalable security mechanism for the detection of wireless spoofing attacks in NGIoT networks. This uniqueness is proven to exist due to the non–ideal manufacturing of antenna arrays used in mmWave–enabled devices. In our approach, when legitimate mmWave–enabled IoT devices enrol into the network, their unique beam features are learned by a learning model developed at the network server. Then, during data transmission, network base stations (gNBs)/Access Points (APs) measure the beam features from the received RF signals and send them to the network server for the detection of anomalies. We develop our learning model based on Deep Autoencoders (DAEs) that are an effective tool for anomaly detection. Fortunately, the beam feature extraction can be performed using the beam searching mechanism that is already provided in mmWave standards (5G–NR and IEEE 802.11ad). Thus, feature extraction does not introduce any signal processing overheads to the system. Moreover, the proposed mechanism imposes zero computation/communication overhead to the resource—constrained IoT nodes. In our experiments, we reached 98.6% accuracy in the detection of illegitimate devices which confirms the effectiveness of th- proposed approach.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • A Quantum-Inspired Classifier for Early Web Bot Detection

    • Free pre-print version: Loading...

      Authors: Alberto Cabri;Francesco Masulli;Stefano Rovetta;Grażyna Suchacka;
      Pages: 1684 - 1697
      Abstract: This paper introduces a novel approach, inspired by the principles of Quantum Computing, to address web bot detection in terms of real-time classification of an incoming data stream of HTTP request headers, in order to ensure the shortest decision time with the highest accuracy. The proposed approach exploits the analogy between the intrinsic correlation of two or more particles and the dependence of each HTTP request on the preceding ones. Starting from the a-posteriori probability of each request to belong to a particular class, it is possible to assign a Qubit state representing a combination of the aforementioned probabilities for all available observations of the time series. By leveraging the underlying mathematical details of superposition and entanglement on specific subsequences, it is possible to devise a measure of membership to each class, thus enabling the system to take a reliable decision when a sufficient level of confidence is met or to continue with additional observations. The results reported in this paper objectively show the effectiveness of our quantum-inspired algorithm which outperforms other state-of-the-art approaches, including our own one based on the Sequential Probability Ratio Test.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Info-Commit: Information-Theoretic Polynomial Commitment

    • Free pre-print version: Loading...

      Authors: Saeid Sahraei;A. Salman Avestimehr;Ramy E. Ali;
      Pages: 1698 - 1708
      Abstract: We introduce Info-Commit, an information-theoretic protocol for polynomial commitment and verification. With the help of a trusted initializer, a succinct commitment to a private polynomial $f$ is provided to the user. The user then queries the server to obtain evaluations of $f$ at several inputs chosen by the user. The server provides the evaluations along with proofs of correctness which the user can verify against the initial commitment. Info-Commit has four main features. Firstly, the user is able to detect, with high probability, if the server has responded with evaluations of the same polynomial initially committed to. Secondly, Info-Commit provides rigorous privacy guarantees for the server: upon observing the initial commitment and the response provided by the server to $m$ evaluation queries, the user only learns $O(m^{2})$ symbols about the coefficients of $f$ . Thirdly, the verifiability and the privacy guarantees are unconditional regardless of the computational power of the two parties. Lastly, Info-Commit is doubly-efficient in the sense that in the evaluation phase, the user runs in $O(sqrt {d})$ time and the server runs in $O(d)$ time, where $d-1$ is the degree of the polynomial $f$ .
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • TrustSAMP: Securing Streaming Music Against Multivector Attacks on ARM
           Platform

    • Free pre-print version: Loading...

      Authors: Yanchu Li;Lingguang Lei;Yuewu Wang;Jiwu Jing;Quan Zhou;
      Pages: 1709 - 1724
      Abstract: Streaming music has dominated the digital music industry in recent years, which allows users to enjoy a huge music library online with a low subscription price. Terminal-side audio DRM (Digital Right Management) is very critical for streaming music industry, compromising of which will cause unrestricted listening, dumping and unauthorized secondary distribution. However, existing DRM protection schemes mainly focus on defeating software attacks but lack complete shielding against the physical memory disclosure attacks, which may even be launched by the owner of the terminal device. In this paper, we propose a terminal-side audio DRM solution called TrustSAMP to protect the copyrighted audio data against both software attacks and physical memory disclosure attacks. The basic idea is to process the audio data plaintext only in certain on-SoC components secured by ARM TrustZone. To minimize the TCB (Trusted Computing Base) of the secure world, we separate the control flow and the data flow of the Linux audio subsystem and port only the codes used for audio data decryption and plaintext transfer into the secure world. Moreover, we leave most driver codes of the audio-associated on-SoC components in the rich OS (i.e., in the normal world), and introduce a tiny proxy in the secure world to control the associated registers according to the requests from the normal-world drivers. The prototype implemented on real hardware shows that TrustSAMP can play a variety of wav-format audio with very small overhead and negligible loss of audio quality.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Hidden Path: Understanding the Intermediary in Malicious Redirections

    • Free pre-print version: Loading...

      Authors: Yuwei Zeng;Zhicheng Liu;Xunxun Chen;Tianning Zang;
      Pages: 1725 - 1740
      Abstract: URL redirection has become an important tool for adversaries to cover up their malicious campaigns. In this paper, we conduct the first large-scale measurement study on how adversaries leverage URL redirection to circumvent security checks and distribute malicious content in practice. To this end, we design an iteratively running framework to mine the domains used for malicious redirections constantly. First, we use a bipartite graph-based method to dig out the domains potentially involved in malicious redirections from real-world DNS traffic. Then, we dynamically crawl these suspicious domains and recover the corresponding redirection chains from the crawler’s performance log. Based on the collected redirection chains, we analyze the working mechanism of various malicious redirections, involving the abused modes and methods, and highlight the pervasiveness of node sharing. Notably, we find a new redirection abuse, redirection fluxing, which is abused to enhance the concealment of malicious sites by introducing randomness into the redirection. Our case studies reveal the adversary’s preference for abusing JavaScript methods to conduct redirection, even by introducing time-delay and fabricating user clicks to simulate normal users.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Detect and Locate: Exposing Face Manipulation by Semantic- and Noise-Level
           Telltales

    • Free pre-print version: Loading...

      Authors: Chenqi Kong;Baoliang Chen;Haoliang Li;Shiqi Wang;Anderson Rocha;Sam Kwong;
      Pages: 1741 - 1756
      Abstract: The technological advancements of deep learning have enabled sophisticated face manipulation schemes, raising severe trust issues and security concerns in modern society. Generally speaking, detecting manipulated faces and locating the potentially altered regions are challenging tasks. Herein, we propose a conceptually simple but effective method to efficiently detect forged faces in an image while simultaneously locating the manipulated regions. The proposed scheme relies on a segmentation map that delivers meaningful high-level semantic information clues about the image. Furthermore, a noise map is estimated, playing a complementary role in capturing low-level clues and subsequently empowering decision-making. Finally, the features from these two modules are combined to distinguish fake faces. Extensive experiments show that the proposed model achieves state-of-the-art detection accuracy and remarkable localization performance.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Fast Locally Optimal Detection of Targeted Universal Adversarial
           Perturbations

    • Free pre-print version: Loading...

      Authors: Amish Goel;Pierre Moulin;
      Pages: 1757 - 1770
      Abstract: This paper proposes a locally-optimal generalized likelihood ratio test (LO-GLRT) for detecting targeted attacks on a classifier, where the attacks add a norm-bounded targeted universal adversarial perturbation (UAP) to the classifier’s input. The paper includes both an analysis of the test as well as its empirical evaluation. The analysis provides an expression for the approximate lower bound of the detection probability, and the empirical evaluation shows this approximation to be similar to the actual detection probability. Since the LO-GLRT requires the score function of the input distribution, which is usually unknown in practice, we study the LO-GLRT for a learned surrogate input distribution. Specifically, we use a Gaussian distribution over the input subvectors as the surrogate distribution, for its mathematical tractability and computational efficiency. We evaluate the detector for several popular image classifiers and datasets, and compare the statistical and computational performance with the perturbation rectifying network (PRN) detector, another successful approach for detecting the UAPs. The LO-GLRT outperforms the PRN detector on both counts, with a running time at least 100 times lower than that of the PRN detector.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Subversion-Resistant and Consistent Attribute-Based Keyword Search for
           Secure Cloud Storage

    • Free pre-print version: Loading...

      Authors: Kai Zhang;Zhe Jiang;Jianting Ning;Xinyi Huang;
      Pages: 1771 - 1784
      Abstract: Secure cloud search service allows resource-constrained clients to effectively search over encrypted cloud storage. Towards enabling owner-enforced search authorization, the notion of attribute-based keyword search (ABKS) has been introduced and widely deployed in practice. To enhance traditional security of ABKS, two state-of-the-art solutions are presented to address keyword guessing attacks or setup inconsistency for secret key. Nevertheless, they have not simultaneously considered the following threats to a data user: (i) inconsistent secret key/cipher-index caused by outside dishonest authority and/or data owner; (ii) algorithm substitution attacks (ASA) launched by inside adversarial eavesdropping. These attacks may unfortunately lead to cloud data breach and user information exposure. To tackle such outside and inside threats, we introduce subversion-resistance and consistency for secure and fine-grained cloud document search services. In particular, we propose a consistent ABKS system with cryptographic reverse firewalls (CRF). Technically, we refer to verifiable functional encryption and employ non-interactive zero-knowledge proofs of discrete logarithm equality to ensure strong input consistency for ABKS. In addition, we build a trusted CRF zone for sanitizing algorithm outputs against ASA attacks. Moreover, we formalize the security model and formally prove security of our system. To clarify practical performance, we implement state-of-the-art solutions and our system in real cloud environment based on Enron dataset. The results show that our system achieves more enhanced security properties without obviously sacrificing performance. In particular, our system achieves comparable time and storage cost for document-index encryption and document search, as compared to state-of-the-art solutions.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • An Adversarial Approach to Protocol Analysis and Selection in Local
           Differential Privacy

    • Free pre-print version: Loading...

      Authors: M. Emre Gursoy;Ling Liu;Ka-Ho Chow;Stacey Truex;Wenqi Wei;
      Pages: 1785 - 1799
      Abstract: Local Differential Privacy (LDP) is a popular standard for privacy-preserving data collection. Numerous LDP protocols have been proposed in the literature which differ in how they provide higher utility in different settings. Yet, few have engaged in analyzing the privacy relationships of these protocols under varying settings, and consequently, it is non-trivial to select which LDP protocol is best to use in a newly emerging application. In this paper, we present an adversarial approach to protocol analysis and selection and make three original contributions. First, we introduce a Bayesian adversary to analyze the privacy relationships of LDP protocols under varying settings. We show that different protocols have substantially different responses to the attack effectiveness of the Bayesian adversary, measured in terms of Adversarial Success Rate (ASR). Second, we provide a formal and empirical analysis on a set of privacy and utility-critical factors, including encoding parameters, privacy budget, data domain, adversarial knowledge, and statistical distribution. We show that different settings of these factors have significant effects on the ASRs of LDP protocols, and no protocol provides consistently low ASR across all settings. Third, we design and develop LDPLens, a prototype implementation of our proposed framework. Given a data collection scenario with various factors and constraints, LDPLens enables optimized selection of a desirable LDP protocol for the given scenario. We evaluate the effectiveness of LDPLens using three case studies with real-world datasets. Results show that LDPLens recommends a different protocol in each case study, and the protocol recommended by LDPLens can yield up to 1.5–2 fold reduction in utility loss, ASR or privacy budget compared to a randomly selected protocol.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Private Polynomial Function Computation for Noncolluding Coded Databases

    • Free pre-print version: Loading...

      Authors: Sarah A. Obead;Hsuan-Yin Lin;Eirik Rosnes;Jörg Kliewer;
      Pages: 1800 - 1813
      Abstract: We consider the problem of private polynomial computation (PPC) from a distributed storage system (DSS). In such setting a user wishes to compute a multivariate polynomial of degree at most $g$ over $f$ variables (or messages) stored in $n$ noncolluding coded databases, i.e., databases storing data encoded with an $[n,k]$ linear storage code, while revealing no information about the desired polynomial evaluation to the databases. For a DSS setup where data is stored using linear storage codes, we derive an outer bound on the PPC rate, which is defined as the ratio of the (minimum) desired amount of information and the total amount of downloaded information, and construct two novel PPC schemes. In the first scheme, we consider Reed-Solomon coded databases with Lagrange encoding, which leverages ideas from recently proposed star-product private information retrieval and Lagrange coded computation. The second scheme considers the special case of coded databases with systematic Lagrange encoding. Both schemes yield improved rates, while asymptotically, as $frightarrow infty $ , the systematic scheme gives a significantly better computation retrieval rate compared to all known schemes up to some storage code rate that depends on the maximum degree of the candidate polynomials.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Laplacian Smoothing Stochastic ADMMs With Differential Privacy Guarantees

    • Free pre-print version: Loading...

      Authors: Yuanyuan Liu;Jiacheng Geng;Fanhua Shang;Weixin An;Hongying Liu;Qi Zhu;Wei Feng;
      Pages: 1814 - 1826
      Abstract: Many machine learning tasks such as structured sparse coding and multi-task learning can be converted into an equality constrained optimization problem. The stochastic alternating direction method of multipliers (SADMM) is a popular algorithm to solve such large-scale problems, and has been successfully used in many real-world applications. However, existing SADMMs fail to take into consideration an important issue in their designs, i.e., protecting sensitive information. To address this challenging issue, this paper proposes a novel differential privacy stochastic ADMM framework for solving equality constrained machine learning problems. In particular, to further lift the utility in privacy-preserving equality constrained optimization, a Laplacian smoothing operation is also introduced into our differential privacy ADMM framework, and it can smooth out the Gaussian noise used in the Gaussian mechanism. Then we propose an efficient differentially private variance reduced stochastic ADMM (DP-VRADMM) algorithm with Laplacian smoothing for both strongly convex and general convex objectives. As a by-product, we also present a new differentially private stochastic ADMM algorithm with DP guarantees. In theory, we provide both private guarantees and utility guarantees for the proposed algorithms, which show that Laplacian smoothing can improve the utility bounds of our algorithms. Experimental results on real-world datasets verify our theoretical results and the effectiveness of our algorithms.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Smart App Attack: Hacking Deep Learning Models in Android Apps

    • Free pre-print version: Loading...

      Authors: Yujin Huang;Chunyang Chen;
      Pages: 1827 - 1840
      Abstract: On-device deep learning is rapidly gaining popularity in mobile applications. Compared to offloading deep learning from smartphones to the cloud, on-device deep learning enables offline model inference while preserving user privacy. However, such mechanisms inevitably store models on users’ smartphones and may invite adversarial attacks as they are accessible to attackers. Due to the characteristic of the on-device model, most existing adversarial attacks cannot be directly applied for on-device models. In this paper, we introduce a grey-box adversarial attack framework to hack on-device models by crafting highly similar binary classification models based on identified transfer learning approaches and pre-trained models from TensorFlow Hub. We evaluate the attack effectiveness and generality in terms of four different settings including pre-trained models, datasets, transfer learning approaches and adversarial attack algorithms. The results demonstrate that the proposed attacks remain effective regardless of different settings, and significantly outperform state-of-the-art baselines. We further conduct an empirical study on real-world deep learning mobile apps collected from Google Play. Among 53 apps adopting transfer learning, we find that 71.7% of them can be successfully attacked, which includes popular ones in medicine, automation, and finance categories with critical usage scenarios. The results call for the awareness and actions of deep learning mobile app developers to secure the on-device models. The code of this work is available at https://github.com/Jinxhy/SmartAppAttack.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Multivariate Side-Informed Gaussian Embedding Minimizing Statistical
           Detectability

    • Free pre-print version: Loading...

      Authors: Quentin Giboulot;Patrick Bas;Rémi Cogranne;
      Pages: 1841 - 1854
      Abstract: Steganography schemes based on a deflection criterion for embedding posses a clear advantage against schemes based on heuristics as they provide a direct link between theoretical detectability and empirical performance. However, this advantage depends on the accuracy of the cover and stego model underlying the embedding scheme. In this work we propose an original steganography scheme based on a realistic model of sensor noise, taking into account the camera model, the ISO setting and the processing pipeline. Exploiting this statistical model allows us to take correlations between DCT coefficients into account. Several types of dependency models are presented, including a very general lattice model which accurately models dependencies introduced by a large class of processing pipelines of interest. We show in particular that the stego signal which minimizes the KL divergence under this model has a covariance proportional to the cover noise covariance. The resulting embedding scheme achieves state-of-the-art performances which go well beyond the current standards in side-informed JPEG steganography.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Statistical Effective Fault Attacks: The Other Side of the Coin

    • Free pre-print version: Loading...

      Authors: Navid Vafaei;Sara Zarei;Nasour Bagheri;Maria Eichlseder;Robert Primas;Hadi Soleimany;
      Pages: 1855 - 1867
      Abstract: The introduction of Statistical Ineffective Fault Attacks (SIFA) has led to a renewed interest in fault attacks. SIFA requires minimal knowledge of the concrete implementation and is effective even in the presence of common fault or power analysis countermeasures. However, further investigations reveal that undesired and frequent ineffective events, which we refer to as the noise phenomenon, are the bottleneck of SIFA that can considerably diminish its strength. This includes noise associated with the attack’s setup and caused by the countermeasures utilized in the implementation. This research aims to address this significant drawback. We present two novel statistical fault attack variants that are far more successful in dealing with these noisy conditions. The first variant is the Statistical Effective Fault Attack (SEFA), which exploits the non-uniform distribution of intermediate variables in circumstances when the induced faults are effective. The idea behind the second proposed method, dubbed Statistical Hybrid Fault Attacks (SHFA), is to take advantage of the biased distributions of both effective and ineffective cases simultaneously. Our experimental results in various case studies, including noise-free and noisy setups, back up our reasoning that SEFA surpasses SIFA in several instances and that SHFA outperforms both or is at least as efficient as the best of them. For example, in the case of a 4-bits random-AND fault injected into the AES with a 35% missed fault rate, utilizing SEFA reduces the number of needed ciphertexts by 50%. In the same case study, SHFA can yield 10% and 55% reductions compared to SEFA and SIFA.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Attribute-Based Hierarchical Access Control With Extendable Policy

    • Free pre-print version: Loading...

      Authors: Meiyan Xiao;Hongbo Li;Qiong Huang;Shui Yu;Willy Susilo;
      Pages: 1868 - 1883
      Abstract: Attribute-based encryption scheme is a promising mechanism to realize one-to-many fine-grained access control which strengthens the security in cloud computing. However, massive amounts of data and various data sharing requirements bring great challenges to the complex but isolated and fixed access structures in most of the existing attribute-based encryption schemes. In this paper, we propose an attribute-based hierarchical encryption scheme with extendable policy, called Extendable Hierarchical Ciphertext-Policy Attribute-Based Encryption (EH-CP-ABE), to improve the data sharing efficiency and security simultaneously. The scheme realizes the function of hierarchical encryption, in which, data with hierarchical access control relationships could be encrypted together flexibly to improve the efficiency. The scheme also achieves external and internal extension of the access structure to further encrypt newly added hierarchical data without updating the original ciphertexts or with only a minor update depending on the data sharing requirements, which simplifies the encryption process and greatly reduces the computation overhead. We formally prove the security of the scheme is IND-CCA secure in the random oracle model based on bilinear Diffie-Hellman assumption, and we also implement our scheme to demonstrate its efficiency and practicality.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Selective Staining on Non-Volatile Memory Cells for Data Retrieval

    • Free pre-print version: Loading...

      Authors: Xiao Mei Zeng;Qing Liu;Jing Yun Tay;Chee Lip Gan;
      Pages: 1884 - 1892
      Abstract: A new data retrieval approach utilizing selective staining is explored to differentiate “0” from “1” cells in EEPROM and Flash memory with node sizes of 40 nm and 250 nm. A two-step staining process based on selective oxide etching and copper galvanic displacement deposition is introduced. The underlying mechanism is attributed to the difference in electric field across the tunnel oxide, which originates from the presence or absence of charges stored in the floating gates. With proper sample preparation, the selectively stained and non-stained cells can be characterized with optical microscopy and scanning electron microscopy, to facilitate direct read-out of data in a time-efficient manner. The physical layout of individual memory cells with respect to the stored data is identified. A systematic data retrieval is achieved with an accuracy of 95% at individual bit level. This selective staining technique marks the data permanently on the chip that allows for subsequent analysis and evidence retention.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Analog Secret Sharing With Applications to Private Distributed Learning

    • Free pre-print version: Loading...

      Authors: Mahdi Soleymani;Hessam Mahdavifar;A. Salman Avestimehr;
      Pages: 1893 - 1904
      Abstract: We consider the critical problems of distributed computing and learning over data while keeping it private from the computational servers. The state-of-the-art approaches to this problem rely on quantizing the data into a finite field, so that the cryptographic approaches for secure multiparty computing can then be employed. These approaches, however, can result in substantial accuracy losses due to fixed-point representation of the data and computation overflows. To address these critical issues, we propose a novel algorithm to solve the privacy-preserving distributed computing problem when data is in the analog domain, e.g., the field of real/complex numbers. We characterize the privacy of the data from both information-theoretic and cryptographic perspectives, while establishing a connection between the two notions in the analog domain. More specifically, the well-known connection between the distinguishing security (DS) and the mutual information security (MIS) metrics is extended from the discrete domain to the analog domain. This is then utilized to bound the amount of information about the data leaked to the servers in our protocol, in terms of the DS metric, using well-known results on the capacity of single-input multiple-output (SIMO) channel with correlated noise. It is shown how the proposed framework can be adopted to do computation tasks when data is represented using floating-point numbers. We then show that this leads to a fundamental trade-off between the privacy level of data and accuracy of the result. By extending the setup to distributed learning, we show how to train a machine learning model using the proposed algorithm while keeping the data as well as the trained model private. Then numerical results are shown for experiments on several datasets. Furthermore, experimental advantages are shown comparing to fixed-point implementations over finite fields.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • PFLF: Privacy-Preserving Federated Learning Framework for Edge Computing

    • Free pre-print version: Loading...

      Authors: Hao Zhou;Geng Yang;Hua Dai;Guoxiu Liu;
      Pages: 1905 - 1918
      Abstract: Federated learning (FL) can protect clients’ privacy from leakage in distributed machine learning. Applying federated learning to edge computing can protect the privacy of edge clients and benefit edge computing. Nevertheless, eavesdroppers can analyze the parameter information to specify clients’ private information and model features. And it is difficult to achieve a high privacy level, convergence, and low communication overhead during the entire process in the FL framework. In this paper, we propose a novel privacy-preserving federated learning framework for edge computing (PFLF). In PFLF, each client and the application server add noise before sending the data. To protect the privacy of clients, we design a flexible arrangement mechanism to count the optimal training times for clients. We prove that PFLF guarantees the privacy of clients and servers during the entire training process. Then, we theoretically prove that PFLF has three main properties: 1) For a given privacy level and model aggregation times, there is an optimal number of participating times for clients; 2) There is an upper and lower bound of convergence; 3) PFLF achieves low communication overhead by designing a flexible participation training mechanism. Simulation experiments confirm the correctness of our theoretical analysis. Therefore, PFLF helps design a framework to balance privacy levels and convergence and achieve low communication overhead when there is a part of clients dropping out of training.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Attack-Resilient Optimal PMU Placement via Reinforcement Learning Guided
           Tree Search in Smart Grids

    • Free pre-print version: Loading...

      Authors: Meng Zhang;Zhuorui Wu;Jun Yan;Rongxing Lu;Xiaohong Guan;
      Pages: 1919 - 1929
      Abstract: The operation of smart grids heavily relies on secure and accurate meter measurements provided by phasor measurement units (PMUs). Therefore, the optimal PMU placement (OPP) aiming to achieve the complete system observability of smart grids with as few PMUs as possible has been extensively investigated. Although many existing studies have focused on the OPP, few of them are concerned with the placement order of PMUs. To protect as many buses as possible in smart grids when installing PMUs in stages owing to high cost, this paper proposes the attack-resilient OPP strategy which places PMUs in order by using reinforcement learning guided tree search, where the sequential decision making of reinforcement learning is utilized to explore placement orders. The least-effort attack model is carried out to screen vulnerable buses such that the buses adjacent to these buses can be placed PMUs in advance to reduce the state space and action space of the large-scale smart grid environment. Based on that, the reinforcement learning guided tree search approach is used to explore the key buses which need placing PMUs, where the repeated exploration of the agent is avoided by tree search. Then, a reasonable placement order of PMUs is obtained according to the action sequence the proposed method provides. Finally, the effectiveness of the proposed method is verified on various IEEE standard test systems and the comparison results with existing methods are provided.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • CBACS: A Privacy-Preserving and Efficient Cache-Based Access Control
           Scheme for Software Defined Vehicular Networks

    • Free pre-print version: Loading...

      Authors: Xiaoyu Zhang;Hong Zhong;Chunyang Fan;Irina Bolodurina;Jie Cui;
      Pages: 1930 - 1945
      Abstract: In vehicular networks, caching content in fog nodes is a widely accepted and favorable way to quickly respond to massive vehicle requests, reduce content retrieval delay and improve service quality. However, to implement such caching mode, it is critical to ensure efficient security and privacy protection when vehicles access the cached content in fog nodes. In this paper, aiming at the security issue, a novel lightweight cryptography-based access control scheme for software defined vehicular networks (SDVN) is proposed, by using TESLA broadcast authentication protocol and Pederson commitment. The scheme realizes direct and efficient authentication between vehicles and fog nodes while limiting only legitimate vehicles can get request responses, and avoids limitations or deficiencies in existing access control schemes. Moreover, considering the limited cache space of the fog node, by utilizing the flexibility of the SDN paradigm, a cooperative cache update mechanism is provided. The security verification with ProVerif and detailed security analyses prove that the scheme can meet the security requirements in SDVN. And compared with the related works, our scheme achieves better performance in terms of computation and communication costs.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Learning Compact Multirepresentation Feature Descriptor for Finger-Vein
           Recognition

    • Free pre-print version: Loading...

      Authors: Shuyi Li;Ruijun Ma;Lunke Fei;Bob Zhang;
      Pages: 1946 - 1958
      Abstract: Due to its high anti-counterfeiting and universality, the use of finger-vein pattern for identity authentication has recently attracted extensive attention in academia and industry. Despite recent advances in finger-vein recognition, most of the hand-crafted descriptors require strong prior knowledge, which may be ineffective in expressing its distinctiveness. In this paper, we present a novel compact multi-representation feature descriptor (CMrFD) with visual and semantic consistency, for finger-vein feature representation. Given the finger-vein images, we first form two-view representations to describe the informative vein features in local patches. Then, we jointly learn a feature transformation to map the two-view representations into discriminative binary codes. For the projection function, we linearly combine multi-view information and minimize the quantization error between the projected binary features and the original real-valued features. In terms of visual consistency, we minimize the Euclidean distance of each representation from the same class, at the same time, maximize the Euclidean distance from different classes in the projected space. Semantic consistency is used to ensure that similar images have compact multi-representation combined projection features. Lastly, we calculate the block-wise histograms as the final extracted features for finger-vein recognition. Experimental results on four widely used finger-vein databases demonstrate that the proposed method outperforms the state-of-the-art finger-vein recognition methods.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • A Secure Encoding Mechanism Against Deception Attacks on Multisensor
           Remote State Estimation

    • Free pre-print version: Loading...

      Authors: Jiayu Zhou;Wenjie Ding;Wen Yang;
      Pages: 1959 - 1969
      Abstract: This paper studies the defense strategy of remote state estimation under deception attacks. In order to prevent the stealthy attacker from reducing the estimation performance without triggering an alarm, an encoding-decoding mechanism combining linear transformation and artificial noise is proposed. Moreover, the detection performance under three different attack scenarios is analyzed. It is proved that the false data detector can effectively identify the attack or weaken its impact on the system under the proposed strategy, so as to ensure the security of the system. From the perspective of an attacker, an algorithm that can deduce the approximate values of the encoding parameters is also provided, which reveals how the magnitude of the artificial noise affects the accuracy of the attacker’s inference. Finally, a simulation example is presented to verify the effectiveness of the developed approach.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Generating Fair Universal Representations Using Adversarial Models

    • Free pre-print version: Loading...

      Authors: Peter Kairouz;Jiachun Liao;Chong Huang;Maunil Vyas;Monica Welfert;Lalitha Sankar;
      Pages: 1970 - 1985
      Abstract: We present a data-driven framework for learning fair universal representations (FUR) that guarantee statistical fairness for any learning task that may not be known a priori. Our framework leverages recent advances in adversarial learning to allow a data holder to learn representations in which a set of sensitive attributes are decoupled from the rest of the dataset. We formulate this as a constrained minimax game between an encoder and an adversary where the constraint ensures a measure of usefulness (utility) of the representation. The resulting problem is that of censoring, i.e., finding a representation that is least informative about the sensitive attributes given a utility constraint. For appropriately chosen adversarial loss functions, our censoring framework precisely clarifies the optimal adversarial strategy against strong information-theoretic adversaries; it also achieves the fairness measure of demographic parity for the resulting constrained representations. We evaluate the performance of our proposed framework on both synthetic and publicly available datasets. For these datasets, we use two tradeoff measures: censoring vs. representation fidelity and fairness vs. utility for downstream tasks, to amply demonstrate that multiple sensitive features can be effectively censored even as the resulting fair representations ensure accuracy for multiple downstream tasks.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • A Fully Authenticated Diffie-Hellman Protocol and Its Application in WSNs

    • Free pre-print version: Loading...

      Authors: Fajun Sun;Selena He;Xiaotong Zhang;Jun Zhang;Qingan Li;Yanxiang He;
      Pages: 1986 - 1999
      Abstract: The secure authenticated key establishment between nodes in Wireless Sensor Networks (WSNs) has not been fully solved in the existing schemes. It’s a good idea to apply the Diffie-Hellman protocol to address it perfectly, but the existing authenticated Diffie-Hellman (ADH) protocols are not perfect because their authentication are partial or delayed. In this paper, we first present a concept of full authentication and propose a new fully authenticated Diffie-Hellman (FADH) prototype with light-certificate-based authentication. And then based on the theory of elliptic curve cryptography, we construct the TinyADH (Tiny Authenticated Diffie-Hellman) protocol with applying the FADH in WSNs. Compared with the existing similar solutions, TinyADH has lower communication overload, is easier to implement into existing standards, and more secure under equivalent computational complexity. The experimental results show that using this scheme for a successful key agreement between two nodes averagely takes about 54 seconds on TelosB. Moreover, the simulation results indicate that repeated key agreement can improve the secure connectivity rate. However, considering the cost performance ratio, it is advisable to take 2 runs of the negotiation.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • LinkBreaker: Breaking the Backdoor-Trigger Link in DNNs via Neurons
           Consistency Check

    • Free pre-print version: Loading...

      Authors: Zhenzhu Chen;Shang Wang;Anmin Fu;Yansong Gao;Shui Yu;Robert H. Deng;
      Pages: 2000 - 2014
      Abstract: Backdoor attacks cause model misbehaving by first implanting backdoors in deep neural networks (DNNs) during training and then activating the backdoor via samples with triggers during inference. The compromised models could pose serious security risks to artificial intelligence systems, such as misidentifying ‘stop’ traffic sign into ‘80km/h’. In this paper, we investigate the connection characteristic between the backdoor and the trigger in DNNs and observe the fact that the backdoor is implanted via establishing a link between a cluster of neurons, representing the backdoor, and the triggers. Based on this observation, we design LinkBreaker, a new generic scheme for defending against backdoor attacks. In particular, LinkBreaker deploys a neuron consistency check mechanism for identifying compromised neuron set related to the trigger. Then, the LinkBreaker regulates the model to make predictions based on benign neuron set only and thus breaks the link between the backdoor and the trigger. Compared to previous defenses, LinkBreaker offers a more general backdoor countermeasure that is not only effective against input-agnostic backdoors but also source-specific backdoors, which the later can not be defeated by majority of state-of-the-arts. Besides, LinkBreaker is robust against adversarial examples, which, to a large extent, provides a holistic defense against adversarial example attacks on DNNs, while almost all current backdoor defenses do not have such consideration and capability. Extensive experimental evaluations on real datasets demonstrate that LinkBreaker is with high efficacy of suppressing trigger inputs while incurring no noticeable accuracy deterioration on benign inputs.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Motion-Adaptive Detection of HEVC Double Compression With the Same Coding
           Parameters

    • Free pre-print version: Loading...

      Authors: Qiang Xu;Xinghao Jiang;Tanfeng Sun;Alex C. Kot;
      Pages: 2015 - 2029
      Abstract: High Efficiency Video Coding (HEVC) double compression detection is of prime significance in video forensics. However, double compression with the same parameters and video content with high motion displacement intensity have become two main factors that limit the performance of existing algorithms. To address these issues, a novel motion-adaptive algorithm is proposed in this paper. Firstly, the analysis of GOP structure in HEVC standard and the coding process of HEVC double compression are provided. Next, sub-features composed of fluctuation intensities of intra prediction modes and unstable Prediction Units (PUs) in normal Intra-Frames (I-frames) and optical flow in adaptive I-frames are exploited in our algorithm. Each sub-feature is extracted during the process of multiple decompression. We further combine these sub-features into a 27-dimensional detection feature, which is finally fed to the Support Vector Machine (SVM) classifier. By following a separation-fusion detection strategy, the experimental result shows that the proposed algorithm outperforms the existing state-of-the-art methods and demonstrates superior robustness to various motion displacement intensities and a wide variety of coding parameter settings.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • A Dataset and Benchmark for Multimodal Biometric Recognition Based on
           Fingerprint and Finger Vein

    • Free pre-print version: Loading...

      Authors: Hengyi Ren;Lijuan Sun;Jian Guo;Chong Han;
      Pages: 2030 - 2043
      Abstract: Compared with single biometric recognition, multimodal biometric recognition based on fingerprint and finger vein has been widely considered because of its convenient sample collection, high security and accurate recognition. However, according to our investigation, there is no public dataset of fingerprint and finger vein collected at the same time. The existing work uses fingerprint datasets and finger vein datasets from different sources for research, besides the researchers data from building their own equipment, which lacks consideration of practical applications. This is not conducive to the promotion of multibiometric technology based on finger. To promote research on multimodal biometric recognition based on fingerprint and finger vein, we design a finger collection device and introduce a new dataset, NUPT-FPV. It is the first public dataset to collect fingerprint and finger vein simultaneously in real-world applications. NUPT-FPV obtained 840 finger information from 140 volunteers, each finger was collected 20 times (collected in two sessions), and 33600 fingerprint and finger vein images were obtained. In addition, we propose a novel multimodal fusion method based on a convolutional neural network as a benchmark. Extensive experiments were conducted to verify the necessity of our dataset. Through the released dataset and benchmark, we hope to further promote the development of multimodal biometrics based on fingerprint and finger vein.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Multidiscriminator Sobolev Defense-GAN Against Adversarial Attacks for
           End-to-End Speech Systems

    • Free pre-print version: Loading...

      Authors: Mohammad Esmaeilpour;Patrick Cardinal;Alessandro Lameiras Koerich;
      Pages: 2044 - 2058
      Abstract: This paper introduces a defense approach against end-to-end adversarial attacks developed for cutting-edge speech-to-text systems. The proposed defense algorithm has four steps. First, we use the short-time Fourier transform to represent speech signals with 2D spectrograms. Second, we iteratively find a safe vector using a spectrogram subspace projection operation. This operation minimizes the chordal distance adjustment between spectrograms with an additional regularization term. Third, we synthesize a spectrogram with such a safe vector using a novel GAN architecture trained with Sobolev integral probability metric. We impose an additional constraint on the generator network to improve the model’s performance in terms of stability and the total number of learned modes. Finally, we reconstruct the signal from the synthesized spectrogram and the Griffin-Lim phase approximation technique. We evaluate the proposed defense approach against six strong white and black-box adversarial attacks on DeepSpeech, Kaldi, and Lingvo models. The experimental results show that our algorithm outperforms other state-of-the-art defense algorithms in terms of accuracy and signal quality.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • PVD-FL: A Privacy-Preserving and Verifiable Decentralized Federated
           Learning Framework

    • Free pre-print version: Loading...

      Authors: Jiaqi Zhao;Hui Zhu;Fengwei Wang;Rongxing Lu;Zhe Liu;Hui Li;
      Pages: 2059 - 2073
      Abstract: Over the past years, the increasingly severe data island problem has spawned an emerging distributed deep learning framework—federated learning, in which the global model can be constructed over multiple participants without directly sharing their raw data. Despite its promising prospect, there are still many security challenges in federated learning, such as privacy preservation and integrity verification. Furthermore, federated learning is usually performed with the assistance of a center, which is prone to cause trust worries and communicational bottlenecks. To tackle these challenges, in this paper, we propose a privacy-preserving and verifiable decentralized federated learning framework, named PVD-FL, which can achieve secure deep learning model training under a decentralized architecture. Specifically, we first design an efficient and verifiable cipher-based matrix multiplication (EVCM) algorithm to execute the most basic calculation in deep learning. Then, by employing EVCM, we design a suite of decentralized algorithms to construct the PVD-FL framework, which ensures the confidentiality of both global model and local update and the verification of every training step. Detailed security analysis shows that PVD-FL can well protect privacy against various inference attacks and guarantee training integrity. In addition, the extensive experiments on real-world datasets also demonstrate that PVD-FL can achieve lossless accuracy and practical performance.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Experimental Evaluation of e.MMC Data Recovery

    • Free pre-print version: Loading...

      Authors: Aya Fukami;Sasha Sheremetov;Francesco Regazzoni;Zeno Geradts;Cees De Laat;
      Pages: 2074 - 2083
      Abstract: In this paper, we explore the data recovery procedures from ${e} cdot $ MMCs. The ${e} cdot $ MMC is one of the “managed” flash memory devices that are popularly used in modern digital devices as their storage media. The ${e} cdot $ MMC, which consists of flash memory and the flash memory controller, optimizes the data input/output between the host device and the non-volatile memory through its standardized protocol. Its standardized structure and protocol makes forensic physical data acquisition simpler than handling the raw flash memory. However, its secure data purging features, such as Secure Erase and Sanitize, make data recovery from ${e} cdot $ MMC a challenging task. In this research, we investigate inside the ${e} cdot $ MMCs, and evaluate advanced data recovery procedures. By reverse engineering the structures of ${e} cdot $ MMCs and accessing the internal flash memory, we discover that securely erased data is still recoverable from the internal flash memory. In some models, more than 99% of the securely erased data can still be recoverable by accessing the flash memory inside the ${e} cdot $ MMCs. The data extraction method, along with experimental data recovery evaluation, will be explored in this paper.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • TFW: Annotated Thermal Faces in the Wild Dataset

    • Free pre-print version: Loading...

      Authors: Askat Kuzdeuov;Dana Aubakirova;Darina Koishigarina;Huseyin Atakan Varol;
      Pages: 2084 - 2094
      Abstract: Face detection and subsequent localization of facial landmarks are the primary steps in many face applications. Numerous algorithms and benchmark datasets have been introduced to develop robust models for the visible domain. However, varying conditions of illumination still pose challenging problems. In this regard, thermal cameras are employed to address this problem, because they operate on longer wavelengths. However, thermal face and facial landmark detection in the wild is an open research problem because most of the existing thermal datasets were collected in controlled environments. In addition, many of them were not annotated with face bounding boxes and facial landmarks. In this work, we present a thermal face dataset with manually labeled bounding boxes and facial landmarks to address these problems. The dataset contains 9,982 images of 147 subjects collected under controlled and uncontrolled conditions. As a baseline, we trained the YOLOv5 (Jocher, 2020) object detection model and its adaptation for face detection, YOLO5Face (Qi et al., 2021), on our dataset. In addition to our test set, we evaluated the models on the external RWTH-Aachen (Kopaczka et al., 2019) thermal face dataset to show the efficacy of our dataset. We have made the dataset, source code, and pre-trained models publicly available at https://github.com/IS2AI/TFW to bolster research in thermal face analysis.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Memory-Modulated Transformer Network for Heterogeneous Face Recognition

    • Free pre-print version: Loading...

      Authors: Mandi Luo;Haoxue Wu;Huaibo Huang;Weizan He;Ran He;
      Pages: 2095 - 2109
      Abstract: Heterogeneous face recognition (HFR) aims at matching face images across different domains. It is challenging due to the severe domain discrepancies and overfitting caused by small training datasets. Some researchers apply a “recognition via generation” strategy and propose to solve the problem by translating images from a given domain into the visual domain. However, in many HFR tasks such as near-infrablack HFR, there is no paiblack data, which makes it an unsupervised generation. Pose variations, background differences, and many other factors present challenges. Moreover, the generated results lack diversity since many previous works regard this image translation as a “one-to-one” generation task. Considering the information deficiency in the input images, we propose to formulate this image translation process as a “one-to-many” generation problem. Specifically, we introduce reference images to guide the generation process. We propose a memory module to explore the prototypical style patterns of the reference domain. After self-supervised updating, the memory items are attentively aggregated to represent the style information. Moreover, to subtly fuse the contents of input images with the style of reference images, we propose a novel style transformer module. Specifically, we crop the encoded input and reference feature maps into patches, and use the style transformer to establish long-range dependencies between the input and reference patches. Thus, the style of every input patch is transferblack based on those of the most relevant reference patches. Extensive experiments on multiple datasets for various HFR tasks, including NIR-VIS, thermal-VIS, sketch-photo, and gray-RGB, are conducted. The robustness and effectiveness of the proposed MMTN are demonstrated both quantitatively and qualitatively.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • When Differential Privacy Implies Syntactic Privacy

    • Free pre-print version: Loading...

      Authors: Emelie Ekenstedt;Lawrence Ong;Yucheng Liu;Sarah Johnson;Phee Lep Yeoh;Joerg Kliewer;
      Pages: 2110 - 2124
      Abstract: Two main privacy models for sanitising datasets are differential privacy (DP) and syntactic privacy. The former restricts individual values’ impact on the output based on the dataset while the latter restructures the dataset before publication to link any record to multiple sensitive data values. Besides both providing mechanisms to sanitise data, these models are often applied independently of each other and very little is known regarding how they relate. Knowing how privacy models are related can help us develop a deeper understanding of privacy and can inform how a single privacy mechanism can fulfil multiple privacy models. In this paper, we introduce a framework that determines if the privacy mechanisms of one privacy model can also guarantee privacy for another privacy model. We apply our framework to understand the relationship between DP and a form of syntactic privacy called $t$ -closeness. We demonstrate, for the first time, how DP and $t$ -closeness can be interpreted in terms of each other by introducing generalisations and extensions of both models to explain the transition from one model to the other. Finally, we show how applying one mechanism to guarantee multiple privacy models increases data utility compared to applying separate mechanisms for each privacy model.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Interpretable Local Frequency Binary Pattern (LFrBP) Based Joint Continual
           Learning Network for Heterogeneous Face Recognition

    • Free pre-print version: Loading...

      Authors: Hiranmoy Roy;Debotosh Bhattacharjee;Ondrej Krejcar;
      Pages: 2125 - 2136
      Abstract: Heterogeneous Face Recognition (HFR) is a challenging task due to the significant intra-class variation between the query and gallery images. The reason behind this vast intra-class variation is the varying image capturing sensors and the varying image representation techniques. Visual, Infrared, thermal images are the output of different sensors and viewed sketches, and composite sketches are the output of different image representation techniques. Conventional deep learning models are trying to solve the problem. Still, progress is impeded due to small HFR data samples, task-specific models (one model trained for face sketch-photo matching can’t perform well for NIR-VIS face matching), joint learning of two different HFR scenarios are not possible by one single deep network, and models are not interpretable. In this paper, to solve these major problems, we presented a novel interpretable Local Frequency Binary Pattern (LFrBP) based continual learning shallow network for HFR. The model is divided into two parts. A modality-invariant CNN model using the LFrBP feature, fine-tuned with CNN, is presented in the first part. The second part is based on continual learning to jointly learn the two HFR scenarios (face sketch-photo and NIR-VIS face matching) using a single network. Recognition results on different challenging HFR databases depict the superiority of the proposed model over other state-of-the-art deep learning-based methods.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • One-Class Knowledge Distillation for Face Presentation Attack Detection

    • Free pre-print version: Loading...

      Authors: Zhi Li;Rizhao Cai;Haoliang Li;Kwok-Yan Lam;Yongjian Hu;Alex C. Kot;
      Pages: 2137 - 2150
      Abstract: Face presentation attack detection (PAD) has been extensively studied by research communities to enhance the security of face recognition systems. Although existing methods have achieved good performance on testing data with similar distribution as the training data, their performance degrades severely in application scenarios with data of unseen distributions. In situations where the training and testing data are drawn from different domains, a typical approach is to apply domain adaptation techniques to improve face PAD performance with the help of target domain data. However, it has always been a non-trivial challenge to collect sufficient data samples in the target domain, especially for attack samples. This paper introduces a teacher-student framework to improve the cross-domain performance of face PAD with one-class domain adaptation. In addition to the source domain data, the framework utilizes only a few genuine face samples of the target domain. Under this framework, a teacher network is trained with source domain samples to provide discriminative feature representations for face PAD. Student networks are trained to mimic the teacher network and learn similar representations for genuine face samples of the target domain. In the test phase, the similarity score between the representations of the teacher and student networks is used to distinguish attacks from genuine ones. To evaluate the proposed framework under one-class domain adaptation settings, we devised two new protocols and conducted extensive experiments. The experimental results show that our method outperforms baselines under one-class domain adaptation settings and even state-of-the-art methods with unsupervised domain adaptation.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • A Differentially Private Framework for Deep Learning With Convexified Loss
           Functions

    • Free pre-print version: Loading...

      Authors: Zhigang Lu;Hassan Jameel Asghar;Mohamed Ali Kaafar;Darren Webb;Peter Dickinson;
      Pages: 2151 - 2165
      Abstract: Differential privacy (DP) has been applied in deep learning for preserving privacy of the underlying training sets. Existing DP practice falls into three categories—objective perturbation (injecting DP noise into the objective function), gradient perturbation (injecting DP noise into the process of gradient descent) and output perturbation (injecting DP noise into the trained neural networks, scaled by the global sensitivity of the trained model parameters). They suffer from three main problems. First, conditions on objective functions limit objective perturbation in general deep learning tasks. Second, gradient perturbation does not achieve a satisfactory privacy-utility trade-off due to over-injected noise in each epoch. Third, high utility of the output perturbation method is not guaranteed because of the loose upper bound on the global sensitivity of the trained model parameters as the noise scale parameter. To address these problems, we analyse a tighter upper bound on the global sensitivity of the model parameters. Under a black-box setting, based on this global sensitivity, to control the overall noise injection, we propose a novel output perturbation framework by injecting DP noise into a randomly sampled neuron (via the exponential mechanism) at the output layer of a baseline non-private neural network trained with a convexified loss function. We empirically compare the privacy-utility trade-off, measured by accuracy loss to baseline non-private models and the privacy leakage against black-box membership inference (MI) attacks, between our framework and the open-source differentially private stochastic gradient descent (DP-SGD) approaches on six commonly used real-world datasets. The experimental evaluations show that, when the baseline models have observable privacy leakage under MI attacks, our framework achieves a better privacy-utility trade-off than existing DP-SGD implementations, given an overall privacy budget $epsilon leq 1$ for a large number of queries.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Seeing Traffic Paths: Encrypted Traffic Classification With Path Signature
           Features

    • Free pre-print version: Loading...

      Authors: Shi-Jie Xu;Guang-Gang Geng;Xiao-Bo Jin;Dong-Jie Liu;Jian Weng;
      Pages: 2166 - 2181
      Abstract: Although many network traffic protection methods have been developed to protect user privacy, encrypted traffic can still reveal sensitive user information with sophisticated analysis. In this paper, we propose ETC-PS, a novel encrypted traffic classification method with path signature. We first construct the traffic path with a session packet length sequence to represent the interactions between the client and the server. Then, path transformations are conducted to exhibit its structure and obtain different information. A multiscale path signature is finally computed as a kind of distinctive feature to train the traditional machine learning classifier, which achieves highly robust accuracy and low training overhead. Six publicly available datasets with different traffic types of HTTPS/1, HTTPS/2, QUIC, VPN, non-VPN, Tor, and non-Tor are used to conduct closed-world and open-world evaluations to verify the effectiveness of ETC-PS. The experimental results demonstrate that ETC-PS is superior to the state-of-the-art methods in terms of accuracy, $f_{1}$ score, time complexity, and stability.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Debiasing Android Malware Datasets: How Can I Trust Your Results If Your
           Dataset Is Biased'

    • Free pre-print version: Loading...

      Authors: Tomás Concepción Miranda;Pierre-Francois Gimenez;Jean-François Lalande;Valérie Viet Triem Tong;Pierre Wilke;
      Pages: 2182 - 2197
      Abstract: Android security has received a lot of attention over the last decade, especially malware investigation. Researchers attempt to highlight applications’ security-relevant characteristics to better understand malware and effectively distinguish malware from benign applications. The accuracy and the completeness of their proposals are evaluated experimentally on malware and goodware datasets. Thus, the quality of these datasets is of critical importance: if the datasets are outdated or not representative of the studied population, the conclusions may be flawed. We specify different types of experimental scenarios. Some of them require unlabeled but representative datasets of the entire population. Others require datasets labeled with valuable characteristics that may be difficult to compute, such as malware datasets. We discuss the irregularities of datasets used in experiments, questioning the validity of the performances reported in the literature. This article focuses on providing guidelines for designing debiased datasets. First, we propose guidelines for building representative datasets from unlabeled ones. Second, we propose and experiment a debiasing algorithm that, given a biased labeled dataset and a target representative dataset, builds a representative and labeled dataset. Finally, from the previous debiased datasets, we produce datasets for experiments on Android malware detection or classification with machine learning algorithms. Experiments show that debiased datasets perform better when classifying with machine learning algorithms.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • DsDTW: Local Representation Learning With Deep soft-DTW for Dynamic
           Signature Verification

    • Free pre-print version: Loading...

      Authors: Jiajia Jiang;Songxuan Lai;Lianwen Jin;Yecheng Zhu;
      Pages: 2198 - 2212
      Abstract: Dynamic time warping (DTW) is a popular technique for sequence alignment, and is the de facto standard for dynamic signature verification. In this paper, we go a significant step further to enhance DTW with the capability of deep representation learning, and propose an end-to-end trainable Deep soft-DTW (DsDTW) model for dynamic signature verification. Specifically, we design a convolutional recurrent adaptive network (CRAN) to process dynamic signatures, and utilize it to provide robust and discriminative local representations as inputs for DTW. As DTW is not fully differentiable with regard to its inputs, we introduce its smoothed formulation, soft-DTW, and incorporate the soft-DTW distances of signature pairs into the loss function for optimization. Because soft-DTW is differentiable, the proposed DsDTW is end-to-end trainable, and achieves an elegant integration of CRAN deep learning model and traditional DTW mechanism. Our method achieves state-of-the-art performance on several public benchmarks, and has won first place in the ICDAR 2021 competition for online signature verification. Source codes of DsDTW is available at https://github.com/KAKAFEI123/DsDTW.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Dynamical Failures Driven by False Load Injection Attacks Against Smart
           Grid

    • Free pre-print version: Loading...

      Authors: Da-Tian Peng;Jianmin Dong;Jungang Yang;Qinke Peng;
      Pages: 2213 - 2226
      Abstract: Extensive studies have revealed that smart grid is vulnerable to cyber-physical attacks. However, these strategies only focus on the cascading initiation phase to induce single-stage failures with multiple branch tripping, lacking of exploring the attack effectiveness in the propagation phase so that the deeply-hidden cascading failures are underestimated. In this paper, we propose a novel false load injection attack strategy that can intentionally penetrate into the cascading propagation phase to drive multi-stage dynamical failures with a cascading process. Specifically, we formulate a bi-level optimization problem to model the adversarial game between operator and attacker. The former is in charge of security-constrained economic dispatching to minimize the generation cost, and the latter aims to maximize the cumulative number of tripped branches. Further, we reformulate this NP-hard bi-level problem as a mixed integer linear program for tractable computation. Finally, we perform numerical simulations on different-scale IEEE test systems to validate our strategy in driving the dynamical failures.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Anonymous and Efficient Authentication Scheme for Privacy-Preserving
           Distributed Learning

    • Free pre-print version: Loading...

      Authors: Yili Jiang;Kuan Zhang;Yi Qian;Liang Zhou;
      Pages: 2227 - 2240
      Abstract: Distributed learning is proposed as a promising technique to reduce heavy data transmissions in centralized machine learning. By allowing the participants training the model locally, raw data is unnecessarily uploaded to the centralized cloud server, reducing the risks of privacy leakage as well. However, the existing studies have shown that an adversary is able to derive the raw data by analyzing the obtained machine learning models. To tackle this challenge, the state-of-the-art solutions mainly depend on differential privacy and encryption techniques (e.g., homomorphic encryption). Whereas, differential privacy degrades data utility and leads to inaccurate learning, while encryption based approaches are not effective to all machine learning algorithms due to the limited operations and excessive computation cost. In this work, we propose a novel scheme to resolve the privacy issues from the anonymous authentication approach. Different from the two types of existing solutions, this approach is generalized to all machine learning algorithms without reducing data utility, while guaranteeing privacy preservation. In addition, it can be integrated with detection schemes against data poisoning attacks and free-rider attacks, being more practical for distributed learning. To this end, we first design a pairing-based certificateless signature scheme. Based on the signature scheme, we further propose an anonymous and efficient authentication protocol which supports dynamic batch verification. The proposed protocol guarantees the desired security properties while being computationally efficient. Formal security proof and analysis have been provided to demonstrate the achieved security properties, including confidentiality, anonymity, mutual authentication, unlinkability, unforgeability, forward security, backward security, and non-repudiation. In addition, the performance analysis reveals that our proposed protocol significantly reduces the time consumption in batch verifi-ation, achieving high computational efficiency.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Inferential Separation for Privacy: Irrelevant Statistics and Quantization

    • Free pre-print version: Loading...

      Authors: Ce Feng;Parv Venkitasubramaniam;
      Pages: 2241 - 2255
      Abstract: This work presents a new paradigm for protection of sensitive inferences drawn from data streams with relevance to Internet-of-Things (IoT). This paradigm is an alternative to end-to-end encryption of entire data streams, or noise-addition based privatization mechanisms. It relies on the notion that raw data shared through IoTs are themselves not sensitive but for the inferences that can be drawn from them, and further, these inferences vary much slower than the collected data. Methodologies are developed that transform data streams into two parallel sub-streams of minimum sufficient and maximal irrelevant statistics, such that the sparse minimal sufficient stream can be protected using encryption, and the high rate irrelevant stream is guaranteed to provide perfect privacy for the underlying inference without any additional protection. This inferential separation is explored theoretically, where it is proved that the inference relevant (minimum sufficient) stream grows as $O(log t)$ for a data stream of length $t$ . The approach is extended to bandwidth constrained devices, where a new optimal quantization scheme is presented that achieves maximum fidelity while guaranteeing privacy. The presented algorithms are demonstrated to practical IoT datasets where trained CNN based classifiers are shown to fail on the unprotected high rate stream.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Semantic-Aware Privacy-Preserving Online Location Trajectory Data Sharing

    • Free pre-print version: Loading...

      Authors: Zhirun Zheng;Zhetao Li;Hongbo Jiang;Leo Yu Zhang;Dengbiao Tu;
      Pages: 2256 - 2271
      Abstract: Although users can obtain various services by sharing their location information online with location-based service providers, it reveals sensitive information about users. However, existing privacy-preserving techniques in the online scenario suffer from the following shortcomings. First, they model the correlations between the real trajectory and the distorted trajectory as undirected, which makes them unable to accurately quantify the data privacy leakage caused by sharing the distorted trajectory. Second, they are unable to protect semantic privacy, i.e., attackers can obtain the victims’ visit purpose by using the Point of Interest information without knowing the real location data. Additionally, they fail to balance semantic-aware data utility and privacy protection. To make the case even worse, compared to the offline scenario, sharing trajectory online in real time does not have access to the overall location trajectory. In this paper, we propose a novel semantic-aware privacy-preserving online location trajectory sharing mechanism, called SEmantic-aware Information-Theoretic Privacy (SEITP), to protect both data privacy and semantic privacy while the semantic-aware data utility can be preserved. In particular, we put forward two new metrics of privacy to capture data privacy leakage and semantic privacy leakage, respectively. Besides, to quantify the semantic-aware trajectory data utility, we propose a semantic-aware utility metric. With those metrics, the shortcoming of failing to guarantee the data utility is avoided naturally through structuring a multi-objective optimization problem. Then, we theoretically prove that the new construction can protect both data and semantic privacy. Finally, the experimental evaluations based on the real-world private vehicle trajectory dataset demonstrate that SEITP outperforms existing mechanisms.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Frontal-Centers Guided Face: Boosting Face Recognition by Learning
           Pose-Invariant Features

    • Free pre-print version: Loading...

      Authors: Yingfan Tao;Wenxian Zheng;Wenming Yang;Guijin Wang;Qingmin Liao;
      Pages: 2272 - 2283
      Abstract: In recent years, face recognition has made a remarkable breakthrough due to the emergence of deep learning. However, compared with frontal face recognition, plenty of deep face recognition models still suffer serious performance degradation when handling profile faces. To address this issue, we propose a novel Frontal-Centers Guided Loss (FCGFace) to obtain highly discriminative features for face recognition. Most existing discriminative feature learning approaches project features from the same class into a separated latent subspace. These methods only model the distribution at the identity-level but ignore the latent relationship between frontal and profile viewpoints. Different from these methods, FCGFace takes viewpoints into consideration by modeling the distribution at both the identity-level and the viewpoint-level. At the identity-level, a softmax-based loss is employed for a relatively rough classification. At the viewpoint-level, centers of frontal face features are defined to guide the optimization conducted in a more refined way. Specifically, our FCGFace is capable of adaptively adjusting the distribution of profile face features and narrowing the gap between them and frontal face features during different training stages to form compact identity clusters. Extensive experimental results on popular benchmarks, including cross-pose datasets (CFP-FP, CPLFW, VGGFace2-FP, and Multi-PIE) and non-cross-pose datasets (YTF, LFW, AgeDB-30, CALFW, IJB-B, IJB-C, and RFW), have demonstrated the superiority of our FCGFace over the SOTA competitors.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Conv-MLP: A Convolution and MLP Mixed Model for Multimodal Face
           Anti-Spoofing

    • Free pre-print version: Loading...

      Authors: Weihang Wang;Fei Wen;Haoyuan Zheng;Rendong Ying;Peilin Liu;
      Pages: 2284 - 2297
      Abstract: Local features contain crucial clues for face anti-spoofing. Convolutional neural networks (CNNs) are powerful in extracting local features, but the intrinsic inductive bias of CNNs limits the ability to capture long-range dependencies. This paper aims to develop a simple yet effective framework that is versatile in extracting both local information and long-range dependencies for face anti-spoofing. To this end, we propose a novel architecture, namely Conv-MLP, which incorporates local patch convolution with global multi-layer perceptrons (MLP). Conv-MLP breaks the inductive bias limitation of traditional full CNNs and can be expected to better exploit long-range dependencies. Furthermore, we design a new loss specifically for the face anti-spoofing task, namely moat loss. The moat loss benefits discriminative representations learning and can improve the generalization capability on unseen presentation attacks. In this work, multi-modal data are directly fused at the signal level to extract complementary features. Extensive experiments on single and multi-modal datasets demonstrate that Conv-MLP outperforms existing state-of-the-art methods while being more computationally efficient. The code is available at https://github.com/WeihangWANG/Conv-MLP.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Study on Reflection-Based Imaging Finger Vein Recognition

    • Free pre-print version: Loading...

      Authors: Zejun Zhang;Fei Zhong;Wenxiong Kang;
      Pages: 2298 - 2310
      Abstract: Finger vein modality plays an important role in biometrics due to its stability and security. However, existing state-of-the-art finger vein recognition systems adopt the transmission-based imaging mode with a sealed design, which requires redundant space in the imaging device and results in an uncomfortable user experience. Consequently, we design a reflection-based imaging device with an open structure to reduce the device volume and improve the portability, as well as the user experience. However, an open structure of the device inevitably introduces extra illumination variation to the image, which may deteriorate the performance of the system. In this paper, we propose Domain Adaptation Finger Vein Network (DAFVN) to narrow the domain shift between different illumination data domains and extract illumination-invariant features from finger vein images, improving the robustness to illumination variations. To evaluate the performance of DAFVN and remedy the lack of a publicly open reflection-based finger vein database, we use the self-made device to construct the first large-scale reflection-based finger vein database, namely SCUT Reflective Imaging Finger Vein database (SCUT-RIFV). It includes 32,064 images from 167 subjects with five different illumination conditions. Abundant experiments implemented on the SCUT-RIFV database indicate that the proposed method can effectively alleviate the influence of illumination variation on the reflection-based finger vein recognition system.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Retrofitting LBR Profiling to Enhance Virtual Machine Introspection

    • Free pre-print version: Loading...

      Authors: Weijie Liu;Ximeng Liu;Zhi Li;Bin Liu;Rongwei Yu;Lina Wang;
      Pages: 2311 - 2323
      Abstract: Cloud attack provenance is a well-established industrial practice for assuring transparency and accountability for a service provider to tenants. However, the multi-tenancy and self-service nature coupled with the sheer size of a cloud implies many unique challenges to cloud forensics. Although Virtual Machine Introspection (VMI) is a powerful tool for attack provenance due to the privilege isolation, the stealthiness of state-of-the-art attacks and the lack of precise information make existing attack provenance solutions difficult to fulfill real-time forensics when tracking enormous suspicious behaviors. To this end, we propose an instruction-level tracing framework for inspecting the presence of attacks by dynamically tracking shared processor hardware event patterns and analyzing the attack traces. To overcome the challenges of real-time detection and provenance, we advocate Last Branch Record (LBR) profiling, to extract the suspicious execution flows. With the hardware assistance and software-based virtualization introspection, we show that the framework can provide an effective response to threats in different cases, thereby enabling a quick attack provenance with high fidelity. The evaluation shows that our prototype introduces negligible performance penalties.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • NoLeaks: Differentially Private Causal Discovery Under Functional Causal
           Model

    • Free pre-print version: Loading...

      Authors: Pingchuan Ma;Zhenlan Ji;Qi Pang;Shuai Wang;
      Pages: 2324 - 2338
      Abstract: Causal inference is widely used in clinical research, economic analysis, and other fields. As is the case with many statistical data, the findings of causal discovery (i.e., causal graph) might leak demographic information of participants. For example, a causal link between one genome and a rare disease can reveal the participation of a minority patient in genome-wide association studies. To date, differential privacy has served as the de facto foundation for guaranteeing the privacy of causal discovery algorithms. However, existing approaches to protecting causal discovery from privacy leakage rely heavily on private conditional independence tests, which generate a considerable amount of noise and are thus prone to inaccuracy. As a result of their limited accuracy and scalability, they are insufficient for non-trivial datasets (e.g., those with more than ten variables). In this paper, we advocate a novel focus on enforcing privacy for causal discovery algorithms based on functional causal models. First, we propose NoLeaks, a differentially private causal discovery algorithm, which manifests both high accuracy and efficiency compared with prior works. Second, we design a quasi-Newton numerical optimization algorithm for solving NoLeaks in a highly efficient way. Third, we evaluate NoLeaks using both public benchmarks and synthetic data. We observe that NoLeaks achieves comparable performance or even surpasses the state-of-the-art (non-private) approaches. We also find encouraging results that NoLeaks can smoothly scale to large datasets, on which existing works would fail. Through a case study and a downstream application, we observe encouraging results on the versatile usages of NoLeaks.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • An Explainable AI-Based Intrusion Detection System for DNS Over HTTPS
           (DoH) Attacks

    • Free pre-print version: Loading...

      Authors: Tahmina Zebin;Shahadate Rezvy;Yuan Luo;
      Pages: 2339 - 2349
      Abstract: Over the past few years, Domain Name Service (DNS) remained a prime target for hackers as it enables them to gain first entry into networks and gain access to data for exfiltration. Although the DNS over HTTPS (DoH) protocol has desirable properties for internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious network traffic generated by malware and malicious tools. To support their efforts in maintaining a secure network, in this paper, we have implemented an explainable AI solution using a novel machine learning framework. We have used the publicly available CIRA-CIC-DoHBrw-2020 dataset for developing an accurate solution to detect and classify the DNS over HTTPS attacks. Our proposed balanced and stacked Random Forest achieved very high precision (99.91%), recall (99.92%) and F1 score (99.91%) for the classification task at hand. Using explainable AI methods, we have additionally highlighted the underlying feature contributions in an attempt to provide transparent and explainable results from the model.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Component-Based Attention for Large-Scale Trademark Retrieval

    • Free pre-print version: Loading...

      Authors: Osman Tursun;Simon Denman;Sabesan Sivapalan;Sridha Sridharan;Clinton Fookes;Sandra Mau;
      Pages: 2350 - 2363
      Abstract: The need for large-scale trademark retrieval (TR) systems has significantly increased to combat the rise in international trademark infringement. Unfortunately, the ranking accuracy of current approaches using either hand-crafted or pre-trained deep convolution neural network (DCNN) features is inadequate for large-scale deployments. We show in this paper that the ranking accuracy of TR systems can be significantly improved by incorporating hard and soft attention mechanisms, which direct attention to critical information such as figurative elements and reduce the attention given to distracting and uninformative elements such as text and background. Our proposed approach achieves state-of-the-art results on a challenging large-scale trademark dataset.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
  • Mutual Adversarial Training: Learning Together is Better Than Going Alone

    • Free pre-print version: Loading...

      Authors: Jiang Liu;Chun Pong Lau;Hossein Souri;Soheil Feizi;Rama Chellappa;
      Pages: 2364 - 2377
      Abstract: Recent studies have shown that robustness to adversarial attacks can be transferred across deep neural networks. In other words, we can make a weak model more robust with the help of a strong teacher model. In this paper, we ask if models can “learn together” and “teach each other” to achieve better robustness instead of learning from a static teacher. We study how interactions among models enhance robustness via knowledge distillation. We propose mutual adversarial training (MAT), in which multiple models are trained together and share the knowledge of adversarial examples to achieve improved robustness. MAT allows robust models to explore a larger space of adversarial samples and find more robust feature spaces and decision boundaries. Through extensive experiments on the CIFAR-10, CIFAR-100, and mini-ImageNet datasets, we demonstrate that MAT can effectively improve model robustness and outperform state-of-the-art methods under white-box attacks. In addition, we show that MAT can also mitigate the robustness trade-off among different perturbation types. Specially, we train specialist models that learn to defend a specific perturbation type and a generalist model that learns to defend multiple perturbation types by learning from the specialists, which brings as much as 13.4% accuracy gain to AT baselines against the union of $l_{infty} $ , $l_{2}$ , and $l_{1}$ attacks. Our results show the effectiveness of the proposed method and demonstrate that collaborative learning is an effective strategy for designing robust models.
      PubDate: 2022
      Issue No: Vol. 17 (2022)
       
 
JournalTOCs
School of Mathematical and Computer Sciences
Heriot-Watt University
Edinburgh, EH14 4AS, UK
Email: journaltocs@hw.ac.uk
Tel: +00 44 (0)131 4513762
 


Your IP address: 34.239.147.7
 
Home (Search)
API
About JournalTOCs
News (blog, publications)
JournalTOCs on Twitter   JournalTOCs on Facebook

JournalTOCs © 2009-