Search Results (17)

Hyperledger Fabric (HLF) is a leading permissioned blockchain platform designed for enterprise applications. However, it faces significant security risks from Denial-of-Service (DoS) attacks targeting its core components. This study systematically investigated network-level DoS attack vectors against HLF, with a focus on threats to its ordering service, Membership Service Provider (MSP), peer nodes, consensus protocols, and architectural dependencies. In this research, we performed experiments on an HLF test bed to demonstrate how compromised components can be exploited to launch DoS attacks and degrade the performance and availability of the blockchain network. Key attack scenarios included manipulating block sizes to induce latency, discarding blocks to disrupt consensus, issuing malicious certificates via MSP, colluding peers to sabotage validation, flooding external clients to overwhelm resources, misconfiguring Raft consensus parameters, and disabling CouchDB to cripple data access. The experimental results reveal severe impacts on the availability, including increased latency, decreased throughput, and inaccessibility of the ledger. Our findings emphasize the need for proactive monitoring and robust defense mechanisms to detect and mitigate DoS threats. Finally, we discuss some future research directions, including lightweight machine learning tailored to HLF, enhanced monitoring by aggregating logs from multiple sources, and collaboration with industry stakeholders to deploy pilot studies of security-enhanced HLF in operational environments. Full article

The Internet of Medical Things (IoMT) creates interconnected networks of smart medical devices, utilizing extensive medical data collection to improve patient outcomes, streamline resource management, and guarantee comprehensive life-cycle security. However, the private nature of medical data, coupled with strict compliance requirements, has resulted in the separation of information repositories in the IoMT network, severely hindering protected inter-domain data cooperation. Although current blockchain-based federated learning (BFL) approaches aim to resolve these issues, two persistent security weaknesses remain: privacy leakage and poisoning attacks. This study proposes a privacy-preserving poisoning-resistant blockchain-based federated learning (PPBFL) scheme for secure IoMT data sharing. Specifically, we design an active protection framework that uses a lightweight $(t,n)$-threshold secret sharing scheme to protect devices’ privacy and prevent coordination edge nodes from colluding. Then, we design a privacy-guaranteed cosine similarity verification protocol integrated with secure multi-party computation techniques to identify and neutralize malicious gradients uploaded by malicious devices. Furthermore, we deploy an intelligent aggregation system through blockchain smart contracts, removing centralized coordination dependencies while guaranteeing auditable computational validity. Our formal security analysis confirms the PPBFL scheme’s theoretical robustness. Comprehensive evaluations across multiple datasets validate the framework’s operational efficiency and defensive capabilities. Full article

Vehicular ad hoc networks (VANETs) enable communication among vehicles and between vehicles and infrastructure to provide safety and comfort to the users. Malicious nodes in VANETs may broadcast false information to create the impression of a fake event or road congestion. In addition, several malicious nodes may collude to collectively launch a false information attack to increase the credibility of the attack. Detection of these attacks is critical to mitigate the potential risks they bring to the safety of users. Existing techniques for detecting false information attacks in VANETs use different approaches such as machine learning, blockchain, trust scores, statistical methods, etc. These techniques rely on historical information about vehicles, artificial data used to train the technique, or coordination among vehicles. To address these limitations, we propose a false information attack detection technique for VANETs using an unsupervised anomaly detection approach. The objective of the proposed technique is to detect false information attacks based on only real-time characteristics of the network, achieving high accuracy and low processing delay. The performance evaluation results show that our proposed technique offers 30% lower data processing delay and a 17% lower false positive rate compared to existing approaches in scenarios with high proportions of malicious nodes. Full article

Group management is practiced to deploy access control and to ease multicast and broadcast communication. However, the devices that constitute the Internet of Things (IoT) are resource-constrained, and the network of IoT is heterogeneous with variable topologies interconnected. Hence, to tackle heterogeneity, SDN-aided centralized group management as a service framework is proposed to provide a global network perspective and administration. Group management as a service includes a group key management function, which can be either centralized or decentralized. Decentralized approaches use complex cryptographic primitives, making centralized techniques the optimal option for the IoT ecosystem. It is also necessary to use a safe, scalable approach that addresses dynamic membership changes with minimal overhead to provide a centralized group key management service. A group key management strategy called a one-way Function Tree (OFT) was put forth to lower communication costs in sizable dynamic groups. The technique, however, is vulnerable to collusion attacks in which an appending and withdrawing device colludes and conspires to obtain unauthorized keys for an unauthorized timeline. Several collusion-deprived improvements to the OFT method are suggested; however, they come at an increased cost for both communication and computation. The Modified One-Way Function Tree (MOFT), a novel technique, is suggested in this proposed work. The collusion resistance of the proposed MOFT system was demonstrated via security analysis. According to performance studies, MOFT lowers communication costs when compared to the original OFT scheme. In comparison to the OFT’s collusion-deprived upgrades, the computation cost is smaller. Full article

Cooperative communication and cognitive radio can effectively improve spectrum utilization, coverage range, and system throughput of vehicular networks, whereas they also incur several security issues and wiretapping attacks. Thus, security and threat detection are vitally important for such networks. This paper investigates the secrecy and throughput performance of an underlay cooperative cognitive vehicular network, where a pair of secondary vehicles communicate through a direct link and the assistance of a decode-and-forward (DF) secondary relay in the presence of Poisson-distributed colluding eavesdroppers and under an interference constraint set by the primary receiver. Considering mixed Rayleigh and double-Rayleigh fading channels, we design a realistic relaying transmission scheme and derive the closed-form expressions of secrecy and throughput performance, such as the secrecy outage probability (SOP), the connection outage probability (COP), the secrecy and connection outage probability (SCOP), and the overall secrecy throughput, for traditional and proposed schemes, respectively. An asymptotic analysis is further presented in the high signal-to-noise ratio (SNR) regime. Numerical results illustrate the impacts of network parameters on secrecy and throughput and reveal that the advantages of the proposed scheme are closely related to the channel gain of the relay link compared to the direct link. Full article

Deep learning is widely utilized to acquire predictive models for mobile crowdsensing systems (MCSs). These models significantly improve the availability and performance of MCSs in real-world scenarios. However, training these models requires substantial data resources, rendering them valuable to their owners. Numerous protection schemes have been proposed to mitigate potential economic loss arising from legal issues pertaining to model copyright. Although capable of providing copyright verification, these schemes either compromise the model utility or prove ineffective against adversarial attacks. Additionally, the privacy concern surrounding copyright verification is noteworthy, given the increasing privacy concerns among model owners. This paper introduces a privacy-preserving testing framework for copyright protection (PTFCP) comprising multiple protocols. Our protocols adhere to the two-cloud server model, where the owner and the suspect transmit their model output to non-colluding servers for evaluating model similarity through the public-key cryptosystem with distributed decryption (PCDD) and garbled circuits. Additionally, we have developed novel techniques to enable secure differentiation for absolute values. Our experiments in real-world datasets demonstrate that our protocols in the PTFCP successfully operate under numerous copyright violation scenarios, such as finetuning, pruning, and extraction. Full article

In this paper, we propose a lightweight and adaptable trust mechanism for the issue of trust evaluation among Internet of Things devices, considering challenges such as limited device resources and trust attacks. Firstly, we propose a trust evaluation approach based on Bayesian statistics and Jøsang’s belief model to quantify a device’s trustworthiness, where evaluators can freely initialize and update trust data with feedback from multiple sources, avoiding the bias of a single message source. It balances the accuracy of estimations and algorithm complexity. Secondly, considering that a trust estimation should reflect a device’s latest status, we propose a forgetting algorithm to ensure that trust estimations can sensitively perceive changes in device status. Compared with conventional methods, it can automatically set its parameters to gain good performance. Finally, to prevent trust attacks from misleading evaluators, we propose a tango algorithm to curb trust attacks and a hypothesis testing-based trust attack detection mechanism. We corroborate the proposed trust mechanism’s performance with simulation, whose results indicate that even if challenged by many colluding attackers that can exploit different trust attacks in combination, it can produce relatively accurate trust estimations, gradually exclude attackers, and quickly restore trust estimations for normal devices. Full article

Consumers in electricity markets are becoming more proactive because of the rapid development of demand–response management and distributed energy resources, which boost the transformation of peer-to-peer (P2P) energy-trading mechanisms. However, in the P2P negotiation process, it is a challenging task to prevent private information from being attacked by malicious agents. In this paper, we propose a privacy-preserving, two-party, secure computation mechanism for consensus-based P2P energy trading. First, a novel P2P negotiation mechanism for energy trading is proposed based on the consensus + innovation (C + I) method and the power transfer distribution factor (PTDF), and this mechanism can simultaneously maximize social welfare and maintain physical network constraints. In addition, the C + I method only requires a minimum set of information to be exchanged. Then, we analyze the strategy of malicious neighboring agents colluding to attack in order to steal private information. To defend against this attack, we propose a two-party, secure computation mechanism in order to realize safe negotiation between each pair of prosumers based on Paillier homomorphic encryption (HE), a smart contract (SC), and zero-knowledge proof (ZKP). The energy price is updated in a safe way without leaking any private information. Finally, we simulate the functionality of the privacy-preserving mechanism in terms of convergence performance, computational efficiency, scalability, and SC operations. Full article

Information storage and access in multi-cloud environments have become quite prevalent. In this paper, a multi-cloud framework is presented that secures users’ data. The primary goal of this framework is to secure users’ data from untrusted Cloud Service Providers (CSPs). They can collude with other malicious users and can hand over users’ data to these malicious users for their beneficial interests. In order to achieve this goal, the data are split into parts, and then each part is encrypted and uploaded to a different cloud. Therefore, client-side cryptography is used in this framework. For encrypting users’ data, the BDNA encryption technique is used. This framework presents a hybrid cryptographic approach that uses Identity-based Broadcast Encryption (IBBE) for managing the keys of the symmetric key algorithm (BDNA) by encrypting them with the particular version of IBBE. The work presented in this research paper is the first practical implementation of IBBE for securing encryption keys. Earlier, IBBE was only used for securely broadcasting data across many users over a network. The security of this hybrid scheme was proved through Indistinguishable Chosen-Ciphertext Attacks. This double encryption process makes the framework secure against all insiders and malicious users’ attacks. The proposed framework was implemented as a web application, and real-time storage clouds were used for storing the data. The workflow of the proposed framework is presented through screenshots of different working modules. Full article

The safe and efficient function of critical national infrastructure (CNI) relies on the accurate demand forecast. Cyber-physical system-based demand forecasting systems (CDFS), typically found in CNI (such as energy, water, and transport), are highly vulnerable to being compromised under false data injection attacks (FDIAs). The problem is that the majority of existing CDFS employ anomaly-based intrusion detection systems (AIDS) to combat FDIAs. Since the distribution of demand time series keeps changing naturally with time, AIDS treat a major change in the distribution as an attack, but this approach is not effective against colluding FDIAs. To overcome this problem, we propose a novel resilient CDFS called PRDFS (Proposed Resilient Demand Forecasting System). The primary novelty of PRDFS is that it uses signature-based intrusion detection systems (SIDS) that automatically generate attack signatures through the game-theoretic approach for the early detection of malicious nodes. We simulate the performance of PRDFS under colluding FDIA on High Performance Computing (HPC). The simulation results show that the demand forecasting resilience of PRDFS never goes below 80%, regardless of the percentage of malicious nodes. In contrast, the resilience of the benchmark system decreases sharply from about 99% to less than 30%, over the simulation period as the percentage of malicious nodes increases. Full article

The increase in computing capabilities of mobile devices has, in the last few years, made possible a plethora of complex operations performed from smartphones and tablets end users, for instance, from a bank transfer to the full management of home automation. Clearly, in this context, the detection of malicious applications is a critical and challenging task, especially considering that the user is often totally unaware of the behavior of the applications installed on their device. In this paper, we propose a method to detect inter-app communication i.e., a colluding communication between different applications with data support to silently exfiltrate sensitive and private information. We based the proposed method on model checking, by representing Android applications in terms of automata and by proposing a set of logic properties to reduce the number of comparisons and a set of logic properties automatically generated for detecting colluding applications. We evaluated the proposed method on a set of 1092 Android applications, including different colluding attacks, by obtaining an accuracy of 1, showing the effectiveness of the proposed method. Full article

This paper addresses the problem of voltage and reactive power control of inverter-based distributed generations (DGs) in an islanded microgrid subject to False Data Injection (FDI) attacks. To implement average voltage restoration and reactive power sharing, a two-layer distributed secondary control framework employing a multiagent system (MAS)-based dynamic consensus protocol is proposed. While communication network facilitates distributed control scheme, it leads to vulnerability of microgrids to malicious cyber-attacks. The adverse effects of FDI attack on the secondary controller are analyzed, and the necessary and sufficient conditions to model stealthy attack and probing attack are discussed in detail. A trust-based resilient control strategy is developed to resist the impacts of FDI attack. Based on the forward-backward consistency criterion, the self-monitoring and neighbor-monitoring mechanisms are developed to detect the misbehaving DGs. A group decision-making mechanism is also introduced to settle conflicts arising from the dishonest trust index caused by colluding attacks. A novel mitigation countermeasure is designed to eliminate the adversarial effects of attack: the discarding information mechanism is used to prevent the propagation of false data in the cooperative network while the recovery actions are designed to correct the deviations of collective estimation error in both transient disturbance and continuous FDI attack scenarios. Through a theoretical analysis, it is proved that the proposed mitigation and recovery mechanism can maintain the correct average estimates of voltage and reactive power, which ensures the secondary control objectives of microgrids under FDI attack. Simulation results on an islanded microgrid show the effectiveness and resilience of the proposed control scheme. Full article

The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a nutshell this attack requires that two or more applications are installed to perpetrate the malicious behaviour that is split in more than one single application: for this reason anti-malware are not able to detect this attack, considering that they analyze just one application at a time and that the single colluding application does not exhibit any malicious action. In this paper an approach exploiting model checking is proposed to automatically detect whether two applications exhibit the ability to perform a collusion through the SharedPreferences communication mechanism. We formulate a series of temporal logic formulae to detect the collusion attack from a model obtained by automatically selecting the classes candidate for the collusion, obtained by two heuristics we propose. Experimental results demonstrate that the proposed approach is promising in collusion application detection: as a matter of fact an accuracy equal to 0.99 is obtained by evaluating 993 Android applications. Full article

A secret image sharing (SIS) scheme inserts a secret message into shadow images in a way that if shadow images are combined in a specific way, the secret image can be recovered. A 2-out-of-2 sharing digital image scheme (SDIS) adopts a color palette to share a digital color secret image into two shadow images, and the secret image can be recovered from two shadow images, while any one shadow image has no information about the secret image. This 2-out-of-2 SDIS may keep the shadow size small because by using a color palette, and thus has advantage of reducing storage. However, the previous works on SDIS are just 2-out-of-2 scheme and have limited functions. In this paper, we take the lead to study a general n-out-of-n SDIS which can be applied on more than two shadow. The proposed SDIS is implemented on the basis of 2-out-of-2 SDIS. Our main contribution has the higher contrast of binary meaningful shadow and the larger region in color shadows revealing cover image when compared with previous 2-out-of-2 SDISs. Meanwhile, our SDIS is resistant to colluder attack. Full article

We propose a privacy-preserving aggregation scheme under a malicious attacks model, in which the aggregator may forge householders’ billing, or a neighborhood aggregation data, or collude with compromised smart meters to reveal object householders’ fine-grained data. The scheme can generate spatially total consumption in a neighborhood at a timestamp and temporally a householder’s billing in a series of timestamps. The proposed encryption scheme of imposing masking keys from pseudo-random function (PRF) between pairwise nodes on partitioned data ensures the confidentiality of individual fine-grained data, and fends off the power theft of n-2 smart meters at most (n is the group size of smart meters in a neighborhood). Compared with the afore-mentioned methods of public key encryption in most related literatures, the simple and lightweight combination of PRF with modular addition not only is customized to the specific needs of smart grid, but also facilitates any node’s verification for local aggregation or global aggregation with low cost overhead. The publicly verifiable scenarios are very important for self-sufficient, remote places, which can only afford renewable energy and can manage its own energy price according to the energy consumption circumstance in a neighborhood. Full article