Open Access. Powered by Scholars. Published by Universities.®

Computer Sciences Commons

Open Access. Powered by Scholars. Published by Universities.®

Information Security

Singapore Management University

2024

Articles 1 - 14 of 14

Full-Text Articles in Computer Sciences

Anopas: Practical Anonymous Transit Pass From Group Signatures With Time-Bound Keys, Rui Shi, Yang Yang, Yingjiu Li, Huamin Feng, Hwee Hwa Pang, Robert H. Deng Aug 2024

Anopas: Practical Anonymous Transit Pass From Group Signatures With Time-Bound Keys, Rui Shi, Yang Yang, Yingjiu Li, Huamin Feng, Hwee Hwa Pang, Robert H. Deng

Research Collection School Of Computing and Information Systems

An anonymous transit pass system allows passengers to access transport services within fixed time periods, with their privileges automatically deactivating upon time expiration. Although existing transit pass systems are deployable on powerful devices like PCs, their adaptation to more user-friendly devices, such as mobile phones with smart cards, is inefficient due to their reliance on heavy-weight operations like bilinear maps. In this paper, we introduce an innovative anonymous transit pass system, dubbed Anopas, optimized for deployment on mobile phones with smart cards, where the smart card is responsible for crucial lightweight operations and the mobile phone handles key-independent and time-consuming …

Go to article

Cmd: Co-Analyzed Iot Malware Detection And Forensics Via Network And Hardware Domains, Ziming Zhao, Zhaoxuan Li, Jiongchi Yu, Fan Zhang, Xiaofei Xie, Haitao Xu, Binbin Chen May 2024

Cmd: Co-Analyzed Iot Malware Detection And Forensics Via Network And Hardware Domains, Ziming Zhao, Zhaoxuan Li, Jiongchi Yu, Fan Zhang, Xiaofei Xie, Haitao Xu, Binbin Chen

Research Collection School Of Computing and Information Systems

With the widespread use of Internet of Things (IoT) devices, malware detection has become a hot spot for both academic and industrial communities. Existing approaches can be roughly categorized into network-side and host-side. However, existing network-side methods are difficult to capture contextual semantics from cross-source traffic, and previous host-side methods could be adversary-perceived and expose risks for tampering. More importantly, a single perspective cannot comprehensively track the multi-stage lifecycle of IoT malware. In this paper, we present CMD, a co-analyzed IoT malware detection and forensics system by combining hardware and network domains. For the network part, CMD proposes a tailored …

Go to article

Flgan: Gan-Based Unbiased Federated Learning Under Non-Iid Settings, Zhuoran Ma, Yang Liu, Yinbin Miao, Guowen Xu, Ximeng Liu, Jianfeng Ma, Robert H. Deng Apr 2024

Flgan: Gan-Based Unbiased Federated Learning Under Non-Iid Settings, Zhuoran Ma, Yang Liu, Yinbin Miao, Guowen Xu, Ximeng Liu, Jianfeng Ma, Robert H. Deng

Research Collection School Of Computing and Information Systems

Federated Learning (FL) suffers from low convergence and significant accuracy loss due to local biases caused by non-Independent and Identically Distributed (non-IID) data. To enhance the non-IID FL performance, a straightforward idea is to leverage the Generative Adversarial Network (GAN) to mitigate local biases using synthesized samples. Unfortunately, existing GAN-based solutions have inherent limitations, which do not support non-IID data and even compromise user privacy. To tackle the above issues, we propose a GAN-based unbiased FL scheme, called FlGan, to mitigate local biases using synthesized samples generated by GAN while preserving user-level privacy in the FL setting. Specifically, FlGan first …

Go to article

Stopguess: A Framework For Public-Key Authenticated Encryption With Keyword Search, Tao Xiang, Zhongming Wang, Biwen Chen, Xiaoguo Li, Peng Wang, Fei Chen Mar 2024

Stopguess: A Framework For Public-Key Authenticated Encryption With Keyword Search, Tao Xiang, Zhongming Wang, Biwen Chen, Xiaoguo Li, Peng Wang, Fei Chen

Research Collection School Of Computing and Information Systems

Public key encryption with keyword search (PEKS) allows users to search on encrypted data without leaking the keyword information from the ciphertexts. But it does not preserve keyword privacy within the trapdoors, because an adversary (e.g., untrusted server) might launch inside keyword-guessing attacks (IKGA) to guess keywords from the trapdoors. In recent years, public key authenticated encryption with keyword search (PAEKS) has become a promising primitive to counter the IKGA. However, existing PAEKS schemes focus on the concrete construction of PAEKS, making them unable to support modular construction, intuitive proof, or flexible extension. In this paper, our proposal called “StopGuess” …

Go to article

Sigmadiff: Semantics-Aware Deep Graph Matching For Pseudocode Diffing, Lian Gao, Yu Qu, Sheng Yu, Yue Duan, Heng Yin Mar 2024

Sigmadiff: Semantics-Aware Deep Graph Matching For Pseudocode Diffing, Lian Gao, Yu Qu, Sheng Yu, Yue Duan, Heng Yin

Research Collection School Of Computing and Information Systems

Pseudocode diffing precisely locates similar parts and captures differences between the decompiled pseudocode of two given binaries. It is particularly useful in many security scenarios such as code plagiarism detection, lineage analysis, patch, vulnerability analysis, etc. However, existing pseudocode diffing and binary diffing tools suffer from low accuracy and poor scalability, since they either rely on manually-designed heuristics (e.g., Diaphora) or heavy computations like matrix factorization (e.g., DeepBinDiff). To address the limitations, in this paper, we propose a semantics-aware, deep neural network-based model called SIGMADIFF. SIGMADIFF first constructs IR (Intermediate Representation) level interprocedural program dependency graphs (IPDGs). Then it uses …

Go to article

Developing Singapore As A Smart Nation, Josephine Teo Mar 2024

Developing Singapore As A Smart Nation, Josephine Teo

Asian Management Insights

Mrs Josephine Teo, Singapore’s Minister for Communications and Information, and Minister-in-charge of Smart Nation and Cybersecurity, speaks about leading the country’s Smart Nation drive.

Go to article

Harnessing The Advances Of Meda To Optimize Multi-Puf For Enhancing Ip Security Of Biochips, Chen Dong, Xiaodong Guo, Sihuang Lian, Yinan Yao, Zhenyi Chen, Yang Yang, Zhanghui Liu Mar 2024

Harnessing The Advances Of Meda To Optimize Multi-Puf For Enhancing Ip Security Of Biochips, Chen Dong, Xiaodong Guo, Sihuang Lian, Yinan Yao, Zhenyi Chen, Yang Yang, Zhanghui Liu

Research Collection School Of Computing and Information Systems

Digital microfluidic biochips (DMFBs) have a significant stride in the applications of medicine and the biochemistry in recent years. DMFBs based on micro-electrode-dot-array (MEDA) architecture, as the next-generation DMFBs, aim to overcome drawbacks of conventional DMFBs, such as droplet size restriction, low accuracy, and poor sensing ability. Since the potential market value of MEDA biochips is vast, it is of paramount importance to explore approaches to protect the intellectual property (IP) of MEDA biochips during the development process. In this paper, an IP authentication strategy based on the multi-PUF applied to MEDA biochips is presented, called bioMPUF, consisting of Delay …

Go to article

When Evolutionary Computation Meets Privacy, Bowen Zhao, Wei-Neng Chen, Xiaoguo Li, Ximeng Liu, Qingqi Pei, Jun Zhang Feb 2024

When Evolutionary Computation Meets Privacy, Bowen Zhao, Wei-Neng Chen, Xiaoguo Li, Ximeng Liu, Qingqi Pei, Jun Zhang

Research Collection School Of Computing and Information Systems

Recently, evolutionary computation (EC) has experienced significant advancements due to the integration of machine learning, distributed computing, and big data technologies. These developments have led to new research avenues in EC, such as distributed EC and surrogate-assisted EC. While these advancements have greatly enhanced the performance and applicability of EC, they have also raised concerns regarding privacy leakages, specifically the disclosure of optimal results and surrogate models. Consequently, the combination of evolutionary computation and privacy protection becomes an increasing necessity. However, a comprehensive exploration of privacy concerns in evolutionary computation is currently lacking, particularly in terms of identifying the object, …

Go to article

Predicting Viral Rumors And Vulnerable Users With Graph-Based Neural Multi-Task Learning For Infodemic Surveillance, Xuan Zhang, Wei Gao Jan 2024

Predicting Viral Rumors And Vulnerable Users With Graph-Based Neural Multi-Task Learning For Infodemic Surveillance, Xuan Zhang, Wei Gao

Research Collection School Of Computing and Information Systems

In the age of the infodemic, it is crucial to have tools for effectively monitoring the spread of rampant rumors that can quickly go viral, as well as identifying vulnerable users who may be more susceptible to spreading such misinformation. This proactive approach allows for timely preventive measures to be taken, mitigating the negative impact of false information on society. We propose a novel approach to predict viral rumors and vulnerable users using a unified graph neural network model. We pre-train network-based user embeddings and leverage a cross-attention mechanism between users and posts, together with a community-enhanced vulnerability propagation (CVP) …

Go to article

Efficient Privacy-Preserving Spatial Data Query In Cloud Computing, Yinbin Miao, Yutao Yang, Xinghua Li, Linfeng Wei, Zhiquan Liu, Robert H. Deng Jan 2024

Efficient Privacy-Preserving Spatial Data Query In Cloud Computing, Yinbin Miao, Yutao Yang, Xinghua Li, Linfeng Wei, Zhiquan Liu, Robert H. Deng

Research Collection School Of Computing and Information Systems

With the rapid development of geographic location technology and the explosive growth of data, a large amount of spatial data is outsourced to the cloud server for reducing the local high storage and computing burdens, but at the same time causes security issues. Thus, extensive privacy-preserving spatial data query schemes have been proposed. Most of the existing schemes use Asymmetric Scalar-Product-Preserving Encryption (ASPE) to encrypt data, but ASPE has proven to be insecure against known plaintext attack. And the existing schemes require users to provide more information about query range and thus generate a large amount of ciphertexts, which causes …

Go to article

Attribute-Hiding Fuzzy Encryption For Privacy-Preserving Data Evaluation, Zhenhua Chen, Luqi Huang, Guomin Yang, Willy Susilo, Xingbing Fu, Xingxing Jia Jan 2024

Attribute-Hiding Fuzzy Encryption For Privacy-Preserving Data Evaluation, Zhenhua Chen, Luqi Huang, Guomin Yang, Willy Susilo, Xingbing Fu, Xingxing Jia

Research Collection School Of Computing and Information Systems

Privacy-preserving data evaluation is one of the prominent research topics in the big data era. In many data evaluation applications that involve sensitive information, such as the medical records of patients in a medical system, protecting data privacy during the data evaluation process has become an essential requirement. Aiming at solving this problem, numerous fuzzy encryption systems for different similarity metrics have been proposed in literature. Unfortunately, the existing fuzzy encryption systems either fail to achieve attribute-hiding or achieve it, but are impractical. In this paper, we propose a new fuzzy encryption scheme for privacy-preserving data evaluation based on overlap …

Go to article

Provably Secure Decisions Based On Potentially Malicious Information, Dongxia Wang, Tim Muller, Jun Sun Jan 2024

Provably Secure Decisions Based On Potentially Malicious Information, Dongxia Wang, Tim Muller, Jun Sun

Research Collection School Of Computing and Information Systems

There are various security-critical decisions routinely made, on the basis of information provided by peers: routing messages, user reports, sensor data, navigational information, blockchain updates, etc. Jury theorems were proposed in sociology to make decisions based on information from peers, which assume peers may be mistaken with some probability. We focus on attackers in a system, which manifest as peers that strategically report fake information to manipulate decision making. We define the property of robustness: a lower bound probability of deciding correctly, regardless of what information attackers provide. When peers are independently selected, we propose an optimal, robust decision mechanism …

Go to article

Stealthy Backdoor Attack For Code Models, Zhou Yang, Bowen Xu, Jie M. Zhang, Hong Jin Kang, Jieke Shi, Junda He, David Lo Jan 2024

Stealthy Backdoor Attack For Code Models, Zhou Yang, Bowen Xu, Jie M. Zhang, Hong Jin Kang, Jieke Shi, Junda He, David Lo

Research Collection School Of Computing and Information Systems

Code models, such as CodeBERT and CodeT5, offer general-purpose representations of code and play a vital role in supporting downstream automated software engineering tasks. Most recently, code models were revealed to be vulnerable to backdoor attacks. A code model that is backdoor-attacked can behave normally on clean examples but will produce pre-defined malicious outputs on examples injected with that activate the backdoors. Existing backdoor attacks on code models use unstealthy and easy-to-detect triggers. This paper aims to investigate the vulnerability of code models with backdoor attacks. To this end, we propose A (dversarial eature as daptive Back). A achieves stealthiness …

Go to article

Soci+: An Enhanced Toolkit For Secure Outsourced Computation On Integers, Bowen Zhao, Weiquan Deng, Xiaoguo Li, Ximeng Liu, Qingqi Pei, Robert H. Deng Jan 2024

Soci+: An Enhanced Toolkit For Secure Outsourced Computation On Integers, Bowen Zhao, Weiquan Deng, Xiaoguo Li, Ximeng Liu, Qingqi Pei, Robert H. Deng

Research Collection School Of Computing and Information Systems

Secure outsourced computation is critical for cloud computing to safeguard data confidentiality and ensure data usability. Recently, secure outsourced computation schemes following a twin-server architecture based on partially homomorphic cryptosystems have received increasing attention. The Secure Outsourced Computation on Integers (SOCI) [1] toolkit is the state-of-the-art among these schemes which can perform secure computation on integers without requiring the costly bootstrapping operation as in fully homomorphic encryption; however, SOCI suffers from relatively large computation and communication overhead. In this paper, we propose SOCI+ which significantly improves the performance of SOCI. Specifically, SOCI+ employs a novel (2,2)-threshold Paillier cryptosystem with fast …

Go to article