As smart grid technology rapidly advances,the vast amount of user data collected by smart meter presents significant challenges in data security and privacy protection.Current research emphasizes data security and use...As smart grid technology rapidly advances,the vast amount of user data collected by smart meter presents significant challenges in data security and privacy protection.Current research emphasizes data security and user privacy concerns within smart grids.However,existing methods struggle with efficiency and security when processing large-scale data.Balancing efficient data processing with stringent privacy protection during data aggregation in smart grids remains an urgent challenge.This paper proposes an AI-based multi-type data aggregation method designed to enhance aggregation efficiency and security by standardizing and normalizing various data modalities.The approach optimizes data preprocessing,integrates Long Short-Term Memory(LSTM)networks for handling time-series data,and employs homomorphic encryption to safeguard user privacy.It also explores the application of Boneh Lynn Shacham(BLS)signatures for user authentication.The proposed scheme’s efficiency,security,and privacy protection capabilities are validated through rigorous security proofs and experimental analysis.展开更多
This paper explores the issue of secure synchronization control in piecewise-homogeneous Markovian jump delay neural networks affected by denial-of-service(DoS)attacks.Initially,a novel memory-based adaptive event-tri...This paper explores the issue of secure synchronization control in piecewise-homogeneous Markovian jump delay neural networks affected by denial-of-service(DoS)attacks.Initially,a novel memory-based adaptive event-triggered mechanism(MBAETM)is designed based on sequential growth rates,focusing on event-triggered conditions and thresholds.Subsequently,from the perspective of defenders,non-periodic DoS attacks are re-characterized,and a model of irregular DoS attacks with cyclic fluctuations within time series is further introduced to enhance the system's defense capabilities more effectively.Additionally,considering the unified demands of network security and communication efficiency,a resilient memory-based adaptive event-triggered mechanism(RMBAETM)is proposed.A unified Lyapunov-Krasovskii functional is then constructed,incorporating a loop functional to thoroughly consider information at trigger moments.The master-slave system achieves synchronization through the application of linear matrix inequality techniques.Finally,the proposed methods'effectiveness and superiority are confirmed through four numerical simulation examples.展开更多
The emergence of next generation networks(NextG),including 5G and beyond,is reshaping the technological landscape of cellular and mobile networks.These networks are sufficiently scaled to interconnect billions of user...The emergence of next generation networks(NextG),including 5G and beyond,is reshaping the technological landscape of cellular and mobile networks.These networks are sufficiently scaled to interconnect billions of users and devices.Researchers in academia and industry are focusing on technological advancements to achieve highspeed transmission,cell planning,and latency reduction to facilitate emerging applications such as virtual reality,the metaverse,smart cities,smart health,and autonomous vehicles.NextG continuously improves its network functionality to support these applications.Multiple input multiple output(MIMO)technology offers spectral efficiency,dependability,and overall performance in conjunctionwithNextG.This article proposes a secure channel estimation technique in MIMO topology using a norm-estimation model to provide comprehensive insights into protecting NextG network components against adversarial attacks.The technique aims to create long-lasting and secure NextG networks using this extended approach.The viability of MIMO applications and modern AI-driven methodologies to combat cybersecurity threats are explored in this research.Moreover,the proposed model demonstrates high performance in terms of reliability and accuracy,with a 20%reduction in the MalOut-RealOut-Diff metric compared to existing state-of-the-art techniques.展开更多
In today’s rapidly evolving digital landscape,web application security has become paramount as organizations face increasingly sophisticated cyber threats.This work presents a comprehensive methodology for implementi...In today’s rapidly evolving digital landscape,web application security has become paramount as organizations face increasingly sophisticated cyber threats.This work presents a comprehensive methodology for implementing robust security measures in modern web applications and the proof of the Methodology applied to Vue.js,Spring Boot,and MySQL architecture.The proposed approach addresses critical security challenges through a multi-layered framework that encompasses essential security dimensions including multi-factor authentication,fine-grained authorization controls,sophisticated session management,data confidentiality and integrity protection,secure logging mechanisms,comprehensive error handling,high availability strategies,advanced input validation,and security headers implementation.Significant contributions are made to the field of web application security.First,a detailed catalogue of security requirements specifically tailored to protect web applications against contemporary threats,backed by rigorous analysis and industry best practices.Second,the methodology is validated through a carefully designed proof-of-concept implementation in a controlled environment,demonstrating the practical effectiveness of the security measures.The validation process employs cutting-edge static and dynamic analysis tools for comprehensive dependency validation and vulnerability detection,ensuring robust security coverage.The validation results confirm the prevention and avoidance of security vulnerabilities of the methodology.A key innovation of this work is the seamless integration of DevSecOps practices throughout the secure Software Development Life Cycle(SSDLC),creating a security-first mindset from initial design to deployment.By combining proactive secure coding practices with defensive security approaches,a framework is established that not only strengthens application security but also fosters a culture of security awareness within development teams.This hybrid approach ensures that security considerations are woven into every aspect of the development process,rather than being treated as an afterthought.展开更多
The secured access is studied in this paper for the network of the image remote sensing.Each sensor in this network encounters the information security when uploading information of the images wirelessly from the sens...The secured access is studied in this paper for the network of the image remote sensing.Each sensor in this network encounters the information security when uploading information of the images wirelessly from the sensor to the central collection point.In order to enhance the sensing quality for the remote uploading,the passive reflection surface technique is employed.If one eavesdropper that exists nearby this sensor is keeping on accessing the same networks,he may receive the same image from this sensor.Our goal in this paper is to improve the SNR of legitimate collection unit while cut down the SNR of the eavesdropper as much as possible by adaptively adjust the uploading power from this sensor to enhance the security of the remote sensing images.In order to achieve this goal,the secured energy efficiency performance is theoretically analyzed with respect to the number of the passive reflection elements by calculating the instantaneous performance over the channel fading coefficients.Based on this theoretical result,the secured access is formulated as a mathematical optimization problem by adjusting the sensor uploading power as the unknown variables with the objective of the energy efficiency maximization while satisfying any required maximum data rate of the eavesdropper sensor.Finally,the analytical expression is theoretically derived for the optimum uploading power.Numerical simulations verify the design approach.展开更多
In wireless Energy Harvesting(EH)cooperative networks,we investigate the problem of secure energy-saving resource allocation for downlink physical layer security transmission.Initially,we establish a model for a multi...In wireless Energy Harvesting(EH)cooperative networks,we investigate the problem of secure energy-saving resource allocation for downlink physical layer security transmission.Initially,we establish a model for a multi-relay cooperative network incorporating wireless energy harvesting,spectrum sharing,and system power constraints,focusing on physical layersecurity transmission in the presence of eavesdropping nodes.In this model,the source node transmits signals while injecting Artificial Noise(AN)to mitigate eavesdropping risks,and an idle relay can act as a jamming node to assist in this process.Based on this model,we formulate an optimization problem for maximizing system secure harvesting energy efficiency,this problem integrates constraints on total power,bandwidth,and AN allocation.We proceed by conducting a mathematical analysis of the optimization problem,deriving optimal solutions for secure energy-saving resource allocation,this includes strategies for power allocation at the source and relay nodes,bandwidth allocation among relays,and power splitting for the energy harvesting node.Thus,we propose a secure resource allocation algorithm designed to maximize secure harvesting energy efficiency.Finally,we validate the correctness of the theoretical derivation through Monte Carlo simulations,discussing the impact of parameters such as legitimate channel gain,power splitting factor,and the number of relays on secure harvesting energy efficiency of the system.The simulation results show that the proposed secure energy-saving resource allocation algorithm effectively enhances the security performance of the system.展开更多
Unmanned Aerial Vehicle(UAV)-aided communication holds great potential to enhance the transmission performance.However,the information security remains a fundamental requirement due to the high possibilities of line-o...Unmanned Aerial Vehicle(UAV)-aided communication holds great potential to enhance the transmission performance.However,the information security remains a fundamental requirement due to the high possibilities of line-of-sight links and the broadcast nature.展开更多
Industrial intelligence and secure interconnection serve as the foundational platform and critical information infrastructure for new industrialization,carrying significant strategic importance.They not only function ...Industrial intelligence and secure interconnection serve as the foundational platform and critical information infrastructure for new industrialization,carrying significant strategic importance.They not only function as the core engine driving the transformation and upgrading of the manufacturing sector and ensuring stable socioeconomic operation but are also vital to enhancing national technological competitiveness and safeguarding industrial security.展开更多
Integrating Artificial Intelligence of Things(AIoT)in healthcare offers transformative potential for real-time diagnostics and collaborative learning but presents critical challenges,including privacy preservation,com...Integrating Artificial Intelligence of Things(AIoT)in healthcare offers transformative potential for real-time diagnostics and collaborative learning but presents critical challenges,including privacy preservation,computational efficiency,and regulatory compliance.Traditional approaches,such as differential privacy,homomorphic encryption,and secure multi-party computation,often fail to balance performance and privacy,rendering them unsuitable for resource-constrained healthcare AIoT environments.This paper introduces LMSA(Lightweight Multi-Key Secure Aggregation),a novel framework designed to address these challenges and enable efficient,secure federated learning across distributed healthcare institutions.LMSA incorporates three key innovations:(1)a lightweight multikey management system leveraging Diffie-Hellman key exchange and SHA3-256 hashing,achieving O(n)complexity with AES(Advanced Encryption Standard)-256-level security;(2)a privacy-preserving aggregation protocol employing hardware-accelerated AES-CTR(CounTeR)encryption andmodular arithmetic for securemodel weight combination;and(3)a resource-optimized implementation utilizing AES-NI(New Instructions)instructions and efficient memory management for real-time operations on constrained devices.Experimental evaluations using the National Institutes of Health(NIH)Chest X-ray dataset demonstrate LMSA’s ability to train multi-label thoracic disease prediction models with Vision Transformer(ViT),ResNet-50,and MobileNet architectures across distributed healthcare institutions.Memory usage analysis confirmed minimal overhead,with ViT(327.30 MB),ResNet-50(89.87 MB),and MobileNet(8.63 MB)maintaining stable encryption times across communication rounds.LMSA ensures robust security through hardware acceleration,enabling real-time diagnostics without compromising patient confidentiality or regulatory compliance.Future research aims to optimize LMSA for ultra-low-power devices and validate its scalability in heterogeneous,real-world environments.LMSA represents a foundational advancement for privacy-conscious healthcare AI applications,bridging the gap between privacy and performance.展开更多
Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers...Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers.However,users’sensitive data would then become unregulated.In the event of data loss,cloud storage providers might conceal the fact that data has been compromised to protect their reputation and mitigate losses.Ensuring the integrity of data stored in the cloud remains a pressing issue that urgently needs to be addressed.In this paper,we propose a data auditing scheme for cloud-based EHRs that incorporates recoverability and batch auditing,alongside a thorough security and performance evaluation.Our scheme builds upon the indistinguishability-based privacy-preserving auditing approach proposed by Zhou et al.We identify that this scheme is insecure and vulnerable to forgery attacks on data storage proofs.To address these vulnerabilities,we enhanced the auditing process using masking techniques and designed new algorithms to strengthen security.We also provide formal proof of the security of the signature algorithm and the auditing scheme.Furthermore,our results show that our scheme effectively protects user privacy and is resilient against malicious attacks.Experimental results indicate that our scheme is not only secure and efficient but also supports batch auditing of cloud data.Specifically,when auditing 10,000 users,batch auditing reduces computational overhead by 101 s compared to normal auditing.展开更多
As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial c...As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial control system of the gas extraction plant is characterized by numerous points and centralized operations,with a strong reliance on the system and stringent real-time requirements.展开更多
The simultaneous transmitting and reflecting reconfigurable intelligent surface(STAR-RIS)can independently adjust surface’s reflection and transmission coefficients so as to enhance space coverage.For a multiple-inpu...The simultaneous transmitting and reflecting reconfigurable intelligent surface(STAR-RIS)can independently adjust surface’s reflection and transmission coefficients so as to enhance space coverage.For a multiple-input multiple-output(MIMO)communication system with a STAR-RIS,a base station(BS),an eavesdropper,and multiple users,the system security rate is studied.A joint design of the power allocation at the transmitter and phase shift matrices for reflection and transmission at the STAR-RIS is conducted,in order to maximize the worst achievable security data rate(ASDR).Since the problem is nonconvex and hence challenging,a particle swarm optimization(PSO)based algorithm is developed to tackle the problem.Both the cases of continuous and discrete phase shift matrices at the STAR-RIS are considered.Simulation results demonstrate the effectiveness of the proposed algorithm and shows the benefits of using STAR-RIS in MIMO mutliuser systems.展开更多
In this paper,the application of Non-Orthogonal Multiple Access(NOMA)is investigated in a multiple-input single-output network consisting of multiple legitimate users and a potential eavesdropper.To support secure tra...In this paper,the application of Non-Orthogonal Multiple Access(NOMA)is investigated in a multiple-input single-output network consisting of multiple legitimate users and a potential eavesdropper.To support secure transmissions from legitimate users,two NOMA Secrecy Sum Rate Transmit Beam Forming(NOMA-SSR-TBF)schemes are proposed to maximise the SSR of a Base Station(BS)with sufficient and insufficient transmit power.For BS with sufficient transmit power,an artificial jamming beamforming design scheme is proposed to disrupt the potential eavesdropping without impacting the legitimate transmissions.In addition,for BS with insufficient transmit power,a modified successive interference cancellation decoding sequence is used to reduce the impact of artificial jamming on legitimate transmissions.More specifically,iterative algorithm for the successive convex approximation are provided to jointly optimise the vectors of transmit beamforming and artificial jamming.Experimental results demonstrate that the proposed NOMA-SSR-TBF schemes outperforms the existing works,such as the maximized artificial jamming power scheme,the maximized artificial jamming power scheme with artificial jamming beamforming design and maximized secrecy sum rate scheme without artificial jamming beamforming design.展开更多
Software-Defined Perimeter(SDP)provides a logical perimeter to restrict access to services.However,due to the security vulnerability of a single controller and the programmability lack of a gateway,existing SDP is fac...Software-Defined Perimeter(SDP)provides a logical perimeter to restrict access to services.However,due to the security vulnerability of a single controller and the programmability lack of a gateway,existing SDP is facing challenges.To solve the above problems,we propose a flexible and secure SDP mechanism named Mimic SDP(MSDP).MSDP consists of endogenous secure controllers and a dynamic gateway.The controllers avoid single point failure by heterogeneity and redundancy.And the dynamic gateway realizes flexible forwarding in programmable data plane by changing the processing of packet construction and deconstruction,thereby confusing the potential adversary.Besides,we propose a Markov model to evaluate the security of our SDP framework.We implement a prototype of MSDP and evaluate it in terms of functionality,performance,and scalability in different groups of systems and languages.Evaluation results demonstrate that MSDP can provide a secure connection of 93.38%with a cost of 6.34%under reasonable configuration.展开更多
Ensuring the integrity and confidentiality of patient medical information is a critical priority in the healthcare sector.In the context of security,this paper proposes a novel encryption algorithm that integrates Blo...Ensuring the integrity and confidentiality of patient medical information is a critical priority in the healthcare sector.In the context of security,this paper proposes a novel encryption algorithm that integrates Blockchain technology,aiming to improve the security and privacy of transmitted data.The proposed encryption algorithm is a block-cipher image encryption scheme based on different chaotic maps:The logistic Map,the Tent Map,and the Henon Map used to generate three encryption keys.The proposed block-cipher system employs the Hilbert curve to perform permutation while a generated chaos-based S-Box is used to perform substitution.Furthermore,the integration of a Blockchain-based solution for securing data transmission and communication between nodes and authenticating the encrypted medical image’s authenticity adds a layer of security to our proposed method.Our proposed cryptosystem is divided into two principal modules presented as a pseudo-random number generator(PRNG)used for key generation and an encryption and decryption system based on the properties of confusion and diffusion.The security analysis and experimental tests for the proposed algorithm show that the average value of the information entropy of the encrypted images is 7.9993,the Number of Pixels Change Rate(NPCR)values are over 99.5%and the Unified Average Changing Intensity(UACI)values are greater than 33%.These results prove the strength of our proposed approach,demonstrating that it can significantly enhance the security of encrypted images.展开更多
Applying non-orthogonal multiple access(NOMA)to the mobile edge computing(MEC)network supported by unmanned aerial vehicles(UAVs)can improve spectral efficiency and achieve massive user access on the basis of solving ...Applying non-orthogonal multiple access(NOMA)to the mobile edge computing(MEC)network supported by unmanned aerial vehicles(UAVs)can improve spectral efficiency and achieve massive user access on the basis of solving computing resource constraints and coverage problems.However,the UAV-enabled network has a serious risk of information leakage on account of the openness of wireless channel.This paper considers a UAV-MEC secure network based on NOMA technology,which aims to minimize the UAV energy consumption.To achieve the purpose while meeting the security and users’latency requirements,we formulate an optimization problem that jointly optimizes the UAV trajectory and the allocation of network resources.Given that the original problem is non-convex and multivariate coupled,we proposed an effective algorithm to decouple the nonconvex problem into independent user relation coefficients and subproblems based on successive convex approximation(SCA)and block coordinate descent(BCD).The simulation results showcase the performance of our optimization scheme across various parameter settings and confirm its superiority over other benchmarks with respect to energy consumption.展开更多
RESTful APIs have been adopted as the standard way of developing web services,allowing for smooth communication between clients and servers.Their simplicity,scalability,and compatibility have made them crucial to mode...RESTful APIs have been adopted as the standard way of developing web services,allowing for smooth communication between clients and servers.Their simplicity,scalability,and compatibility have made them crucial to modern web environments.However,the increased adoption of RESTful APIs has simultaneously exposed these interfaces to significant security threats that jeopardize the availability,confidentiality,and integrity of web services.This survey focuses exclusively on RESTful APIs,providing an in-depth perspective distinct from studies addressing other API types such as GraphQL or SOAP.We highlight concrete threats-such as injection attacks and insecure direct object references(IDOR)-to illustrate the evolving risk landscape.Our work systematically reviews state-of-the-art detection methods,including static code analysis and penetration testing,and proposes a novel taxonomy that categorizes vulnerabilities such as authentication and authorization issues.Unlike existing taxonomies focused on general web or network-level threats,our taxonomy emphasizes API-specific design flaws and operational dependencies,offering a more granular and actionable framework for RESTful API security.By critically assessing current detection methodologies and identifying key research gaps,we offer a structured framework that advances the understanding and mitigation of RESTful API vulnerabilities.Ultimately,this work aims to drive significant advancements in API security,thereby enhancing the resilience of web services against evolving cyber threats.展开更多
The security of information transmission and processing due to unknown vulnerabilities and backdoors in cyberspace is becoming increasingly problematic.However,there is a lack of effective theory to mathematically dem...The security of information transmission and processing due to unknown vulnerabilities and backdoors in cyberspace is becoming increasingly problematic.However,there is a lack of effective theory to mathematically demonstrate the security of information transmission and processing under nonrandom noise(or vulnerability backdoor attack)conditions in cyberspace.This paper first proposes a security model for cyberspace information transmission and processing channels based on error correction coding theory.First,we analyze the fault tolerance and non-randomness problem of Dynamic Heterogeneous Redundancy(DHR)structured information transmission and processing channel under the condition of non-random noise or attacks.Secondly,we use a mathematical statistical method to demonstrate that for non-random noise(or attacks)on discrete memory channels,there exists a DHR-structured channel and coding scheme that enables the average system error probability to be arbitrarily small.Finally,to construct suitable coding and heterogeneous channels,we take Turbo code as an example and simulate the effects of different heterogeneity,redundancy,output vector length,verdict algorithm and dynamism on the system,which is an important guidance for theory and engineering practice.展开更多
基金supported by the National Key R&D Program of China(No.2023YFB2703700)the National Natural Science Foundation of China(Nos.U21A20465,62302457,62402444,62172292)+4 种基金the Fundamental Research Funds of Zhejiang Sci-Tech University(Nos.23222092-Y,22222266-Y)the Program for Leading Innovative Research Team of Zhejiang Province(No.2023R01001)the Zhejiang Provincial Natural Science Foundation of China(Nos.LQ24F020008,LQ24F020012)the Foundation of State Key Laboratory of Public Big Data(No.[2022]417)the“Pioneer”and“Leading Goose”R&D Program of Zhejiang(No.2023C01119).
文摘As smart grid technology rapidly advances,the vast amount of user data collected by smart meter presents significant challenges in data security and privacy protection.Current research emphasizes data security and user privacy concerns within smart grids.However,existing methods struggle with efficiency and security when processing large-scale data.Balancing efficient data processing with stringent privacy protection during data aggregation in smart grids remains an urgent challenge.This paper proposes an AI-based multi-type data aggregation method designed to enhance aggregation efficiency and security by standardizing and normalizing various data modalities.The approach optimizes data preprocessing,integrates Long Short-Term Memory(LSTM)networks for handling time-series data,and employs homomorphic encryption to safeguard user privacy.It also explores the application of Boneh Lynn Shacham(BLS)signatures for user authentication.The proposed scheme’s efficiency,security,and privacy protection capabilities are validated through rigorous security proofs and experimental analysis.
文摘This paper explores the issue of secure synchronization control in piecewise-homogeneous Markovian jump delay neural networks affected by denial-of-service(DoS)attacks.Initially,a novel memory-based adaptive event-triggered mechanism(MBAETM)is designed based on sequential growth rates,focusing on event-triggered conditions and thresholds.Subsequently,from the perspective of defenders,non-periodic DoS attacks are re-characterized,and a model of irregular DoS attacks with cyclic fluctuations within time series is further introduced to enhance the system's defense capabilities more effectively.Additionally,considering the unified demands of network security and communication efficiency,a resilient memory-based adaptive event-triggered mechanism(RMBAETM)is proposed.A unified Lyapunov-Krasovskii functional is then constructed,incorporating a loop functional to thoroughly consider information at trigger moments.The master-slave system achieves synchronization through the application of linear matrix inequality techniques.Finally,the proposed methods'effectiveness and superiority are confirmed through four numerical simulation examples.
基金funding from King Saud University through Researchers Supporting Project number(RSP2024R387),King Saud University,Riyadh,Saudi Arabia.
文摘The emergence of next generation networks(NextG),including 5G and beyond,is reshaping the technological landscape of cellular and mobile networks.These networks are sufficiently scaled to interconnect billions of users and devices.Researchers in academia and industry are focusing on technological advancements to achieve highspeed transmission,cell planning,and latency reduction to facilitate emerging applications such as virtual reality,the metaverse,smart cities,smart health,and autonomous vehicles.NextG continuously improves its network functionality to support these applications.Multiple input multiple output(MIMO)technology offers spectral efficiency,dependability,and overall performance in conjunctionwithNextG.This article proposes a secure channel estimation technique in MIMO topology using a norm-estimation model to provide comprehensive insights into protecting NextG network components against adversarial attacks.The technique aims to create long-lasting and secure NextG networks using this extended approach.The viability of MIMO applications and modern AI-driven methodologies to combat cybersecurity threats are explored in this research.Moreover,the proposed model demonstrates high performance in terms of reliability and accuracy,with a 20%reduction in the MalOut-RealOut-Diff metric compared to existing state-of-the-art techniques.
文摘In today’s rapidly evolving digital landscape,web application security has become paramount as organizations face increasingly sophisticated cyber threats.This work presents a comprehensive methodology for implementing robust security measures in modern web applications and the proof of the Methodology applied to Vue.js,Spring Boot,and MySQL architecture.The proposed approach addresses critical security challenges through a multi-layered framework that encompasses essential security dimensions including multi-factor authentication,fine-grained authorization controls,sophisticated session management,data confidentiality and integrity protection,secure logging mechanisms,comprehensive error handling,high availability strategies,advanced input validation,and security headers implementation.Significant contributions are made to the field of web application security.First,a detailed catalogue of security requirements specifically tailored to protect web applications against contemporary threats,backed by rigorous analysis and industry best practices.Second,the methodology is validated through a carefully designed proof-of-concept implementation in a controlled environment,demonstrating the practical effectiveness of the security measures.The validation process employs cutting-edge static and dynamic analysis tools for comprehensive dependency validation and vulnerability detection,ensuring robust security coverage.The validation results confirm the prevention and avoidance of security vulnerabilities of the methodology.A key innovation of this work is the seamless integration of DevSecOps practices throughout the secure Software Development Life Cycle(SSDLC),creating a security-first mindset from initial design to deployment.By combining proactive secure coding practices with defensive security approaches,a framework is established that not only strengthens application security but also fosters a culture of security awareness within development teams.This hybrid approach ensures that security considerations are woven into every aspect of the development process,rather than being treated as an afterthought.
基金supported in part by Jiangsu Province High Level“333”Program (0401206044)National Natural Science Foundation of China (61801243,62072255)+4 种基金Program for Scientific Research Foundation for Talented Scholars of Jinling Institute of Technology (JIT-B-202031)University Incubator Foundation of Jinling Institute of Technology (JIT-FHXM-202110)Open Project of Fujian Provincial Key Lab.of Network Security and Cryptology (NSCL-KF2021-02)Open Foundation of National Railway Intelligence Transportation System Engineering Tech.Research Center (RITS2021KF02)China Postdoctoral Science Foundation (2019M651914)。
文摘The secured access is studied in this paper for the network of the image remote sensing.Each sensor in this network encounters the information security when uploading information of the images wirelessly from the sensor to the central collection point.In order to enhance the sensing quality for the remote uploading,the passive reflection surface technique is employed.If one eavesdropper that exists nearby this sensor is keeping on accessing the same networks,he may receive the same image from this sensor.Our goal in this paper is to improve the SNR of legitimate collection unit while cut down the SNR of the eavesdropper as much as possible by adaptively adjust the uploading power from this sensor to enhance the security of the remote sensing images.In order to achieve this goal,the secured energy efficiency performance is theoretically analyzed with respect to the number of the passive reflection elements by calculating the instantaneous performance over the channel fading coefficients.Based on this theoretical result,the secured access is formulated as a mathematical optimization problem by adjusting the sensor uploading power as the unknown variables with the objective of the energy efficiency maximization while satisfying any required maximum data rate of the eavesdropper sensor.Finally,the analytical expression is theoretically derived for the optimum uploading power.Numerical simulations verify the design approach.
基金supported by the National Natural Science Foundation of China(NSFC)[grant numbers 62171188]the Guangdong Provincial Key Laboratory of Human Digital Twin[Grant 2022B1212010004].
文摘In wireless Energy Harvesting(EH)cooperative networks,we investigate the problem of secure energy-saving resource allocation for downlink physical layer security transmission.Initially,we establish a model for a multi-relay cooperative network incorporating wireless energy harvesting,spectrum sharing,and system power constraints,focusing on physical layersecurity transmission in the presence of eavesdropping nodes.In this model,the source node transmits signals while injecting Artificial Noise(AN)to mitigate eavesdropping risks,and an idle relay can act as a jamming node to assist in this process.Based on this model,we formulate an optimization problem for maximizing system secure harvesting energy efficiency,this problem integrates constraints on total power,bandwidth,and AN allocation.We proceed by conducting a mathematical analysis of the optimization problem,deriving optimal solutions for secure energy-saving resource allocation,this includes strategies for power allocation at the source and relay nodes,bandwidth allocation among relays,and power splitting for the energy harvesting node.Thus,we propose a secure resource allocation algorithm designed to maximize secure harvesting energy efficiency.Finally,we validate the correctness of the theoretical derivation through Monte Carlo simulations,discussing the impact of parameters such as legitimate channel gain,power splitting factor,and the number of relays on secure harvesting energy efficiency of the system.The simulation results show that the proposed secure energy-saving resource allocation algorithm effectively enhances the security performance of the system.
文摘Unmanned Aerial Vehicle(UAV)-aided communication holds great potential to enhance the transmission performance.However,the information security remains a fundamental requirement due to the high possibilities of line-of-sight links and the broadcast nature.
文摘Industrial intelligence and secure interconnection serve as the foundational platform and critical information infrastructure for new industrialization,carrying significant strategic importance.They not only function as the core engine driving the transformation and upgrading of the manufacturing sector and ensuring stable socioeconomic operation but are also vital to enhancing national technological competitiveness and safeguarding industrial security.
基金supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.NRF-2022R1C1C2012463).
文摘Integrating Artificial Intelligence of Things(AIoT)in healthcare offers transformative potential for real-time diagnostics and collaborative learning but presents critical challenges,including privacy preservation,computational efficiency,and regulatory compliance.Traditional approaches,such as differential privacy,homomorphic encryption,and secure multi-party computation,often fail to balance performance and privacy,rendering them unsuitable for resource-constrained healthcare AIoT environments.This paper introduces LMSA(Lightweight Multi-Key Secure Aggregation),a novel framework designed to address these challenges and enable efficient,secure federated learning across distributed healthcare institutions.LMSA incorporates three key innovations:(1)a lightweight multikey management system leveraging Diffie-Hellman key exchange and SHA3-256 hashing,achieving O(n)complexity with AES(Advanced Encryption Standard)-256-level security;(2)a privacy-preserving aggregation protocol employing hardware-accelerated AES-CTR(CounTeR)encryption andmodular arithmetic for securemodel weight combination;and(3)a resource-optimized implementation utilizing AES-NI(New Instructions)instructions and efficient memory management for real-time operations on constrained devices.Experimental evaluations using the National Institutes of Health(NIH)Chest X-ray dataset demonstrate LMSA’s ability to train multi-label thoracic disease prediction models with Vision Transformer(ViT),ResNet-50,and MobileNet architectures across distributed healthcare institutions.Memory usage analysis confirmed minimal overhead,with ViT(327.30 MB),ResNet-50(89.87 MB),and MobileNet(8.63 MB)maintaining stable encryption times across communication rounds.LMSA ensures robust security through hardware acceleration,enabling real-time diagnostics without compromising patient confidentiality or regulatory compliance.Future research aims to optimize LMSA for ultra-low-power devices and validate its scalability in heterogeneous,real-world environments.LMSA represents a foundational advancement for privacy-conscious healthcare AI applications,bridging the gap between privacy and performance.
基金supported by National Natural Science Foundation of China(No.62172436)Additionally,it is supported by Natural Science Foundation of Shaanxi Province(No.2023-JC-YB-584)Engineering University of PAP’s Funding for Scientific Research Innovation Team and Key Researcher(No.KYGG202011).
文摘Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers.However,users’sensitive data would then become unregulated.In the event of data loss,cloud storage providers might conceal the fact that data has been compromised to protect their reputation and mitigate losses.Ensuring the integrity of data stored in the cloud remains a pressing issue that urgently needs to be addressed.In this paper,we propose a data auditing scheme for cloud-based EHRs that incorporates recoverability and batch auditing,alongside a thorough security and performance evaluation.Our scheme builds upon the indistinguishability-based privacy-preserving auditing approach proposed by Zhou et al.We identify that this scheme is insecure and vulnerable to forgery attacks on data storage proofs.To address these vulnerabilities,we enhanced the auditing process using masking techniques and designed new algorithms to strengthen security.We also provide formal proof of the security of the signature algorithm and the auditing scheme.Furthermore,our results show that our scheme effectively protects user privacy and is resilient against malicious attacks.Experimental results indicate that our scheme is not only secure and efficient but also supports batch auditing of cloud data.Specifically,when auditing 10,000 users,batch auditing reduces computational overhead by 101 s compared to normal auditing.
文摘As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial control system of the gas extraction plant is characterized by numerous points and centralized operations,with a strong reliance on the system and stringent real-time requirements.
文摘The simultaneous transmitting and reflecting reconfigurable intelligent surface(STAR-RIS)can independently adjust surface’s reflection and transmission coefficients so as to enhance space coverage.For a multiple-input multiple-output(MIMO)communication system with a STAR-RIS,a base station(BS),an eavesdropper,and multiple users,the system security rate is studied.A joint design of the power allocation at the transmitter and phase shift matrices for reflection and transmission at the STAR-RIS is conducted,in order to maximize the worst achievable security data rate(ASDR).Since the problem is nonconvex and hence challenging,a particle swarm optimization(PSO)based algorithm is developed to tackle the problem.Both the cases of continuous and discrete phase shift matrices at the STAR-RIS are considered.Simulation results demonstrate the effectiveness of the proposed algorithm and shows the benefits of using STAR-RIS in MIMO mutliuser systems.
基金supported in part by the Natural Science Foundation of Fujian Province under Grant 2022J01169the Local Science and Technology Development of Fujian Province under Grant 2021L3010+3 种基金the Key Project of Science and Technology Innovation of Fujian Province under Grant 2021G02006the National Natural Science Foundation of China under Grants 61971360 and 62271420the National Natural Science Foundation of China under Grant 62071247the Urban Carbon Neutral Science and Technology Innovation Fund Project of Beijing University of Technology ($040000514122607$)。
文摘In this paper,the application of Non-Orthogonal Multiple Access(NOMA)is investigated in a multiple-input single-output network consisting of multiple legitimate users and a potential eavesdropper.To support secure transmissions from legitimate users,two NOMA Secrecy Sum Rate Transmit Beam Forming(NOMA-SSR-TBF)schemes are proposed to maximise the SSR of a Base Station(BS)with sufficient and insufficient transmit power.For BS with sufficient transmit power,an artificial jamming beamforming design scheme is proposed to disrupt the potential eavesdropping without impacting the legitimate transmissions.In addition,for BS with insufficient transmit power,a modified successive interference cancellation decoding sequence is used to reduce the impact of artificial jamming on legitimate transmissions.More specifically,iterative algorithm for the successive convex approximation are provided to jointly optimise the vectors of transmit beamforming and artificial jamming.Experimental results demonstrate that the proposed NOMA-SSR-TBF schemes outperforms the existing works,such as the maximized artificial jamming power scheme,the maximized artificial jamming power scheme with artificial jamming beamforming design and maximized secrecy sum rate scheme without artificial jamming beamforming design.
基金supported by the National Key Research and Development Program of China(Grant No.2022YFB2901304)。
文摘Software-Defined Perimeter(SDP)provides a logical perimeter to restrict access to services.However,due to the security vulnerability of a single controller and the programmability lack of a gateway,existing SDP is facing challenges.To solve the above problems,we propose a flexible and secure SDP mechanism named Mimic SDP(MSDP).MSDP consists of endogenous secure controllers and a dynamic gateway.The controllers avoid single point failure by heterogeneity and redundancy.And the dynamic gateway realizes flexible forwarding in programmable data plane by changing the processing of packet construction and deconstruction,thereby confusing the potential adversary.Besides,we propose a Markov model to evaluate the security of our SDP framework.We implement a prototype of MSDP and evaluate it in terms of functionality,performance,and scalability in different groups of systems and languages.Evaluation results demonstrate that MSDP can provide a secure connection of 93.38%with a cost of 6.34%under reasonable configuration.
基金supported by the Large Group Project under grant number(RGP2/473/46).
文摘Ensuring the integrity and confidentiality of patient medical information is a critical priority in the healthcare sector.In the context of security,this paper proposes a novel encryption algorithm that integrates Blockchain technology,aiming to improve the security and privacy of transmitted data.The proposed encryption algorithm is a block-cipher image encryption scheme based on different chaotic maps:The logistic Map,the Tent Map,and the Henon Map used to generate three encryption keys.The proposed block-cipher system employs the Hilbert curve to perform permutation while a generated chaos-based S-Box is used to perform substitution.Furthermore,the integration of a Blockchain-based solution for securing data transmission and communication between nodes and authenticating the encrypted medical image’s authenticity adds a layer of security to our proposed method.Our proposed cryptosystem is divided into two principal modules presented as a pseudo-random number generator(PRNG)used for key generation and an encryption and decryption system based on the properties of confusion and diffusion.The security analysis and experimental tests for the proposed algorithm show that the average value of the information entropy of the encrypted images is 7.9993,the Number of Pixels Change Rate(NPCR)values are over 99.5%and the Unified Average Changing Intensity(UACI)values are greater than 33%.These results prove the strength of our proposed approach,demonstrating that it can significantly enhance the security of encrypted images.
基金supported in part by the National Natural Science Foundation of China under Grant 61971474in part by the National Natural Science Foundation of China under Grant 62301594+2 种基金in part by the Special Funds of the National Natural Science Foundation of China under Grant 62341112in part by the Beijing Nova Program under Grant Z201100006820121in part by the Beijing Municipal Science and Technology Project under Grant Z181100003218015.
文摘Applying non-orthogonal multiple access(NOMA)to the mobile edge computing(MEC)network supported by unmanned aerial vehicles(UAVs)can improve spectral efficiency and achieve massive user access on the basis of solving computing resource constraints and coverage problems.However,the UAV-enabled network has a serious risk of information leakage on account of the openness of wireless channel.This paper considers a UAV-MEC secure network based on NOMA technology,which aims to minimize the UAV energy consumption.To achieve the purpose while meeting the security and users’latency requirements,we formulate an optimization problem that jointly optimizes the UAV trajectory and the allocation of network resources.Given that the original problem is non-convex and multivariate coupled,we proposed an effective algorithm to decouple the nonconvex problem into independent user relation coefficients and subproblems based on successive convex approximation(SCA)and block coordinate descent(BCD).The simulation results showcase the performance of our optimization scheme across various parameter settings and confirm its superiority over other benchmarks with respect to energy consumption.
文摘RESTful APIs have been adopted as the standard way of developing web services,allowing for smooth communication between clients and servers.Their simplicity,scalability,and compatibility have made them crucial to modern web environments.However,the increased adoption of RESTful APIs has simultaneously exposed these interfaces to significant security threats that jeopardize the availability,confidentiality,and integrity of web services.This survey focuses exclusively on RESTful APIs,providing an in-depth perspective distinct from studies addressing other API types such as GraphQL or SOAP.We highlight concrete threats-such as injection attacks and insecure direct object references(IDOR)-to illustrate the evolving risk landscape.Our work systematically reviews state-of-the-art detection methods,including static code analysis and penetration testing,and proposes a novel taxonomy that categorizes vulnerabilities such as authentication and authorization issues.Unlike existing taxonomies focused on general web or network-level threats,our taxonomy emphasizes API-specific design flaws and operational dependencies,offering a more granular and actionable framework for RESTful API security.By critically assessing current detection methodologies and identifying key research gaps,we offer a structured framework that advances the understanding and mitigation of RESTful API vulnerabilities.Ultimately,this work aims to drive significant advancements in API security,thereby enhancing the resilience of web services against evolving cyber threats.
基金supported by National Key R&D Program of China for Young Scientists:Cyberspace Endogenous Security Mechanisms and Evaluation Methods(No.2022YFB3102800).
文摘The security of information transmission and processing due to unknown vulnerabilities and backdoors in cyberspace is becoming increasingly problematic.However,there is a lack of effective theory to mathematically demonstrate the security of information transmission and processing under nonrandom noise(or vulnerability backdoor attack)conditions in cyberspace.This paper first proposes a security model for cyberspace information transmission and processing channels based on error correction coding theory.First,we analyze the fault tolerance and non-randomness problem of Dynamic Heterogeneous Redundancy(DHR)structured information transmission and processing channel under the condition of non-random noise or attacks.Secondly,we use a mathematical statistical method to demonstrate that for non-random noise(or attacks)on discrete memory channels,there exists a DHR-structured channel and coding scheme that enables the average system error probability to be arbitrarily small.Finally,to construct suitable coding and heterogeneous channels,we take Turbo code as an example and simulate the effects of different heterogeneity,redundancy,output vector length,verdict algorithm and dynamism on the system,which is an important guidance for theory and engineering practice.
