The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full h...The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full handshake. The interaction and dependence of different modes may lead to some practical attacks on TLS. In 2014, Bhargavan et al. described a triple handshake attack on TLS 1.2 by exploiting the sequential running of three different modes of TLS, which can lead to a client impersonation attack after the third handshake. Subsequently, TLS 1.2 was patched with the extended master secret extension of RFC 7627 to prevent this attack. In this paper we introduce a new definition of "uniqueness" and present a renegotiable & resumable ACCE security model. We identify the triple handshake attack within the new model, and furthermore show TLS with the proposed fix can be proven secure in our model.展开更多
Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend P...Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.展开更多
With promising applications in e-health and entertainment, wireless body area networks (WBANs) have attracted the interest of both academia and industry. If WBANs are densely deployed within a small area, serious pr...With promising applications in e-health and entertainment, wireless body area networks (WBANs) have attracted the interest of both academia and industry. If WBANs are densely deployed within a small area, serious problems may arise between the WBANs. In this paper, we discuss issues related to the coexistence of WBANs and investigate the main factors that cause inter-WBAN interference. We survey inter- WBAN interference mitigation strategies and track recent research developments. We also discuss unresolved issues related to inter-WBAN interference mitigation and propose fu- ture research directions.展开更多
Most distributed stream processing engines(DSPEs)do not support online task management and cannot adapt to time-varying data flows.Recently,some studies have proposed online task deployment algorithms to solve this pr...Most distributed stream processing engines(DSPEs)do not support online task management and cannot adapt to time-varying data flows.Recently,some studies have proposed online task deployment algorithms to solve this problem.However,these approaches do not guarantee the Quality of Service(QoS)when the task deployment changes at runtime,because the task migrations caused by the change of task deployments will impose an exorbitant cost.We study one of the most popular DSPEs,Apache Storm,and find out that when a task needs to be migrated,Storm has to stop the resource(implemented as a process of Worker in Storm)where the task is deployed.This will lead to the stop and restart of all tasks in the resource,resulting in the poor performance of task migrations.Aiming to solve this problem,in this pa-per,we propose N-Storm(Nonstop Storm),which is a task-resource decoupling DSPE.N-Storm allows tasks allocated to resources to be changed at runtime,which is implemented by a thread-level scheme for task migrations.Particularly,we add a local shared key/value store on each node to make resources aware of the changes in the allocation plan.Thus,each resource can manage its tasks at runtime.Based on N-Storm,we further propose Online Task Deployment(OTD).Differ-ing from traditional task deployment algorithms that deploy all tasks at once without considering the cost of task migra-tions caused by a task re-deployment,OTD can gradually adjust the current task deployment to an optimized one based on the communication cost and the runtime states of resources.We demonstrate that OTD can adapt to different kinds of applications including computation-and communication-intensive applications.The experimental results on a real DSPE cluster show that N-Storm can avoid the system stop and save up to 87%of the performance degradation time,compared with Apache Storm and other state-of-the-art approaches.In addition,OTD can increase the average CPU usage by 51%for computation-intensive applications and reduce network communication costs by 88%for communication-intensive ap-plications.展开更多
Online social networks (OSNs) have revolutionarily changed the way people connect with each other. One of the main factors that help achieve this success is reputation systems that enable OSN users to mutually estab...Online social networks (OSNs) have revolutionarily changed the way people connect with each other. One of the main factors that help achieve this success is reputation systems that enable OSN users to mutually establish trust relationships based on their past experience. Current approaches for the reputation management cannot achieve the fine granularity and verifiability for each individual user, in the sense that the reputation values on such OSNs are coarse and lack of credibility. In this paper, we propose a fine granularity attribute-based reputation system which enables users to rate each other's attributes instead of identities. Our scheme first verifies each OSN user's attributes, and further allows OSN users to vote on the posted attribute-associated messages to derive the reputation value. The attribute verification process provides the authenticity of the reputation value without revealing the actual value to entities who do not have the vote privilege. To predict a stranger's behavior, we propose a reputation retrieval protocol for querying the reputation value on a specific attribute. To the best of our knowledge, we are the first to define a fine-grained reputation value based on users' verified attributes in OSNs with privacy preservation. We provide the security analysis along with the simulation results to verify the privacy preservation and feasibility. The implementation of the proposed scheme on current OSNs is also discussed.展开更多
Energy consumption has been a critical issue for data storage systems, especially for modern data centers. A recent survey has showed that power costs amount to about 50%of the total cost of ownership in a typical dat...Energy consumption has been a critical issue for data storage systems, especially for modern data centers. A recent survey has showed that power costs amount to about 50%of the total cost of ownership in a typical data center, with about 27% of the system power being consumed by storage systems. This paper aims at providing an effective solution to reducing the energy consumed by disk storage systems, by proposing a new approach to reduce the energy consumption. Differing from previous approaches, we adopt two new designs. 1) We introduce a hotness-aware and group-based system model (HAG) to organize the disks, in which all disks are partitioned into a hot group and a cold group. We only make file migration between the two groups and avoid the migration within a single group, so that we are able to reduce the total cost of file migration. 2) We use an on-demand approach to reorganize files among the disks that is based on workload change as well as the change of data hotness. We conduct trace-driven experiments involving two real and nine synthetic traces and we make detailed comparisons between our method and competitor methods according to different metrics. The results show that our method can dynamically select hot files and disks when the workload changes and that it is able to reduce energy consumption for all the traces. Furthermore, its time performance is comparable to that of the compared algorithms. In general, our method exhibits the best energy e?ciency in all experiments, and it is capable of maintaining an improved trade-off between performance and energy consumption.展开更多
The recently proposed learned index has higher query performance and space efficiency than the conventional B+-tree.However,the original learned index has the problems of insertion failure and unbounded query complexi...The recently proposed learned index has higher query performance and space efficiency than the conventional B+-tree.However,the original learned index has the problems of insertion failure and unbounded query complexity,meaning that it supports neither insertions nor bounded query complexity.Some variants of the learned index use an out-of-place strategy and a bottom-up build strategy to accelerate insertions and support bounded query complexity,but introduce additional query costs and frequent node splitting operations.Moreover,none of the existing learned indices are cache-friendly.In this paper,aiming to not only support efficient queries and insertions but also offer bounded query complexity,we propose a new learned index called COLIN(Cache-cOnscious Learned INdex).Unlike previous solutions using an out-of-place strategy,COLIN adopts an in-place approach to support insertions and reserves some empty slots in a node to optimize the node’s data placement.In particular,through model-based data placement and cache-conscious data layout,COLIN decouples the local-search boundary from the maximum error of the model.The experimental results on five workloads and three datasets show that COLIN achieves the best read/write performance among all compared indices and outperforms the second best index by 18.4%,6.2%,and 32.9%on the three datasets,respectively.展开更多
Flash memory is widely used in embedded de- vices and enterprise storage systems. Currently, flash-based storage devices usually use a flash translation layer (FFL) to cope with the special features of flash memory....Flash memory is widely used in embedded de- vices and enterprise storage systems. Currently, flash-based storage devices usually use a flash translation layer (FFL) to cope with the special features of flash memory. Many meth- ods for the design and implementation of the FTL have been proposed, such as BAST (block-associative sector transla- tion), FAST (fully associative sector translation), and IPL (in- page logging), of which IPL has been demonstrated to have the best performance. However, IPL offers little considera- tion to reducing merge operations that consequently result in the degradation of the overall performance of flash-memory storage systems. We propose an improvement to IPL, called adaptive IPL (AIPL). The idea of adaptive IPL is to make the log region in a block resizable, therefore a hot block (i.e., a write-intensive block) will use a large log region so as to absorb more page updates and in turn reduce the merge op- erations, while a cold block, i.e., a block rarely written to, will use a small log region. This is realized by first detecting the update pattern of a block and then presenting an update- pattern-based algorithm to dynamically adjust the log region size of a newly allocated block. We conduct experiments on TPC-C traces and synthetic traces and compare the perfor- mance of AIPL with other competitors in terms of merge count, write count and elapsed time. The results demonstrate that compared with IPL, AIPL can reduce merge operations by 65% and write operations by 54% on average.展开更多
This paper describes a generalized tweakable blockcipher HPH (Hash-Permutation-Hash), which is based ona public random permutation P and a family of almost-XOR-universal hash functions H={HK}K∈κ as a tweak and key...This paper describes a generalized tweakable blockcipher HPH (Hash-Permutation-Hash), which is based ona public random permutation P and a family of almost-XOR-universal hash functions H={HK}K∈κ as a tweak and keyschedule, and defined as y = HPHK((t1, t2), x) = P(x HK(t1)) HK(t2), where K is a key randomly chosen from a keyspace/C, (tl, t2) is a tweak chosen from a valid tweak space T, x is a plaintext, and y is a ciphertext. We prove that HPHis a secure strong tweakable pseudorandom permutation (STPRP) by using H-coefficients technique. Then we focus on thesecurity of HPH against multi-key and related-key attacks. We prove that HPH achieves both multi-key STPRP security andrelated-key STPRP security. HPH can be extended to wide applications. It can be directly applied to authentication andauthenticated encryption modes. We apply HPH to PMAC1 and OPP, provide an improved authentication mode HPMACand a new authenticated encryption mode OPH, and prove that the two modes achieve single-key security, multi-key security,and related-key security.展开更多
Visual tracking has been a popular task in computer vision in recent years,especially for long-term tracking.A novel object tracking framework is proposed in this paper.For surveillance cameras with overlapping areas,...Visual tracking has been a popular task in computer vision in recent years,especially for long-term tracking.A novel object tracking framework is proposed in this paper.For surveillance cameras with overlapping areas,the target area is divided into several regions corresponding to each camera,and a simple re-matching method is used by matching the colors according to the segmented parts.For surveillance cameras without overlapping areas,a time estimation model is employed for continuously tracking objects in different fields of view(FoVs).A demonstration system for collaborative tracking in real time situation is realized finally.The experimental results show that compared with current popular algorithms,the proposed approach has good effect in accuracy and computation time for the application of continuously tracking the pedestrians.展开更多
基金supported by the National Grand Fundamental Research (973) Program of China under Grant 2013CB338003the National Natural Science Foundation of China (NSFC) under Grants U1536205, 61170279 and 61572485
文摘The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full handshake. The interaction and dependence of different modes may lead to some practical attacks on TLS. In 2014, Bhargavan et al. described a triple handshake attack on TLS 1.2 by exploiting the sequential running of three different modes of TLS, which can lead to a client impersonation attack after the third handshake. Subsequently, TLS 1.2 was patched with the extended master secret extension of RFC 7627 to prevent this attack. In this paper we introduce a new definition of "uniqueness" and present a renegotiable & resumable ACCE security model. We identify the triple handshake attack within the new model, and furthermore show TLS with the proposed fix can be proven secure in our model.
基金National Natural Science Foundation of China(62472397)Innovation Program for Quantum Science and Technology(2021ZD0302902)。
文摘Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.
基金supported by the National Natural Science Foundation of China under Grant No.61202406the USTC Grand Master Professor Funds under Grant No.ZC9850290097
文摘With promising applications in e-health and entertainment, wireless body area networks (WBANs) have attracted the interest of both academia and industry. If WBANs are densely deployed within a small area, serious problems may arise between the WBANs. In this paper, we discuss issues related to the coexistence of WBANs and investigate the main factors that cause inter-WBAN interference. We survey inter- WBAN interference mitigation strategies and track recent research developments. We also discuss unresolved issues related to inter-WBAN interference mitigation and propose fu- ture research directions.
基金The work was supported by the National Natural Science Foundation of China under Grant Nos.62072419 and 61672479.
文摘Most distributed stream processing engines(DSPEs)do not support online task management and cannot adapt to time-varying data flows.Recently,some studies have proposed online task deployment algorithms to solve this problem.However,these approaches do not guarantee the Quality of Service(QoS)when the task deployment changes at runtime,because the task migrations caused by the change of task deployments will impose an exorbitant cost.We study one of the most popular DSPEs,Apache Storm,and find out that when a task needs to be migrated,Storm has to stop the resource(implemented as a process of Worker in Storm)where the task is deployed.This will lead to the stop and restart of all tasks in the resource,resulting in the poor performance of task migrations.Aiming to solve this problem,in this pa-per,we propose N-Storm(Nonstop Storm),which is a task-resource decoupling DSPE.N-Storm allows tasks allocated to resources to be changed at runtime,which is implemented by a thread-level scheme for task migrations.Particularly,we add a local shared key/value store on each node to make resources aware of the changes in the allocation plan.Thus,each resource can manage its tasks at runtime.Based on N-Storm,we further propose Online Task Deployment(OTD).Differ-ing from traditional task deployment algorithms that deploy all tasks at once without considering the cost of task migra-tions caused by a task re-deployment,OTD can gradually adjust the current task deployment to an optimized one based on the communication cost and the runtime states of resources.We demonstrate that OTD can adapt to different kinds of applications including computation-and communication-intensive applications.The experimental results on a real DSPE cluster show that N-Storm can avoid the system stop and save up to 87%of the performance degradation time,compared with Apache Storm and other state-of-the-art approaches.In addition,OTD can increase the average CPU usage by 51%for computation-intensive applications and reduce network communication costs by 88%for communication-intensive ap-plications.
基金This work was partially supported by the National Science Foundation of USA under Grant No. CNS-1423165. The work of Chi was supported in part by the National Natural Science Foundation of China (NSFC) under Grant Nos. 61202140 and 61328208, the Program for New Century Excellent Talents in University of China under Grant No. NCET-13-0548, and the Innovation Foundation of the Chinese Academy of Sciences under Grant No. CXJJ-14-S132. Lin's work was supported in part by MoE ATU Plan, the Taiwan Science and Technology Authority under Grant Nos. MOST 103-2622-E-009-012, MOST 103-2221-E-002-152-MY3, MOST 103-2221- E-002-249-MY3, MOST 104-2923-E-002-005-MY3, and MOST 103-2627-E-002-008, and the ICL/ITRI Project of Chunghwa Telecom.
文摘Online social networks (OSNs) have revolutionarily changed the way people connect with each other. One of the main factors that help achieve this success is reputation systems that enable OSN users to mutually establish trust relationships based on their past experience. Current approaches for the reputation management cannot achieve the fine granularity and verifiability for each individual user, in the sense that the reputation values on such OSNs are coarse and lack of credibility. In this paper, we propose a fine granularity attribute-based reputation system which enables users to rate each other's attributes instead of identities. Our scheme first verifies each OSN user's attributes, and further allows OSN users to vote on the posted attribute-associated messages to derive the reputation value. The attribute verification process provides the authenticity of the reputation value without revealing the actual value to entities who do not have the vote privilege. To predict a stranger's behavior, we propose a reputation retrieval protocol for querying the reputation value on a specific attribute. To the best of our knowledge, we are the first to define a fine-grained reputation value based on users' verified attributes in OSNs with privacy preservation. We provide the security analysis along with the simulation results to verify the privacy preservation and feasibility. The implementation of the proposed scheme on current OSNs is also discussed.
基金The work was partially supported by the National Natural Science Foundation of China under Grant Nos, 61379037 and 61472376, and the Oversea Academic Training Funds (OATF) sponsored by the University of Science and Technology of China. Acknowledgements We would like to thank the anonymous reviewers and editors for their valuable sug- gestions and comments to improve the quality of the paper.
文摘Energy consumption has been a critical issue for data storage systems, especially for modern data centers. A recent survey has showed that power costs amount to about 50%of the total cost of ownership in a typical data center, with about 27% of the system power being consumed by storage systems. This paper aims at providing an effective solution to reducing the energy consumed by disk storage systems, by proposing a new approach to reduce the energy consumption. Differing from previous approaches, we adopt two new designs. 1) We introduce a hotness-aware and group-based system model (HAG) to organize the disks, in which all disks are partitioned into a hot group and a cold group. We only make file migration between the two groups and avoid the migration within a single group, so that we are able to reduce the total cost of file migration. 2) We use an on-demand approach to reorganize files among the disks that is based on workload change as well as the change of data hotness. We conduct trace-driven experiments involving two real and nine synthetic traces and we make detailed comparisons between our method and competitor methods according to different metrics. The results show that our method can dynamically select hot files and disks when the workload changes and that it is able to reduce energy consumption for all the traces. Furthermore, its time performance is comparable to that of the compared algorithms. In general, our method exhibits the best energy e?ciency in all experiments, and it is capable of maintaining an improved trade-off between performance and energy consumption.
基金the National Natural Science Foundation of China under Grant No.62072419the Huawei-USTC Joint Innovation Project on Fundamental System Software。
文摘The recently proposed learned index has higher query performance and space efficiency than the conventional B+-tree.However,the original learned index has the problems of insertion failure and unbounded query complexity,meaning that it supports neither insertions nor bounded query complexity.Some variants of the learned index use an out-of-place strategy and a bottom-up build strategy to accelerate insertions and support bounded query complexity,but introduce additional query costs and frequent node splitting operations.Moreover,none of the existing learned indices are cache-friendly.In this paper,aiming to not only support efficient queries and insertions but also offer bounded query complexity,we propose a new learned index called COLIN(Cache-cOnscious Learned INdex).Unlike previous solutions using an out-of-place strategy,COLIN adopts an in-place approach to support insertions and reserves some empty slots in a node to optimize the node’s data placement.In particular,through model-based data placement and cache-conscious data layout,COLIN decouples the local-search boundary from the maximum error of the model.The experimental results on five workloads and three datasets show that COLIN achieves the best read/write performance among all compared indices and outperforms the second best index by 18.4%,6.2%,and 32.9%on the three datasets,respectively.
文摘Flash memory is widely used in embedded de- vices and enterprise storage systems. Currently, flash-based storage devices usually use a flash translation layer (FFL) to cope with the special features of flash memory. Many meth- ods for the design and implementation of the FTL have been proposed, such as BAST (block-associative sector transla- tion), FAST (fully associative sector translation), and IPL (in- page logging), of which IPL has been demonstrated to have the best performance. However, IPL offers little considera- tion to reducing merge operations that consequently result in the degradation of the overall performance of flash-memory storage systems. We propose an improvement to IPL, called adaptive IPL (AIPL). The idea of adaptive IPL is to make the log region in a block resizable, therefore a hot block (i.e., a write-intensive block) will use a large log region so as to absorb more page updates and in turn reduce the merge op- erations, while a cold block, i.e., a block rarely written to, will use a small log region. This is realized by first detecting the update pattern of a block and then presenting an update- pattern-based algorithm to dynamically adjust the log region size of a newly allocated block. We conduct experiments on TPC-C traces and synthetic traces and compare the perfor- mance of AIPL with other competitors in terms of merge count, write count and elapsed time. The results demonstrate that compared with IPL, AIPL can reduce merge operations by 65% and write operations by 54% on average.
基金This work was supported by the National Natural Science Foundation of China under Grant Nos. 61522210 and 61632013,
文摘This paper describes a generalized tweakable blockcipher HPH (Hash-Permutation-Hash), which is based ona public random permutation P and a family of almost-XOR-universal hash functions H={HK}K∈κ as a tweak and keyschedule, and defined as y = HPHK((t1, t2), x) = P(x HK(t1)) HK(t2), where K is a key randomly chosen from a keyspace/C, (tl, t2) is a tweak chosen from a valid tweak space T, x is a plaintext, and y is a ciphertext. We prove that HPHis a secure strong tweakable pseudorandom permutation (STPRP) by using H-coefficients technique. Then we focus on thesecurity of HPH against multi-key and related-key attacks. We prove that HPH achieves both multi-key STPRP security andrelated-key STPRP security. HPH can be extended to wide applications. It can be directly applied to authentication andauthenticated encryption modes. We apply HPH to PMAC1 and OPP, provide an improved authentication mode HPMACand a new authenticated encryption mode OPH, and prove that the two modes achieve single-key security, multi-key security,and related-key security.
基金the National Natural Seiene Foundar tion of China(Nos.61671423 and 61271403)。
文摘Visual tracking has been a popular task in computer vision in recent years,especially for long-term tracking.A novel object tracking framework is proposed in this paper.For surveillance cameras with overlapping areas,the target area is divided into several regions corresponding to each camera,and a simple re-matching method is used by matching the colors according to the segmented parts.For surveillance cameras without overlapping areas,a time estimation model is employed for continuously tracking objects in different fields of view(FoVs).A demonstration system for collaborative tracking in real time situation is realized finally.The experimental results show that compared with current popular algorithms,the proposed approach has good effect in accuracy and computation time for the application of continuously tracking the pedestrians.
