共查询到20条相似文献,搜索用时 636 毫秒
1.
Cross-silo联邦学习使客户端可以在不共享原始数据的情况下通过聚合本地模型更新来协作训练一个机器学习模型。然而研究表明,训练过程中传输的中间参数也会泄露原始数据隐私,且好奇的中央服务器可能为了自身利益伪造或篡改聚合结果。针对上述问题,文章提出一种抗合谋的隐私保护与可验证cross-silo联邦学习方案。具体地,对每个客户端中间参数进行加密以保护数据隐私,同时为增强系统安全性,结合秘密共享方案实现密钥管理和协同解密。此外,通过聚合签名进一步实现数据完整性和认证,并利用多项式承诺实现中央服务器聚合梯度的可验证性。安全性分析表明,该方案不仅能保护中间参数的隐私及验证数据完整性,而且能够确保聚合梯度的正确性。同时,性能分析表明,相比于现有同类方案,文章所提方案的通信开销显著降低。 相似文献
2.
基于中心式和分布式结构的LBS隐私保护方案的特点,设计了一种混合式隐私保护结构以兼具两者优势,并在该结构下提出了一种基于网格的LBS隐私保护方案。该方案使用参数生成器定期向用户及LBS服务器更新偏移参数,通过结合K-匿名和随机偏移技术,在中心服务器生成匿名区域。在保证安全性的同时,避免了传统匿名中心服务器存在的安全隐患。同时,在查询结果的筛选过程中,采用网格化坐标对匿名区域进行表示,实现了高效的结果匹配,显著降低了中心服务器的计算开销。较之已有方案,该方案在通信开销方面亦具有较大优势。 相似文献
3.
4.
数据拥有性证明技术是当前云存储安全领域中的一项重要研究内容,可使用户无须下载所有文件就能高效地远程校验用户数据是否完整存储于云服务器。现实中,用户趋向于委托第三方验证机构TPA代替自己来验证数据的完整性;然而,多数支持第三方公开审计的数据拥有性证明方案通常只考虑恶意服务器是否能够伪造标签或证明的问题,鲜有考虑恶意TPA可能会窃取用户隐私的情况。近几年,一些既针对服务器保证数据的安全性又针对TPA实现数据隐私保护的数据拥有性证明方案逐渐被提出,但多应用于单云服务器环境下;个别应用在多云服务器环境下可支持批量审计的方案,或者不能有效抵抗恶意云服务器的攻击,或者无法实现针对TPA的零知识隐私保护。因此,文中在Yu等工作的基础上,提出了一个多云服务器环境下支持批量审计的数据拥有性证明方案。所提方案既可保证针对恶意云服务器的安全性,还可实现针对TPA的完美零知识隐私保护。性能分析及仿真实验表明所提方案是高效且可行的。 相似文献
5.
基于信件源的垃圾邮件过滤 总被引:8,自引:0,他引:8
众所周知,垃圾邮件问题已经是当今网络世界的一个严重问题。大量无用,甚至有害的信件在网络传播,不仅消耗了大量的网络资源,而且还严重威胁到邮件系统用户信息的安全,对邮件服务器本身提出了严峻的挑战。保护内部邮件服务器,在最大程度上减少垃圾邮件对邮件服务器的破坏是该文将讨论的主题。文章将对这一问题提出一种有效的解决方案,通过基于信件源的邮件过滤来自动地实现对邮件服务器的保护,并且对基于这种方案的反垃圾邮件技术的发展提出一些看法。 相似文献
6.
随着基于位置的服务( LBS)的发展,如何保证用户在使用位置服务时的隐私安全,已成为一个亟待解决的问题。文中对主流的位置隐私保护技术进行了分析和比较。在此基础上,针对移动用户的位置隐私保护,提出了一种基于中心服务器的位置隐私保护方案。该方案针对隐私保护需求的差异性,考虑区域的敏感等级,对敏感区域采用K-匿名和假名进行保护,同时运用脚印来辅助匿名。该方案能在不降低位置服务质量的前提下,有效地保护移动用户位置隐私。 相似文献
7.
提出一种将社交网网络服务与用户的数据资源管理相分离的半去中心化的社交网隐私保护方案。通过对其直接好友颁布并保存到关系服务器上的关系声明来明确用户与其好友之间的关系类型,以关系类型和访问深度作为参数定义数据资源的访问控制规则,利用关系服务器验证访问请求者与资源拥有者之间的关系路径,将关系路径与访问控制规则进行比较以决定是否授权访问。实现了依据用户指定的关系类型和深度进行授权控制,进而保护了社交网中用户数据资源的隐私。 相似文献
8.
联邦学习作为一种新兴的分布式机器学习技术,允许用户通过服务器协同训练全局模型,而无需共享其原始数据集.然而服务器可以对用户上传的模型参数进行分析,推断用户隐私.此外,服务器还可能伪造聚合结果,诱导用户发布敏感信息.因此用户需要对参数进行保护,同时对聚合结果进行正确性验证.本文设计了一种可验证的联邦学习方案.首先,基于公开可验证秘密共享设计了双掩码安全聚合协议,在保护用户模型参数的同时还能支持用户的动态退出和共享验证功能,确保服务器解密的正确性.其次,基于同态签名构建验证公钥更短的聚合结果验证方案,使用户可以验证服务器聚合结果的正确性.实验结果表明,同现有方案相比,方案验证聚合结果时的计算开销和通信开销同时处于较低水平.安全性分析证明了方案在隐私保护方面能够有效防止恶意攻击和数据泄露,保障了联邦学习训练的安全性. 相似文献
9.
提出逻辑事务处理的概念,使用参数化的数据库查询语句解决以服务器为中心的系统的子集化问题,设计一个可以应用于数据子集的稳定可升级的方案。测试结果显示,与基于传统事务处理的数据同步方案相比,该方案的异步属性使之更适合于服务器数据库和客户端数据库网络连接较弱的情况。 相似文献
10.
工业物联网(industrial Internet of things, IIoT)设备通过云端收集和存储数据时,会遇到数据认证和隐私保护等问题.属性基签名(attribute-based signature, ABS)不仅可以实现数据认证,而且可以保护签名者的身份隐私.目前存在的SA-ABS(server-aided ABS)方案中,借助服务器减小了签名者和验证者的计算开销,而且通过抵抗签名者和服务器的共谋攻击保证了服务器辅助验证阶段的安全性.但是,现有的SA-ABS方案都不能对服务器产生的部分签名进行有效性验证,所以存在服务器对部分签名伪造的安全隐患.为克服这一挑战,提出一种服务器辅助且可验证的属性基签名(server-aided and verifiable ABS, SA-VABS)方案,该方案不仅减小了签名者和验证者的计算开销,而且通过抵抗签名者和服务器的共谋攻击来保证服务器辅助验证阶段的安全性,最重要的是对服务器产生的部分签名进行了有效性验证,从而保证了服务器辅助签名产生阶段的安全性.形式化安全性分析表明SA-VABS方案是安全的.仿真实验和对比分析表明SA-VABS方案在保证效率的同时提高了安全性. 相似文献
11.
Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an insecure communication channel. Currently, smart card-based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the authentication purpose. Recently, Wang et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. They claimed that their scheme preserves anonymity of user, has the features of strong password chosen by the server, and protected from several attacks. However, in this paper, we point out that Wang et al.’s scheme has practical pitfalls and is not feasible for real-life implementation. We identify that their scheme: does not provide anonymity of a user during authentication, user has no choice in choosing his password, vulnerable to insider attack, no provision for revocation of lost or stolen smart card, and does provide session key agreement. To remedy these security flaws, we propose an enhanced authentication scheme, which covers all the identified weaknesses of Wang et al.’s scheme and is more secure and efficient for practical application environment. 相似文献
12.
13.
To prevent the forged login attacks, Liu et al. recently proposed a new mutual authentication scheme using smart cards. However, we demonstrate that the attacker without any secret information can successfully not only impersonate any user to cheat the server but also impersonate the server to cheat any user. That is, Liu et al.’s scheme fails to defend the forged login attack as the previous version. Our cryptanalysis result is important for security engineers, who are responsible for the design and development of smart card-based user authentication systems. 相似文献
14.
《Information Security Journal: A Global Perspective》2013,22(2):67-77
ABSTRACT In 2004, Das et al. proposed a dynamic identity-based remote user authentication scheme using smart cards. This scheme allows users to choose and change their passwords freely, and the server does not maintain any verification table. Das et al. claimed that their scheme is secure against stolen verifier attack, replay attack, forgery attack, dictionary attack, insider attack and identity theft. However, many researchers have demonstrated that Das et al.'s scheme is susceptible to various attacks. Furthermore, this scheme does not achieve mutual authentication and thus cannot resist malicious server attack. In 2009, Wang et al. argued that Das et al.'s scheme is susceptible to stolen smart card attack. If an attacker obtains the smart card of the user and chooses any random password, the attacker gets through the authentication process to get access of the remote server. Therefore, Wang et al. suggested an improved scheme to preclude the weaknesses of Das et al.'s scheme. However, we found that Wang et al.'s scheme is susceptible to impersonation attack, stolen smart card attack, offline password guessing attack, denial of service attack and fails to preserve the user anonymity. This paper improves Wang et al.'s scheme to resolve the aforementioned problems, while keeping the merits of different dynamic identity based smart card authentication schemes. 相似文献
15.
《Computer Standards & Interfaces》2005,27(2):181-183
In 2000, Sun proposed an efficient remote user authentication scheme using smart cards. Later, Chien et al. pointed out that Sun's scheme does not provide the mutual authentication between the user and the server and allow users to freely choose password themselves. Chien et al. further proposed a new efficient and practical solution to solve the problems. However, Hsu showed that Chien et al.'s scheme is vulnerable to the parallel session attack. This paper proposes an improved scheme to overcome the weakness while maintaining the advantages of Chien et al.'s scheme. 相似文献
16.
Ravanbakhsh Niloofar Mohammadi Mohadeseh Nikooghadam Morteza 《Multimedia Tools and Applications》2019,78(9):11129-11153
With the growth of the internet, development of IP based services has increased. Voice over IP (VoIP) technology is one of the services which works based on the internet and packet switching networks and uses this structure to transfer the multimedia data e.g. voices and images. Recently, Chaudhry et al., Zhang et al. and Nikooghadam et al. have presented three authentication and key agreement protocols, separately. However, in this paper, it is proved that the presented protocols by Chaudhry et al. and also Nikooghadam et al. do not provide the perfect forward secrecy, and the presented protocol by Zhang et al. not only is vulnerable to replay attack, and known session-specific temporary information attack, but also does not provide user anonymity, re-registration and revocation, and violation of fast error detection. Therefore, a secure and efficient two-factor authentication and key agreement protocol is presented. The security analysis proves that our proposed protocol is secure against various attacks. Furthermore, security of proposed scheme is formally analyzed using BAN logic and simulated by means of the AVISPA tool. The simulation results demonstrate security of presented protocol against active and passive attacks. The communication and computation cost of the proposed scheme is compared with previously proposed authentication schemes and results confirm superiority of the proposed scheme.
相似文献17.
Very recently, Tu et al. proposed an authentication scheme for session initiation protocol using smart card to overcome the security flaws of Zhang et al.’s protocol. They claimed that their protocol is secure against known security attacks. However, in this paper, we indicate that Tu et al.’s protocol is insecure against impersonation attack. We show that an adversary can easily masquerade as a legal server to fool users. As a remedy, we also improve Tu et al.’s protocol without imposing extra computation cost. To show the security of our protocol, we prove its security in the random oracle model. 相似文献
18.
远程用户认证方案是远程服务器通过不安全的网络认证远程用户身份的一种机制。根据椭圆曲线上的双线性对的优良性质,2006年,Das等人提出了基于双线性对的远程用户认证方案。2009年, Goriparthi等人指出该方案易遭受伪造攻击和重放攻击并给出了一个改进方案。然而发现Goriparthi等人的改进方案易遭受内部人员攻击、拒绝服务攻击和服务器哄骗攻击以及存在时钟同步问题。为了克服这些缺点,提出了基于双线性对和Nonce的智能卡远程用户认证方案。安全分析表明,该方案不但增强了认证系统的安全性,而且可安全地完 相似文献
19.
Dheerendra Mishra Ashok Kumar Das Sourav Mukhopadhyay 《Peer-to-Peer Networking and Applications》2016,9(1):171-192
The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. The proposed authentication in SIP is HTTP digest based authentication. Recently, Tu et al. presented an improvement of Zhang et al.’s smart card-based authenticated key agreement protocol for SIP. Their scheme efficiently resists password guessing attack. However, in this paper, we analyze the security of Tu et al.’s scheme and demonstrate their scheme is still vulnerable to user’s impersonation attack, server spoofing attack and man-in-the middle attack. We aim to propose an efficient improvement on Tu et al.’s scheme to overcome the weaknesses of their scheme, while retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Tu et al.’s scheme. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. Additionally, the proposed scheme is comparable in terms of the communication and computational overheads with Tu et al.’s scheme and other related existing schemes. 相似文献
20.
The session initiation protocol is used for communication purposes in a client-server environment, where for each time session the client and server agree upon a shared secret session key through an authentication system. After establishing the connection between client and server for a session, both the parties use a session key to encrypt/decrypt messages for communicating within that session securely. Therefore, authentication plays a vital role in sharing the secret session key. Recently, Chaudhry et al. proposed an authentication scheme; yet this paper shows that Chaudhry et al.’s scheme has inefficient login and password change phases, respectively, and does not take care of the users’ anonymity. Therefore, this study proposes an enhanced scheme, referred to as the secure authentication scheme for session initiation protocol (SAS-SIP) to eliminate the drawbacks of the scheme proposed by Chaudhry et al. In addition, the proposed SAS-SIP uses fuzzy extractors to incorporate biometric data along with the password to enhance the degree of security in the authentication system. After performing the security analysis through a random oracle model, this paper concludes that SAS-SIP is secure from secret information retrieval of communicators to the attacker. Furthermore, it has a better trade-off among several measurement costs along with security. 相似文献