Secret key generation based on channel characteristics is an effective physical-layer security method for 5G wireless networks. The issues of how to ensure the high key generation rate and correlation of the secret key under active attack are needed to be addressed. In this paper, a new practical secret key generation scheme with high rate and correlation is proposed. In our proposed scheme, Alice and Bob transmit independent random sequences instead of known training sequences or probing signals; neither Alice nor Bob can decode these random sequences or estimate the channel. User's random sequences together with the channel effects are used as common random source to generate the secret key. With this solution, legitimate users are able to share secret keys with sufficient length and high security under active attack. We evaluate the proposed scheme through both analytic and simulation studies. The results show that our proposed scheme achieves high key generation rate and key security, and is suitable for 5G wireless networks with resource-constrained devices.

In recent years, federated learning has attracted more and more attention as it could collaboratively train a global model without gathering the users' raw data. It has brought many challenges. In this paper, we proposed layer-based federated learning system with privacy preservation. We successfully reduced the communication cost by selecting several layers of the model to upload for global averaging and enhanced the privacy protection by applying local differential privacy. We evaluated our system in non independently and identically distributed scenario on three datasets. Compared with existing works, our solution achieved better performance in both model accuracy and training time.

Blockchain is one of the prominent rapidly used technology in the last decade in various applications. In recent years, many researchers explored the capabilities of blockchain in smart IoT to address various security challenges. Integration of IoT and blockchain solves the security problems but scalability still remains a huge challenge. To address this, various AI techniques can be applied in the blockchain IoT framework, thus providing an efficient information system. In this survey, various works pertaining to the domains which integrate AI, IoT and Blockchain has been explored. Also, this article discusses potential industrial use cases on fusion of blockchain, AI and IoT applications and its challenges.

Due to rapid growth of RFID system applications, the security and privacy problems become more and more important to guarantee the validity of RFID systems. Without introducing proper privacy protection mechanisms, widespread deployment of RFID could raise privacy concerns to both companies and individuals. As a fundamental issue for the design and analysis of secure RFID systems, some formal RFID privacy frameworks were proposed in recent years to give the principles for evaluating the security and privacy in RFID system. However, readers can be confused with so many proposed frameworks. In this paper, we make a comparative and survey study on the proposed RFID privacy frameworks. We mainly divide the existing models into three categories, the four-oracle framework, eight-oracle framework and Universal Composability framework. We give a brief review on the existing models and describe their abilities to model the adversarial behavior in RFID systems. We then analyze relations among those existing RFID privacy models and make some comparisons among their properties.

Due to the fast development of Internet and the related IT technologies, it becomes more and more easier to access a large amount of data. k-means clustering is a powerful and frequently used technique in data mining. Many research papers about privacy-preserving k-means clustering were published. In this paper, we analyze the existing privacy-preserving k-means clustering schemes based on the cryptographic techniques. We show those schemes will cause the privacy breach and cannot output the correct results due to the faults in the protocol construction. Furthermore, we analyze our proposal as an option to improve such problems but with intermediate information breach during the computation.

To safeguard critical services and assets in a distributed environment, collaborative intrusion detection systems (CIDSs) are usually adopted to share necessary data and information among various nodes, and enhance the detection capability. For simplifying the network management, software defined networking (SDN) is an emerging platform that decouples the controller plane from the data plane. Intuitively, SDN can help lighten the management complexity in CIDSs, and a CIDS can protect the security of SDN. In practical implementation, trust management is an important approach to help identify insider attacks (or malicious nodes) in CIDSs, but the challenge is how to ensure the data integrity when evaluating the reputation of a node. Motivated by the recent development of blockchain technology, in this work, we design BlockCSDN — a framework of blockchain-based collaborative intrusion detection in SDN, and take the challenge-based CIDS as a study. The experimental results under both external and internal attacks indicate that using blockchain technology can benefit the robustness and security of CIDSs and SDN.

Smart contracts are becoming more and more popular in financial scenarios like medical insurance. Rather than traditional schemes, using smart contracts as a medium is a better choice for both participants, as it is fairer, more reliable, more efficient, and enables real-time payment. However, medical insurance contracts need to input the patient's condition information as the judgment logic to trigger subsequent execution. Since the blockchain is a closed network, it lacks a secure network environment for data interaction with the outside world. The Data feed aims to provide the service of the on-chain and off-chain data interaction. Existing researches on the data feed has solved the security problems on it effectively, such as Town Crier, TLS-N and they have also taken into account the privacy-preserving problems. However, these schemes cannot actually protect privacy because when the ciphertext data is executed by the contract, privacy information can still be inferred by analyzing the transaction results, since states of the contract are publicly visible. In this paper, based on zero-knowledge proof and Hawk technology, a on-and-off-chain complete smart contract data feed privacy-preserving scheme is proposed. In order to present our scheme more intuitively, we combined the medical insurance compensation case to implement it, which is called MIPDF. In our MIPDF, the patient and the insurance company are parties involved in the contract, and the hospital is the data provider of data feed. The patient's medical data is sent to the smart contract under the umbrella of the zero-knowledge proof signature scheme. The smart contract verifies the proof and calculates the insurance premium based on the judgment logic. Meanwhile, we use Hawk technology to ensure the privacy of on-chain contract execution, so that no information will be disclosed due to the result of contract execution. We give a general description of our scheme within the Universal Composability (UC) framework. We experiment and evaluate MIPDF on Ethereum for in-depth analysis. The results show that our scheme can securely and efficiently support the functions of medical insurance and achieve complete privacy-preserving.

The rapid growth of the Internet provides people with tremendous opportunities for data collection, knowledge discovery and cooperative computation. However, it also brings the problem of sensitive information leakage. Both individuals and enterprises may suffer from the massive data collection and the information retrieval by distrusted parties. In this paper, we propose a privacy-preserving protocol for the distributed kernel density estimation-based clustering. Our scheme applies random data perturbation (RDP) technique and the verifiable secret sharing to solve the security problem of distributed kernel density estimation in [4] which assumed a mediate party to help in the computation.

Cloud computing is a unlimited computing resource and storing resource, which provides a lot of convenient services, for example, Internet and education, intelligent transportation system. With the rapid development of cloud computing, more and more people pay attention to reducing the cost of data management. Data sharing is a effective model to decrease the cost of individuals or companies in dealing with data. However, the existing data sharing scheme cannot reduce communication cost under ensuring the security of users. In this paper, an anonymous and traceable data sharing scheme is presented. The proposed scheme can protect the privacy of the user. In addition, the proposed scheme also can trace the user uploading irrelevant information. Security and performance analyses show that the data sharing scheme is secure and effective.

RFID enable applications are ubiquitous in our society, especially become more and more important as IoT management rises. Meanwhile, the concern of security and privacy of RFID is also increasing. The pseudorandom number generator is one of the core primitives to implement RFID security. Therefore, it is necessary to design and implement a secure and robust pseudo-random number generator (PRNG) for current RFID tag. In this paper, we study the security of light-weight PRNGs for EPC Gen2 RFID tag which is an EPC Global standard. For this reason, we have analyzed and improved the existing research at IEEE TrustCom 2017 and proposed a model using external random numbers. However, because the previous model uses external random numbers, the speed has a problem depending on the generation speed of external random numbers. In order to solve this problem, we developed a pseudorandom number generator that does not use external random numbers. This model consists of LFSR, NLFSR and SLFSR. Safety is achieved by using nonlinear processing such as multiplication and logical multiplication on the Galois field. The cycle achieves a cycle longer than the key length by effectively combining a plurality of LFSR and the like. We show that our proposal PRNG has good randomness and passed the NIST randomness test. We also shows that it is resistant to identification attacks and GD attacks.

The recommend system has been widely used in many web application areas such as e-commerce services. With the development of the recommend system, the HIN modeling method replaces the traditional bipartite graph modeling method to represent the recommend system. But several studies have already showed that recommend system is vulnerable to shilling attack (injecting attack). However, the effectiveness of how traditional shilling attack has rarely been studied directly in the HIN model. Moreover, no study has focused on how to enhance shilling attacks against HIN recommend system by using the high-level semantic information. This work analyzes the relationship between the high-level semantic information and the attacking effects in HIN recommend system. This work proves that attack results are proportional to the high-level semantic information. Therefore, we propose a heuristic attack method based on high-level semantic information, named Semantic Shilling Attack (SSA) on a HIN recommend system (HERec). This method injects a specific score into each selected item related to the target in semantics. It ensures transmitting the misleading information towards target items and normal users, and attempts to interfere with the effect of the recommend system. The experiment is dependent on two real-world datasets, and proves that the attacking effect is positively correlate with the number of meta-paths. The result shows that our method is more effective when compared with existing baseline algorithms.

Oblivious RAM is a technique for hiding the access patterns between a client and an untrusted server. However, current ORAM algorithms incur large communication or storage overhead. We propose a novel ORAM construction using a matrix logical structure for server storage where a client downloads blocks from each row, choosing the column randomly to hide the access pattern. Both a normal construction and recursive construction, where a position map normally stored on the client is also stored on the server, are presented. We show our matrix ORAM achieves constant bandwidth cost for the normal construction, uses similar storage to the existing Path ORAM, and improves open the bandwidth cost compared to Path ORAM under certain conditions in the recursive construction.

The requirement of safety, roadway capacity and efficiency in the vehicular network, which makes vehicular platoons concept continue to be of interest. For the authentication in vehicular platoons, efficiency and cooperation are the two most important things. Cooperative authentication is a way to recognize false identities and messages as well as saving resources. However, taking part in cooperative authentication makes the vehicle more vulnerable to privacy leakage which is commonly done by location tracking. Moreover, vehicles consume their resources when cooperating with others during the process of cooperation authentication. These two significant factors cause selfish behaviors of the vehicles not to participate in cooperate cooperation actively. In this paper, an infinitely repeated game for cooperative authentication in vehicular platoons is proposed to help analyze the utility of all nodes and point out the weakness of the current collaborative authentication protocol. To deal with this weakness, we also devised an enhanced cooperative authentication protocol based on mechanisms which makes it easier for vehicles to stay in the cooperate strategy rather than tend to selfish behavior. Meanwhile, our protocol can defense insider attacks.