QBIoT:A Quantum Blockchain Framework for IoT with an Improved Proof-of-Authority Consensus Algorithm and a Public-Key Quantum Signature

The Internet of Things(IoT)is a network system that connects physical devices through the Internet,allowing them to interact.Nowadays,IoT has become an integral part of our lives,offering convenience and smart functionality.However,the growing number of IoT devices has brought about a corresponding increase in cybersecurity threats,such as device vulnerabilities,data privacy concerns,and network susceptibilities.Integrating blockchain technology with IoT has proven to be a promising approach to enhance IoT security.Nevertheless,the emergence of quantum computing poses a significant challenge to the security of traditional classical cryptography used in blockchain,potentially exposing it to quantum cyber-attacks.To support the growth of the IoT industry,mitigate quantum threats,and safeguard IoT data,this study proposes a robust blockchain solution for IoT that incorporates both classical and post-quantum security measures.Firstly,we present the Quantum-Enhanced Blockchain Architecture for IoT(QBIoT)to ensure secure data sharing and integrity protection.Secondly,we propose an improved Proof of Authority consensus algorithm called“Proof of Authority with Random Election”(PoARE),implemented within QBIoT for leader selection and new block creation.Thirdly,we develop a publickey quantum signature protocol for transaction verification in the blockchain.Finally,a comprehensive security analysis of QBIoT demonstrates its resilience against cyber threats from both classical and quantum adversaries.In summary,this research introduces an innovative quantum-enhanced blockchain solution to address quantum security concernswithin the realmof IoT.The proposedQBIoT framework contributes to the ongoing development of quantum blockchain technology and offers valuable insights for future research on IoT security.

Quantum-Enhanced Blockchain: A Secure and Practical Blockchain Scheme

The rapid advancement of quantum technology poses significant security risks to blockchain systems.However,quantum technology can also provide solutions for enhancing blockchain security.In this paper,we propose a quantum-enhanced blockchain scheme to achieve a high level of security against quantum computing attacks.We first discuss quantum computing attacks on classic blockchains,including attacks on hash functions,digital signatures,and consensus mechanisms.We then introduce quantum technologies,such as a quantum hash function(QHF),a quantum digital signature(QDS),and proof of authority(PoA)consensus mechanism,into our scheme to improve the security of the blockchain system.Our security analysis demonstrates that our scheme offers superior security against quantum and classic attacks.Finally,we compare our scheme with previous works,showing that our scheme has achieved a perfect balance in terms of practicality,reliability,scalability,and efficiency.Overall,this work contributes to the ongoing research on quantum blockchain in the quantum era.

Side-Channel Attacks Based on Collaborative Learning

Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.

Rumor detection with self-supervised learning on texts and social graph

Rumor detection has become an emerging and active research field in recent years.At the core is to model the rumor characteristics inherent in rich information,such as propagation patterns in social network and semantic patterns in post content,and differentiate them from the truth.However,existing works on rumor detection fall short in modeling heterogeneous information,either using one single information source only(e.g.,social network,or post content)or ignoring the relations among multiple sources(e.g.,fusing social and content features via simple concatenation).Therefore,they possibly have drawbacks in comprehensively understanding the rumors,and detecting them accurately.In this work,we explore contrastive self-supervised learning on heterogeneous information sources,so as to reveal their relations and characterize rumors better.Technically,we supplement the main supervised task of detection with an auxiliary self-supervised task,which enriches post representations via post self-discrimination.Specifically,given two heterogeneous views of a post(i.e.,representations encoding social patterns and semantic patterns),the discrimination is done by maximizing the mutual information between different views of the same post compared to that of other posts.We devise cluster-wise and instance-wise approaches to generate the views and conduct the discrimination,considering different relations of information sources.We term this framework as self-supervised rumor detection(SRD).Extensive experiments on three real-world datasets validate the effectiveness of SRD for automatic rumor detection on social media.

TIM: threat context-enhanced TTP intelligence mining on unstructured threat data

TTPs (Tactics, Techniques, and Procedures), which represent an attacker’s goals and methods, are the long period and essential feature of the attacker. Defenders can use TTP intelligence to perform the penetration test and compensate for defense deficiency. However, most TTP intelligence is described in unstructured threat data, such as APT analysis reports. Manually converting natural language TTPs descriptions to standard TTP names, such as ATT&CK TTP names and IDs, is time-consuming and requires deep expertise. In this paper, we define the TTP classification task as a sentence classification task. We annotate a new sentence-level TTP dataset with 6 categories and 6061 TTP descriptions from 10761 security analysis reports. We construct a threat context-enhanced TTP intelligence mining (TIM) framework to mine TTP intelligence from unstructured threat data. The TIM framework uses TCENet (Threat Context Enhanced Network) to find and classify TTP descriptions, which we define as three continuous sentences, from textual data. Meanwhile, we use the element features of TTP in the descriptions to enhance the TTPs classification accuracy of TCENet. The evaluation result shows that the average classification accuracy of our proposed method on the 6 TTP categories reaches 0.941. The evaluation results also show that adding TTP element features can improve our classification accuracy compared to using only text features. TCENet also achieved the best results compared to the previous document-level TTP classification works and other popular text classification methods, even in the case of few-shot training samples. Finally, the TIM framework organizes TTP descriptions and TTP elements into STIX 2.1 format as final TTP intelligence for sharing the long-period and essential attack behavior characteristics of attackers. In addition, we transform TTP intelligence into sigma detection rules for attack behavior detection. Such TTP intelligence and rules can help defenders deploy long-term effective threat detection and perform more realistic attack simulations to strengthen defense.