Nowadays,as lightweight mobile clients become more powerful and widely used,more and more information is stored on lightweight mobile clients,user sensitive data privacy protection has become an urgent concern and pro...Nowadays,as lightweight mobile clients become more powerful and widely used,more and more information is stored on lightweight mobile clients,user sensitive data privacy protection has become an urgent concern and problem to be solved.There has been a corresponding rise of security solutions proposed by researchers,however,the current security mechanisms on lightweight mobile clients are proven to be fragile.Due to the fact that this research field is immature and still unexplored in-depth,with this paper,we aim to provide a structured and comprehensive study on privacy protection using trusted execution environment(TEE)for lightweight mobile clients.This paper presents a highly effective and secure lightweight mobile client privacy protection system that utilizes TEE to provide a new method for privacy protection.In particular,the prototype of Lightweight Mobile Clients Privacy Protection Using Trusted Execution Environments(LMCPTEE)is built using Intel software guard extensions(SGX)because SGX can guarantee the integrity,confidentiality,and authenticity of private data.By putting lightweight mobile client critical data on SGX,the security and privacy of client data can be greatly improved.We design the authentication mechanism and privacy protection strategy based on SGX to achieve hardware-enhanced data protection and make a trusted connection with the lightweight mobile clients,thus build the distributed trusted system architecture.The experiment demonstrates that without relying on the performance of the blockchain,the LMCPTEE is practical,feasible,low-performance overhead.It can guarantee the privacy and security of lightweight mobile client private data.展开更多
Distributed Denial of Service(DDoS)attacks is always one of the major problems for service providers.Using blockchain to detect DDoS attacks is one of the current popular methods.However,the problems of high time over...Distributed Denial of Service(DDoS)attacks is always one of the major problems for service providers.Using blockchain to detect DDoS attacks is one of the current popular methods.However,the problems of high time overhead and cost exist in the most of the blockchain methods for detecting DDoS attacks.This paper proposes a blockchain-based collaborative detection method for DDoS attacks.First,the trained DDoS attack detection model is encrypted by the Intel Software Guard Extensions(SGX),which provides high security for uploading the DDoS attack detection model to the blockchain.Secondly,the service provider uploads the encrypted model to Inter Planetary File System(IPFS)and then a corresponding Content-ID(CID)is generated by IPFS which greatly saves the cost of uploading encrypted models to the blockchain.In addition,due to the small amount of model data,the time cost of uploading the DDoS attack detection model is greatly reduced.Finally,through the blockchain and smart contracts,the CID is distributed to other service providers,who can use the CID to download the corresponding DDoS attack detection model from IPFS.Blockchain provides a decentralized,trusted and tamper-proof environment for service providers.Besides,smart contracts and IPFS greatly improve the distribution efficiency of the model,while the distribution of CID greatly improves the efficiency of the transmission on the blockchain.In this way,the purpose of collaborative detection can be achieved,and the time cost of transmission on blockchain and IPFS can be considerably saved.We designed a blockchain-based DDoS attack collaborative detection framework to improve the data transmission efficiency on the blockchain,and use IPFS to greatly reduce the cost of the distribution model.In the experiment,compared with most blockchain-based method for DDoS attack detection,the proposed model using blockchain distribution shows the advantages of low cost and latency.The remote authentication mechanism of Intel SGX provides high security and integrity,and ensures the availability of distributed models.展开更多
基金supported by the National Natural Science Foundation of China(Grant No.61762033)Hainan Provincial Natural Science Foundation of China(Grant Nos.2019RC041 and 2019RC098)+2 种基金Opening Project of Shanghai Trusted Industrial Control Platform(Grant No.TICPSH202003005-ZC)Ministry of Education Humanities and Social Sciences Research Program Fund Project(Grant No.19YJA710010)Zhejiang Public Welfare Technology Research(Grant No.LGF18F020019).
文摘Nowadays,as lightweight mobile clients become more powerful and widely used,more and more information is stored on lightweight mobile clients,user sensitive data privacy protection has become an urgent concern and problem to be solved.There has been a corresponding rise of security solutions proposed by researchers,however,the current security mechanisms on lightweight mobile clients are proven to be fragile.Due to the fact that this research field is immature and still unexplored in-depth,with this paper,we aim to provide a structured and comprehensive study on privacy protection using trusted execution environment(TEE)for lightweight mobile clients.This paper presents a highly effective and secure lightweight mobile client privacy protection system that utilizes TEE to provide a new method for privacy protection.In particular,the prototype of Lightweight Mobile Clients Privacy Protection Using Trusted Execution Environments(LMCPTEE)is built using Intel software guard extensions(SGX)because SGX can guarantee the integrity,confidentiality,and authenticity of private data.By putting lightweight mobile client critical data on SGX,the security and privacy of client data can be greatly improved.We design the authentication mechanism and privacy protection strategy based on SGX to achieve hardware-enhanced data protection and make a trusted connection with the lightweight mobile clients,thus build the distributed trusted system architecture.The experiment demonstrates that without relying on the performance of the blockchain,the LMCPTEE is practical,feasible,low-performance overhead.It can guarantee the privacy and security of lightweight mobile client private data.
基金supported by the Key Research and Development Program of Hainan Province(Grant No.ZDYF2020040,ZDYF2021GXJS003)Major science and technology project of Hainan Province(Grant No.ZDKJ2020012)+2 种基金National Natural Science Foundation of China(NSFC)(Grant No.62162022,62162024 and 61762033)Hainan Provincial Natural Science Foundation of China(Grant No.620MS021)Opening Project of Shanghai Trusted Industrial Control Platform(Grant No.TICPSH202003005-ZC).
文摘Distributed Denial of Service(DDoS)attacks is always one of the major problems for service providers.Using blockchain to detect DDoS attacks is one of the current popular methods.However,the problems of high time overhead and cost exist in the most of the blockchain methods for detecting DDoS attacks.This paper proposes a blockchain-based collaborative detection method for DDoS attacks.First,the trained DDoS attack detection model is encrypted by the Intel Software Guard Extensions(SGX),which provides high security for uploading the DDoS attack detection model to the blockchain.Secondly,the service provider uploads the encrypted model to Inter Planetary File System(IPFS)and then a corresponding Content-ID(CID)is generated by IPFS which greatly saves the cost of uploading encrypted models to the blockchain.In addition,due to the small amount of model data,the time cost of uploading the DDoS attack detection model is greatly reduced.Finally,through the blockchain and smart contracts,the CID is distributed to other service providers,who can use the CID to download the corresponding DDoS attack detection model from IPFS.Blockchain provides a decentralized,trusted and tamper-proof environment for service providers.Besides,smart contracts and IPFS greatly improve the distribution efficiency of the model,while the distribution of CID greatly improves the efficiency of the transmission on the blockchain.In this way,the purpose of collaborative detection can be achieved,and the time cost of transmission on blockchain and IPFS can be considerably saved.We designed a blockchain-based DDoS attack collaborative detection framework to improve the data transmission efficiency on the blockchain,and use IPFS to greatly reduce the cost of the distribution model.In the experiment,compared with most blockchain-based method for DDoS attack detection,the proposed model using blockchain distribution shows the advantages of low cost and latency.The remote authentication mechanism of Intel SGX provides high security and integrity,and ensures the availability of distributed models.