FL-EASGD:Federated Learning Privacy Security Method Based on Homomorphic Encryption

Federated learning ensures data privacy and security by sharing models among multiple computing nodes instead of plaintext data.However,there is still a potential risk of privacy leakage,for example,attackers can obtain the original data through model inference attacks.Therefore,safeguarding the privacy of model parameters becomes crucial.One proposed solution involves incorporating homomorphic encryption algorithms into the federated learning process.However,the existing federated learning privacy protection scheme based on homomorphic encryption will greatly reduce the efficiency and robustness when there are performance differences between parties or abnormal nodes.To solve the above problems,this paper proposes a privacy protection scheme named Federated Learning-Elastic Averaging Stochastic Gradient Descent(FL-EASGD)based on a fully homomorphic encryption algorithm.First,this paper introduces the homomorphic encryption algorithm into the FL-EASGD scheme to preventmodel plaintext leakage and realize privacy security in the process ofmodel aggregation.Second,this paper designs a robust model aggregation algorithm by adding time variables and constraint coefficients,which ensures the accuracy of model prediction while solving performance differences such as computation speed and node anomalies such as downtime of each participant.In addition,the scheme in this paper preserves the independent exploration of the local model by the nodes of each party,making the model more applicable to the local data distribution.Finally,experimental analysis shows that when there are abnormalities in the participants,the efficiency and accuracy of the whole protocol are not significantly affected.

Security and Privacy in Solar Insecticidal Lamps Internet of Things:Requirements and Challenges

Solar insecticidal lamps(SIL) can effectively control pests and reduce the use of pesticides. Combining SIL and Internet of Things(IoT) has formed a new type of agricultural IoT,known as SIL-IoT, which can improve the effectiveness of migratory phototropic pest control. However, since the SIL is connected to the Internet, it is vulnerable to various security issues.These issues can lead to serious consequences, such as tampering with the parameters of SIL, illegally starting and stopping SIL,etc. In this paper, we describe the overall security requirements of SIL-IoT and present an extensive survey of security and privacy solutions for SIL-IoT. We investigate the background and logical architecture of SIL-IoT, discuss SIL-IoT security scenarios, and analyze potential attacks. Starting from the security requirements of SIL-IoT we divide them into six categories, namely privacy, authentication, confidentiality, access control, availability,and integrity. Next, we describe the SIL-IoT privacy and security solutions, as well as the blockchain-based solutions. Based on the current survey, we finally discuss the challenges and future research directions of SIL-IoT.

A Review of Lightweight Security and Privacy for Resource-Constrained IoT Devices

The widespread and growing interest in the Internet of Things(IoT)may be attributed to its usefulness in many different fields.Physical settings are probed for data,which is then transferred via linked networks.There are several hurdles to overcome when putting IoT into practice,from managing server infrastructure to coordinating the use of tiny sensors.When it comes to deploying IoT,everyone agrees that security is the biggest issue.This is due to the fact that a large number of IoT devices exist in the physicalworld and thatmany of themhave constrained resources such as electricity,memory,processing power,and square footage.This research intends to analyse resource-constrained IoT devices,including RFID tags,sensors,and smart cards,and the issues involved with protecting them in such restricted circumstances.Using lightweight cryptography,the information sent between these gadgets may be secured.In order to provide a holistic picture,this research evaluates and contrasts well-known algorithms based on their implementation cost,hardware/software efficiency,and attack resistance features.We also emphasised how essential lightweight encryption is for striking a good cost-to-performance-to-security ratio.

Digital identity,privacy security,and their legal safeguards in the Metaverse

The Metaverse is the digitization of the real world,supported by big data,AI,5G,cloud computing,blockchain,encryption algorithm,perception technology,digital twin,virtual engine,and other technologies that interact with human behavior and thoughts in avatars through digital identity.Cracking the trust problem brought by the avatar depends on the privacy security and authentication technology for individuals using digital identities to enter the Metaverse.To accomplish personal domination of the avatar,metaverse users need privacy data feeding and emotion projection.They must be equipped with proprietary algorithms to process and analyze the complex data generated in adaptive interactions,which challenges the privacy security of user data in the Metaverse.Distinguishing the significance of different identifiers in personal identity generation while imposing different behavioral regulatory requirements on data processing levels may better balance the relationship between personal privacy security and digital identity protection and data utilization in the Metaverse.In response to digital identity issues,there is an objective need to establish a unified digital identity authentication system to gain the general trust of society.Further,the remedies for a right to personality can be applied to the scenario of unlawful infringement of digital identity and privacy security.

Fine-Tuning Cyber Security Defenses: Evaluating Supervised Machine Learning Classifiers for Windows Malware Detection

Malware attacks on Windows machines pose significant cybersecurity threats,necessitating effective detection and prevention mechanisms.Supervised machine learning classifiers have emerged as promising tools for malware detection.However,there remains a need for comprehensive studies that compare the performance of different classifiers specifically for Windows malware detection.Addressing this gap can provide valuable insights for enhancing cybersecurity strategies.While numerous studies have explored malware detection using machine learning techniques,there is a lack of systematic comparison of supervised classifiers for Windows malware detection.Understanding the relative effectiveness of these classifiers can inform the selection of optimal detection methods and improve overall security measures.This study aims to bridge the research gap by conducting a comparative analysis of supervised machine learning classifiers for detecting malware on Windows systems.The objectives include Investigating the performance of various classifiers,such as Gaussian Naïve Bayes,K Nearest Neighbors(KNN),Stochastic Gradient Descent Classifier(SGDC),and Decision Tree,in detecting Windows malware.Evaluating the accuracy,efficiency,and suitability of each classifier for real-world malware detection scenarios.Identifying the strengths and limitations of different classifiers to provide insights for cybersecurity practitioners and researchers.Offering recommendations for selecting the most effective classifier for Windows malware detection based on empirical evidence.The study employs a structured methodology consisting of several phases:exploratory data analysis,data preprocessing,model training,and evaluation.Exploratory data analysis involves understanding the dataset’s characteristics and identifying preprocessing requirements.Data preprocessing includes cleaning,feature encoding,dimensionality reduction,and optimization to prepare the data for training.Model training utilizes various supervised classifiers,and their performance is evaluated using metrics such as accuracy,precision,recall,and F1 score.The study’s outcomes comprise a comparative analysis of supervised machine learning classifiers for Windows malware detection.Results reveal the effectiveness and efficiency of each classifier in detecting different types of malware.Additionally,insights into their strengths and limitations provide practical guidance for enhancing cybersecurity defenses.Overall,this research contributes to advancing malware detection techniques and bolstering the security posture of Windows systems against evolving cyber threats.

Enhancing Cybersecurity through AI and ML: Strategies, Challenges, and Future Directions

The landscape of cybersecurity is rapidly evolving due to the advancement and integration of Artificial Intelligence (AI) and Machine Learning (ML). This paper explores the crucial role of AI and ML in enhancing cybersecurity defenses against increasingly sophisticated cyber threats, while also highlighting the new vulnerabilities introduced by these technologies. Through a comprehensive analysis that includes historical trends, technological evaluations, and predictive modeling, the dual-edged nature of AI and ML in cybersecurity is examined. Significant challenges such as data privacy, continuous training of AI models, manipulation risks, and ethical concerns are addressed. The paper emphasizes a balanced approach that leverages technological innovation alongside rigorous ethical standards and robust cybersecurity practices. This approach facilitates collaboration among various stakeholders to develop guidelines that ensure responsible and effective use of AI in cybersecurity, aiming to enhance system integrity and privacy without compromising security.

A Novel Risk Assessment Model for Privacy Security in Internet of Things

Aiming at the issues of privacy security in Internet of Things （IoT） applications, we propose an effective risk assessment model to handle probabilistic causality of evaluation factors and derive weights of influence-relation of propagation paths. The model undertakes probabilistic inference and generates values of risk probability for assets and propagation paths by using Bayesian causal relation-network and prior probability. According to Bayes- ian network （BN） structure, the risk analysts can easily find out relevant risk propagation paths and calculate weight values of each path by using decision-making trial and evaluation laboratory （DEMATEL）. This model is applied to determine the risk level of assets and each risk propagation path as well as implement countermeasure of recommendation in accordance with evaluation results. The simulation analysis shows that this model efficiently revises recommendation of countermeasures for decision-makers and mitigates risk to an acceptable range, in addition, it provides the theoretical basis for decision-making of privacy security risk assessment （PSRA） for further development in lot area.

Research on Residents’Willingness to Protect Privacy in the Context of the Personal Information Protection Law:A Survey Based on Foshan Residents’Data

The Personal Information Protection Law,as the first law on personal information protection in China,hits the people’s most concerned,realistic and direct privacy and information security issues,and plays an extremely important role in promoting the development of the digital economy,the legalization of socialism with Chinese characteristics and social public security,and marks a new historical development stage in the protection of personal information in China.However,the awareness of privacy protection and privacy protection behavior of the public in personal information privacy protection is weak.Based on the literature review and in-depth understanding of current legal regulations,this study integrates the relevant literature and theoretical knowledge of the Personal Protection Law to construct a conceptual model of“privacy information protection willingness-privacy information protection behavior”.Taking the residents of Foshan City as an example,this paper conducts a questionnaire survey on their attitudes toward the Personal Protection Law,analyzes the factors influencing their willingness to protect their privacy and their behaviors,and explores the mechanisms of their influencing variables,to provide advice and suggestions for promoting the protection of privacy information and building a security barrier for the high-quality development of public information security.

Big Data Security and Privacy： A Review

While Big Data gradually become a hot topic of research and business and has been everywhere used in many industries, Big Data security and privacy has been increasingly concerned. However, there is an obvious contradiction between Big Data security and privacy and the widespread use of Big Data. In this paper, we firstly reviewed the enormous benefits and challenges of security and privacy in Big Data. Then, we present some possible methods and techniques to ensure Big Data security and privacy.

Review on Identity-Based Batch Verification Schemes for Security and Privacy in VANETs

The study of vehicular ad-hoc networks(VANETs)has received significant attention among academia;even so,its security and privacy still become a central issue that is wide-open to discuss.The authentication schemes deployed in VANETs have a substantial impact on its security and privacy.Many researchers have proposed a variety of schemes related to the information verification and efficiency improvement in VANETs.In recent years,many papers have proposed identity-based batch verification(IBV)schemes in regard to diminishing overhead in the message verification process in VANETs.This survey begins with providing background information about VANETs and clarifying its security and privacy,as well as performance requirements that must be satisfied.After presenting an outlook of some relevant surveys of VANETs,a brief review of some IBV schemes published in recent years is conferred.The detailed approach of each scheme,with a comprehensive comparison between them,has been provided afterward.Finally,we summarize those recent studies and possible future improvements.

A 5G Perspective of an SDN-Based Privacy-Preserving Scheme for IoT Networks

The ever-increasing needs of Internet of Things networks (IoTn) present considerable issues in computing complexity, security, trust, and authentication, among others. This gets increasingly more challenging as technology advances, and its use expands. As a consequence, boosting the capacity of these networks has garnered widespread attention. As a result, 5G, the next phase of cellular networks, is expected to be a game-changer, bringing with it faster data transmission rates, more capacity, improved service quality, and reduced latency. However, 5G networks continue to confront difficulties in establishing pervasive and dependable connections amongst high-speed IoT devices. Thus, to address the shortcomings in current recommendations, we present a unified architecture based on software-defined networks (SDNs) that provides 5G-enabled devices that must have complete secrecy. Through SDN, the architecture streamlines network administration while optimizing network communications. A mutual authentication protocol using elliptic curve cryptography is introduced for mutual authentication across certificate authorities and clustered heads in IoT network deployments based on IoT. Again, a dimensionality reduction intrusion detection mechanism is introduced to decrease computational cost and identify possible network breaches. However, to leverage the method’s potential, the initial module's security is reviewed. The second module is evaluated and compared to modern models.

ZTE Communications Special Issue on Security and Privacy in Communications

Modern communication allows billions of objects in the physical world as well as virtual environments to exchange data with each other in an autonomous way so as to create smart environments. However, modern communication also introduces new challenges for the security of systems and processes and the privacy of individuals. There is an increasing demand for development of new security and privacy approaches to guarantee the security, privacy, integ- rity, and availability of resources in modern communication.

A Blind Batch Encryption and Public Ledger-Based Protocol for Sharing Sensitive Data

For the goals of security and privacy preservation,we propose a blind batch encryption-and public ledger-based data sharing protocol that allows the integrity of sensitive data to be audited by a public ledger and allows privacy information to be preserved.Data owners can tightly manage their data with efficient revocation and only grant one-time adaptive access for the fulfillment of the requester.We prove that our protocol is semanticallly secure,blind,and secure against oblivious requesters and malicious file keepers.We also provide security analysis in the context of four typical attacks.

A Survey on Sensor-and Communication-Based Issues of Autonomous UAVs

The application field for Unmanned Aerial Vehicle (UAV) technology and its adoption rate have been increasingsteadily in the past years. Decreasing cost of commercial drones has enabled their use at a scale broader thanever before. However, increasing the complexity of UAVs and decreasing the cost, both contribute to a lack ofimplemented securitymeasures and raise new security and safety concerns. For instance, the issue of implausible ortampered UAV sensor measurements is barely addressed in the current research literature and thus, requires moreattention from the research community. The goal of this survey is to extensively review state-of-the-art literatureregarding common sensor- and communication-based vulnerabilities, existing threats, and active or passive cyberattacksagainst UAVs, as well as shed light on the research gaps in the literature. In this work, we describe theUnmanned Aerial System (UAS) architecture to point out the origination sources for security and safety issues.Weevaluate the coverage and completeness of each related research work in a comprehensive comparison table as wellas classify the threats, vulnerabilities and cyber-attacks into sensor-based and communication-based categories.Additionally, for each individual cyber-attack, we describe existing countermeasures or detectionmechanisms andprovide a list of requirements to ensureUAV’s security and safety.We also address the problem of implausible sensormeasurements and introduce the idea of a plausibility check for sensor data. By doing so, we discover additionalmeasures to improve security and safety and report on a research niche that is not well represented in the currentresearch literature.

Preserving Privacy of User Identity Based on Pseudonym Variable in 5G

The fifth generation(5G)system is the forthcoming generation of the mobile communication system.It has numerous additional features and offers an extensively high data rate,more capacity,and low latency.However,these features and applications have many problems and issues in terms of security,which has become a great challenge in the telecommunication industry.This paper aimed to propose a solution to preserve the user identity privacy in the 5G system that can identify permanent identity by using Variable Mobile Subscriber Identity,which randomly changes and does not use the permanent identity between the user equipment and home network.Through this mechanism,the user identity privacy would be secured and hidden.Moreover,it improves the synchronization between mobile users and home networks.Additionally,its compliance with the Authentication and Key Agreement(AKA)structure was adopted in the previous generations.It can be deployed efficiently in the preceding generations because the current architecture imposes minimal modifications on the network parties without changes in the authentication vector’s message size.Moreover,the addition of any hardware to the AKA carries minor adjustments on the network parties.In this paper,the ProVerif is used to verify the proposed scheme.

Challenges and Solutions of Information Security Issues in the Age of Big Data

Big data has been taken as a Chinese national strategy in order to satisfy the developments of the social and economic requirements and the development of new information technology. The prosperity of big data brings not only convenience to people's daily life and more opportunities to enterprises, but more challenges with information security as well. This paper has a research on new types and features of information security issues in the age of big data, and puts forward the solutions for the above issues: build up the big data security management platform, set up the establishment of information security system and implement relevant laws and regulations.

A privacy-preserved indexing schema in DaaS model for range queries

In a database-as-a-service(DaaS)model,a data owner stores data in a database server of a service provider,and the DaaS adopts the encryption for data privacy and indexing for data query.However,an attacker can obtain original data’s statistical information and distribution via the indexing distribution from the database of the service provider.In this work,a novel indexing schema is proposed to satisfy privacy-preserved data management requirements,in which an attacker cannot obtain data source distribution or statistic information from the index.The approach includes 2 parts:the Hash-based indexing for encrypted data and correctness verification for range queries.The evaluation results demonstrate that the approach can hide statistical information of encrypted data distribution while can also obtain correct answers for range queries.Meanwhile,the approach can achieve nearly 10 times and 35 times improvement on encrypted data publishing and indexing respectively,compared with the start-of-the-art method order-preserving Hash-based function(OPHF).

COVID-19 pandemic and the cyberthreat landscape:Research challenges and opportunities

Although cyber technologies benefit our society,there are also some related cybersecurity risks.For example,cybercriminals may exploit vulnerabilities in people,processes,and technologies during trying times,such as the ongoing COVID-19 pandemic,to identify opportunities that target vulnerable individuals,organizations(e.g.,medical facilities),and systems.In this paper,we examine the various cyberthreats associated with the COVID-19 pandemic.We also determine the attack vectors and surfaces of cyberthreats.Finally,we will discuss and analyze the insights and suggestions generated by different cyberattacks against individuals,organizations,and systems.

Intrusion Detection in the Internet of Things Using Fusion of GRU-LSTM Deep Learning Model

Cybersecurity threats are increasing rapidly as hackers use advanced techniques.As a result,cybersecurity has now a significant factor in protecting organizational limits.Intrusion detection systems(IDSs)are used in networks to flag serious issues during network management,including identifying malicious traffic,which is a challenge.It remains an open contest over how to learn features in IDS since current approaches use deep learning methods.Hybrid learning,which combines swarm intelligence and evolution,is gaining attention for further improvement against cyber threats.In this study,we employed a PSO-GA(fusion of particle swarm optimization(PSO)and genetic algorithm(GA))for feature selection on the CICIDS-2017 dataset.To achieve better accuracy,we proposed a hybrid model called LSTM-GRU of deep learning that fused the GRU(gated recurrent unit)and LSTM(long short-term memory).The results show considerable improvement,detecting several network attacks with 98.86%accuracy.A comparative study with other current methods confirms the efficacy of our proposed IDS scheme.

Directed Acyclic Graph Blockchain for Secure Spectrum Sharing and Energy Trading in Power IoT

Peer-to-peer(P2P)spectrum sharing and energy trading are promising solutions to locally satisfy spectrum and energy demands in power Internet of Things(IoT).However,implementation of largescale P2P spectrum sharing and energy trading confronts security and privacy challenges.In this paper,we exploit consortium blockchain and Directed Acyclic Graph(DAG)to propose a new secure and distributed spectrum sharing and energy trading framework in power IoT,named spectrum-energy chain,where a set of local aggregators(LAGs)cooperatively confirm the identity of the power devices by utilizing consortium blockchain,so as to form a main chain.Then,the local power devices verify spectrum and energy micro-transactions simultaneously but asynchronously to form local spectrum tangle and local energy tangle,respectively.Moreover,an iterative double auction based micro transactions scheme is designed to solve the spectrum and energy pricing and the amount of shared spectrum and energy among power devices.Security analysis and numerical results illustrate that the developed spectrum-energy chain and the designed iterative double auction based microtransactions scheme are secure and efficient for spectrum sharing and energy trading in power IoT.