Concretely ecient secure multi-party computation protocols:survey and mor

Secure multi-party computation(MPC)allows a set of parties to jointly compute a function on their private inputs,and reveals nothing but the output of the function.In the last decade,MPC has rapidly moved from a purely theoretical study to an object of practical interest,with a growing interest in practical applications such as privacy-preserving machine learning(PPML).In this paper,we comprehensively survey existing work on concretely ecient MPC protocols with both semi-honest and malicious security,in both dishonest-majority and honest-majority settings.We focus on considering the notion of security with abort,meaning that corrupted parties could prevent honest parties from receiving output after they receive output.We present high-level ideas of the basic and key approaches for designing di erent styles of MPC protocols and the crucial building blocks of MPC.For MPC applications,we compare the known PPML protocols built on MPC,and describe the eciency of private inference and training for the state-of-the-art PPML protocols.Further-more,we summarize several challenges and open problems to break though the eciency of MPC protocols as well as some interesting future work that is worth being addressed.This survey aims to provide the recent development and key approaches of MPC to researchers,who are interested in knowing,improving,and applying concretely ecient MPC protocols.

An Effective Security Comparison Protocol in Cloud Computing

With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses privacy and security challenges.Such challenges can be solved using secure multi-party computation(SMPC),but this still exposes more security issues.In cloud computing using SMPC,clients need to process their data and submit the processed data to the cloud server,which then performs the calculation and returns the results to each client.Each client and server must be honest.If there is cooperation or dishonest behavior between clients,some clients may profit from it or even disclose the private data of other clients.This paper proposes the SMPC based on a Partially-Homomorphic Encryption(PHE)scheme in which an addition homomorphic encryption algorithm with a lower computational cost is used to ensure data comparability and Zero-Knowledge Proof(ZKP)is used to limit the client’s malicious behavior.In addition,the introduction of Oblivious Transfer(OT)technology also ensures that the semi-honest cloud server knows nothing about private data,so that the cloud server of this scheme can calculate the correct data in the case of malicious participant models and safely return the calculation results to each client.Finally,the security analysis shows that the scheme not only ensures the privacy of participants,but also ensures the fairness of the comparison protocol data.

A Secure Microgrid Data Storage Strategy with Directed Acyclic Graph Consensus Mechanism

The wide application of intelligent terminals in microgrids has fueled the surge of data amount in recent years.In real-world scenarios,microgrids must store large amounts of data efficiently while also being able to withstand malicious cyberattacks.To meet the high hardware resource requirements,address the vulnerability to network attacks and poor reliability in the tradi-tional centralized data storage schemes,this paper proposes a secure storage management method for microgrid data that considers node trust and directed acyclic graph(DAG)consensus mechanism.Firstly,the microgrid data storage model is designed based on the edge computing technology.The blockchain,deployed on the edge computing server and combined with cloud storage,ensures reliable data storage in the microgrid.Secondly,a blockchain consen-sus algorithm based on directed acyclic graph data structure is then proposed to effectively improve the data storage timeliness and avoid disadvantages in traditional blockchain topology such as long chain construction time and low consensus efficiency.Finally,considering the tolerance differences among the candidate chain-building nodes to network attacks,a hash value update mechanism of blockchain header with node trust identification to ensure data storage security is proposed.Experimental results from the microgrid data storage platform show that the proposed method can achieve a private key update time of less than 5 milliseconds.When the number of blockchain nodes is less than 25,the blockchain construction takes no more than 80 mins,and the data throughput is close to 300 kbps.Compared with the traditional chain-topology-based consensus methods that do not consider node trust,the proposed method has higher efficiency in data storage and better resistance to network attacks.

Secure Signature Protocol

This paper studies how to take advantage of other's computing ability to sign a message with one's private key without disclosing the private key. A protocol to this problem is presented, and it is proven, by well known simulation paradigm, that this protocol is private.

Model Checking Electronic CommerceSecurity Protocols Based on CTL

We present a model based on Computational Temporal Logic (CTL) methods forverifying security requirements of electronic commerce, protocols. The model describes formally theauthentication, confidentiality integrity, non-repudiation) denial of serviee and access control ofthe e-lectronic commerce protocols. We illustrate as case study a variant of the Lu-Smolka protocolproposed by Lu-Smolka Moreover, we have discovered two attacks that allow a dishonest user topurchase a good debiting the amountto another user. And also, we compared our work with relativeresearch works and found lhat the formal way of this paper is more general to specify securityprotocols for E-Commerce.

Secure planar convex hull protocol for large-scaled point sets in semi-honest model

Efficiency and scalability are still the bottleneck for secure multi-party computation geometry(SMCG).In this work a secure planar convex hull(SPCH) protocol for large-scaled point sets in semi-honest model has been proposed efficiendy to solve the above problems.Firstly,a novel privacy-preserving point-inclusion(PPPI) protocol is designed based on the classic homomorphic encryption and secure cross product protocol,and it is demonstrated that the complexity of PPPI protocol is independent of the vertex size of the input convex hull.And then on the basis of the novel PPPI protocol,an effective SPCH protocol is presented.Analysis shows that this SPCH protocol has a good performance for large-scaled point sets compared with previous solutions.Moreover,analysis finds that the complexity of our SPCH protocol relies on the size of the points on the outermost layer of the input point sets only.

Robust peer-to-peer learning via secure multi-party computation

To solve the data island problem,federated learning(FL)provides a solution paradigm where each client sends the model parameters but not the data to a server for model aggregation.Peer-to-peer(P2P)federated learning further improves the robustness of the system,in which there is no server and each client communicates directly with the other.For secure aggregation,secure multi-party computing(SMPC)protocols have been utilized in peer-to-peer manner.However,the ideal SMPC protocols could fail when some clients drop out.In this paper,we propose a robust peer-to-peer learning(RP2PL)algorithm via SMPC to resist clients dropping out.We improve the segmentbased SMPC protocol by adding a check and designing the generation method of random segments.In RP2PL,each client aggregates their models by the improved robust secure multi-part computation protocol when finishes the local training.Experimental results demonstrate that the RP2PL paradigm can mitigate clients dropping out with no significant degradation in performance.

A survey of edge computing-based designs for IoT security

Pervasive IoT applications enable us to perceive,analyze,control,and optimize the traditional physical systems.Recently,security breaches in many IoT applications have indicated that IoT applications may put the physical systems at risk.Severe resource constraints and insufficient security design are two major causes of many security problems in IoT applications.As an extension of the cloud,the emerging edge computing with rich resources provides us a new venue to design and deploy novel security solutions for IoT applications.Although there are some research efforts in this area,edge-based security designs for IoT applications are still in its infancy.This paper aims to present a comprehensive survey of existing IoT security solutions at the edge layer as well as to inspire more edge-based IoT security designs.We first present an edge-centric IoT architecture.Then,we extensively review the edge-based IoT security research efforts in the context of security architecture designs,firewalls,intrusion detection systems,authentication and authorization protocols,and privacy-preserving mechanisms.Finally,we propose our insight into future research directions and open research issues.

Edge-Computing with Graph Computation:A Novel Mechanism to Handle Network Intrusion and Address Spoofing in SDN

Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller.This data processing at the edge nodes reduces the latency and bandwidth requirements.In SDN,the controller is a single point of failure.Several security issues related to the traditional network can be solved by using SDN central management and control.Address Spoofing and Network Intrusion are the most common attacks.These attacks severely degrade performance and security.We propose an edge computing-based mechanism that automatically detects and mitigates those attacks.In this mechanism,an edge system gets the network topology from the controller and the Address Resolution Protocol(ARP)traffic is directed to it for further analysis.As such,the controller is saved from unnecessary processing related to addressing translation.We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method.By using the correct location information,the exact attacker or intruder is blocked,while the legitimate users get access to the network resources.The proposed mechanism is evaluated in a Mininet simulator and a POX controller.The results show that it improves system performance in terms of attack mitigation time,attack detection time,and bandwidth requirements.

Nearly universal and efficient quantum secure multi-party computation protocol

Universality is an important property in software and hardware design.This paper concentrates on the universality of quantum secure multi-party computation(SMC)protocol.First of all,an in-depth study of universality has been conducted,and then a nearly universal protocol is proposed by using the Greenberger-Horne-Zeilinger(GHZ)-like state and stabilizer formalism.The protocol can resolve the quantum SMC problem which can be deduced as modulo subtraction,and the steps are simple and effective.Secondly,three quantum SMC protocols based on the proposed universal protocol:Quantum private comparison(QPC)protocol,quantum millionaire(QM)protocol,and quantum multi-party summation(QMS)protocol are presented.These protocols are given as examples to explain universality.Thirdly,analyses of the example protocols are shown.Concretely,the correctness,fairness,and efficiency are confirmed.And the proposed universal protocol meets security from the perspective of preventing inside attacks and outside attacks.Finally,the experimental results of the example protocols on the International Business Machines(IBM)quantum platform are consistent with the theoretical results.Our research indicates that our protocol is universal to a certain degree and easy to perform.

A Phase Estimation Algorithm for Quantum Speed-Up Multi-Party Computing

Security and privacy issues have attracted the attention of researchers in the field of IoT as the information processing scale grows in sensor networks.Quantum computing,theoretically known as an absolutely secure way to store and transmit information as well as a speed-up way to accelerate local or distributed classical algorithms that are hard to solve with polynomial complexity in computation or communication.In this paper,we focus on the phase estimation method that is crucial to the realization of a general multi-party computing model,which is able to be accelerated by quantum algorithms.A novel multi-party phase estimation algorithm and the related quantum circuit are proposed by using a distributed Oracle operator with iterations.The proved theoretical communication complexity of this algorithm shows it can give the phase estimation before applying multi-party computing efficiently without increasing any additional complexity.Moreover,a practical problem of multi-party dating investigated shows it can make a successful estimation of the number of solution in advance with zero communication complexity by utilizing its special statistic feature.Sufficient simulations present the correctness,validity and efficiency of the proposed estimation method.

抗理性敌手共谋的安全K-prototype聚类

针对云环境下数据隐私泄露及聚类过程中云服务器间共谋的问题,提出一种抗理性敌手共谋的安全协作K-prototype聚类方案,目的在不泄露各方隐私数据情况下根据距离度量将相似的数据进行聚类。首先,考虑到同态加密不直接支持非线性计算,基于同态加密和加性秘密共享技术设计安全比较协议和安全大于协议,并确保输入数据、中间结果及模型参数均为加性秘密份额形式,以防止单个服务器能够获得完整数据,且能实现非线性函数的精确计算,在已设计的安全计算协议基础上,实现安全距离计算、安全聚类标签更新、安全聚类中心更新、聚类标签及聚类中心重构;其次,根据博弈均衡理论设计多种高效激励机制,构造互制合约及举报合约以约束云服务器诚实非共谋地执行聚类任务;最后,对所提的安全计算协议及合约进行理论分析,并对该方案的性能进行实验验证。实验结果表明,与明文环境下的模型精度相比,该方案的模型精度损失控制在0.22%内,进而验证了所提方案的有效性。

Preserving Privacy of Software-Defined Networking Policies by Secure Multi-Party Computation

In software-defined networking(SDN),controllers are sinks of information such as network topology collected from switches.Organizations often like to protect their internal network topology and keep their network policies private.We borrow techniques from secure multi-party computation(SMC)to preserve the privacy of policies of SDN controllers about status of routers.On the other hand,the number of controllers is one of the most important concerns in scalability of SMC application in SDNs.To address this issue,we formulate an optimization problem to minimize the number of SDN controllers while considering their reliability in SMC operations.We use Non-Dominated Sorting Genetic Algorithm II(NSGA-II)to determine the optimal number of controllers,and simulate SMC for typical SDNs with this number of controllers.Simulation results show that applying the SMC technique to preserve the privacy of organization policies causes only a little delay in SDNs,which is completely justifiable by the privacy obtained.

基于秘密共享的轻量级隐私保护ViT推理框架

针对广泛应用于图像处理的ViT推理框架存在泄露用户隐私数据的风险,而已有隐私保护推理框架存在计算效率较低、在线通信量较大等问题,提出了一种高效隐私保护推理框架SViT。该框架由2个边缘服务器协作执行基于秘密共享设计的安全计算协议SSoftmax、SLayerNorm、SGeLU,在保持ViT-B/16原始框架结构的情况下,解决了隐私保护框架推理开销大的问题。理论分析与实验表明,相比CrypTen,SViT在计算效率和在线通信开销方面分别提升了2~6倍和4~14倍。

计算机网络安全中虚拟网络技术的应用

计算机网络安全在现代社会得到广泛重视,这也对线上、线下各类防护技术提出了高要求。以计算机网络安全中常用虚拟网络技术为切入点,分析其常见应用形式、具体应用方法,包括应用需求分析、技术选择、提升安全防护的鲁棒性等,最后结合虚拟实验,对计算机网络安全中虚拟网络技术的应用成效进行论证,服务未来工作。

基于云仿真平台的医院HIS系统数据安全多方计算协议

考虑到传统协议在医院HIS系统中存在丢包率高、运行时间长和计算复杂度高的问题,提出了基于云仿真平台的医院HIS系统数据安全多方计算协议。利用云仿真平台,从风险等级和风险概率等方面,评估了医院HIS系统数据的安全风险;根据医院HIS系统数据安全信息的属性取值,优化了医院HIS系统数据的分类属性;结合医院HIS系统数据安全信息的提取模型,设计医院HIS系统数据安全多方计算协议。实验结果表明,该方法可以降低丢包率、缩短运行时间并降低计算复杂度,保证了医院HIS系统中数据的安全性。

数据加密技术在计算机网络安全中的应用

数据加密技术在计算机网络安全领域至关重要。文中旨在探讨数据加密技术在计算机网络安全中的应用,分析其基本概念、常见算法以及在不同网络场景中的具体应用,通过分析网络安全面临的威胁和挑战,重点关注加密技术在通信协议、端到端通信、文件与数据保护等方面的实际应用,探究其对网络安全的积极作用。

网络安全协议在计算机通信技术中的运用分析

为全面提升计算机通信技术水平,要结合通信要求落实网络安全协议,搭建良好且规范的信息管理控制平台,在维系计算机通信控制效能的基础上,确保网络资源安全调配,实现经济效益和社会效益和谐统一的目标。文章简要介绍网络安全协议的内涵和设计方式,并对计算机通信技术中网络安全协议的应用内容展开讨论。

RADIUS服务器防重播攻击策略研究

为提高网络信息访问的安全性,有意识减少用户在访问RADIUS服务器时可能存在被重播攻击的风险,本文探讨了RADIUS网络服务器简单有效的防御策略。通过用黑名单机制加固RADIUS服务器,来防范对RADIUS服务器的重播攻击。该策略可有效减小恶意数据的攻击的影响,提高RADIUS服务器的安全性和健壮性。