In the use of a cloud storage, sharing of data with efficient access control is an important requirement in addition to data security and privacy. Cui et al. (IEEE Trans. on Comp. 2016) proposed key-aggregate searchable encryption (KASE), which allows a data owner to issue an aggregate key that enables a user to search in an authorized subset of encrypted files by generating an encrypted keyword called trapdoor. While the idea of KASE is elegant, to the best of our knowledge, its security has never been discussed formally. In this paper, we discuss the security of KASE formally and propose provably secure schemes. The construction of a secure KASE scheme is non-trivial, and we will show that the KASE scheme of Cui et al. is insecure under our definitions. We first introduce our provably secure scheme, named first construction, with respect to encrypted files and aggregate keys in a single-server setting. In comparison with the scheme of Cui et al., the first construction is secure without increased computational costs. Then, we introduce another provably secure scheme, named main construction, with respect to trapdoors in a twoserver setting. The main construction guarantees the privacy of a search, encrypted files, and aggregate keys. Considering 5,000 encrypted files, the first construction can finish search within three seconds and the main construction can finish search within six seconds.INDEX TERMS Key-Aggregate Searchable Encryption, Searchable Encryption, Data Sharing and Provable Security.
A privacy-preserving framework in which a computational resource provider receives encrypted data from a client and returns prediction results without decrypting the data, i.e., oblivious neural network or encrypted prediction, has been studied in machine learning that provides prediction services. In this work, we present MOBIUS (Model-Oblivious BInary neUral networkS), a new system that combines Binarized Neural Networks (BNNs) and secure computation based on secret sharing as tools for scalable and fast privacy-preserving machine learning. BNNs improve computational performance by binarizing values in training to −1 and +1, while secure computation based on secret sharing provides fast and various computations under encrypted forms via modulo operations with a short bit length. However, combining these tools is not trivial because their operations have different algebraic structures and the use of BNNs downgrades prediction accuracy in general. MOBIUS uses improved procedures of BNNs and secure computation that have compatible algebraic structures without downgrading prediction accuracy. We created an implementation of MOBIUS in C++ using the ABY library (NDSS 2015). We then conducted experiments using the MNIST dataset, and the results show that MOBIUS can return a prediction within 0.76 seconds, which is six times faster than SecureML (IEEE S&P 2017). MOBIUS allows a client to request for encrypted prediction and allows a trainer to obliviously publish an encrypted model to a cloud provided by a computational resource provider, i.e., without revealing the original model itself to the provider.
Ethereum smart contracts are programs that run on the Ethereum blockchain, and many smart contract vulnerabilities have been discovered in the past decade. Many security analysis tools have been created to detect such vulnerabilities, but their performance decreases drastically when codes to be analyzed are being rewritten. In this paper, we propose Eth2Vec, a machine-learning-based static analysis tool for vulnerability detection in smart contracts. It is also robust against code rewrites, i.e., it can detect vulnerabilities even in rewritten codes. Existing machine-learning-based static analysis tools for vulnerability detection need features, which analysts create manually, as inputs. In contrast, Eth2Vec automatically learns features of vulnerable Ethereum Virtual Machine (EVM) bytecodes with tacit knowledge through a neural network for natural language processing. Therefore, Eth2Vec can detect vulnerabilities in smart contracts by comparing the code similarity between target EVM bytecodes and the EVM bytecodes it already learned. We conducted experiments with existing open databases, such as Etherscan, and our results show that Eth2Vec outperforms a recent model based on support vector machine in terms of well-known metrics, i.e., precision, recall, and F1-score. CCS CONCEPTS• Security and privacy → Software security engineering; Software reverse engineering; Vulnerability management.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.