Biblio

With the future 6G era, spiking neural networks (SNNs) can be powerful processing tools in various areas due to their strong artificial intelligence (AI) processing capabilities, such as biometric recognition, AI robotics, autonomous drive, and healthcare. However, within Cyber Physical System (CPS), SNNs are surprisingly vulnerable to adversarial examples generated by benign samples with human-imperceptible noise, this will lead to serious consequences such as face recognition anomalies, autonomous drive-out of control, and wrong medical diagnosis. Only by fully understanding the principles of adversarial attacks with adversarial samples can we defend against them. Nowadays, most existing adversarial attacks result in a severe accuracy degradation to trained SNNs. Still, the critical issue is that they only generate adversarial samples by randomly adding, deleting, and flipping spike trains, making them easy to identify by filters, even by human eyes. Besides, the attack performance and speed also can be improved further. Hence, Spike Probabilistic Attack (SPA) is presented in this paper and aims to generate adversarial samples with more minor perturbations, greater model accuracy degradation, and faster iteration. SPA uses Poisson coding to generate spikes as probabilities, directly converting input data into spikes for faster speed and generating uniformly distributed perturbation for better attack performance. Moreover, an objective function is constructed for minor perturbations and keeping attack success rate, which speeds up the convergence by adjusting parameters. Both white-box and black-box settings are conducted to evaluate the merits of SPA. Experimental results show the model's accuracy under white-box attack decreases by 9.2S% 31.1S% better than others, and average success rates are 74.87% under the black-box setting. The experimental results indicate that SPA has better attack performance than other existing attacks in the white-box and better transferability performance in the black-box setting,

In the era of machine learning, mobile users are able to submit their symptoms to doctors at any time, anywhere for personal diagnosis. It is prevalent to exploit edge computing for real-time diagnosis services in order to reduce transmission latency. Although data-driven machine learning is powerful, it inevitably compromises privacy by relying on vast amounts of medical data to build a diagnostic model. Therefore, it is necessary to protect data privacy without accessing local data. However, the blossom has also been accompanied by various problems, i.e., the limitation of training data, vulnerabilities, and privacy concern. As a solution to these above challenges, in this paper, we design a lightweight privacy-preserving medical diagnosis mechanism on edge. Our method redesigns the extreme gradient boosting (XGBoost) model based on the edge-cloud model, which adopts encrypted model parameters instead of local data to reduce amounts of ciphertext computation to plaintext computation, thus realizing lightweight privacy preservation on resource-limited edges. Additionally, the proposed scheme is able to provide a secure diagnosis on edge while maintaining privacy to ensure an accurate and timely diagnosis. The proposed system with secure computation could securely construct the XGBoost model with lightweight overhead, and efficiently provide a medical diagnosis without privacy leakage. Our security analysis and experimental evaluation indicate the security, effectiveness, and efficiency of the proposed system.

With the increasing popularity of geo-positioning technologies and mobile Internet, spatial keyword data services have attracted growing interest from both the industrial and academic communities in recent years. Meanwhile, a massive amount of data is increasingly being outsourced to cloud in the encrypted form for enjoying the advantages of cloud computing while without compromising data privacy. Most existing works primarily focus on the privacy-preserving schemes for either spatial or keyword queries, and they cannot be directly applied to solve the spatial keyword query problem over encrypted data. In this paper, we study the challenging problem of Privacy-preserving Boolean Range Query (PBRQ) over encrypted spatial databases. In particular, we propose two novel PBRQ schemes. Firstly, we present a scheme with linear search complexity based on the space-filling curve code and Symmetric-key Hidden Vector Encryption (SHVE). Then, we use tree structures to achieve faster-than-linear search complexity. Thorough security analysis shows that data security and query privacy can be guaranteed during the query process. Experimental results using real-world datasets show that the proposed schemes are efficient and feasible for practical applications, which is at least ×70 faster than existing techniques in the literature.

Most of the current intelligent Internet of Things (IoT) products take neural network-based speech recognition as the standard human-machine interaction interface. However, the traditional speech recognition frameworks for smart IoT devices always collect and transmit voice information in the form of plaintext, which may cause the disclosure of user privacy. Due to the wide utilization of speech features as biometric authentication, the privacy leakage can cause immeasurable losses to personal property and privacy. Therefore, in this paper, we propose an outsourced privacy-preserving speech recognition framework (OPSR) for smart IoT devices in the long short-term memory (LSTM) neural network and edge computing. In the framework, a series of additive secret sharing-based interactive protocols between two edge servers are designed to achieve lightweight outsourced computation. And based on the protocols, we implement the neural network training process of LSTM for intelligent IoT device voice control. Finally, combined with the universal composability theory and experiment results, we theoretically prove the correctness and security of our framework.

Anonymous Communication (AC) hides traffic patterns and protects message metadata from being leaked during message transmission. Many practical AC systems have been proposed aiming to reduce communication latency and support a large number of users. However, how to design AC systems which possess strong security property and at the same time achieve optimal performance (i.e., the lowest latency or highest horizontal scalability) has been a challenging problem. In this paper, we propose an ObliComm framework, which consists of six modular AC subroutines. We also present a strong security definition for AC, named oblivious communication, encompassing confidentiality, unobservability, and a new requirement sending-and-receiving operation hiding. The AC subroutines in ObliComm allow for modular construction of oblivious communication systems in different network topologies. All constructed systems satisfy oblivious communication definition and can be provably secure in the universal composability (UC) framework. Additionally, we model the relationship between the network topology and communication measurements by queuing theory, which enables the system's efficiency can be optimized and estimated by quantitative analysis and calculation. Through theoretical analyses and empirical experiments, we demonstrate the efficiency of our scheme and soundness of the queuing model.

In previous multi-authority key-policy attribute-based Encryption (KP-ABE) schemes, either a super power central authority (CA) exists, or multiple attribute authorities (AAs) must collaborate in initializing the system. In addition, those schemes are proved security in the selective model. In this paper, we propose a new fully secure decentralized KP-ABE scheme, where no CA exists and there is no cooperation between any AAs. To become an AA, a participant needs to create and publish its public parameters. All the user's private keys will be linked with his unique global identifier (GID). The proposed scheme supports any monotonic access structure which can be expressed by a linear secret sharing scheme (LSSS). We prove the full security of our scheme in the standard model. Our scheme is also secure against at most F-1 AAs corruption, where F is the number of AAs in the system. The efficiency of our scheme is almost as well as that of the underlying fully secure single-authority KP-ABE system.