SecNVM: An Efficient and Write-Friendly Metadata Crash Consistency Scheme for Secure NVM

Data security is an indispensable part of non-volatile memory (NVM) systems. However, implementing data security efficiently on NVM is challenging, since we have to guarantee the consistency of user data and the related security metadata. Existing consistency schemes ignore the recoverability of the SGX style integrity tree (SIT) and the access correlation between metadata blocks, thereby generating unnecessary NVM write traffic. In this article, we propose SecNVM, an efficient and write-friendly metadata crash consistency scheme for secure NVM. SecNVM utilizes the observation that for a lazily updated SIT, the lost tree nodes after a crash can be recovered by the corresponding child nodes in NVM. It reduces the SIT persistency overhead through a restrained write-back metadata cache and exploits the SIT inter-layer dependency for recovery. Next, leveraging the strong access correlation between the counter and DMAC, SecNVM improves the efficiency of security metadata access through a novel collaborative counter-DMAC scheme. In addition, it adopts a lightweight address tracker to reduce the cost of address tracking for fast recovery. Experiments show that compared to the state-of-the-art schemes, SecNVM improves the performance and decreases write traffic a lot, and achieves an acceptable recovery time.

IoT Notary : Attestable Sensor Data Capture in IoT Environments

Contemporary IoT environments, such as smart buildings, require end-users to trust data-capturing rules published by the systems. There are several reasons why such a trust is misplaced—IoT systems may violate the rules deliberately or IoT devices may transfer user data to a malicious third-party due to cyberattacks, leading to the loss of individuals’ privacy or service integrity. To address such concerns, we propose IoT Notary , a framework to ensure trust in IoT systems and applications. IoT Notary provides secure log sealing on live sensor data to produce a verifiable “proof-of-integrity,” based on which a verifier can attest that captured sensor data adhere to the published data-capturing rules. IoT Notary is an integral part of TIPPERS, a smart space system that has been deployed at the University of California, Irvine to provide various real-time location-based services on the campus. We present extensive experiments over real-time WiFi connectivity data to evaluate IoT Notary , and the results show that IoT Notary imposes nominal overheads. The secure logs only take 21% more storage, while users can verify their one day’s data in less than 2 s even using a resource-limited device.

Mutual query data sharing protocol for public key encryption through chosen-ciphertext attack in cloud environment

<p><span>In this paper, we are proposing a mutual query data sharing protocol (MQDS) to overcome the encryption or decryption time limitations of exiting protocols like Boneh, rivest shamir adleman (RSA), Multi-bit transposed ring learning parity with noise (TRLPN), ring learning parity with noise (Ring-LPN) cryptosystem, key-Ordered decisional learning parity with noise (kO-DLPN), and KD_CS protocol’s. Titled scheme is to provide the security for the authenticated user data among the distributed physical users and devices. The proposed data sharing protocol is designed to resist the chosen-ciphertext attack (CCA) under the hardness solution for the query shared-strong diffie-hellman (SDH) problem. The evaluation of proposed work with the existing data sharing protocols in computational and communication overhead through their response time is evaluated.</span></p>

The TL;DR Charter: Speculatively Demystifying Privacy Policy Documents and Terms Agreements

Privacy policy and term agreement documents are considered the gateway for software adoption and use. The documents provide a means for the provider to outline expectations of the software use, and also provide an often-separate document outlining how user data is collected, stored, and used--including if it is shared with other parties. A user agreeing with the terms, assumes that they have a full understanding the terms of the agreement and have provided consent. Often however, users do not read the documents because they are long and full of legalistic and inconsistent language, are regularly amended, and may not disclose all the details on what is done to the user data. Enforcing compliance and ensuring user consent have been persistent challenges to policy makers and privacy researchers. This design fiction puts forward an alternate reality and presents a policy-based approach to fording the consent gap with the TL;DR Charter: an agreement governing the parties involved by harnessing the power of formal governments, industry, and other stakeholders, and taking users expectation of privacy into account. The Charter allows us as researchers to examine the implications on trust, decision-making, consent, accountability and the impact of future technologies.

Survey on Reverse-Engineering Tools for Android Mobile Devices

With the presence of the Internet and the frequent use of mobile devices to send several transactions that involve personal and sensitive information, it becomes of great importance to consider the security aspects of mobile devices. And with the increasing use of mobile applications that are utilized for several purposes such as healthcare or banking, those applications have become an easy and attractive target for attackers who want to get access to mobile devices and obtain users’ sensitive information. Developing a secure application is very important; otherwise, attackers can easily exploit vulnerabilities in mobile applications which lead to serious security issues such as information leakage or injecting applications with malicious programs to access user data. In this paper, we survey the literature on application security on mobile devices, specifically mobile devices running on the Android platform, and exhibit security threats in the Android system. In addition, we study many reverse-engineering tools that are utilized to exploit vulnerabilities in applications. We demonstrate several reverse-engineering tools in terms of methodology, security holes that can be exploited, and how to use these tools to help in developing more secure applications.

A Federated Graph Neural Network Framework for Privacy-Preserving Personalization

Graph neural network (GNN) is effective in modeling high-order interactions and has been widely used in various personalized applications such as recommendation. However, mainstream personalization methods rely on centralized GNN learning on global graphs, which have considerable privacy risks due to the privacy-sensitive nature of user data. Here, we present a federated GNN framework named FedGNN for both effective and privacy-preserving personalization. Through a privacy-preserving model update method, we can collaboratively train GNN models based on decentralized graphs inferred from local data. To further exploit graph information beyond local interactions, we introduce a privacy-preserving graph expansion protocol to incorporate high-order information under privacy protection. Experimental results on six datasets for personalization in different scenarios show that FedGNN achieves 4.0%~9.6% lower errors than the state-of-the-art federated personalization methods under good privacy protection. FedGNN provides a novel direction to mining decentralized graph data in a privacy-preserving manner for responsible and intelligent personalization.

A Data-Driven Expectation Prediction Framework Based on Social Exchange Theory

Along with the rapid application of new information technologies, the data-driven era is coming, and online consumption platforms are booming. However, massive user data have not been fully developed for design value, and the application of data-driven methods of requirement engineering needs to be further expanded. This study proposes a data-driven expectation prediction framework based on social exchange theory, which analyzes user expectations in the consumption process, and predicts improvement plans to assist designers make better design improvement. According to the classification and concept definition of social exchange resources, consumption exchange elements were divided into seven categories: money, commodity, services, information, value, emotion, and status, and based on these categories, two data-driven methods, namely, word frequency statistics and scale surveys, were combined to analyze user-generated data. Then, a mathematical expectation formula was used to expand user expectation prediction. Moreover, by calculating mathematical expectation, explicit and implicit expectations are distinguished to derive a reliable design improvement plan. To validate its feasibility and advantages, an illustrative example of CoCo Fresh Tea &amp; Juice service system improvement design is further adopted. As an exploratory study, it is hoped that this study provides useful insights into the data mining process of consumption comment.

Precise Marketing Strategy Optimization of E-Commerce Platform Based on KNN Clustering

With the development of computer technology and the arrival of the era of artificial intelligence, the analysis of user demand bias is of great significance to the operation optimization of e-commerce platforms. Combined with CS domain signaling data, IP packet data of PS domain, and customer CRM data provided by operators, this research studies each dimension index of operator user portrait, after that the operator user portrait platform is divided into some individual subunits, and then the corresponding data mining technology is carried out to study the implementation scheme of each subunit. The system can process and mine multidimensional data of operators’ users and form user portraits on the basis of user data aggregation. Finally, based on the operator user portrait platform studied in this paper, the operator user data are analyzed from both the user’s mobile phone use behavior and user consumption behavior. Furthermore, the application value of this research in the precision marketing and personalized service of operators is illustrated.

A study on Predictive Modeling of Users’ Parasocial Relationship Types based on Social Media Text Big Data

The traditional quasi-social relationship type prediction model obtains prediction results by analyzing and clustering the direct data. The prediction results are easily disturbed by noisy data, and the problems of low processing efficiency and accuracy of the traditional prediction model gradually appear as the amount of user data increases. To address the above problems, the research constructs a prediction model of user quasi-social relationship type based on social media text big data. After pre-processing the collected social media text big data, the interference data that affect the accuracy of non-model prediction are removed. The interaction information in the text data is mined based on the principle of similarity calculation, and semantic analysis and sentiment annotation are performed on the information content. On the basis of BP neural network, we construct a prediction model of user’s quasi-social relationship type. The performance test data of the model shows that the average prediction accuracy of the constructed model is 89.84%, and the model has low time complexity and higher processing efficiency, which is better than other traditional models.