Jingyu Feng

Wenbo Zhang, Tao Wang, Jingyu Feng

As cross-chain technologies make the interactions among different blockchains (hereinafter "chains") possible, multi-chains consensus is becoming more and more important in blockchain networks. However, more attention has been paid to the single-chain consensus schemes. The multi-chains consensus with trusted miners participation has been not considered, thus offering opportunities for malicious users to launch Diverse Miners Behaviors (DMB) attacks on different chains. DMB attackers can be friendly in the consensus process of some chains called mask-chains to enhance trust value, while on other chains called kill-chains they engage in destructive behaviors of network. In this paper, we propose a multi-chains consensus scheme named as Proof-of-DiscTrust (PoDT) to defend against DMB attacks. Distinctive trust idea (DiscTrust) is introduced to evaluate the trust value of each user concerning different chains. A dynamic behaviors prediction scheme is designed to strengthen DiscTrust to prevent intensive DMB attackers who maintain high trust by alternately creating true or false blocks on kill-chains. On this basis, a trusted miners selection algorithm for multi-chains can be achieved at a round of block creation. Experimental results show that PoDT is secure against DMB attacks and more effective than traditional consensus schemes in multi-chains environments.

Wenbo Zhang, Jing Zhang, Yifei Shi et al.

With the large-scale deployment of industrial internet of things (IIoT) devices, the number of vulnerabilities that threaten IIoT security is also growing dramatically, including a mass of undisclosed IIoT vulnerabilities that lack mitigation measures. Coordination Vulnerabilities Disclosure (CVD) is one of the most popular vulnerabilities sharing solutions, in which some security workers (SWs) can develop undisclosed vulnerabilities patches together. However, CVD assumes that sharing participants (SWs) are all honest, and thus offering chances for dishonest SWs to leak undisclosed IIoT vulnerabilities. To combat such threats, we propose an Undisclosed IIoT Vulnerabilities Trusted Sharing Protection (UIV-TSP) scheme with dynamic token. In this article, a dynamic token is an implicit access credential for an SW to acquire an undisclosed vulnerability information, which is only held by the system and constantly updated as the SW access. Meanwhile, the latest updated token can be stealthily sneaked into the acquired information as the traceability token. Once the undisclosed vulnerability information leaves the SW host, the embedded self-destruct program will be automatically triggered to prevent leaks since the destination MAC address in the traceability token has changed. To quickly distinguish dishonest SWs, trust mechanism is adopted to evaluate the trust value of SWs. Moreover, we design a blockchain-assisted continuous logs storage method to achieve the tamper-proofing of dynamic token and the transparency of undisclosed IIoT vulnerabilities sharing. The simulation results indicate that our proposed scheme is resilient to suppress dishonest SWs and protect the IoT undisclosed vulnerabilities effectively.

Teng Wang, Xuefeng Zhang, Jingyu Feng et al.

Collecting and analyzing massive data generated from smart devices have become increasingly pervasive in crowdsensing, which are the building blocks for data-driven decision-making. However, extensive statistics and analysis of such data will seriously threaten the privacy of participating users. Local differential privacy (LDP) has been proposed as an excellent and prevalent privacy model with distributed architecture, which can provide strong privacy guarantees for each user while collecting and analyzing data. LDP ensures that each user's data is locally perturbed first in the client-side and then sent to the server-side, thereby protecting data from privacy leaks on both the client-side and server-side. This survey presents a comprehensive and systematic overview of LDP with respect to privacy models, research tasks, enabling mechanisms, and various applications. Specifically, we first provide a theoretical summarization of LDP, including the LDP model, the variants of LDP, and the basic framework of LDP algorithms. Then, we investigate and compare the diverse LDP mechanisms for various data statistics and analysis tasks from the perspectives of frequency estimation, mean estimation, and machine learning. What's more, we also summarize practical LDP-based application scenarios. Finally, we outline several future research directions under LDP.