Secure medical IoT data sharing significantly improves medical collaboration and facilitates patients’ medical treatment. Since block chain provides integrity and traceability management for medical data, many IoT medical data choose block chain as a storage medium. However, the isolation of block chain hinders data sharing between heterogeneous chains, so how to realize the secure sharing of medical IoT data in heterogeneous block chains and allow users to obtain correct and credible shared data is still a challenge. Existing data integrity verification techniques ensure the correctness of shared data by comparing off-chain data with metadata stored on-chain. However, these schemes ignore the consistency of shared data and the correctness of cross-chain data. This paper builds a cross-chain medical IoT data-sharing framework, introduces a relay chain, and verifies the consistency between data requests and actual storage through registration, auditing, and other methods. Based on this framework, this paper uses homomorphic signature technology and batch auditing to design a cross-chain audit protocol to verify the consistency of registered data attributes and the correctness of shared data. Security analysis and simulation experiments based on security reduction demonstrate the security and effectiveness of the proposed scheme. © 2023, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.

Family malware classification is becoming progressively urgent because of the increasing diversity of family malware and the different hazards it causes. There is a growing concern that classification is at a disadvantage owing to its problems. For one thing, obtaining the crucial features of innumerable families is arduous. For another, constructing a classification model that fully learns multi-class samples is intricate. To solve these problems, it proposes a precise classification for Android family malware called CAFM in this paper. It profoundly analyzes the relationship between the information implicit in features and the degree of differentiation among families. We select the features containing context information as feature representations. In addition, it employs a specially designed deep neural network model with upgraded learning capability for grasping the continuous features of family malware utterly. Experimental verification on a real-world dataset shows that the CAFM can effectively implement family classification, and the classification accuracy reaches 97.73% when the length of the opcode sequence is 700. Compared with other classifiers, the Kappa coefficient of the comprehensive evaluation indicator also reached 0.9725 and is at least 0.1225 higher than comparison classifiers. © 2022, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.

Most of the existing global positioning system (GPS) spoofing detection schemes are vulnerable to the generative GPS spoofing attack, or require additional auxiliary equipment and extensive signal processing capabilities, leading to defects such as low real-time performance and large communication overhead which are not available for the unmanned aerial vehicle (UAV, also known as drone) system. Therefore, we propose a novel solution which employs information fusion based on the GPS receiver and inertial measurement unit. We use a real-time model of tracking and calculating to derive the current position of the drones which are then contrasted with the position information received by the receiver to verify whether the presence or absence of spoofing attack. Subsequent experimental work shows that, the proposed method can accurately detect the spoof within 8 seconds, with a detection rate (DR) of 98.6%. Compared with the existing schemes, the performance of real-time detecting is improved while the DR is ensured. Even in our worst-case, we detect the spoof within 28 seconds after the UAV system starts its mission. © 2020 John Wiley & Sons Ltd

Ethereum is one of the currently popular trading platform, where any one can exchange, buy, or sell cryptocurrencies. Smart contract, a computer program, can help Ethereum to encode rules or scripts for processing transactions. Because the smart contract usually handles large number of cryptocurrencies worth billions of dollars apiece, its security has gained considerable attention. In this paper, we first investigate the security of smart contracts running on the Ethereum and introduce several new security vulnerabilities that allow adversaries to exploit and gain financial benefits. Then, we propose a more practical smart contract analysis tool termed NeuCheck, in which we introduce the syntax tree in the syntactical analyzer to complete the transformation from source code to intermediate representation, and then adopt the open source library working with XML to analyze such tree. We have built a prototype of NeuCheck for Ethereum and evaluate it with over 52 000 existing Ethereum smart contracts. The results show that (1) our new documented vulnerabilities are prevalent; (2) NeuCheck improves the analysis speed by at least 17.2 times compared to other popular analysis tools (eg, Securify and Mythril; and (3) allows for cross-platform deployment. © 2019 John Wiley & Sons, Ltd.

Bitcoin has attracted considerable attention from governments, banks, as well as researchers. However, Bitcoin is not a completely anonymous system. All transaction information in the Bitcoin system is published on the network and can be used to reveal the identity of the user by transaction correlation analysis. In this paper, a secure and privacy-preserving mix service for Bitcoin anonymity, Lockmix, is proposed. Lockmix introduces mix servers to provide a mix service for the user by using blind signature and multi-signature schemes to prevent attackers from linking the input address with the output address. Lockmix provides anonymity, scalability, accountability, Bitcoin compatibility and anti-theft. Lockmix has been implemented on a Bitcoin test network, and experiments show that our solution is efficient.
© 2019, Springer-Verlag GmbH Germany, part of Springer Nature.

Authentication with unlinkability is one of the critical requirements for the security of VANETs. Unlinkability prevents attackers from linking multiple messages to infer vehicular privacy. Pseudonymous authentication schemes are widely adopted to achieve unlinkable authentication. However, they need multiple interactions with a trusted third-party to update pseudonym as well as the attached information. In order to address this issue and provide effective services in distributed systems, we propose a blockchain-based unlinkable authentication protocol called BUA, where Service Manager (SM) of each domain acts as the nodes of consortium blockchain to construct a distributed system. Each SM covers a certain logical area and maintains a sequence of consistent blocks, which hold vehicular registration data. Based on the system, vehicles use homomorphic encryption to self-generate any number of pseudonyms to achieve unlinkability. Pseudonymous validity and ownership can be verified locally by each SM. Performance evaluation results of the proposed scheme show that our protocol provides stronger security with less computation and communication overhead.
© 2020 IEEE.

Bitcoin has attracted considerable attention from governments, banks, as well as researchers. However, Bitcoin is not a completely anonymous system. All transaction information in the Bitcoin system is published on the network and can be used to reveal the identity of the user by transaction correlation analysis. In this paper, a secure and privacy-preserving mix service for Bitcoin anonymity, Lockmix, is proposed. Lockmix introduces mix servers to provide a mix service for the user by using blind signature and multi-signature schemes to prevent attackers from linking the input address with the output address. Lockmix provides anonymity, scalability, accountability, Bitcoin compatibility and anti-theft. Lockmix has been implemented on a Bitcoin test network, and experiments show that our solution is efficient.
© 2019, Springer-Verlag GmbH Germany, part of Springer Nature.

As Bitcoin users grow, the protection of the Bitcoin privacy protection becomes an important issue. Bitcoin mixing technology can cut off the connection between buyers and sellers. Now, a more effective method is used to carry out a coin mixing operation. The existing flat structure and two-layer structure have their own deficiencies. Therefore, anonymous Bitcoin mixing scheme is proposed. In order to increase the anonymity of coin mixing, group blind signature technology is used to expand the anonymous set of users. Moreover, a Supervisor for supervising Mixes is introduced to ensure the security of the system and the threshold signature is also used to ensure the security of the Mix's Bitcoin to prevent the Supervisor from stealing Bitcoin. Finally, the security analysis and experiment are given to conclude that our scheme is secure and efficient. © 2020 IEEE.