HSM-Based Architecture to Detect Insider Attacks on Server-Side Data

被引:0
|
作者
Dib, Marc [1 ]
Pierre, Samuel [1 ]
机构
[1] Polytech Montreal, Dept Comp & Software Engn, Mobile Comp & Networking Res Lab LARIM, Montreal, PQ H3T 1J4, Canada
来源
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY | 2025年 / 20卷
基金
加拿大自然科学与工程研究理事会;
关键词
Computer architecture; Security; Databases; Cryptography; Servers; Data models; Organizations; Stability analysis; Prevention and mitigation; Encryption; confidentiality; hardware security module; insider attacks; integrity;
D O I
10.1109/TIFS.2025.3544485
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
In this paper, we propose an HSM-based architecture to detect insider attacks on server-side data. Our proposed architecture combines four cryptography-based defense mechanisms: Nonce-Based Process Authentication (NBPA), Hash-Based Field Integrity (HBFI), Hash-Based Field Availability (HBFA), and Hash-Based Row Availability (HBRA). This novel architecture is designed to detect a predefined comprehensive attack model on server-side data tailored for an HSM-based architecture. The implementation results show that the throughput decrease is mostly manageable (14% for NBPA, 30-50% for HBFI, 25% for HBFA, and 43.74% for the combination of all mechanisms), with the indication that some mechanisms are more or less appropriate depending on the situation. Moreover, the HBRA mechanism performed well regarding the attack detection time (5 minutes for a database of 1000 entries).
引用
收藏
页码:2538 / 2549
页数:12
相关论文
共 50 条
  • [1] Insider Attack Model Against HSM-Based Architecture
    Dib, Marc
    Pierre, Samuel
    IEEE ACCESS, 2023, 11 : 86848 - 86858
  • [2] A Hybrid Approach to Detect Injection Attacks on Server-side Applications using Data Mining Techniques
    Ahmed, Abu Syeed Sajid
    Shachi, Mehjabeen
    Brishty, Afsana Afrin
    Siddiqui, Nurnaby
    Sakib, Nazmus
    2021 3RD INTERNATIONAL CONFERENCE ON SUSTAINABLE TECHNOLOGIES FOR INDUSTRY 4.0 (STI), 2021,
  • [3] Detection of Server-side Web Attacks
    Corona, Igino
    Giacinto, Giorgio
    PROCEEDINGS OF THE FIRST WORKSHOP ON APPLICATIONS OF PATTERN ANALYSIS, 2010, 11 : 160 - 166
  • [4] Preventing Server-Side Request Forgery Attacks
    Jabiyev, Bahruz
    Mirzaei, Omid
    Kharraz, Amin
    Kirda, Engin
    36TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, SAC 2021, 2021, : 1626 - 1635
  • [5] Reducing costs in HSM-based data centers
    De Prisco, Roberto
    De Santis, Alfredo
    Mannetta, Marco
    JOURNAL OF HIGH SPEED NETWORKS, 2018, 24 (04) : 363 - 373
  • [6] Reducing Costs in HSM-Based Data Centers
    De Prisco, R.
    De Santis, A.
    Mannetta, M.
    GREEN, PERVASIVE, AND CLOUD COMPUTING (GPC 2017), 2017, 10232 : 3 - 14
  • [7] On Feasibility of Server-side Backdoor Attacks on Split Learning
    Tajalli, Behrad
    Ersoy, Oguzhan
    Picek, Stjepan
    2023 IEEE SECURITY AND PRIVACY WORKSHOPS, SPW, 2023, : 84 - 93
  • [8] A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud
    Godfrey, Michael
    Zulkernine, Mohammad
    2013 IEEE SIXTH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING (CLOUD 2013), 2013, : 163 - 170
  • [9] Server-Side Code Injection Attacks: A Historical Perspective
    Fritz, Jakob
    Leita, Corrado
    Polychronakis, Michalis
    RESEARCH IN ATTACKS, INTRUSIONS, AND DEFENSES, 2013, 8145 : 41 - 61
  • [10] Server-side parallel data reduction and analysis
    Wang, Daniel L.
    Zender, Charles S.
    Jenks, Stephen F.
    ADVANCES IN GRID AND PERVASIVE COMPUTING, PROCEEDINGS, 2007, 4459 : 744 - +
12345