{"title":"Information-Theoretic Security Problem in Cluster Distributed Storage Systems: Regenerating Code Against Two General Types of Eavesdroppers","authors":"Tinghan Wang;Chenhao Ying;Jia Wang;Yuan Luo","doi":"10.1109/TIFS.2025.3546567","DOIUrl":"10.1109/TIFS.2025.3546567","url":null,"abstract":"In recent years, there has been growing interest in heterogeneous distributed storage systems (DSSs), such as clustered DSSs, which are widely used in practice. However, research regarding information-theoretic security in heterogeneous DSSs remains limited. Furthermore, unlike traditional DSSs, the heterogeneous DSSs face eavesdropper with diverse operating patterns, complicating the secrecy models. In this paper, we aim to investigate the secrecy capacity and code constructions for clustered DSSs (CDSSs), a type of heterogeneous DSSs in which the system is divided into clusters with an equal number of nodes and different repair bandwidths for intra-cluster and cross-cluster against two types of eavesdroppers: the occupying-type eavesdropper and the osmotic-type eavesdropper. We construct two CDSS secrecy models tailored to these aforementioned eavesdroppers, derive the upper bounds on adjustable secrecy capacities, and explore the relationships between the upper bounds of perfect secrecy capacities and the number of compromised nodes. Notably, the upper bounds obtained in this paper generalize those of the traditional DSS model. Additionally, we propose three repair-by-transfer code constructions that achieve the secrecy capacity under both eavesdropper scenarios. These codes are based on nested MDS code and represent a generalized form of the minimum bandwidth regenerating (MBR) codes in traditional DSSs.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2852-2867"},"PeriodicalIF":6.3,"publicationDate":"2025-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10906666","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143518713","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Beyond Access Pattern: Efficient Volume-Hiding Multi-Range Queries Over Outsourced Data Services","authors":"Haoyang Wang;Kai Fan;Chong Yu;Kuan Zhang;Fenghua Li;Haojin Zhu","doi":"10.1109/TIFS.2025.3540576","DOIUrl":"10.1109/TIFS.2025.3540576","url":null,"abstract":"Multi-range query (MRQ) is a typical multi-attribute data query widely used in various practical applications. It is capable of searching all data objects contained in a query request. Many privacy-preserving MRQ schemes have been proposed to realize MRQ on encrypted data. However, existing MRQ schemes only consider the security threat caused by access pattern leakage, not the harm of volume pattern leakage. Moreover, most existing schemes cannot achieve efficient queries and updates while preserving the access pattern. In this paper, we propose an efficient MRQ scheme for hiding volume and access patterns. We first design a joint data index using Order-Revealing Encryption (ORE) and Pseudo-random functions (PRFs) to realize volume-hiding range queries. Then, we combine the private set intersection (PSI) and hardware Software Guard Extensions (SGX) to compute each attribute’s intersection of query results. In addition, we preserve access patterns during queries by designing a batch refresh algorithm and an update protocol. Finally, rigorous security analysis and extensive experiments demonstrate the security and performance of our scheme in real-world scenarios.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2509-2522"},"PeriodicalIF":6.3,"publicationDate":"2025-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143518716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fatih Emre Tosun;André M. H. Teixeira;Jingwei Dong;Anders Ahlén;Subhrakanti Dey
{"title":"Kullback-Leibler Divergence-Based Observer Design Against Sensor Bias Injection Attacks in Single-Output Systems","authors":"Fatih Emre Tosun;André M. H. Teixeira;Jingwei Dong;Anders Ahlén;Subhrakanti Dey","doi":"10.1109/TIFS.2025.3546167","DOIUrl":"10.1109/TIFS.2025.3546167","url":null,"abstract":"This paper considers observer-based detection of sensor bias injection attacks (BIAs) on linear cyber-physical systems with single output driven by white Gaussian noise. Despite their simplicity, BIAs pose a severe risk to systems with integrators, which we refer to as integrator vulnerability. Specifically, the residual generated by any linear observer is indistinguishable under attack and normal operation at steady state, making BIAs detectable only during transients. To address this, we propose a principled method based on Kullback-Leibler divergence to design a residual generator that significantly increases the signal-to-noise ratio against BIAs. For systems without integrator vulnerability, our method also enables a trade-off between transient and steady-state detectability. The effectiveness of the proposed method is demonstrated through numerical comparisons with three state-of-the-art residual generators.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2763-2777"},"PeriodicalIF":6.3,"publicationDate":"2025-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143507287","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Efficient and Privacy-Preserving Ride Matching Over Road Networks Against Malicious ORH Server","authors":"Mingtian Zhang;Anjia Yang;Jian Weng;Min-Rong Chen;Huang Zeng;Yi Liu;Xiaoli Liu;Zhihua Xia","doi":"10.1109/TIFS.2025.3544453","DOIUrl":"10.1109/TIFS.2025.3544453","url":null,"abstract":"Online ride-hailing (ORH) services have become indispensable for our travel needs, offering the convenience of easily locating the nearest driver for riders through ride matching algorithms. However, existing ORH systems, such as Lyft and Didi, require users (both riders and drivers) to disclose their real-time location information during the matching process, thus giving rise to serious privacy concerns. Despite the proposal of various privacy-preserving ride-matching schemes, they remain insufficient in addressing potential malicious behaviors from the ORH server, such as colluding with designated drivers and deviation from computation protocols to interfere with the matching process. These behaviors lead to non-optimal matching results for riders. To address these issues, we present EMPRide, an efficient and privacy-preserving ride-matching scheme resistant to malicious ORH server. In EMPRide, we design an efficient and accurate computation of distances between users protocol, which integrates road network embedding and secure two-party computation. Additionally, we design a verification protocol that allows riders to verify the correctness of computed distances and matching results. Crucially, the communication overhead for riders in EMPRide remains constant, irrelevant to the number of available drivers. Our evaluation using real-world datasets demonstrates that EMPRide significantly outperforms existing solutions. Specifically, under identical conditions, in EMPRide, the computation speed on the ORH server is <inline-formula> <tex-math>$19.22times $ </tex-math></inline-formula> faster and the communication cost is <inline-formula> <tex-math>$8.08times $ </tex-math></inline-formula> less than state-of-the-art approaches. Moreover, riders experience a speed improvement of 4.84 orders of magnitude with <inline-formula> <tex-math>$1.30times $ </tex-math></inline-formula> less communication, while drivers benefit from a 4.79 orders of magnitude speed increase with <inline-formula> <tex-math>$1.45times $ </tex-math></inline-formula> less communication.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2372-2386"},"PeriodicalIF":6.3,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143495479","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ali Nikkhah;Morteza Shoushtari;Bahareh Akhbari;Willie K. Harrison
{"title":"Secrecy Coding for the Binary Symmetric Wiretap Channel via Linear Programming","authors":"Ali Nikkhah;Morteza Shoushtari;Bahareh Akhbari;Willie K. Harrison","doi":"10.1109/TIFS.2025.3545301","DOIUrl":"10.1109/TIFS.2025.3545301","url":null,"abstract":"In this paper, we use a linear programming (LP) optimization approach to evaluate the equivocation when coding over a wiretap channel model where the main channel is noiseless and the eavesdropper’s channel is a binary symmetric channel (BSC). Using this technique, we present a numerically-derived upper bound for the achievable secrecy rate in the finite blocklength regime that is tighter than traditional infinite blocklength bounds. We also propose a secrecy coding technique that outperforms random binning codes. When there is one overhead bit, this coding technique is optimum and achieves the newly derived bound. For cases with additional bits of overhead, our coding scheme can achieve equivocation rates close to the new bound. Furthermore, we explore the patterns of the generator matrix and the parity-check matrix for linear codes and we present binning techniques for both linear and nonlinear codes using two different approaches: recursive and non-recursive. To our knowledge, this is the first optimization solution for secrecy coding obtained through linear programming. Our new bounds and codes mark a significant breakthrough towards understanding fundamental limits of performance (and how to achieve them in some instances) for the binary symmetric wiretap channel with real finite blocklength coding constructions. Our techniques are especially useful for codes of small to medium blocklength, such as those that may be required by applications with small payloads, such as the Internet of Things.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2450-2463"},"PeriodicalIF":6.3,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143495501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xueman Wang;Yipeng Wang;Yingxu Lai;Zhiyu Hao;Alex X. Liu
{"title":"Reliable Open-Set Network Traffic Classification","authors":"Xueman Wang;Yipeng Wang;Yingxu Lai;Zhiyu Hao;Alex X. Liu","doi":"10.1109/TIFS.2025.3544067","DOIUrl":"10.1109/TIFS.2025.3544067","url":null,"abstract":"The widespread use of modern network communications necessitates effective resource control and management in TCP/IP networks. However, most existing network traffic classification methods are limited to labeled known classes and struggle to handle open-set scenarios, where known classes coexist with significant volumes of unknown classes of traffic. To solve this problem more accurately and reliably, we propose RoNeTC. This method achieves high-precision classification by enhancing feature extraction and quantifying the reliability of classification decisions through uncertainty estimation. For feature extraction, we divide each packet of a flow into three views for parallel training, integrating both local and global feature representations across multiple packets to enhance accuracy. We devise a second-order classification probability to quantify the reliability of the classifier’s results and to visualize the reliability of open-set flow classification in terms of uncertainty. Additionally, we dynamically fuse classification decisions from multiple views, evaluating decision uncertainty to classify known and unknown flows and ensure robust, reliable results. We compare RoNeTC with four state-of-the-art (SOTA) methods in six open-set scenarios. RoNeTC outperforms the other methods by an average of 25.94% in F1 across all open-set scenarios, indicating its superior performance in open-set network traffic classification.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2313-2328"},"PeriodicalIF":6.3,"publicationDate":"2025-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143486223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Achieving Positive Rate of Covert Communications Covered by Randomly Activated Overt Users","authors":"Bichen Kang;Neng Ye;Jianping An","doi":"10.1109/TIFS.2025.3544957","DOIUrl":"10.1109/TIFS.2025.3544957","url":null,"abstract":"This paper studies the fundamental limits of covert communications covered by randomly activated overt users in both single-frame and multi-frame transmission scenarios. While traditional covert communications mainly consider concealing signal power characteristics, the existence of overt users provides opportunities such that covert communications can be achieved through the confusion between the users. This benefit is first revealed in single-frame transmission scenario. The major obstacle in analyzing performance limits is that the conventional Kullback-Leibler divergence based covertness measurement becomes infinite. To overcome the intractability, a tighter upper bound of the total variation distance (TVD) is then developed using a novel recursive-iterative approximation. On this basis, the collapse effect of the TVD is derived, which shows that the TVD is strictly less than 1 if the covert user sets the transmit power to be an integer multiple of that of the overt users. Then, we find that <inline-formula> <tex-math>$mathcal {O}(N)$ </tex-math></inline-formula>-bit information can be transmitted over N channel uses under the above setting, which breaks the well-known square root law. If the above setting is violated, the TVD instantly approaches 1 as <inline-formula> <tex-math>$Nrightarrow infty $ </tex-math></inline-formula>, and only <inline-formula> <tex-math>$mathcal {O}(sqrt {N})$ </tex-math></inline-formula>-bit information can be covertly transmitted. To prove this, the detection method of the warden is modified to cope with the random activation of overt users. These conclusions also hold for the transmission with uncertain powers or in fading channels, which resembles realistic wireless transmissions. In multi-frame transmission scenario, however, the access characteristics of overt users can be exposed from a statistical perspective, such that the rate gain disappears and the covert transmission rate drops to <inline-formula> <tex-math>$mathcal {O}(sqrt {N})$ </tex-math></inline-formula> bits per frame. To obtain a positive covert transmission rate, we propose a rate-splitting based covert transmission scheme that introduces an opportunistic access branch to bring randomness, through which the covert user can transmit up to <inline-formula> <tex-math>$mathcal {O}(NL)$ </tex-math></inline-formula>-bit information over L frames.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2480-2495"},"PeriodicalIF":6.3,"publicationDate":"2025-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143486224","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Deep Prediction and Efficient 3D Mapping of Color Images for Reversible Data Hiding","authors":"Runwen Hu;Yuhong Wu;Shijun Xiang;Xiaolong Li;Yao Zhao","doi":"10.1109/TIFS.2025.3544956","DOIUrl":"10.1109/TIFS.2025.3544956","url":null,"abstract":"In the reversible data hiding (RDH) community, both prediction and mapping strategies are vital for reducing distortion. With high prediction performance, small prediction errors can be generated to reduce the embedding distortion. Besides, the efficient mapping strategy can improve the practicality. In this paper, we propose a new RDH method for color images by using convolution neural networks (CNNs) for prediction and an efficient 3D mapping strategy for embedding. At first, each color image is elaborately divided into three isolated image sets so that the proposed deep prediction network (DPN) can exploit more neighboring pixels in the current channel and the correlation between three channels. Then, an efficient 3D mapping strategy is luminously designed by using the symmetry of the 3D prediction error histogram (PEH). The symmetry of 3D PEH has been analyzed in statistical and experimental ways. Based on the proposed deep prediction network and efficient 3D mapping strategy (DPEM), we construct an efficient RDH method for color images. The performance of the proposed DPN is evaluated by comparing it with several predictors on different image datasets. The embedding performance has been demonstrated by hiding information in color images, e.g., the average PSNR value of the Kodak dataset is 63.63 dB with an embedding capacity of 50,000 bits. Furthermore, the experimental results on the ImageNet and PASCAL VOC2012 datasets have shown the proposed RDH method is superior to several state-of-the-art RDH methods. With the introduction of deep learning, the development of the RDH method for color images can be promoted.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2607-2620"},"PeriodicalIF":6.3,"publicationDate":"2025-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143486225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Guangyong Gao;Xiaoan Chen;Li Li;Zhihua Xia;Jianwei Fei;Yun-Qing Shi
{"title":"Screen-Shooting Robust Watermark Based on Style Transfer and Structural Re-Parameterization","authors":"Guangyong Gao;Xiaoan Chen;Li Li;Zhihua Xia;Jianwei Fei;Yun-Qing Shi","doi":"10.1109/TIFS.2025.3542992","DOIUrl":"10.1109/TIFS.2025.3542992","url":null,"abstract":"In real-world applications, screen capturing represents a significant scenario where this process can induce substantial distortion to the original image. Previous methods for simulating screen-shooting distortion often involved combining different formulas. We found that these simulation methods still have a significant gap compared to real distortions, making it urgently necessary to develop a realistic and credible comprehensive noise layer to achieve robustness against screen-shooting distortion. This paper presents a watermarking scheme capable of withstanding severe screen-shooting distortion. First, a dataset is constructed to train a screen-shooting distortion simulation network based on style transfer. Subsequently, a comprehensive noise layer is built upon this network to achieve robustness against severe screen-shooting distortion. Additionally, this paper incorporates structural re-parameterization techniques into the traditional U-shaped encoder to improve the quality of encoded images. Extensive experiments demonstrate the proposed scheme’s superior performance in terms of robustness and generalization, especially under severe screen-shooting distortion conditions.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2648-2663"},"PeriodicalIF":6.3,"publicationDate":"2025-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143470582","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"HSM-Based Architecture to Detect Insider Attacks on Server-Side Data","authors":"Marc Dib;Samuel Pierre","doi":"10.1109/TIFS.2025.3544485","DOIUrl":"10.1109/TIFS.2025.3544485","url":null,"abstract":"In this paper, we propose an HSM-based architecture to detect insider attacks on server-side data. Our proposed architecture combines four cryptography-based defense mechanisms: Nonce-Based Process Authentication (NBPA), Hash-Based Field Integrity (HBFI), Hash-Based Field Availability (HBFA), and Hash-Based Row Availability (HBRA). This novel architecture is designed to detect a predefined comprehensive attack model on server-side data tailored for an HSM-based architecture. The implementation results show that the throughput decrease is mostly manageable (14% for NBPA, 30-50% for HBFI, 25% for HBFA, and 43.74% for the combination of all mechanisms), with the indication that some mechanisms are more or less appropriate depending on the situation. Moreover, the HBRA mechanism performed well regarding the attack detection time (5 minutes for a database of 1000 entries).","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2538-2549"},"PeriodicalIF":6.3,"publicationDate":"2025-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143470583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}