IEEE Transactions on Information Forensics and Security最新文献

{"title":"HPQKE: Hybrid Post-Quantum Key Exchange Protocol for SSH Transport Layer From CSIDH","authors":"Mingping Qi;Chi Chen","doi":"10.1109/TIFS.2025.3539943","DOIUrl":"10.1109/TIFS.2025.3539943","url":null,"abstract":"Secure Shell (SSH) is a robust cryptographic network protocol designed to establish a secure and encrypted connection over potentially insecure networks, which is typically used for remote login and command-line execution on remote systems. As its core foundation, SSH Transport Layer Protocol relies on the classic (Elliptic Curve) Diffie-Hellman ((EC)DH) key exchange protocol to achieve session key establishment, whose security is essentially based on the (EC) discrete logarithm problem ((EC)DLP). However, the classic (EC)DLP problem could be broken using sufficiently powerful quantum computers when it comes to the post-quantum era, which implies that the traditional SSH protocol will be insecure against the quantum computer attacks. To this end, this paper presents a hybrid post-quantum alternative for the SSH Transport Layer Protocol, called as HPQKE, which combines the supersingular isogeny based post-quantum CSIDH (Commutative Supersingular Isogeny Diffie-Hellman) and the classic ECDH key exchange protocols together. The security of each individual key exchange protocol within the presented HPQKE operates independently, ensuring that the overall security of the HPQKE remains at least as robust as the most secure key exchange protocol employed during its key exchange processes. Moreover, we formally prove that if the used MAC scheme is EUF-CMA secure, then (1) HPQKE is a post-quantum secure key exchange protocol if the CSIDH based Gap Computational Diffie-Hellman (CSI-GDH) security assumption holds, and (2) HPQKE is a classically secure key exchange protocol if the traditional GDH security assumption holds. In addition, we provide a prototype implementation for the HPQKE in a real network environment, and the corresponding experimental results intuitively demonstrate its practical feasibility.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2122-2131"},"PeriodicalIF":6.3,"publicationDate":"2025-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143367386","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FedGhost: Data-Free Model Poisoning Enhancement in Federated Learning","authors":"Zhuoran Ma;Xinyi Huang;Zhuzhu Wang;Zhan Qin;Xiangyu Wang;Jianfeng Ma","doi":"10.1109/TIFS.2025.3539087","DOIUrl":"10.1109/TIFS.2025.3539087","url":null,"abstract":"FL is vulnerable to model poisoning attacks due to the invisibility of local data and the decentralized nature of FL training. The adversary attempts to maliciously manipulate local model gradients to compromise the global model (i.e., victim model). Commonly-studied model poisoning attacks heavily depend on accessing additional knowledge, such as local data and the aggregation algorithm from the victim model, which easily encounter practical obstacles due to limited adversarial knowledge. In this paper, we first reveal that aggregated gradients in FL can serve as an attack carrier, exposing the latent knowledge of the victim model. In particular, we propose a data-free model poisoning attack named FedGhost, which aims to redirect the training objective of FL towards the adversary’s objective without any auxiliary information. In FedGhost, we design a black-box adaptive optimization algorithm to dynamically adjust the perturbation factor for malicious gradients, maximizing the poisoning impact of FL. Experimental results on five datasets in IID and Non-IID FL settings demonstrate that FedGhost achieves the highest attack success rate, outperforming other state-of-the-art model poisoning attacks by more than <inline-formula> <tex-math>$10%-60%$ </tex-math></inline-formula>.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2096-2108"},"PeriodicalIF":6.3,"publicationDate":"2025-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143367387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Device-Enhanced Password-Based Threshold Single-Sign-On Authentication","authors":"Changsong Jiang;Chunxiang Xu;Guomin Yang;Zhao Zhang;Jie Chen","doi":"10.1109/TIFS.2025.3539955","DOIUrl":"10.1109/TIFS.2025.3539955","url":null,"abstract":"Password-based threshold single-sign-on authentication (PbTA) allows multiple identity servers to in a threshold manner authenticate a user and issue a token, with which the user accesses relevant services. We analyze existing PbTA schemes and reveal a potential threat: vulnerability against perpetual credential leakage, in which “perpetual” adversaries could perpetually attempt to compromise long-lived credential databases maintained by identity servers. Compromising a threshold number of credential databases enables the adversaries to launch offline dictionary guessing attacks (DGA) or illegally obtain users’ tokens. To address these issues, we first propose a basic device-enhanced PbTA scheme (DE-PbTA), where an auxiliary device collaborates with identity servers in hardening a user’s password during authentication, such that perpetual adversaries cannot learn the password from compromised credentials via offline DGA. Using the hardened password, a private key can be derived to decrypt ciphertexts from identity servers for token construction, which protects the user’s tokens against perpetual adversaries. Then, we extend basic DE-PbTA to support dynamic usage of multiple devices, where a user can actively choose <inline-formula> <tex-math>$t^{prime } $ </tex-math></inline-formula> devices out of <inline-formula> <tex-math>$n^{prime } $ </tex-math></inline-formula> for authentication. Provable security and high efficiency of the basic/enhanced DE-PbTA scheme are demonstrated by comprehensive analysis and experimental evaluations.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2006-2021"},"PeriodicalIF":6.3,"publicationDate":"2025-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143367384","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Cross-Attention Multi-Scale Performer With Gaussian Bit-Flips for File Fragment Classification","authors":"Sisung Liu;Jeong Gyu Park;Hyeongsik Kim;Je Hyeong Hong","doi":"10.1109/TIFS.2025.3539527","DOIUrl":"10.1109/TIFS.2025.3539527","url":null,"abstract":"File fragment classification is a crucial task in digital forensics and cybersecurity, and has recently achieved significant improvement through the deployment of convolutional neural networks (CNNs) compared to traditional handcrafted feature-based methods. However, CNN-based models exhibit inherent biases that can limit their effectiveness for larger datasets. To address this limitation, we propose the Cross-Attention Multi-Scale Performer (XMP) model, which integrates the attention mechanisms of transformer encoders with the feature extraction capabilities of CNNs. Compared to our conference work, we additionally introduce a new Gaussian Bit-Flip (GBFlip) method for binary data augmentation, largely inspired by bit flipping errors in digital system, improving the model performance. Furthermore, we incorporate a fine-tuning approach and demonstrate XMP adapts more effectively to diverse datasets than other CNN-based competitors without extensive hyperparameter tuning. Our experimental results on two public file fragment classification datasets show XMP surpassing other CNN-based and RCNN-based models, achieving state-of-the-art performance in file fragment classification both with and without fine-tuning. Our code is available at <uri>https://github.com/DominicoRyu/XMP_TIFS</uri>.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2109-2121"},"PeriodicalIF":6.3,"publicationDate":"2025-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143258742","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Energy-Efficient Wireless Technology Recognition Method Using Time-Frequency Feature Fusion Spiking Neural Networks","authors":"Lifan Hu;Yu Wang;Xue Fu;Lantu Guo;Yun Lin;Guan Gui","doi":"10.1109/TIFS.2025.3539519","DOIUrl":"10.1109/TIFS.2025.3539519","url":null,"abstract":"Wireless Technology Recognition (WTR) distinguishes different wireless technologies by analyzing characteristic features extracted from radio signals. While deep learning (DL)-based methods are extensively used in WTR due to their ability to extract hidden data features and make accurate classification decisions, their application is often limited by excessive power consumption. In this paper, we propose a novel WTR method that addresses this challenge using a time-frequency feature fusion spiking neural networks (TFSNN) framework. Our approach combines information from both the time and frequency domains to enhance feature extraction. Experimental results demonstrate that our model performs exceptionally well at high signal-to-noise ratios on open-source datasets. Specifically, at a sampling rate of 15 Msps, our method achieves a recognition accuracy of 99.85%. Even when the sampling rate is reduced to 10 Msps, the average accuracy remains 1.61% higher than the best existing method. Additionally, our method reduces energy consumption by about half compared to most current methods. These results emphasize the effectiveness and necessity of time-frequency domain feature fusion (TFSF) in WTR.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2252-2265"},"PeriodicalIF":6.3,"publicationDate":"2025-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143258603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A New Benchmark and Algorithm for Clothes-Changing Video Person Re-Identification","authors":"Likai Wang;Xiangqun Zhang;Ruize Han;Yanjie Wei;Song Wang;Wei Feng","doi":"10.1109/TIFS.2025.3539079","DOIUrl":"10.1109/TIFS.2025.3539079","url":null,"abstract":"Person re-identification (Re-ID) is a classical computer vision task and has significant applications for public security and information forensics. Recently, long-term Re-ID with clothes-changing has attracted increasing attention. However, existing methods mainly focus on image-based setting, where richer temporal information is overlooked. In this paper, we focus on the relatively new yet practical problem of Clothes-Changing Video-based Re-ID (CCVReID), which is less studied. First, given the dataset shortage, we build two new benchmark datasets for CCVReID problem, including a large-scale synthetic video dataset and a real-world one, both containing human sequences with various clothing changes. Moreover, we systematically study this problem by simultaneously considering the classical appearance feature and temporal feature contained in the video. We develop a dual-branch fusion framework that makes use of the information from both clothes-aware appearance feature and clothes-free gait feature. For better information fusion, a confidence-guided re-ranking strategy is proposed to adaptively balance the weight of these two categories of features. We have released the benchmark and code proposed in this work to the public at <uri>https://github.com/kkw98/CCVReID</uri>.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1993-2005"},"PeriodicalIF":6.3,"publicationDate":"2025-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143192138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Intrusion Detection for Internet of Things: An Anchor Graph Clustering Approach","authors":"Yixuan Wu;Long Zhang;Lin Yang;Feng Yang;Linru Ma;Zhoumin Lu;Wen Jiang","doi":"10.1109/TIFS.2025.3539100","DOIUrl":"10.1109/TIFS.2025.3539100","url":null,"abstract":"Intrusion detection systems are a crucial technique for securing the Internet of Things (IoT) from malicious attacks. Additionally, due to the continuous emergence of new vulnerabilities and unknown attack types, only a small number of attack samples in the IoT environments can be captured for analysis. In this work, we introduce an anchor graph clustering (AGC) method for intrusion detection to address the challenge of limited labeled samples in the IoT environments. AGC initially transforms the raw data into the embedding space to obtain more representative anchors. Then, AGC unifies anchor graph construction, anchor graph learning, and graph clustering into a unified framework, solving the resulting optimization problem through an iterative solution algorithm. Finally, AGC leverages the powerful analytical capabilities of graph learning to achieve fine-grained classification of low-quality labels. Experimental results on both real and synthetic datasets confirm that AGC can identify intrusions with high precision, while also being time-efficient in detection.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1965-1980"},"PeriodicalIF":6.3,"publicationDate":"2025-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143192086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Mutual Information-Optimized Steganalysis for Generative Steganography","authors":"Mingzhi Hu;Hongxia Wang","doi":"10.1109/TIFS.2025.3539089","DOIUrl":"10.1109/TIFS.2025.3539089","url":null,"abstract":"Coverless generative steganography is a highly secure method of information hiding. With the advent of the AI-generated content (AIGC) era, the widespread dissemination of generative content on the internet provides an excellent hiding environment for generative steganographic images. Generative steganographic images do not require the participation of carrier images, making existing steganalysis methods expired. However, there are currently no detection methods specifically targeting generative steganographic content. To address this gap, we propose a steganalysis method for generative steganographic images. Our approach focuses on the intrinsic differences between generative steganographic images and ordinary generative images. Through comparative analysis, we propose optimizing the detection model using mutual information estimation. We hypothesize about the distribution characteristics of steganographic signals and design a feature discrimination loss function to further guide the model’s optimization. In addition to designing a feature extraction network to extract features from different image regions, we also incorporate an image classification model pretrained on a large dataset to extract classification features for the final classification. Experimental results in various training and testing scenarios demonstrate that the proposed model not only possesses excellent detection capability but also exhibits reliable generalization compared to other models. Furthermore, we provide necessary descriptions and analysis to validate the rationale behind the network design.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1852-1865"},"PeriodicalIF":6.3,"publicationDate":"2025-02-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143125175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Vulseye: Detect Smart Contract Vulnerabilities via Stateful Directed Graybox Fuzzing","authors":"Ruichao Liang;Jing Chen;Cong Wu;Kun He;Yueming Wu;Ruochen Cao;Ruiying Du;Ziming Zhao;Yang Liu","doi":"10.1109/TIFS.2025.3537827","DOIUrl":"10.1109/TIFS.2025.3537827","url":null,"abstract":"Smart contracts, the cornerstone of decentralized applications, have become increasingly prominent in revolutionizing the digital landscape. However, vulnerabilities in smart contracts pose great risks to user assets and undermine overall trust in decentralized systems. Fuzzing, a prominent security testing technique, is extensively explored to detect vulnerabilities. But current smart contract fuzzers fall short of expectations in testing efficiency for two primary reasons. Firstly, smart contracts are stateful programs, and existing approaches, primarily coverage-guided, lack effective feedback from the contract state. Consequently, they struggle to effectively explore the contract state space. Secondly, coverage-guided fuzzers, aiming for comprehensive program coverage, may lead to a wastage of testing resources on benign code areas. This wastage worsens in smart contract testing, as the mix of code and state spaces further complicates comprehensive testing. To address these challenges, we propose V<sc>ulseye</small>, a stateful directed graybox fuzzer for smart contracts guided by vulnerabilities. Different from prior works, V<sc>ulseye</small> achieves stateful directed fuzzing by prioritizing testing resources to code areas and contract states that are more prone to vulnerabilities. We introduce <italic>Code Targets</i> and <italic>State Targets</i> into fuzzing loops as the testing targets of V<sc>ulseye</small>. We use static analysis and pattern matching to pinpoint <italic>Code Targets</i>, and propose a scalable backward analysis algorithm to specify <italic>State Targets</i>. We design a novel fitness metric that leverages feedback from both the contract code space and state space, directing fuzzing toward these targets. With the guidance of code and state targets, V<sc>ulseye</small> alleviates the wastage of testing resources on benign code areas and achieves effective stateful fuzzing. In comparison with state-of-the-art fuzzers, V<sc>ulseye</small> demonstrated superior effectiveness and efficiency. Notably, it uncovered 4,845 vulnerabilities in 42,738 real-world smart contracts, outperforming existing approaches by up to <inline-formula> <tex-math>$9.7times $ </tex-math></inline-formula>, and identified 11 previously unknown vulnerabilities within the top 50 Ethereum DApps, involving approximately 2,500,000 USD.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2157-2170"},"PeriodicalIF":6.3,"publicationDate":"2025-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143083888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Einocchio: Efficiently Outsourcing Polynomial Computation With Verifiable Computation and Optimized Newton Interpolation","authors":"Xintao Pei;Yuling Chen;Yangyang Long;Haiwei Sang;Yun Luo","doi":"10.1109/TIFS.2025.3537823","DOIUrl":"10.1109/TIFS.2025.3537823","url":null,"abstract":"Cloud computing, as a promising service platform, has gained significant popularity in addressing emerging data privacy issues in applications such as machine learning and data mining. Researchers have proposed the verifiable computing that allows the cloud users to delegate their computation tasks to the cloud server. Then, the cloud server computes the cryptographic proofs that verify the correctness of the results, a process that is generally faster ompared to local manual computation. However, performing computation tasks or verifying the correctness of encrypted data, such as multivariate polynomial functions, remains a significant challenge. To solve this problem, we propose Einocchio: a verifiable computation scheme that combines the efficient Pinocchio system with homomorphic encryption, which allows the public verification of the computational results on the server side while ensuring data confidentiality and the results. Compared with the existing solutions, Einocchio does not reveal the client’s input. Furthermore, we extrapolate Einocchio by optimizing the Pinocchio’s quadratic arithmetic program component using a differential optimization method, which reduces the computational workload owing to the conversion from quadratic to linear complexity, thereby increasing the efficiency of the quadratic arithmetic program preprocessing stage. Security analysis demonstrates that Einocchio achieves IND-CPA security. Finally, the performance evaluation confirmed its effectiveness and suitability for cloud computing environments. Compared to the corresponding scheme based on Newton interpolation, Einocchio achieves a threefold greater computational efficiency, with the generation of interpolation polynomials for 50 data inputs occurring in a mere 0.31 ms, while simultaneously reducing the number of computations.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1981-1992"},"PeriodicalIF":6.3,"publicationDate":"2025-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143083887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}