{"title":"Unveiling Privacy Risks in the Long Tail: Membership Inference in Class Skewness","authors":"Hailong Hu;Jun Pang;Yantao Li;Huafeng Qin","doi":"10.1109/TIFS.2025.3607261","DOIUrl":"10.1109/TIFS.2025.3607261","url":null,"abstract":"Real-world datasets often exhibit long-tailed distributions, raising important questions about how privacy risks evolve when machine learning (ML) models are applied to such data. In this work, we present a comprehensive analysis of membership inference attacks in long-tailed scenarios, revealing significant privacy vulnerabilities in tail data. We begin by examining standard ML models trained on long-tailed datasets and identify three key privacy risk effects: amplification, convergence, and polarization. Building on these insights, we extend our analysis to state-of-the-art long-tailed learning methods, such as foundation model-based approaches, offering new perspectives on how these models respond to membership inference attacks across head to tail classes. Finally, we investigate the privacy risks of ML models trained with differential privacy in long-tailed scenarios. Our findings corroborate that, even when ML models are designed to improve tail class performance to match head classes and are protected by differential privacy, tail class data remain particularly vulnerable to membership inference attacks.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9507-9522"},"PeriodicalIF":8.0,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145017535","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dongchi Han;Yuan Ma;Tianyu Chen;Shijie Jia;Na Lv;Fangyu Zheng;Xianhui Lu
{"title":"Revisiting Prediction-Based Min-Entropy Estimation: Toward Interpretability, Reliability, and Applicability","authors":"Dongchi Han;Yuan Ma;Tianyu Chen;Shijie Jia;Na Lv;Fangyu Zheng;Xianhui Lu","doi":"10.1109/TIFS.2025.3607168","DOIUrl":"10.1109/TIFS.2025.3607168","url":null,"abstract":"Prediction-based min-entropy estimation methods, also known as predictors, are essential tools for assessing the security of entropy sources. As recommended in NIST SP 800-90B (90B), these methods estimate min-entropy by forecasting the outputs of entropy sources. Owing to their computational efficiency, considerable research has focused on enhancing the accuracy of predictors, including approaches based on deep neural networks (DNNs). However, concerns remain about their interpretability, reliability, and applicability, particularly for DNN-based predictors. In this paper, we first identify key deficiencies in existing prediction-based methods, including those in 90B and DNN-based predictors, which lead to unreliable estimates and poor adaptability across diverse entropy sources. To improve reliability, we model the predictor output distribution and revise the local predictability metric to produce more stable estimates with associated confidence levels. To enhance the interpretability of DNN-based predictors in entropy estimation, we provide the first theoretical analysis linking neural network optimization objectives to min-entropy, clarifying the suitability and learnability of different architectures. We further reveal the inapplicability of existing methods under time-varying sources and propose a new estimation framework that combines online learning, change detection, and Bayesian optimization for dynamic model updates. The experimental results demonstrate that our methods surpass existing approaches in terms of reliability and applicability, especially when dealing with time-varying sources.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9641-9656"},"PeriodicalIF":8.0,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145017210","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Lee T. Maccarone, Dennis M. Buede, Scott T. Bowman, Pawel Ambrozewicz, Charles D. Burdick, J. Connor Grady, Shaw X. Wen
{"title":"Identifying Adversarial Cyber-Activity in Operational Technology Environments Using Bayesian Networks","authors":"Lee T. Maccarone, Dennis M. Buede, Scott T. Bowman, Pawel Ambrozewicz, Charles D. Burdick, J. Connor Grady, Shaw X. Wen","doi":"10.1109/tifs.2025.3607241","DOIUrl":"https://doi.org/10.1109/tifs.2025.3607241","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"71 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145017541","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Model Extraction for Image Denoising Networks","authors":"Huan Teng;Yuhui Quan;Yong Xu;Jun Huang;Hui Ji","doi":"10.1109/TIFS.2025.3607269","DOIUrl":"10.1109/TIFS.2025.3607269","url":null,"abstract":"Model Extraction (ME) replicates the performance of another entity’s pretrained model without authorization. While extensively studied in image classification, object detection, and other tasks, ME for image restoration has been scarcely studied despite its broad applications. This paper presents a novel ME framework for image denoising networks, a fundamental one in image restoration. The framework tackles unique challenges like the black-box nature of the victim model, limiting access to its parameters, gradients, and outputs, and the difficulty of acquiring data that matches the original noise distribution while having adequate diversity. Our solution involves simulating the victim’s noise conditions to transform clean images into noisy ones and introducing loss functions to optimize the generator and substitute model. Experiments show that our method closely approximates the victim model’s performance and improves generalization in some scenarios. To the best of our knowledge, this work is the first to address ME in the field of image restoration, paving the way for future research in this area.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9892-9904"},"PeriodicalIF":8.0,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145017542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Qianwen Gao;Yuan Lu;Kunpeng Bai;Zhenfeng Zhang;Yichi Tu
{"title":"ThPlA: Threshold Passwordless Authentication Made Usable and Scalable","authors":"Qianwen Gao;Yuan Lu;Kunpeng Bai;Zhenfeng Zhang;Yichi Tu","doi":"10.1109/TIFS.2025.3607255","DOIUrl":"10.1109/TIFS.2025.3607255","url":null,"abstract":"Passwordless user authentication schemes with FIDO as the standard have been widely deployed in web applications. Users use hardware tokens to store their identity credentials (i.e., signing keys) and implement strong authentication through a challenge-response mechanism, avoiding the security risks associated with traditional password-based authentication. Distributed Web services can greatly alleviate the system reliability problem caused by single points of failure, and thus have received increasing attention and research. In distributed systems, resources are distributed across multiple servers, and users must interact with them (or a subset of them in thresholding) to obtain network services. User authentication among the distributed (threshold) systems also poses a challenge: how to ensure security and ease of use at the same time? In particular, users need to authenticate to multiple servers when accessing distributed services, and in the case of using FIDO authentication, users need to authenticate to each server using challenge-response authentication, which will greatly reduce the user experience. In this work, we propose the concept named <italic>Threshold Passwordless Authentication</i> (ThPlA) to address this issue. ThPlA allows users to authenticate to a <italic>t</i>-of-<italic>n</i> thresholding system. ThPlA is designed to be compatible with existing FIDO tokens and requires no extra hardware modifications; the user only needs to interact with the hardware token once during an authentication session; and on the service side, the servers do not need to communicate with each other. ThPlA is based on the component named <italic>Non-interactive Threshold Nonce Generation</i> (NI-ThNG), which extends the two-party challenge-response mechanism to <italic>t</i>-of-<italic>n</i> settings. We provide a formal definition of ThPlA and NI-ThNG and give practical constructions. We also provide a performance evaluation of ThPlA and NI-ThNG, respectively. Our experimental results show that the schemes are efficient and practical for real-world applications, even in large-scale distributed systems.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9700-9715"},"PeriodicalIF":8.0,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145017207","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Lightweight Dynamic Conjunctive Keyword Searchable Encryption With Result Pattern Hiding","authors":"Chenbin Zhao;Ruiying Du;Jing Chen;Kun He;Ximeng Liu;Yang Xiang","doi":"10.1109/TIFS.2025.3607252","DOIUrl":"10.1109/TIFS.2025.3607252","url":null,"abstract":"With the rapid growth of cloud storage technology, the demand for efficient and secure search of outsourced encrypted data has become increasingly critical. However, existing conjunctive keyword dynamic searchable encryption schemes often expose the Keyword Pair Result Pattern (KPRP) during index matching, compromising privacy. Additionally, frequent index updates require expensive group exponentiations, leading to high client-side overhead. To tackle these challenges, we propose LRP-HDSE, a lightweight dynamic conjunctive keyword searchable encryption scheme that hides KPRP while minimizing client computation costs. To enhance privacy, we introduce the Vector Hidden Subset Predicate Encryption (VH-SPE) mechanism, which enables the server to implicitly detect cross-tag in the membership matching index, effectively mitigating KPRP leakage. For improved efficiency, the scheme designs a lightweight membership matching index structure, LSet, based on low-cost multiset hash operations, reducing reliance on costly exponentiations and lowering client overhead. Our security analysis confirms that LRP-HDSE provides robust KPRP hiding along with forward and backward security in dynamic environments. Asymptotic analysis, along with experiment evaluations on two real-world datasets, show that our scheme offers superior client-side computational efficiency compared to existing approaches, making it both practical and effective.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9492-9506"},"PeriodicalIF":8.0,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145017209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Bin Liu;Tiantian Yang;Wei Huang;Chunyan Wei;Nankun Mu;Bingjie Xu;Fei Gao
{"title":"Measurement-Device-Independent Quantum Private Query With Weak Coherent Source","authors":"Bin Liu;Tiantian Yang;Wei Huang;Chunyan Wei;Nankun Mu;Bingjie Xu;Fei Gao","doi":"10.1109/TIFS.2025.3607259","DOIUrl":"10.1109/TIFS.2025.3607259","url":null,"abstract":"Quantum private query (QPQ) has emerged as a pivotal quantum cryptographic solution for symmetric private information retrieval, representing one of the most viable protocols for practical implementation following quantum key distribution. However, comprehensive practical security analysis remains imperative before deployment, particularly addressing concurrent vulnerabilities at both the optical source and detection components. This study makes dual fundamental contributions: 1) We unveil a sophisticated multiphoton attack strategy that enables malicious users to completely compromise database confidentiality by exploiting inherent multiphoton emissions from practical light sources across multiple established QPQ protocols; 2) We develop a novel decoy-state measurement-device-independent QPQ protocol specifically designed for weak coherent sources that simultaneously mitigates security vulnerabilities at both system endpoints. Our rigorous security analysis demonstrates that the proposed protocol achieves remarkable security enhancement - reducing an attacker’s information extraction capability from complete database access (100% items) to merely approximately 2.51 database items under standard operational parameters, while preserving practical implementability. This work establishes a critical framework for bridging theoretical security guarantees with practical implementation requirements, providing essential foundations for real-world QPQ deployment within existing quantum communication infrastructures.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9454-9462"},"PeriodicalIF":8.0,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145017193","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Luke Chen;Youssef Gamal;Yanda Li;Shih-Yuan Yu;Ihsen Alouani;Mohammad Abdullah Al Faruque
{"title":"DART: Distribution-Aware Hardware Trojan Detection","authors":"Luke Chen;Youssef Gamal;Yanda Li;Shih-Yuan Yu;Ihsen Alouani;Mohammad Abdullah Al Faruque","doi":"10.1109/TIFS.2025.3607240","DOIUrl":"10.1109/TIFS.2025.3607240","url":null,"abstract":"Machine Learning (ML) has proven effective in Integrated Circuits (IC) security, particularly in Hardware Trojan (HT) detection. However, a model’s generalization potential depends on its ability to address distribution shifts (DS) in unseen data. Mitigating DS enhances a model’s adaptability to novel variations and threats within the dynamic realm of IC designs and HTs. We formulate HT detection as a DS problem, introducing DART, a novel Distribution-Aware HT detection framework, to enhance model generalization. Applying DART on state-of-the-art Graph Neural Network architecture yields up to 22.96% and 17.37% F1-score improvements for unseen IC designs diverging significantly from the training data.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9600-9609"},"PeriodicalIF":8.0,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145017198","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zheng Zhang;Jingfeng Xue;Weizhi Meng;Xu Qiao;Yuanzhang Li;Yu-an Tan
{"title":"FlashAttest: Self-Attestation for Low-End Internet of Things via Flash Devices","authors":"Zheng Zhang;Jingfeng Xue;Weizhi Meng;Xu Qiao;Yuanzhang Li;Yu-an Tan","doi":"10.1109/TIFS.2025.3607245","DOIUrl":"10.1109/TIFS.2025.3607245","url":null,"abstract":"Remote Attestation (RA) is an effective security service that allows a trusted party (verifier) to initiate the attestation routine on a potentially untrusted remote device (prover) to verify its correct state. Despite their usefulness, traditional challenge-response remote attestation protocols suffer from certain limitations, such as challenges in scaling attestation collection and the forced suspension of normal operation during attestation. Self-attestation tackles these issues by enabling the prover to measure its own state asynchronously with the verifier’s attestation request. Existing self-attestation methods rely on hybrid architectures to provide the required security properties, which may not be compatible with low-end Internet of Things (IoT) devices due to hardware limitations. In addition, these protocols currently lack formal verification of design correctness. In this paper, we present FlashAttest, a formally verified self-attestation protocol for low-end IoT devices. FlashAttest leverages the flash device to fulfill the security properties required by self-attestation, eliminating the requirement for hardware modifications. In particular, FlashAttest allows the prover to initiate the attestation routine and guarantee the trustworthiness of the results based on the verified software-based security architecture. By collaborating with the flash device during attestation to generate timestamped reports, FlashAttest enables the verifier to collect and verify the legitimacy of the attestation results. More importantly, FlashAttest achieves strong security guarantees supported by a formally verified design using the Tamarin prover. We implement and evaluate FlashAttest on MSP430 architecture, showing a reasonable overhead in terms of memory footprint, communication overhead, runtime and power consumption. Compared with state-of-the-art self-attestation schemes, our approach achieves similar runtime overhead, low energy consumption, and reasonable memory overhead while eliminating the need for hardware modifications. The results confirm the suitability of FlashAttest for low-end devices.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9685-9699"},"PeriodicalIF":8.0,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145017203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"ADDR: Anomaly Detection and Distortion Restoration for 3D Adversarial Point Cloud","authors":"Hao Wang;Jian Liu;Qiang Xu;Dong Wang;Kaiju Li","doi":"10.1109/TIFS.2025.3607243","DOIUrl":"10.1109/TIFS.2025.3607243","url":null,"abstract":"The growing adoption of 3D point cloud in applications like autonomous driving has heightened concerns about their vulnerability to adversarial attacks. Existing defense methods face two fundamental challenges: ineffective detection of imperceptible adversarial examples and poor restoration of severely distorted point cloud. In this paper, we present ADDR, an end-to-end defense framework that integrates Binary Geometric Feature Anomaly Detection (BGFAD) and Distorted point cloud Restoration (DPCR). BGFAD employs a dual threshold mechanism combining global distance statistics and local curvature analysis to detect both substantial and imperceptible adversarial perturbations. DPCR leverages attention enhanced feature encoding to reconstruct missing geometric structures while preserving semantic integrity through bidirectional Chamfer loss optimization. Our framework uniquely bridges traditional geometric priors with deep learning mechanisms, achieving attack-agnostic defense without classifier retraining. Extensive experiments on ModelNet40, ShapeNet and ScanObjectNN datasets demonstrate state-of-the-art performance, with about 12% higher robustness against structural attacks and <inline-formula> <tex-math>$6times $ </tex-math></inline-formula> better restoration fidelity than existing methods. ADDR maintains real-time processing capabilities while reducing adversarial success rates to <5%>https://github.com/whwh456/ADDR</uri>","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9776-9791"},"PeriodicalIF":8.0,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145017200","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}