EURASIP Journal on Information Security最新文献

{"title":"Access control for trusted data sharing","authors":"Maria Zubair, Maryam Sabzevari, Vikramajeet Khatri, Sasu Tarkoma, Kimmo Hätönen","doi":"10.1186/s13635-024-00178-z","DOIUrl":"https://doi.org/10.1186/s13635-024-00178-z","url":null,"abstract":"In the envisioned 6G landscape, data sharing is expected to become increasingly prevalent, giving rise to digital marketplaces that foster cooperation among organizations for collecting, sharing, and processing data for analysis. These marketplaces serve as connectors between data producers and consumers, empowering multi-tenancy scenarios for seamless and secure data sharing both within and outside organizations. Given that 6G networks promise ultra-low latency, enhanced connectivity, and massive data throughput, the need for robust data access control mechanisms becomes imperative. These mechanisms ensure security and trust among entities, particularly in multi-tenant environments where multiple organizations share infrastructure and data resources. In this paper, we have designed and implemented a novel access control mechanism tailored for a distributed data streaming system developed by Nokia Bell Labs. Our approach leverages fine-grained policies, dynamic enforcement, and transparency mechanisms to enhance trust between data owners and consumers. By facilitating secure multi-tenancy data sharing, our solution contributes to the seamless exchange of data across diverse entities within the next-generation communication ecosystem. We demonstrate that our proposed access control mechanism incurs minimal overhead while ensuring data confidentiality and integrity. The introduction of such advancements in data sharing markets strengthens the overall ecosystem by providing heightened transparency and enhanced control over data, promoting collaboration and innovation in the 6G era.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142188452","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DQ-NN and phantom routing for enhanced source location privacy for IoT under multiple source and destination","authors":"Arpitha T., Dharamendra Chouhan, Shreyas J.","doi":"10.1186/s13635-024-00176-1","DOIUrl":"https://doi.org/10.1186/s13635-024-00176-1","url":null,"abstract":"The Internet of Things (IoT) is now an essential component of our day-to-day lives. In any case, the association of various devices presents numerous security challenges in IoT. In some cases, ubiquitous data or traffic may be collected by certain smart devices which threatens the privacy of a source node location. To address this issue, a hybrid DL technique named Deep Q Learning Neural network (DQ-NN) is proposed for the Source Location Privacy (SLP) in IoT networks based on phantom routing. Here, an IoT network with multiple sources and destinations is considered first, and then the phantom node is chosen by analyzing neighbor list, energy, distance, and trust heterogeneity parameters. After that, multiple routes are created from the source node to the sink node via the phantom node. Finally, path selection is performed by the proposed DQ-NN. Moreover, DQ-NN is obtained by merging the Deep Q Learning Network (DQN) and Deep Neural Network (DNN). A simulation environment consisting of 150 nodes is created to study the effectiveness of performance and scalability. The proposed novel DQ-NN outperforms other existing algorithms, by recording a high network lifetime is 111.912, a safety period of 664970.7 m, an energy is 0.034 J, and a distance is 56.594 m.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142188453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Trajectory-aware privacy-preserving method with local differential privacy in crowdsourcing","authors":"Yingcong Hong, Junyi Li, Yaping Lin, Qiao Hu, Xiehua Li","doi":"10.1186/s13635-024-00177-0","DOIUrl":"https://doi.org/10.1186/s13635-024-00177-0","url":null,"abstract":"In spatial crowdsourcing services, the trajectories of the workers are sent to a central server to provide more personalized services. However, for the honest-but-curious servers, it also poses a challenge in terms of potential privacy leakage of the workers. Local differential privacy (LDP) is currently the latest technique to protect data privacy. However, most of LDP-based schemes have limitations in providing good utility due to extensive noise in perturbing trajectories. In this work, to balance the privacy and utility, we propose a novel pattern-aware privacy protection method called trajectory-aware privacy-preserving with local differential privacy (TALDP). The key idea is that, rather than applying the same degree of perturbation to all location points, we employ adaptive privacy budget allocation, assigning varied privacy budgets to individual location points, thereby mitigating the perturbation’s impact and enhancing overall utility. Meanwhile, to ensure the privacy, we give the different perturbing points to different privacy budgets according to their important degree for the patterns of the trajectories. In particular, we use Karman filter method to select the important location points and decide their privacy budgets. We conduct extensive experiments on three real datasets. The results show that our approach improves the utility over many other current methods while still provide good the privacy protection.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142188454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing internet of things security using entropy-informed RF-DNA fingerprint learning from Gabor-based images","authors":"Mohamed A. Taha, Mohamed M. K. Fadul, Joshua H. Tyler, Donald R. Reising, T. Daniel Loveless","doi":"10.1186/s13635-024-00175-2","DOIUrl":"https://doi.org/10.1186/s13635-024-00175-2","url":null,"abstract":"Internet of Things (IoT) deployments are anticipated to reach 29.42 billion by the end of 2030 at an average growth rate of 16% over the next 6 years. These deployments represent an overall growth of 201.4% in operational IoT devices from 2020 to 2030. This growth is alarming because IoT devices have permeated all aspects of our daily lives, and most lack adequate security. IoT-connected systems and infrastructures can be secured using device identification and authentication, two effective identity-based access control mechanisms. Physical Layer Security (PLS) is an alternative or augmentation to cryptographic and other higher-layer security schemes often used for device identification and authentication. PLS does not compromise spectral and energy efficiency or reduce throughput. Specific Emitter Identification (SEI) is a PLS scheme capable of uniquely identifying senders by passively learning emitter-specific features unintentionally imparted on the signals during their formation and transmission by the sender’s radio frequency (RF) front end. This work focuses on image-based SEI because it produces deep learning (DL) models that are less sensitive to external factors and better generalize to different operating conditions. More specifically, this work focuses on reducing the computational cost and memory requirements of image-based SEI with little to no reduction in performance by selecting the most informative portions of each image using entropy. These image portions or tiles reduce memory storage requirements by 92.8% and the DL training time by 81% while achieving an average percent correct classification performance of 91% and higher for SNR values of 15 dB and higher with individual emitter performance no lower than 87.7% at the same SNR. Compared with another state-of-the-art time-frequency (TF)-based SEI approach, our approach results in superior performance for all investigated signal-to-noise ratio conditions, the largest improvement being 21.7% at 9 dB and requires 43% less data.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-08-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142188455","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cover-source mismatch in steganalysis: systematic review","authors":"Antoine Mallet, Martin Beneš, Rémi Cogranne","doi":"10.1186/s13635-024-00171-6","DOIUrl":"https://doi.org/10.1186/s13635-024-00171-6","url":null,"abstract":"Operational steganalysis contends with a major problem referred to as the cover-source mismatch (CSM), which is essentially a difference in distribution caused by different parameters and settings over training and test data. Despite it being of fundamental importance in an operational context, the CSM problem is often overlooked in the literature. With the goal to increase the visibility of this problem and attract the interest of the community, the present paper proposes a systematic review of the literature. It summarizes gathered knowledge and major open questions over the last 20 years of active research on CSM: terminology, methods of measurement, known causes, and mitigation strategies. Over 100 papers exploring, mitigating, assessing, or discussing steganalysis under train-test mismatch were collected by sampling scholar databases, and tracing references, cited and generated. For image steganalysis, the literature provided enough evidence to quantify the impact of causes, and the effectiveness of mitigation strategies.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141946545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"HyperWallet: cryptocurrency wallet as a secure hypervisor-based application","authors":"Nezer Jacob Zaidenberg, Michael Kiperberg","doi":"10.1186/s13635-024-00159-2","DOIUrl":"https://doi.org/10.1186/s13635-024-00159-2","url":null,"abstract":"We present VirtSecIO, a hypervisor-based platform for executing secure modules. VirtSecIO provides the modules with secure paths to peripheral devices, which can be shared between the modules and the operating system. Moreover, VirtSecIO is a thin hypervisor with a negligible performance overhead and a minimal attack surface. We demonstrate VirtSecIO’s abilities by developing HyperWallet, a secure module that acts as a hardware crypto-wallet, without requiring any dedicated hardware.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141969693","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reversible anonymization for privacy of facial biometrics via cyclic learning","authors":"Shuying Xu, Ching-Chun Chang, Huy H. Nguyen, Isao Echizen","doi":"10.1186/s13635-024-00174-3","DOIUrl":"https://doi.org/10.1186/s13635-024-00174-3","url":null,"abstract":"Facial recognition systems have emerged as indispensable components in identity verification. These systems heavily rely on facial data, which is stored in a biometric database. However, storing such data in a database raises concerns about privacy breaches. To address this issue, several technologies have been proposed for protecting facial biometrics. Unfortunately, many of these methods can cause irreversible damage to the data, rendering it unusable for other purposes. In this paper, we propose a novel reversible anonymization scheme for face images via cyclic learning. In our scheme, face images can be de-identified for privacy protection and reidentified when necessary. To achieve this, we employ generative adversarial networks with a cycle consistency loss function to learn the bidirectional transformation between the de-identified and re-identified domains. Experimental results demonstrate that our scheme performs well in terms of both de-identification and reidentification. Furthermore, a security analysis validates the effectiveness of our system in mitigating potential attacks.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141969840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Performance comparison of quantum-safe multivariate polynomial public key encapsulation algorithm","authors":"Randy Kuang, Maria Perepechaenko, Ryan Toth, Michel Barbeau","doi":"10.1186/s13635-024-00170-7","DOIUrl":"https://doi.org/10.1186/s13635-024-00170-7","url":null,"abstract":"A novel quantum-safe key encapsulation algorithm, called Multivariate Polynomial Public Key (MPPK), was recently proposed by Kuang, Perepechaenko, and Barbeau. Security of the MPPK key encapsulation mechanism does not rely on the prime factorization or discrete logarithm problems. It builds upon the NP-completeness of the modular Diophantine equation problem, for which there are no known efficient classical or quantum algorithms. Hence, it is resistant to known quantum computing attacks. The private key of MPPK comprises a pair of multivariate polynomials. In a companion paper, we analyzed the performance of MPPK when these polynomials are quadratic. The analysis highlighted the MPPK high decapsulation time. We found that, while maintaining the security strength, the polynomials can be linear. Considerable performance gains are obtained for the decapsulation process. In this article, we benchmark the linear case and compare the results with the previous quadratic case.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141568039","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Errorless robust JPEG steganography using steganographic polar codes","authors":"Jimin Zhang, Xiaolei He, Yun Cao","doi":"10.1186/s13635-024-00173-4","DOIUrl":"https://doi.org/10.1186/s13635-024-00173-4","url":null,"abstract":"Recently, a robust steganographic algorithm that achieves errorless robustness against JPEG recompression has been proposed. The method employs a lattice embedding scheme and utilizes the syndrome-trellis code (STC) for practical embedding. However, we have noticed that errorless robust embedding with STC may encounter failures due to modifications on wet coefficients, especially when a high quality factor is used by the compression channel. To solve this problem, we have discovered that using steganographic polar code (SPC) for embedding has better performance in avoiding modifications on wet coefficients. In this paper, we conduct theoretical analysis to prove the better performance of SPC in wet paper embedding. We establish the condition of avoiding modifications on wet coefficients, followed by presenting a recursive calculation method for determining the distribution of columns in the generator matrix of SPC. The findings reveal that SPC can avoid modifications on wet coefficients under a larger number of wet coefficients compared with STC, and therefore we propose a better errorless robust embedding method employing SPC. The experimental results demonstrate that under close security performance, the proposed method achieves a higher success rate compared with embedding with STC. Specifically, when the quality factor of the compressor is 95 and the payload size is 0.4 bpnzac, our method achieves a success rate of 99.85%, surpassing the 91.95% success rate of the embedding with STC.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141546663","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Mining digital identity insights: patent analysis using NLP","authors":"Matthew Comb, Andrew Martin","doi":"10.1186/s13635-024-00172-5","DOIUrl":"https://doi.org/10.1186/s13635-024-00172-5","url":null,"abstract":"The field of digital identity innovation has grown significantly over the last 30 years, with over 6000 technology patents registered worldwide. However, many questions remain about who controls and owns our digital identity and intellectual property and, ultimately, where the future of digital identity is heading. To investigate this further, this research mines digital identity patents and explores core themes such as identity, systems, privacy, security, and emerging fields like blockchain, financial transactions, and biometric technologies, utilizing natural language processing (NLP) methods including part-of-speech (POS) tagging, clustering, topic classification, noise reduction, and lemmatisation techniques. Finally, the research employs graph modelling and statistical analysis to discern inherent trends and forecast future developments. The findings significantly contribute to the digital identity landscape, identifying key players, emerging trends, and technological progress. This research serves as a valuable resource for academia and industry stakeholders, aiding in strategic decision-making and investment in emerging technologies and facilitating navigation through the dynamic realm of digital identity technologies.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141546664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}