Haihua Zhu , Yu Cheng , Xiuli Song , Yunlong Zhou , Fan Liu , Zigang Chen
{"title":"Enhancing transparency and traceability in complex supply chains: Fine-grained access control, accuracy evaluation, and secure storage","authors":"Haihua Zhu , Yu Cheng , Xiuli Song , Yunlong Zhou , Fan Liu , Zigang Chen","doi":"10.1016/j.jisa.2025.104169","DOIUrl":"10.1016/j.jisa.2025.104169","url":null,"abstract":"<div><div>With the growing public awareness of product safety, the demand for supply chain traceability and transparency has significantly increased. Ensuring product information traceability while enhancing transparency and fostering information sharing across all stages of the supply chain remains a critical challenge. To address this, we propose a transparency and traceability enhancement scheme for complex supply chains. To ensure data confidentiality, the scheme employs a hierarchical encryption mechanism for secure data sharing. A multi-party evaluation mechanism is introduced to assess the accuracy of uploaded information, preventing unreliable data from compromising overall trust. Additionally, to overcome issues such as decentralized data storage, difficult access, and low sharing efficiency, we integrate the InterPlanetary File System (IPFS) to improve data redundancy and mitigate single points of failure. A hybrid on-chain and off-chain storage approach is adopted for efficient data sharing. To further strengthen access control, we implement Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to enable fine-grained access control, ensuring that only authorized users can access the data. We validate our scheme on the Hyperledger Fabric platform and conduct performance evaluations using Hyperledger Caliper. Experimental results demonstrate that our scheme excels in traceability, privacy protection, and fine-grained access control, while maintaining high generalizability and scalability.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104169"},"PeriodicalIF":3.8,"publicationDate":"2025-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144713465","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Li Li , Xinpeng Zhang , Guorui Feng , Zichi Wang , Deyang Wu , Hanzhou Wu
{"title":"Robust watermarking for diffusion models based on STDM and latent space fine-tuning","authors":"Li Li , Xinpeng Zhang , Guorui Feng , Zichi Wang , Deyang Wu , Hanzhou Wu","doi":"10.1016/j.jisa.2025.104167","DOIUrl":"10.1016/j.jisa.2025.104167","url":null,"abstract":"<div><div>Diffusion models (DMs) have demonstrated remarkable capabilities in generating high-quality images, but their potential for disseminating harmful misinformation raises significant concerns. Although reversible watermarking techniques can trace AI-generated images to their source models by embedding watermarks in the latent space, existing methods suffer from two critical drawbacks: (i) limited embedding capacity hinders unique model identification, and (ii) information loss during latent-space re-encoding compromises robustness, exacerbating the inherent trade-off between capacity and robustness. To address these limitations, we propose a novel watermarking framework based on Spread Transform Dither Modulation (STDM) that embeds watermarks into intermediate latent vectors during the diffusion process. Our approach operates in three key steps: (i) executing the standard diffusion process to obtain an intermediate latent vector, (ii) embedding watermarks into the mid-frequency DCT coefficients of this vector using ring-shaped STDM modulation, and (iii) completing the diffusion process to generate the final watermarked image. For watermark extraction, we employ a finely tuned VAE encoder to map the image back to latent space, followed by DDIM inversion and STDM-based extraction. Furthermore, we introduce a joint fine-tuning strategy that optimizes both the encoder and decoder of the diffusion model using watermarked latent vectors, significantly enhancing robustness. Experimental results demonstrate that our method achieves a maximum watermark embedding capacity of 256 bits while maintaining a high extraction accuracy of 98%. The proposed approach exhibits remarkable robustness against various attacks, with significant improvements over baseline methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104167"},"PeriodicalIF":3.8,"publicationDate":"2025-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144713464","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"GHR-Optimizer: An ensemble-based feature selection approach for classifying android malware","authors":"Parnika Bhat, Ajay K. Sharma, Geeta Sikka","doi":"10.1016/j.jisa.2025.104165","DOIUrl":"10.1016/j.jisa.2025.104165","url":null,"abstract":"<div><div>This study delves into advanced feature selection methodologies for enhancing Android malware classification. GHR-Optimizer is introduced as an innovative feature selection approach combining Grey Wolf Optimization, Hill Climbing, and Random Forest Classifier method. The approach selects features from a hybrid dataset and is evaluated across machine learning, deep learning, and ensemble frameworks. A detailed comparative analysis is conducted, contrasting GHR-Optimizer with static and dynamic feature sets as well as traditional filter and wrapper-based methods. The implementation of the GHR method demonstrated superior performance, particularly when evaluated with diverse datasets such as KronoDroid, which achieved exceptional accuracy and balance in classification metrics. When integrated with the Random Forest classifier, the GHR-Optimizer achieves an accuracy of 98.40%. These findings underscore GHR-Optimizer’s superior performance in boosting classification accuracy and robustness, highlighting its pivotal role in advancing feature selection strategies within the domain.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104165"},"PeriodicalIF":3.8,"publicationDate":"2025-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144703096","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A methodology for the experimental performance evaluation of Access Control enforcement mechanisms based on business processes","authors":"Stefano Berlato , Roberto Carbone , Silvio Ranise","doi":"10.1016/j.jisa.2025.104158","DOIUrl":"10.1016/j.jisa.2025.104158","url":null,"abstract":"<div><div>While the security analysis of Access Control (AC) policies has received a lot of attention, the same cannot be said for their enforcement. As applications become more distributed, centralized services a bottleneck, and legal compliance constraints stricter (e.g., the problem of honest but curious Cloud providers in the light of privacy regulations), the fine-tuning of AC enforcement mechanisms is likely to become more and more important. This is especially true in scenarios where the quality of service may suffer from computationally heavy security mechanisms and low latency is a prominent requirement. As a first step towards a principled approach to fine-tune AC enforcement mechanisms, this paper introduces a methodology providing the means to measure the performance of such mechanisms through the simulation of realistic scenarios. To do so, we base our methodology on Business Process Model and Notation (BPMN) workflows — that provide for an appropriate abstraction of the sequences of requests (e.g., access a resource, revoke a permission) sent toward AC enforcement mechanisms — to evaluate and compare the performance of different mechanisms. We implement our methodology and use it to evaluate three AC enforcement mechanisms representative of both traditional centralized — i.e., the Open Policy Agent (OPA) and the eXtensible Access Control Markup Language (XACML) — and decentralized AC — i.e., the <span>CryptoAC</span> tool.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104158"},"PeriodicalIF":3.8,"publicationDate":"2025-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144703095","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Robust watermarking based on optimal synchronization signal","authors":"Shaowu Wu , Yimao Guo , Liting Zeng , Xiaolin Yin , Wei Lu","doi":"10.1016/j.jisa.2025.104168","DOIUrl":"10.1016/j.jisa.2025.104168","url":null,"abstract":"<div><div>Watermark synchronization is the key to the success of watermark extraction. In this paper, a new robust watermarking method based on optimal synchronization signal is proposed. Firstly, a new image block order and watermark embedding order are introduced. Based on this, the optimal synchronization signal is analyzed by using Markov chain, and the conditions and probabilities of the synchronization signal detection are given. Then, the watermark is embedded into the third singular value and the subsequent singular values in DWT-SVD domain, which can balance the visual quality and robustness. In watermark extraction, the geometric attack parameters are first estimated by using the synchronization signal and a similarity function. Then, the watermarked image is restored and performed to extract the watermark by relative relation between singular values. The experimental results show that the proposed watermarking method achieves excellent robustness to both image processing attacks and geometric distortion attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104168"},"PeriodicalIF":3.8,"publicationDate":"2025-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144685743","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"MedBioCh: Advancing security and privacy in digital healthcare with revocable biometric systems and blockchain","authors":"Yacine Belhocine , Abdallah Meraoumia , Hakim Bendjenna , Lakhdar Laimeche , Wojdan BinSaeedan , Waad Alhoshan , Mohamed Gasmi","doi":"10.1016/j.jisa.2025.104170","DOIUrl":"10.1016/j.jisa.2025.104170","url":null,"abstract":"<div><div>The digitization of healthcare has enhanced efficiency, accessibility, and patient management but has also raised critical concerns regarding data security, privacy, and system reliability. As digital services expand, ensuring secure identity management and protecting sensitive health data from cyber threats has become paramount. Traditional centralized health systems remain vulnerable to data breaches, single points of failure, and identity theft, highlighting the need for more resilient solutions. To address these challenges, we propose <strong>MedBioCh</strong>, a <strong>Med</strong>ical Access Control System Based on <strong>Bio</strong>metrics and Block<strong>Ch</strong>ain. MedBioCh system leverages blockchain technology and the InterPlanetary File System (IPFS) for tamper-resistant storage and decentralized data management. It integrates biometric authentication for secure access control, ensuring privacy and identity protection. The proposed system relies on a fully secured biometric architecture through an innovative method for extracting revocable biometric features, based on Gabor filters and chaotic systems. This approach enhances the protection of biometric templates, prevents identity theft and unauthorized access, while maintaining system flexibility and adaptability. The chaotic system parameters are optimized to ensure accurate feature analysis, with attention directed toward the most distinctive traits, thereby improving authentication reliability and robustness. The effectiveness of the MedBioCh system was validated using a standard biometric dataset and implemented on the Ethereum blockchain. Experimental results show that MedBioCh system significantly improves security, fault tolerance, and scalability, mitigating the risks associated with traditional digital health systems. These improvements position MedBioCh system as a practical and effective solution for critical multi-stakeholder sectors such as healthcare, finance, and government, where data protection and integrity are of utmost importance.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104170"},"PeriodicalIF":3.8,"publicationDate":"2025-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144685742","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"An optimized reinforcement learning based MTD mutation strategy for securing edge IoT against DDoS attack","authors":"Amir Javadpour , Forough Ja’fari , Chafika Benzaïd , Tarik Taleb","doi":"10.1016/j.jisa.2025.104138","DOIUrl":"10.1016/j.jisa.2025.104138","url":null,"abstract":"<div><div>Distributed Denial of Service (DDoS) attacks are among the most destructive and challenging threats to mitigate for computer networks, particularly in edge IoT environments. Moving Target Defense (MTD) is a promising security mechanism that undermines the adversary’s gathered information by dynamically altering the attack surface. A selection of network nodes is chosen for mutation, and these changes hinder the adversary from achieving their objectives. However, identifying the optimal set of nodes for effectively and efficiently mitigating a DDoS attack remains a significant challenge. Existing MTD approaches have only considered a single factor—either the node’s vulnerability level or connectivity—and often lack generality and scalability for real-world IoT implementations. In this paper, we propose an enhanced MTD approach called CVbMA (Connection- and Vulnerability-based MTD Approach) that jointly considers both the vulnerability levels and connection weights of nodes to inform mutation strategies. To ensure practical applicability and adaptability, we develop a cost-aware Reinforcement Learning (RL) framework that incorporates explicit mutation costs into the reward function and utilizes neural ranking and model compression for scalability. Extensive evaluations are conducted using both Mininet-based simulations and a physical IoT testbed with real attack traces and heterogeneous devices. Comprehensive benchmarking and ablation studies against state-of-the-art MTD baselines demonstrate that the proposed framework significantly reduces the adversary’s success rate and incidents of server crashes, while maintaining low overhead and achieving high adaptivity. A detailed analysis of real-world deployments highlights the robustness of systems under operational constraints, including fluctuating latency, hardware diversity, and asynchronous events. Limitations and future enhancements, including topology-aware RL, adaptive mutation scheduling, and continuous model updates, are discussed. The results affirm the practical, scalable, and robust potential of cost-sensitive RL-based MTD for next-generation IoT security.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104138"},"PeriodicalIF":3.8,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144672310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ye Su , Lili Li , Yongxiang Liu , Yushu Zhang , Yichen Ye , Xiao Jiang , Zhuang Chen , Yiyuan Xie
{"title":"A novel scheme to encrypting autonomous driving scene point clouds based on optical chaos","authors":"Ye Su , Lili Li , Yongxiang Liu , Yushu Zhang , Yichen Ye , Xiao Jiang , Zhuang Chen , Yiyuan Xie","doi":"10.1016/j.jisa.2025.104166","DOIUrl":"10.1016/j.jisa.2025.104166","url":null,"abstract":"<div><div>The widespread adoption of 3D point cloud technology in autonomous driving has raised concerns about the potential leakage of private information among Internet of Vehicles (IoV) users, especially when data is exchanged between vehicles without adequate protection. This paper introduces a novel encryption and decryption scheme for 3D point cloud data, designed to address security and privacy concerns in autonomous driving environments. The optical system, based on vertical-cavity surface-emitting lasers (VCSELs), is configured to generate optical chaos, which is then applied to the permutation and diffusion of 3D point clouds. In the case study, 3D point cloud images from the KITTI dataset are encrypted and decrypted, and the three classes of objects — cars, cyclists, and pedestrians — are detected in the original, encrypted, and decrypted datasets using the Point-Voxel Region Convolutional Neural Network (PV-RCNN). The mean average precision (mAP) for the encrypted dataset is nearly zero, indicating that the 3D point cloud objects cannot be detected. In contrast, the mAP for the decrypted dataset closely matches that of the original dataset, demonstrating the effectiveness and feasibility of the proposed privacy protection scheme. Additionally, a detailed security analysis of the geometric features in 3D point clouds confirms that the scheme provides robust security and privacy protection for the scene information in 3D point cloud images.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104166"},"PeriodicalIF":3.8,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144672189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Suriya U-ruekolan, Manot Rattananen, Jukkrapong Ponharn, Naiyana Sahavechaphan
{"title":"Enforcing data access control and privacy: The graph-driven data regulatory approach","authors":"Suriya U-ruekolan, Manot Rattananen, Jukkrapong Ponharn, Naiyana Sahavechaphan","doi":"10.1016/j.jisa.2025.104163","DOIUrl":"10.1016/j.jisa.2025.104163","url":null,"abstract":"<div><div>Comprehensive data-driven systems require the integration of various access control and privacy patterns to address the diverse needs of subjects. However, existing approaches often struggle to simultaneously support precise access control, privacy preservation, and efficient policy maintenance. This paper presents G2D (Graph to Data), a novel technique that employs a Data Regulatory Graph (DRG) to dynamically generate data authorization statements tailored to specific subjects. G2D unifies access control and privacy by producing authorized SQL queries and specifying necessary data transformations for sensitive fields. Experimental results demonstrate that G2D incurs minimal execution overhead, simplifies policy updates, and effectively balances system performance with data protection, even under high concurrency. These findings highlight G2D’s potential to support scalable, privacy-aware data access in complex environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104163"},"PeriodicalIF":3.8,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144672188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ke Li , Xinrong Sun , Yunting Tao , Fanyu Kong , Guoqiang Yang , Chunpeng Ge , Qiuliang Xu
{"title":"Efficient privacy-preserving outsourcing of imbalanced clustering in cloud computing","authors":"Ke Li , Xinrong Sun , Yunting Tao , Fanyu Kong , Guoqiang Yang , Chunpeng Ge , Qiuliang Xu","doi":"10.1016/j.jisa.2025.104155","DOIUrl":"10.1016/j.jisa.2025.104155","url":null,"abstract":"<div><div>Imbalanced clustering algorithm plays a vital role in fields, such as fault detection in finance, network security and medical diagnosis. The Imbalanced Clustering with Theoretical Learning Bounds (ICTLB) algorithm is a novel imbalanced clustering algorithm but could incur high computational costs due to extensive matrix operations, making it less practical for resource-limited devices. Outsourcing computations to cloud servers can alleviate client burdens but need to solve data privacy issues and result verification problem. In this paper, we propose an efficient, secure, and verifiable outsourcing scheme for the ICTLB imbalanced clustering algorithm. We design a novel encryption method based on sparse matrices and random permutations, which effectively protects the privacy of the input data while ensuring minimal computational overhead on the client side. Our scheme also integrates a robust verification mechanism, allowing the client to validate the correctness of results returned by the cloud server. Experiments show that the proposed scheme can improve efficiency by 28.88% to 52.48% comparable to the original ICTLB algorithm across various datasets.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104155"},"PeriodicalIF":3.8,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144655086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}