Journal of Information Security and Applications最新文献

Secure outsourced decryption for FHE-based privacy-preserving cloud computing 基于 FHE 的隐私保护云计算的安全外包解密

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-10-16 DOI: 10.1016/j.jisa.2024.103893

{"title":"Secure outsourced decryption for FHE-based privacy-preserving cloud computing","authors":"","doi":"10.1016/j.jisa.2024.103893","DOIUrl":"10.1016/j.jisa.2024.103893","url":null,"abstract":"<div><div>The demand for processing vast volumes of data has surged dramatically due to the advancement of machine learning technology. Large-scale data processing necessitates substantial computational resources, prompting individuals and enterprises to turn to cloud services. Accompanying this trend is a growing concern regarding data leakage and misuse. Homomorphic encryption (HE) is one solution for safeguarding data privacy, enabling encrypted data to be processed securely in the cloud. However, the encryption and decryption routines of some HE schemes require considerable computational resources, presenting non-trivial work for clients. In this paper, we propose an outsourced decryption protocol for the prevailing RLWE-based fully homomorphic encryption schemes. The protocol splits the original decryption into two routines, with the computationally intensive part executed remotely by the cloud. Its security relies on an invariant of the NTRU-search problem with a newly designed blinding key distribution. Cryptographic analyses are conducted to configure protocol parameters across varying security levels. Our experiments demonstrate that the proposed protocol achieves up to a 67% acceleration in the client-side computation, accompanied by a 50% reduction in space usage.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142446976","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

On the atout ticket learning problem for neural networks and its application in securing federated learning exchanges 论神经网络的出票学习问题及其在保障联合学习交流中的应用

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-10-09 DOI: 10.1016/j.jisa.2024.103891

{"title":"On the atout ticket learning problem for neural networks and its application in securing federated learning exchanges","authors":"","doi":"10.1016/j.jisa.2024.103891","DOIUrl":"10.1016/j.jisa.2024.103891","url":null,"abstract":"<div><div>Artificial Neural Networks (ANNs) have become the backbone of many real-world applications, including distributed applications relying on Federated Learning (FL). However, several vulnerabilities/attacks have emerged in recent years, affecting the benefits of using ANNs in FL, such as reconstruction attacks and membership inference attacks. These attacks can have severe impacts on both the societal and professional levels. For instance, inferring the presence of a patient’s private health record in a medical study or a clinic database violates the patient’s privacy and can have legal or ethical consequences. Therefore, protecting the data and model from malicious attacks in FL systems is important. This paper introduces the Atout Ticket Learning (ATL) problem. This new problem consists of identifying sensitive parameters (atout tickets) of a neural network model, which, if modified, will increase the model’s loss by at least a given threshold <span><math><mi>ϵ</mi></math></span>. First, we formulate ATL as an <span><math><msub><mrow><mi>ℓ</mi></mrow><mrow><mn>0</mn></mrow></msub></math></span>-norm minimization problem, and we derive a lower bound on the number of atout tickets needed to achieve a model degradation of <span><math><mi>ϵ</mi></math></span>. Second, we design the Atout Ticket Protocol (ATP) as an effective solution for privacy-preserving in FL systems using atout tickets, along with the benefit of noise perturbations and secure aggregation techniques. Finally, we experiment ATP against FL reconstruction attacks using new selection strategies, namely Inverting Gradients, Deep Leakage, and Improved Deep Leakage. The results show that ATP is highly robust against these attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142423990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An authentication scheme for color images with grayscale invariance and recoverability using image demosaicing 利用图像去马赛克技术实现具有灰度不变性和可恢复性的彩色图像认证方案

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-10-09 DOI: 10.1016/j.jisa.2024.103886

引用次数: 0

Cryptanalysis of Cancelable Biometrics Vault 可取消生物识别保险箱的密码分析

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-09-24 DOI: 10.1016/j.jisa.2024.103883

{"title":"Cryptanalysis of Cancelable Biometrics Vault","authors":"","doi":"10.1016/j.jisa.2024.103883","DOIUrl":"10.1016/j.jisa.2024.103883","url":null,"abstract":"<div><div>Cancelable Biometrics (CB) stands for a range of biometric transformation schemes combining biometrics with user specific tokens to generate secure templates. Required properties are the irreversibility, unlikability and recognition accuracy of templates while making their revocation possible. In biometrics, a key-binding scheme is used for protecting a cryptographic key using a biometric data. The key can be recomputed only if a correct biometric data is acquired during authentication. Applications of key-binding schemes are typically disk encryption, where the cryptographic key is used to encrypt and decrypt the disk. In this paper, we cryptanalyze a recent key-binding scheme, called Cancelable Biometrics Vault (CBV) based on cancelable biometrics. More precisely, the introduced cancelable transformation, called BioEncoding scheme, for instantiating the CBV framework is attacked in terms of reversibility and linkability of templates. Subsequently, our linkability attack enables to recover the key in the vault without additional assumptions. Our cryptanalysis introduces a new perspective by uncovering the CBV scheme’s revocability and linkability vulnerabilities, which were not previously identified in comparable biometric-based key-binding schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142314916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Fine-grained encrypted data aggregation mechanism with fault tolerance in edge-assisted smart grids 边缘辅助智能电网中具有容错功能的细粒度加密数据聚合机制

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-09-23 DOI: 10.1016/j.jisa.2024.103888

{"title":"Fine-grained encrypted data aggregation mechanism with fault tolerance in edge-assisted smart grids","authors":"","doi":"10.1016/j.jisa.2024.103888","DOIUrl":"10.1016/j.jisa.2024.103888","url":null,"abstract":"<div><div>Encrypted data aggregation can effectively achieve the preservation of users’ privacy by aggregating electricity consumption data from multiple-source smart meters, and simultaneously reduce the transmission communication overhead in smart grids. Although encryption operations ensure data confidentiality, as smart meters are resource-constrained devices, compromised private key leakage could likewise threaten users’ privacy. In this paper, we devise the fine-grained encrypted data aggregation mechanism with fault tolerance by modifying the Lifted EC-ElGamal encryption and symmetric homomorphic encryption, which could guarantee data confidentiality, even if corresponding private key is leaked. In the mechanism, edge server is integrated in smart grids to receive encrypted multidimensional electricity consumption data sent by smart meters, execute integrity checking, generate and forward corresponding verified aggregated data reports to the control center. To ensure the robustness of smart grids due to network interruption or data packet loss from smart meters to the edge server, we exploit the Shamir secret sharing technique to achieve transmission fault tolerance. Besides, dynamic subset adjustment could be utilized in the mechanism, enabling the control center to dynamically adjust users’ multidimensional electricity consumption data collection strategy according to the actual situation. We conduct security analysis and performance evaluation demonstrating the feasibility of the mechanism in the secure deployment of edge-assisted smart grids.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142312570","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhancing privacy-preserving machine learning with self-learnable activation functions in fully homomorphic encryption 在全同态加密中利用可自学习的激活函数加强隐私保护机器学习

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-09-23 DOI: 10.1016/j.jisa.2024.103887

{"title":"Enhancing privacy-preserving machine learning with self-learnable activation functions in fully homomorphic encryption","authors":"","doi":"10.1016/j.jisa.2024.103887","DOIUrl":"10.1016/j.jisa.2024.103887","url":null,"abstract":"<div><div>In the field of artificial intelligence and data engineering, the effective utilization of data is critical for improving productivity across various sectors. As machine learning increasingly relies on sensitive data, balancing privacy with computational efficiency has become a major challenge. Homomorphic encryption provides a promising solution by enabling computation on encrypted data while preserving privacy in machine learning. However, its integration with neural networks is hindered by high computational demands and limitations in performing complex nonlinear operations. To address these challenges, we propose a novel approach that incorporates a ”Self-Learnable Activation Function” (SLAF) and refines the structure of neural network linear layers. These enhancements are designed to accommodate the constraints of homomorphic encryption, allowing for deeper network architectures without significant computational overhead.</div><div>Our optimized neural network model, tailored for biometric authentication tasks, outperforms traditional methods that use simple polynomial activation functions. Using the UTKFace dataset, which includes facial features under diverse scenarios, we validated the effectiveness of our solution in real-world applications. Experimental results demonstrate accuracy improvements of 0.88% to 3.15% over traditional models and 4.87% to 9.67% over the CryptoNets model, underscoring the capability of our approach to meet stringent privacy-preserving biometric authentication requirements.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142312571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

HierFedPDP:Hierarchical federated learning with personalized differential privacy HierFedPDP：具有个性化差异隐私的分层联合学习

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-09-18 DOI: 10.1016/j.jisa.2024.103890

{"title":"HierFedPDP:Hierarchical federated learning with personalized differential privacy","authors":"","doi":"10.1016/j.jisa.2024.103890","DOIUrl":"10.1016/j.jisa.2024.103890","url":null,"abstract":"<div><p>Federated Learning (FL) is an innovative approach that enables multiple parties to collaboratively train a machine learning model while keeping their data private. This method significantly enhances data security as it avoids sharing raw data among participants. However, a critical challenge in FL is the potential leakage of sensitive information through shared model updates. To address this, differential privacy techniques, which add random noise to data or model updates, are used to safeguard individual data points from being inferred. Traditional approaches to differential privacy typically utilize a fixed privacy budget, which may not account for the varying sensitivity of data, potentially affecting model accuracy. To overcome these limitations, we introduce HierFedPDP, a new FL framework that optimizes data privacy and model performance. HierFedPDP employs a three-tier client–edge–cloud architecture, maximizing the use of edge computing to alleviate the computational load on the central server. At the core of HierFedPDP is a personalized local differential privacy mechanism that tailors privacy settings based on data sensitivity, thereby enhancing data protection while maintaining high utility. Our framework not only fortifies privacy but also improves model accuracy. Specifically, experiments on the MNIST dataset show that HierFedPDP outperforms existing models, increasing accuracy by 0.84% to 2.36%, and CIFAR-10 has also achieved effective improvements. This research advances the capabilities of FL in protecting data privacy and provides valuable insights for designing more efficient distributed learning systems.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142243778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhanced Fourier–Mellin domain watermarking for social networking platforms 针对社交网络平台的增强型傅立叶-梅林域水印技术

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-09-17 DOI: 10.1016/j.jisa.2024.103884

{"title":"Enhanced Fourier–Mellin domain watermarking for social networking platforms","authors":"","doi":"10.1016/j.jisa.2024.103884","DOIUrl":"10.1016/j.jisa.2024.103884","url":null,"abstract":"<div><p>Robustness to common hybrid distortions is a crucial requirement for effective watermarking, particularly on social networking platforms (SNPs). Images on SNPs undergo complex attacks initiated by both platforms and users, involving diverse distortion operations. However, there are few image watermarking schemes designed to handle such hybrid attacks effectively. Existing schemes, especially those based on the Fourier-Mellin domain, often struggle due to their susceptibility to single attacks. For instance, the ring watermark structure in the frequency domain is prone to distortion, leading to difficulties in mapping watermark information and causing streak diffraction phenomena in the image. Additionally, these schemes lack robustness against large-size image downsampling and image flipping attacks on SNPs. To address these limitations, this paper introduces an enhanced robust watermarking framework tailored for SNPs. The framework comprises three key modules: a module to stabilize the ring watermark structure, an adaptive embedding strength and range module, and a sliding window and flip state detection module. These modules, coupled with log-polar mapping (LPM) in the Fourier-Mellin domain, effectively mitigate the lack of robustness to specific attacks, resulting in comprehensive robustness for the entire framework. Numerous experiments demonstrate that our proposed scheme outperforms other state-of-the-art (SOTA) works in handling hybrid distortions on SNPs.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142243915","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Self-sovereign identity management in ciphertext policy attribute based encryption for IoT protocols 物联网协议基于密码策略属性加密的自主权身份管理

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-09-11 DOI: 10.1016/j.jisa.2024.103885

{"title":"Self-sovereign identity management in ciphertext policy attribute based encryption for IoT protocols","authors":"","doi":"10.1016/j.jisa.2024.103885","DOIUrl":"10.1016/j.jisa.2024.103885","url":null,"abstract":"<div><p>In the Internet of Things, access control and identity management rely on centralized platforms. However, centralized platforms will compromise user privacy with identity leakage. Self-sovereign identity (SSI) is a novel model for identity management that does not require third-party centralized authority. Thus, SSI is a potential solution to the identity management problem in IoT access control. This paper’s motivation is to address the problems of lack of identity sovereignty, centralized authorization, and high computational overhead for IoT access control. We propose a novel access control scheme for IoT that decentralizes identity management and tackles single-point-of-failure issues. This scheme leverages ciphertext policy attribute-based encryption (CP-ABE) and SSI to achieve the overall goal. Specifically, Our scheme eliminates the central authority and empowers users to manage their identity, allowing users to decide what attributes they disclose. Regarding the distribution of roles in the architecture, this paper follows the generic SSI model (ISSUER–HOLDER—VERIFIER) that allows a user to access a service from a service provider. To enable real-world deployment of our scheme, we establish an attribute authorization authority(such as the government) as a trusted identity point of entry. Users generate decentralized identifiers to enjoy services of interest in a privacy-preserving manner. The analysis demonstrates the practicality and superiority of our scheme. Our scheme requires less computation and is suitable for resource-constrained IoT scenarios.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142169320","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Shared file protection against unauthorised encryption using a Buffer-Based Signature Verification Method 使用基于缓冲区的签名验证方法保护共享文件，防止未经授权的加密

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-09-09 DOI: 10.1016/j.jisa.2024.103873

{"title":"Shared file protection against unauthorised encryption using a Buffer-Based Signature Verification Method","authors":"","doi":"10.1016/j.jisa.2024.103873","DOIUrl":"10.1016/j.jisa.2024.103873","url":null,"abstract":"<div><p>Understanding the attributes of critical data and implementing suitable security measures help organisations bolster their data-protection strategies and diminish the potential impacts of ransomware incidents. Unauthorised extraction and acquisition of data are the principal objectives of most cyber invasions. We underscore the severity of this issue using a recent attack by the Clop ransomware group, which exploited the MOVEit Transfer vulnerability and bypassed network-detection mechanisms to exfiltrate data via a Command and Control server. As a countermeasure, we propose a method called Buffer-Based Signature Verification (BBSV). This approach involves embedding 32-byte tags into files prior to their storage in the cloud, thus offering enhanced data protection. The BBSV method can be integrated into software like MOVEit Secure Managed File Transfer, thereby thwarting attempts by ransomware to exfiltrate data. Empirically tested using a BBSV prototype, our approach was able to successfully halt the encryption process for 80 ransomware instances from 70 ransomware families. BBSV not only stops the encryption but also prevents data exfiltration when data are moved or written from the original location by adversaries. We further develop a hypothetical exploit scenario in which an adversary manages to bypass the BBSV, illicitly transmits data to a Command and Control server, and then removes files from the original location. We construct an extended state space, in which each state represents a tuple that integrates user authentication and system components at the filesystem level.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001753/pdfft?md5=68d74f2ecd64919a7bca1979c6adbfbd&pid=1-s2.0-S2214212624001753-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142157893","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0