Journal of Information Security and Applications最新文献

{"title":"A survey on machine unlearning: Techniques and new emerged privacy risks","authors":"Hengzhu Liu ,&nbsp;Ping Xiong ,&nbsp;Tianqing Zhu ,&nbsp;Philip S. Yu","doi":"10.1016/j.jisa.2025.104010","DOIUrl":"10.1016/j.jisa.2025.104010","url":null,"abstract":"<div><div>The explosive growth of machine learning has made it a critical infrastructure in the era of artificial intelligence. The extensive use of data poses a significant threat to individual privacy. Various countries have implemented corresponding laws, such as GDPR, to protect individuals’ data privacy and the right to be forgotten. This has made machine unlearning a research hotspot in the field of privacy protection in recent years, with the aim of efficiently removing the contribution and impact of individual data from trained models. The research in academia on machine unlearning has continuously enriched its theoretical foundation, and many methods have been proposed, targeting different data removal requests in various application scenarios. However, recently researchers have found potential privacy leakages of various of machine unlearning approaches, making the privacy preservation on machine unlearning area a critical topic. This paper provides an overview and analysis of the existing research on machine unlearning, aiming to present the current vulnerabilities of machine unlearning approaches. We analyze privacy risks in various aspects, including definitions, implementation methods, and real-world applications. Compared to existing reviews, we analyze the new challenges posed by the latest malicious attack techniques on machine unlearning from the perspective of privacy threats. We hope that this survey can provide an initial but comprehensive discussion on this new emerging area.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104010"},"PeriodicalIF":3.8,"publicationDate":"2025-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143549581","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Editorial: Advancements in multimedia security in the context of artificial intelligence and cloud computing","authors":"Rajeev Kumar,&nbsp;Roberto Caldelli,&nbsp;Wong KokSheik,&nbsp;Ki-Hyun Jung,&nbsp;David Megías","doi":"10.1016/j.jisa.2025.103964","DOIUrl":"10.1016/j.jisa.2025.103964","url":null,"abstract":"<div><div>The rapid evolution of digital technologies and their seamless integration into everyday life have redefined how we create, share, and consume multimedia content. These advancements, coupled with the unprecedented growth in Artificial Intelligence (AI) and Cloud Computing, have provided users with unparalleled convenience and access to information. However, these innovations have also introduced significant challenges, including unauthorized use, privacy violations, and cyber threats. These issues necessitate advanced solutions to safeguard multimedia data. This special issue focuses on cutting-edge research addressing these challenges, presenting novel methodologies and frameworks to ensure multimedia security and resilience.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103964"},"PeriodicalIF":3.8,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143512055","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient image encryption algorithm based on ECC and dynamic S-box","authors":"Ghulam Murtaza ,&nbsp;Umar Hayat","doi":"10.1016/j.jisa.2025.104004","DOIUrl":"10.1016/j.jisa.2025.104004","url":null,"abstract":"<div><div>Image encryption is widely used to convert digital images into an unreadable form when data is transferred through open networks and the internet. However, traditional cryptosystems have small encryption key sizes and are unsuitable for real-time implementation because image pixels have high redundancy and large data capacity. We have designed an image cryptosystem to tackle the issues related to the smaller key size and plaintext attacks. There are three phases of our proposed image cryptosystem. A pseudo-random number generator is used in the first phase to diffuse the pixels of the plain image. A substitution box generator is designed in the second phase to generate substitution boxes with high nonlinearity. The last phase provides an image encryption technique to encrypt grayscale images. The proposed scheme encrypts images with an entropy value close to the optimal value, which increases security. The encryption algorithm requires 0.556 s to encrypt a <span><math><mrow><mn>256</mn><mo>×</mo><mn>256</mn></mrow></math></span> grayscale image. Further, extensive experiments show that the cryptosystem is highly sensitive to the input keys.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104004"},"PeriodicalIF":3.8,"publicationDate":"2025-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143520438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SoK: The design paradigm of safe and secure defaults","authors":"Jukka Ruohonen","doi":"10.1016/j.jisa.2025.103989","DOIUrl":"10.1016/j.jisa.2025.103989","url":null,"abstract":"<div><div>In security engineering, including software security engineering, there is a well-known design paradigm telling to prefer safe and secure defaults. The paper presents a systematization of knowledge (SoK) of this paradigm by the means of a systematic mapping study and a scoping review of relevant literature. According to the mapping and review, the paradigm has been extensively discussed, used, and developed further since the late 1990s. Partially driven by the insecurity of the Internet of things, the volume of publications has accelerated from the circa mid-2010s onward. The publications reviewed indicate that the paradigm has been adopted in numerous different contexts. It has also been expanded with security design principles not originally considered when the paradigm was initiated in the mid-1970s. Among the newer principles are an “off by default” principle, various overriding and fallback principles, as well as those related to the zero trust model. The review also indicates problems developers and others have faced with the paradigm.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 103989"},"PeriodicalIF":3.8,"publicationDate":"2025-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143487141","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MA_BiRAE - Malware analysis and detection technique using adversarial learning and deep learning","authors":"Surbhi Prakash,&nbsp;Amar Kumar Mohapatra","doi":"10.1016/j.jisa.2025.104009","DOIUrl":"10.1016/j.jisa.2025.104009","url":null,"abstract":"<div><div>Malware attacks are frequently increasing due to the growing use of handheld gadgets, especially Android phones. Hackers try to access smartphones through a variety of techniques, including the theft of information, tracking, and deceptive advertising. There are various techniques for malware analysis and detection, but some issues, like low performance, computational complexity, overfitting, and so on, have been identified while detecting malware and training data. To address these issues, the proposed technique is designed to achieve efficient malware detection. Initially, data is collected from the Aposemat IoT-23 and Bot-IoT datasets, and the Adaptative Perturbation Pattern Method (Ap2 m) is used to generate constrained adversarial samples. Evasion attacks are used to examine regular adversarial training, while Improved Random Forest (IRF) is used for modeling and fine-tuning. The deep Residual Convolutional Neural Network (deep RCNet) is utilized to extract the features. Finally, the Multi-head Attention-based Bidirectional Residual Autoencoder (MA_BiRAE) model is used for malware detection. The performance of the proposed technique is compared to various existing models to determine its superiority. The proposed technique is evaluated using two datasets: the Aposemat IoT-23 dataset and the Bot-IoT dataset. The proposed technique achieves an accuracy of 99.63% for the Aposemat IoT-23 dataset and 99.11% for the Bot-IoT dataset.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104009"},"PeriodicalIF":3.8,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143478879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reversible data hiding in encrypted image using bit-plane based label-map encoding with optimal block size","authors":"Ankur ,&nbsp;Rajeev Kumar ,&nbsp;Ajay K. Sharma","doi":"10.1016/j.jisa.2025.104005","DOIUrl":"10.1016/j.jisa.2025.104005","url":null,"abstract":"<div><div>In today’s digital landscape, maintaining the confidentiality and privacy of sensitive information has become an essential requirement. For this, Reversible data hiding in encrypted images (RDHEI) has garnered considerable attention as it enables embedding of large amounts of secret data in encrypted images without requiring knowledge of the original image contents. To further increase the embedding capacity (EC) while maintaining security, this paper presents a new bit-plane-based RDHEI using label-map encoding with optimal block size. The proposed method employs a hybrid predictor to generate a low-magnitude difference image, which is transformed into highly compressible bit-plane-wise label-maps. A novel block-based label-map encoding is also introduced, which optimally represents these label-maps as bit-streams to significantly reduce their size. These bit-streams are embedded in the original encrypted image to guide the data hider, ensuring complete reversibility and lossless extraction at the receiving end. Extensive experimentation shows that the proposed method achieves an average embedding rate of 3.8770 bpp for BOSSBase and 3.7944 bpp for BOWS-2, outperforming state-of-the-art RDHEI methods. Further, the method ensures lossless reconstruction of the original image and error-free extraction of hidden data while demonstrating strong resilience against malicious attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104005"},"PeriodicalIF":3.8,"publicationDate":"2025-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143474283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fed-GWAS: Privacy-preserving individualized incentive-based cross-device federated GWAS learning","authors":"Omid Torki ,&nbsp;Maede Ashouri-Talouki ,&nbsp;Mina Alishahi","doi":"10.1016/j.jisa.2025.104002","DOIUrl":"10.1016/j.jisa.2025.104002","url":null,"abstract":"<div><div>The widespread availability of DNA sequencing technology has led to the genetic sequences of individuals becoming accessible data, creating opportunities to identify the genetic factors underlying various diseases. In particular, Genome-Wide Association Studies (GWAS) seek to identify Single Nucleotide Polymorphism (SNPs) associated with a specific phenotype. Although sharing such data offers valuable insights, it poses a significant challenge due to both privacy concerns and the large size of the data involved. To address these challenges, in this paper, we propose a novel framework that combines both federated learning and blockchain as a platform for conducting GWAS studies with the participation of single individuals. The proposed framework offers a mutually beneficial solution where individuals participating in the GWAS study receive insurance credit to avail medical services while research and treatment centers benefit from the study data. To safeguard model parameters and prevent inference attacks, a secure aggregation protocol has been developed. The evaluation results demonstrate the scalability and efficiency of the proposed framework in terms of runtime and communication, outperforming existing solutions.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 104002"},"PeriodicalIF":3.8,"publicationDate":"2025-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143463734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Novel improvements and extensions of the extractable results about (leakage-resilient) privacy schemes with imperfect randomness","authors":"Yanqing Yao ,&nbsp;Zhoujun Li","doi":"10.1016/j.jisa.2025.104008","DOIUrl":"10.1016/j.jisa.2025.104008","url":null,"abstract":"<div><div>Traditional cryptographic primitives usually take for granted the availability of perfect randomness. Unfortunately, in reality one must deal with various imperfect randomness (e.g., physical sources, secrets with partial leakage, biometric data). Bosley and Dodis in TCC’07 [BD07] proposed that private-key encryption requires extractable randomness and hoped their result would arouse more interest in exploring the extent to which cryptographic primitives can be grounded on imperfect randomness. Aggarwal et al. in TCC’22 [ACOR22] observed leakage-resilient secret sharing requires extractable randomness. Partially motivated by these, we study improvements and extensions of the extractable results proposed before. We consider the generalized (leakage-resilient) privacy schemes (including encryption, perfectly binding commitment, threshold secret sharing). We get the new results below. Firstly, we explore extractable results about the generalized privacy schemes using two methods: one is an improved and generalized method based on [BD07] by combining different Chernoff Bounds; the other creatively employs Lemma 3 of [ACOR22]. Afterwards, we improve and extend the above results grounded on the Rényi entropy. In particular, (a) substituting the collision entropy for the min-entropy, we obtain tighter bounds than the counterpart of Lemma 3 in [ACOR22]; (b) replacing the min-entropy with the Rényi entropy, we give a tricky and detailed proof for generalized version of Lemma 4 of [ACOR22], while the coupling argument in that proof of [ACOR22] is used directly without explanation, which is unclear and hard to understand. Finally, we propose the extractable results about the generalized leakage-resilient privacy schemes using two methods: one extends Theorem 1(a) of [BD07]; the other uses more generalized, more intuitive, and simpler proof ideas than the counterpart of [ACOR22]. Furthermore, we present concrete and essential restrictions on the parameters by proving the main theorem other than [ACOR22] that proposed unspecific parameters.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 104008"},"PeriodicalIF":3.8,"publicationDate":"2025-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143452761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Advanced octree-based reversible data hiding in encrypted point clouds","authors":"Yuan-Yu Tsai,&nbsp;Wen-Ting Jao,&nbsp;Alfrindo Lin,&nbsp;Shih-Yi Wang","doi":"10.1016/j.jisa.2025.104006","DOIUrl":"10.1016/j.jisa.2025.104006","url":null,"abstract":"<div><div>This study presents an effective algorithm for reversible data hiding in encrypted point clouds, employing an advanced octree-based subdivision to significantly improve the embedding rate. By intelligently dividing the point cloud’s boundary volume into distinct subspaces, each specifically adapted to the distribution of points, the octree enables accurate subspace allocation without requiring the points’ positional information, thanks to its spatial organization prowess. Our algorithm advances the field of reversible data hiding in encrypted point clouds by leveraging octree subdivision and multi-MSB prediction, collaboratively enhancing the embedding rate and capacity. The algorithm skillfully adjusts the subdivision threshold, thus optimizing the subspace sizes to meet various embedding capacity needs. It also enhances the selection of pivotal reference, the subspace center, for embedding capacity calculation. The algorithm achieves an 100 % embedding rate and an average embedding capacity of 39.76 bits per point under optimal subdivision parameters, surpassing existing techniques. Comparative studies demonstrate its superior performance, with a 13.28 % increase in pure embedding capacity compared to previous methods. The algorithm guarantees the retrieval of the embedded message and the perfect restoration of the original model, facilitated by the octree’s accurate point repositioning feature. These results represent a substantial advancement in reversible data hiding, promoting increased effectiveness and security for encrypted point clouds, with potential implications in multiple industries.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 104006"},"PeriodicalIF":3.8,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143445839","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hybrid prediction error and histogram shifting method for reversible data hiding in video system","authors":"Cheng-Ta Huang ,&nbsp;Jing-Xuan Song ,&nbsp;Thi Thu-Ha Dang","doi":"10.1016/j.jisa.2025.104007","DOIUrl":"10.1016/j.jisa.2025.104007","url":null,"abstract":"<div><div>With the rapid advancement of communication technology, ensuring the security of information transmission has become increasingly crucial. In today's digital landscape, video has emerged as one of the most popular media formats. Video Reversible Data Hiding (RDH) involves embedding information or secret data within a video file while preserving the perceived quality of the resulting stego video. This technique enables the receiver to perfectly restore the original video and extract the embedded secret data. Achieving high-quality stego files while maintaining sufficient capacity for secret data remains a significant challenge. This research proposes a novel reversible video data hiding method that utilizes an innovative prediction error algorithm for intra-frame pixel value prediction error calculation. The algorithm generates sharp histograms based on these prediction errors, with sharper histograms corresponding to a higher Peak signal-to-noise ratio (PSNR) of the stego video. Additionally, the method incorporates an adaptive zero-point system to identify which zero point that require minimal histogram shifts, thus achieving adaptive effects within each frame by applying different shifts based on frame characteristics. The proposed prediction error algorithm enhances the histogram shifting effects and addresses the limitation of not embedding data in the first frame while maintaining superior PSNR. Extensive experimental analysis demonstrates that proposed method surpasses various existing techniques in terms of steganographic video quality.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 104007"},"PeriodicalIF":3.8,"publicationDate":"2025-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143445840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}