Journal of Information Security and Applications最新文献

{"title":"PECD-DSIIoT: Privacy-enhanced cross-domain data sharing scheme for IIoT","authors":"Luyao Yang ,&nbsp;Weiming Tong ,&nbsp;Zhongwei Li ,&nbsp;Jinxiao Zhao ,&nbsp;Feng Pan ,&nbsp;Xianji Jin","doi":"10.1016/j.jisa.2025.104128","DOIUrl":"10.1016/j.jisa.2025.104128","url":null,"abstract":"<div><div>With the rapid development of the Industrial Internet of Things (IIoT) under emerging manufacturing paradigms, the demand for cross-domain data interaction has significantly increased. However, challenges related to cross-domain trust management and data privacy protection remain key obstacles to achieving efficient data sharing. Existing solutions primarily focus on identity authentication and data sharing within a single management domain. The limited number of cross-domain approaches available tend to either emphasize authentication alone or adopt a single-chain architecture, which fails to meet the complex trust requirements in IIoT environments. To address these challenges, we propose a Privacy-Enhanced Cross-Domain Data Sharing Scheme for IIoT (PECD-DSIIoT). First, the proposed scheme adopts a dual-chain architecture that integrates a consortium blockchain and a private blockchain, enabling secure and controlled cross-domain data sharing. In this architecture, the consortium blockchain is responsible for cross-domain identity authentication, ensuring secure authentication across different management domains, while the private blockchain is used for storing sensitive data, enabling controlled data sharing. Additionally, the scheme employs an attribute obfuscation function to conceal access policies, preventing the exposure of access control rules. A verifiable pre-decryption mechanism is incorporated to ensure the integrity and correctness of data before decryption. Moreover, a non-interactive zero-knowledge proof is used to enable privacy-preserving identity authentication. Finally, a hybrid on-chain and off-chain storage strategy is adopted to alleviate blockchain storage overhead. Theoretical analysis and experimental results demonstrate that the proposed scheme not only enhances system security and privacy protection but also achieves low computational overhead and efficient data sharing, making it a highly feasible and practical solution.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104128"},"PeriodicalIF":3.8,"publicationDate":"2025-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144271075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Improving the security of asymmetric secret sharing scheme and its new applications","authors":"Keiichi Iwamura ,&nbsp;Ahmad Akmal Aminuddin Mohd Kamal","doi":"10.1016/j.jisa.2025.104098","DOIUrl":"10.1016/j.jisa.2025.104098","url":null,"abstract":"<div><div>In conventional <span><math><mrow><mo>(</mo><mi>k</mi><mo>,</mo><mi>n</mi><mo>)</mo></mrow></math></span> threshold secret sharing, secret information or input can be recovered by collecting <span><math><mi>k</mi></math></span> shares from <span><math><mi>n</mi></math></span> servers, regardless of the honesty of the player. However, in asymmetric secret sharing, the input remains unrecoverable even if the attacker collects all shares from all data servers. Asymmetric secret sharing provides an asymmetric structure in which only an honest/authorized player can regain the input by combining shares from the data servers with pseudorandom numbers that are generated by the authorized player to complete the required <span><math><mi>k</mi></math></span> shares. Nevertheless, the asymmetric secret sharing scheme does not rely on information-theoretic security but rather on computational security. In this study, we first demonstrate the vulnerability of the conventional computationally secure asymmetric secret sharing scheme by presenting possible attacks on the scheme. We then show that by introducing true random numbers, an asymmetric secret sharing scheme with information-theoretic security can be achieved under certain conditions. We also identify and provide a detailed discussion of the conditions required to achieve information-theoretic security. However, the required conditions result in a reduction in storage efficiency on the server. We implemented our proposed method and evaluated its efficiency under these conditions, and showed that the execution time remains within the acceptable range and has a minimal effect on practical use. Moreover, we show that the proposed method can realize new applications that are not possible with conventional secret sharing schemes, such as secure data management that does not leak secret information even if the entire dataset in the cloud containing the shares is compromised, and communication, including IoT communication.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104098"},"PeriodicalIF":3.8,"publicationDate":"2025-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144270973","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Improving data extraction accuracy for median filter-based data hiding method","authors":"Koi Yee Ng,&nbsp;Wenting Zhu,&nbsp;Simying Ong","doi":"10.1016/j.jisa.2025.104097","DOIUrl":"10.1016/j.jisa.2025.104097","url":null,"abstract":"<div><div>In this paper, an improved method of the median filter-based data hiding method is proposed. The median filter can be performed while performing embedding on images, to achieve both image enhancement and data embedding in one step. However, the low data extraction accuracy in the existing median filter-based data hiding method is a concern. Along with that, the triple embedding, repairing, reverse scan order, and majority voting approaches are incorporated into the embedding and extraction process. This helps improve the accuracy of the median filter-based data hiding method while ensuring image enhancement on both noisy and non-noisy images. In this work, different experiments are conducted using various settings of noise types, noise levels, image window sizes, subsets, and pixel-pair to evaluate the performance of the approaches. The result shows an overall improvement in accuracy when triple embedding for data embedding, reverse and repairing with majority voting for extraction is performed. In terms of image quality, both the reverse-repair and majority reverse-repair methods exhibit significant improvements during data extraction, especially when removing the Salt&amp;Pepper noise and Speckle Noise. In the best case, 100% extraction accuracy can be achieved when the window size is 5 × 5 and 7 × 7.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104097"},"PeriodicalIF":3.8,"publicationDate":"2025-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144264069","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Gradient whispering in decentralized federated learning: Covert channel through AI model update paths","authors":"Chen Liang ,&nbsp;Ziqi Wang ,&nbsp;Xuan Sun ,&nbsp;Thar Baker ,&nbsp;Yuanzhang Li ,&nbsp;Ning Shi","doi":"10.1016/j.jisa.2025.104118","DOIUrl":"10.1016/j.jisa.2025.104118","url":null,"abstract":"<div><div>Federated learning faces significant data privacy challenges, with threats like inference attacks, model inversion attacks, and poisoning attacks. Existing methods struggle to balance privacy, security, and accuracy, resulting in suboptimal performance. Furthermore, many solutions extend training and communication time, increasing costs and reducing overall system efficiency and value. This paper proposes “gradient whispering” covert communication to address these issues. Adjusting gradients in federated learning changes the optimization path while maintaining model efficacy. “Gradient whispering” introduces two embedding schemes: gradient direction-based embedding and gradient magnitude-based embedding, designed to incorporate information during the iterative updates of AI models. These two schemes can be applied independently or in combination to enhance the flexibility of the embedding process. When used together, they further expand the embedding capacity, thereby maximizing the effectiveness of information embedding. MNIST and CIFAR-10 dataset trials demonstrate model accuracy stays stable post-embedding with fluctuations under 0.3%. Two-sample Kolmogorov–Smirnov tests and Kullback–Leibler divergence analysis show no statistical difference between pre- and post-embedding gradient distributions. Peak signal-to-noise ratio values of 40 to 50 indicate a strong similarity between the embedded and original gradients, hiding hidden information and guaranteeing model stability.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104118"},"PeriodicalIF":3.8,"publicationDate":"2025-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144270974","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Quo Vadis CKKS: Comparison of the realization of basic mathematical functions for the homomorphic cryptosystem CKKS using De Bello and polynomial approximations","authors":"Thomas Prantl ,&nbsp;Lukas Horn ,&nbsp;Simon Engel ,&nbsp;André Bauer ,&nbsp;Samuel Kounev","doi":"10.1016/j.jisa.2025.104110","DOIUrl":"10.1016/j.jisa.2025.104110","url":null,"abstract":"<div><div>As data storage and processing increasingly shift to the cloud, the risk of data breaches also rises. One way to address this is using Homomorphic Encryption (HE), which allows for data processing while the data remains encrypted, unlike traditional methods. However, current HE libraries support only addition and multiplication, requiring users to implement other mathematical functions themselves. To this end, we developed and analyzed basic mathematical functions in a previous work. Since polynomial approximations are more common in HE, this paper expands on that by examining and comparing polynomial approximations of these functions with the previously implemented methods. Our findings indicate that while polynomial approximations offer the benefit of low multiplication depth, the previously implemented methods generally outperform them in most scenarios despite their higher computational cost.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104110"},"PeriodicalIF":3.8,"publicationDate":"2025-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144264070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FETA: A systematic and efficient approach for feature engineering on anti-static and anti-dynamic malware analysis","authors":"Dima Rabadi ,&nbsp;Jia Y. Loo ,&nbsp;Amudha Narayanan ,&nbsp;Yuexuan Wang ,&nbsp;Sin G. Teo ,&nbsp;Tram Truong-Huu","doi":"10.1016/j.jisa.2025.104104","DOIUrl":"10.1016/j.jisa.2025.104104","url":null,"abstract":"<div><div>Malware detection is a critical but very challenging task in cybersecurity. The eternal competition between malware authors (cyber attackers) and security analysts (detectors) is a never-ending game in which malware evolves rapidly and becomes more sophisticated as cyber attackers constantly evolve their tactics to evade detection. Such competition raises the demand for new automated malware detection techniques to keep pace with malware evolution and address sophisticated malware. This paper presents an empirical study that analyzes the effectiveness of static and dynamic features using machine learning algorithms. We propose FETA, a systematic approach for <strong>F</strong>eature <strong>E</strong>ngineering on anti-s<strong>T</strong>atic and anti-dyn<strong>A</strong>mic malware analysis. FETA combines static and dynamic features through feature aggregation and model integration techniques to improve detection accuracy and robustness. Extensive experiments on a real-world dataset show that the aggregation of static and dynamic features outperforms individual feature sets, achieving a detection rate of 98.06%. Additionally, we provide insights into feature selection and conduct a deep analysis of misclassified samples. This research contributes to the development of more effective and efficient malware detection techniques for enhanced cybersecurity.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104104"},"PeriodicalIF":3.8,"publicationDate":"2025-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144254283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Lattice-based puncturable blind signature scheme: Enhancing privacy and security in large language models","authors":"Jumei Zhang ,&nbsp;Zhenhua Liu ,&nbsp;Dongdong Yao","doi":"10.1016/j.jisa.2025.104100","DOIUrl":"10.1016/j.jisa.2025.104100","url":null,"abstract":"<div><div>Lattice-based blind signature ensures that users can generate signatures on messages while interacting with the signer without revealing any information about the message content, and resists quantum attacks. However, the existing lattice-based blind signature schemes did not fully address the threat of key exposure, lacking in ensuring both forward and backward security. In this paper, we propose a lattice-based puncturable blind signature (PBS) scheme that employs puncturable pseudorandom functions to achieve bidirectional security. The implementation of puncturing technique not only enables fine-grained revocation of signing capabilities, effectively safeguarding against key leakage attacks and thereby ensuring bidirectional security, but also markedly decreases the computational complexity involved in key updates, reducing it from <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mi>n</mi><mo>)</mo></mrow></mrow></math></span> to <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mn>1</mn><mo>)</mo></mrow></mrow></math></span>. Furthermore, the security of the proposed PBS scheme under the SIS hard assumption is validated in the random oracle model, thereby providing a theoretical foundation for its deployment in scenarios demanding high-security data transactions and privacy preservation, such as in large language models and cloud computing platforms.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104100"},"PeriodicalIF":3.8,"publicationDate":"2025-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144242748","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Blockchain-enabled dynamic honeypot conversion for resource-efficient IoT security","authors":"Daniel Commey ,&nbsp;Matilda Nkoom ,&nbsp;Sena G. Hounsinou ,&nbsp;Garth V. Crosby","doi":"10.1016/j.jisa.2025.104109","DOIUrl":"10.1016/j.jisa.2025.104109","url":null,"abstract":"<div><div>The rapid growth of Internet of Things (IoT) devices presents significant security challenges, particularly in managing large-scale, resource-constrained deployments. While honeypots are effective security tools, traditional static deployments lack the adaptability and resource efficiency needed for dynamic IoT environments, and ensuring verifiable event logging is challenging. This paper introduces BHICS (Blockchain-enabled Honeypot IoT Conversion System), a novel approach that dynamically converts regular IoT nodes into honeypots based on detected threat levels using a lightweight machine learning (ML) model. BHICS employs a state-driven conversion mechanism with blockchain-based logging for verifiable security event recording. Experimental evaluations demonstrate that BHICS achieves an attack prevention rate of 76.5% (<span><math><mo>±</mo></math></span>0.9%), comparable to dedicated honeypot deployments (79.6% <span><math><mo>±</mo></math></span>1.0%), while significantly reducing node compromise rates from 49.8% to 22.3%. The system exhibits strong scalability, maintaining consistent performance in networks ranging from 100 to 1,000 nodes, with blockchain transaction times remaining stable around 15.17 ms (<span><math><mo>±</mo></math></span>0.03 ms), ensuring minimal overhead. Our approach provides an efficient, scalable solution for IoT network security that balances protection capabilities with resource utilization and ensures reliable security event logging.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104109"},"PeriodicalIF":3.8,"publicationDate":"2025-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144254399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Secure and cancelable fingerprint templates with privacy-preserving mapping and template encoding","authors":"Md Sabuj Khan ,&nbsp;Ting Zhong ,&nbsp;Fan Zhou ,&nbsp;Hengjian Li","doi":"10.1016/j.jisa.2025.104126","DOIUrl":"10.1016/j.jisa.2025.104126","url":null,"abstract":"<div><div>Cancelable fingerprint template methods frequently encounter challenges in achieving an optimal balance between security and recognition accuracy, leading to privacy vulnerabilities and reduced system performance. To address these challenges in cancelable fingerprint template protection, we propose a novel approach for secure and cancelable fingerprint templates with privacy-preserving mapping and template encoding. Firstly, we introduce a privacy-preserving feature mapping technique to enhance security and privacy. Secondly, we present Adaptive Momentum Binary Hashing (AMBH)<strong>,</strong> which improves the conversion of binary features, optimizing both feature representation and computational efficiency. Finally, we generate the cancelable secure fingerprint template by applying feature transformations, decimalization, and secure storage in a bloom filter to facilitate efficient storage and conflict management. Experimental evaluations on the FVC2002 and FVC2004 fingerprint databases demonstrate the proposed scheme's superior accuracy, establishing it as a state-of-the-art solution for fingerprint recognition. Furthermore, a comprehensive security analysis confirms that the method adheres to rigorous cancelable biometric template protection standards, ensuring robust irreversibility, unlinkability, revocability, and resistance to various attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104126"},"PeriodicalIF":3.8,"publicationDate":"2025-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144231215","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Differential fault attack on the XOR version of SNOW 5G stream cipher","authors":"Wenhao Liu,&nbsp;Chenhui Jin","doi":"10.1016/j.jisa.2025.104108","DOIUrl":"10.1016/j.jisa.2025.104108","url":null,"abstract":"<div><div>This paper presents a differential fault attack (DFA) on the XOR version of SNOW 5G, in which modular <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>16</mn></mrow></msup></math></span> addition is replaced by bitwise XOR. Using single-byte faults in the Finite State Machine (FSM) during the keystream generation phase, we demonstrate a complete recovery of the 896-bit internal state and 256-bit secret key. By injecting a single-byte fault into registers R1 and R2 of FSM during the keystream generation phase, we solve linear equations derived from keystream differences, obtaining an average of <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>1</mn><mo>.</mo><mn>01</mn></mrow></msup></math></span> candidate values for 25 bytes and 14 bytes of the internal state, respectively. Furthermore, we present a fault timing and location determination method based on keystream differential patterns, determining the internal state at one time from the multi-time state of R1 and R2. By leveraging 4 collision attacks, the attack complexity is reduced to a time complexity of <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>19</mn><mo>.</mo><mn>115</mn></mrow></msup></math></span> and a storage complexity of <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>12</mn><mo>.</mo><mn>697</mn></mrow></msup></math></span> (using 16 faults). For key recovery, we formulate the problem as recovering R2 at 14th and 15th time during the initialization phase, and propose a subspace trail-based fault localization technique. This technique uniquely identifies the location of single-byte FSM faults by analyzing keystream differential deviations, even when distinct fault positions induce identical differential patterns. Finally, we derive the differential propagation patterns induced by single-byte faults in R2 at 14th/15th time and R1 at 13th/14th time during initialization phase, and propose two key recovery schemes. When fault location is unknown, using 80 faults yields an average of <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>25</mn><mo>.</mo><mn>877</mn></mrow></msup></math></span> candidate keys. When fault location is controllable, using 8 faults yields an average of <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>8</mn></mrow></msup></math></span> candidate keys, with a storage complexity of <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>4</mn><mo>.</mo><mn>01</mn></mrow></msup></math></span> and time complexity of <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>17</mn><mo>.</mo><mn>16</mn></mrow></msup></math></span>.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104108"},"PeriodicalIF":3.8,"publicationDate":"2025-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144231595","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}