Journal of Information Security and Applications最新文献_第2页

BloAC: A blockchain-based secure access control management for the Internet of Things BloAC：基于区块链的物联网安全访问控制管理

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-10-30 DOI: 10.1016/j.jisa.2024.103897

Utsa Roy, Nirnay Ghosh

{"title":"BloAC: A blockchain-based secure access control management for the Internet of Things","authors":"Utsa Roy, Nirnay Ghosh","doi":"10.1016/j.jisa.2024.103897","DOIUrl":"10.1016/j.jisa.2024.103897","url":null,"abstract":"<div><div>The Internet of Things (IoT) paradigm has widespread applications across many fields in which private and sensitive user or environmental data are sensed and shared. Most present-day IoT applications depend on centralized cloud servers for authentication and access control. Validating the identity of a user and determining the legitimacy of his/her access requests require multiple rounds of data communications over the untrusted Internet, exposing sensitive data to potential attacks. Thus, protecting these data from security and privacy attacks and ensuring legitimate access is imperative. To address this challenge, we adopt an emerging technology called blockchain to propose a decentralized security framework called <em>BloAC</em>. It ensures secure access control in IoT networks without the intervention of the back-end cloud. We have used the <em>Hyperledger Fabric</em>, an open-source, permissioned blockchain platform, for implementing a prototype system using customized <em>attribute-based access control (ABAC)</em> policies. We have performed simulated and real test bed-based experiments to illustrate that <em>BloAC</em> outperforms the cloud–server-based access control in latency and scalability, significantly reducing latency by up to 42.45% compared to cloud-based solutions. Finally, we conduct a security analysis to formally verify the ABAC policies used in <em>BloAC</em> and establish its robustness against attacks theoretically and using the <em>AVISPA</em> tool.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103897"},"PeriodicalIF":3.8,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552648","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

High-speed batch verification for discrete-logarithm-based signatures via Multi-Scalar Multiplication Algorithm 通过多乘法算法对基于离散对数的签名进行高速批量验证

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-10-30 DOI: 10.1016/j.jisa.2024.103898

Mengze Li , Cong Peng , Lingyan Han , Qi Feng , Min Luo

{"title":"High-speed batch verification for discrete-logarithm-based signatures via Multi-Scalar Multiplication Algorithm","authors":"Mengze Li , Cong Peng , Lingyan Han , Qi Feng , Min Luo","doi":"10.1016/j.jisa.2024.103898","DOIUrl":"10.1016/j.jisa.2024.103898","url":null,"abstract":"<div><div>Digital signatures are widely used in a variety of applications necessitating authentication. However, the amount of data is steadily increasing in domains like IoT, blockchain, e-commerce, etc. In such scenarios, the number of signatures could become extensive, resulting in considerable overhead in signature verification. Consequently, this bottleneck can hamper the responsiveness of transactions. Batch verification can verify numerous signatures simultaneously, effectively solving the challenge posed by the excessive overhead of verifying signatures. However, current state-of-the-art batch verification algorithms still require improvement when handling a large volume of signatures. In this paper, we propose an efficient algorithm for batch verification of discrete-logarithm-based signatures. Specifically, we propose an accelerated Multi-scalar Multiplication algorithm, which accounts for 99% cent of overheads in the batch verification process. When verifying a large number of signatures simultaneously, our algorithm significantly improves efficiency. For instance, when processing 10,000 signatures, our algorithm achieves a 3.6<span><math><mo>×</mo></math></span> speedup compared to the common algorithm. We applied our scheme to ECDSA, SM2 signature algorithm, and Schnorr signature algorithm, and simulation results show a significant improvement with our approach.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103898"},"PeriodicalIF":3.8,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An efficient secure interval test protocol for small integers 高效安全的小整数间隔测试协议

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-10-29 DOI: 10.1016/j.jisa.2024.103894

Qiming Hu , Huan Ye , Fagen Li , Chaosheng Feng

{"title":"An efficient secure interval test protocol for small integers","authors":"Qiming Hu , Huan Ye , Fagen Li , Chaosheng Feng","doi":"10.1016/j.jisa.2024.103894","DOIUrl":"10.1016/j.jisa.2024.103894","url":null,"abstract":"<div><div>The interval test problem is a variant of Yao’s millionaires’ problem to check whether a value <span><math><mi>x</mi></math></span> belongs to an interval <span><math><mi>R</mi></math></span>. Existing solutions to the interval test problem prioritize generic protocols but encounter efficiency challenges. There is a growing interest in developing efficient and secure multi-party computation protocols tailored to specific applications. In this paper, we propose a secure and simplified protocol for solving the interval test problem. This protocol exhibits high generality, as it only requires invocations of the private set intersection cardinality (PSI-CA) subprotocol. Furthermore, we modify it to construct a more efficient protocol for small integers by introducing oblivious transfer (OT) to reduce the times of homomorphic encryption. Our protocols provide privacy protection for both clients and servers in the semi-honest security model. We evaluate the computational and communication overhead of our protocols. Our OT-based secure interval test (OT-SIT) protocol is seven times faster than existing protocols for 18-bit integers. When the bit length is 4, it reduces communication overhead by approximately 97%. The upstream overhead is as low as 500 B. However, it uses binary tree structures, so the advantages in computation and communication quickly diminish as the bit length increase.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103894"},"PeriodicalIF":3.8,"publicationDate":"2024-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Revocable certificateless proxy re-signature with signature evolution for EHR sharing systems 针对电子病历共享系统的可撤销无证书代理重签名与签名演变

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-10-22 DOI: 10.1016/j.jisa.2024.103892

Qiu Zhang , Yinxia Sun , Yang Lu , Guoqiang Zhang

{"title":"Revocable certificateless proxy re-signature with signature evolution for EHR sharing systems","authors":"Qiu Zhang , Yinxia Sun , Yang Lu , Guoqiang Zhang","doi":"10.1016/j.jisa.2024.103892","DOIUrl":"10.1016/j.jisa.2024.103892","url":null,"abstract":"<div><div>Cloud computing has revolutionized in the healthcare industry, particularly in the management and accessibility of Electronic health records (EHR). However, maintaining the integrity and authenticity of EHR in cloud environments remains a crucial concern. To tackle this challenge, certificateless proxy re-signature is a promising cryptographic primitive for developing a practical EHR sharing system in the cloud. User revocation is a necessary issue in such system, but revocation introduces a new challenge, namely the continued validity of signatures from revoked users. A conventional method to solve this problem is to make the unrevoked users re-sign those valid EHR by using their current signing keys, which brings a lot of burden to the users. Therefore, we should establish an efficient mechanism to ensure that only signatures of valid data from non-revoked users can pass verification. In this paper, we propose a notion called revocable certificateless proxy re-signature with signature evolution (RCLPRS-SE), which allows for dynamic management of users and the ability to update signatures efficiently in accordance with evolving data requirements. We present a concrete construction of RCLPRS-SE and provide formal security proofs in the standard model. Compared with the existing related works, our scheme has a significant advantage in terms of signature updating efficiency.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103892"},"PeriodicalIF":3.8,"publicationDate":"2024-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142530008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Secure outsourced decryption for FHE-based privacy-preserving cloud computing 基于 FHE 的隐私保护云计算的安全外包解密

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-10-16 DOI: 10.1016/j.jisa.2024.103893

Xirong Ma , Chuan Li , Yuchang Hu , Yunting Tao , Yali Jiang , Yanbin Li , Fanyu Kong , Chunpeng Ge

{"title":"Secure outsourced decryption for FHE-based privacy-preserving cloud computing","authors":"Xirong Ma , Chuan Li , Yuchang Hu , Yunting Tao , Yali Jiang , Yanbin Li , Fanyu Kong , Chunpeng Ge","doi":"10.1016/j.jisa.2024.103893","DOIUrl":"10.1016/j.jisa.2024.103893","url":null,"abstract":"<div><div>The demand for processing vast volumes of data has surged dramatically due to the advancement of machine learning technology. Large-scale data processing necessitates substantial computational resources, prompting individuals and enterprises to turn to cloud services. Accompanying this trend is a growing concern regarding data leakage and misuse. Homomorphic encryption (HE) is one solution for safeguarding data privacy, enabling encrypted data to be processed securely in the cloud. However, the encryption and decryption routines of some HE schemes require considerable computational resources, presenting non-trivial work for clients. In this paper, we propose an outsourced decryption protocol for the prevailing RLWE-based fully homomorphic encryption schemes. The protocol splits the original decryption into two routines, with the computationally intensive part executed remotely by the cloud. Its security relies on an invariant of the NTRU-search problem with a newly designed blinding key distribution. Cryptographic analyses are conducted to configure protocol parameters across varying security levels. Our experiments demonstrate that the proposed protocol achieves up to a 67% acceleration in the client-side computation, accompanied by a 50% reduction in space usage.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"86 ","pages":"Article 103893"},"PeriodicalIF":3.8,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142446976","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

On the atout ticket learning problem for neural networks and its application in securing federated learning exchanges 论神经网络的出票学习问题及其在保障联合学习交流中的应用

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-10-09 DOI: 10.1016/j.jisa.2024.103891

Abdelhak Bouayad , Mohammed Akallouch , Abdelkader El Mahdaouy , Hamza Alami , Ismail Berrada

{"title":"On the atout ticket learning problem for neural networks and its application in securing federated learning exchanges","authors":"Abdelhak Bouayad , Mohammed Akallouch , Abdelkader El Mahdaouy , Hamza Alami , Ismail Berrada","doi":"10.1016/j.jisa.2024.103891","DOIUrl":"10.1016/j.jisa.2024.103891","url":null,"abstract":"<div><div>Artificial Neural Networks (ANNs) have become the backbone of many real-world applications, including distributed applications relying on Federated Learning (FL). However, several vulnerabilities/attacks have emerged in recent years, affecting the benefits of using ANNs in FL, such as reconstruction attacks and membership inference attacks. These attacks can have severe impacts on both the societal and professional levels. For instance, inferring the presence of a patient’s private health record in a medical study or a clinic database violates the patient’s privacy and can have legal or ethical consequences. Therefore, protecting the data and model from malicious attacks in FL systems is important. This paper introduces the Atout Ticket Learning (ATL) problem. This new problem consists of identifying sensitive parameters (atout tickets) of a neural network model, which, if modified, will increase the model’s loss by at least a given threshold <span><math><mi>ϵ</mi></math></span>. First, we formulate ATL as an <span><math><msub><mrow><mi>ℓ</mi></mrow><mrow><mn>0</mn></mrow></msub></math></span>-norm minimization problem, and we derive a lower bound on the number of atout tickets needed to achieve a model degradation of <span><math><mi>ϵ</mi></math></span>. Second, we design the Atout Ticket Protocol (ATP) as an effective solution for privacy-preserving in FL systems using atout tickets, along with the benefit of noise perturbations and secure aggregation techniques. Finally, we experiment ATP against FL reconstruction attacks using new selection strategies, namely Inverting Gradients, Deep Leakage, and Improved Deep Leakage. The results show that ATP is highly robust against these attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"86 ","pages":"Article 103891"},"PeriodicalIF":3.8,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142423990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An authentication scheme for color images with grayscale invariance and recoverability using image demosaicing 利用图像去马赛克技术实现具有灰度不变性和可恢复性的彩色图像认证方案

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-10-09 DOI: 10.1016/j.jisa.2024.103886

Xiaoyu Zhou , Wien Hong , Tung-Shou Chen , Guangsong Yang , Cheng-Han Lin

引用次数: 0

Cryptanalysis of Cancelable Biometrics Vault 可取消生物识别保险箱的密码分析

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-09-24 DOI: 10.1016/j.jisa.2024.103883

Patrick Lacharme , Kevin Thiry-Atighehchi

{"title":"Cryptanalysis of Cancelable Biometrics Vault","authors":"Patrick Lacharme , Kevin Thiry-Atighehchi","doi":"10.1016/j.jisa.2024.103883","DOIUrl":"10.1016/j.jisa.2024.103883","url":null,"abstract":"<div><div>Cancelable Biometrics (CB) stands for a range of biometric transformation schemes combining biometrics with user specific tokens to generate secure templates. Required properties are the irreversibility, unlikability and recognition accuracy of templates while making their revocation possible. In biometrics, a key-binding scheme is used for protecting a cryptographic key using a biometric data. The key can be recomputed only if a correct biometric data is acquired during authentication. Applications of key-binding schemes are typically disk encryption, where the cryptographic key is used to encrypt and decrypt the disk. In this paper, we cryptanalyze a recent key-binding scheme, called Cancelable Biometrics Vault (CBV) based on cancelable biometrics. More precisely, the introduced cancelable transformation, called BioEncoding scheme, for instantiating the CBV framework is attacked in terms of reversibility and linkability of templates. Subsequently, our linkability attack enables to recover the key in the vault without additional assumptions. Our cryptanalysis introduces a new perspective by uncovering the CBV scheme’s revocability and linkability vulnerabilities, which were not previously identified in comparable biometric-based key-binding schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"86 ","pages":"Article 103883"},"PeriodicalIF":3.8,"publicationDate":"2024-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142314916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Fine-grained encrypted data aggregation mechanism with fault tolerance in edge-assisted smart grids 边缘辅助智能电网中具有容错功能的细粒度加密数据聚合机制

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-09-23 DOI: 10.1016/j.jisa.2024.103888

Xiaojun Zhang , Xudong Deng , Haiyang Zhang , Yuan Zhang , Jingting Xue

{"title":"Fine-grained encrypted data aggregation mechanism with fault tolerance in edge-assisted smart grids","authors":"Xiaojun Zhang , Xudong Deng , Haiyang Zhang , Yuan Zhang , Jingting Xue","doi":"10.1016/j.jisa.2024.103888","DOIUrl":"10.1016/j.jisa.2024.103888","url":null,"abstract":"<div><div>Encrypted data aggregation can effectively achieve the preservation of users’ privacy by aggregating electricity consumption data from multiple-source smart meters, and simultaneously reduce the transmission communication overhead in smart grids. Although encryption operations ensure data confidentiality, as smart meters are resource-constrained devices, compromised private key leakage could likewise threaten users’ privacy. In this paper, we devise the fine-grained encrypted data aggregation mechanism with fault tolerance by modifying the Lifted EC-ElGamal encryption and symmetric homomorphic encryption, which could guarantee data confidentiality, even if corresponding private key is leaked. In the mechanism, edge server is integrated in smart grids to receive encrypted multidimensional electricity consumption data sent by smart meters, execute integrity checking, generate and forward corresponding verified aggregated data reports to the control center. To ensure the robustness of smart grids due to network interruption or data packet loss from smart meters to the edge server, we exploit the Shamir secret sharing technique to achieve transmission fault tolerance. Besides, dynamic subset adjustment could be utilized in the mechanism, enabling the control center to dynamically adjust users’ multidimensional electricity consumption data collection strategy according to the actual situation. We conduct security analysis and performance evaluation demonstrating the feasibility of the mechanism in the secure deployment of edge-assisted smart grids.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"86 ","pages":"Article 103888"},"PeriodicalIF":3.8,"publicationDate":"2024-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142312570","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhancing privacy-preserving machine learning with self-learnable activation functions in fully homomorphic encryption 在全同态加密中利用可自学习的激活函数加强隐私保护机器学习

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-09-23 DOI: 10.1016/j.jisa.2024.103887

Jichao Xiong , Jiageng Chen , Junyu Lin , Dian Jiao , Hui Liu

{"title":"Enhancing privacy-preserving machine learning with self-learnable activation functions in fully homomorphic encryption","authors":"Jichao Xiong , Jiageng Chen , Junyu Lin , Dian Jiao , Hui Liu","doi":"10.1016/j.jisa.2024.103887","DOIUrl":"10.1016/j.jisa.2024.103887","url":null,"abstract":"<div><div>In the field of artificial intelligence and data engineering, the effective utilization of data is critical for improving productivity across various sectors. As machine learning increasingly relies on sensitive data, balancing privacy with computational efficiency has become a major challenge. Homomorphic encryption provides a promising solution by enabling computation on encrypted data while preserving privacy in machine learning. However, its integration with neural networks is hindered by high computational demands and limitations in performing complex nonlinear operations. To address these challenges, we propose a novel approach that incorporates a ”Self-Learnable Activation Function” (SLAF) and refines the structure of neural network linear layers. These enhancements are designed to accommodate the constraints of homomorphic encryption, allowing for deeper network architectures without significant computational overhead.</div><div>Our optimized neural network model, tailored for biometric authentication tasks, outperforms traditional methods that use simple polynomial activation functions. Using the UTKFace dataset, which includes facial features under diverse scenarios, we validated the effectiveness of our solution in real-world applications. Experimental results demonstrate accuracy improvements of 0.88% to 3.15% over traditional models and 4.87% to 9.67% over the CryptoNets model, underscoring the capability of our approach to meet stringent privacy-preserving biometric authentication requirements.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"86 ","pages":"Article 103887"},"PeriodicalIF":3.8,"publicationDate":"2024-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142312571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0