Journal of Information Security and Applications最新文献

{"title":"DAVE-CC: A decentralized, access-controlled, verifiable ecosystem for cross-chain academic credential management","authors":"Tuan-Dung Tran ,&nbsp;Huynh Phan Gia Bao ,&nbsp;Nguyen Tan Cam ,&nbsp;Van-Hau Pham","doi":"10.1016/j.jisa.2025.104238","DOIUrl":"10.1016/j.jisa.2025.104238","url":null,"abstract":"<div><div>The verification of academic credentials is facing mounting challenges in an era of global digital transformation. The proliferation of fake degrees, identity fraud, and large-scale data breaches has severely eroded trust in traditional, centralized verification systems. These systems often operate in institutional silos, lack transparency, and are not equipped to function across national or organizational boundaries, making them increasingly inadequate for today’s interconnected, adversarial digital landscape. There is a growing urgency for secure, interoperable, and privacy-preserving mechanisms that can establish decentralized trust at scale. We introduce DAVE-CC, a cross-chain credential verification framework built atop the cross-chain architecture. The primary scientific contribution of DAVE-CC is a novel, holistically decentralized trust architecture for cross-chain credentialing. Unlike prior systems that retain centralized anchors for key management or policy enforcement, our framework synergistically integrates advanced cryptographic primitives to distribute all trust-bearing functions, including credential authorization and attribute-based key generation, across a threshold of independent authorities, thus provably eliminating single points of failure. Our implementation demonstrates low end-to-end latency (2.41 s), compact cryptographic payloads, and resilience under network stress. Scalability tests show throughput improvements from 35 to 140 transactions per second, and latency reduction from 600 ms to 171.4 ms with 30 workers. These results validate the practicality of our trust-distributed architecture for real-world deployment across academic, governmental, and cross-border environments, offering a robust foundation for future-proof credential ecosystems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104238"},"PeriodicalIF":3.7,"publicationDate":"2025-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145095807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SoK: Systematic analysis of adversarial threats against deep learning approaches for autonomous anomaly detection systems in SDN-IoT networks","authors":"Tharindu Lakshan Yasarathna,&nbsp;Nhien-An Le-Khac","doi":"10.1016/j.jisa.2025.104220","DOIUrl":"10.1016/j.jisa.2025.104220","url":null,"abstract":"<div><div>Integrating Software Defined Networking (SDN) and the Internet of Things (IoT) enhances network control and flexibility. Deep Learning (DL)-based Autonomous Anomaly Detection (AAD) systems improve security by enabling real-time threat detection in SDN-IoT networks. However, these systems remain vulnerable to adversarial attacks that manipulate input data or exploit model weaknesses, significantly degrading detection accuracy. Existing research lacks a systematic analysis of adversarial vulnerabilities specific to DL-based AAD systems in SDN-IoT environments. This Systematisation of Knowledge (SoK) study introduces a structured adversarial threat model and a comprehensive taxonomy of attacks, categorising them into data-level, model-level, and hybrid threats. Unlike previous studies, we systematically evaluate white-box, black-box, and grey-box attack strategies across popular benchmark datasets (CICIDS2017, InSDN, and CICIoT2023). Our findings reveal that adversarial attacks can reduce detection accuracy by up to 48.4%, with Membership Inference causing the most significant drop. Carlini &amp; Wagner and DeepFool achieve high evasion success rates. However, adversarial training enhances robustness, and its high computational overhead limits the real-time deployment of SDN-IoT applications. We propose adaptive countermeasures, including real-time adversarial mitigation, enhanced retraining mechanisms, and explainable AI-driven security frameworks. By integrating structured threat models, this study offers a more comprehensive approach to attack categorisation, impact assessment, and defence evaluation than previous research. Our work highlights critical vulnerabilities in existing DL-based AAD models and provides practical recommendations for improving resilience, interpretability, and computational efficiency. This study serves as a foundational reference for researchers and practitioners seeking to enhance DL-based AAD security in SDN-IoT networks, offering a systematic adversarial threat model and conceptual defence evaluation based on prior empirical studies.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104220"},"PeriodicalIF":3.7,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145096009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A lattice-based group signature with backward unlinkability for medical blockchain systems","authors":"Zhi-Hao Liu,&nbsp;Xiu-Bo Chen,&nbsp;Yi-Yang Xie","doi":"10.1016/j.jisa.2025.104226","DOIUrl":"10.1016/j.jisa.2025.104226","url":null,"abstract":"<div><div>To address issues of data island existing in traditional medical information systems and privacy leakage caused by patient-doctor association in medical data sharing, we first propose a secure medical data sharing scheme that combines blockchain and group signatures. The scheme stores the encrypted and desensitized real medical data in the InterPlanetary File System (IPFS) and uploads the returned data access credentials to the blockchain, significantly reducing the blockchain storage overhead. Then, we construct a lattice-based group signature scheme with backward unlinkability for medical data sharing environments, which effectively addresses privacy leakage issues caused by linkability. The group signature scheme is based on the computational intractability of the Short Integer Solution (SIS) problem, achieving anti-quantum security. To optimize the sampling efficiency, the scheme employs a bimodal Gaussian distribution for the generation of signature components. In addition, we formally demonstrate that the scheme achieves correctness and security, satisfying traceability, unforgeability, anonymity, and backward unlinkability. Finally, through extensive performance evaluation, our proposed group signature scheme performs better compared to existing similar cryptographic schemes. It achieves significant improvements in two critical aspects: key size and signature size. These parameters maintain linear independence from the group size, ensuring scalability in large-group applications. And the size of the revocation list is effectively reduced by only storing user tokens that have been revoked before expiration.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104226"},"PeriodicalIF":3.7,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145096007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards subversion-resistant password-protected encryption for deduplicated cloud storage","authors":"Shanshan Li ,&nbsp;Mengfan Ma ,&nbsp;Yunxia Han ,&nbsp;Chunxiang Xu","doi":"10.1016/j.jisa.2025.104233","DOIUrl":"10.1016/j.jisa.2025.104233","url":null,"abstract":"<div><div>Message-Locked Encryption (MLE) enables encrypted deduplication by deriving keys directly from data. Servers-aided MLE extends this model with a master secret shared across key servers, and is widely used for secure deduplicated storage. However, existing servers-aided MLE schemes require users to locally store a separate MLE key for each data item, thereby imposing significant key management burdens. To address this, Zhang et al. introduced SPADE, a password-protected encryption scheme that enables users to manage MLE keys using only a human-memorable password. It applies two-layer encryption: data is encrypted with the MLE key, which is then encrypted with a symmetric key derived from a password-based seed and the user’s identity. The seed is generated via a distributed oblivious pseudorandom function using the data and a password-hardening key shared across key servers. SPADE also supports password-based authentication with both key servers and the cloud server, while preserving encrypted deduplication and servers-aided security. However, it faces three limitations: (i) high storage overhead from per-user credentials and password-hardening keys; (ii) high computational cost due to per-key server authentication; and (iii) vulnerability to subversion attacks if user devices are compromised.</div><div>In this paper, we propose SR-PPE, a subversion-resistant password-protected encryption scheme for deduplicated cloud storage. In SR-PPE, we present a signature-based authentication mechanism where public/secret key pairs are derived from a password-based seed, so servers can perform challenge–response authentication without storing per-user credentials. To enable secure key generation and resist password-guessing attacks, we design an enhanced distributed partially oblivious pseudorandom function that binds computation to users’ identities. We further propose a Merkle tree-based challenge–response mechanism for efficient authentication across multiple servers. A reverse firewall is deployed between users and externals to prevent subversion attacks by generating unbiased randomness and re-randomizing outgoing messages. Security analysis under multiple adversary models and evaluation of communication, computation, and storage costs show that SR-PPE provides strong security with practical efficiency.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104233"},"PeriodicalIF":3.7,"publicationDate":"2025-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145096006","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"UMANeT: A two-stage interpolation-based reversible data hiding framework with attention-enhanced prediction","authors":"Sonal Gandhi,&nbsp;Rajeev Kumar","doi":"10.1016/j.jisa.2025.104217","DOIUrl":"10.1016/j.jisa.2025.104217","url":null,"abstract":"<div><div>Interpolation-based reversible data hiding (RDH) techniques have recently attracted significant attention due to their ability to enhance image resolution while ensuring secure data embedding. However, the effectiveness of these methods heavily depends on the quality of the interpolated cover images. Conventional interpolation techniques, typically based on linear models and limited local pixel contexts, often fail to generate high-quality cover images, thereby compromising the visual quality of the resulting stego images and limiting embedding capacity. To address these limitations, this paper introduces a novel hybrid interpolation framework that combines bicubic interpolation with a deep learning-based predictor to construct a high-fidelity two-stage interpolation mechanism. Central to this framework is a newly proposed predictor, termed UMANeT, which leverages a broader contextual region for improved pixel prediction accuracy. By effectively capturing non-linear and long-range dependencies, UMANeT enhances the overall image quality used for data embedding. Experimental results demonstrate that the proposed method not only achieves superior embedding capacity but also generates cover and stego images of significantly higher visual quality compared to existing interpolation-based RDH techniques.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104217"},"PeriodicalIF":3.7,"publicationDate":"2025-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145049293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Exploiting attribute correlation for reconstruction attacks on differentially private multi-attributed data","authors":"Yanna Jiang ,&nbsp;Baihe Ma ,&nbsp;Xu Wang ,&nbsp;Guangsheng Yu ,&nbsp;Caijun Sun ,&nbsp;Wei Ni ,&nbsp;Ren Ping Liu","doi":"10.1016/j.jisa.2025.104224","DOIUrl":"10.1016/j.jisa.2025.104224","url":null,"abstract":"<div><div>Differential Privacy (DP) is a widely used data privacy-preserving technique with single-attribute DP being a common approach, in which manipulated noise is applied to each data attribute individually. However, data in practical scenarios often contains multiple data attributes, and the correlations between these attributes, which are often overlooked, introduce vulnerabilities to single-attribute DP schemes. In this paper, we present a rigorous analysis demonstrating that these correlations can undermine the protection offered by single-attribute DP schemes, with the risk of compromise increasing as the correlation between attributes becomes more pronounced. We propose a novel attack framework to evade the single-attribute DP protection on multi-attributed data by exploiting the overlooked data attribute correlations. We further implement the attack by developing Machine Learning (ML) algorithms to uncover the straightforward and hidden attribute correlations. Extensive experiments with various ML algorithms are conducted to corroborate our analysis, demonstrating the existence of privacy leakage caused by data attribute correlations and the effectiveness of the proposed attack with significantly enhanced reconstruction accuracy. In one of our experiments, the proposed attack method mitigated over 50% of the DP noise, significantly enhancing the accuracy of reconstruction attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104224"},"PeriodicalIF":3.7,"publicationDate":"2025-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145049292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FedESP: Effective, Stealthy, and Persistent backdoor attack on federated learning","authors":"Sitian Wang ,&nbsp;Xuan Li ,&nbsp;Mingyang Yu ,&nbsp;Shuai Yuan ,&nbsp;Zhitao Guan","doi":"10.1016/j.jisa.2025.104223","DOIUrl":"10.1016/j.jisa.2025.104223","url":null,"abstract":"<div><div>Federated learning enables clients to train models collaboratively without exchanging local data, but its decentralized nature brings new security threats, including backdoor attacks. In a backdoor attack, adversaries embed triggers that lead the global model to produce incorrect predictions for certain inputs. Nevertheless, current approaches often demonstrate limited effectiveness, poor stealth, and low persistence. We address these issues by introducing FedESP. It first optimizes the trigger through adversarial training, ensuring its effectiveness even after the attacker ceases the attack, thus enhancing its persistence. A regularization term is incorporated during trigger optimization to further enhance stealth. Then FedESP selectively poisons high-responsive parameters and applies a malicious scaling factor to increase the impact of these poisoned updates, thereby improving the attack’s effectiveness. Experimental results on CIFAR-10 and CIFAR-100 confirm that FedESP achieves a higher success rate and persistence than benchmark methods while effectively bypassing existing backdoor defense mechanisms.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104223"},"PeriodicalIF":3.7,"publicationDate":"2025-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145049282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Adaptive security framework for multi-environment networks using ensemble data drift detection and incremental deep learning","authors":"Furqan Rustam,&nbsp;Anca Delia Jurcut","doi":"10.1016/j.jisa.2025.104219","DOIUrl":"10.1016/j.jisa.2025.104219","url":null,"abstract":"<div><div>Modern multi-environment (M-En) networks comprise diverse architectures such as IoT and traditional IP-based networks. These networks pose significant challenges for threat mitigation due to heterogeneous protocols and traffic patterns. This study proposes a unified incremental learning framework to efficiently secure M-En networks by reducing management overhead, improving scalability, and lowering costs. We designed this approach for real-time environments, enabling adaptation to new scenarios with high accuracy and efficiency. To develop the framework, we first generate an M-En dataset using partial least squares canonical analysis, synthesizing data from two benchmark datasets: IoT23 and CICDDoS2019, representing IoT and traditional IP-based networks, respectively. Our approach employs an ensemble data drift detection (EDDD) mechanism that combines ADaptive WINdowing and autoencoders, enabling adaptive model updates. A deep neural network is incrementally retrained only when data drift is detected, ensuring adaptability to evolving attacks while conserving computational resources. To avoid catastrophic forgetting, we incorporate replay-based memory, regularization, and an interpolation mechanism governed by a blending parameter <span><math><mrow><mi>α</mi><mo>∈</mo><mrow><mo>[</mo><mn>0</mn><mo>,</mo><mn>1</mn><mo>]</mo></mrow></mrow></math></span>, which balances the integration of new and historical knowledge. Furthermore, the explainable AI technique LIME is integrated to enhance the transparency of the model’s decision-making process. Experimental results indicate that our approach achieves a mean accuracy of 0.999 while maintaining low memory usage, approximately 32.1 MB, and a stable model size of 0.11 MB.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104219"},"PeriodicalIF":3.7,"publicationDate":"2025-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145049281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Exploring the ransomware ecosystem and the active defense concept: Review of attacks and defense","authors":"Lingbo Zhao ,&nbsp;Zhilu Wang ,&nbsp;Shuquan Wang ,&nbsp;Yuhui Zhang ,&nbsp;Rui Hou ,&nbsp;Dan Meng","doi":"10.1016/j.jisa.2025.104171","DOIUrl":"10.1016/j.jisa.2025.104171","url":null,"abstract":"<div><div>Ransomware has become one of the most notorious types of malware, increasingly targeting end-users, governments, and businesses. Its growing sophistication poses a significant cybersecurity threat. Researchers have proposed numerous defense solutions to mitigate the ransomware threat. They have also conducted over 10 review studies to cover certain aspects of ransomware in the past ten years. However, none of them detail the attack mechanisms or explore possible mitigation strategies. To this end, we present a comprehensive review of ransomware and its defenses. We detail the attack mechanisms and vulnerabilities exploited by ransomware, and assess both commercial and academic defense solutions. Additionally, we explore active defense concepts that help mitigate ransomware threats and provide strategic guidance for future ransomware defense efforts. Our survey serves as an entry point into the study of ransomware and its defense, offering potential insights for enhancing existing solutions and minimizing the impact of ransomware attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104171"},"PeriodicalIF":3.7,"publicationDate":"2025-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145026448","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"LR-CAKA: A leakage-resilient compatible authenticated key agreement protocol for heterogeneous public-key cryptosystems","authors":"Ting-Chieh Ho,&nbsp;Yuh-Min Tseng,&nbsp;Sen-Shan Huang","doi":"10.1016/j.jisa.2025.104222","DOIUrl":"10.1016/j.jisa.2025.104222","url":null,"abstract":"<div><div>Authenticated key agreement (AKA) is a fundamental cryptographic primitive that enables two remote members in a public-key cryptosystem (PKCS) to mutually authenticate and generate a session key, which is then used to encrypt and decrypt messages between them. In the past, numerous AKA protocols based on various PKCSs have been designed. In response to the growing threat of side-channel attacks, researchers have proposed some leakage-resilient AKA (LR-AKA) protocols that maintain security even when partial private key information is exposed. However, existing LR-AKA protocols are generally designed for homogeneous environments, where both members operate within the same PKCS. To address this limitation, we propose the <em>first</em> leakage-resilient compatible AKA (LR-CAKA) protocol for heterogeneous PKCSs. The LR-CAKA protocol enables secure and efficient authenticated key agreement between two members operating under different PKCSs, specifically between a member in the public-key infrastructure PKCS (PKI-PKCS) and the other in the certificateless PKCS (CL-PKCS). Also, we introduce a PKCS upgrade procedure from the PKI-PKCS to the CL-PKCS. The security of the LR-CAKA protocol is formally proven using a technique based on the generic bilinear group (GBG) model, under the discrete logarithm (DL), computational Diffie–Hellman (CDH) and hash function (HF) assumptions. Finally, performance evaluations and comparative analysis demonstrate that the LR-CAKA protocol offers significant advantages over existing LR-AKA protocols.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104222"},"PeriodicalIF":3.7,"publicationDate":"2025-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145019543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}