{"title":"A DNN robust video watermarking method in dual-tree complex wavelet transform domain","authors":"","doi":"10.1016/j.jisa.2024.103868","DOIUrl":"10.1016/j.jisa.2024.103868","url":null,"abstract":"<div><p>Deep learning is increasingly being applied in the field of robust watermarking. However, the existing deep learning-based video watermarking methods only uses spatial domain information as the input and the robustness against attacks such as H.264/AVC compression is still not strong. Therefore, this paper proposes a deep learning-based robust video watermarking method in dual-tree complex wavelet transform (DT-CWT) domain. The video frames are transformed into the DT-CWT domain and the suitable high-pass subbands are selected as candidate embedding positions. Then, the 2D and 3D convolutions are combined to extract both intra-frame spatial features and inter-frame temporal features for finding the stable and imperceptible coefficients for watermark embedding in the candidate positions. The convolutional attention module (CBAM) is used to further adjust the embedding coefficients and strengths. In addition, the attack layer, where a differentiable proxy is specially designed in this paper for the simulation of non-differentiable H.264/AVC compression, is introduced to generate distorted watermarked videos for improving the robustness against different attacks. Experimental results show that our method is superior to both the existing deep learning-based methods and traditional methods in the robustness against both spatial and temporal attacks while preserving high video quality. The source code is available at <span><span>https://github.com/imagecbj/A-DNN-Robust-Video-Watermarking-Method-in-DT-CWT-Domain</span><svg><path></path></svg></span>.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142050348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Towards accountable and privacy-preserving blockchain-based access control for data sharing","authors":"","doi":"10.1016/j.jisa.2024.103866","DOIUrl":"10.1016/j.jisa.2024.103866","url":null,"abstract":"<div><p>The integration of blockchain technology with Access Control (AC) systems presents novel opportunities for enhancing data security within decentralized architectures, which is drawing increasing attention in Data Sharing (DS) applications. However, existing works reveal a gap in achieving accountability for anonymous access in the absence of a centralized trusted authority. To address this issue, this paper introduces InvisiReveal, a novel Blockchain-Based AC (BBAC) framework that achieves permission invisibility, access anonymity, and accountability without extra trust assumptions. Users in InvisiReveal generate anonymous credentials to authenticate their requests using Zero Knowledge Proof. To enable accountability, a novel blockchain-oriented verifiable commitment (BC-VC) protocol is designed that allows a user to commit a confidential traceable tag to the blockchain. The system could unveil a malicious requester’s identity by opening the tag commitment under collaboration with the victim user and blockchain. We implement a prototype of InvisiReveal to evaluate its practicality, where an access request is verified within 5 ms.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142048679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Efficient detection of intra/inter-frame video copy-move forgery: A hierarchical coarse-to-fine method","authors":"","doi":"10.1016/j.jisa.2024.103863","DOIUrl":"10.1016/j.jisa.2024.103863","url":null,"abstract":"<div><p>With a simple forgery technique but a realistic result, video copy-move forgery has currently become one of the most popular tampering manners. In the last couple of years, various new techniques deriving from machine intelligence and pattern recognition have been widely proposed for image forensics. However, it still faces a very challenging task in the field of video copy-move forgery for four reasons: i) Low <em>F</em><sub>1</sub> score and high <em>false-alarm</em>; ii) Lack of a synthesis processing framework; iii) Weak detection robustness and accuracy; iv) Low efficiency. A novel Hierarchical Coarse-to-Fine framework for effective video copy-move forgery detection is proposed to overcome these challenges: i) In the coarse forgery frame-pair matching, the <em>coarse copy-move frame-pairs matching</em> algorithm with the newly proposed <em>two-pass filters</em> can locate real forgery frame-pairs (FFP) and also reduce <em>false-alarm</em>. ii) Through further analysis of the actual FFP, the detection of intra-frame and inter-frame copy-move forgeries can be accurately and simultaneously determined. iii) In the fine keypoint-pairs matching, our newly designed <em>two-hierarchical keypoint-pair filtering</em> can accurately localize the forgery region at pixel level under various adverse conditions. iv) The novel <em>Hierarchical Coarse-to-Fine framework</em> (together with the newly designed algorithms above) considers only the real FFP and true keypoint-pairs for computation, resulting in higher efficiency and accuracy. Finally, Delaunay Triangulation-based region filling is employed to indicate the forgery regions. Compared to the latest methods, our algorithm has been tested extensively and found to be the best at detecting forgeries, with a top score of <em>F</em><sub>1</sub>=0.77 and no <em>false-alarms</em>, even under different types of attacks, as validated by the well-known GRIP dataset.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142050347","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A different base approach for better efficiency on range proofs","authors":"","doi":"10.1016/j.jisa.2024.103860","DOIUrl":"10.1016/j.jisa.2024.103860","url":null,"abstract":"<div><p>Zero-knowledge range proofs (ZKRPs) are commonly used to prove the validation of a secret integer lies in an interval to some other party in a secret way. In many ZKRPs, the secret is represented in binary and then committed via a suitable commitment scheme or represented as an appropriate encryption scheme. This paper is an extended version of the conference paper presented at the 14th IEEE International Conference on Security of Information and Networks. To this end, after summarizing the conference paper, we first analyze the proof proposed by Mao in 1998 in the elliptic-curve setting. Mao’s proof contains a bit commitment scheme with an OR construction as a sub-protocol. We have extended Mao’s range proof to base-<span><math><mi>u</mi></math></span> with a modified OR-proof. We investigate and compare the efficiency of different base approaches on Mao’s range proof with both Pedersen commitment and ElGamal encryption. Later, we analyze the range proof proposed by Bootle et al. in both finite fields and elliptic-curve settings. This proof contains polynomial commitment with matrix row operations. We take the number of computations in modulo exponentiation and the cost of the number of exchanged integers between parties. Then, we generalize these costs for <span><math><mi>u</mi></math></span>-based construction. We show that compared with the base-2 representation, different base approach provides efficiency in communication cost or computation cost, or both.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142041037","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Comprehensively enhancing the security of control with combined homomorphic encryption","authors":"","doi":"10.1016/j.jisa.2024.103862","DOIUrl":"10.1016/j.jisa.2024.103862","url":null,"abstract":"<div><p>Homomorphic encryption is an effective way to address the privacy and security issues of Networked Control Systems (NCSs). Since the control function needs to be redesigned according to the homomorphism to complete encrypted computing, the practical implementation of a perfectly secure and highly efficient NCS is challenging. Previously proposed NCSs based on homomorphic encryption are still subject to the risk of eavesdropping attacks. In this paper, a combined homomorphic encryption scheme is designed to build a secure environment for NCSs. This scheme comprehensively enhances the security of NCSs by eliminating potential security hazards. The risk of eavesdropping attacks on information in the controller and communication channel is avoided. More specifically, the entire control scheme is encrypted and privacy computing within the controller is performed on this basis. Data protection is provided for all transmission channels, including the transmission of the intermediate result and controller state. In particular, the computational efficiency of the encrypted control system is fast and feasible for real-time control. The performance and stability of the closed-loop system are maintained.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142012121","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Secure similar patients query with homomorphically evaluated thresholds","authors":"","doi":"10.1016/j.jisa.2024.103861","DOIUrl":"10.1016/j.jisa.2024.103861","url":null,"abstract":"<div><p>Patient-centric precision medicine requires the analysis of large volumes of genomic data to tailor treatments and medications based on individual-level characteristics. Because the amount of data held by a single institution is limited, researchers may want access to genomic data held by other institutions. Owing to the inherent privacy implications of genomic data, performing comparisons on <em>encrypted</em> data is preferable in certain settings. The <em>Similar patient query</em> (SPQ) is an application that enables a secure search across genomic databases for patients with similar genetic makeup. Query results can be used to draw meaningful conclusions regarding suitable therapies.</p><p>However, existing protocols either reveal intermediate computations, such as similarity scores, which can lead to membership-inference attacks, or they realize the ideal Boolean output (similar/not similar) through <em>multiple</em> protocol rounds, requiring the database owners to stay online throughout.</p><p>This paper introduces a two-party privacy-preserving approach to perform SPQs across encrypted genomic databases based on secure function extensions of additively homomorphic encryption. In contrast to related works, our scheme enables secure computation of genomic data similarity without an external party in a single round. This is achieved for more than 1000 positions of a genome in a single public key operation of 256-bit security level in the integer factorization setting.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001637/pdfft?md5=03b251bf5e21af75bddaf15bffd0b4fd&pid=1-s2.0-S2214212624001637-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142006706","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"e-SAFE: A secure and efficient access control scheme with attribute convergence and user revocation in fog enhanced IoT for E-Health","authors":"","doi":"10.1016/j.jisa.2024.103859","DOIUrl":"10.1016/j.jisa.2024.103859","url":null,"abstract":"<div><p>The growth of IoT led to a surge in connected devices and data production in the medical field. Therefore, to meet the rising demand for modern healthcare services, Fog and Cloud services come as a rescue for IoT-based equipment. As data travels through several levels, providing security to such data is challenging. The CP-ABE cryptographic approach allows for efficient access control. However, none of the known cryptographic CP-ABE approaches that provide granular access control offers the following features: <em>attribute convergence</em>, <em>privileged access</em>, <em>user revocation</em>, and <em>outsourcing capabilities</em> altogether. Thus, we present <em>e-SAFE</em>, a CP-ABE approach which addresses all these issues. In addition, in <em>e-SAFE</em>, the data users with resource-constrained medical gadgets must save just a constant and small-size decryption key on their gadgets. According to our assessment of security and performance, <em>e-SAFE</em> is found to be a secure and efficient access control technique for IoT gadgets.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141997724","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A robust medical image zero-watermarking algorithm using Collatz and Fresnelet Transforms","authors":"","doi":"10.1016/j.jisa.2024.103855","DOIUrl":"10.1016/j.jisa.2024.103855","url":null,"abstract":"<div><p>Zero-watermarking in medical images is an emerging field that focuses on calculating the invisible data (key) using medical imagery to ensure data integrity and authenticity without compromising diagnostic accuracy. This paper introduces a robust zero-watermarking technique leveraging the Collatz and Fresnelet Transforms. The Forward Collatz Transform (FCT) is initially applied to create a secure and encrypted embedding pattern for medical images. Subsequently, the Fresnelet Transform (FT) is employed, offering superior localization and frequency selectivity. From the fresnelet values, we extract two strongest Oriented FAST and Rotated BRIEF (ORB) points to enhance watermark robustness, resulting in a 64-bit perceptual image hash. Our approach adopts a dual-layer security strategy by combining FCT and Cyclic-Shift-Transformation (CST) methods, significantly fortifying the protection of watermark image data. The watermark can be efficiently extracted using the Inverse Collatz Transform (ICT). A comprehensive performance analysis evaluates our system under single, double, and multiple attacks on medical images. Our experiments clearly show that our system outperforms existing methods in medical image watermarking, demonstrating its resilience against various manipulations. This approach can significantly improve data security and reliability in medical imaging applications.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141993319","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Color image encryption scheme combining a 2D hyperchaotic Sin–Henon system and the division algorithm","authors":"","doi":"10.1016/j.jisa.2024.103858","DOIUrl":"10.1016/j.jisa.2024.103858","url":null,"abstract":"<div><p>As an important transmission medium, color images can provide more information, but in the process of image encryption, few algorithms fully consider the relationship between three color planes. To achieve a more secure and effective color image encryption effect, we propose a novel scheme combining a 2D hyperchaotic Sin–Henon system (2D-SH) and the division algorithm. 2D-SH is designed based on Sin mapping and Henon mapping, which has a broader chaotic range, better ergodicity, and more complicated chaotic behavior. The division algorithm is applied to the chaotic sequences produced by 2D-SH to generate a position matrix and two pseudo-random matrices for cross-plane scrambling and diffusion. The main encryption process involves three steps. Firstly, a color plaintext image is dimensionally reduced and preprocessed into a 2D pixel matrix to improve the efficiency of scrambling and diffusion. Secondly, the position matrix is used to achieve cross-plane scrambling. Finally, the pseudo-random matrices and the position matrix are used to realize synchronous diffusion and scrambling. The algorithm is simple in structure and can complete the encryption with only one round of the process. Simulation experiments and security analyses demonstrate that the proposed algorithm can not only encrypt images securely and fast, but also successfully pass various tests, demonstrating robustness and effectiveness. In addition, SH-CIEA outperforms some latest algorithms in terms of variance, entropy, and other aspects. The calculation time is nearly 0.61 s, showing its efficiency for practical applications.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141993320","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Obfuscation undercover: Unraveling the impact of obfuscation layering on structural code patterns","authors":"","doi":"10.1016/j.jisa.2024.103850","DOIUrl":"10.1016/j.jisa.2024.103850","url":null,"abstract":"<div><p>Malware often uses code obfuscation to evade detection, employing techniques such as packing, virtualization, and data encoding or encryption. Despite widespread application, the impact of combining these techniques in a particular order – so-called obfuscation layering – on code analysis remains poorly understood. This study advances previous research by examining the effects of obfuscation layering on the classification of obfuscation techniques contained in binary code, focusing on how different layering combinations alter structural code patterns. Utilizing a dataset of 85 C programs modified with various combinations of code obfuscation techniques, we analyze the impact of obfuscation layering on structural code metrics such as its control flow complexity. Our study demonstrates that obfuscation layering significantly affects the ability to classify obfuscated code and that the order of applied obfuscations is less significant for classification than previously assumed. Through explainability methodologies our work offers novel insights for malware analysts and researchers to improve their detection strategies.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001522/pdfft?md5=3de2f994e091baa96e64c5d0c427f0b4&pid=1-s2.0-S2214212624001522-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141997723","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}