Journal of Information Security and Applications最新文献

{"title":"Reversible data hiding in encrypted image using bit-plane based label-map encoding with optimal block size","authors":"Ankur ,&nbsp;Rajeev Kumar ,&nbsp;Ajay K. Sharma","doi":"10.1016/j.jisa.2025.104005","DOIUrl":"10.1016/j.jisa.2025.104005","url":null,"abstract":"<div><div>In today’s digital landscape, maintaining the confidentiality and privacy of sensitive information has become an essential requirement. For this, Reversible data hiding in encrypted images (RDHEI) has garnered considerable attention as it enables embedding of large amounts of secret data in encrypted images without requiring knowledge of the original image contents. To further increase the embedding capacity (EC) while maintaining security, this paper presents a new bit-plane-based RDHEI using label-map encoding with optimal block size. The proposed method employs a hybrid predictor to generate a low-magnitude difference image, which is transformed into highly compressible bit-plane-wise label-maps. A novel block-based label-map encoding is also introduced, which optimally represents these label-maps as bit-streams to significantly reduce their size. These bit-streams are embedded in the original encrypted image to guide the data hider, ensuring complete reversibility and lossless extraction at the receiving end. Extensive experimentation shows that the proposed method achieves an average embedding rate of 3.8770 bpp for BOSSBase and 3.7944 bpp for BOWS-2, outperforming state-of-the-art RDHEI methods. Further, the method ensures lossless reconstruction of the original image and error-free extraction of hidden data while demonstrating strong resilience against malicious attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104005"},"PeriodicalIF":3.8,"publicationDate":"2025-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143474283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fed-GWAS: Privacy-preserving individualized incentive-based cross-device federated GWAS learning","authors":"Omid Torki ,&nbsp;Maede Ashouri-Talouki ,&nbsp;Mina Alishahi","doi":"10.1016/j.jisa.2025.104002","DOIUrl":"10.1016/j.jisa.2025.104002","url":null,"abstract":"<div><div>The widespread availability of DNA sequencing technology has led to the genetic sequences of individuals becoming accessible data, creating opportunities to identify the genetic factors underlying various diseases. In particular, Genome-Wide Association Studies (GWAS) seek to identify Single Nucleotide Polymorphism (SNPs) associated with a specific phenotype. Although sharing such data offers valuable insights, it poses a significant challenge due to both privacy concerns and the large size of the data involved. To address these challenges, in this paper, we propose a novel framework that combines both federated learning and blockchain as a platform for conducting GWAS studies with the participation of single individuals. The proposed framework offers a mutually beneficial solution where individuals participating in the GWAS study receive insurance credit to avail medical services while research and treatment centers benefit from the study data. To safeguard model parameters and prevent inference attacks, a secure aggregation protocol has been developed. The evaluation results demonstrate the scalability and efficiency of the proposed framework in terms of runtime and communication, outperforming existing solutions.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 104002"},"PeriodicalIF":3.8,"publicationDate":"2025-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143463734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Novel improvements and extensions of the extractable results about (leakage-resilient) privacy schemes with imperfect randomness","authors":"Yanqing Yao ,&nbsp;Zhoujun Li","doi":"10.1016/j.jisa.2025.104008","DOIUrl":"10.1016/j.jisa.2025.104008","url":null,"abstract":"<div><div>Traditional cryptographic primitives usually take for granted the availability of perfect randomness. Unfortunately, in reality one must deal with various imperfect randomness (e.g., physical sources, secrets with partial leakage, biometric data). Bosley and Dodis in TCC’07 [BD07] proposed that private-key encryption requires extractable randomness and hoped their result would arouse more interest in exploring the extent to which cryptographic primitives can be grounded on imperfect randomness. Aggarwal et al. in TCC’22 [ACOR22] observed leakage-resilient secret sharing requires extractable randomness. Partially motivated by these, we study improvements and extensions of the extractable results proposed before. We consider the generalized (leakage-resilient) privacy schemes (including encryption, perfectly binding commitment, threshold secret sharing). We get the new results below. Firstly, we explore extractable results about the generalized privacy schemes using two methods: one is an improved and generalized method based on [BD07] by combining different Chernoff Bounds; the other creatively employs Lemma 3 of [ACOR22]. Afterwards, we improve and extend the above results grounded on the Rényi entropy. In particular, (a) substituting the collision entropy for the min-entropy, we obtain tighter bounds than the counterpart of Lemma 3 in [ACOR22]; (b) replacing the min-entropy with the Rényi entropy, we give a tricky and detailed proof for generalized version of Lemma 4 of [ACOR22], while the coupling argument in that proof of [ACOR22] is used directly without explanation, which is unclear and hard to understand. Finally, we propose the extractable results about the generalized leakage-resilient privacy schemes using two methods: one extends Theorem 1(a) of [BD07]; the other uses more generalized, more intuitive, and simpler proof ideas than the counterpart of [ACOR22]. Furthermore, we present concrete and essential restrictions on the parameters by proving the main theorem other than [ACOR22] that proposed unspecific parameters.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 104008"},"PeriodicalIF":3.8,"publicationDate":"2025-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143452761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Advanced octree-based reversible data hiding in encrypted point clouds","authors":"Yuan-Yu Tsai,&nbsp;Wen-Ting Jao,&nbsp;Alfrindo Lin,&nbsp;Shih-Yi Wang","doi":"10.1016/j.jisa.2025.104006","DOIUrl":"10.1016/j.jisa.2025.104006","url":null,"abstract":"<div><div>This study presents an effective algorithm for reversible data hiding in encrypted point clouds, employing an advanced octree-based subdivision to significantly improve the embedding rate. By intelligently dividing the point cloud’s boundary volume into distinct subspaces, each specifically adapted to the distribution of points, the octree enables accurate subspace allocation without requiring the points’ positional information, thanks to its spatial organization prowess. Our algorithm advances the field of reversible data hiding in encrypted point clouds by leveraging octree subdivision and multi-MSB prediction, collaboratively enhancing the embedding rate and capacity. The algorithm skillfully adjusts the subdivision threshold, thus optimizing the subspace sizes to meet various embedding capacity needs. It also enhances the selection of pivotal reference, the subspace center, for embedding capacity calculation. The algorithm achieves an 100 % embedding rate and an average embedding capacity of 39.76 bits per point under optimal subdivision parameters, surpassing existing techniques. Comparative studies demonstrate its superior performance, with a 13.28 % increase in pure embedding capacity compared to previous methods. The algorithm guarantees the retrieval of the embedded message and the perfect restoration of the original model, facilitated by the octree’s accurate point repositioning feature. These results represent a substantial advancement in reversible data hiding, promoting increased effectiveness and security for encrypted point clouds, with potential implications in multiple industries.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 104006"},"PeriodicalIF":3.8,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143445839","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hybrid prediction error and histogram shifting method for reversible data hiding in video system","authors":"Cheng-Ta Huang ,&nbsp;Jing-Xuan Song ,&nbsp;Thi Thu-Ha Dang","doi":"10.1016/j.jisa.2025.104007","DOIUrl":"10.1016/j.jisa.2025.104007","url":null,"abstract":"<div><div>With the rapid advancement of communication technology, ensuring the security of information transmission has become increasingly crucial. In today's digital landscape, video has emerged as one of the most popular media formats. Video Reversible Data Hiding (RDH) involves embedding information or secret data within a video file while preserving the perceived quality of the resulting stego video. This technique enables the receiver to perfectly restore the original video and extract the embedded secret data. Achieving high-quality stego files while maintaining sufficient capacity for secret data remains a significant challenge. This research proposes a novel reversible video data hiding method that utilizes an innovative prediction error algorithm for intra-frame pixel value prediction error calculation. The algorithm generates sharp histograms based on these prediction errors, with sharper histograms corresponding to a higher Peak signal-to-noise ratio (PSNR) of the stego video. Additionally, the method incorporates an adaptive zero-point system to identify which zero point that require minimal histogram shifts, thus achieving adaptive effects within each frame by applying different shifts based on frame characteristics. The proposed prediction error algorithm enhances the histogram shifting effects and addresses the limitation of not embedding data in the first frame while maintaining superior PSNR. Extensive experimental analysis demonstrates that proposed method surpasses various existing techniques in terms of steganographic video quality.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 104007"},"PeriodicalIF":3.8,"publicationDate":"2025-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143445840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reversible data hiding in Redundancy-Free cipher images through pixel rotation and multi-MSB replacement","authors":"Lingfeng Qu ,&nbsp;Xu Wang ,&nbsp;Yuan Yuan ,&nbsp;Jiayu Zhou ,&nbsp;Yao Xin","doi":"10.1016/j.jisa.2025.104003","DOIUrl":"10.1016/j.jisa.2025.104003","url":null,"abstract":"<div><div>Reversible data hiding in encrypted images (RDH-EI) has gained significant attention as a solution to content security challenges in cloud-based image storage. A key challenge in this field is to achieve large-capacity data hiding directly within secure ciphertexts without relying on any redundancy. This paper proposes a scheme for achieving high-capacity reversible data hiding in ciphertext images without redundancy. By combining stream cipher XOR and pixel permutation encryption, the generated ciphertext eliminates redundant information, making it resistant to existing cryptographic attacks. In the data embedding phase, we first rotate the positions of pixels within the image blocks and adjust the arrangement of pixel bit-planes to effectively exploit spatial position features for reversible data hiding. Subsequently, we exploit the embedding potential of the central pixel by applying MSB replacement, further increasing the embedding capacity. We introduce a novel method for calculating image block complexity to enhance image recovery quality, considering pixel correlations within and between adjacent blocks. Experimental results show that the proposed RDH-EI scheme achieves a maximum embedding capacity close to 1<!--> <!-->bpp, significantly higher than both classical and state-of-the-art algorithms. Moreover, the algorithm is resilient to potential attacks, such as forgery attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 104003"},"PeriodicalIF":3.8,"publicationDate":"2025-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143437863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Equipment failure data trends focused privacy preserving scheme for Machine-as-a-Service","authors":"Zhengjun Jing ,&nbsp;Yongkang Zhu ,&nbsp;Quanyu Zhao ,&nbsp;Yuanjian Zhou ,&nbsp;Chunsheng Gu ,&nbsp;Weizhi Meng","doi":"10.1016/j.jisa.2025.104000","DOIUrl":"10.1016/j.jisa.2025.104000","url":null,"abstract":"<div><div>In the Machine-as-a-Service (MaaS) model, enterprises lease equipment from original equipment manufacturer (OEM) to reduce production costs, and share equipment failure data to assist OEM improve equipment quality. However, The failure data trends formed by the frequency of multi-type failure may reveal private information about the enterprises. Most previous studies did not consider the issue of privacy leakage through failure data trends. Therefore, we propose an equipment failure data trends focused privacy preserving scheme for MaaS to prevent the leakage of enterprise privacy data trends. Firstly, our scheme safeguards the multi-dimensional data privacy of equipment through local differential privacy. Secondly, the differential privacy mechanism is integrated into the blockchain to build a fine-grained privacy-preserving categorical query algorithm for enterprise privacy, which decouples the correlation between failure data trends and enterprise privacy. Finally, theoretical analysis proves the privacy preservation capabilities of our scheme. The experimental analysis confirms that our scheme effectively protects data trends privacy, and the results indicate that our scheme has lower computational and time expenditures compared to similar schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 104000"},"PeriodicalIF":3.8,"publicationDate":"2025-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143437851","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A privacy-preserving certificate-less aggregate signature scheme with detectable invalid signatures for VANETs","authors":"Xiaoliang Wang ,&nbsp;Peng Zeng ,&nbsp;Guikai Liu ,&nbsp;Kuan-Ching Li ,&nbsp;Yuzhen Liu ,&nbsp;Biao Hu ,&nbsp;Francesco Palmieri","doi":"10.1016/j.jisa.2025.104001","DOIUrl":"10.1016/j.jisa.2025.104001","url":null,"abstract":"<div><div>Vehicular Ad-hoc Networks (VANETs) have significantly improved the efficiency of traffic systems, but there are many security concerns, such as reliable message exchange and privacy-preserving. Besides, under resource-limited conditions, many signed safety-related messages need to be verified in a short period of time. For such, many Certificate-Less Aggregate Signature (CLAS) schemes are proposed. However, some existing CLAS schemes need an efficient algorithm to detect invalid signatures when aggregate verification fails or the proposed algorithms have some unnecessary computation overhead. To overcome such issues, we propose an efficient CLAS scheme that not only fulfills security requirements in VANETs but also provides an improved algorithm to detect invalid signatures with the corresponding real identities. In addition, under the Random Oracle Model (ROM) based Computational Diffie–Hellman (CDH) assumption, we demonstrate that the proposed CLAS scheme is existentially unforgeable under adaptively chosen message attacks (EUF-ACMAs). Performance analysis shows that the proposed scheme is more advantageous in terms of computation overhead and security than other existing schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 104001"},"PeriodicalIF":3.8,"publicationDate":"2025-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143427845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Privacy-preserving word vectors learning using partially homomorphic encryption","authors":"Shang Ci ,&nbsp;Sen Hu ,&nbsp;Donghai Guan ,&nbsp;Çetin Kaya Koç","doi":"10.1016/j.jisa.2025.103999","DOIUrl":"10.1016/j.jisa.2025.103999","url":null,"abstract":"<div><div>This paper introduces a privacy-preserving scheme for learning <strong>GloVe</strong> word vectors on encrypted data. Users first encrypt their private data using a partially homomorphic encryption algorithm and then send the ciphertext to a cloud server to execute the proposed scheme. The cloud server generates high-quality word vectors for subsequent machine learning tasks by filtering out disturbances. We conduct a theoretical analysis of the security and efficiency of the proposed approach. Experimental results on real-world datasets demonstrate that our scheme effectively trains word vectors without compromising user privacy or the integrity of the word vector model, while keeping the user-side implementation lightweight and offline.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103999"},"PeriodicalIF":3.8,"publicationDate":"2025-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143419886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Formal verification of a V2X scheme mixing traditional PKI and group signatures","authors":"Simone Bussa,&nbsp;Riccardo Sisto,&nbsp;Fulvio Valenza","doi":"10.1016/j.jisa.2025.103998","DOIUrl":"10.1016/j.jisa.2025.103998","url":null,"abstract":"<div><div>Vehicle-to-Everything (V2X) communications are expected to reshape road mobility in the increasingly near future. This type of communication allows a vehicle to transmit information, such as its position and speed, which can be used for different applications. However, despite the benefits, the increased connectivity and data sent over the network may expose the vehicle to a significant number of cyber attacks. This paper takes one of the schemes proposed in the literature to protect the security and privacy of the vehicles, and analyses it from a security and privacy perspective using Proverif. Specifically, this scheme is unique in combining asymmetric encryption with digital certificates and group signatures used by vehicles to self-certify those certificates. We present a formal model able to capture all the main aspects of the protocol and the context in which it works, and show how security and privacy properties can be expressed for formal verification in Proverif. Our analysis conducted on the model of the protocol revealed some weaknesses for which we tried to provide a solution.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103998"},"PeriodicalIF":3.8,"publicationDate":"2025-02-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143403137","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}