Journal of Information Security and Applications最新文献_第4页

BridgeSec: Facilitating effective communication between security engineering and systems engineering

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-06 DOI: 10.1016/j.jisa.2024.103954

Avi Shaked , Nan Messe

{"title":"BridgeSec: Facilitating effective communication between security engineering and systems engineering","authors":"Avi Shaked , Nan Messe","doi":"10.1016/j.jisa.2024.103954","DOIUrl":"10.1016/j.jisa.2024.103954","url":null,"abstract":"<div><div>We increasingly rely on systems to perform reliably and securely. Therefore, it is imperative that security aspects are properly considered when designing and maintaining systems. However, achieving the security by design ideal is challenging. Security information is typically unstructured, dispersed, hard to communicate, and its assessment is somewhat subjective and tacit. Additionally, the inclusion of security information within design requires integrating the efforts of two knowledge-intensive disciplines: security engineering and systems engineering. In this paper, we introduce BridgeSec, a novel conceptual information-exchange interface to systemise the communication of security information between these two disciplines. The main contribution of BridgeSec lies in its explicit identification of concepts related to vulnerability management, which allows systems engineering and security engineering teams to codify pertinent information. The disciplines involved in the system design can thus coordinate policies, implementations and, ultimately, the security posture. Furthermore, based on the newly unveiled interface, an automated reasoning mechanism is specified. This mechanism allows to reason about the vulnerability posture of systems in a scalable and systematic way. First, we describe and formalise the information-exchange interface BridgeSecand how it can be used to reason about the security of systems designs. Next, we present an open-source prototype – integrated into a threat modelling tool – which rigorously implements the interface and the reasoning mechanism. Finally, we detail two diverse and prominent applications of the interface for communicating security aspects of systems designs. These applications show how BridgeSec can rigorously support the design of systems’ security in two representative scenarios: in coordinating security features and policy during design, and in coordinating mitigation to disclosed implementation vulnerabilities.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103954"},"PeriodicalIF":3.8,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blacklisting access control via negated subset predicate encryption: Constant-size ciphertexts/keys constructions with adaptive security or attribute hiding

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-06 DOI: 10.1016/j.jisa.2024.103959

Yi-Fan Tseng

{"title":"Blacklisting access control via negated subset predicate encryption: Constant-size ciphertexts/keys constructions with adaptive security or attribute hiding","authors":"Yi-Fan Tseng","doi":"10.1016/j.jisa.2024.103959","DOIUrl":"10.1016/j.jisa.2024.103959","url":null,"abstract":"<div><div>In order to realize the functionality for blacklisting, we introduce a novel primitive, negated subset-predicate encryption (NSPE), where a ciphertext associated with a set <span><math><msub><mrow><mi>S</mi></mrow><mrow><mi>C</mi></mrow></msub></math></span> can be only decrypted by a private key related to a set <span><math><msub><mrow><mi>S</mi></mrow><mrow><mi>K</mi></mrow></msub></math></span> iff <span><math><mrow><msub><mrow><mi>S</mi></mrow><mrow><mi>K</mi></mrow></msub><mo>⁄</mo><mo>⊆</mo><msub><mrow><mi>S</mi></mrow><mrow><mi>C</mi></mrow></msub></mrow></math></span>. Compared to adopting complex tools to realize such a functionality, e.g., key-policy attribute-based encryption (KPABE) for non-monotonic access structure, NSPE provides a more concise and efficient way. In this manuscript, we first conceptualize the definition and security requirements for NSPE, and give several constructions, including fully secure constructions with different features, generic construction with weak attribute-hiding, and selectively secure construction with shorter ciphertexts/keys. All of the proposed schemes are proven secure under well-studied assumptions. Compared with the architecture using complex primitives such as KPABE to achieve the same functionality, our schemes provide a more concise and efficient method, especially in terms of the private key size.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103959"},"PeriodicalIF":3.8,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Vector map zero-watermarking algorithm considering feature set granularity

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-04 DOI: 10.1016/j.jisa.2024.103955

Changqing Zhu , Heyan Wang , Yazhou Zhao , Xingxiang Jiang , Hua Sun , Jia Duan , Hui Li , Luanyun Hu , Na Ren

{"title":"Vector map zero-watermarking algorithm considering feature set granularity","authors":"Changqing Zhu , Heyan Wang , Yazhou Zhao , Xingxiang Jiang , Hua Sun , Jia Duan , Hui Li , Luanyun Hu , Na Ren","doi":"10.1016/j.jisa.2024.103955","DOIUrl":"10.1016/j.jisa.2024.103955","url":null,"abstract":"<div><div>Current vector map zero-watermarking algorithms that integrate blockchain technology typically focus on a limited subset of feature classes within datasets, resulting in significant energy consumption during copyright registration and hindering the advancement of vector map copyright protection through blockchain and zero-watermarking techniques. To address this challenge, this paper presents a novel vector map zero-watermarking algorithm that considers feature set granularity (ZW-CFSG). This algorithm effectively utilizes boundary contours and internal features to characterize dataset attributes, subsequently converting these features into zero-watermarks. To evaluate the efficacy of the ZW-CFSG algorithm, a comprehensive vector map copyright protection model is developed, integrating both blockchain and zero-watermarking mechanisms. The zero-watermark is securely registered on the blockchain, with energy consumption metrics employed to assess the algorithm's efficiency. Experimental findings reveal that the adoption of the ZW-CFSG algorithm can significantly reduce energy consumption associated with blockchain-based zero-watermarking, thereby enhancing the efficiency of copyright registration while ensuring compliance with rigorous requirements for copyright uniqueness and resilience.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103955"},"PeriodicalIF":3.8,"publicationDate":"2025-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170176","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

RPCP-PURI: A robust and precise computational predictor for Phishing Uniform Resource Identification

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-12-31 DOI: 10.1016/j.jisa.2024.103953

Tayyaba Asif , Faiza Mehmood , Syed Ahmed Mazhar Gillani , Muhammad Nabeel Asim , Muhammad Usman Ghani , Waqar Mahmood , Andreas Dengel

{"title":"RPCP-PURI: A robust and precise computational predictor for Phishing Uniform Resource Identification","authors":"Tayyaba Asif , Faiza Mehmood , Syed Ahmed Mazhar Gillani , Muhammad Nabeel Asim , Muhammad Usman Ghani , Waqar Mahmood , Andreas Dengel","doi":"10.1016/j.jisa.2024.103953","DOIUrl":"10.1016/j.jisa.2024.103953","url":null,"abstract":"<div><div>The widespread growth of internet services has led to a substantial increase in traffic across multifarious online applications such as shopping, transportation, e-commerce, and banking. Cyber-criminals are stealing internet users credentials through Phishing Uniform Resource Locator (PURL). To make sure safe usage of web services, researchers have developed several AI-supported PURL predictors. Prime motivation behind development of each new predictor was to extract comprehensive features from URLS and more accurately discriminate benign and phishing URLs. Different predictors are enriched with diverse types of feature extraction strategies and deep potential exploration of these strategies remain unexplored. With an aim to develop more powerful PURL predictor, contributions of this manuscript are manifold: It brings different sets of feature extraction strategies at single platform and explores their individual as well as combine potential. It evaluates and compare the effectiveness of BERT language model for detection of phishing URLs (PURLs). It presents a novel LSTM and CNN-based hybrid predictor, which utilizes DeepWalk-generated URL embeddings to effectively discriminate between phishing and benign URLs. Extensive experimentation across three public benchmark datasets (EBBU2017, phishing sites URLs and Phishing and benign webpages) demonstrates that proposed hybrid predictor surpasses the performance of existing predictors by 0.2%, 1.9% and 1.2% respectively.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103953"},"PeriodicalIF":3.8,"publicationDate":"2024-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Crypto-space reversible data hiding for 3D mesh models with k-Degree neighbor diffusion

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-12-27 DOI: 10.1016/j.jisa.2024.103957

Kai Gao , Ji-Hwei Horng , Ching-Chun Chang , Chin-Chen Chang

引用次数: 0

Hiding speech in music files

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-12-24 DOI: 10.1016/j.jisa.2024.103951

Xiaohong Zhang, Shijun Xiang, Hongbin Huang

{"title":"Hiding speech in music files","authors":"Xiaohong Zhang, Shijun Xiang, Hongbin Huang","doi":"10.1016/j.jisa.2024.103951","DOIUrl":"10.1016/j.jisa.2024.103951","url":null,"abstract":"<div><div>In large-capacity audio steganography, how to reduce distortion of the steganographic audio and reconstruct the high-quality secret audio are two crucial issues. In this paper, we propose a new invertible audio steganography network, InvASNet, to conceal secret speech in music files. Firstly, we adopt an orthogonal module to decompose the audio into uncorrelated components. In such a way, we can constrain the embedding of the secret audio into the less perceptible high-frequency subband of the host audio, thereby minimizing potential distortion in the low-frequency subband. Secondly, we consider the concealment and recovery processes as a pair of reversible operations, and then introduce the forward and inverse processes of the invertible neural networks (INNs) to model them, respectively. Compared with existing methods based on convolutional neural networks, our approach possesses a highly reversible structure and can leverage the lost information effectively. Furthermore, to enhance the capability of reversible audio, we develop a feature fitting module to learn more adaptive weights and biases of mappings in INNs. Extensive experimental results show that the proposed InvASNet achieves superior imperceptibility and competitive security in large-capacity steganography.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103951"},"PeriodicalIF":3.8,"publicationDate":"2024-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170747","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Efficient and privacy-preserving butterfly counting on encrypted bipartite graphs

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-12-22 DOI: 10.1016/j.jisa.2024.103952

Xin Pang , Lanxiang Chen

{"title":"Efficient and privacy-preserving butterfly counting on encrypted bipartite graphs","authors":"Xin Pang , Lanxiang Chen","doi":"10.1016/j.jisa.2024.103952","DOIUrl":"10.1016/j.jisa.2024.103952","url":null,"abstract":"<div><div>Bipartite graphs have numerous real-world applications, with the butterfly motif serving as a key higher-order structure that models cohesion within these graphs. Analyzing butterflies is crucial for a comprehensive understanding of networks, making butterfly counting a significant focus for researchers. In recent years, various efficient methods for exact butterfly counting, along with sampling-based approximate schemes, have been proposed for plaintext bipartite graphs. However, these methods often overlook data privacy concerns, which are critical in real-world scenarios such as doctor–patient and user–item relationships. Additionally, traditional encryption methods do not work due to the nature of graph structures. To tackle these challenges, we propose two schemes for exact <u>b</u>utter<u>f</u>ly <u>c</u>ounting on <u>e</u>ncrypted <u>b</u>ipartite graphs (EB-BFC), enabling butterfly counting for specific vertices or edges to protect privacy of butterfly counting. Firstly, we demonstrate how structured encryption techniques could be used to encrypt the bipartite graph and construct a secure index, resulting in the efficient, privacy-preserving scheme EB-BFC<sub>1</sub>. Secondly, to ensure vertex data privacy, we propose a butterfly counting scheme based on Private Set Intersection, EB-BFC<sub>2</sub>. Finally, we demonstrate the security and efficiency of our proposed schemes through theoretical proofs and experiments on real-world datasets.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103952"},"PeriodicalIF":3.8,"publicationDate":"2024-12-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

PhotonKey: A key pairing system for IoT resource and input constrained devices using light sensors

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-12-18 DOI: 10.1016/j.jisa.2024.103926

Danté Gray, Maryam Mehrnezhad

{"title":"PhotonKey: A key pairing system for IoT resource and input constrained devices using light sensors","authors":"Danté Gray, Maryam Mehrnezhad","doi":"10.1016/j.jisa.2024.103926","DOIUrl":"10.1016/j.jisa.2024.103926","url":null,"abstract":"<div><div>IoT environments are in need of key pairing protocols capable of operating within the unique constraints present, namely <em>storage</em>, <em>processing</em>, <em>input</em>, and <em>power</em>. In this paper, we present <em>PhotonKey</em>, a system designed to facilitate the generation of identical cryptographic keys for two resource and input-constrained IoT devices. These keys are derived from the devices’ individual observations of a public light event. Our contributions also extend to a custom, cost-effective hardware solution termed a ‘Synchronisation Machine’, which introduces synchronous rotation patterns to the light-sensing-capable devices during data collection with mechanical precision. This hardware solution serves the dual purpose of facilitating data collection and reducing adversarial capabilities. We evaluate the performance of our system using a large dataset comprising over 1000 samples, far surpassing the scale seen in related works. Finally, we demonstrate PhotonKey’s ability to produce statistically random bit-streams and achieve 0% equal error rates, even in the face of an ‘impossibly well-performing’ adversary.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103926"},"PeriodicalIF":3.8,"publicationDate":"2024-12-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171134","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Revisiting boomerang attacks on lightweight ARX and AND-RX ciphers with applications to KATAN, SIMON and CHAM

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-12-16 DOI: 10.1016/j.jisa.2024.103950

Li Yu , Je Sen Teh

{"title":"Revisiting boomerang attacks on lightweight ARX and AND-RX ciphers with applications to KATAN, SIMON and CHAM","authors":"Li Yu , Je Sen Teh","doi":"10.1016/j.jisa.2024.103950","DOIUrl":"10.1016/j.jisa.2024.103950","url":null,"abstract":"<div><div>In this paper, we investigate the security of lightweight block ciphers, focusing on those that utilize the <span>ADD</span>-Rotate-XOR (ARX) and <span>AND</span>-Rotate-XOR (<span>AND</span>-RX) design paradigms. More specifically, we examine their resilience against boomerang-style attacks. First, we propose an automated search strategy that leverages the boomerang connectivity table (<span>BCT</span>) for <span>AND</span> operations (<span><math><mrow><mo>∧</mo><mi>B</mi><mi>C</mi><mi>T</mi></mrow></math></span>) to conduct a complete search for boomerang and rectangle distinguishers for <span>AND</span>-RX ciphers. The proposed search strategy automatically considers all possible <span><math><mrow><mo>∧</mo><mi>B</mi><mi>C</mi><mi>T</mi></mrow></math></span> switches in the middle of the boomerang to optimize distinguishing probability. The correctness of the search strategy was verified experimentally. We were able to find the best boomerang and rectangle distinguishers to date in the single-key model for lightweight block ciphers <span>KATAN</span>32/48/64 and <span>SIMON</span>32/48. Next, we investigated <span>BCT</span> properties of ARX ciphers and discovered that a truncated boomerang switch could be formulated for the lightweight ARX cipher, <span>CHAM</span>. We were able to find the best single-key and related-key rectangle distinguishers to date for <span>CHAM</span>. Our findings provide more accurate security margins of these lightweight ciphers against boomerang-style attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103950"},"PeriodicalIF":3.8,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171133","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Robust zero-watermarking algorithm via multi-scale feature analysis for medical images

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-12-11 DOI: 10.1016/j.jisa.2024.103937

Xiaochao Wang , Qianqian Du , Ling Du , Huayan Zhang , Jianping Hu

{"title":"Robust zero-watermarking algorithm via multi-scale feature analysis for medical images","authors":"Xiaochao Wang , Qianqian Du , Ling Du , Huayan Zhang , Jianping Hu","doi":"10.1016/j.jisa.2024.103937","DOIUrl":"10.1016/j.jisa.2024.103937","url":null,"abstract":"<div><div>With the rapid growth of information technology, the development and implementation of copyright protection for medical images has become crucial. In this paper, we develop a distinguishable zero-watermarking algorithm via multi-scale feature analysis for medical images. We first detect the global features of the image with speeded-up robust features (SURF) and select the feature regions from the image through texture analysis. Then, we adopt local binary pattern (LBP) to detect the local texture features of these feature areas, and perform singular value decomposition (SVD) to extract the scale features and the detail features; these features are fused to form the feature matrix, and the average hash (aHash) algorithm is applied to the feature matrix to generate the binary feature map. Finally, we perform exclusive-or (XOR) operation between the feature images and the watermark image to generate zero-watermarks, which will be stored in the copyright protection center for further copyright authentication. Experimental results show that the average NC value of the proposed algorithm reaches 0.99 under most attacks, and the average BER of similar image extraction watermark keep below 0.27, which outperforms the current state-of-the-art (SOTA) watermarking algorithms.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103937"},"PeriodicalIF":3.8,"publicationDate":"2024-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0