Journal of Information Security and Applications最新文献

{"title":"Contract-based hierarchical security aggregation scheme for enhancing privacy in federated learning","authors":"","doi":"10.1016/j.jisa.2024.103857","DOIUrl":"10.1016/j.jisa.2024.103857","url":null,"abstract":"<div><p>Federated learning ensures the privacy of participant data by uploading gradients rather than private data. However, it has yet to address the issue of untrusted aggregators using gradient inference attacks to obtain user privacy data. Current research introduces encryption, blockchain, or secure multi-party computation to address these issues, but these solutions suffer from significant computational and communication overhead, often requiring a trusted third party. To address these challenges, this paper proposes a contract-based hierarchical secure aggregation scheme to enhance the privacy of federated learning. Firstly, the paper designs a general hierarchical federated learning model that distinguishes among training, aggregation, and consensus layers, replacing the need for a trusted third party with smart contracts. Secondly, to prevent untrusted aggregators from inferring the privacy data of each participant, the paper proposes a novel aggregation scheme based on Paillier and secret sharing. This scheme forces aggregators to aggregate participants’ model parameters, thereby preserving the privacy of gradients. Additionally, secret sharing ensures robustness for participants dynamically joining or exiting. Furthermore, at the consensus layer, the paper proposes an accuracy-based update algorithm to mitigate the impact of Byzantine attacks and allows for the introduction of other consensus methods to ensure scalability. Experimental results demonstrate that our scheme enhances privacy protection, maintains model accuracy without loss, and exhibits robustness against Byzantine attacks. The proposed scheme effectively protects participant privacy in practical federated learning scenarios.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141978253","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Forensic analysis of web browsers lifecycle: A case study","authors":"","doi":"10.1016/j.jisa.2024.103839","DOIUrl":"10.1016/j.jisa.2024.103839","url":null,"abstract":"<div><p>The widespread integration of the internet into daily life across sectors such as healthcare, education, business, and entertainment has led to an increasing dependence on web applications. However, inherent technological vulnerabilities attract cybercriminals, necessitating robust security measures. While these security measures, including frequent updates/fixes to applications and operating systems, are essential, they also complicate forensic investigations. This research proposes a comprehensive approach to artifact identification and collection for examining browsing activities of Firefox, Chrome, and Edge on Windows 11. The methodology includes setting up and analyzing all stages of browser usage, such as installations, executions, uninstallations, and anomalous behaviors like crashes and restarts. Simulated cyber-criminal activities are used to collect artifacts at each stage, which are then analyzed using Windows 11 components such as the registry, memory, storage, and log locations. Experimental results reveal vulnerabilities, such as crashes, that can lead to the loss of sensitive information. This methodology provides a promising foundation for advancing browser forensic analysis and enhancing cybercrime investigations.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141978254","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Privacy-preserving logistic regression with improved efficiency","authors":"","doi":"10.1016/j.jisa.2024.103848","DOIUrl":"10.1016/j.jisa.2024.103848","url":null,"abstract":"<div><p>Logistic regression is a well-known method for classification and is being widely used in our daily life. To obtain a logistic regression model with sufficient accuracy, collecting a large number of data samples from multiple sources is necessary. However, in nowadays a concern about the leakage of private information contained in data samples becomes increasingly prominent, and thus privacy-preserving logistic regression that enables training logistic regression models without privacy leakage has received great attention from the community. Mohassel and Zhang at IEEE S&amp;P’17 presented a significant protocol for privacy-preserving logistic regression in two-server setting, where two non-colluding servers collaboratively train logistic regression models in an offline–online manner. In this work, we propose a new two-server-based protocol for privacy-preserving logistic regression with an efficient approach to activation function evaluation, which incurs much less computational overhead than Mohassel–Zhang protocol while requiring the same number of online rounds. We also present a round-efficient protocol for generating correlated randomness that will be used subsequently in our activation function evaluation. We implement our protocol in C++ and the experimental results validate its efficiency.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141940363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A deep reinforcement learning approach for security-aware service acquisition in IoT","authors":"","doi":"10.1016/j.jisa.2024.103856","DOIUrl":"10.1016/j.jisa.2024.103856","url":null,"abstract":"<div><p>The emerging Internet of Things (IoT) landscape is characterized by a high number of heterogeneous smart devices and services often provided by third parties. Although machine-based Service Level Agreements (SLA) have been recently leveraged to establish and share policies in this scenario, system owners do not always give full transparency regarding the security and privacy of the offered features. Hence, the issue of making end users aware of the overall system security levels and the fulfillment of their privacy requirements through the provision of the requested service remains a challenging task. To tackle this problem, we propose a complete framework that allows users to choose suitable levels of privacy and security requirements for service acquisition in IoT. Our approach leverages a Deep Reinforcement Learning solution in which a user agent, inside the environment, is trained to select the best encountered smart objects providing the user target services on behalf of its owner. This strategy is designed to allow the agent to learn from experience by moving in a complex, multi-dimensional environment and reacting to possible changes. During the learning phase, a key task for the agent is to adhere to deadlines while ensuring user security and privacy requirements. Finally, to assess the performance of the proposed approach, we carried out an extensive experimental campaign. The obtained results also show that our solution can be successfully deployed on very basic and simple devices typically available in an IoT setting.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141940361","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"LSPR23: A novel IDS dataset from the largest live-fire cybersecurity exercise","authors":"","doi":"10.1016/j.jisa.2024.103847","DOIUrl":"10.1016/j.jisa.2024.103847","url":null,"abstract":"<div><p>Cybersecurity threats are constantly evolving and becoming increasingly sophisticated, automated, adaptive, and intelligent. This makes it difficult for organizations to defend their digital assets. Industry professionals are looking for solutions to improve the efficiency and effectiveness of cybersecurity operations, adopting different strategies. In cybersecurity, the importance of developing new intrusion detection systems (IDSs) to address these threats has emerged. Most of these systems today are based on machine learning. But these systems need high-quality data to “learn” the characteristics of malicious traffic. Such datasets are difficult to obtain and therefore rarely available.</p><p>This paper advances the state of the art and presents a new high-quality IDS dataset. The dataset originates from Locked Shields, one of the world’s most extensive live-fire cyber defense exercises. This ensures that (i) it contains realistic behavior of attackers and defenders; (ii) it contains sophisticated attacks; and (iii) it contains labels, as the actions of the attackers are well-documented.</p><p>The dataset includes approximately 16 million network flows, [F3] of which approximately 1.6 million were labeled malicious. What is unique about this dataset is the use of a new labeling technique that increases the accuracy level of data labeling.</p><p>We evaluate the robustness of our dataset using both quantitative and qualitative methodologies. We begin with a quantitative examination of the Suricata IDS alerts based on signatures and anomalies. Subsequently, we assess the reproducibility of machine learning experiments conducted by Känzig et al., who used a private Locked Shields dataset. We also apply the quality criteria outlined by the evaluation framework proposed by Gharib et al.</p><p>Using our dataset with an existing classifier, we demonstrate comparable results (F1 score of 0.997) to the original paper where the classifier was evaluated on a private dataset (F1 score of 0.984)</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141940365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Role and attribute-based access control scheme for decentralized medicine supply chain","authors":"","doi":"10.1016/j.jisa.2024.103851","DOIUrl":"10.1016/j.jisa.2024.103851","url":null,"abstract":"<div><p>The medicine supply chain (MSC) is an intricate structure that extends across multiple organizations and geographic locations and is an important basis for essential daily services. It involves manufacturing, distributing, and delivering medicine to patients. The intermediaries in the MSC include manufacturers, warehouses, distributors, transporters, retailers, consumers, and patients, in which each intermediary plays a vital role and responsibility in an MSC. MSC poses different challenges, such as medicine counterfeiting, data temperament, and cold chain shipping, leading to various security and privacy issues. To overcome the aforementioned issues, public blockchain (BC) provides transparency, traceability, and data security to some extent but often fails to protect MSC’s data privacy. To address the aforementioned, we adopted the Hyperledger Fabric consortium BC, which preserves the data security and privacy of the proposed scheme. Hyperledger Fabric uses a role-based access control (RBAC) policy for all writers and readers, where each reader and writer accesses all the smart contract information based on their static roles (reader and writer). This RBAC scheme limits the dynamicity and granularity of the access control. With this concern, we adopt the combination of RBAC and attribute-based access control (ABAC) schemes to provide fine-grained access to the smart contract functions. Additionally, we use a distributed interplanetary file system (IPFS) to enhance the scalability of the proposed scheme. Before saving data, IPFS does not use any encryption algorithm. We embraced the advanced encryption standard (AES) algorithm to encrypt MSC data. Next, we integrated RBAC and fine-grained ABAC through smart contracts to prevent unauthorized access in an MSC environment. Further, the proposed scheme is evaluated using various performance parameters, such as scalability for different number of clients, average latency (0.12 s), minimum execution time is around (115 s) for 100 transactions execution, and throughput of (72.5) transactions per second (TPS) of invoke-based smart contract functions while 618.7 (TPS) for query-based smart contract functions.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141940362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Classified data authentication scheme for IoT based on aggregate signature and Hyperledger Fabric","authors":"","doi":"10.1016/j.jisa.2024.103852","DOIUrl":"10.1016/j.jisa.2024.103852","url":null,"abstract":"<div><p>In Internet of Things (IoT) system, the data acquisition devices collect substantial volumes of diverse categories data, such as temperature, frequency and quantity data, etc., which is subsequently transmitted to the data center for analysis. To ensure precise outcomes, it is crucial to authenticate the data and their categories against any possible tampering, destruction or forgery throughout its transmission process. Traditional aggregate signature schemes are not capable of performing authentication on data as while as its category, which can lead to inefficiencies and security risks in data processing and management. On the other hand, authentication schemes relying on a central platform are susceptible to single point of failure and corruption issues at the center. To address these challenges, a novel data authentication protocol, named Classified Certificateless Aggregate Signature (CCAS), is proposed in this paper to perform aggregate authentication on data with specified categories, and is implemented in collaboration with Hyperledger Fabric. Elaborate design making the authentication is efficient and eliminating the need to manage the certificates. And an abnormal data isolation algorithm is proposed when an aggregate authentication fails, which can quickly identify abnormal data and preserves normal data. A rigorous proof on the unforgeability of the CCAS protocol is given, and multiple experiments are conducted to evaluate the scheme. The experimental results demonstrate the high efficiencies of CCAS, smart contracts on Fabric and our solution, indicating that proposed scheme is suitable for the classified authentication of IoT collection data in decentralized form.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141962369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A cancellable iris template protection scheme based on inverse merger and Bloom filter","authors":"","doi":"10.1016/j.jisa.2024.103849","DOIUrl":"10.1016/j.jisa.2024.103849","url":null,"abstract":"<div><p>Iris recognition has found extensive applications in real-world situations and financial contexts. However, Iris template protection schemes are highly vulnerable to well-planned attacks that can lead to the leakage of personal information. Once biological information is compromised, this loss is irreversible for the individual. Cancelable protection schemes for iris templates based on the Bloom filter have substantial attention in the field of iris biometrics. Nevertheless, Bloom filter-based template protection schemes face specific security challenges. Therefore, it is crucial to propose a method to protect iris templates that is both secure and efficient. To address irreversible limitations in security analysis, we propose a template protection scheme, a cancelable iris biometric protection scheme based on inverse merger and Bloom filter. The primary idea of the proposed scheme is to perform an inverse merger operation on the acquired codewords before mapping the iris templates to the Bloom filter specifically. Through a comparison of the sizes between the original templates and their inverted counterparts, the template with the smaller size is chosen as the definitive result, subsequently being mapped into the Bloom filter. Our proposed scheme exhibits significant advancements in accuracy across multiple datasets, as evidenced by empirical validations. In the optimal case, our model achieves an excellent performance of 98.04% in terms of GAR, while achieving a significant reduction of 0.51% in terms of EER. Furthermore, a comparative analysis with existing iris template protection methods is performed to evaluate its relative effectiveness in resisting the attack of averaging the columns of a block. The results demonstrate that the scheme exhibits robust resistance to such attacks. The experimental analysis demonstrated that the scheme provided a good balance between accuracy and safety.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141940364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ZIRCON: Zero-watermarking-based approach for data integrity and secure provenance in IoT networks","authors":"","doi":"10.1016/j.jisa.2024.103840","DOIUrl":"10.1016/j.jisa.2024.103840","url":null,"abstract":"<div><p>The Internet of Things (IoT) is integrating the Internet and smart devices in almost every domain, such as home automation, e-healthcare systems, vehicular networks, industrial control, and military applications. In these areas, sensory data, which is collected from multiple sources and managed through intermediate processing by multiple nodes, is used for decision-making processes. Ensuring data integrity and keeping track of data provenance are core requirements in such a highly dynamic context, since data provenance is an important tool for the assurance of data trustworthiness. Dealing with such requirements is challenging due to the limited computational and energy resources in IoT networks. This requires addressing several challenges such as processing overhead, secure provenance, bandwidth consumption and storage efficiency. In this paper, we propose Zero-watermarkIng based data pRovenanCe for iOt Networks (ZIRCON), a novel zero-watermarking approach to securely transmit provenance and ensure data integrity of sensor data in an IoT network. In ZIRCON, provenance information is stored in a tamper-proof network database through watermarks, generated at the source node before transmission. We provide an extensive security analysis showing the resilience of our scheme against passive and active attacks. We also compare our scheme with existing works based on performance metrics such as computational time, energy usage, and cost analysis. The results show that ZIRCON is robust against several attacks, lightweight, storage-efficient, and better in energy usage and bandwidth consumption, compared to prior art.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141940366","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust thermal face recognition for law enforcement using optimized deep features with new rough sets-based optimizer","authors":"","doi":"10.1016/j.jisa.2024.103838","DOIUrl":"10.1016/j.jisa.2024.103838","url":null,"abstract":"<div><p>In the security domain, the growing need for reliable authentication methods highlights the importance of thermal face recognition for enhancing law enforcement surveillance and safety especially in IoT applications. Challenges like computational resources and alterations in facial appearance, e.g., plastic surgery could affect face recognition systems. This study presents a novel, robust thermal face recognition model tailored for law enforcement, leveraging thermal signatures from facial blood vessels using a new CNN architecture (Max and Average Pooling- MAP-CNN). This architecture addresses expression, illumination, and surgical invariance, providing a robust feature set critical for precise recognition in law enforcement and border control. Additionally, the model employs the NM-PSO algorithm, integrating neighborhood multi-granulation rough set (NMGRS) with particle swarm optimization (PSO), which efficiently handles both categorical and numerical data from multi-granulation perspectives, leading to a 57% reduction in feature dimensions while maintaining high classification accuracy outperforming ten contemporary models on the Charlotte-ThermalFace dataset by about 10% across key metrics. Rigorous statistical tests confirm NM-PSO’s superiority, and further robustness testing of the face recognition model against image ambiguity and missing data demonstrated its consistent performance, enhancing its suitability for security-sensitive environments with 99% classification accuracy.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001406/pdfft?md5=4569dce2d949eef915b9b242ab573650&pid=1-s2.0-S2214212624001406-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141954377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}