Journal of Information Security and Applications最新文献_第5页

CyberROAD: A cybersecurity risk assessment ontology for automotive domain aligned with ISO/SAE 21434:2021 CyberROAD：符合ISO/SAE 21434:2021标准的汽车领域网络安全风险评估本体

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-03-10 DOI: 10.1016/j.jisa.2025.104015

Karim Khalil , Christian Gehrmann , Günther Vogel

{"title":"CyberROAD: A cybersecurity risk assessment ontology for automotive domain aligned with ISO/SAE 21434:2021","authors":"Karim Khalil , Christian Gehrmann , Günther Vogel","doi":"10.1016/j.jisa.2025.104015","DOIUrl":"10.1016/j.jisa.2025.104015","url":null,"abstract":"<div><div>The automotive domain is becoming increasingly complex through the integration of new technologies. As a result, cybersecurity is recognized as a pressing issue. This study focuses on the ISO/SAE 21434:2021 standard for road vehicles cybersecurity engineering, evaluating the effectiveness of the standard’s risk assessment approach. The standard suggests a set of assessment steps, and previous research has shown that practitioners often face challenges during assessment execution. The absence of clear, structured guidelines within the standard leads to different interpretations, resulting in inconsistent assessment approaches. This inconsistency makes it difficult to compare and measure the quality of the assessments. Our study uses design science methodology to create a new cybersecurity risk assessment ontology in the automotive domain, describing the relationships and interdependencies between cybersecurity risk assessment activities, stakeholders, and work packages. The ontology model is evaluated in a case study at a leading automotive systems supplier to validate the model’s suitability for developing a cybersecurity risk assessment method. The findings indicate that the ontology model provides an improved understanding of the underlying risk assessment activities and allows for a structured method for extracting procedural steps according to the standard. This systematic approach increases the cybersecurity risk assessment conformity and the consistency of assessment results. In conclusion, this paper gives valuable insights and actionable recommendations for stakeholders, researchers, and organizations seeking to improve the cybersecurity risk assessment process in the automotive domain.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104015"},"PeriodicalIF":3.8,"publicationDate":"2025-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143578894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A semi-centralized key agreement protocol integrated multiple security communication techniques for LLM-based autonomous driving system 一种集成了多种安全通信技术的半集中式密钥协议，用于基于llm的自动驾驶系统

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-03-07 DOI: 10.1016/j.jisa.2025.104012

Long Yin, Jian Xu, Zihao Wang, Qiang Wang, Fucai Zhou

{"title":"A semi-centralized key agreement protocol integrated multiple security communication techniques for LLM-based autonomous driving system","authors":"Long Yin, Jian Xu, Zihao Wang, Qiang Wang, Fucai Zhou","doi":"10.1016/j.jisa.2025.104012","DOIUrl":"10.1016/j.jisa.2025.104012","url":null,"abstract":"<div><div>Integrating large language models (LLMs) into autonomous vehicles facilitates AI-driven interactions for vehicle operations, yet it also introduces vulnerabilities to cyberattacks. Existing session key agreement schemes encounter significant challenges, including key leakage, single points of failure, and resource constraints. To address these limitations, we propose a semi-centralized key agreement protocol tailored for LLM-based autonomous driving systems. The protocol incorporates physical unclonable functions (PUFs) for electronic control unit (ECU) authentication, certificateless public key cryptosystems (CL-PKC) for key pair generation, Shamir’s secret sharing for group session key negotiation, and interarrival time-based covert channels with hash key chains for secure communication. Security analysis conducted using the random oracle model and the AVISPA simulation tool verifies the protocol’s security and consistency properties. Experimental evaluations demonstrate that the proposed protocol achieves reduced communication and computational overhead while exhibiting strong resilience against in-vehicle cyberattacks. These findings establish the protocol as a lightweight and robust solution for securing LLM-based autonomous driving environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104012"},"PeriodicalIF":3.8,"publicationDate":"2025-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143563554","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

One multi-receiver certificateless searchable public key encryption scheme for IoMT assisted by LLM 一种基于LLM的IoMT多接收方无证书可搜索公钥加密方案

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-03-07 DOI: 10.1016/j.jisa.2025.104011

Xiaoguang Liu , Peize Liu , Bo Yang , Yizhan Chen

{"title":"One multi-receiver certificateless searchable public key encryption scheme for IoMT assisted by LLM","authors":"Xiaoguang Liu , Peize Liu , Bo Yang , Yizhan Chen","doi":"10.1016/j.jisa.2025.104011","DOIUrl":"10.1016/j.jisa.2025.104011","url":null,"abstract":"<div><div>The Internet of Medical Things (IoMT) has become widely adopted across the healthcare sector, offering transformative benefits. By utilizing a range of wearable medical devices and cloud servers, IoMT enables the rapid transmission of data over networks, which supports timely health monitoring and data-driven decision-making. In recent years, some applications have used the Large Language Model (LLM) to assist in diagnosis, significantly improving diagnostic efficiency in IoMT. However, secure transmission of sensitive medical information remains a key concern. To address this, we propose a multi-receiver certificateless searchable public key encryption (mCLSPE) scheme that leverages proxy re-encryption. This scheme not only addresses the inherent issues in searchable public key encryption (SPE) but also allows for more flexible addition of receivers and enhances data-sharing flexibility. The proposed scheme is proven secure in the random oracle model. The performance analysis shows that it has ideal comprehensive performance. The growth rate of communication overhead with the increase in users is significantly lower compared to other mCLSPE schemes. Finally, we design a specific IoMT assisted by LLM application scenario based on this scheme.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104011"},"PeriodicalIF":3.8,"publicationDate":"2025-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143563553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

On the effects of neural network-based output prediction attacks on the design of symmetric-key ciphers 基于神经网络的输出预测攻击对对称密钥密码设计的影响

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-03-06 DOI: 10.1016/j.jisa.2025.104016

Hayato Watanabe , Ryoma Ito , Toshihiro Ohigashi

{"title":"On the effects of neural network-based output prediction attacks on the design of symmetric-key ciphers","authors":"Hayato Watanabe , Ryoma Ito , Toshihiro Ohigashi","doi":"10.1016/j.jisa.2025.104016","DOIUrl":"10.1016/j.jisa.2025.104016","url":null,"abstract":"<div><div>Proving resistance to conventional attacks, e.g., differential, linear, and integral attacks, is essential for designing a secure symmetric-key cipher. Recent advances in automatic search and deep learning-based methods have made this time-consuming task relatively easy, yet concerns persist over expertise requirements and potential oversights. To overcome these concerns, Kimura et al. proposed neural network-based output prediction (NN) attacks, offering simplicity, generality, and reduced coding mistakes. NN attacks could be helpful for designing secure symmetric-key ciphers, especially the S-box-based block ciphers. Inspired by their work, we first apply NN attacks to <span>Simon</span>, one of the AND-Rotation-XOR-based block ciphers, and identify structures susceptible to NN attacks and the vulnerabilities detected thereby. Next, we take a closer look at the vulnerable structures. The most vulnerable structure has the lowest diffusion property compared to others. This fact implies that NN attacks may detect such a property. We then focus on a biased event of the core function in vulnerable <span>Simon</span>-like ciphers and build effective linear approximations caused by such an event. Finally, we use these linear approximations to reveal that the vulnerable structures are more susceptible to a linear key recovery attack than the original one. We conclude that our analysis can be a solid step toward making NN attacks a helpful tool for designing a secure symmetric-key cipher.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104016"},"PeriodicalIF":3.8,"publicationDate":"2025-03-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143563552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A survey on machine unlearning: Techniques and new emerged privacy risks 关于机器学习的调查：技术和新出现的隐私风险

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-03-04 DOI: 10.1016/j.jisa.2025.104010

Hengzhu Liu , Ping Xiong , Tianqing Zhu , Philip S. Yu

{"title":"A survey on machine unlearning: Techniques and new emerged privacy risks","authors":"Hengzhu Liu , Ping Xiong , Tianqing Zhu , Philip S. Yu","doi":"10.1016/j.jisa.2025.104010","DOIUrl":"10.1016/j.jisa.2025.104010","url":null,"abstract":"<div><div>The explosive growth of machine learning has made it a critical infrastructure in the era of artificial intelligence. The extensive use of data poses a significant threat to individual privacy. Various countries have implemented corresponding laws, such as GDPR, to protect individuals’ data privacy and the right to be forgotten. This has made machine unlearning a research hotspot in the field of privacy protection in recent years, with the aim of efficiently removing the contribution and impact of individual data from trained models. The research in academia on machine unlearning has continuously enriched its theoretical foundation, and many methods have been proposed, targeting different data removal requests in various application scenarios. However, recently researchers have found potential privacy leakages of various of machine unlearning approaches, making the privacy preservation on machine unlearning area a critical topic. This paper provides an overview and analysis of the existing research on machine unlearning, aiming to present the current vulnerabilities of machine unlearning approaches. We analyze privacy risks in various aspects, including definitions, implementation methods, and real-world applications. Compared to existing reviews, we analyze the new challenges posed by the latest malicious attack techniques on machine unlearning from the perspective of privacy threats. We hope that this survey can provide an initial but comprehensive discussion on this new emerging area.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104010"},"PeriodicalIF":3.8,"publicationDate":"2025-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143549581","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Editorial: Advancements in multimedia security in the context of artificial intelligence and cloud computing 社论：人工智能和云计算背景下多媒体安全的进展

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-03-01 DOI: 10.1016/j.jisa.2025.103964

Rajeev Kumar, Roberto Caldelli, Wong KokSheik, Ki-Hyun Jung, David Megías

引用次数: 0

Efficient image encryption algorithm based on ECC and dynamic S-box 基于ECC和动态s盒的高效图像加密算法

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-02-28 DOI: 10.1016/j.jisa.2025.104004

Ghulam Murtaza , Umar Hayat

{"title":"Efficient image encryption algorithm based on ECC and dynamic S-box","authors":"Ghulam Murtaza , Umar Hayat","doi":"10.1016/j.jisa.2025.104004","DOIUrl":"10.1016/j.jisa.2025.104004","url":null,"abstract":"<div><div>Image encryption is widely used to convert digital images into an unreadable form when data is transferred through open networks and the internet. However, traditional cryptosystems have small encryption key sizes and are unsuitable for real-time implementation because image pixels have high redundancy and large data capacity. We have designed an image cryptosystem to tackle the issues related to the smaller key size and plaintext attacks. There are three phases of our proposed image cryptosystem. A pseudo-random number generator is used in the first phase to diffuse the pixels of the plain image. A substitution box generator is designed in the second phase to generate substitution boxes with high nonlinearity. The last phase provides an image encryption technique to encrypt grayscale images. The proposed scheme encrypts images with an entropy value close to the optimal value, which increases security. The encryption algorithm requires 0.556 s to encrypt a <span><math><mrow><mn>256</mn><mo>×</mo><mn>256</mn></mrow></math></span> grayscale image. Further, extensive experiments show that the cryptosystem is highly sensitive to the input keys.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104004"},"PeriodicalIF":3.8,"publicationDate":"2025-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143520438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SoK: The design paradigm of safe and secure defaults SoK：安全默认值的设计范例

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-02-26 DOI: 10.1016/j.jisa.2025.103989

Jukka Ruohonen

引用次数: 0

MA_BiRAE - Malware analysis and detection technique using adversarial learning and deep learning 使用对抗学习和深度学习的恶意软件分析和检测技术

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-02-25 DOI: 10.1016/j.jisa.2025.104009

Surbhi Prakash, Amar Kumar Mohapatra

{"title":"MA_BiRAE - Malware analysis and detection technique using adversarial learning and deep learning","authors":"Surbhi Prakash, Amar Kumar Mohapatra","doi":"10.1016/j.jisa.2025.104009","DOIUrl":"10.1016/j.jisa.2025.104009","url":null,"abstract":"<div><div>Malware attacks are frequently increasing due to the growing use of handheld gadgets, especially Android phones. Hackers try to access smartphones through a variety of techniques, including the theft of information, tracking, and deceptive advertising. There are various techniques for malware analysis and detection, but some issues, like low performance, computational complexity, overfitting, and so on, have been identified while detecting malware and training data. To address these issues, the proposed technique is designed to achieve efficient malware detection. Initially, data is collected from the Aposemat IoT-23 and Bot-IoT datasets, and the Adaptative Perturbation Pattern Method (Ap2 m) is used to generate constrained adversarial samples. Evasion attacks are used to examine regular adversarial training, while Improved Random Forest (IRF) is used for modeling and fine-tuning. The deep Residual Convolutional Neural Network (deep RCNet) is utilized to extract the features. Finally, the Multi-head Attention-based Bidirectional Residual Autoencoder (MA_BiRAE) model is used for malware detection. The performance of the proposed technique is compared to various existing models to determine its superiority. The proposed technique is evaluated using two datasets: the Aposemat IoT-23 dataset and the Bot-IoT dataset. The proposed technique achieves an accuracy of 99.63% for the Aposemat IoT-23 dataset and 99.11% for the Bot-IoT dataset.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104009"},"PeriodicalIF":3.8,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143478879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Reversible data hiding in encrypted image using bit-plane based label-map encoding with optimal block size 使用最优块大小的基于位平面的标签映射编码在加密图像中隐藏可逆数据

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-02-24 DOI: 10.1016/j.jisa.2025.104005

Ankur , Rajeev Kumar , Ajay K. Sharma

{"title":"Reversible data hiding in encrypted image using bit-plane based label-map encoding with optimal block size","authors":"Ankur , Rajeev Kumar , Ajay K. Sharma","doi":"10.1016/j.jisa.2025.104005","DOIUrl":"10.1016/j.jisa.2025.104005","url":null,"abstract":"<div><div>In today’s digital landscape, maintaining the confidentiality and privacy of sensitive information has become an essential requirement. For this, Reversible data hiding in encrypted images (RDHEI) has garnered considerable attention as it enables embedding of large amounts of secret data in encrypted images without requiring knowledge of the original image contents. To further increase the embedding capacity (EC) while maintaining security, this paper presents a new bit-plane-based RDHEI using label-map encoding with optimal block size. The proposed method employs a hybrid predictor to generate a low-magnitude difference image, which is transformed into highly compressible bit-plane-wise label-maps. A novel block-based label-map encoding is also introduced, which optimally represents these label-maps as bit-streams to significantly reduce their size. These bit-streams are embedded in the original encrypted image to guide the data hider, ensuring complete reversibility and lossless extraction at the receiving end. Extensive experimentation shows that the proposed method achieves an average embedding rate of 3.8770 bpp for BOSSBase and 3.7944 bpp for BOWS-2, outperforming state-of-the-art RDHEI methods. Further, the method ensures lossless reconstruction of the original image and error-free extraction of hidden data while demonstrating strong resilience against malicious attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104005"},"PeriodicalIF":3.8,"publicationDate":"2025-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143474283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0