Journal of Information Security and Applications最新文献

{"title":"Dynamic-anonymous privacy-preserving authenticated aggregation for safety-warning system for the Internet of Vehicles","authors":"Girraj Kumar Verma ,&nbsp;Nahida Majeed Wani ,&nbsp;Saurabh Rana ,&nbsp;Neeraj Kumar ,&nbsp;Asheesh Tiwari","doi":"10.1016/j.jisa.2024.103830","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103830","url":null,"abstract":"<div><p>Currently, the connectivity of vehicles using the latest communication and computing technologies has grown as the Internet of Vehicles (IoV). IoV has been utilized to foster an easy traffic flow by sharing safety-warning messages. However, authentication and confidentiality of shared information is a challenging issue. To solve the problem, various privacy-preserving authenticated data-aggregation schemes have been devised. However, existing schemes have shortcomings specifically concerning a heavy computational cost, and the need for a secure channel. Besides, static pseudonyms may increase the risk of a vehicle’s privacy leakage. In response to these challenges, this study introduces a new pairing-less and secure privacy-preserving authenticated data aggregation (PLS-PPADA) scheme. Leveraging the pairing-less and certificate-based setting, the PLS-PPADA scheme emerges as a robust, efficient, and effective solution for safety-warning systems in IoV. Further, to resolve the risk of privacy leakage due to static pseudonyms, the paradigm of fuzzy identity has been utilized. Thus, it achieves efficiency and dynamic anonymity and also does not require a secure channel for key sharing. A comprehensive security analysis underscores its effective data protection capabilities and efficiency comparison presents it as a compelling alternative to existing state-of-the-art schemes.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141485986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"AFTLNet: An efficient adaptive forgery traces learning network for deep image inpainting localization","authors":"Xiangling Ding,&nbsp;Yingqian Deng,&nbsp;Yulin Zhao,&nbsp;Wenyi Zhu","doi":"10.1016/j.jisa.2024.103825","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103825","url":null,"abstract":"<div><p>Deep-learning-based image inpainting repairs a region with visually believable content, leaving behind imperceptible traces. Since deep image inpainting approaches can malevolently remove key objects and erase visible copyright watermarks, the desire for an effective method to distinguish the inpainted regions has become urgent. In this work, we propose an adaptive forgery trace learning network (AFTLN), which consists of two subblocks: the adaptive block and the Densenet block. Specifically, the adaptive block exploits an adaptive difference convolution to maximize the forgery traces by iteratively updating its weights. Meanwhile, the Densenet block improves the feature weights and reduces the impact of noise on the forgery traces. An image-inpainting detector, namely AFTLNet, is designed by integrating AFTLN with neural architecture search, and global and local attention modules, which aims to find potential tampered regions, enhance feature consistency, and reduce intra-class differences, respectively. The experimental results present that our proposed AFTLNet exceeds existing inpainting detection approaches. Finally, an inpainting dataset of 26K image pairs is constructed for future research. The dataset is available at <span>https://pan.baidu.com/s/10SRJeQBNnTHJXvxl8xzHcg</span><svg><path></path></svg> with password: 1234.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141485985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Detecting malicious DoH traffic: Leveraging small sample analysis and adversarial networks for detection","authors":"Shaoqian Wu,&nbsp;Wei Wang,&nbsp;Zhanmeng Ding","doi":"10.1016/j.jisa.2024.103827","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103827","url":null,"abstract":"<div><p>In light of the escalating frequency of DNS attacks, it is imperative to bolster user security and privacy through the encryption of DNS queries. However, conventional methods for detecting DNS traffic are no longer effective in identifying encrypted traffic, particularly with the utilization of the DNS-over-HTTPS (DoH) protocol, which employs secure HTTPS for DNS resolution. To confront this challenge, we propose a novel model for detecting malicious DoH traffic, named DoH-TriCGAN, which distinguishes between non-DoH, benign DoH, and malicious DoH traffic. DoH-TriCGAN employs a conditional generative adversarial network comprising three network components, for which we only provide additional information to the generator. We extracted different small sample datasets and large sample dataset from the CIRA-CIC-DoHBrw-2020 dataset, to evaluate the efficiency and effectiveness of the proposed DoH-TriCGAN model, and compared the quality of the generated synthetic data. To establish a benchmark, we utilized the six metrics – accuracy, precision, recall, F1-score, ROC_AUC, and PR_AUC – to assess the performance of our model. The results demonstrate our proposed model outperforms the other five models (RF, XGBoost, BiGRU, Autoencoder, Transformer), showing the best performance particularly in scenarios with limited training samples, while also demonstrating data expansion capabilities by generating high-quality synthetic data to address the issue of insufficient network traffic.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141485946","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Statistical privacy protection for secure data access control in cloud","authors":"Yaser Baseri ,&nbsp;Abdelhakim Hafid ,&nbsp;Mahdi Daghmehchi Firoozjaei ,&nbsp;Soumaya Cherkaoui ,&nbsp;Indrakshi Ray","doi":"10.1016/j.jisa.2024.103823","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103823","url":null,"abstract":"<div><p><em>Cloud Service Providers</em> (<em>CSP</em>s) allow data owners to migrate their data to resource-rich and powerful cloud servers and provide access to this data by individual users. Some of this data may be highly sensitive and important and <em>CSP</em>s cannot always be trusted to provide secure access. It is also important for end users to protect their identities against malicious authorities and providers, when they access services and data. <em>Attribute-Based Encryption</em> (<em>ABE</em>) is an end-to-end public key encryption mechanism, which provides secure and reliable fine-grained access control over encrypted data using defined policies and constraints. Since, in <em>ABE</em>, users are identified by their attributes and not by their identities, collecting and analyzing attributes may reveal their identities and violate their anonymity. Towards this end, we define a new anonymity model in the context of <em>ABE</em>. We analyze several existing anonymous <em>ABE</em> schemes and identify their vulnerabilities in user authorization and user anonymity protection. Subsequently, we propose a <em>Privacy-Preserving Access Control Scheme (PACS)</em>, which supports multi-authority, anonymizes user identity, and is immune against users collusion attacks, authorities collusion attacks and chosen plaintext attacks. We also propose an extension of <em>PACS</em>, called <em>Statistical Privacy-Preserving Access Control Scheme (SPACS)</em>, which supports statistical anonymity even if malicious authorities and providers statistically analyze the attributes. Lastly, we show that the efficiency of our scheme is comparable to other existing schemes. Our analysis show that <em>SPACS</em> can successfully protect against <em>Collision Attacks</em> and <em>Chosen Plaintext Attacks</em>.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001261/pdfft?md5=a547f9409c23468b9558ba93b652bd43&pid=1-s2.0-S2214212624001261-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141485984","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Ciphertext policy attribute-based encryption scheme supporting Boolean circuits over ideal lattices","authors":"Chao Ma,&nbsp;Haiying Gao,&nbsp;Bin Hu","doi":"10.1016/j.jisa.2024.103822","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103822","url":null,"abstract":"<div><p>Considering the existence of fast implementation methods for multiplication operations over ideal lattices, we constructed a selectively secure ciphertext policy attribute-based encryption scheme supporting Boolean circuits based non-monotonic linear secret sharing scheme. It uses the trapdoor generation algorithm <span>TrapGen</span> to generate the public parameters and the preimage sampling algorithm <span>SamplePre</span> to embed the public parameters and randomness into the user’s secret key, which achieves the randomization of the secret key. The sharing and reconstruction of the secret in the encryption and decryption algorithm are achieved by a non-monotonic linear secret sharing scheme. Compared to the existing ciphertext policy attribute-based encryption schemes based on a similar sampling algorithm, the size of the ciphertext is significantly reduced.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":5.6,"publicationDate":"2024-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141429431","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Disposable identities: Solving web tracking","authors":"Jacques Bou Abdo ,&nbsp;Sherali Zeadally","doi":"10.1016/j.jisa.2024.103821","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103821","url":null,"abstract":"<div><p>Interrupting the web tracking kill chain is enough to disrupt the tracker’s ability to leverage the collected information; however, this may disrupt the personalized services enjoyed by many. Empowering the user to select which domains can be co-tracked gives him/her the upper hand over web trackers. This allows the user to enjoy the personalized services without fearing full inter-domain tracking. To achieve this, we propose a solution that attempts to introduce layers of anonymization serving as temporary identities to be used by the user while browsing. Those identities will be used for limited time (to sustain the customization and user experience resulting from tracking), and then discarded for a new identity. This approach allows the user to divide the activity into profiles which eliminates browsing history spilling over to other sessions. We proved the security of this approach mathematically and we demonstrated its usability using an open-source Proof-of-Concept built on top of blockchain.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":5.6,"publicationDate":"2024-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141424500","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Keeping classical distinguisher and neural distinguisher in balance","authors":"Gao Wang,&nbsp;Gaoli Wang","doi":"10.1016/j.jisa.2024.103816","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103816","url":null,"abstract":"<div><p>At CRYPTO 2019, Gohr pioneered the use of the neural distinguisher (<span><math><mrow><mi>N</mi><mi>D</mi></mrow></math></span>) for differential cryptanalysis, sparking growing interest in this approach. However, a key limitation of <span><math><mrow><mi>N</mi><mi>D</mi></mrow></math></span> is its inability to analyze as many rounds as the classical differential distinguisher (<span><math><mrow><mi>C</mi><mi>D</mi></mrow></math></span>). To overcome this, researchers have begun combining <span><math><mrow><mi>N</mi><mi>D</mi></mrow></math></span> with <span><math><mrow><mi>C</mi><mi>D</mi></mrow></math></span> into a classical-neural distinguisher (<span><math><mrow><mi>C</mi><mi>N</mi><mi>D</mi></mrow></math></span>) for differential cryptanalysis. Nevertheless, the optimal integration of <span><math><mrow><mi>C</mi><mi>D</mi></mrow></math></span> and <span><math><mrow><mi>N</mi><mi>D</mi></mrow></math></span> remains an under-studied and unresolved challenge.</p><p>In this paper, we introduce a superior approach for constructing the <span><math><mrow><mo>(</mo><mi>r</mi><mo>+</mo><mi>s</mi><mo>)</mo></mrow></math></span>-round differential distinguisher <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math></span> by keeping the <span><math><mi>r</mi></math></span>-round classical distinguisher <span><math><mrow><mi>C</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi></mrow></msub></mrow></math></span> and the <span><math><mi>s</mi></math></span>-round neural distinguisher <span><math><mrow><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>s</mi></mrow></msub></mrow></math></span> in balance. Through experimental analysis, we find that the data complexity of <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math></span> closely approximates the product of that for <span><math><mrow><mi>C</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi></mrow></msub></mrow></math></span> and <span><math><mrow><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>s</mi></mrow></msub></mrow></math></span>. This finding highlights the limitations of current strategies. Subsequently, we introduce an enhanced scheme for constructing <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math></span>, which comprises three main components: a new method for searching the suitable differential characteristics, a scheme for constructing the neural distinguisher, and an accelerated evaluation strategy for the data complexity of <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math></span>. To validate the effectiveness of our approach, we apply it to the round-reduced Simon32, Speck32 and Present64, achieving improved results. Specifically, for Simon32, our <span><math><mr","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":5.6,"publicationDate":"2024-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141328576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient handover authentication protocol with message integrity for mobile clients in wireless mesh networks","authors":"Amit Kumar Roy ,&nbsp;Vijayakumar Varadaranjan ,&nbsp;Keshab Nath","doi":"10.1016/j.jisa.2024.103806","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103806","url":null,"abstract":"<div><p>Wireless Mesh Network (WMN) has become the most favorable choice among various networking options due to its distributed nature. It offers continuous Internet services, in comparison with other conventional networks, through a self-healing and self-configuration approach. Due to the high mobility of mesh clients, handover authentication is an operation that demands significant attention in WMNs. Through the exchange of messages, mesh clients (MCs) and mesh routers (MRs) initiate the operation, allowing the client to authenticate itself with the foreign mesh router (FMR). In existing protocols, these messages were shared in plaintext format, making it easy for an attacker to breach their integrity. Therefore, a secure communication method should be established between MCs and MRs for message exchange. In this paper, we propose a protocol that offers efficient authentication while preserving message integrity during the handover operation. The experimental results show that our proposed protocol performs better and overcomes the limitations present in the existing protocols.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":5.6,"publicationDate":"2024-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141324180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Source printer identification from document images acquired using smartphone","authors":"Sharad Joshi ,&nbsp;Suraj Saxena ,&nbsp;Nitin Khanna","doi":"10.1016/j.jisa.2024.103804","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103804","url":null,"abstract":"<div><p>Vast volumes of printed documents continue to be used for various important as well as trivial applications. Such applications often rely on the information provided in the form of printed text documents whose integrity verification poses a challenge due to time constraints and lack of resources. Source printer identification provides essential information about the origin and integrity of a printed document in a fast and cost-effective manner. Even when fraudulent documents are identified, information about their origin can help stop future frauds. If a smartphone camera replaces scanner for the document acquisition process, document forensics would be more economical, user-friendly, and even faster in many applications where remote and distributed analysis is beneficial. Building on existing methods, we propose to learn a single CNN model from the fusion of letter images and their printer-specific noise residuals. In the absence of any publicly available dataset, we created a new dataset consisting of 2250 document images of text documents printed by eighteen printers and acquired by a smartphone camera at five acquisition settings. The proposed method achieves 98.42% document classification accuracy using images of letter ‘e’ under a 5 × 2 cross-validation approach. Further, when tested using about half a million letters of all types, it achieves 90.33% and 98.01% letter and document classification accuracies, respectively, thus highlighting the ability to learn a discriminative model without dependence on a single letter type. Also, classification accuracies are encouraging under various acquisition settings, including low illumination and change in angle between the document and camera planes.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":5.6,"publicationDate":"2024-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141324181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A comprehensive evaluation on the benefits of context based password cracking for digital forensics","authors":"Aikaterini Kanta ,&nbsp;Iwen Coisel ,&nbsp;Mark Scanlon","doi":"10.1016/j.jisa.2024.103809","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103809","url":null,"abstract":"<div><p>Password-based authentication systems have many weaknesses, yet they remain overwhelmingly used and their announced disappearance is still undated. The system admin overcomes the imperfection by skilfully enforcing a strong password policy and sane password management on the server side. But in the end, the user behind the password is still responsible for the password’s strength. A poor choice can have dramatic consequences for the user or even for the service behind, especially considering critical infrastructure. On the other hand, law enforcement can benefit from a suspect’s weak decisions to recover digital content stored in an encrypted format. Generic password cracking procedures can support law enforcement in this matter — however, these approaches quickly demonstrate their limitations. This article proves that more targeted approaches can be used in combination with traditional strategies to increase the likelihood of success when contextual information is available and can be exploited.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":5.6,"publicationDate":"2024-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001121/pdfft?md5=4f90fdd3c66acaa8d04f675c1df40be6&pid=1-s2.0-S2214212624001121-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141324182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}