{"title":"LDAC: A lightweight data access control scheme with constant size ciphertext in VSNs based on blockchain","authors":"Cien Chen, Yanli Ren, Chen Lin","doi":"10.1016/j.jisa.2025.103982","DOIUrl":"10.1016/j.jisa.2025.103982","url":null,"abstract":"<div><div>The vehicular social network (VSN) offers diverse services such as traffic management, data sharing, and safe driving. However, malicious users in VSNs may steal and tamper with shared data, which can bring about privacy leakage issues and even cause serious traffic accidents. The CP-ABE algorithm can effectively protect shared data in VSNs and enable one-to-many data sharing. However, it faces issues of high computational complexity and high ciphertext storage overhead. To ensure the security and confidentiality of shared data in VSNs, we propose a lightweight data access control scheme(LDAC) with constant size ciphertext based on blockchain, which greatly reduces the storage and computing overhead of vehicle users. Due to the presence of malicious users and outdated attributes in VSNs, the LDAC scheme supports user revocation and attribute revocation. The multi-authority CP-ABE algorithm is combined with blockchain to enable distributed key distribution and the verification of decrypted data integrity. Security analysis indicates that the security and confidentiality of shared data can be effectively protected by the LDAC scheme. Experimental results indicate that the LDAC scheme can realize more lightweight calculation while achieving constant size ciphertext in comparison to the previous schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103982"},"PeriodicalIF":3.8,"publicationDate":"2025-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Gang Han , Weiran Ma , Yinghui Zhang , Yuyuan Liu , Shuanggen Liu
{"title":"BSFL: A blockchain-oriented secure federated learning scheme for 5G","authors":"Gang Han , Weiran Ma , Yinghui Zhang , Yuyuan Liu , Shuanggen Liu","doi":"10.1016/j.jisa.2025.103983","DOIUrl":"10.1016/j.jisa.2025.103983","url":null,"abstract":"<div><div>Ensuring data security, privacy, and defense against poisoning attacks in 5G intelligent scheduling has become a critical research priority. To address this, this paper proposes BSFL, a verifiable and secure federated learning scheme resistant to poisoning attacks, integrating blockchain technology. This scheme fully leverages the high speed and low latency characteristics of 5G networks, enabling rapid scheduling and real-time processing of smart devices, thus providing robust data support for federated learning. By incorporating the decentralized, immutable, and transparent nature of blockchain, we design a blockchain-based federated learning framework that facilitates verification of feature results and comparison of data features among participants, ensuring the security and reliability of scheduling data. Moreover, it prevents denial-of-service attacks to a certain extent. Experimental results demonstrate that this scheme not only significantly improves the efficiency and accuracy of federated learning but also effectively mitigates the potential threat of poisoning attacks, providing a robust security guarantee for federated learning in 5G intelligent scheduling environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103983"},"PeriodicalIF":3.8,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143232381","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Secure and incentivized V2G Participation with blockchain and game theory","authors":"R. Sasirega , S. Prakash","doi":"10.1016/j.jisa.2025.103975","DOIUrl":"10.1016/j.jisa.2025.103975","url":null,"abstract":"<div><div>The vehicle-to-grid (V2G) network is a transformative technology that enables electric vehicles (EVs) to interact with the power grid, enhancing grid stability and promoting the integration of renewable energy. This paper presents a secure and efficient V2G framework addressing key challenges, such as optimizing energy management and ensuring robust security. The proposed framework incorporates game theory-based scheduling for optimal EV charging and discharging, mutual authentication using ECC keys and hash functions for secure communication, and blockchain technology for transparent and tamper-proof data management. Experimental results demonstrate the framework's effectiveness in balancing the supply and demand of energy between EVs and the grid, optimizing production-consumption ratios, and improving grid interaction efficiency. The approach also enhances the economic benefits of V2G operations, improving EV selection probability and net utility, and demonstrating superior performance compared to existing techniques. These results highlight the framework's potential for secure, efficient, and cost-effective V2G integration.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103975"},"PeriodicalIF":3.8,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170133","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"PCPT and ACPT: Copyright protection and traceability scheme for DNN models","authors":"Xuefeng Fan , Dahao Fu , Hangyu Gui , Xiaoyi Zhou","doi":"10.1016/j.jisa.2025.103980","DOIUrl":"10.1016/j.jisa.2025.103980","url":null,"abstract":"<div><div>Deep neural networks (DNNs) have achieved tremendous success in artificial intelligence (AI) fields. However, DNN models can be easily illegally copied, redistributed, or abused by criminals, seriously damaging the interests of model inventors. Therefore, establishing a copyright protection and traceability mechanism to identify authorized users of a leaked model represents a novel challenge driven by the demand for artificial intelligence services. Because the existing traceability mechanisms are used for models without watermarks, a small number of false-positives are generated. Existing black-box active protection schemes have loose authorization control and are vulnerable to forgery attacks. Therefore, based on the idea of black-box neural network watermarking with the video framing and image perceptual hash algorithm, a passive copyright protection and traceability framework PCPT is proposed that uses an additional class of DNN models, improving the existing traceability mechanism that yields a small number of false-positives. Based on an authorization control strategy and image perceptual hash algorithm, a DNN model active copyright protection and traceability framework ACPT is proposed. This framework uses the authorization control center constructed by the detector and verifier. This approach realizes stricter authorization control, which establishes a strong connection between users and model owners, improves the framework security, and supports traceability verification.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103980"},"PeriodicalIF":3.8,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170134","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"General-purpose multi-user privacy-preserving outsourced k-means clustering","authors":"Jun Ye , Zhaowang Hu , Zhengqi Zhang","doi":"10.1016/j.jisa.2025.103976","DOIUrl":"10.1016/j.jisa.2025.103976","url":null,"abstract":"<div><div>Nowadays, there is a trend towards an incessant growth and complexity in the volume of data held by users. Clustering techniques in machine learning are becoming more and more important to help extract the value from big data. However, it is difficult for a single user to fully use large-scale data for clustering locally due to the restricted training resources and the lack of datasets. To address this problem, the multi-user collaborative clustering model has emerged as a viable solution for multi-user collaborative clustering by hosting the data on a cloud platform. Nevertheless, outsourced clustering may give rise to a series of privacy problems. In order to address these problems effectively, we propose a novel, secure and efficient outsourced k-means clustering scheme. This scheme uses partially homomorphic encryption techniques for cloud-based k-means clustering, which ensures that the cloud does not contain any private information, while simultaneously safeguarding the confidentiality of the database, data involved in the clustering process, clustering results and user information. Furthermore, a comparative analysis of our proposed scheme is conducted. These analyses demonstrate the security and practicality of our scheme.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103976"},"PeriodicalIF":3.8,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Parichehr Dadkhah , Parvin Rastegari , Mohammad Dakhilalian
{"title":"IoT-friendly certificateless signcryption schemes: Introducing a provably secure scheme in ROM","authors":"Parichehr Dadkhah , Parvin Rastegari , Mohammad Dakhilalian","doi":"10.1016/j.jisa.2025.103979","DOIUrl":"10.1016/j.jisa.2025.103979","url":null,"abstract":"<div><div>The Internet of Things (IoT) represents a significant technological advancement, bringing intelligence and comfort to our lives. Cryptographic tools can be employed to address the challenging security issues in IoT environments. However, conventional public key encryption and signature schemes are too resource-intensive for IoT devices with constrained hardware and software capabilities. A workable cryptographic solution for satisfying security in the IoT paradigm is certificateless signcryption (CL-SC) schemes, which eliminate the troublesome certificate management of certificate-based systems and the key escrow issue in identity-based systems simultaneously. In this work, we first analyze some recent CL-SC schemes, then build a secure, low-power CL-SC scheme to guarantee data security and efficiency in IoT environments. We prove the security of our proposed scheme in ROM and compare its efficiency with other current schemes, demonstrating that our approach yields lower computational and communication costs.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103979"},"PeriodicalIF":3.8,"publicationDate":"2025-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Guodong Zhang , Tianyu Yao , Jiawei Qin , Yitao Li , Qiao Ma , Donghong Sun
{"title":"CodeSAGE: A multi-feature fusion vulnerability detection approach using code attribute graphs and attention mechanisms","authors":"Guodong Zhang , Tianyu Yao , Jiawei Qin , Yitao Li , Qiao Ma , Donghong Sun","doi":"10.1016/j.jisa.2025.103973","DOIUrl":"10.1016/j.jisa.2025.103973","url":null,"abstract":"<div><div>Software supply chain security is a critical aspect of modern computer security, with vulnerabilities being a significant threats. Identifying and patching these vulnerabilities promptly can significantly reduce security risks. Traditional detection methods cannot fully capture the complex structure of source code, leading to low accuracy. The neural network capacity limits machine learning-based methods, hindering effective feature extraction and impacting performance. In this paper, we propose a multi-feature fusion vulnerability detection technique called CodeSAGE. The method utilizes the Code Property Graph (CPG)<span><span><sup>1</sup></span></span> to comprehensively display multiple logical structural relationships in the source code and combine it with GraphSAGE to aggregate the information of neighboring nodes in CPG to extract local features of the source code. Meanwhile, a Bi-LSTM combined with the attention mechanism is utilized to capture long-range dependencies in the logical structure of the source code and extract global features. The attention mechanism is used to assign weights to the two features, which are then fused to represent the syntactic and semantic information of the source code for vulnerability detection. A method for simplifying the CPG is proposed to mitigate the impact of graph size on model runtime and reduce redundant feature information. Irrelevant nodes are removed by weighting different edge types and filtering nodes exceeding a certain threshold, reducing the CPG size. To verify the effectiveness of CodeSAGE, comparative experiments are conducted on the SARD and CodeXGLUE datasets. The experimental results show that the CPG size can be reduced by 25%–45% using the simplified method, with an average time reduction of 20% per training round. Detection accuracy reached 99.12% on the SARD dataset and 73.57% on the CodeXGLUE dataset, outperforming the comparison methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103973"},"PeriodicalIF":3.8,"publicationDate":"2025-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xinzhe Zhang , Lei Wu , Lijuan Xu , Zhien Liu , Ye Su , Hao Wang , Weizhi Meng
{"title":"Privacy-preserving and verifiable multi-task data aggregation for IoT-based healthcare","authors":"Xinzhe Zhang , Lei Wu , Lijuan Xu , Zhien Liu , Ye Su , Hao Wang , Weizhi Meng","doi":"10.1016/j.jisa.2025.103977","DOIUrl":"10.1016/j.jisa.2025.103977","url":null,"abstract":"<div><div>The combination of mobile crowdsensing (MCS) and IoT-based healthcare introduces innovative solutions for collecting health data. The considerable accumulation of health data through MCS expedites advancements in medical research and disease prediction, giving rise to privacy considerations. Data aggregation emerges as a salient solution that facilitates the provision of aggregated statistics while obfuscating raw personal data. However, prevailing aggregation schemes primarily pivot around single-task or multi-dimensional data aggregation, rarely contemplating the multi-task aggregation scenarios. Furthermore, in some schemes that implement multi-tasking, protection of task contents and verifiability of aggregation results are not achieved. Therefore, we propose a specialized data aggregation scheme for multi-task scenarios on fog computing. Initially, we employ a symmetric cryptographic algorithm to encrypt task contents and distribute the corresponding symmetric keys through a key management scheme based on the Chinese Remainder Theorem (CRT). Subsequently, we utilize blinding techniques to encrypt the raw data of users, ensuring efficient data aggregation. To enhance resilience against adversarial tampering with aggregated data, we employ the Pedersen commitment scheme to achieve the verifiability of task aggregation results. Finally, theoretical analyses and experimental evaluations collectively demonstrate the security and effectiveness of our proposed scheme.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103977"},"PeriodicalIF":3.8,"publicationDate":"2025-01-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hongsong Chen , Zimei Tao , Zhiheng Wang , Xinrui Liu
{"title":"Merkle multi-branch hash tree-based dynamic data integrity auditing for B5G network cloud storage","authors":"Hongsong Chen , Zimei Tao , Zhiheng Wang , Xinrui Liu","doi":"10.1016/j.jisa.2025.103981","DOIUrl":"10.1016/j.jisa.2025.103981","url":null,"abstract":"<div><div>In the Beyond 5th Generation (B5G) mobile communication network, data transmission speed will be higher, and communication time latency will be minimized, it also brings new security challenges to data management and privacy protection. Aiming at the problems faced by the data integrity audit for B5G network cloud storage, such as complex dynamic data updating, a large number of users, we propose a Merkle Multi-branch Hash Tree (MMHT)-based data integrity auditing scheme for B5G network cloud storage. The scheme involves five entities and eight phases. We propose a multi-branch double-linked Merkle Hash Tree structure to store and audit dynamic data. We conduct correctness analysis and security analysis to this scheme. The results show that our scheme can meet the requirements of data integrity audit and counter six types of data integrity attack. We conduct theoretical comparative analysis. Compared with other schemes, the computational overhead of data owner (DO) is reduced by <em>m</em> times (<em>m</em> represents the number of data blocks). Relevant experiments are conducted with a 5G real-world dataset, and the experiments show that on the order of million data, the construction time of MHT is about 2.48 times that of MMHT in terms of Merkle tree. The verification time of MHT is about 12.83 times that of MMHT. When the data scale reaches millions, the time to generate user keys in the 4G environment is 6.49 times that of in the B5G environment. When the number of bilinear pairings reaches one million, the verification time of Third-Party Auditors (TPA) for 10,000 encrypted data entries is only 1.07 times that of 1,000 entries, indicating that our scheme can be scaled for use with large datasets. Compared with other schemes, our solution improves the efficiency and security of dynamic data integrity auditing in the B5G network environment.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103981"},"PeriodicalIF":3.8,"publicationDate":"2025-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170129","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"CSA: Crafting adversarial examples via content and style attacks","authors":"Wei Chen , Yunqi Zhang","doi":"10.1016/j.jisa.2025.103974","DOIUrl":"10.1016/j.jisa.2025.103974","url":null,"abstract":"<div><div>Most existing black-box attacks fall into two categories: gradient-based attacks and unrestricted attacks. The former injects adversarial perturbations into the original clean examples under the <span><math><msub><mrow><mi>L</mi></mrow><mrow><mi>p</mi></mrow></msub></math></span>-norm constraint, while the latter tends to attack by changing the shape, color, and texture of the original image. However, the adversarial examples generated by the gradient-based attacks are vulnerable to defense methods and unnatural to the human eye. Meanwhile, unrestricted attacks have poor transferability of adversarial examples compared to gradient-based attacks. Therefore, we propose a novel attack that combines gradient-based and unrestricted attacks, <em>i.e.</em>, Content and Style Attack (CSA). Specifically, we utilize an encoder to extract the content features of the original image and train a reconstructor to generate an image consistent with these features. A gradient-based method is then employed to inject perturbations, followed by using the encoder to extract the content features of the altered image. We implement a momentum-based approach to search for malicious style information, which is then fused with the adversarial content features to create the final attack features. Extensive experiments on the ImageNet standard dataset demonstrate that our method is capable of generating adversarial examples that are both natural-looking and possess high transferability.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103974"},"PeriodicalIF":3.8,"publicationDate":"2025-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}