Journal of Information Security and Applications最新文献

{"title":"Securing Modbus in legacy industrial control systems: A decentralized approach using proxies, Post-Quantum Cryptography and Self-Sovereign Identity","authors":"Francesco Trungadi ,&nbsp;Manuel Fabiano ,&nbsp;Davide Aloisio ,&nbsp;Giovanni Brunaccini ,&nbsp;Francesco Sergi ,&nbsp;Giovanni Merlino ,&nbsp;Francesco Longo","doi":"10.1016/j.jisa.2025.104199","DOIUrl":"10.1016/j.jisa.2025.104199","url":null,"abstract":"<div><div>Industrial Control Systems (ICSs) are increasingly vulnerable to cyber threats due to their reliance on legacy protocols like Modbus TCP/IP, which lack built-in security mechanisms. Despite these risks, replacing or upgrading ICS components remains costly and impractical for many critical infrastructures, such as manufacturing, power generation, and transportation. This highlights the urgent need for security solutions that enhance protection without requiring disruptive system overhauls.</div><div>Building on our previous work, this paper introduces a decentralized security framework based on dedicated proxies that manage cryptographic operations for legacy devices and facilitate secure communication. The architecture leverages Decentralized Identifiers (DIDs) for node identity management, storing DID Documents containing post-quantum public keys in a Distributed Hash Table (DHT). The DHT, composed of proxy nodes, is specifically modified to function as a Verifiable Data Registry (VDR), ensuring data integrity and availability. To support authorization, Verifiable Credentials (VCs) are issued by an operator-controlled Issuer Node, activated solely during new device installations, or maintenance operations.</div><div>The proposed solution eliminates reliance on a central authority, enhances communication security against quantum threats, and improves resilience through decentralized identity management. Performance evaluations on both physical testbeds and simulated environments analyze handshake latency and system efficiency. Results demonstrate that our approach effectively secures legacy ICSs with an acceptable operational impact, paving the way for more robust and future-proof industrial networks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104199"},"PeriodicalIF":3.7,"publicationDate":"2025-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144880048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A privacy protection scheme for biological characteristics based on 4D hyperchaos and matrix transformation","authors":"Liyuzhen Yang ,&nbsp;Zhenlong Man ,&nbsp;Ze Yu ,&nbsp;Ying Zhou","doi":"10.1016/j.jisa.2025.104198","DOIUrl":"10.1016/j.jisa.2025.104198","url":null,"abstract":"<div><div>In recent years, biometrics have been widely used in areas such as access control, healthcare, finance and the Internet of Things (IoT). However, due to the uniqueness and immutability of biometric data, it poses a serious privacy risk once leaked. To address these challenges, this paper proposes an improved biometric image encryption scheme. We enhance the classical three-dimensional Chen’s chaotic system into a four-dimensional model to take full advantage of its high sensitivity and stochasticity. By integrating Latin matrices and semi-tensor products, we develop a novel encryption algorithm designed to protect multimodal biometrics. The method overcomes the instability of traditional cryptographic algorithms and ensures robust protection of biometric data when processing different images such as face, fingerprint, palmprint and iris. Various performance evaluations are also conducted, in which the image encryption time reaches 0.071s, the UACI values of the ciphertext images are close to 99.6094%, and the information entropy of the ciphertext images reaches 7.9980. The experimental results show that the algorithm has excellent encryption, security, and efficiency. This method provides a reliable solution for securing biometric data in an increasingly complex digital environment.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104198"},"PeriodicalIF":3.7,"publicationDate":"2025-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144863263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Rhetorical Structure Theory-based machine intelligence-driven deceptive phishing attack detection scheme","authors":"Chanchal Patra ,&nbsp;Debasis Giri ,&nbsp;Bibekananda Kundu ,&nbsp;Tanmoy Maitra ,&nbsp;Mohammad Wazid","doi":"10.1016/j.jisa.2025.104184","DOIUrl":"10.1016/j.jisa.2025.104184","url":null,"abstract":"<div><div>The easiest way for users to interact with one other is via emails or messages. However, the growing incidence of cybercrime necessitates the astute use of emails or messages. These days, one of the biggest risks is phishing as well as smishing. Attackers aim to get sensitive user data by means of phishing emails. Credit card information, passwords, usernames, and other sensitive data are included. These might result in severe financial loss. The literature has a plethora of anti-phishing techniques for identifying phishing email or messages. However, fraudsters are always coming up with new techniques, making it difficult to develop anti-phishing techniques to stop phishing or smishing attack. This paper discusses a novel methodology leveraging Rhetorical Structure Theory (RST) to validate whether a given text of emails or messages are deceptive or not. A balanced dataset of deceptive and non-deceptive have been collected and annotated manually using different features like term Discourse Connectors, Rhetorical Relations, Deception likely tags and sentence type features. The work involved experiment with different machine learning classifiers trained using these features in order to achieve higher accuracy in deception phishing detection task. The proposed technique exhibits high accuracy on the dataset when RST based linguistic features are used. When ensemble classifiers are used instead of individual classifiers, the optimal classification performance is achieved, leading to an increase in accuracy. In comparison to the individual learners, the results of our experiment demonstrate that the proposed technique achieved the greatest accuracy, precision, recall, and F1-score values.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104184"},"PeriodicalIF":3.7,"publicationDate":"2025-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144880046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A general framework for high-dimension data secure aggregation with resilience to dropouts","authors":"Chao Huang ,&nbsp;Yanqing Yao ,&nbsp;Xiaojun Zhang ,&nbsp;Yuan Zhang ,&nbsp;Zhoujun Li","doi":"10.1016/j.jisa.2025.104194","DOIUrl":"10.1016/j.jisa.2025.104194","url":null,"abstract":"<div><div>Data secure aggregation (DSA) protocols play an important role in many applications with privacy preservation, e.g., medical data analysis, federated learning model aggregation, etc. In such protocols, the computation and communication complexity of clients and the aggregator heavily depend on two parameters, including the number of involved clients and the dimension of secret data. Besides, resilience to client dropouts is an crucial requirement in many applications. In this paper, we focus on the issue of high-dimension DSA (HDDSA) with resilience to dropouts. Based on a critical non-interactive masking method using lightweight computations over polynomials, we propose a DSA reduction framework to transform high-dimension DSA problem to secure aggregation over scalars. We also construct two efficient HDDSA protocol instantiations based on multiparty homomorphic encryption (MPHE) cryptosystems. The first one (HDDSA1) gives a 2-round DSA protocol based on a threshold Paillier’s cryptosystem which requires a trusted setup. The second one (HDDSA2) gives a 3-round DSA protocol based on a multiparty Brakerski–Fan–Vercauteren (MPBFV) cryptosystem, which by contrast does not need trusted setup. Both protocols are resilient to dropouts by design and do not introduce extra recovery overheads. In addition, both protocols are secure against semi-honest adversary and collusion adversary with up to <span><math><mrow><mi>min</mi><mrow><mo>(</mo><mi>t</mi><mo>−</mo><mn>1</mn><mo>,</mo><mi>n</mi><mo>−</mo><mn>2</mn><mo>)</mo></mrow></mrow></math></span> clients, given <span><math><mi>n</mi></math></span> clients involved in the protocols, <span><math><mi>t</mi></math></span> is a threshold parameter of underlying subprotocol. In terms of efficiency, the computation and communication complexity at client side are both <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mi>ℓ</mi><mo>)</mo></mrow></mrow></math></span>, where <span><math><mi>ℓ</mi></math></span> is the dimension, which is independent of the number of clients. Empirical experiments are also conducted to show the practical efficiency superiority of our framework and proposed protocols.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104194"},"PeriodicalIF":3.7,"publicationDate":"2025-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144880047","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards a robust android malware detection model using explainable deep learning","authors":"Masumeh Najibi,&nbsp;Amir Jalaly Bidgoly","doi":"10.1016/j.jisa.2025.104191","DOIUrl":"10.1016/j.jisa.2025.104191","url":null,"abstract":"<div><div>The growing threat of Android malware demands effective and trustworthy detection mechanisms. This paper investigates the robustness of explainable deep learning models for Android malware detection and classification using network flow features. Three deep learning architectures — DNN, 1D-CNN, and BiLSTM — were evaluated on the CICAndMal2017 dataset, with BiLSTM achieving the best performance on unseen samples. Model decisions were analyzed using LIME and SHAP to identify influential and potentially manipulable features. Using domain knowledge, features were categorized based on their resistance to evasion, with emphasis on robust indicators such as TCP flags and initial window sizes. Retraining models using only these robust features resulted in minimal performance degradation while significantly improving explainability and resilience to evasion. On the unseen dataset, the BiLSTM model achieved a 70.90% F1-score for malware detection and 62.84% for classification, with AUC scores of 73.39% and 79.96%, respectively. After removing weak features, the retrained detection model maintained a 71% F1-score, and the classification model achieved 57%, demonstrating that robustness can be improved without major loss in performance. These results highlight the potential for transparent and dependable AI-driven cybersecurity solutions, particularly in adversarial settings where evasion is common. By emphasizing explainability and robustness, this work contributes towards models that balance performance with trust in evolving threat landscapes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104191"},"PeriodicalIF":3.7,"publicationDate":"2025-08-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144858086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Improved biometric data protection: Bounded brute-force strategy for maximum likelihood decoding","authors":"Wen Khai Lai,&nbsp;Ming Jie Lee,&nbsp;Kai Lin Chia,&nbsp;Yen-Lung Lai","doi":"10.1016/j.jisa.2025.104182","DOIUrl":"10.1016/j.jisa.2025.104182","url":null,"abstract":"<div><div>Conventional biometric data protection schemes often struggle to provide strong and reliable security guarantees after transformation, largely due to the noise amplification introduced during quantization. This amplified noise can distort the relationship between the protected and original biometric data, creating a gap between the claimed security of the protected representation and the actual security of the raw input. Such a mismatch risks overestimating system robustness and may expose the scheme to vulnerabilities such as pre-image attacks. To address this challenge, we propose a novel secure sketch construction that integrates Locality-Sensitive Hashing (LSH) with a bounded brute-force strategy for maximum likelihood decoding. Our method achieves asymptotically optimal error tolerance while preserving the statistical alignment of inter- and intra-class variability across both unprotected and protected domains. This alignment enables accurate key recovery and enhances resistance to pre-image and decoding attacks. Comprehensive experiments demonstrate that our method consistently outperforms existing approaches in both security and robustness to biometric variability, offering a practical and theoretically grounded solution for biometric authentication.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104182"},"PeriodicalIF":3.7,"publicationDate":"2025-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144858085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A feature vector-based modeling attack method on symmetrical obfuscated interconnection PUF","authors":"Huanwei Wang ,&nbsp;Fushan Wei ,&nbsp;Fagen Li ,&nbsp;Jing Jing ,&nbsp;Tieming Liu ,&nbsp;Wei Liu","doi":"10.1016/j.jisa.2025.104187","DOIUrl":"10.1016/j.jisa.2025.104187","url":null,"abstract":"<div><div>Physical unclonable function (PUF) are widely used in solutions such as device authentication and lightweight encryption due to their tamper-resistant, key-free storage and lightweight properties. However, the security of PUFs is threatened by modeling attacks. In this paper, we propose a novel modeling attack method for the symmetrical obfuscated interconnection physical unclonable function (SOI PUF) based on feature vectors. The proposed method introduces an innovative feature vector transformation technique and vector response pair to capture higher-order relationships with complex PUF architectures. Meanwhile, we propose two important principles for designing deep neural network (DNN) attack models. The experiments are systematically validated for the novel SOI PUF and cSOI PUF architectures, and the results show that, under equivalent dataset conditions, the proposed method achieves a higher attack success rate compared to the traditional challenge-response pair-based modeling approaches, achieving an accuracy of 98.42% in modeling SOI PUF. This study provides valuable theoretical and practical insights for enhancing PUF security and designing attack-resistant PUF architectures.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104187"},"PeriodicalIF":3.7,"publicationDate":"2025-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144858084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust zero-watermarking method for medical images based on FFST and Daisy descriptor","authors":"Guangyun Yang ,&nbsp;Xinhui Lu ,&nbsp;Yu Lu ,&nbsp;Xiangguang Xiong","doi":"10.1016/j.jisa.2025.104193","DOIUrl":"10.1016/j.jisa.2025.104193","url":null,"abstract":"<div><div>With the continuous development of digital medical imaging technologies, ensuring the security of the medical images has become critically important. In this study,the Daisy descriptors’ stability against attacks was first experimented with, and the findings show that it provides superior robustness. With this, a robust zero-watermarking method is designed to maintain medical image integrity and enable copyright protection by combining the fast finite Shearlet transform (FFST), Daisy descriptor, and Hessenberg decomposition. First, FFST was performed on the medical image to extract the low-frequency component and divide it into blocks of equal size. Second, each block’s Daisy descriptor matrix is calculated and its 8<span><math><mo>×</mo></math></span> 8 block is selected, after which the Hessenberg decomposition is performed for each block, and a feature image is derived from the magnitude comparison between the maximum value of each block and the global mean. Additionally, the copyrighted image is first encrypted by using a 2D Logistic-Sine coupling mapping, and then combined with the feature image through an exclusive OR operation to produce an unrecognizable binary image. The experimental results on ten medical images and three benchmark image databases (COVID-19, OASIS-1, and SIPI) show that the proposed method is highly resistant to most attacks, and the normalized correlation coefficient is always maintained higher than 0.95. Compared to typical methods, our method achieves superior robustness and improves the average performance by approximately 3.2%.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104193"},"PeriodicalIF":3.7,"publicationDate":"2025-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144852573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient NTT/INTT processor for FALCON post-quantum cryptography","authors":"Ghada Alsuhli ,&nbsp;Hani Saleh ,&nbsp;Mahmoud Al-Qutayri ,&nbsp;Baker Mohammad ,&nbsp;Thanos Stouraitis","doi":"10.1016/j.jisa.2025.104177","DOIUrl":"10.1016/j.jisa.2025.104177","url":null,"abstract":"<div><div>FALCON is a lattice-based post-quantum cryptographic (PQC) digital signature standard known for its compact signatures and resistance to quantum attacks. Since its recent standardization, its hardware implementation remains an open challenge, particularly for key generation, which is significantly more complex than the simple and well-studied signature verification process. In this paper, targeting edge devices with constrained resources, we present an energy-efficient and area-optimized NTT/INTT architecture tailored to the specific requirements of FALCON key generation. By leveraging NTT-friendly primes and reducing the size of the multipliers in the Montgomery reduction algorithm — optimized for ASIC implementation — our design minimizes hardware complexity, achieving the lowest power and area consumption compared to state-of-the-art Montgomery reduction implementations. The proposed hardware architecture features a processing element array, distributed SRAMs, and ROMs, with three levels of reconfigurability, supporting both NTT and INTT operations. Designed using the Global Foundries’ 22 nm FD-SOI process, an Application-Specific Integrated Circuit (ASIC) is estimated to occupy 0.04 mm<span><math><msup><mrow></mrow><mrow><mn>2</mn></mrow></msup></math></span> and consume 18.2 mW at 1 GHz. The proposed processor achieves 700 times greater energy efficiency and performs computations 200 times faster than software implementations on the ARM Cortex-M4. It also achieves the lowest area–time product and highest energy efficiency among state-of-the-art NTT/INTT hardware accelerators. By carefully balancing power consumption and computational speed, this design offers an efficient solution for deploying FALCON key generation on devices with limited resources.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104177"},"PeriodicalIF":3.7,"publicationDate":"2025-08-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144841758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SecureLoc: A fully homomorphic encryption-based privacy protection scheme for location-based services","authors":"Qiqi Xie ,&nbsp;Hong Zhang ,&nbsp;Liqiang Wang ,&nbsp;Miao Wang ,&nbsp;Wanqing Wu ,&nbsp;Yilong Liu","doi":"10.1016/j.jisa.2025.104190","DOIUrl":"10.1016/j.jisa.2025.104190","url":null,"abstract":"<div><div>As Internet of Things (IoT) technology advances, a growing number of devices can access real-time location information and engage with other devices and platforms. Consequently, this expansion enriches the data sources and application scenarios for Location-Based Services (LBS). The computational tasks of LBS are often outsourced to a third-party service (<em>TPS</em>) for processing in order to improve computational efficiency on users’ devices. However, sensitive and private data stored with a semi-honest <em>TPS</em> poses the risk of data abuse or data leakage. In this paper, we propose a robust privacy-preserving scheme called SecureLoc within outsourced computing environments. Utilizing the collaborative capabilities of the <em>TPS</em> and the Trajectory Matching Server (<em>TMS</em>), we present a fully homomorphic encryption approach to protect the privacy of location and sensitive information. Specifically, we present an improved CKKS-based trajectory comparison algorithm that ensures trajectory matching without exposing sensitive plaintext data. In addition, by utilizing complex numbers to store location coordinates and ciphertext expansion, we greatly improve the computational efficiency. We also combine the K-anonymity algorithm with CKKS to further enhance the protection of user privacy by anonymizing and generalizing sensitive information such as phone numbers, ID numbers, and LBS request times. Finally, we prove SecureLoc is secure against semi-honest <em>TPS</em> and malicious eavesdroppers, and demonstrate that our method outperforms other state-of-the-art methods in terms of security, feasibility, and accuracy.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104190"},"PeriodicalIF":3.7,"publicationDate":"2025-08-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144841927","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}