Journal of Information Security and Applications最新文献_第8页

Disposable identities: Solving web tracking 一次性身份解决网络跟踪问题

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-18 DOI: 10.1016/j.jisa.2024.103821

Jacques Bou Abdo , Sherali Zeadally

引用次数: 0

Keeping classical distinguisher and neural distinguisher in balance 保持经典区分度和神经区分度的平衡

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-15 DOI: 10.1016/j.jisa.2024.103816

Gao Wang, Gaoli Wang

引用次数: 0

Efficient handover authentication protocol with message integrity for mobile clients in wireless mesh networks 为无线网格网络中的移动客户端提供具有信息完整性的高效切换认证协议

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-14 DOI: 10.1016/j.jisa.2024.103806

Amit Kumar Roy , Vijayakumar Varadaranjan , Keshab Nath

{"title":"Efficient handover authentication protocol with message integrity for mobile clients in wireless mesh networks","authors":"Amit Kumar Roy , Vijayakumar Varadaranjan , Keshab Nath","doi":"10.1016/j.jisa.2024.103806","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103806","url":null,"abstract":"<div><p>Wireless Mesh Network (WMN) has become the most favorable choice among various networking options due to its distributed nature. It offers continuous Internet services, in comparison with other conventional networks, through a self-healing and self-configuration approach. Due to the high mobility of mesh clients, handover authentication is an operation that demands significant attention in WMNs. Through the exchange of messages, mesh clients (MCs) and mesh routers (MRs) initiate the operation, allowing the client to authenticate itself with the foreign mesh router (FMR). In existing protocols, these messages were shared in plaintext format, making it easy for an attacker to breach their integrity. Therefore, a secure communication method should be established between MCs and MRs for message exchange. In this paper, we propose a protocol that offers efficient authentication while preserving message integrity during the handover operation. The experimental results show that our proposed protocol performs better and overcomes the limitations present in the existing protocols.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103806"},"PeriodicalIF":5.6,"publicationDate":"2024-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141324180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Source printer identification from document images acquired using smartphone 从使用智能手机获取的文档图像中识别源打印机

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-13 DOI: 10.1016/j.jisa.2024.103804

Sharad Joshi , Suraj Saxena , Nitin Khanna

{"title":"Source printer identification from document images acquired using smartphone","authors":"Sharad Joshi , Suraj Saxena , Nitin Khanna","doi":"10.1016/j.jisa.2024.103804","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103804","url":null,"abstract":"<div><p>Vast volumes of printed documents continue to be used for various important as well as trivial applications. Such applications often rely on the information provided in the form of printed text documents whose integrity verification poses a challenge due to time constraints and lack of resources. Source printer identification provides essential information about the origin and integrity of a printed document in a fast and cost-effective manner. Even when fraudulent documents are identified, information about their origin can help stop future frauds. If a smartphone camera replaces scanner for the document acquisition process, document forensics would be more economical, user-friendly, and even faster in many applications where remote and distributed analysis is beneficial. Building on existing methods, we propose to learn a single CNN model from the fusion of letter images and their printer-specific noise residuals. In the absence of any publicly available dataset, we created a new dataset consisting of 2250 document images of text documents printed by eighteen printers and acquired by a smartphone camera at five acquisition settings. The proposed method achieves 98.42% document classification accuracy using images of letter ‘e’ under a 5 × 2 cross-validation approach. Further, when tested using about half a million letters of all types, it achieves 90.33% and 98.01% letter and document classification accuracies, respectively, thus highlighting the ability to learn a discriminative model without dependence on a single letter type. Also, classification accuracies are encouraging under various acquisition settings, including low illumination and change in angle between the document and camera planes.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103804"},"PeriodicalIF":5.6,"publicationDate":"2024-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141324181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A comprehensive evaluation on the benefits of context based password cracking for digital forensics 全面评估基于上下文的密码破解对数字取证的益处

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-13 DOI: 10.1016/j.jisa.2024.103809

Aikaterini Kanta , Iwen Coisel , Mark Scanlon

{"title":"A comprehensive evaluation on the benefits of context based password cracking for digital forensics","authors":"Aikaterini Kanta , Iwen Coisel , Mark Scanlon","doi":"10.1016/j.jisa.2024.103809","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103809","url":null,"abstract":"<div><p>Password-based authentication systems have many weaknesses, yet they remain overwhelmingly used and their announced disappearance is still undated. The system admin overcomes the imperfection by skilfully enforcing a strong password policy and sane password management on the server side. But in the end, the user behind the password is still responsible for the password’s strength. A poor choice can have dramatic consequences for the user or even for the service behind, especially considering critical infrastructure. On the other hand, law enforcement can benefit from a suspect’s weak decisions to recover digital content stored in an encrypted format. Generic password cracking procedures can support law enforcement in this matter — however, these approaches quickly demonstrate their limitations. This article proves that more targeted approaches can be used in combination with traditional strategies to increase the likelihood of success when contextual information is available and can be exploited.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103809"},"PeriodicalIF":5.6,"publicationDate":"2024-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001121/pdfft?md5=4f90fdd3c66acaa8d04f675c1df40be6&pid=1-s2.0-S2214212624001121-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141324182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Privacy-preserving geo-tagged image search in edge–cloud computing for IoT 物联网边缘云计算中的隐私保护地理标记图像搜索

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-13 DOI: 10.1016/j.jisa.2024.103808

Zongye Zhang, Fucai Zhou, Ruiwei Hou

{"title":"Privacy-preserving geo-tagged image search in edge–cloud computing for IoT","authors":"Zongye Zhang, Fucai Zhou, Ruiwei Hou","doi":"10.1016/j.jisa.2024.103808","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103808","url":null,"abstract":"<div><p>The Internet of Things (IoT) generates a significant volume of geo-tagged images via surveillance sensors in edge–cloud computing environments. Image search is essential to facilitate information sharing, data analysis, and strategic decision-making. However, outsourced images are typically encrypted for privacy protection, posing a challenge in simultaneously searching for visual and geographical relevance on encrypted images. To address this, this paper proposes an edge intelligence empowered privacy-preserving top-<span><math><mi>k</mi></math></span> geo-tagged image search scheme for IoT in edge–cloud computing. The scheme presents a novel single-to-multi searchable encryption method for geo-tagged images that enables multiple users to perform secure nearest neighbor queries on a data source. Additionally, an extended anchor-based position determination method and an inner product-based distance calculation method are designed to enable geo-tagged image similarity calculation on ciphertext. Finally, a secure pruning method is introduced to improve query performance. Experiments are conducted to verify the performance of the scheme in terms of high efficiency and accuracy of the search.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103808"},"PeriodicalIF":5.6,"publicationDate":"2024-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141324178","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

PCPHE: A privacy comparison protocol for vulnerability detection based on homomorphic encryption PCPHE：基于同态加密的漏洞检测隐私比较协议

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-10 DOI: 10.1016/j.jisa.2024.103805

Lieyu Lv, Ling Xiong, Fagen Li

引用次数: 0

A novel link fabrication attack detection method for low-latency SDN networks 针对低延迟 SDN 网络的新型链路制造攻击检测方法

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-10 DOI: 10.1016/j.jisa.2024.103807

Yuming Liu, Yong Wang, Hao Feng

{"title":"A novel link fabrication attack detection method for low-latency SDN networks","authors":"Yuming Liu, Yong Wang, Hao Feng","doi":"10.1016/j.jisa.2024.103807","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103807","url":null,"abstract":"<div><p>The application of Software-defined Networking (SDN) in low-latency scenarios, such as 6G, has received immense attention. Notably, our research reveals that SDN remains susceptible to link fabrication attacks (LFA) in low-latency environments, where existing detection methods fail to effectively detect LFA. To address this issue, we propose a novel detection method called Correlated Link Verification (CLV). CLV is composed of three phases. Firstly, we introduce a data processing method to mitigate measurement error and enhance robustness. Secondly, we present a multipath transmission simulation method to convert the measured performance disparity between correlated links into statistical features. Thirdly, we propose a dynamic threshold calculation method, which utilizes the statistical features to determine thresholds based on extreme value theory and probability distribution fitting. Finally, CLV identifies the fabricated link within correlated links based on the thresholds and current statistical features. Extensive experiments have been conducted to validate the feasibility, effectiveness, scalability and robustness of CLV. The experimental results demonstrate that CLV can effectively detect LFA in low-latency SDN networks.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103807"},"PeriodicalIF":5.6,"publicationDate":"2024-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141298114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A statistical verification method of random permutations for hiding countermeasure against side-channel attacks 用于隐藏侧信道攻击对策的随机排列统计验证方法

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-08 DOI: 10.1016/j.jisa.2024.103797

Jong-Yeon Park , Jang-Won Ju , Wonil Lee , Bo Gyeong Kang , Yasuyuki Kachi , Kouichi Sakurai

{"title":"A statistical verification method of random permutations for hiding countermeasure against side-channel attacks","authors":"Jong-Yeon Park , Jang-Won Ju , Wonil Lee , Bo Gyeong Kang , Yasuyuki Kachi , Kouichi Sakurai","doi":"10.1016/j.jisa.2024.103797","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103797","url":null,"abstract":"<div><p>Hiding countermeasure is among the best-known secure implementation techniques designed to counteract side-channel attacks. It uses a permutation algorithm to shuffle data. In today’s Post-Quantum Cryptography (PQC), hiding countermeasure has earned the limelight for its “shufflability” in lattice-based, and code-based, cryptographic algorithms. In this narrative, most importantly, as a rule, fast generation of permutations is paramount to both efficacy and security of an algorithm. The Fisher–Yates (FY) shuffling method has long been a popular choice for this purpose: the FY method generates randomly shuffled (finite) indices. However, despite its theoretical verity, with the FY method we anticipate the following risks of misuse, which can lead to biased shuffling sequences: (i) incorrect implementation, (ii) poor random source, and (iii) the chosen random number being too small. In this paper, we introduce a new statistical test called “approximate permutation criterion” (“APC”). We use it to examine some known cases of misused FY shuffling (i–iii). APC takes into consideration the fact that the super-exponential rate of growth of the factorial function <span><math><mrow><mi>N</mi><mo>!</mo></mrow></math></span>, which represents the number of permutations of <span><math><mi>N</mi></math></span> indices, defies any meaningful form of statistical tests. With APC one can verify whether the output permutations are biased or not with much lower testing cost. Mathematically, in this paper we introduce the so-called “<span><math><mi>k</mi></math></span>th order permutation verification”, the underpinning notion upon which APC is based. We also compare APC with full sample space to demonstrate how well it encapsulates the statistical randomness of random permutations. We thereby provide a new method that identifies a bias that exists in the output permutations when implementing FY Shuffling through a visual ratio test and the chi-square (<span><math><msup><mrow><mi>χ</mi></mrow><mrow><mn>2</mn></mrow></msup></math></span>) distribution test.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103797"},"PeriodicalIF":5.6,"publicationDate":"2024-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001005/pdfft?md5=667e687ea99769a6ff80e01b65747c51&pid=1-s2.0-S2214212624001005-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141291442","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Puncturable-based broadcast encryption with tracking for preventing malicious encryptors in cloud file sharing 基于可标点的广播加密与跟踪，防止云文件共享中的恶意加密者

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-07 DOI: 10.1016/j.jisa.2024.103803

Shuanggen Liu , Yingzi Hu , Xu An Wang , Xukai Liu , Yuqing Yin , Teng Wang

{"title":"Puncturable-based broadcast encryption with tracking for preventing malicious encryptors in cloud file sharing","authors":"Shuanggen Liu , Yingzi Hu , Xu An Wang , Xukai Liu , Yuqing Yin , Teng Wang","doi":"10.1016/j.jisa.2024.103803","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103803","url":null,"abstract":"<div><p>Cloud file sharing (CFS) in cloud storage is one of the essential tools for enterprises to improve their core competitiveness. In the sharing process, user dynamic management and players/readers abuse has always been a problem that needs to be solved, but malicious encryptors are also a new challenge. Therefore, preventing malicious encryption is another way to protect copyright issues. This scheme proposes a traitor tracing scheme with puncturable-based broadcast encryption in cloud storage, which is an improved scheme proposed in Ref. Garg et al. (2010). Based on the original completely collusion resistant traitor tracing scheme, the uniform distribution of hash output is used to prevent malicious encryptors. In addition, users can perform authentication during the decryption phase to prevent replay attacks. At the same time, the puncture algorithm is introduced, so that normal users can dynamically revoke themselves without affecting the normal use of other users. We prove that the scheme is secure under chosen plaintext attack (CPA). Theoretical analysis also shows that our scheme can prevent malicious encryptors in cloud file sharing and allow normal users to dynamically revoke. After experimental verification, our scheme offers distinct advantages over the existing one.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103803"},"PeriodicalIF":5.6,"publicationDate":"2024-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141286570","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0