IET Information Security最新文献

{"title":"Cryptanalysis on Two Kinds of Number Theoretic Pseudo-Random Generators Using Coppersmith Method","authors":"Ran Zhang,&nbsp;Jingguo Bi,&nbsp;Lixiang Li,&nbsp;Haipeng Peng","doi":"10.1049/ise2/5569393","DOIUrl":"https://doi.org/10.1049/ise2/5569393","url":null,"abstract":"<div>\u0000 <p>Pseudo-random number generator (PRNG) is a type of algorithm that generates a sequence of random numbers using a mathematical formula, which is widely used in computer science, such as simulation, modeling applications, data encryption, et cetera. The efficiency and security of PRNG are closely related to its output bits at each iteration. Especially, we have recently found that linear congruential generator (LCG) is commonly used as the underlying PRNG in short message service (SMS) app, fast knapsack generator (FKG), and programming languages such as Python, while the quadratic generator plays an important role in Monte Carlo method. Therefore, in this paper, we revisit the security of these two number-theoretic pseudo-random generators and obtain the best results for attacking these two kinds of PRNGs up to now. More precisely, we prove that when the mapping function of LCG and the quadratic generator is unknown, if during each iteration, generators only output the most significant bits of <i>v</i>_<i>i</i>, one can also recover the seed of PRNG when enough consecutive or nonconsecutive outputs are obtained. The primary tool of our attack is the Coppersmith method which can find small roots on polynomial equations. Our advantage lies in applying the local linearization technique to the polynomial equations to make them simple and easy to solve and applying the analytic combinatorics method to simplify the calculation of solution conditions in the Coppersmith method. Experimental data validate the effectiveness of our work.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/5569393","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144647404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Measures to Address Cyber-Attacks in Construction Project Data Management Processes: A Cybersecurity Perspective","authors":"Ornella Tanga Tambwe,&nbsp;Clinton Ohis Aigbavboa,&nbsp;Opeoluwa Israel Akinradewo,&nbsp;Peter Ademola Adekunle","doi":"10.1049/ise2/7398742","DOIUrl":"https://doi.org/10.1049/ise2/7398742","url":null,"abstract":"<div>\u0000 <p>In the past decade, the fourth industrial revolution has transformed data management in the construction industry, enhancing processes from storage to exchange. However, this digitisation has also led to increased security challenges, particularly cyber-attacks. This study aims to identify measures to mitigate these threats in construction project data management. Using a quantitative approach, data was collected from construction professionals in Gauteng, South Africa, including quantity surveyors, architects and engineers, via a structured online questionnaire. Findings revealed that effective measures against cyber-attacks include adequate staff training, antivirus software and regular password changes. The study recommends that construction professionals secure their computers and software, as they house critical project data vulnerable to exploitation, even long after project completion. By keeping stakeholders informed about current data security practices, this research encourages the adoption of Industry 4.0 technologies, despite the risks posed by cyber-attacks.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/7398742","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144598408","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From Data to Deployment: A Comprehensive Analysis of Risks in Large Language Model Research and Development","authors":"Tianshu Zhang,&nbsp;Ruidan Su,&nbsp;Anli Zhong,&nbsp;Minwei Fang,&nbsp;Yu-dong Zhang","doi":"10.1049/ise2/7358963","DOIUrl":"https://doi.org/10.1049/ise2/7358963","url":null,"abstract":"<div>\u0000 <p>Large language models (LLMs) have evolved significantly, achieving unprecedented linguistic capabilities that underpin a wide range of AI applications. However, they also pose risks and challenges such as ethical concerns, bias and computational sustainability. How to balance the high performance in revolutionising information processing with the risks they pose is critical to their future development. LLM is a type of NLP model and many of the LLM risks are also risks that NLP has experienced in the past. We, therefore, summarise these risks, focusing more on the underlying understanding of these risks/technical tools, rather than simply describing their occurrence in LLM. In this paper, we first discuss and compare the current state of research on the four main risks in the process of developing LLMs: data, system, pretraining and inference, and then, try to summarise the rationale, complexity, prospects and challenges of the key issues and challenges in each phase. Finally, this review concludes with a discussion of the fundamental issues that should be of most concern and risk and that should be addressed in the early stages of modelling research, including the correlated issues of privacy preservation and countering attacks and model robustness. Based on the LLM research and development (R&amp;D) process perspective, this review summarises the actual risks and provides guidance for research directions, with the aim of helping researchers to identify these risk points and technology directions worth investigating, as well as helping to establish a safe and efficient R&amp;D process.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/7358963","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144367215","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Generic Construction of Dual-Server Public Key Authenticated Encryption With Keyword Search","authors":"Keita Emura","doi":"10.1049/ise2/6610587","DOIUrl":"https://doi.org/10.1049/ise2/6610587","url":null,"abstract":"<div>\u0000 <p>In this paper, we propose a generic construction of dual-server public key authenticated encryption with keyword search (DS-PAEKS) from PAEKS, public key encryption, and signatures. We also show that previous DS-PAEKS scheme is vulnerable by providing a concrete attack. That is, the proposed generic construction yields the first DS-PAEKS schemes. Our attack with a slight modification works against previous dual-server public key encryption with keyword search (DS-PEKS) schemes.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/6610587","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144281579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Graph Representation Learning-Based Method for Event Prediction","authors":"Xi Zeng,&nbsp;Guangchun Luo,&nbsp;Ke Qin,&nbsp;Pengyi Zheng","doi":"10.1049/ise2/9706647","DOIUrl":"https://doi.org/10.1049/ise2/9706647","url":null,"abstract":"<div>\u0000 <p>With the continuous advancement of big data and artificial intelligence technologies, event prediction is increasingly being utilized across a multitude of domains. Predicting events allows for the exploration of the developmental trajectories and summarization of patterns associated with these events. However, events typically encompass a myriad of elements and intricate relationships, necessitating an enhancement in the precision of event prediction. However, the existing methods suffer from poor data quality, insufficient feature information, limited generalization capability of the models, and difficulties in evaluating prediction errors. This paper proposes a novel event prediction method based on graph representation learning, aiming to improve the accuracy of event prediction while reducing the time cost. By constructing causal graphs and introducing the script event simulation method, the architecture combines graph neural networks (GNNs) with BERT to simplify the event prediction process. Additionally, by combining GNNs with pretrained language models, a dynamic graph representation learning method is proposed. This means that a unified graph representation learning model can be built by following specific rules, thus predicting the development trajectory of events more accurately. The study evaluates the effectiveness of dynamic graph representation learning technology in a specific scenario, specifically in the context of employee career choices. By converting the career graph of employees into low-dimensional representations, the effectiveness of the dynamic graph representation learning method in predicting employee career decisions is validated. This innovation not only improves the accuracy of event prediction but also helps better understand and respond to complex event relationships in practical applications, providing decision-makers with more powerful information support. Therefore, this research has important theoretical and practical significance, providing valuable references for future studies in related fields.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/9706647","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144237315","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Feature Graph Construction With Static Features for Malware Detection","authors":"Binghui Zou,&nbsp;Chunjie Cao,&nbsp;Longjuan Wang,&nbsp;Yinan Cheng,&nbsp;Chenxi Dang,&nbsp;Ying Liu,&nbsp;Jingzhang Sun","doi":"10.1049/ise2/6687383","DOIUrl":"https://doi.org/10.1049/ise2/6687383","url":null,"abstract":"<div>\u0000 <p>Malware can greatly compromise the integrity and trustworthiness of information and is in a constant state of evolution. Existing feature fusion-based detection methods generally overlook the correlation between features. And mere concatenation of features will reduce the model’s characterization ability, lead to low detection accuracy. Moreover, these methods are susceptible to concept drift and significant degradation of the model. To address those challenges, we introduce a feature graph-based malware detection method, malware feature graph (MFGraph), to characterize applications by learning feature-to-feature relationships to achieve improved detection accuracy while mitigating the impact of concept drift. In MFGraph, we construct a feature graph using static features extracted from binary PE files, then apply a deep graph convolutional network to learn the representation of the feature graph. Finally, we employ the representation vectors obtained from the output of a three-layer perceptron to differentiate between benign and malicious software. We evaluated our method on the EMBER dataset, and the experimental results demonstrate that it achieves an AUC score of 0.98756 on the malware detection task, outperforming other baseline models. Furthermore, the AUC score of MFGraph decreases by only 5.884% in 1 year, indicating that it is the least affected by concept drift.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/6687383","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144171378","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A New Method for Constructing Integral-Resistance Matrix for 5-Round AES","authors":"Fanyang Zeng,&nbsp;Tian Tian","doi":"10.1049/ise2/3447652","DOIUrl":"https://doi.org/10.1049/ise2/3447652","url":null,"abstract":"<div>\u0000 <p>A powerful theory for evaluating block ciphers against integral distinguishers was introduced by Hebborn et al. at ASIACRYPT 2021. To show the integral-resistance property for a block cipher, their core idea is to construct a full-rank integral-resistance matrix. However, their method does not work practically for 5-round AES due to the large S-box and complex linear layer. In this paper, we are concerned with the integral-resistance property of 5-round AES. By carefully investigating the S-box and the linear layer of AES, some significant properties about the propagation of the division property on the round function of AES are derived. In particular, with these properties, it is easy to determine the appearance of all maximum-degree monomials after 5-round AES encryption on a properly chosen set of key-patterns. Consequently, a full-rank integral-resistance matrix is formed to show that there is no integral distinguisher for five rounds and higher of AES under the assumption of independent round keys. Since it is well known that there is a 4-round integral distinguisher for AES, our result is tight for AES. As far as we know, this is the first proof for the integral-resistance property of 5-round AES.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/3447652","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144085419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Topic Words-Based Multilingual Hateful Linguistic Resources Construction for Developing Multilingual Hateful Content Detection Model Using Deep Learning Technique","authors":"Naol Bakala Defersha,&nbsp;Kula Kekeba Tune,&nbsp;Solomon Teferra Abate","doi":"10.1049/ise2/6068177","DOIUrl":"https://doi.org/10.1049/ise2/6068177","url":null,"abstract":"<div>\u0000 <p>Nowadays, social media platforms provide space that allows communication and sharing of various resources using a variety of natural languages in different cultural and multilingual aspects. Although this interconnectedness offers numerous benefits, it also exposes users to the risk of encountering offensive (OFFN) and harmful content, including hateful speech. In order to create a model for detecting hateful content in resource-rich languages, lexicons, word embedding, topic modeling, and transformer language models were applied. Low-resource languages, including Ethiopian languages, suffering in lack of such linguistic resources. Multilingual hateful content detection brings complex challenges due to cultural and linguistic varieties. The paper proposes a multilingual hateful content identification model using a transformer language model and hybrid lexicon techniques to enhance hateful content recognition in low-resource Ethiopian languages. First, hateful content disseminated on Facebook in Ethiopian-languages target was identified as (insult, identity hate, antagonistic, and threat) using topic modeling techniques. Then, we compiled different hateful terms from sources such as guidelines and proclamations related to the Ethiopian context. We created Ethiopian context-based transformer language models. We utilized topic words-based datasets to construct pretrained transformer language models and multilingual lexicons of major Ethiopian languages. Finally, their performance was compared by integrating them into deep learning-based low-resource Ethiopian languages’ hateful content detection framework. Among applied deep learning algorithms with Ethiopian language linguistic resources, word2vec-based multilingual lexicons with convolutional neural network (CNN) outperform than others. The result indicated that constructing topic words based multilingual word2vec lexicons outperformed than transformers language model based on topics modeling for low-resource Ethiopian languages, effectively produce the promising hate speech (HATE) detection approach of low-resource Ethiopian languages.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/6068177","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143818410","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Review on Integrating IoT, IIoT, and Industry 4.0: A Pathway to Smart Manufacturing and Digital Transformation","authors":"Fujun Qiu,&nbsp;Ashwini Kumar,&nbsp;Jiang Hu,&nbsp;Poorva Sharma,&nbsp;Yu Bing Tang,&nbsp;Yang Xu Xiang,&nbsp;Jie Hong","doi":"10.1049/ise2/9275962","DOIUrl":"https://doi.org/10.1049/ise2/9275962","url":null,"abstract":"<div>\u0000 <p>The industrial Internet of Things (IIoT) has become an innovative technology that has brought many benefits to industries and organizations. This review presents a comprehensive analysis of IIoT’s applications, highlighting its ability to optimize industrial operations through advanced connectivity, real-time data exchange, automation, and its importance in the context of Industry 4.0. Emphasizing the distinction between IIoT and traditional IoT, the paper explores how IIoT focuses on enhancing industrial ecosystems and integrating cyber-physical systems (CPSs). This article explains how to establish a highly linked infrastructure to support cutting-edge services and ensure greater flexibility and efficiency. It emphasizes the role of the CPS and industrial automation and control systems (IACSs) in realizing the potential of IIoT. Security concerns, an important part of IIoT, are addressed through conversations on protecting networked systems, assuring operational reliability, and emphasizing the need for strong security measures to prevent potential threats and vulnerabilities. Furthermore, critical technologies such as machine learning (ML), artificial intelligence (AI), and various communication protocols, including fifth generation (5G) and message queuing telemetry transport (MQTT), are investigated for their potential to improve system performance and decision-making processes. In addition, the article also discusses the safety precautions and challenges of using IIoT. Finally, the article emphasizes the importance of addressing security issues in promoting the successful adoption of the IIoT and achieving its expected benefits. This study offers valuable resources for researchers, academics, and decision-makers to implement IIoT in industrial environments.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/9275962","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143707395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Dynamic Pattern Matching on Encrypted Data With Forward and Backward Security","authors":"Xiaolu Chu,&nbsp;Ke Cheng,&nbsp;Anxiao Song,&nbsp;Jiaxuan Fu","doi":"10.1049/ise2/5523834","DOIUrl":"https://doi.org/10.1049/ise2/5523834","url":null,"abstract":"<div>\u0000 <p>Pattern matching is widely used in applications such as genomic data query analysis, network intrusion detection, and deep packet inspection (DPI). Performing pattern matching on plaintext data is straightforward, but the need to protect the security of analyzed data and analyzed patterns can significantly complicate the process. Due to the privacy security issues of data and patterns, researchers begin to explore pattern matching on encrypted data. However, existing solutions are typically built on static pattern matching methods, lacking dynamism, namely, the inability to perform addition or deletion operations on the analyzed data. This lack of flexibility might hinder the adaptability and effectiveness of pattern matching on encrypted data in the real-world scenarios. In this paper, we design a dynamic pattern matching scheme on encrypted data with forward and backward security, which introduces much-needed dynamism. Our scheme is able to implement the addition operation and the deletion operation on the encrypted data without affecting the security of the original pattern matching scheme. Specifically, we design secure addition and deletion algorithms based on fragmentation data structures, which are compatible with the static pattern matching scheme. Moreover, we make significant improvements to the key generation algorithm, the encryption algorithm, and the match algorithm of the static scheme to ensure forward and backward security. Theoretical analysis proves that our scheme satisfies forward and backward security while ensuring the nonfalsifiability of encrypted data. The experimental results show that our scheme has a slight increase in time cost compared to the static pattern matching scheme, demonstrating its practicality and effectiveness in dynamic scenarios.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/5523834","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143594923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}