IET Information Security最新文献

{"title":"Establishing Performance Baselines for Secure Software Development","authors":"Ying-Ti Tsai,&nbsp;Chung-Ho Wang,&nbsp;Yung-Chia Chang,&nbsp;Lee-Ing Tong","doi":"10.1049/ise2/6139424","DOIUrl":"10.1049/ise2/6139424","url":null,"abstract":"<p>The COVID-19 pandemic has impacted the world, prompting a shift toward remote work and stay-at-home economies, altering routines for individuals and businesses. Organizations have had to swiftly implement digital solutions to enable productive and efficient remote work, a trend that is becoming increasingly common. In this context, enterprise programmers often rely on open-source software from social platforms to accelerate application development. However, the source code on these platforms may not always be regularly updated or well-maintained, posing security risks. These risks are exacerbated when programmers need more security software-focused development practices, testing for vulnerabilities, or applying necessary patches regularly. This study introduces two secure software development (SSD) performance baselines based on international standards and utilizing statistical process control (SPC): proactive information security awareness and reactive risk management. These baselines enable enterprise IT departments to monitor security awareness and improve the secure development capabilities of programmers and R&amp;D teams, thereby mitigating the security risks of released software. A practical case study is presented to demonstrate the effectiveness of this approach.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/6139424","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145128940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Secure and Editable: A Blockchain Voting System Based on Chameleon Hash With Ephemeral Trapdoors","authors":"Qiankun Zheng,&nbsp;Junyao Ye,&nbsp;Peng Li,&nbsp;Junzuo Lai","doi":"10.1049/ise2/3915638","DOIUrl":"10.1049/ise2/3915638","url":null,"abstract":"<p>Blockchain technology has become a popular choice for electronic voting systems due to its transparency, security, and decentralization. However, it is not a perfect solution, as its inherent immutability poses challenges in blockchain-based e-voting systems. Specifically, without the physical security provided by traditional polling stations, preventing bribery and coercion becomes more difficult. Additionally, because of blockchain’s immutability, voters who are coerced or mistakenly vote cannot correct their choice. To address these issues, this paper proposes a secure blockchain-based voting system with editable ballots. The system uses chameleon hashes with ephemeral trapdoors and a timestamp mechanism, allowing voters to modify their ballots within a legitimate timeframe. Additionally, a modified Paillier cryptosystem and blind signature technology are used to ensure that any modifications leave no trace. We simulate and evaluate the system using Fabric 2.2, focusing on computational complexity and system stability. Analysis of experimental results shows that the blockchain-based voting system with an editable ballot mechanism proposed in this article has good computational cost and stability performance under normal use pressure.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/3915638","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144773741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Highly Secure and Adaptive Multisecret Sharing for Reversible Data Hiding in Encrypted Images","authors":"Jiang-Yi Lin,&nbsp;Ching-Chun Chang,&nbsp;Chin-Chen Chang,&nbsp;Chin-Feng Lee","doi":"10.1049/ise2/6695380","DOIUrl":"10.1049/ise2/6695380","url":null,"abstract":"<p>Reversible data hiding in encrypted images (RDHEI) is a technique that not only allows the cover images can be fully restored without any loss of information after the embedded data has been extracted but also ensures the confidentiality within the cover images. This article proposes an RDHEI scheme combining adaptive (<i>n</i>, <i>n</i>) secret image sharing (SIS) manner. The content owner reserves part of the least significant bit plane (LSBP) in cover images by two most significant bit planes (MSBPs) compression using the median edge detector (MED) prediction method. To level up the privacy protection of <i>n</i> cover images, a two-layer encryption method is utilized to generate <i>n</i> shares, that is, the self-encryption and cross-encryption. Moreover, our method can be applied on no matter how many of cover images. The secret data with identification can be concealed by the data hiders into the vacated LSB of their own shares. Through the cooperation of the overall shares, the receiver can retrieve the embedded secret data and recover the cover images. Experiment results reveal the security reliability of our approach and the outstanding performance when compared to some related methods. Also, the approach can be employed in color image domain.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/6695380","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144767711","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Multikey Fully Homomorphic Encryption: Removing Noise Flooding in Distributed Decryption via the Smudging Lemma on Discrete Gaussian Distribution","authors":"Xiaokang Dai,&nbsp;Wenyuan Wu,&nbsp;Yong Feng","doi":"10.1049/ise2/7550044","DOIUrl":"10.1049/ise2/7550044","url":null,"abstract":"<p>The current multikey fully homomorphic encryption (MKFHE) needs to add exponential noise in the distributed decryption phase to ensure the simulatability of partial decryption. Such a large noise causes the ciphertext modulus of the scheme to increase exponentially compared to the single-key fully homomorphic encryption (FHE), further reducing the efficiency of the scheme and making the hardness problem on the lattice on which the scheme relies have a subexponential approximation factor <span></span><math></math> (which means that the security of the scheme is reduced). To address this problem, this paper analyzes in detail the noise in partial decryption of the MKFHE based on the learning with error (LWE) problem. It points out that this part of the noise is composed of private key and the noise in initial ciphertext. Therefore, as long as the encryption scheme is leak-resistant and the noise in partial decryption is independent of the noise in the initial ciphertext, the semantic security of the ciphertext can be guaranteed. In order to make the noise in the initial ciphertext independent of the noise in the partial decryption, this paper proves the smudging lemma on discrete Gaussian distribution and achieves this goal by multiplying the initial ciphertext by a “dummy” ciphertext with a plaintext of 1. Based on the above method, this paper removes the exponential noise in the distributed decryption phase for the first time and reduces the ciphertext modulus of MKFHE from 2^{<i>ω</i>(<i>λ</i><i>L</i> log<i>λ</i>)} to 2^{<i>O</i>(<i>λ</i> + <i>L</i>)} as the same level as the FHE.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/7550044","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144725510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analyzing Cryptocurrency Security Risks: A Comprehensive Survey of Saudi Arabian Perspectives","authors":"Abeer Abdullah Alsadhan","doi":"10.1049/ise2/5100339","DOIUrl":"10.1049/ise2/5100339","url":null,"abstract":"<p><b>Purpose:</b> This study explores cryptocurrency security concerns in the context of Saudi Arabia, focusing on a cross-sectional survey to assess evolving technical threats and public risk perceptions. While regulatory concerns are acknowledged, the primary emphasis is on security risks, making this one of the few studies to specifically investigate digital asset vulnerabilities from a Saudi perspective. The novelty lies in bridging the views of both the general public and industry professionals to offer multidimensional insights into the country’s cryptocurrency environment.</p><p><b>Methods:</b> A large-scale online survey was conducted with 392 participants, including individuals from the general public, IT sector, banking institutions, and regulatory bodies. The instrument captured perceptions of various technical security threats—such as 51% attacks, phishing, timejacking, and double-spending—alongside key public concerns about cryptocurrency safety. The mixed-participant approach enabled a balanced analysis of cross-sector risk awareness.</p><p><b>Results:</b> The findings indicate a significant disparity between public understanding and expert awareness regarding cryptocurrency security. Notably, 87.3% of respondents support the idea of central banks issuing their own digital currencies (CBDCs), reflecting widespread demand for safer and more regulated alternatives. Core risks identified include token theft, manipulative trading behavior, and technical vulnerabilities in decentralized platforms.</p><p><b>Conclusion:</b> This research contributes original insights into cryptocurrency security from a regional lens, integrating technical and perceptual dimensions often overlooked in existing literature. The study’s multistakeholder findings offer valuable input for policymakers, regulators, and technology developers seeking to build secure and trusted crypto ecosystems in emerging markets like Saudi Arabia.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/5100339","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144714913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cryptanalysis on Two Kinds of Number Theoretic Pseudo-Random Generators Using Coppersmith Method","authors":"Ran Zhang,&nbsp;Jingguo Bi,&nbsp;Lixiang Li,&nbsp;Haipeng Peng","doi":"10.1049/ise2/5569393","DOIUrl":"10.1049/ise2/5569393","url":null,"abstract":"<p>Pseudo-random number generator (PRNG) is a type of algorithm that generates a sequence of random numbers using a mathematical formula, which is widely used in computer science, such as simulation, modeling applications, data encryption, et cetera. The efficiency and security of PRNG are closely related to its output bits at each iteration. Especially, we have recently found that linear congruential generator (LCG) is commonly used as the underlying PRNG in short message service (SMS) app, fast knapsack generator (FKG), and programming languages such as Python, while the quadratic generator plays an important role in Monte Carlo method. Therefore, in this paper, we revisit the security of these two number-theoretic pseudo-random generators and obtain the best results for attacking these two kinds of PRNGs up to now. More precisely, we prove that when the mapping function of LCG and the quadratic generator is unknown, if during each iteration, generators only output the most significant bits of <i>v</i>_<i>i</i>, one can also recover the seed of PRNG when enough consecutive or nonconsecutive outputs are obtained. The primary tool of our attack is the Coppersmith method which can find small roots on polynomial equations. Our advantage lies in applying the local linearization technique to the polynomial equations to make them simple and easy to solve and applying the analytic combinatorics method to simplify the calculation of solution conditions in the Coppersmith method. Experimental data validate the effectiveness of our work.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/5569393","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144647404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Measures to Address Cyber-Attacks in Construction Project Data Management Processes: A Cybersecurity Perspective","authors":"Ornella Tanga Tambwe,&nbsp;Clinton Ohis Aigbavboa,&nbsp;Opeoluwa Israel Akinradewo,&nbsp;Peter Ademola Adekunle","doi":"10.1049/ise2/7398742","DOIUrl":"10.1049/ise2/7398742","url":null,"abstract":"<p>In the past decade, the fourth industrial revolution has transformed data management in the construction industry, enhancing processes from storage to exchange. However, this digitisation has also led to increased security challenges, particularly cyber-attacks. This study aims to identify measures to mitigate these threats in construction project data management. Using a quantitative approach, data was collected from construction professionals in Gauteng, South Africa, including quantity surveyors, architects and engineers, via a structured online questionnaire. Findings revealed that effective measures against cyber-attacks include adequate staff training, antivirus software and regular password changes. The study recommends that construction professionals secure their computers and software, as they house critical project data vulnerable to exploitation, even long after project completion. By keeping stakeholders informed about current data security practices, this research encourages the adoption of Industry 4.0 technologies, despite the risks posed by cyber-attacks.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/7398742","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144598408","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From Data to Deployment: A Comprehensive Analysis of Risks in Large Language Model Research and Development","authors":"Tianshu Zhang,&nbsp;Ruidan Su,&nbsp;Anli Zhong,&nbsp;Minwei Fang,&nbsp;Yu-dong Zhang","doi":"10.1049/ise2/7358963","DOIUrl":"10.1049/ise2/7358963","url":null,"abstract":"<p>Large language models (LLMs) have evolved significantly, achieving unprecedented linguistic capabilities that underpin a wide range of AI applications. However, they also pose risks and challenges such as ethical concerns, bias and computational sustainability. How to balance the high performance in revolutionising information processing with the risks they pose is critical to their future development. LLM is a type of NLP model and many of the LLM risks are also risks that NLP has experienced in the past. We, therefore, summarise these risks, focusing more on the underlying understanding of these risks/technical tools, rather than simply describing their occurrence in LLM. In this paper, we first discuss and compare the current state of research on the four main risks in the process of developing LLMs: data, system, pretraining and inference, and then, try to summarise the rationale, complexity, prospects and challenges of the key issues and challenges in each phase. Finally, this review concludes with a discussion of the fundamental issues that should be of most concern and risk and that should be addressed in the early stages of modelling research, including the correlated issues of privacy preservation and countering attacks and model robustness. Based on the LLM research and development (R&amp;D) process perspective, this review summarises the actual risks and provides guidance for research directions, with the aim of helping researchers to identify these risk points and technology directions worth investigating, as well as helping to establish a safe and efficient R&amp;D process.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/7358963","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144367215","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Generic Construction of Dual-Server Public Key Authenticated Encryption With Keyword Search","authors":"Keita Emura","doi":"10.1049/ise2/6610587","DOIUrl":"10.1049/ise2/6610587","url":null,"abstract":"<p>In this paper, we propose a generic construction of dual-server public key authenticated encryption with keyword search (DS-PAEKS) from PAEKS, public key encryption, and signatures. We also show that previous DS-PAEKS scheme is vulnerable by providing a concrete attack. That is, the proposed generic construction yields the first DS-PAEKS schemes. Our attack with a slight modification works against previous dual-server public key encryption with keyword search (DS-PEKS) schemes.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/6610587","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144281579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Graph Representation Learning-Based Method for Event Prediction","authors":"Xi Zeng,&nbsp;Guangchun Luo,&nbsp;Ke Qin,&nbsp;Pengyi Zheng","doi":"10.1049/ise2/9706647","DOIUrl":"10.1049/ise2/9706647","url":null,"abstract":"<p>With the continuous advancement of big data and artificial intelligence technologies, event prediction is increasingly being utilized across a multitude of domains. Predicting events allows for the exploration of the developmental trajectories and summarization of patterns associated with these events. However, events typically encompass a myriad of elements and intricate relationships, necessitating an enhancement in the precision of event prediction. However, the existing methods suffer from poor data quality, insufficient feature information, limited generalization capability of the models, and difficulties in evaluating prediction errors. This paper proposes a novel event prediction method based on graph representation learning, aiming to improve the accuracy of event prediction while reducing the time cost. By constructing causal graphs and introducing the script event simulation method, the architecture combines graph neural networks (GNNs) with BERT to simplify the event prediction process. Additionally, by combining GNNs with pretrained language models, a dynamic graph representation learning method is proposed. This means that a unified graph representation learning model can be built by following specific rules, thus predicting the development trajectory of events more accurately. The study evaluates the effectiveness of dynamic graph representation learning technology in a specific scenario, specifically in the context of employee career choices. By converting the career graph of employees into low-dimensional representations, the effectiveness of the dynamic graph representation learning method in predicting employee career decisions is validated. This innovation not only improves the accuracy of event prediction but also helps better understand and respond to complex event relationships in practical applications, providing decision-makers with more powerful information support. Therefore, this research has important theoretical and practical significance, providing valuable references for future studies in related fields.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/9706647","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144237315","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}