IET Information Security最新文献_第5页

A Novel Security Scheme Supported by Certificateless Digital Signature and Blockchain in Named Data Networking 命名数据网络中由无证书数字签名和区块链支持的新型安全方案

IF 1.4 4区计算机科学

IET Information Security Pub Date : 2024-03-12 DOI: 10.1049/2024/6616095

Bing Li, Mingxuan Zheng, Maode Ma

{"title":"A Novel Security Scheme Supported by Certificateless Digital Signature and Blockchain in Named Data Networking","authors":"Bing Li, Mingxuan Zheng, Maode Ma","doi":"10.1049/2024/6616095","DOIUrl":"10.1049/2024/6616095","url":null,"abstract":"<div>\u0000 <p>Named Data Networking (NDN) is a promising network architecture that differs from the traditional TCP/IP network, as it focuses on data rather than the host. A new secure model is required to provide the data-oriented trust instead of the host-oriented trust. This paper proposes a new secure solution in the NDNs named Secure Mechanism supported by Certificateless Digital Signature and Blockchain (CLDS-B). The CLDS-B scheme employs a certificateless digital signature to guarantee the authentication and integrity of data. On the one hand, the key escrow problem has been solved to eliminate the risks of compromised private key generators; on the other hand, the data name has been bound to the public key to prevent the false public key. Moreover, the blockchain is used to manage cryptographic information. Each domain designates an information service entity to join the blockchain so that the consumer could retrieve the cryptographic information public parameter in the local domain if necessary. Furthermore, due to the decentralization of the blockchain, the CLDS-B would be robust to resist the single-node failure. Simulation results show that the CLDS-B scheme outperforms a classic NDN scheme, although it shows slightly inferior to the other secure NDN scheme. The security verification and analysis show that the CLDS-B would resist the key escrow attack. The CLDS-B would be a competitive solution in scenarios with a high-security level.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.4,"publicationDate":"2024-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/6616095","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140249364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Deciding Irreducibility/Indecomposability of Feedback Shift Registers Is NP-Hard 决定反馈移位寄存器的不可重复性/不可分性是 NP-困难的

IF 1.4 4区计算机科学

IET Information Security Pub Date : 2024-03-07 DOI: 10.1049/2024/3219604

Lin Wang

引用次数: 0

New Practical Attacks on GEA-1 Based on a New-Found Weakness 基于新发现的弱点对 GEA-1 进行新的实用攻击

IF 1.4 4区计算机科学

IET Information Security Pub Date : 2024-03-02 DOI: 10.1049/2024/6674019

Zheng Wu, Lin Ding, Zhengting Li, Xinhai Wang, Ziyu Guan

{"title":"New Practical Attacks on GEA-1 Based on a New-Found Weakness","authors":"Zheng Wu, Lin Ding, Zhengting Li, Xinhai Wang, Ziyu Guan","doi":"10.1049/2024/6674019","DOIUrl":"10.1049/2024/6674019","url":null,"abstract":"<div>\u0000 <p>GEA-1, a proprietary stream cipher, was initially designed and used to protect against eavesdropping general packet radio service (GPRS) between the phone and the base station. Now, a variety of current mobile phones still support this standard cipher. In this paper, a structural weakness of the GEA-1 stream cipher that has not been found in previous works is discovered and analyzed. That is the probability that two different inputs of GEA-1 generate the identical keystream can be up to 2<sup>−7.30</sup>, which is quite high compared with an ideal stream cipher that generates random sequences. Based on this newfound weakness, a new practical distinguishing attack on GEA-1 is proposed, which shows that the keystreams generated by GEA-1 are far from random and can be easily distinguished with a practical time cost. After then, a new practical key recovery attack on GEA-1 is presented. It has a time complexity of 2<sup>21.02</sup> GEA-1 encryptions and requires only seven related keys, which is much less than the existing related key attack on GEA-1. The experimental results show that GEA-1 can be broken within about 41.75 s on a common PC in the related key setting. These cryptanalytic results show that GEA-1 cannot provide enough security and should be immediately prohibited to be supported in the massive GPRS devices.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.4,"publicationDate":"2024-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/6674019","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140081446","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Low Communication-Cost PSI Protocol for Unbalanced Two-Party Private Sets 不平衡双方私有集的低通信成本 PSI 协议

IF 1.4 4区计算机科学

IET Information Security Pub Date : 2024-02-17 DOI: 10.1049/2024/6052651

Jingyu Ning, Zhenhua Tan, Kaibing Zhang, Weizhong Ye

{"title":"Low Communication-Cost PSI Protocol for Unbalanced Two-Party Private Sets","authors":"Jingyu Ning, Zhenhua Tan, Kaibing Zhang, Weizhong Ye","doi":"10.1049/2024/6052651","DOIUrl":"10.1049/2024/6052651","url":null,"abstract":"<div>\u0000 <p>Two-party private set intersection (PSI) plays a pivotal role in secure two-party computation protocols. The communication cost in a PSI protocol is normally influenced by the sizes of the participating parties. However, for parties with unbalanced sets, the communication costs of existing protocols mainly depend on the size of the larger set, leading to high communication cost. In this paper, we propose a low communication-cost PSI protocol designed specifically for unbalanced two-party private sets, aiming to enhance the efficiency of communication. For each item in the smaller set, the receiver queries whether it belongs to the larger set, such that the communication cost depends solely on the smaller set. The queries are implemented by private information retrieval which is constructed with trapdoor hash function. Our investigation indicates that in each instance of invoking the trapdoor hash function, the receiver is required to transmit both a hash key and an encoding key to the sender, thus incurring significant communication cost. In order to address this concern, we propose the utilization of a seed hash key, a seed encoding key, and a Latin square. By employing these components, the sender can autonomously generate all the necessary hash keys and encoding keys, obviating the multiple transmissions of such keys. The proposed protocol is provably secure against a semihonest adversary under the Decisional Diffie–Hellman assumption. Through implementation demonstration, we showcase that when the sizes of the two sets are 2<sup>8</sup> and 2<sup>14</sup>, the communication cost of our protocol is only 3.3% of the state-of-the-art protocol and under 100 Kbps bandwidth, we achieve 1.46x speedup compared to the state-of-the-art protocol. Our source code is available on GitHub: https://github.com/TAN-OpenLab/Unbanlanced-PSI.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.4,"publicationDate":"2024-02-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/6052651","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139959932","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble Modeling MFEMDroid：利用多类型特征和集合建模的新型恶意软件检测框架

IF 1.4 4区计算机科学

IET Information Security Pub Date : 2024-02-17 DOI: 10.1049/2024/2850804

Wei Gu, Hongyan Xing, Tianhao Hou

{"title":"MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble Modeling","authors":"Wei Gu, Hongyan Xing, Tianhao Hou","doi":"10.1049/2024/2850804","DOIUrl":"10.1049/2024/2850804","url":null,"abstract":"<div>\u0000 <p>The continuous malicious attacks on Internet of Things devices pose a potential threat to the economic and private information security of end-users, especially on the dominant Android devices. Combining static analysis methods with deep Learning is a promising approach to defend against that. This kind of method has two limitations: the first is that the current single-permission mechanism is not insufficient to regulate interapplication resource acquisition; another problem is that current work on feature learning is dedicated to modifying a single network structure, which may result in a suboptimal solution. In this study, to solve the abovementioned problems, we propose a novel malware detection framework MFEMDroid, which combines multitype features analysis and ensemble modeling. The Provider feature, facilitating information requests between applications (apps) and serving as an indispensable data storage method, plays a vital role in characterizing app behavior. Hence, we extract permissions and Provider features to comprehensively characterize app behavior and probe potentially dangerous combinations between or within these features. To address oversparse datasets and reduce feature learning overhead, we employ an auto-encoder for feature dimensionality reduction. Furthermore, we design an ensemble network based on SENet, ResNet, and the evolutionary convolutional neural network Squeeze Excitation Residual Network (SEResNet) to explore the hidden associations between different types of features from multiple perspectives. We performed extensive experiments to evaluate its method performance on real-world samples. The evaluation results demonstrate that the proposed framework can detect malware with an accuracy of 95.38%, which is much better than state-of-the-art solutions. These promising experimental results show that MFEMDroid is an effective approach to detect Android malware.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.4,"publicationDate":"2024-02-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/2850804","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139959956","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Dual-Mode Encryption for UC-Secure String OT from Learning with Errors 从错误学习中实现 UC 安全字符串 OT 的双模式加密

IF 1.4 4区计算机科学

IET Information Security Pub Date : 2024-02-15 DOI: 10.1049/2024/5513292

Momeng Liu, Yupu Hu, Qiqi Lai, Shanshan Zhang, Huiwen Jia, Wen Gao, Baocang Wang

{"title":"Dual-Mode Encryption for UC-Secure String OT from Learning with Errors","authors":"Momeng Liu, Yupu Hu, Qiqi Lai, Shanshan Zhang, Huiwen Jia, Wen Gao, Baocang Wang","doi":"10.1049/2024/5513292","DOIUrl":"10.1049/2024/5513292","url":null,"abstract":"<div>\u0000 <p>Universal composability (UC) is a primary security flavor for designing oblivious transfer (OT) due to its advantage of arbitrary composition. However, the study of UC-secure OT over lattices is still far behind compared with constructions over prequantum assumptions. Relying on the learning with errors (LWE) assumption, Quach proposes a dual-mode encryption scheme (SCN’20) for deriving a two-round OT whose security is provably UC-secure in the common reference string (CRS) model. Due to its use of a randomized rounding function proposed by Benhamouda et al. (PKC’18), this OT can only be limited to transmitting single-bit messages. Therefore, conducting trivial repetitions of Quach’s OT when transmitting multibit strings would be very costly. In this work, we put forward a modified dual-mode encryption cryptosystem under the decisional LWE assumption, from which we can derive a UC-secure string OT with both full-fledged dual-mode security and better efficiency on transmitting strings. The key technique we adopt is a key reconciliation scheme proposed by Jiang et al. (PKC’20), which is utilized to extend the single-bit symmetric encryption key (produced by the aforementioned rounding function) to a multibit case. Through a comprehensive performance analysis, we demonstrate that our proposal can indeed strike a balance between security and efficiency.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.4,"publicationDate":"2024-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/5513292","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139834555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A Blockchain-Based Trustworthy Access Control Scheme for Medical Data Sharing 基于区块链的医疗数据共享可信访问控制方案

IF 1.4 4区计算机科学

IET Information Security Pub Date : 2024-01-31 DOI: 10.1049/2024/5559522

Canling Wang, Wei Wu, Fulong Chen, Hong Shu, Ji Zhang, Yuxuan Zhang, Taochun Wang, Dong Xie, Chuanxin Zhao

{"title":"A Blockchain-Based Trustworthy Access Control Scheme for Medical Data Sharing","authors":"Canling Wang, Wei Wu, Fulong Chen, Hong Shu, Ji Zhang, Yuxuan Zhang, Taochun Wang, Dong Xie, Chuanxin Zhao","doi":"10.1049/2024/5559522","DOIUrl":"10.1049/2024/5559522","url":null,"abstract":"<div>\u0000 <p>Blockchain is commonly employed in access control to provide safe medical data exchange because of the characteristics of decentralization, nontamperability, and traceability. Patients share personal health data by granting access rights to users or medical institutions. The major purpose of the existing access control techniques is to identify users who are permitted to access medical data. They hardly ever recognize internal assailants from legitimate entities. Medical data will involve multilayer access within the authorized organizations. Considering the cost of permissions management and the problem of insider malicious node attacks, users hope to implement authorization constraints within the authorized institutions. It can prevent their data from being maliciously disclosed by end-users from different authorized healthcare domains. For the purpose to achieve the fine-grained permissions propagation control of medical data in sharing institutions, a trust-based authorization access control mechanism is suggested in this study. Trust thresholds are assigned to different privileges based on their sensitivity and used to generate zero-knowledge proof to be broadcasted among blockchain nodes. This method evaluates the trust of each user through the dynamic trust calculation model. And meanwhile, smart contract is employed to verify whether the user’s trust can activate some permissions and ensure the privacy of the user’s trust in the process of authorization verification. In addition, the authorization transaction between users and institutions is recorded on the blockchain for patient traceability and accountability. The feasibility and effectiveness of the scheme are demonstrated through comprehensive comparisons and extensive experiments.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.4,"publicationDate":"2024-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/5559522","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140478462","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

On Accuracy of Testing Decryption Failure Rate for Encryption Schemes under the LWE Assumption 论 LWE 假设下加密算法解密失败率测试的准确性

IF 1.4 4区计算机科学

IET Information Security Pub Date : 2024-01-23 DOI: 10.1049/2024/2786399

Lin Wang, Yang Wang, Huiwen Jia

引用次数: 0

Improved Masking Multiplication with PRGs and Its Application to Arithmetic Addition 使用 PRGs 的改进屏蔽乘法及其在算术加法中的应用

IF 1.4 4区计算机科学

IET Information Security Pub Date : 2024-01-18 DOI: 10.1049/2024/5544999

Bohan Wang, Qian Sui, Fanjie Ji, Chun Guo, Weijia Wang

{"title":"Improved Masking Multiplication with PRGs and Its Application to Arithmetic Addition","authors":"Bohan Wang, Qian Sui, Fanjie Ji, Chun Guo, Weijia Wang","doi":"10.1049/2024/5544999","DOIUrl":"10.1049/2024/5544999","url":null,"abstract":"<div>\u0000 <p>At Eurocrypt 2020, Coron et al. proposed a masking technique allowing the use of random numbers from pseudo-random generators (PRGs) to largely reduce the use of expansive true-random generators (TRNGs). For security against <i>d</i> probes, they describe a construction using 2<i>d</i> PRGs, each of which is fed with at most 2<i>d</i> random variables in a finite field, resulting in a randomness requirement of <span></span><math></math>. In this paper, we improve the technique on multiple frontiers. On the theoretical level, we push the limits of the randomness requirement by providing an improved masking multiplication using only <i>d</i> PRGs, each of which is fed with <i>d</i> random variables, saving more than half random bits. On the practical level, considering that the masking of arithmetic addition usually requires more randomness (than multiplication), we apply the technique to the algorithm proposed at FSE 2015 that is a very efficient scheme performing arithmetic addition modulo 2<sup><i>w</i></sup>. It significantly reduces the randomness cost of masked arithmetic addition, and further advocates the advantage of masking with PRGs. Furthermore, we apply our masking scheme to the <span>Speck</span>, <span>XTEA</span>, and <span>Sparkle</span>, and provide the first (to the best of our knowledge) higher order masked implementations for the ciphers using ARX structure.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.4,"publicationDate":"2024-01-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/5544999","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139614952","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MILP/MIQCP-Based Fully Automatic Method of Searching for Differential-Linear Distinguishers for SIMON-Like Ciphers 基于 MILP/MIQCP 的全自动 SIMON 类密码差分线性区分器搜索方法

IF 1.4 4区计算机科学

IET Information Security Pub Date : 2024-01-12 DOI: 10.1049/2024/8315115

Yanyan Zhou, Senpeng Wang, Bin Hu

{"title":"MILP/MIQCP-Based Fully Automatic Method of Searching for Differential-Linear Distinguishers for SIMON-Like Ciphers","authors":"Yanyan Zhou, Senpeng Wang, Bin Hu","doi":"10.1049/2024/8315115","DOIUrl":"10.1049/2024/8315115","url":null,"abstract":"<div>\u0000 <p>Differential-linear (DL) cryptanalysis is an important cryptanalytic method in cryptography and has received extensive attention from the cryptography community since its proposal by Langford and Hellman in 1994. At CT-RSA 2023, Bellini et al. introduced continuous difference propagations of XOR, rotation, and modulo-addition operations and proposed a fully automatic method using Mixed-Integer Linear Programing (MILP) and Mixed-Integer Quadratic Constraint Programing (MIQCP) techniques to search for DL distinguishers of Addition-Rotation-XOR (ARX) ciphers. In this paper, we propose continuous difference propagation of AND operation and construct an MILP/MIQCP-based fully automatic model of searching for DL distinguishers of SIMON-like ciphers. We apply the fully automatic model to all versions of SIMON and SIMECK. As a result, for SIMON, we find 13 and 14-round DL distinguishers of SIMON32, 15, 16, and 17-round DL distinguishers of SIMON48, 20-round DL distinguishers of SIMON64, 25 and 26-round DL distinguishers of SIMON96, 31 and 32-round DL distinguishers of SIMON128. For SIMECK, we find 14-round DL distinguishers of SIMECK32, 17 and 18-round DL distinguishers of SIMECK48, 22, 23, 24, and 25-round DL distinguishers of SIMECK64. As far as we know, our results are currently the best.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.4,"publicationDate":"2024-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/8315115","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139625192","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0