IET Information Security最新文献

{"title":"A Survey of Secure Communications for Satellite Internet Based on Cryptography and Physical Layer Security","authors":"Yu Zhang, Shuangrui Zhao, Ji He, Yuanyu Zhang, Yulong Shen, Xiaohong Jiang","doi":"10.1049/2023/5604802","DOIUrl":"https://doi.org/10.1049/2023/5604802","url":null,"abstract":"Satellite internet serves as an indispensable component of the upcoming sixth-generation networks for providing global broadband internet access service. Due to the open nature of satellite-ground communication, security issue in satellite internet has always been an important concern for both industry and academia. Although many researchers focus on secure communications in satellite internet, the literature is surprisingly sparse, with no comprehensive overview of the state-of-the-art security techniques. This paper provides an in-depth survey of secure communications for various satellite internet scenarios. Based on different security mechanisms, we first categorize the existing works of secure communications in satellite internet into two categories: cryptography-based and physical layer security-based. The former includes classical encryption-based and quantum encryption-based secure communication, and the latter is further divided into precoding-based, cooperative jamming-based, relay selection-based, and physical-layer authentication-based secure communication depending on the applied techniques. Finally, we provide some future research directions.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"7 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134907874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cross-Space Conduction Assessment Method of Network Attack Risk under the Strong Coupling Characteristics of Electric Power Cyber Physics","authors":"Shenjian Qiu, Jiaxuan Fei, Jian Wang","doi":"10.1049/2023/9006166","DOIUrl":"https://doi.org/10.1049/2023/9006166","url":null,"abstract":"With the deep integration and wide application of advanced digital sensing, Internet of Things technology, and energy technology in power systems. Power information systems and physical systems are gradually being coupled and developed into power cyber–physical systems (CPS). A number of blackouts in recent years have shown that cyberspace cyber attacks on CPS can lead to the intensification and rapid spread of faults in the physical space of the power grid, and even system collapse. Aiming at the difficulty of analyzing the evolution of cyber–physical cross-space impacts of cyber-attacks, this paper proposes a cross-domain propagation impact assessment method that considers cyber–physical coupling risks caused by attacks. First, according to the multiple coupling relationship between the power system information space and physical space, the monitoring function model and the control function model are established. Second, under the effect of high-concealment attack, analyze the impact of the risk caused by its failure after it is transmitted to the physical space with different propagation probabilities. Finally, the experimental verification was carried out using the IEEE RTS79 standard test system. The simulation results show that the proposed method can comprehensively consider the cyber–physical energy supply coupling relationship, the risk propagation probability, and the operating characteristics of the information system, and effectively quantify and evaluate the impact of information space network attacks on the physical space entity power grid. It further reveals the objective law that information space risks can evolve and spread across domains under the condition of strong coupling of information physics.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"142 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135112439","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hardness of Module-LWE with Semiuniform Seeds from Module-NTRU","authors":"Wenjuan Jia, Jiang Zhang, Baocang Wang","doi":"10.1049/2023/2969432","DOIUrl":"https://doi.org/10.1049/2023/2969432","url":null,"abstract":"The module learning with errors (MLWE) problem has attracted significant attention and has been widely used in building a multitude of lattice-based cryptographic primitives. The hardness of the MLWE problem has been established for several variants, but most of the known results require the seed distribution (i.e., the distribution of matrix <math xmlns=\"http://www.w3.org/1998/Math/MathML\" id=\"M1\"> <mi mathvariant=\"bold\">A</mi> </math> ) to be the uniform distribution. In this paper, we show that under the Module-N-th degree Truncated polynomial Ring Units (NTRU) (MNTRU) assumption, the search MLWE problem can still be hard for some distributions that are not (even computationally indistinguishable from) the uniform distribution. Specifically, we show that if the seed distribution is a semiuniform distribution (namely, the seed distribution can be publicly derived from and has a “small difference” to the uniform distribution), then for appropriate settings of parameters, the search MLWE problem is hard under the MNTRU assumption. Moreover, we also show that under the appropriate settings of parameters, the search learning with errors over rings problem with semiuniform seeds can still be hard under the NTRU assumption due to our results for the search MLWE problem with semiuniform seeds being rank-preserving.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"22 9","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135412746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hardness of (Semiuniform) MLWE with Short Distributions Using the Rényi Divergence","authors":"Wenjuan Jia, Baocang Wang","doi":"10.1049/2023/2104380","DOIUrl":"https://doi.org/10.1049/2023/2104380","url":null,"abstract":"The module learning with errors (MLWE) problem has attracted considerable attention for its tradeoff between security and efficiency. The quantum/classical worst-case to average-case hardness for the MLWE problem (or more exactly, a family of problems) has been established, but most of the known results require the seed distribution to be the uniform distribution. In the present paper, we show that, using the noise flooding technique based on the Rényi divergence, the search MLWE problem with uniform <math xmlns=\"http://www.w3.org/1998/Math/MathML\" id=\"M1\"> <mi>B</mi> </math> -bounded secret distribution for <math xmlns=\"http://www.w3.org/1998/Math/MathML\" id=\"M2\"> <mn>1</mn> <mo>≤</mo> <mi>B</mi> <mo>≪</mo> <mi>q</mi> </math> can still be hard for some seed distributions that are not (even computationally indistinguishable from) the uniform distribution under the standard MLWE assumption. Specifically, we show that if the seed distribution is a semiuniform distribution (namely, the seed distribution can be publicly derived from and has a “small difference” to the uniform distribution), then for suitable parameter choices, the search MLWE problem with uniform bounded secret distribution is hard under the standard MLWE assumption. Moreover, we also show that under the appropriate setting of parameters, the search MLWE problem with uniform bounded noise distribution is at least as hard as the standard MLWE assumption using a different approach than the one used by Boudgoust et al. in [JoC 2023].","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"23 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135412888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Defending against social engineering attacks: A security pattern-based analysis framework","authors":"Tong Li,&nbsp;Chuanyong Song,&nbsp;Qinyu Pang","doi":"10.1049/ise2.12125","DOIUrl":"https://doi.org/10.1049/ise2.12125","url":null,"abstract":"<p>Social engineering attacks are a growing threat to modern complex systems. Increasingly, attackers are exploiting people's \"vulnerabilities\" to carry out social engineering attacks for malicious purposes. Although such a severe threat has attracted the attention of academia and industry, it is challenging to propose a comprehensive and practical set of countermeasures to protect systems from social engineering attacks due to its interdisciplinary nature. Moreover, the existing social engineering defence research is highly dependent on manual analysis, which is time-consuming and labour-intensive and cannot solve practical problems efficiently and pragmatically. This paper proposes a systematic approach to generate countermeasures based on a typical social engineering attack process. Specifically, we systematically ‘attack’ each step of social engineering attacks to prevent, mitigate, or eliminate them, resulting in 62 countermeasures. We have designed a set of social engineering security patterns that encapsulate relevant security knowledge to provide practical assistance in the defence analysis of social engineering attacks. Finally, we present an automatic analysis framework for applying social engineering security patterns. We applied the case study method and performed semi-structured interviews with nine participants to evaluate our proposal, showing that our approach effectively defended against social engineering attacks.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"703-726"},"PeriodicalIF":1.4,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12125","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50136879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Solving blockchain trilemma using off-chain storage protocol","authors":"Saha Reno,&nbsp;Md. Mokammel Haque","doi":"10.1049/ise2.12124","DOIUrl":"https://doi.org/10.1049/ise2.12124","url":null,"abstract":"<p>Trilemma in blockchain refers to the infamous problem of simultaneously not delivering the three critical aspects of a ledger: security, scalability, and decentralisation. While security and scalability hinder decentralisation, security is jeopardised if the scalability is escalated. This deficiency of not maintaining a balance among these three crucial factors restricts the broader adoption of blockchain technology and cryptocurrencies in the industries. This paper proposes a solution to the blockchain trilemma by implementing a public ledger using The InterPlanetary File System (IPFS) and a newly introduced strategy called the double-chain technique. The scalability and decentralisation features are guaranteed by the distributed file system of IPFS and the public nature of the blockchain suggested in this study. Although any consensus can be plugged into our system, the proof-of-work consensus is utilised to ensure that the security is not compromised while stabilising scalability and decentralisation.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"681-702"},"PeriodicalIF":1.4,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12124","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50137203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An optimisation for a two-round good-case latency protocol","authors":"Kexin Hu,&nbsp;Zhenfeng Zhang,&nbsp;Kaiwen Guo,&nbsp;Weiyu Jiang,&nbsp;Xiaoman Li,&nbsp;Jiang Han","doi":"10.1049/ise2.12123","DOIUrl":"https://doi.org/10.1049/ise2.12123","url":null,"abstract":"<p>Byzantine broadcast is a fundamental primitive in distributed computing. A highly efficient Byzantine broadcast protocol, motivated by the real-world performance of practical state machine replication protocols, is increasingly needed. This article focuses on the state-of-the-art partially synchronous Byzantine broadcast protocol proposed by Abraham et al. (PODC’21), which achieves optimal good-case latency of two rounds and optimal resilience of <i>n</i> ≥ 5<i>f</i> − 1 in this setting. Each step of the protocol is analysed, and then improved by cutting down the number of messages required to be collected and transmitted <i>in the heaviest step</i> of the protocol <i>by about half</i>, without adding any extra cost. This benefits from a new property, named “spread”, that we identify and extract from the original protocol. It helps us to eliminate non-essential work in its view-change procedure. The authors also show that no further reduction is possible without violating security. A prototype is implemented and the performances of improved and original protocols are evaluated in the same environment. The results show that our improvement can achieve about 50% lower communication cost and 40% shorter latency at a scale of 100 replicas. The latency gap becomes wider as the scale further increases.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"664-680"},"PeriodicalIF":1.4,"publicationDate":"2023-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12123","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50131632","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Search framework for neutral bits and boomerangs in SHA-1 collision attacks","authors":"Degang Li,&nbsp;Yang Yang,&nbsp;Guang Zeng","doi":"10.1049/ise2.12122","DOIUrl":"https://doi.org/10.1049/ise2.12122","url":null,"abstract":"<p>Neutral bits and boomerangs are key techniques for accelerating collision search in SHA-1 attacks. The current acceleration techniques for SHA-1 near-collision attacks are reviewed and a generic search framework for neutral bits and boomerangs is presented. The framework can efficiently construct auxiliary paths for a given differential path and message bit relations and find and store ideal boomerangs. The framework was applied to free-start attacks for 76-step SHA-1, and the complexity was reduced from <math>\u0000 <semantics>\u0000 <mrow>\u0000 <msup>\u0000 <mn>2</mn>\u0000 <mn>50.25</mn>\u0000 </msup>\u0000 </mrow>\u0000 <annotation> ${2}^{50.25}$</annotation>\u0000 </semantics></math> to <math>\u0000 <semantics>\u0000 <mrow>\u0000 <msup>\u0000 <mn>2</mn>\u0000 <mn>47.9</mn>\u0000 </msup>\u0000 </mrow>\u0000 <annotation> ${2}^{47.9}$</annotation>\u0000 </semantics></math>. Relaxing the boomerang's restrictions on message words, the authors propose an accelerating technique termed semi-boomerangs, combined with the search framework of boomerangs, which increases the speed of collision search by 3.48 times in a free-start attack for 80-step SHA-1 and the complexity for 80-step attack was reduced from <math>\u0000 <semantics>\u0000 <mrow>\u0000 <msup>\u0000 <mn>2</mn>\u0000 <mn>57.5</mn>\u0000 </msup>\u0000 </mrow>\u0000 <annotation> ${2}^{57.5}$</annotation>\u0000 </semantics></math> to <math>\u0000 <semantics>\u0000 <mrow>\u0000 <msup>\u0000 <mn>2</mn>\u0000 <mn>55.7</mn>\u0000 </msup>\u0000 </mrow>\u0000 <annotation> ${2}^{55.7}$</annotation>\u0000 </semantics></math>.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"647-663"},"PeriodicalIF":1.4,"publicationDate":"2023-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12122","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50124897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Exploiting statistical effective fault attack in a blind setting","authors":"Navid Vafaei,&nbsp;Hadi Soleimany,&nbsp;Nasour Bagheri","doi":"10.1049/ise2.12121","DOIUrl":"https://doi.org/10.1049/ise2.12121","url":null,"abstract":"<p>In order to obtain the secret key, the majority of physical attacks require knowledge of the plaintext or ciphertext, which may be unavailable or cannot be exploited. Blind attacks are introduced to do key recovery in circumstances where the adversary has no direct access to plaintext and ciphertext. A combination of fault and power attacks can circumvent typical countermeasures in this setting, for example, Fault Template Attack (FTA). However, FTA relies on bit fault injection, which is difficult to implement in practice. The SIFA-blind, a framework for executing the Statistical Ineffective Fault Attack, is more flexible, but sensitivity to setup noise and missed faults is its main drawback. To address this deficiency, we suggest two ways to use Statistical Effective Fault Attack in a blind setting that are much less affected by missed faults and noise when measuring power traces, even though they do not use fault injection at the bit level. In order to demonstrate the viability and adaptability of our proposed attacks, we injected a fault via glitch frequency onto the ChipWhisperer board. While SEFA-blind does not need a bit-level fault, our results demonstrate that it is better than SIFA-blind when the number of missed faults increases.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"639-646"},"PeriodicalIF":1.4,"publicationDate":"2023-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12121","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50141900","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Revisit two memoryless state-recovery cryptanalysis methods on A5/1","authors":"Yanbin Xu,&nbsp;Yonglin Hao,&nbsp;Mingxing Wang","doi":"10.1049/ise2.12120","DOIUrl":"https://doi.org/10.1049/ise2.12120","url":null,"abstract":"&lt;p&gt;At ASIACRYPT 2019, Zhang proposed a near collision attack on A5/1 claiming to recover the 64-bit A5/1 state with a time complexity around 2&lt;sup&gt;32&lt;/sup&gt; cipher ticks with negligible memory requirements. Soon after its proposal, Zhang's near collision attack was severely challenged by Derbez et al. who claimed that Zhang's attack cannot have a time complexity lower than Golic's memoryless guess-and-determine attack dating back to EUROCRYPT 1997. In this article, both the guess-and-determine and the near collision attacks for recovering A5/1 states with negligible memory complexities are studied. Firstly, a new guessing technique called the &lt;i&gt;move guessing technique&lt;/i&gt; that can construct linear equation filters in a more efficient manner is proposed. Such a technique can be applied to both guess-and-determine and collision attacks for efficiency improvements. Secondly, the filtering strength of the linear equation systems is taken into account for complexity analysis. Such filtering strength are evaluated with practical experiments making the complexities more convincing. Based on such new techniques, the authors are able to give 2 new guess-and-determine attacks on A5/1: the 1st attack recovers the internal state &lt;math&gt;\u0000 &lt;semantics&gt;\u0000 &lt;mrow&gt;\u0000 &lt;msup&gt;\u0000 &lt;mi&gt;s&lt;/mi&gt;\u0000 &lt;mn&gt;0&lt;/mn&gt;\u0000 &lt;/msup&gt;\u0000 &lt;/mrow&gt;\u0000 &lt;annotation&gt; ${boldsymbol{s}}^{0}$&lt;/annotation&gt;\u0000 &lt;/semantics&gt;&lt;/math&gt; with time complexity 2&lt;sup&gt;43.92&lt;/sup&gt;; the 2nd one recovers a different state &lt;math&gt;\u0000 &lt;semantics&gt;\u0000 &lt;mrow&gt;\u0000 &lt;msup&gt;\u0000 &lt;mi&gt;s&lt;/mi&gt;\u0000 &lt;mn&gt;1&lt;/mn&gt;\u0000 &lt;/msup&gt;\u0000 &lt;/mrow&gt;\u0000 &lt;annotation&gt; ${boldsymbol{s}}^{1}$&lt;/annotation&gt;\u0000 &lt;/semantics&gt;&lt;/math&gt; with complexity 2&lt;sup&gt;43.25&lt;/sup&gt;. Golic's guess-and-determine attack and Zhang's near collision attacks are revisited. According to our detailed analysis, the complexity of Golic's &lt;math&gt;\u0000 &lt;semantics&gt;\u0000 &lt;mrow&gt;\u0000 &lt;msup&gt;\u0000 &lt;mi&gt;s&lt;/mi&gt;\u0000 &lt;mn&gt;1&lt;/mn&gt;\u0000 &lt;/msup&gt;\u0000 &lt;/mrow&gt;\u0000 &lt;annotation&gt; ${boldsymbol{s}}^{1}$&lt;/annotation&gt;\u0000 &lt;/semantics&gt;&lt;/math&gt; recovery attack is no lower than 2&lt;sup&gt;46.04&lt;/sup&gt;, higher than the previously believed 2&lt;sup&gt;43&lt;/sup&gt;. On the other hand, Zhang's near collision attack recovers &lt;math&gt;\u0000 &lt;semantics&gt;\u0000 &lt;mrow&gt;\u0000 &lt;msup&gt;\u0000 &lt;mi&gt;s&lt;/mi&gt;\u0000 &lt;mn&gt;0&lt;/mn&gt;\u0000 &lt;/msup&gt;\u0000 &lt;/mrow&gt;\u0000 &lt;annotation&gt; ${boldsymbol{s}}^{0}$&lt;/annotation&gt;\u0000 &lt;/semantics&gt;&lt;/math&gt; with the time complexity 2&lt;sup&gt;53.19&lt;/sup&gt;: such a complexity can be further lowered to ","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"626-638"},"PeriodicalIF":1.4,"publicationDate":"2023-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12120","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50152087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}