Computer Standards & Interfaces最新文献

{"title":"Towards a new standard for network access authentication: EAP-EDHOC","authors":"Francisco Lopez-Gomez ,&nbsp;Rafael Marin-Lopez ,&nbsp;Gabriel Lopez-Millan ,&nbsp;Dan Garcia-Carrillo ,&nbsp;John Preuß Mattsson ,&nbsp;Göran Selander","doi":"10.1016/j.csi.2025.104037","DOIUrl":"10.1016/j.csi.2025.104037","url":null,"abstract":"<div><div>The Extensible Authentication Protocol (EAP) has been a cornerstone of secure authentication in both wired and wireless networks, as well as enterprise systems, enabling integration with a wide range of authentication mechanisms. Recently, the IETF EAP Method Update (EMU) Working Group has adopted EAP-EDHOC, a method that combines EAP’s extensibility with the recent standard Ephemeral Diffie–Hellman Over COSE (EDHOC). EDHOC is a lightweight authentication and key exchange protocol designed to be supported in resource-constrained environments. This enhances EAP-EDHOC as a high-performance authentication method for EAP-based networks. This paper presents a comprehensive analysis of the standardization efforts surrounding EAP-EDHOC, including a first proof-of-concept implementation and performance evaluation conducted over Wi-Fi networks. Additionally, a new design that optimizes the existing protocol by reversing the roles of the communication parties is proposed. The original and optimized versions are evaluated and compared with each other, as well as with EAP-TLS 1.3 and EAP-PSK. The results demonstrate that EAP-EDHOC achieves more efficient authentication than EAP-TLS 1.3 in terms of execution time, number of messages, and data transmitted. Meanwhile, EAP-PSK, which is based on symmetric cryptography, serves as a performance baseline.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104037"},"PeriodicalIF":4.1,"publicationDate":"2025-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144632280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient structure-aware private set intersection with distributed interval function","authors":"Huimin Zhang ,&nbsp;Wenmin Li ,&nbsp;Yanjin Cheng ,&nbsp;Sujuan Qin ,&nbsp;Fei Gao ,&nbsp;Tengfei Tu","doi":"10.1016/j.csi.2025.104044","DOIUrl":"10.1016/j.csi.2025.104044","url":null,"abstract":"<div><div>Structure-aware PSI protocol (Sa-PSI) allows both parties to identify pairs of points within a predefined distance threshold across their respective datasets. However, in previous work, the cost of computation scales linearly with the number of prefixes in the structure, which may become excessively large, and additionally, this protocol risks disclosing sensitive elements. In this work, we present a lightweight and efficient Sa-PSI protocol (LESa-PSI), which aims at achieving the computational cost independent of the number of prefixes in the structure while simultaneously minimizing information leakage. We formally define an FSS based on the two-sided intervals function — compact DIF. This compact DIF is instantiated for a single-dimensional two-sided interval function and then extended to <span><math><mi>d</mi></math></span>-dimensional, which may be of independent interest. By combining compact DIF with a novel variant of DPF, we achieve key size compression for the set. Meanwhile, a structural decomposition strategy is proposed to divide the structure set, thereby enabling efficient function evaluation and computing the intersection. We prove that the LESa-PSI is secure in the semi-honest model. Furthermore, a comprehensive analysis of compact DIF and LESa-PSI is conducted through theory and experiments, with a comparison against some state-of-the-art works. The experimental results show that our compact DIF has a smaller key size, while the LESa-PSI has better performance in the intersection search and Bob’s elements evaluation.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104044"},"PeriodicalIF":4.1,"publicationDate":"2025-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144634018","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SecureMD5: A new stream cipher for secure file systems and encryption key generation with artificial intelligence","authors":"Isabel Herrera Montano ,&nbsp;Juan Ramos Diaz ,&nbsp;Sergio Molina-Cardín ,&nbsp;Juan José Guerrero López ,&nbsp;José Javier García Aranda ,&nbsp;Isabel de la Torre Díez","doi":"10.1016/j.csi.2025.104047","DOIUrl":"10.1016/j.csi.2025.104047","url":null,"abstract":"<div><div>The insider threat to sensitive information posed by employees or partners of an organisation remains a major cybersecurity challenge. In this regard, the measures taken by organisations and companies to protect information are often insufficient. Primarily, due to the legitimate access and knowledge of security holes that these individuals possess.</div><div>This study proposes SecureMD5, an encryption algorithm designed specifically for secure file systems (SFS). The algorithm is based on custom one-way functions integrated into an encryption scheme that operates at the byte level. It uses 11 dynamic variables generated from contextual parameters such as file position, access time, random values, and user-specific keys. This approach ensures that SecureMD5 does not inherit the known vulnerabilities of MD5 as a standard cryptographic algorithm. Consequently, SecureMD5 is presented as an adaptive and robust solution that addresses the challenges posed by insider threats in SFS.</div><div>In parallel, a modular contextual key generation scheme is proposed, which can incorporate various challenges such as user identity, access time and device location. Biometric key generation based on Artificial Intelligence (AI) methods is evaluated independently from the validation of the encryption algorithm. In the evaluated biometric key generation scheme, the AI models MediaPipe Hand Landmark and LBPHFaceRecognizer from OpenCV have been used. These methods are part of a sub-key generation scheme based on contextual challenges. This scheme eliminates the need for key storage for dynamic and secure access to sensitive information.</div><div>SecureMD5 was validated by diffusion, confusion, entropy and performance analysis. It achieved 31 % higher entropy than comparable algorithms. Performance improved by 0.32 % compared to RC4. It also passed 87 % of NIST 800–22 tests, demonstrating its robustness against cryptographic vulnerabilities. In addition, SecureMD5 balances security and performance, with encryption times 25 % faster than a modified AES algorithm for 10 MB files. Biometric key generation methods were evaluated using metrics such as precision, accuracy, false acceptance rate and specificity, achieving satisfactory values above 80 % on all metrics. This work addresses critical gaps in information security, providing significant advances in protecting SFS against insider threats. The design and adaptability of SecureMD5 make it particularly suitable for sectors with strict security requirements, such as healthcare, finance, and corporate data management. Its ability to enable dynamic and secure access control addresses the real challenges posed by protecting confidential information from internal threats.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104047"},"PeriodicalIF":4.1,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144655383","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"40 years of Computer Standards & Interfaces: A bibliometric retrospective","authors":"Nikunja Mohan Modak ,&nbsp;Ghassan Beydoun ,&nbsp;José M. Merigó ,&nbsp;Iman Rahimi ,&nbsp;Willy Susilo","doi":"10.1016/j.csi.2025.104046","DOIUrl":"10.1016/j.csi.2025.104046","url":null,"abstract":"<div><div>Computer Standards &amp; Interfaces (CSI) is a leading international journal in the field of computer applications, standards, data management, interfaces, and software developments. This bibliometric study analyzes a four-decade journey of the CSI from 1982 to 2023. We captured data related to the CSI publications from two trustworthy databases: Web of Science (WoS) Core Collection and Scopus. We analyze the journal's performance in relationships with publications, citations, topics, periods, authors, institutions, countries, and regions. Visualization of similarities (VOS) viewer software is used to construct network visualizations of co-citations, co-occurrences, and bibliographic couplings of related issues. The present work finds that 2001 published articles in CSI have received 24,139 citations. David C. Yen from Texas Southern University (USA) and Ahmed Patel from Ceará State University (Brazil) are the most productive authors. The USA, Europe and East Asia are the most productive regions. Security, Standardization, Standards, Interoperability, Authentication, Privacy, and Cryptography are highly discussed research topics by the authors in CSI. This retrospective study explores the reach and credibility of CSI capturing active and significant involvements of the authors from different parts of the world.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104046"},"PeriodicalIF":4.1,"publicationDate":"2025-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144655799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Multiuser data integrity auditing atop blockchain with secure user revocation for cognitive IoT networks","authors":"Min Xie ,&nbsp;Yong Yu ,&nbsp;Ruonan Chen ,&nbsp;Yanqi Zhao ,&nbsp;Jianting Ning ,&nbsp;Xiaoyi Yang ,&nbsp;Zoe L. Jiang","doi":"10.1016/j.csi.2025.104042","DOIUrl":"10.1016/j.csi.2025.104042","url":null,"abstract":"<div><div>Cognitive computing over big data has advanced the cognitive Internet of Things (IoT), enhancing adaptive decision-making by the analysis of shared data, while posing challenges in the storage and multi-user sharing of large-scale real-time data. Decentralized cloud storage is a promising solution to reduce latency and prevent single-point failures, but a key factor in preventing erroneous decisions lies in the integrity of shared data. However, integrity auditing in decentralized and shared storage typically involves linear overheads, with revoked users potentially colluding with cloud providers to evade audits. To address these issues, we propose a blockchain-based multiuser data integrity auditing protocol for cognitive IoT, supporting secure user revocation and batch auditing in decentralized storage. Our protocol classifies group users into different categories and manages group users efficiently and dynamically. Besides, files stored across various storage nodes can be audited in batches and effectively updated based on novel block tags. Smart contracts deployed on the blockchain ensure fairness among participants. We formally prove the security of the protocol in the random oracle model and the algebraic group model, in particular, against collusion attacks. Finally, we evaluate the cost separately for on-chain operations and off-chain operations to show its practicality.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104042"},"PeriodicalIF":4.1,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144581038","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Lattice-based dynamic decentralized anonymous credential scheme supporting batch verification","authors":"Yihua Zhou,&nbsp;Shumiao Liu,&nbsp;Yuguang Yang,&nbsp;Weimin Shi,&nbsp;Zhenhu Ning","doi":"10.1016/j.csi.2025.104039","DOIUrl":"10.1016/j.csi.2025.104039","url":null,"abstract":"<div><div>Anonymous credentials allow users to obtain credentials while protecting their privacy, which have significant application value in digital identity management systems. Anonymous credential schemes based on post-quantum assumptions mainly rely on a central issuing authority. Once the central server encounters single point of failure, it will cause the entire system to crash. The high computational complexity of credential verification algorithm severely restricts system scalability in high-concurrency identity management scenarios. More critically, existing schemes generally lack non-interactive batch verification algorithm, resulting in linear growth of verification time with the number of credentials when handling large-scale requests. Constructions relying on multiple fixed issuers to issue credentials in a decentralized manner have been proposed. Given that fixed issuers could not adapt to complex and changing network environments, we present a lattice-based decentralized anonymous credential system that supports dynamic changes in issuers to enhance system robustness. By introducing an innovative threshold signature, our system flexibly accommodates the joining or leaving of issuers for various reasons. Meanwhile, the system enables dynamic adjustments of thresholds without reset. By utilizing an efficient cryptographic accumulator, the system supports batch verification of credentials without revealing their contents. Experimental results demonstrate that our system outperforms previous systems in terms of performance. It is worth noting that our batch credential verification algorithm achieves constant time cost, independent of user’s credential size.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104039"},"PeriodicalIF":4.1,"publicationDate":"2025-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144581037","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel clustering approach for recommendation systems using adaptive fuzzy clustering with Jensen–Shannon divergence","authors":"Gökhan Kayhan,&nbsp;Naciye Aydin,&nbsp;Sercan Demirci","doi":"10.1016/j.csi.2025.104035","DOIUrl":"10.1016/j.csi.2025.104035","url":null,"abstract":"<div><div>In today’s world, where users are surrounded by a multitude of products, recommender systems are employed to assist users in finding products of interest. Clustering methods are frequently utilized in recommender systems to suggest relevant products. Fuzzy clustering techniques, one of the most commonly used clustering methods, determine the degree of relevance of each product to a cluster through the membership matrix it generates. However, determining the number of clusters in these methods poses a challenge. This study proposes an Adaptive Fuzzy C-Means Jensen Shannon (AFCM-JS) algorithm, a fuzzy and interest-based clustering method that estimates the number of clusters. The proposed AFCM-JS algorithm is implemented on an artificial dataset consisting of 6 clusters and 1000 elements. The results of the study are compared with Fuzzy C-Means (FCM), Probabilistic C-Means (PCM), and Probabilistic Fuzzy C-Means (PFCM) methods, which are fuzzy-based clustering algorithms, and the interest-based method JS. To evaluate the comparison results, 7 different cluster validity indices and an accuracy metric are employed. AFCM-JS method consistently and accurately predicted the number of clusters when tested with different maximum cluster numbers. When the clustering ability of the method is tested with cluster validity indices and the accuracy metric, AFCM-JS is found to be successful. The performance of the AFCM-JS method is tested on a dataset created for a movie recommendation system with the aim of recommending movies to users. For this purpose, movie data is weighted with a Dirichlet function for action, adventure, comedy, drama, and horror genres, creating a dataset that includes the characteristics of these 5 movie genres. The AFCM-JS method is compared with 3 different fuzzy clustering methods using 7 different cluster validity indices with this created movie dataset. Additionally, the AFCM-JS algorithm is compared with the other 3 fuzzy clustering methods based on the accuracy metric. As a result of this comparison, the AFCM-JS method achieves the highest performance among the methods with 81.9366%. Furthermore, when the performance of the proposed method is compared in terms of cluster validity indices, the AFCM-JS method successfully predicts the appropriate number of clusters and effectively groups similar movies according to their genres, accomplishing the purpose.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104035"},"PeriodicalIF":4.1,"publicationDate":"2025-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144535132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Success factors for standards during the technology life cycle","authors":"Geerten van de Kaa ,&nbsp;Henk J. de Vries","doi":"10.1016/j.csi.2025.104043","DOIUrl":"10.1016/j.csi.2025.104043","url":null,"abstract":"<div><div>Technological developments such as the Internet of Things, and artificial intelligence result in new innovative systems. In these systems, ICT is integrated in products, services and processes. Interconnectivity gets crucial and standards should facilitate this. New standards complement existing ones and these may originate both from the ICT field and from other fields. These fields have different standardization cultures and often, multiple standards are competing. The question is which standard, if any, will achieve market success. We relate the success factors to the different phases of the technology life cycle. We assess the importance of these factors by using the Best Worst Method. In the discussion section, we argue how the importance of certain factors may change and which new factors pop up in an increasingly globalized and digital world. This should provide a basis for future research on market success of standards in this new context.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104043"},"PeriodicalIF":4.1,"publicationDate":"2025-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144596407","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Logarithmic identity-based ring signature over lattices and linkable variant","authors":"Wen Gao ,&nbsp;Tianyou Fu ,&nbsp;Baodong Qin ,&nbsp;Xiaoli Dong ,&nbsp;Zhen Zhao ,&nbsp;Momeng Liu","doi":"10.1016/j.csi.2025.104036","DOIUrl":"10.1016/j.csi.2025.104036","url":null,"abstract":"<div><div>The ring signature is extensively utilized in many fields, including e-voting, cryptocurrency, blockchain settings, etc. This paper proposes an effective identity-based ring signature (IBRS) from the lattice assumption by using logarithmic size OR proofs of group action to make the ring signature able to cope with the challenges of quantum attacks. Our construction has been proven anonymous and unforgeable in the random oracle model (ROM) under the hardness of Module Small Integer Solution (MSIS) assumption from lattices, a hot quantum-resistant cryptographic primitive. The anonymity makes it possible for a signer to sign the same message twice or more without being detected by the verifier. This would bring repeated e-voting or double spending of the same money in blockchain. Therefore, as an additional work, we give a linkable variant. Compared with existing IBRS schemes with linear sizes, the size of our scheme is relatively short and achieves logarithmic communication cost with its ring scale <span><math><mi>N</mi></math></span>. Our research data show that the signature size of our proposal has significant advantages over several existing schemes with an increase of <span><math><mi>N</mi></math></span>. When the ring scale <span><math><mi>N</mi></math></span> is set to be 32 (512, resp.), our scheme has a signature size of 177.13KiB (179.75KiB, resp.), while the previous scheme has a size of at least 154.06KiB (2695.74KiB, resp.).</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104036"},"PeriodicalIF":4.1,"publicationDate":"2025-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144557322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"USBIPS framework: Protecting hosts from malicious USB peripherals","authors":"Chun-Yi Wang ,&nbsp;Fu-Hau Hsu","doi":"10.1016/j.csi.2025.104040","DOIUrl":"10.1016/j.csi.2025.104040","url":null,"abstract":"<div><div>Universal Serial Bus (USB)-based attacks have increased in complexity in recent years. Modern attacks incorporate a wide range of attack vectors, from social engineering to signal injection. The security community is addressing these challenges using a growing set of fragmented defenses. Regardless of the vector of a USB-based attack, the most important risks concerning most people and enterprises are service crashes and data loss. The host OS manages USB peripherals, and malicious USB peripherals, such as those infected with BadUSB, can crash a service or steal data from the OS. Although USB firewalls have been proposed to thwart malicious USB peripherals, such as USBFilter and USBGuard, their effect is limited for preventing real-world intrusions. This paper focuses on building a security framework called USBIPS within Windows OSs to defend against malicious USB peripherals. This includes major efforts to explore the nature of malicious behavior and achieve persistent protection from USB-based intrusions. Herein, we first introduce an allowlisting-based method for USB access control. We then present a behavior-based detection mechanism focusing on attacks integrated into USB peripherals. Finally, we propose a novel approach that combines cross-layer methods to build the first generic security framework that thwarts USB-based intrusions. Within a centralized threat analysis framework, the approach provides persistent protection and may detect unknown malicious behavior. By addressing key security and performance challenges, these efforts help modern OSs against attacks from untrusted USB peripherals.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104040"},"PeriodicalIF":4.1,"publicationDate":"2025-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144524015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}