Computer Standards & Interfaces最新文献

{"title":"Towards a multi-core certification Job-Aid for AMC 20-193","authors":"James Sharp ,&nbsp;Mike Standish ,&nbsp;Jaspal Sagoo ,&nbsp;Edwin van de Sluis","doi":"10.1016/j.csi.2025.104049","DOIUrl":"10.1016/j.csi.2025.104049","url":null,"abstract":"<div><div>Multi-Core Processors (MCPs) are ubiquitous in modern electronic devices. However, their exploitation within the high criticality domains, specifically that of aerospace, introduces challenges. The European Union Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) recently released harmonised guidance in the form of Acceptable Means of Compliance (AMC) 20-193, which details <em>what</em> is required, from a certification perspective, to enable the use of MCPs for satisfying airworthiness requirements. Although regulatory authorities have withdrawn Job Aids for standards such as DO-178 and DO-254, they are an effective method of showing compliance to standards and widely used by assessors. Understanding MCPs is, however, non-trivial and requires significant expertise not only of the device itself, but also how software will be architected and executed, along with how system level safety considerations are to be employed, all to ensure safe application of this technology. Thus, within this paper the authors, through the provision of an assessment of the <em>what</em> detailed in AMC 20-193, give an in-depth analysis into the intent behind the 10 objectives set out in this new AMC. The aim of the paper is to provide a foundation upon which Subject Matter Experts (SMEs) might construct their own Job Aid. Through its discussions, it is the authors intention that this paper enables a common understanding against which an applicant, assessor, and authority can interpret the <em>how</em> when looking to achieve the <em>what</em> set out in AMC 20-193.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104049"},"PeriodicalIF":3.1,"publicationDate":"2025-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145007730","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyber hygiene of SMiShing: What they know and where they look","authors":"Morgan E. Edwards,&nbsp;Jeremiah D. Still","doi":"10.1016/j.csi.2025.104048","DOIUrl":"10.1016/j.csi.2025.104048","url":null,"abstract":"<div><div>Phishing attacks exploit psychological vulnerabilities to steal valuable information. While extensive research has improved defenses against email phishing, less is known about how non-technical users, particularly young adults, respond to SMiShing (SMS phishing) attacks. This research addresses this empirical gap by investigating user behavior and decision-making processes related to SMiShing among undergraduate students, a demographic identified as particularly susceptible to these attacks. Study 1 surveyed college students' SMiShing knowledge, experience, and hygiene practices, examining the influence of traditional phishing susceptibility factors. Contrary to expectations, these factors were not predictive of SMiShing behavior. Furthermore, the Cyber Hygiene Inventory (CHI) proved ineffective in predicting secure SMiShing practices. Study 2 combined eye-tracking and self-reported data to analyze how users evaluate text message legitimacy. While participants accurately reported using message content, they over-reported their reliance on sender phone numbers. These findings provide crucial insights into the SMiShing attack vector from the end-user perspective, specifically within a vulnerable demographic. This work highlights the need for human-centered security solutions tailored to the unique challenges of SMiShing, ultimately improving user resilience against these attacks.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104048"},"PeriodicalIF":3.1,"publicationDate":"2025-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144749843","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Certificate-based proxy signature scheme with revocation for Industrial Internet of Things","authors":"Guangjin Zhang,&nbsp;Yanwei Zhou,&nbsp;Xianxiang Liu,&nbsp;Bo Yang","doi":"10.1016/j.csi.2025.104045","DOIUrl":"10.1016/j.csi.2025.104045","url":null,"abstract":"<div><div>The Industrial Internet of Things (IIoT) needs adaptive trust management solutions to emphasize secure delegation and revocation in dynamic settings. Current proxy signature schemes often have centralized architectures or mechanisms that either damage historical data integrity or cause unsustainable storage costs, failing to solve key revocation efficiency problems. This paper presents a novel revocable certificate-based proxy signature (CBPS) scheme with a new revocation framework for IIoT constraints. By introducing timestamp-based polynomial delegation, our CBPS scheme enables indirect revocation, meaning the revocation list only needs to store prematurely terminated delegate tokens. This approach ensures immediate invalidation of revoked permissions without affecting the validity of pre-revocation signatures, achieving storage efficiency while preserving historical transaction auditability. The framework seamlessly integrates with certificate-based cryptography, eliminating key escrow risks. Security analysis shows resistance to collusion attacks and adaptive adversaries, and performance evaluations confirm the scheme’s practicality in resource-constrained environments. The work progresses IIoT trust management by combining real-time revocation with minimal overhead, ensuring security and scalability in industrial deployments.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104045"},"PeriodicalIF":4.1,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144686880","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards a new standard for network access authentication: EAP-EDHOC","authors":"Francisco Lopez-Gomez ,&nbsp;Rafael Marin-Lopez ,&nbsp;Gabriel Lopez-Millan ,&nbsp;Dan Garcia-Carrillo ,&nbsp;John Preuß Mattsson ,&nbsp;Göran Selander","doi":"10.1016/j.csi.2025.104037","DOIUrl":"10.1016/j.csi.2025.104037","url":null,"abstract":"<div><div>The Extensible Authentication Protocol (EAP) has been a cornerstone of secure authentication in both wired and wireless networks, as well as enterprise systems, enabling integration with a wide range of authentication mechanisms. Recently, the IETF EAP Method Update (EMU) Working Group has adopted EAP-EDHOC, a method that combines EAP’s extensibility with the recent standard Ephemeral Diffie–Hellman Over COSE (EDHOC). EDHOC is a lightweight authentication and key exchange protocol designed to be supported in resource-constrained environments. This enhances EAP-EDHOC as a high-performance authentication method for EAP-based networks. This paper presents a comprehensive analysis of the standardization efforts surrounding EAP-EDHOC, including a first proof-of-concept implementation and performance evaluation conducted over Wi-Fi networks. Additionally, a new design that optimizes the existing protocol by reversing the roles of the communication parties is proposed. The original and optimized versions are evaluated and compared with each other, as well as with EAP-TLS 1.3 and EAP-PSK. The results demonstrate that EAP-EDHOC achieves more efficient authentication than EAP-TLS 1.3 in terms of execution time, number of messages, and data transmitted. Meanwhile, EAP-PSK, which is based on symmetric cryptography, serves as a performance baseline.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104037"},"PeriodicalIF":4.1,"publicationDate":"2025-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144632280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient structure-aware private set intersection with distributed interval function","authors":"Huimin Zhang ,&nbsp;Wenmin Li ,&nbsp;Yanjin Cheng ,&nbsp;Sujuan Qin ,&nbsp;Fei Gao ,&nbsp;Tengfei Tu","doi":"10.1016/j.csi.2025.104044","DOIUrl":"10.1016/j.csi.2025.104044","url":null,"abstract":"<div><div>Structure-aware PSI protocol (Sa-PSI) allows both parties to identify pairs of points within a predefined distance threshold across their respective datasets. However, in previous work, the cost of computation scales linearly with the number of prefixes in the structure, which may become excessively large, and additionally, this protocol risks disclosing sensitive elements. In this work, we present a lightweight and efficient Sa-PSI protocol (LESa-PSI), which aims at achieving the computational cost independent of the number of prefixes in the structure while simultaneously minimizing information leakage. We formally define an FSS based on the two-sided intervals function — compact DIF. This compact DIF is instantiated for a single-dimensional two-sided interval function and then extended to <span><math><mi>d</mi></math></span>-dimensional, which may be of independent interest. By combining compact DIF with a novel variant of DPF, we achieve key size compression for the set. Meanwhile, a structural decomposition strategy is proposed to divide the structure set, thereby enabling efficient function evaluation and computing the intersection. We prove that the LESa-PSI is secure in the semi-honest model. Furthermore, a comprehensive analysis of compact DIF and LESa-PSI is conducted through theory and experiments, with a comparison against some state-of-the-art works. The experimental results show that our compact DIF has a smaller key size, while the LESa-PSI has better performance in the intersection search and Bob’s elements evaluation.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104044"},"PeriodicalIF":4.1,"publicationDate":"2025-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144634018","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SecureMD5: A new stream cipher for secure file systems and encryption key generation with artificial intelligence","authors":"Isabel Herrera Montano ,&nbsp;Juan Ramos Diaz ,&nbsp;Sergio Molina-Cardín ,&nbsp;Juan José Guerrero López ,&nbsp;José Javier García Aranda ,&nbsp;Isabel de la Torre Díez","doi":"10.1016/j.csi.2025.104047","DOIUrl":"10.1016/j.csi.2025.104047","url":null,"abstract":"<div><div>The insider threat to sensitive information posed by employees or partners of an organisation remains a major cybersecurity challenge. In this regard, the measures taken by organisations and companies to protect information are often insufficient. Primarily, due to the legitimate access and knowledge of security holes that these individuals possess.</div><div>This study proposes SecureMD5, an encryption algorithm designed specifically for secure file systems (SFS). The algorithm is based on custom one-way functions integrated into an encryption scheme that operates at the byte level. It uses 11 dynamic variables generated from contextual parameters such as file position, access time, random values, and user-specific keys. This approach ensures that SecureMD5 does not inherit the known vulnerabilities of MD5 as a standard cryptographic algorithm. Consequently, SecureMD5 is presented as an adaptive and robust solution that addresses the challenges posed by insider threats in SFS.</div><div>In parallel, a modular contextual key generation scheme is proposed, which can incorporate various challenges such as user identity, access time and device location. Biometric key generation based on Artificial Intelligence (AI) methods is evaluated independently from the validation of the encryption algorithm. In the evaluated biometric key generation scheme, the AI models MediaPipe Hand Landmark and LBPHFaceRecognizer from OpenCV have been used. These methods are part of a sub-key generation scheme based on contextual challenges. This scheme eliminates the need for key storage for dynamic and secure access to sensitive information.</div><div>SecureMD5 was validated by diffusion, confusion, entropy and performance analysis. It achieved 31 % higher entropy than comparable algorithms. Performance improved by 0.32 % compared to RC4. It also passed 87 % of NIST 800–22 tests, demonstrating its robustness against cryptographic vulnerabilities. In addition, SecureMD5 balances security and performance, with encryption times 25 % faster than a modified AES algorithm for 10 MB files. Biometric key generation methods were evaluated using metrics such as precision, accuracy, false acceptance rate and specificity, achieving satisfactory values above 80 % on all metrics. This work addresses critical gaps in information security, providing significant advances in protecting SFS against insider threats. The design and adaptability of SecureMD5 make it particularly suitable for sectors with strict security requirements, such as healthcare, finance, and corporate data management. Its ability to enable dynamic and secure access control addresses the real challenges posed by protecting confidential information from internal threats.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104047"},"PeriodicalIF":4.1,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144655383","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"40 years of Computer Standards & Interfaces: A bibliometric retrospective","authors":"Nikunja Mohan Modak ,&nbsp;Ghassan Beydoun ,&nbsp;José M. Merigó ,&nbsp;Iman Rahimi ,&nbsp;Willy Susilo","doi":"10.1016/j.csi.2025.104046","DOIUrl":"10.1016/j.csi.2025.104046","url":null,"abstract":"<div><div>Computer Standards &amp; Interfaces (CSI) is a leading international journal in the field of computer applications, standards, data management, interfaces, and software developments. This bibliometric study analyzes a four-decade journey of the CSI from 1982 to 2023. We captured data related to the CSI publications from two trustworthy databases: Web of Science (WoS) Core Collection and Scopus. We analyze the journal's performance in relationships with publications, citations, topics, periods, authors, institutions, countries, and regions. Visualization of similarities (VOS) viewer software is used to construct network visualizations of co-citations, co-occurrences, and bibliographic couplings of related issues. The present work finds that 2001 published articles in CSI have received 24,139 citations. David C. Yen from Texas Southern University (USA) and Ahmed Patel from Ceará State University (Brazil) are the most productive authors. The USA, Europe and East Asia are the most productive regions. Security, Standardization, Standards, Interoperability, Authentication, Privacy, and Cryptography are highly discussed research topics by the authors in CSI. This retrospective study explores the reach and credibility of CSI capturing active and significant involvements of the authors from different parts of the world.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104046"},"PeriodicalIF":4.1,"publicationDate":"2025-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144655799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Multiuser data integrity auditing atop blockchain with secure user revocation for cognitive IoT networks","authors":"Min Xie ,&nbsp;Yong Yu ,&nbsp;Ruonan Chen ,&nbsp;Yanqi Zhao ,&nbsp;Jianting Ning ,&nbsp;Xiaoyi Yang ,&nbsp;Zoe L. Jiang","doi":"10.1016/j.csi.2025.104042","DOIUrl":"10.1016/j.csi.2025.104042","url":null,"abstract":"<div><div>Cognitive computing over big data has advanced the cognitive Internet of Things (IoT), enhancing adaptive decision-making by the analysis of shared data, while posing challenges in the storage and multi-user sharing of large-scale real-time data. Decentralized cloud storage is a promising solution to reduce latency and prevent single-point failures, but a key factor in preventing erroneous decisions lies in the integrity of shared data. However, integrity auditing in decentralized and shared storage typically involves linear overheads, with revoked users potentially colluding with cloud providers to evade audits. To address these issues, we propose a blockchain-based multiuser data integrity auditing protocol for cognitive IoT, supporting secure user revocation and batch auditing in decentralized storage. Our protocol classifies group users into different categories and manages group users efficiently and dynamically. Besides, files stored across various storage nodes can be audited in batches and effectively updated based on novel block tags. Smart contracts deployed on the blockchain ensure fairness among participants. We formally prove the security of the protocol in the random oracle model and the algebraic group model, in particular, against collusion attacks. Finally, we evaluate the cost separately for on-chain operations and off-chain operations to show its practicality.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104042"},"PeriodicalIF":4.1,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144581038","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Lattice-based dynamic decentralized anonymous credential scheme supporting batch verification","authors":"Yihua Zhou,&nbsp;Shumiao Liu,&nbsp;Yuguang Yang,&nbsp;Weimin Shi,&nbsp;Zhenhu Ning","doi":"10.1016/j.csi.2025.104039","DOIUrl":"10.1016/j.csi.2025.104039","url":null,"abstract":"<div><div>Anonymous credentials allow users to obtain credentials while protecting their privacy, which have significant application value in digital identity management systems. Anonymous credential schemes based on post-quantum assumptions mainly rely on a central issuing authority. Once the central server encounters single point of failure, it will cause the entire system to crash. The high computational complexity of credential verification algorithm severely restricts system scalability in high-concurrency identity management scenarios. More critically, existing schemes generally lack non-interactive batch verification algorithm, resulting in linear growth of verification time with the number of credentials when handling large-scale requests. Constructions relying on multiple fixed issuers to issue credentials in a decentralized manner have been proposed. Given that fixed issuers could not adapt to complex and changing network environments, we present a lattice-based decentralized anonymous credential system that supports dynamic changes in issuers to enhance system robustness. By introducing an innovative threshold signature, our system flexibly accommodates the joining or leaving of issuers for various reasons. Meanwhile, the system enables dynamic adjustments of thresholds without reset. By utilizing an efficient cryptographic accumulator, the system supports batch verification of credentials without revealing their contents. Experimental results demonstrate that our system outperforms previous systems in terms of performance. It is worth noting that our batch credential verification algorithm achieves constant time cost, independent of user’s credential size.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104039"},"PeriodicalIF":4.1,"publicationDate":"2025-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144581037","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel clustering approach for recommendation systems using adaptive fuzzy clustering with Jensen–Shannon divergence","authors":"Gökhan Kayhan,&nbsp;Naciye Aydin,&nbsp;Sercan Demirci","doi":"10.1016/j.csi.2025.104035","DOIUrl":"10.1016/j.csi.2025.104035","url":null,"abstract":"<div><div>In today’s world, where users are surrounded by a multitude of products, recommender systems are employed to assist users in finding products of interest. Clustering methods are frequently utilized in recommender systems to suggest relevant products. Fuzzy clustering techniques, one of the most commonly used clustering methods, determine the degree of relevance of each product to a cluster through the membership matrix it generates. However, determining the number of clusters in these methods poses a challenge. This study proposes an Adaptive Fuzzy C-Means Jensen Shannon (AFCM-JS) algorithm, a fuzzy and interest-based clustering method that estimates the number of clusters. The proposed AFCM-JS algorithm is implemented on an artificial dataset consisting of 6 clusters and 1000 elements. The results of the study are compared with Fuzzy C-Means (FCM), Probabilistic C-Means (PCM), and Probabilistic Fuzzy C-Means (PFCM) methods, which are fuzzy-based clustering algorithms, and the interest-based method JS. To evaluate the comparison results, 7 different cluster validity indices and an accuracy metric are employed. AFCM-JS method consistently and accurately predicted the number of clusters when tested with different maximum cluster numbers. When the clustering ability of the method is tested with cluster validity indices and the accuracy metric, AFCM-JS is found to be successful. The performance of the AFCM-JS method is tested on a dataset created for a movie recommendation system with the aim of recommending movies to users. For this purpose, movie data is weighted with a Dirichlet function for action, adventure, comedy, drama, and horror genres, creating a dataset that includes the characteristics of these 5 movie genres. The AFCM-JS method is compared with 3 different fuzzy clustering methods using 7 different cluster validity indices with this created movie dataset. Additionally, the AFCM-JS algorithm is compared with the other 3 fuzzy clustering methods based on the accuracy metric. As a result of this comparison, the AFCM-JS method achieves the highest performance among the methods with 81.9366%. Furthermore, when the performance of the proposed method is compared in terms of cluster validity indices, the AFCM-JS method successfully predicts the appropriate number of clusters and effectively groups similar movies according to their genres, accomplishing the purpose.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104035"},"PeriodicalIF":4.1,"publicationDate":"2025-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144535132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}