Pub Date : 2022-08-18DOI: 10.1007/978-3-031-08896-4_6
Valeh Farzaliyev, J. Willemson, Jaan Kristjan Kaasik
{"title":"Improved Lattice-Based Mix-Nets for Electronic Voting","authors":"Valeh Farzaliyev, J. Willemson, Jaan Kristjan Kaasik","doi":"10.1007/978-3-031-08896-4_6","DOIUrl":"https://doi.org/10.1007/978-3-031-08896-4_6","url":null,"abstract":"","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"3 1","pages":"18-34"},"PeriodicalIF":0.0,"publicationDate":"2022-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83749275","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Farhana Jabeen, Zia‐ur‐Rehman Khan, Z. Hamid, Zobia Rehman, Abid Khan
The Internet of Things (IoT) is characterized by the seamless integration of heterogeneous devices into information networks to enable collaborative environments, specifically those concerning the collection of data and exchange of information and services. Security and trustworthiness are among the critical requirements for the effective deployment of IoT systems. However, trust management in IoT is extremely challenging due to its open environment, where the quality of information is often unknown because entities may misbehave. A hybrid context ‐ aware trust and reputation management protocol is presented for fog ‐ based IoT that addresses adaptivity, survivability, and scalability requirements. Through simulation, the effectiveness of the proposed protocol is demonstrated.
{"title":"Adaptive and survivable trust management for Internet of Things systems","authors":"Farhana Jabeen, Zia‐ur‐Rehman Khan, Z. Hamid, Zobia Rehman, Abid Khan","doi":"10.1049/ISE2.12029","DOIUrl":"https://doi.org/10.1049/ISE2.12029","url":null,"abstract":"The Internet of Things (IoT) is characterized by the seamless integration of heterogeneous devices into information networks to enable collaborative environments, specifically those concerning the collection of data and exchange of information and services. Security and trustworthiness are among the critical requirements for the effective deployment of IoT systems. However, trust management in IoT is extremely challenging due to its open environment, where the quality of information is often unknown because entities may misbehave. A hybrid context ‐ aware trust and reputation management protocol is presented for fog ‐ based IoT that addresses adaptivity, survivability, and scalability requirements. Through simulation, the effectiveness of the proposed protocol is demonstrated.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"21 1","pages":"375-394"},"PeriodicalIF":0.0,"publicationDate":"2021-05-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83666907","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
National Natural Science Foundation of China, Grant/Award Number: U19B2021, U1736111; National Cryptography Development Fund, Grant/ Award Number: MMJJ20180111; Key Research and Development Programme of Shaanxi, Grant/Award Number: 2020ZDLGY08‐04 Abstract Format‐preserving encryption (FPE) allows encrypting plaintexts while preserving a specific format. In Selected Areas in Cryptography 2018, two targeted ciphers were proposed as new FPE schemes. The second scheme was designed with an algorithm called Mix–Swap–Unmix that is shown to be equivalent to a particular matching exchange process under a specific setting. In this comment paper, we prove that the matching exchange process is invalid. As a result, this equivalence does not exist.
{"title":"Comment on 'Targeted Ciphers for Format-Preserving Encryption' from Selected Areas in Cryptography 2018","authors":"Dachao Wang, Baocang Wang, Yuan Ping","doi":"10.1049/ISE2.12028","DOIUrl":"https://doi.org/10.1049/ISE2.12028","url":null,"abstract":"National Natural Science Foundation of China, Grant/Award Number: U19B2021, U1736111; National Cryptography Development Fund, Grant/ Award Number: MMJJ20180111; Key Research and Development Programme of Shaanxi, Grant/Award Number: 2020ZDLGY08‐04 Abstract Format‐preserving encryption (FPE) allows encrypting plaintexts while preserving a specific format. In Selected Areas in Cryptography 2018, two targeted ciphers were proposed as new FPE schemes. The second scheme was designed with an algorithm called Mix–Swap–Unmix that is shown to be equivalent to a particular matching exchange process under a specific setting. In this comment paper, we prove that the matching exchange process is invalid. As a result, this equivalence does not exist.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"127 1","pages":"395-400"},"PeriodicalIF":0.0,"publicationDate":"2021-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74811713","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A time ‐ specific encrypted range query scheme that has the following properties is proposed. (1) The proposed scheme has trapdoor privacy and data privacy so that a semi ‐ honest cloud is not able to get any useful information from given ciphertexts and given tokens that are used for searching ranges. (2) Unlike most of the other studies which report that the cloud server stores single encrypted keyword/element in the database, in our solution, the cloud server stores encrypted multi ‐ keywords/ranges in the database. Therefore, the semi ‐ honest cloud compares ciphertexts to tokens as ranges based on a predefined threshold ϕ value. This approach decreases the cloud search time since the cloud compares ranges to ranges (multi ‐ keywords with multi ‐ keywords) not points to points (not a keyword with a keyword). Thus, the proposed scheme is efficient based on searching ranges on ciphertexts. (3) Moreover, the communication cost between users and the cloud is decreased from O ( n ) to O (log n ), where n is the size of a range. Users send logarithmic size information to the cloud server instead of sending linear size information.
{"title":"Time-specific encrypted range query with minimum leakage disclosure","authors":"Ozgur Oksuz","doi":"10.1049/ise2.12010","DOIUrl":"https://doi.org/10.1049/ise2.12010","url":null,"abstract":"A time ‐ specific encrypted range query scheme that has the following properties is proposed. (1) The proposed scheme has trapdoor privacy and data privacy so that a semi ‐ honest cloud is not able to get any useful information from given ciphertexts and given tokens that are used for searching ranges. (2) Unlike most of the other studies which report that the cloud server stores single encrypted keyword/element in the database, in our solution, the cloud server stores encrypted multi ‐ keywords/ranges in the database. Therefore, the semi ‐ honest cloud compares ciphertexts to tokens as ranges based on a predefined threshold ϕ value. This approach decreases the cloud search time since the cloud compares ranges to ranges (multi ‐ keywords with multi ‐ keywords) not points to points (not a keyword with a keyword). Thus, the proposed scheme is efficient based on searching ranges on ciphertexts. (3) Moreover, the communication cost between users and the cloud is decreased from O ( n ) to O (log n ), where n is the size of a range. Users send logarithmic size information to the cloud server instead of sending linear size information.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"13 1","pages":"117-130"},"PeriodicalIF":0.0,"publicationDate":"2020-12-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87830515","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-16DOI: 10.1049/iet-ifs.2017.0546
Tzuo-Yau Fan, H. Chao
This study proposes a user-friendly XOR-based visual secret sharing scheme using random grids. In some visual secret sharing schemes, problems such as pixel expansion or noisy and meaningless shares may be encountered. In the proposed scheme, different regions in the shared image will have different brightness levels depending on the cover image's pixel values so that the generated shares contain information regarding the cover image and are not just a meaningless noisy image. This can overcome the difficulty in recovering the secret image in cases wherein the shares were mixed up by mistake. Furthermore, the dimension of the share is the same as the secret image and there are no pixel expansion problems. The size of the recovered secret image is consistent with the size of the original secret image, and there are no changes in scaling. Lastly, although one of the generated share is a complementary cover image, the image quality of the recovered secret image is still favourable when the secret image is recovered. The experimental and analysis results demonstrate that the proposed scheme is more effective than other schemes.
{"title":"User-friendly XOR-based visual secret sharing by random grid","authors":"Tzuo-Yau Fan, H. Chao","doi":"10.1049/iet-ifs.2017.0546","DOIUrl":"https://doi.org/10.1049/iet-ifs.2017.0546","url":null,"abstract":"This study proposes a user-friendly XOR-based visual secret sharing scheme using random grids. In some visual secret sharing schemes, problems such as pixel expansion or noisy and meaningless shares may be encountered. In the proposed scheme, different regions in the shared image will have different brightness levels depending on the cover image's pixel values so that the generated shares contain information regarding the cover image and are not just a meaningless noisy image. This can overcome the difficulty in recovering the secret image in cases wherein the shares were mixed up by mistake. Furthermore, the dimension of the share is the same as the secret image and there are no pixel expansion problems. The size of the recovered secret image is consistent with the size of the original secret image, and there are no changes in scaling. Lastly, although one of the generated share is a complementary cover image, the image quality of the recovered secret image is still favourable when the secret image is recovered. The experimental and analysis results demonstrate that the proposed scheme is more effective than other schemes.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"58 4 1","pages":"398-403"},"PeriodicalIF":0.0,"publicationDate":"2018-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87720807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-16DOI: 10.1049/iet-ifs.2017.0341
Dan Wang, Bing Guo, Yan Shen
Several privacy protection technologies have been designed for protecting individuals' privacy information in data publishing. It is often easy to make additional information loss of a dataset without measuring the strength of privacy protection it required. To apply appropriate strength of privacy preservation, the authors put forward privacy score, a new metric for making a comprehensive evaluation of the privacy information contained in the pre-published dataset. Using this measure, publishers can apply the privacy techniques to the pre-published dataset in accordance with the privacy level it belongs to. The privacy score is determined by the amount as well as the quality of privacy information in which the pre-published dataset is contained. Furthermore, the authors present a data sensitivity model based on analytic hierarchy process for assigning a sensitivity score to each possible value of a sensitive attribute. The reasonability and effectiveness of the proposed approach are verified by using the Adult dataset.
{"title":"Method for measuring the privacy level of pre-published dataset","authors":"Dan Wang, Bing Guo, Yan Shen","doi":"10.1049/iet-ifs.2017.0341","DOIUrl":"https://doi.org/10.1049/iet-ifs.2017.0341","url":null,"abstract":"Several privacy protection technologies have been designed for protecting individuals' privacy information in data publishing. It is often easy to make additional information loss of a dataset without measuring the strength of privacy protection it required. To apply appropriate strength of privacy preservation, the authors put forward privacy score, a new metric for making a comprehensive evaluation of the privacy information contained in the pre-published dataset. Using this measure, publishers can apply the privacy techniques to the pre-published dataset in accordance with the privacy level it belongs to. The privacy score is determined by the amount as well as the quality of privacy information in which the pre-published dataset is contained. Furthermore, the authors present a data sensitivity model based on analytic hierarchy process for assigning a sensitivity score to each possible value of a sensitive attribute. The reasonability and effectiveness of the proposed approach are verified by using the Adult dataset.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"1 1","pages":"425-430"},"PeriodicalIF":0.0,"publicationDate":"2018-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90500982","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-27DOI: 10.1049/iet-ifs.2017.0459
Penglin Yang, Limin Tao, Haitao Wang
In programme dynamic analysis, control flow integrity (CFI) is an efficient way to investigate programme's behaviour. By detecting these CF instructions, researchers can obtain programme's runtime information and execution status accurately. This feature makes CFI a sharp and sensitive approach to detect programme abnormal conditions and malicious attacks such as stack overflow and return-oriented programming. Meanwhile, with the development of dynamic trusted computing technique, a Trusted Platform Module (TPM) chip can provide cryptographic service both in a system's booting period and runtime period. In this study, the authors combine CFI and dynamic trusted computing to present runtime trusted verifier (RTTV) as a dynamic CFI measurement tool based on TPM. Compared to traditional measurement methods, their work is more accurate and reliable, can totally enforce programme run as predefined CF. RTTV uses TPM as `root of trust', which also provides computing resource such as hash algorithm to reduce performance overhead. With the characteristic of sensitivity, simplicity and efficiency, RTTV can especially meet the security requirement of remote embedded systems such as satellites and other valuable equipments.
{"title":"RTTV: a dynamic CFI measurement tool based on TPM","authors":"Penglin Yang, Limin Tao, Haitao Wang","doi":"10.1049/iet-ifs.2017.0459","DOIUrl":"https://doi.org/10.1049/iet-ifs.2017.0459","url":null,"abstract":"In programme dynamic analysis, control flow integrity (CFI) is an efficient way to investigate programme's behaviour. By detecting these CF instructions, researchers can obtain programme's runtime information and execution status accurately. This feature makes CFI a sharp and sensitive approach to detect programme abnormal conditions and malicious attacks such as stack overflow and return-oriented programming. Meanwhile, with the development of dynamic trusted computing technique, a Trusted Platform Module (TPM) chip can provide cryptographic service both in a system's booting period and runtime period. In this study, the authors combine CFI and dynamic trusted computing to present runtime trusted verifier (RTTV) as a dynamic CFI measurement tool based on TPM. Compared to traditional measurement methods, their work is more accurate and reliable, can totally enforce programme run as predefined CF. RTTV uses TPM as `root of trust', which also provides computing resource such as hash algorithm to reduce performance overhead. With the characteristic of sensitivity, simplicity and efficiency, RTTV can especially meet the security requirement of remote embedded systems such as satellites and other valuable equipments.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"5 1","pages":"438-444"},"PeriodicalIF":0.0,"publicationDate":"2018-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87375387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-27DOI: 10.1049/iet-ifs.2017.0606
Tao Chen, Michael Farcasin, Eric Chan-Tin
Many people now own smartphones and store all their documents such as pictures and financial statements on their phone. To protect this sensitive information, people generally use a passcode to prevent unauthorised access to their phone. Shoulder-surfing attacks are well known. However, contrary to common belief, they are not easy to carry out. Shoulder-surfing attacks to predict the passcode by humans are shown to not be accurate. The authors thus propose an automated algorithm to accurately predict the passcode entered by a victim on her smartphone by recording the video. Their proposed algorithm is able to predict over 92% of numbers entered in fewer than 75 s with training performed once.
{"title":"Smartphone passcode prediction","authors":"Tao Chen, Michael Farcasin, Eric Chan-Tin","doi":"10.1049/iet-ifs.2017.0606","DOIUrl":"https://doi.org/10.1049/iet-ifs.2017.0606","url":null,"abstract":"Many people now own smartphones and store all their documents such as pictures and financial statements on their phone. To protect this sensitive information, people generally use a passcode to prevent unauthorised access to their phone. Shoulder-surfing attacks are well known. However, contrary to common belief, they are not easy to carry out. Shoulder-surfing attacks to predict the passcode by humans are shown to not be accurate. The authors thus propose an automated algorithm to accurately predict the passcode entered by a victim on her smartphone by recording the video. Their proposed algorithm is able to predict over 92% of numbers entered in fewer than 75 s with training performed once.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"6 1","pages":"431-437"},"PeriodicalIF":0.0,"publicationDate":"2018-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75087999","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}