Journal of Information Security and Applications最新文献

Truth discovery as an effective method to improve data quality in mobile crowd sensing has recently gained widespread attention. It inferred participant weight based on the sensory data submitted by participants, and then used the weight to aggregate sensory data and finally inferred the real information. Due to participants in mobile crowd sensing facing the problem of privacy leakage, existing work mainly focuses on sensory data privacy, with less consideration of weight privacy. Based on this, this paper proposes a lightweight privacy-preserving truth discovery in mobile crowd sensing ALPPTD. ALPPTD ran the encryption and decryption calculations of weight and truth update on the cloud server side, which greatly reduced the computation overhead of participants to motivate more users to participate. Meanwhile, two non-colluding cloud servers use homomorphic encryption to achieve aggregation of sensory data, thus iteratively computing the truth while guaranteeing the privacy of participants’ sensory data and weights. Theoretical analysis and experiment results show that ALPPTD ensures the privacy of participants’ sensory data and weight while computing the truth value with low computation overhead characteristics of participants.

The Internet provides us a lot of online services. Under the conventional single-server architectures, remote users must register separately on each visited server to obtain the required services. In contrast, with a multi-server architecture, users can freely access subscribed services from multiple servers by registering at a single registration center ($RC$). Currently, biometrics are widely applied in user authentication schemes to improve their security. Combining with biometric authentication techniques, we present an anonymous authentication scheme by using Chebyshev chaotic map to achieve authentication of both communicating parties in multi-server scenario. The core point of this new scheme is the use of chaotic mapping to achieve mutual authentication instead of time-consuming authentication methods, thus leading to higher efficiency. Based on the widely used Real-Or-Random(ROR) model and the Proverif tool, we perform a formal security analysis of the proposed scheme. In addition, the comparison of security attributes and performance with other related works indicates that the new scheme can withstand various attacks and better suited to multi-server application scenarios.

E-Health Cloud can provide remote, accurate, real-time, intelligent information services for healthcare. Despite the benefits brought by data outsourcing, it may also cause data breaches and compromise user privacy. Searchable encryption can provide data security and search services in the encrypted data domain. However, in E-Health Cloud, users may have some other special needs, such as sharing their health information with doctors during the treatment period and updating the data access right when they transfer from one hospital to another. Some works introduced the primitive proxy re-encryption with public keyword search (Re-PEKS) to meet the above needs. However, the state-of-the-art solutions cannot support expressive boolean query, and its search cost time increases linearly with total number of outsourced documents, this is very impractical in huge E-Health Cloud system. An efficient Re-PEKS scheme termed PRTDs is proposed in this article to address this problem. PRTDs supports sub-linear boolean query, time controlled data sharing, and re-encryption to change data users simultaneously. To compare PRTDs with the most advanced time-enabled Re-PEKS scheme, we also implement exhaustive comparative experiments on HUAWEI Cloud with the Enron dataset, and the results show that PRTDs has a better performance on encryption and searching.

Images play a vital role in almost all sectors, including medical, video conferencing, weather forecasting, military applications, and most common social media applications. Today’s proliferating technology provides attackers an opportunity to breach and access confidential data that are not enciphered or weakly secured. There is a massive requirement for a robust image cryptosystem for the secure transmission of confidential images over an insecure network. Here, we present an encryption technique to encipher images using dynamic substitution boxes (S-boxes) generated by a chaotic system and the points from an elliptic curve over a finite field. The dynamic S-boxes generation depends on a key obtained from the hash value using Secure Hash Algorithm-512 ($SHA512$). Each different image generates different S-boxes making it immune to known-plaintext attacks. The input image pixels are permuted and substituted using dynamic permutation tables and dynamics S-boxes. The mean of S-box security analyses such as non-linearity, strict avalanche criterion, bit independent criterion, differential approximation probability, and linear approximation is obtained as 104, 0.510294, 0.51145, 0.046875, and 0.083252 respectively. The generated S-boxes using the proposed method meet the standards of secure S-boxes. The cipher output images produced by the proposed methodology are also examined using statistical and security analyses. The proposed method can resist cipher-text-only attacks and has a large keyspace of 512 bits to withstand a probabilistic or deterministic attack on the elliptic curve discrete logarithmic problems such as baby-step, giant-step attack, and Pollard’s rho attack. The strength of the generated cipher image using the proposed method is substantiated by tests such as the National Institute of Standards and Technology randomness test, the local entropy, correlation analysis, and differential analysis. Comparisons are made with some of the related existing state-of-the-art methods and turn out to be on par or better with the other compared methods.

Delay tolerant networks supporting heterogeneous communication are a promising network architecture solution that can meet today’s communication requirements involving nodes in space, terrestrial and water networks. These networks with dynamic topology and dynamic set of participating nodes make enablement of secure authentication between nodes in this network architecture a critical requirement. In this paper, we propose a novel Quantum-Secure Authentication (QS-Auth) protocol that enables mutual-authentication in Heterogeneous Delay tolerant network environment, while achieving quantum-resistance using the combination of PUF and Post-Quantum signature. The proposed tree-based region structure enables scalability and distributes the responsibility for trust to individual region heads and eliminates high risk root nodes in other tree-based solutions. The proposed scheme can meet the high secure mutual-authentication requirement in critical networks like defence, disaster regions, satellite communications etc. We demonstrate the correctness of our proposed scheme by conducting thorough informal and formal security analysis. The performance analysis is done by the evaluation of efficiency, computation and communication cost. The results of our analysis proves that the proposed protocol meets the security criteria and is well suited for heterogeneous delay tolerant network environments.

The diversification and complexity of network attacks pose a serious challenge to network security and lead to the phenomenon of overlapping attributes of network attack behaviors. In this context, traditional network attack detection methods are limited to single-label learning, which cannot effectively deal with complex and diverse network attacks. To better understand the relation between network attack behaviors and improve the effect of network security protection, we first analyze the well-known network attack datasets (UNSW-NB15 and CCCS-CIC-AndMal-2020) according to the proposed multi-label metrics. Subsequently, we propose a multi-label cyber-attack detection method based on two-stage model fusion. In the first stage, a category is selected based on the analysis of multi-label metrics, and binary classification is performed. In the second stage, the binary labels generated in the first stage are added to the feature space for the multi-label categorization. Experimental results show that the two-stage model fusion method effectively improves the performance of the baseline methods. In addition, we analyze the impact of different categories and binary classification performance for the multi-label detection. The experimental results show that, theoretically, when the binary classification accuracy of Normal and Adware reaches 77% and 95% respectively, the performance of the two-stage multi-label detection method exceeds the state-of-the-art methods. This indicates the effectiveness of the two-stage strategy used in our proposed method for improving the ability of multi-label network attack detection.

Verifiable credentials are a digital analogue of physical credentials. Their authenticity and integrity are protected by means of cryptographic techniques, and they can be presented to verifiers to reveal attributes or even predicates about the attributes included in the credential. One way to preserve privacy during presentation consists in selectively disclosing the attributes in a credential. In this paper we present the most widespread cryptographic mechanisms used to enable selective disclosure of attributes identifying two categories: the ones based on hiding commitments - e.g., mdl ISO/IEC 18013-5 - and the ones based on non-interactive zero-knowledge proofs - e.g., BBS signatures. We also include a description of the cryptographic primitives used to design such cryptographic mechanisms.

We describe the design of the cryptographic mechanisms and compare them by performing an analysis on their standard maturity in terms of standardization, cryptographic agility and quantum safety, then we compare the features that they support with main focus on the unlinkability of presentations, the ability to create predicate proofs and support for threshold credential issuance.

Finally we perform an experimental evaluation based on the Rust open source implementations that we have considered most relevant. In particular we evaluate the size of credentials and presentations built using different cryptographic mechanisms and the time needed to generate and verify them. We also highlight some trade-offs that must be considered in the instantiation of the cryptographic mechanisms.

The advent of quantum computing threatens the security of traditional public-key cryptography. Algorithms for quantum computing have the ability to solve the large prime factorization and the discrete logarithm problem in polynomial time. To deal with the threat, post-quantum cryptography (PQC) primitives and protocols were proposed. Lattice-based cryptography (LBC) is the promising post-quantum cryptography, both in traditional and emerging security scenarios such as public-key encryption, homomorphic encryption and oblivious transfer. Theoretically, the algebraic structure of the lattice provides a secure fundamental for LBC. In contrast, the implementation should consider the balance of time, space, and resources for realization on various programmable platforms. In the implementation of lattice-based cryptography, polynomial multiplication is the primary operation accounting for about 30% of the execution. To improve the performance of LBC schemes, various efficient algorithms have been proposed over decades. This work focuses on approaches to accelerate polynomial multiplication used in LBC schemes. First, we review and compare three polynomial multiplication algorithms, Number Theory Transform (NTT), Karatsuba algorithm and Toom–Cook algorithm. Then we present a comprehensive survey of implementation on programmable platforms such as Graphics Processing Unit (GPU) and Field-Programmable Gate Array (FPGA). At last, we summarize the future trend of implementing polynomial multiplication and provide recommendations.

Cyber Threat Intelligence (CTI) is essential knowledge concerning cyber and physical threats aimed at mitigating potential cyber attacks. The rapid evolution of Information and Communications Technology (ICT), the Internet of Things (IoT), and Industry 5.0 has spawned a multitude of sources regarding current or potential cyber threats against organizations. Consequently, CTI sharing among organizations holds considerable promise for facilitating swift responses to attacks and enabling mutual benefits through active participation. However, exchanging CTI among different organizations poses significant challenges, including legal and regulatory obligations, interoperability standards, and data reliability. The current CTI sharing landscape remains inadequately explored, hindering a comprehensive examination of organizations’ critical needs and the challenges they encounter during CTI sharing. This paper presents a comprehensive survey on CTI sharing, beginning with an exploration of CTI fundamentals and its advancements in assessing cyber and physical threats and threat actors from various perspectives. For instance, we discuss the benefits of CTI, its applications, and diverse CTI sharing architectures. Additionally, we extensively discuss a list of CTI sharing challenges and evaluate how available CTI sharing proposals address these challenges. Finally, we provide an inventory of unique future research directions to offer insightful guidelines for CTI sharing.

Today, due to the unparalleled growth of multimedia data sharing, especially digital images, between users over insecure channels in real-time applications, cryptography algorithms have gained increasing attention for the secure and efficient transmission. In classical chaos-based image cryptosystems, the confusion and diffusion operations are often applied as two separate and independent phases, which threatens the cryptosystem security. To address these problems, in this paper, a fast image cryptosystem based on parallel simultaneous diffusion–confusion strategy has been proposed using Latin squares, called PSDCLS. It consists of three main steps. First, the initial parameters of the Hénon-Sine chaotic map are produced from SHA256 of both the plain image content and the user’s secret key. Second, a chaos-based random Latin square is constructed by employing the chaotic sequence produced through the Hénon-Sine chaotic map. Third, a parallel simultaneous diffusion–confusion scheme is proposed by using Latin square and vectorization technique to overcome the problems of computational complexity and high risk of separable and iterative confusion–diffusion operations in the classical chaos-based image cryptosystems. To analyze and evaluate the security and performance of PSDCLS cryptosystem, we conducted extensive simulations and experiments on various benchmark images. Experimental results and analyses show that PSDCLS achieves excellent scores for information entropy ($>7.99$), correlation coefficients close to 0, key space ($2^{512}$), NPCR ($>99.60\text{\%}$), UACI ($>33.46\text{\%}$). The encryption time for test images of size 512 × 512 and $512\times 512\times 3$ was around 0.026 and 0.081 s, respectively. Therefore, PSDCLS is highly robust against common cryptographic attacks and serves as a swift cryptosystem for real-time encryption applications. The source code of PSDCLS is accessible at: https://github.com/EbrahimZarei64/PSDCLS.