Pub Date : 2025-10-28DOI: 10.1016/j.jisa.2025.104289
Yanpeng Ba , Yuan Ping , Zengpeng Li , Zheng Yuan
Existing multi-user searchable symmetric encryption (MUSSE) schemes often depend on the honesty of users or the assumption that multiple servers will not collude, which compromises security to some extent. While a few collusion-resistant MUSSE schemes are designed for single-server settings, they are limited to single-keyword searches and suffer from significant pattern leakage, making them vulnerable to leakage-abuse attacks (LAAs). We introduce CQ-MUSSE, the first collusion-resistant MUSSE scheme in a single-server setting that supports conjunctive queries to address these limitations. Indeed, CQ-MUSSE enables users to search for multiple keywords simultaneously with a single query. The scheme leverages bloom filters to construct forward indexes and incorporates random dummy keywords into queries to obfuscate search patterns effectively reducing pattern leakage. This design enhances security at the expense of a minor reduction in search result accuracy. The scheme can precisely return documents matching the conjunctive query when pattern leakage is ignored. Experimental evaluations confirm that CQ-MUSSE provides greater search flexibility and improved security with only a moderate increase in computational overhead.
{"title":"Collusion-resistant multi-user searchable symmetric encryption with conjunctive query and suppressed pattern leakage","authors":"Yanpeng Ba , Yuan Ping , Zengpeng Li , Zheng Yuan","doi":"10.1016/j.jisa.2025.104289","DOIUrl":"10.1016/j.jisa.2025.104289","url":null,"abstract":"<div><div>Existing multi-user searchable symmetric encryption (MUSSE) schemes often depend on the honesty of users or the assumption that multiple servers will not collude, which compromises security to some extent. While a few collusion-resistant MUSSE schemes are designed for single-server settings, they are limited to single-keyword searches and suffer from significant pattern leakage, making them vulnerable to leakage-abuse attacks (LAAs). We introduce CQ-MUSSE, the first collusion-resistant MUSSE scheme in a single-server setting that supports conjunctive queries to address these limitations. Indeed, CQ-MUSSE enables users to search for multiple keywords simultaneously with a single query. The scheme leverages bloom filters to construct forward indexes and incorporates random dummy keywords into queries to obfuscate search patterns effectively reducing pattern leakage. This design enhances security at the expense of a minor reduction in search result accuracy. The scheme can precisely return documents matching the conjunctive query when pattern leakage is ignored. Experimental evaluations confirm that CQ-MUSSE provides greater search flexibility and improved security with only a moderate increase in computational overhead.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104289"},"PeriodicalIF":3.7,"publicationDate":"2025-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424929","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-28DOI: 10.1016/j.jisa.2025.104275
Sameera K.M. , Vinod P. , Anderson Rocha , Rafidha Rehiman K.A. , Mauro Conti
The rapid growth of Internet of Things (IoT) devices has expanded the cyber-attack surface, making traditional Network Intrusion Detection Systems (NIDS) less effective against modern, dynamic threats. The rise of privacy concerns and legal restrictions also limits the use of centralized security systems, highlighting the need for decentralized alternatives. Federated Learning (FL)-based NIDS addresses this by training models without sharing private user data. However, these systems are still vulnerable to poisoning attacks and can suffer from performance issues due to varied client data. In this paper, we introduce WeiDetect, a novel two-phase defense mechanism for FL-based NIDS. Operating on the server side, WeiDetect tackles both adversarial attacks and client data heterogeneity. It works by evaluating local models with a validation dataset, fitting their performance scores to a Weibull distribution for identifying and excluding malicious or low-quality models before aggregation. Our experimental results show that WeiDetect outperforms existing defenses, improving target class recall by up to 70% and enhancing the global model’s F1 score by 1%–14%.
{"title":"WeiDetect: Weibull distribution-based defense against poisoning attacks in federated learning for network intrusion detection systems","authors":"Sameera K.M. , Vinod P. , Anderson Rocha , Rafidha Rehiman K.A. , Mauro Conti","doi":"10.1016/j.jisa.2025.104275","DOIUrl":"10.1016/j.jisa.2025.104275","url":null,"abstract":"<div><div>The rapid growth of Internet of Things (IoT) devices has expanded the cyber-attack surface, making traditional Network Intrusion Detection Systems (NIDS) less effective against modern, dynamic threats. The rise of privacy concerns and legal restrictions also limits the use of centralized security systems, highlighting the need for decentralized alternatives. Federated Learning (FL)-based NIDS addresses this by training models without sharing private user data. However, these systems are still vulnerable to poisoning attacks and can suffer from performance issues due to varied client data. In this paper, we introduce WeiDetect, a novel two-phase defense mechanism for FL-based NIDS. Operating on the server side, WeiDetect tackles both adversarial attacks and client data heterogeneity. It works by evaluating local models with a validation dataset, fitting their performance scores to a Weibull distribution for identifying and excluding malicious or low-quality models before aggregation. Our experimental results show that WeiDetect outperforms existing defenses, improving target class recall by up to 70% and enhancing the global model’s F1 score by 1%–14%.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104275"},"PeriodicalIF":3.7,"publicationDate":"2025-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424930","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The rapid progression of Vehicular Ad-Hoc Networks (VANETs) has greatly eased the dissemination of safety-critical data among vehicles. However, the susceptibility of wireless links in VANETs to malicious attacks presents a significant obstacle. To mitigate the obstacle, various authenticated key agreement (AKA) schemes have been devised to establish secure communication between vehicles and infrastructure. However, the advent of quantum computing threatens the security of traditional number theory-based AKA schemes. As a countermeasure, lattice-based schemes have emerged, offering quantum resistance. However, many such lattice-based schemes incur high computational and communication overhead. To overcome these limitations, this paper proposes an efficient and provably secure lattice-based AKA scheme for VANETs. Devised AKA protocol leverages quantum-safe lattice-based cryptography to ensure communication security between vehicles and infrastructure. A comprehensive security analysis within the Real-or-Random model framework validates the proposed scheme’s robustness. Furthermore, performance analysis shows that the proposed scheme reduces computational cost by approximately 92% and communication cost by 29% compared to the existing recent approach, making it well-suited for VANET deployment.
{"title":"Quantum-safe and provable secure vehicle to infrastructure authenticated key-agreement for VANETs","authors":"Nahida Majeed Wani , Girraj Kumar Verma , Neeraj Kumar","doi":"10.1016/j.jisa.2025.104274","DOIUrl":"10.1016/j.jisa.2025.104274","url":null,"abstract":"<div><div>The rapid progression of Vehicular Ad-Hoc Networks (VANETs) has greatly eased the dissemination of safety-critical data among vehicles. However, the susceptibility of wireless links in VANETs to malicious attacks presents a significant obstacle. To mitigate the obstacle, various authenticated key agreement (AKA) schemes have been devised to establish secure communication between vehicles and infrastructure. However, the advent of quantum computing threatens the security of traditional number theory-based AKA schemes. As a countermeasure, lattice-based schemes have emerged, offering quantum resistance. However, many such lattice-based schemes incur high computational and communication overhead. To overcome these limitations, this paper proposes an efficient and provably secure lattice-based AKA scheme for VANETs. Devised AKA protocol leverages quantum-safe lattice-based cryptography to ensure communication security between vehicles and infrastructure. A comprehensive security analysis within the Real-or-Random model framework validates the proposed scheme’s robustness. Furthermore, performance analysis shows that the proposed scheme reduces computational cost by approximately 92% and communication cost by 29% compared to the existing recent approach, making it well-suited for VANET deployment.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104274"},"PeriodicalIF":3.7,"publicationDate":"2025-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-27DOI: 10.1016/j.jisa.2025.104288
Xuejun Fan , Fei Zhao , Xiu Xu
With the growing number of multi-user interaction scenarios, the security and efficiency of multi-party key exchange protocols have become increasingly important. Meanwhile, the rapid advancement of quantum computing brings security risks for traditional public key protocols, spurring interest in post-quantum key exchange schemes. Among various approaches, isogeny-based ones are notable for their compact parameter sizes, making them attractive for storage-constrained environments. In particular, CSIDH and its more efficient surface variant, CSURF, stand out for retaining a Diffie–Hellman (DH) structure that is rare in the post-quantum landscape.
To diversify the isogeny-based landscape and adapt the well-studied constructions from the classical DH world to the post-quantum setting, we leverage the hard homogeneous space in CSURF and propose three multi-party key exchange protocols, G-CSURF, CSURFBD and CSURFBDII. All of the protocols are formally proven to be correct and secure under the SCSSDDH assumption. Theoretical analysis reveals that CSURFBD and CSURFBDII require fewer rounds than G-CSURF, with CSURFBDII further optimizing computational and communication efficiency compared to CSURFBD. Moreover, our implementations of the three protocols demonstrate a speed-up of approximately 2% compared with the existing CSIDH-based multi-party key exchange protocols. Notably, the CSURFBDII scheme achieves the highest efficiency among the existing isogeny-based group key exchange primitives by virtue of its special tree structure and its efficient shared key computation strategy.
{"title":"Multi-party post-quantum key exchange schemes","authors":"Xuejun Fan , Fei Zhao , Xiu Xu","doi":"10.1016/j.jisa.2025.104288","DOIUrl":"10.1016/j.jisa.2025.104288","url":null,"abstract":"<div><div>With the growing number of multi-user interaction scenarios, the security and efficiency of multi-party key exchange protocols have become increasingly important. Meanwhile, the rapid advancement of quantum computing brings security risks for traditional public key protocols, spurring interest in post-quantum key exchange schemes. Among various approaches, isogeny-based ones are notable for their compact parameter sizes, making them attractive for storage-constrained environments. In particular, CSIDH and its more efficient surface variant, CSURF, stand out for retaining a Diffie–Hellman (DH) structure that is rare in the post-quantum landscape.</div><div>To diversify the isogeny-based landscape and adapt the well-studied constructions from the classical DH world to the post-quantum setting, we leverage the hard homogeneous space in CSURF and propose three multi-party key exchange protocols, G-CSURF, CSURFBD and CSURFBDII. All of the protocols are formally proven to be correct and secure under the SCSSDDH assumption. Theoretical analysis reveals that CSURFBD and CSURFBDII require fewer rounds than G-CSURF, with CSURFBDII further optimizing computational and communication efficiency compared to CSURFBD. Moreover, our implementations of the three protocols demonstrate a speed-up of approximately 2% compared with the existing CSIDH-based multi-party key exchange protocols. Notably, the CSURFBDII scheme achieves the highest efficiency among the existing isogeny-based group key exchange primitives by virtue of its special tree structure and its efficient shared key computation strategy.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104288"},"PeriodicalIF":3.7,"publicationDate":"2025-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-24DOI: 10.1016/j.jisa.2025.104264
Francesco Saccone , Pietro Melillo , Arnaldo Sgueglia , Andrea Di Sorbo , Corrado Aaron Visaggio
In recent years, ransomware attacks have attracted the attention of researchers and companies, prompting new issues in identifying effective defense techniques. The study provides a comprehensive analysis of ransomware attacks and their employed tactics from 2020 to 2024, leveraging a large dataset of over 16,000 documented ransomware incidents involving 155 distinct gangs. Using this data, we identify the exploited software vulnerabilities (CVEs) and map them to specific adversarial behaviors within the MITRE ATT&CK framework. In addition to this technical mapping, we differentiated between broadly targeting “generalist” gangs and industry-focused ”specialist” gangs, and we examined variations in attack patterns across target sectors and geographic origins. Our methodology reveals the core ”ransomware blueprint”: a unified kill-chain model comprising recurring techniques spanning initial access through encryption. Key findings include the use of high-severity, widely deployed CVEs (particularly public-facing exploits, such as T1190) as entry points, followed by routine privilege escalation, lateral movement, and impact actions (e.g., T1486 for data encryption). The analysis also reveals regional and sectoral differences: (i) Russian-origin groups often emphasize rapid disruption and recovery inhibition, and (ii) other groups focus on stealthier reconnaissance. Generalist gangs (e.g., LockBit, Cl0p, ALPHV) employ advanced techniques across multiple industries, while specialist gangs concentrate on narrower sectors, using simpler methods such as phishing and credential reuse. Moreover, the number of shared techniques is employed to assess the degree of interconnection among the gangs. These findings provide actionable intelligence for defenders, highlighting the need for multi-layered defenses, targeted vulnerability management, and sector-specific hardening strategies to mitigate evolving ransomware threats.
{"title":"The ransomware blueprint: Attack patterns and strategic variations across gangs","authors":"Francesco Saccone , Pietro Melillo , Arnaldo Sgueglia , Andrea Di Sorbo , Corrado Aaron Visaggio","doi":"10.1016/j.jisa.2025.104264","DOIUrl":"10.1016/j.jisa.2025.104264","url":null,"abstract":"<div><div>In recent years, ransomware attacks have attracted the attention of researchers and companies, prompting new issues in identifying effective defense techniques. The study provides a comprehensive analysis of ransomware attacks and their employed tactics from 2020 to 2024, leveraging a large dataset of over 16,000 documented ransomware incidents involving 155 distinct gangs. Using this data, we identify the exploited software vulnerabilities (CVEs) and map them to specific adversarial behaviors within the MITRE ATT&CK framework. In addition to this technical mapping, we differentiated between broadly targeting “generalist” gangs and industry-focused ”specialist” gangs, and we examined variations in attack patterns across target sectors and geographic origins. Our methodology reveals the core ”ransomware blueprint”: a unified kill-chain model comprising recurring techniques spanning initial access through encryption. Key findings include the use of high-severity, widely deployed CVEs (particularly public-facing exploits, such as T1190) as entry points, followed by routine privilege escalation, lateral movement, and impact actions (e.g., T1486 for data encryption). The analysis also reveals regional and sectoral differences: (i) Russian-origin groups often emphasize rapid disruption and recovery inhibition, and (ii) other groups focus on stealthier reconnaissance. Generalist gangs (e.g., LockBit, Cl0p, ALPHV) employ advanced techniques across multiple industries, while specialist gangs concentrate on narrower sectors, using simpler methods such as phishing and credential reuse. Moreover, the number of shared techniques is employed to assess the degree of interconnection among the gangs. These findings provide actionable intelligence for defenders, highlighting the need for multi-layered defenses, targeted vulnerability management, and sector-specific hardening strategies to mitigate evolving ransomware threats.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104264"},"PeriodicalIF":3.7,"publicationDate":"2025-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-24DOI: 10.1016/j.jisa.2025.104272
Carlton Shepherd, Elliot A.J. Hurley
Mobile sensor data has been proposed for security-critical applications such as device pairing, proximity detection, and continuous authentication. However, the foundational premise that these signals provide sufficient entropy remains under-explored. In this work, we systematically analyse the entropy of mobile sensor data using four datasets from multiple application contexts (UCI-HAR, SHL, Relay, and PerilZIS). Using direct computation and estimation, we report entropy values – max, Shannon, collision, and min-entropy – for an exhaustive range of sensor combinations. We demonstrate that the entropy of mobile sensors remains far below what is considered secure by modern standards for security applications, even when many sensors are combined. In particular, we observe an alarming divergence between average-case Shannon entropy and worst-case min-entropy. Single-sensor min-entropy varies between 3.408–4.483 bits despite Shannon entropy being several multiples higher. We also show that redundancies between sensor modalities contribute to a 75% reduction between Shannon and min-entropy. Indeed, min-entropy plateaus between 8.1–23.9 bits when combining up to 22 modalities, while Shannon entropy can exceed 80 bits. Adding sensors typically increases Shannon entropy but moves min-entropy by only 1–2 bits per added modality, evidencing entropy collapse under redundancy. Our results reveal that adversaries may feasibly predict sensor signals through an exhaustive exploration of the measurement space. Our work also calls into question the widely held assumption that adding more sensors inherently yields higher security. Ultimately, we strongly urge caution when relying on mobile sensor data for security applications.
{"title":"Entropy collapse in mobile sensors: The hidden risks of sensor-based security","authors":"Carlton Shepherd, Elliot A.J. Hurley","doi":"10.1016/j.jisa.2025.104272","DOIUrl":"10.1016/j.jisa.2025.104272","url":null,"abstract":"<div><div>Mobile sensor data has been proposed for security-critical applications such as device pairing, proximity detection, and continuous authentication. However, the foundational premise that these signals provide sufficient entropy remains under-explored. In this work, we systematically analyse the entropy of mobile sensor data using four datasets from multiple application contexts (UCI-HAR, SHL, Relay, and PerilZIS). Using direct computation and estimation, we report entropy values – max, Shannon, collision, and min-entropy – for an exhaustive range of sensor combinations. We demonstrate that the entropy of mobile sensors remains far below what is considered secure by modern standards for security applications, even when many sensors are combined. In particular, we observe an alarming divergence between average-case Shannon entropy and worst-case min-entropy. Single-sensor min-entropy varies between 3.408–4.483 bits despite Shannon entropy being several multiples higher. We also show that redundancies between sensor modalities contribute to a <span><math><mo>≈</mo></math></span>75% reduction between Shannon and min-entropy. Indeed, min-entropy plateaus between 8.1–23.9 bits when combining up to 22 modalities, while Shannon entropy can exceed 80 bits. Adding sensors typically increases Shannon entropy but moves min-entropy by only <span><math><mo>≈</mo></math></span>1–2 bits per added modality, evidencing entropy collapse under redundancy. Our results reveal that adversaries may feasibly predict sensor signals through an exhaustive exploration of the measurement space. Our work also calls into question the widely held assumption that adding more sensors inherently yields higher security. Ultimately, we strongly urge caution when relying on mobile sensor data for security applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104272"},"PeriodicalIF":3.7,"publicationDate":"2025-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-24DOI: 10.1016/j.jisa.2025.104271
Liangwei Yao , Hongliang Zhu , Yang Xin
Malware poses a significant threat to cybersecurity due to its diverse types, complex behaviors, and strong destructiveness. Accurately classifying malware is crucial for taking effective defense measures. However, traditional malware classification methods based on static and dynamic features face challenges such as poor adaptability, manual intervention, and low classification accuracy. Although improvements have been made with visualization-based image classification methods, they remain susceptible to interference information in deep feature extraction. To this end, this paper proposes an innovative malware classification framework that utilizes the feature visualization method to convert malware into RGB images, effectively preserving its rich features and avoiding reverse engineering. Afterward, a lightweight adaptive channel attention (ACA) mechanism is proposed, and ensemble models based on Res2NeXt that integrate various attention mechanisms are designed for deep feature extraction and classification. In addition, through t-SNE visualization, confusion matrix, and Grad-CAM heatmap display, the proposed Res2NeXt with ACA model as a typical example shows superior performance in feature space distribution, classification accuracy, and focusing on crucial features. In summary, a series of experiments conducted on public datasets, MMCC and MaleVis, demonstrate that the attention mechanisms in the ensemble models can effectively guide the model to focus on crucial features, filter out interference information, and enhance classification effectiveness. Specifically, the ACA attention mechanisms significantly improve classification accuracy with minimal impact on the model’s efficiency. The proposed framework achieves classification accuracy of up to 99.26% and 98.04%, respectively, surpassing the current state-of-the-art methods.
{"title":"Res2Next with attention mechanisms for malware classification based on feature visualization","authors":"Liangwei Yao , Hongliang Zhu , Yang Xin","doi":"10.1016/j.jisa.2025.104271","DOIUrl":"10.1016/j.jisa.2025.104271","url":null,"abstract":"<div><div>Malware poses a significant threat to cybersecurity due to its diverse types, complex behaviors, and strong destructiveness. Accurately classifying malware is crucial for taking effective defense measures. However, traditional malware classification methods based on static and dynamic features face challenges such as poor adaptability, manual intervention, and low classification accuracy. Although improvements have been made with visualization-based image classification methods, they remain susceptible to interference information in deep feature extraction. To this end, this paper proposes an innovative malware classification framework that utilizes the feature visualization method to convert malware into RGB images, effectively preserving its rich features and avoiding reverse engineering. Afterward, a lightweight adaptive channel attention (ACA) mechanism is proposed, and ensemble models based on Res2NeXt that integrate various attention mechanisms are designed for deep feature extraction and classification. In addition, through t-SNE visualization, confusion matrix, and Grad-CAM heatmap display, the proposed Res2NeXt with ACA model as a typical example shows superior performance in feature space distribution, classification accuracy, and focusing on crucial features. In summary, a series of experiments conducted on public datasets, MMCC and MaleVis, demonstrate that the attention mechanisms in the ensemble models can effectively guide the model to focus on crucial features, filter out interference information, and enhance classification effectiveness. Specifically, the ACA attention mechanisms significantly improve classification accuracy with minimal impact on the model’s efficiency. The proposed framework achieves classification accuracy of up to 99.26% and 98.04%, respectively, surpassing the current state-of-the-art methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104271"},"PeriodicalIF":3.7,"publicationDate":"2025-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-23DOI: 10.1016/j.jisa.2025.104273
Chouhan Kumar Rath , Amit Kr. Mandal , Anirban Sarkar
The Internet of Things (IoT) has revolutionized various industries by enabling data exchange between different devices across various domains such as smart cities, healthcare, industrial automation etc. However, managing access control with growing number of IoT devices brings major security challenges. Traditional access control mechanisms such as Role-Based Access Control(RBAC) and Attribute-Based Access Control(ABAC) become very complex and computationally expansive for the large scale iot networks. Besides these, Manufacturer Usage Description (MUD) based mechanism empowers networks to restrict IoT devices to communicate only with authorized endpoints, ensuring that each device sends and receives only the intended traffic while preventing unauthorized access or data transmission. However, the static MUD profiles provided by manufacturers are not adaptable to dynamic IoT environments, where devices frequently join, leave, or change behavior. Additionally, manually creating and updating MUD profiles may not be possible and prone to errors for dynamic and large scale IoT network. To address these limitations, this paper proposes an automated framework for generating and enforcing MUD profiles based on network behavior. The framework leverages the MUD specification by analyzing network traffic and extracting the most relevant features using mutual information (MI) scores. These features, which correlate strongly with device behavior, are then used in association rule mining (ARM) to generate refined access control rules. The rules are verified and integrated into the MUD profiles, ensuring automated policy enforcement. Furthermore, the MUD profiles are stored in a tamper-resistant manner using IPFS (InterPlanetary File System), preventing them from unauthorized modifications. The framework also utilizes smart contracts on a blockchain to verify and enforce security policies. The approach improves security by allowing only intended device interactions while denying abnormal traffic, and enhances performance through efficient rule generation and enforcement. The results demonstrate that the use of ARM with MI scores improves rule quality, reduces complexity, and facilitates faster, more reliable network operations in dynamic IoT environments.
{"title":"Blockchain-based dynamic MUD profiles for tamper-proof IoT access control","authors":"Chouhan Kumar Rath , Amit Kr. Mandal , Anirban Sarkar","doi":"10.1016/j.jisa.2025.104273","DOIUrl":"10.1016/j.jisa.2025.104273","url":null,"abstract":"<div><div>The Internet of Things (IoT) has revolutionized various industries by enabling data exchange between different devices across various domains such as smart cities, healthcare, industrial automation etc. However, managing access control with growing number of IoT devices brings major security challenges. Traditional access control mechanisms such as Role-Based Access Control(RBAC) and Attribute-Based Access Control(ABAC) become very complex and computationally expansive for the large scale iot networks. Besides these, Manufacturer Usage Description (MUD) based mechanism empowers networks to restrict IoT devices to communicate only with authorized endpoints, ensuring that each device sends and receives only the intended traffic while preventing unauthorized access or data transmission. However, the static MUD profiles provided by manufacturers are not adaptable to dynamic IoT environments, where devices frequently join, leave, or change behavior. Additionally, manually creating and updating MUD profiles may not be possible and prone to errors for dynamic and large scale IoT network. To address these limitations, this paper proposes an automated framework for generating and enforcing MUD profiles based on network behavior. The framework leverages the MUD specification by analyzing network traffic and extracting the most relevant features using mutual information (MI) scores. These features, which correlate strongly with device behavior, are then used in association rule mining (ARM) to generate refined access control rules. The rules are verified and integrated into the MUD profiles, ensuring automated policy enforcement. Furthermore, the MUD profiles are stored in a tamper-resistant manner using IPFS (InterPlanetary File System), preventing them from unauthorized modifications. The framework also utilizes smart contracts on a blockchain to verify and enforce security policies. The approach improves security by allowing only intended device interactions while denying abnormal traffic, and enhances performance through efficient rule generation and enforcement. The results demonstrate that the use of ARM with MI scores improves rule quality, reduces complexity, and facilitates faster, more reliable network operations in dynamic IoT environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104273"},"PeriodicalIF":3.7,"publicationDate":"2025-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-23DOI: 10.1016/j.jisa.2025.104284
Miles Q. Li , Benjamin C.M. Fung
Large Language Models (LLMs) such as ChatGPT and its competitors have caused a revolution in natural language processing, but their capabilities also introduce new security vulnerabilities. This survey provides a comprehensive overview of these emerging concerns, categorizing threats into several key areas: inference-time attacks via prompt manipulation; training-time attacks; misuse by malicious actors; and the inherent risks in autonomous LLM agents. Recently, a significant focus is increasingly being placed on the latter. We summarize recent academic and industrial studies from 2022 to 2025 that exemplify each threat, analyze existing defense mechanisms and their limitations, and identify open challenges in securing LLM-based applications. We conclude by emphasizing the importance of advancing robust, multi-layered security strategies to ensure LLMs are safe and beneficial.
{"title":"Security concerns for Large Language Models: A survey","authors":"Miles Q. Li , Benjamin C.M. Fung","doi":"10.1016/j.jisa.2025.104284","DOIUrl":"10.1016/j.jisa.2025.104284","url":null,"abstract":"<div><div>Large Language Models (LLMs) such as ChatGPT and its competitors have caused a revolution in natural language processing, but their capabilities also introduce new security vulnerabilities. This survey provides a comprehensive overview of these emerging concerns, categorizing threats into several key areas: inference-time attacks via prompt manipulation; training-time attacks; misuse by malicious actors; and the inherent risks in autonomous LLM agents. Recently, a significant focus is increasingly being placed on the latter. We summarize recent academic and industrial studies from 2022 to 2025 that exemplify each threat, analyze existing defense mechanisms and their limitations, and identify open challenges in securing LLM-based applications. We conclude by emphasizing the importance of advancing robust, multi-layered security strategies to ensure LLMs are safe and beneficial.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104284"},"PeriodicalIF":3.7,"publicationDate":"2025-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-22DOI: 10.1016/j.jisa.2025.104276
Yibo Huang , Xinkai Dai , Haixia Dong , Zhiyong Li , Qiuyu Zhang
A speech encryption scheme based on the robust chaos theory offers a novel approach to audio data security. However, balancing encryption efficiency and strength remains a significant challenge in practical applications. Furthermore, ensuring the recovery quality of encrypted speech during transmission and preventing distortion or noise introduced by encryption processing are critical issues requiring immediate solutions. This paper proposes an efficient and secure Sine Hashing-Chaotic Encryption (SH-CE) algorithm by combining an improved spectral tilt feature with the three-dimensional sine-squared mapping (3D-SSM). This approach leverages enhanced speech features to generate hash codes. Compared to generating hash codes from original speech, it produces more secure, independent keys for different speech samples. The designed key dynamic allocation mechanism adaptively adjusts chaotic mapping parameters based on key changes, ensuring a unique keystream for each speech encryption session. Furthermore, a batch encryption approach is adopted during the diffusion phase to enhance encryption strength by improving keystream utilization. Experimental results demonstrate that compared to existing methods, the SH-CE algorithm significantly improves encryption strength and encryption/decryption speed. Furthermore, the algorithm effectively resists differential and statistical attacks. Post-decryption speech achieves optimal decryption coefficients and Perceptual Evaluation of Speech Quality (PESQ) scores, which demonstrates that the algorithm achieves synergistic optimization of encryption efficiency, security strength, and communication quality.
{"title":"A 3D robust chaotic speech encryption scheme based on feature hashing and key distribution","authors":"Yibo Huang , Xinkai Dai , Haixia Dong , Zhiyong Li , Qiuyu Zhang","doi":"10.1016/j.jisa.2025.104276","DOIUrl":"10.1016/j.jisa.2025.104276","url":null,"abstract":"<div><div>A speech encryption scheme based on the robust chaos theory offers a novel approach to audio data security. However, balancing encryption efficiency and strength remains a significant challenge in practical applications. Furthermore, ensuring the recovery quality of encrypted speech during transmission and preventing distortion or noise introduced by encryption processing are critical issues requiring immediate solutions. This paper proposes an efficient and secure Sine Hashing-Chaotic Encryption (SH-CE) algorithm by combining an improved spectral tilt feature with the three-dimensional sine-squared mapping (3D-SSM). This approach leverages enhanced speech features to generate hash codes. Compared to generating hash codes from original speech, it produces more secure, independent keys for different speech samples. The designed key dynamic allocation mechanism adaptively adjusts chaotic mapping parameters based on key changes, ensuring a unique keystream for each speech encryption session. Furthermore, a batch encryption approach is adopted during the diffusion phase to enhance encryption strength by improving keystream utilization. Experimental results demonstrate that compared to existing methods, the SH-CE algorithm significantly improves encryption strength and encryption/decryption speed. Furthermore, the algorithm effectively resists differential and statistical attacks. Post-decryption speech achieves optimal decryption coefficients and Perceptual Evaluation of Speech Quality (PESQ) scores, which demonstrates that the algorithm achieves synergistic optimization of encryption efficiency, security strength, and communication quality.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104276"},"PeriodicalIF":3.7,"publicationDate":"2025-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号