首页 > 最新文献

Journal of Information Security and Applications最新文献

英文 中文
Workplace security and privacy implications in the GenAI age: A survey
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-01-07 DOI: 10.1016/j.jisa.2024.103960
Abebe Diro , Shahriar Kaisar , Akanksha Saini , Samar Fatima , Pham Cong Hiep , Fikadu Erba
Generative Artificial Intelligence (GenAI) is transforming the workplace, but its adoption introduces significant risks to data security and privacy. Recent incidents underscore the urgency of addressing these issues. This comprehensive survey investigates the implications of GenAI integration in workplaces, focusing on its impact on organizational operations and security. We analyze vulnerabilities within GenAI systems, threats they face, and repercussions of AI-driven workplace monitoring. By examining diverse attack vectors like model attacks and automated cyberattacks, we expose their potential to undermine data integrity and privacy. Unlike previous works, this survey specifically focuses on the security and privacy implications of GenAI within workplace settings, addressing issues like employee monitoring, deepfakes, and regulatory compliance. We delve into emerging threats during model training and usage phases, proposing countermeasures such as differential privacy for training data and robust authentication for access control. Additionally, we provide a comprehensive analysis of evolving regulatory frameworks governing AI tools globally. Based on our comprehensive analysis, we propose targeted recommendations for future research and policy-making to promote responsible and secure adoption of GenAI in the workplace, such as incentivizing the development of explainable AI (XAI) and establishing clear guidelines for ethical data usage. This survey equips stakeholders with a comprehensive understanding of GenAI’s complex workplace landscape, empowering them to harness its benefits responsibly while mitigating risks.
{"title":"Workplace security and privacy implications in the GenAI age: A survey","authors":"Abebe Diro ,&nbsp;Shahriar Kaisar ,&nbsp;Akanksha Saini ,&nbsp;Samar Fatima ,&nbsp;Pham Cong Hiep ,&nbsp;Fikadu Erba","doi":"10.1016/j.jisa.2024.103960","DOIUrl":"10.1016/j.jisa.2024.103960","url":null,"abstract":"<div><div>Generative Artificial Intelligence (GenAI) is transforming the workplace, but its adoption introduces significant risks to data security and privacy. Recent incidents underscore the urgency of addressing these issues. This comprehensive survey investigates the implications of GenAI integration in workplaces, focusing on its impact on organizational operations and security. We analyze vulnerabilities within GenAI systems, threats they face, and repercussions of AI-driven workplace monitoring. By examining diverse attack vectors like model attacks and automated cyberattacks, we expose their potential to undermine data integrity and privacy. Unlike previous works, this survey specifically focuses on the security and privacy implications of GenAI within workplace settings, addressing issues like employee monitoring, deepfakes, and regulatory compliance. We delve into emerging threats during model training and usage phases, proposing countermeasures such as differential privacy for training data and robust authentication for access control. Additionally, we provide a comprehensive analysis of evolving regulatory frameworks governing AI tools globally. Based on our comprehensive analysis, we propose targeted recommendations for future research and policy-making to promote responsible and secure adoption of GenAI in the workplace, such as incentivizing the development of explainable AI (XAI) and establishing clear guidelines for ethical data usage. This survey equips stakeholders with a comprehensive understanding of GenAI’s complex workplace landscape, empowering them to harness its benefits responsibly while mitigating risks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103960"},"PeriodicalIF":3.8,"publicationDate":"2025-01-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170751","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Security analysis of SFrame
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-01-07 DOI: 10.1016/j.jisa.2024.103958
Takanori Isobe , Ryoma Ito , Kazuhiko Minematsu
Increasing privacy consciousness has popularized the use of end-to-end encryption (E2EE). In this paper, we discuss the security of SFrame, an E2EE mechanism proposed to the Internet Engineering Task Force for video/audio group communications over the Internet. Despite being a quite recent project, SFrame has been deployed in several real-world applications. The original specification of SFrame is evaluated herein to find critical issues that can cause impersonation (forgery) attacks with a practical complexity by a malicious group member. Further investigations have revealed that these issues are present in several publicly available SFrame implementations. Therefore, we provide several countermeasures against all the proposed attacks and considerations from performance and security perspectives towards their implementation.
{"title":"Security analysis of SFrame","authors":"Takanori Isobe ,&nbsp;Ryoma Ito ,&nbsp;Kazuhiko Minematsu","doi":"10.1016/j.jisa.2024.103958","DOIUrl":"10.1016/j.jisa.2024.103958","url":null,"abstract":"<div><div>Increasing privacy consciousness has popularized the use of end-to-end encryption (E2EE). In this paper, we discuss the security of SFrame, an E2EE mechanism proposed to the Internet Engineering Task Force for video/audio group communications over the Internet. Despite being a quite recent project, SFrame has been deployed in several real-world applications. The original specification of SFrame is evaluated herein to find critical issues that can cause impersonation (forgery) attacks with a practical complexity by a malicious group member. Further investigations have revealed that these issues are present in several publicly available SFrame implementations. Therefore, we provide several countermeasures against all the proposed attacks and considerations from performance and security perspectives towards their implementation.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103958"},"PeriodicalIF":3.8,"publicationDate":"2025-01-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170743","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
BridgeSec: Facilitating effective communication between security engineering and systems engineering
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-01-06 DOI: 10.1016/j.jisa.2024.103954
Avi Shaked , Nan Messe
We increasingly rely on systems to perform reliably and securely. Therefore, it is imperative that security aspects are properly considered when designing and maintaining systems. However, achieving the security by design ideal is challenging. Security information is typically unstructured, dispersed, hard to communicate, and its assessment is somewhat subjective and tacit. Additionally, the inclusion of security information within design requires integrating the efforts of two knowledge-intensive disciplines: security engineering and systems engineering. In this paper, we introduce BridgeSec, a novel conceptual information-exchange interface to systemise the communication of security information between these two disciplines. The main contribution of BridgeSec lies in its explicit identification of concepts related to vulnerability management, which allows systems engineering and security engineering teams to codify pertinent information. The disciplines involved in the system design can thus coordinate policies, implementations and, ultimately, the security posture. Furthermore, based on the newly unveiled interface, an automated reasoning mechanism is specified. This mechanism allows to reason about the vulnerability posture of systems in a scalable and systematic way. First, we describe and formalise the information-exchange interface BridgeSecand how it can be used to reason about the security of systems designs. Next, we present an open-source prototype – integrated into a threat modelling tool – which rigorously implements the interface and the reasoning mechanism. Finally, we detail two diverse and prominent applications of the interface for communicating security aspects of systems designs. These applications show how BridgeSec can rigorously support the design of systems’ security in two representative scenarios: in coordinating security features and policy during design, and in coordinating mitigation to disclosed implementation vulnerabilities.
{"title":"BridgeSec: Facilitating effective communication between security engineering and systems engineering","authors":"Avi Shaked ,&nbsp;Nan Messe","doi":"10.1016/j.jisa.2024.103954","DOIUrl":"10.1016/j.jisa.2024.103954","url":null,"abstract":"<div><div>We increasingly rely on systems to perform reliably and securely. Therefore, it is imperative that security aspects are properly considered when designing and maintaining systems. However, achieving the security by design ideal is challenging. Security information is typically unstructured, dispersed, hard to communicate, and its assessment is somewhat subjective and tacit. Additionally, the inclusion of security information within design requires integrating the efforts of two knowledge-intensive disciplines: security engineering and systems engineering. In this paper, we introduce BridgeSec, a novel conceptual information-exchange interface to systemise the communication of security information between these two disciplines. The main contribution of BridgeSec lies in its explicit identification of concepts related to vulnerability management, which allows systems engineering and security engineering teams to codify pertinent information. The disciplines involved in the system design can thus coordinate policies, implementations and, ultimately, the security posture. Furthermore, based on the newly unveiled interface, an automated reasoning mechanism is specified. This mechanism allows to reason about the vulnerability posture of systems in a scalable and systematic way. First, we describe and formalise the information-exchange interface BridgeSecand how it can be used to reason about the security of systems designs. Next, we present an open-source prototype – integrated into a threat modelling tool – which rigorously implements the interface and the reasoning mechanism. Finally, we detail two diverse and prominent applications of the interface for communicating security aspects of systems designs. These applications show how BridgeSec can rigorously support the design of systems’ security in two representative scenarios: in coordinating security features and policy during design, and in coordinating mitigation to disclosed implementation vulnerabilities.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103954"},"PeriodicalIF":3.8,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Blacklisting access control via negated subset predicate encryption: Constant-size ciphertexts/keys constructions with adaptive security or attribute hiding
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-01-06 DOI: 10.1016/j.jisa.2024.103959
Yi-Fan Tseng
In order to realize the functionality for blacklisting, we introduce a novel primitive, negated subset-predicate encryption (NSPE), where a ciphertext associated with a set SC can be only decrypted by a private key related to a set SK iff SKSC. Compared to adopting complex tools to realize such a functionality, e.g., key-policy attribute-based encryption (KPABE) for non-monotonic access structure, NSPE provides a more concise and efficient way. In this manuscript, we first conceptualize the definition and security requirements for NSPE, and give several constructions, including fully secure constructions with different features, generic construction with weak attribute-hiding, and selectively secure construction with shorter ciphertexts/keys. All of the proposed schemes are proven secure under well-studied assumptions. Compared with the architecture using complex primitives such as KPABE to achieve the same functionality, our schemes provide a more concise and efficient method, especially in terms of the private key size.
{"title":"Blacklisting access control via negated subset predicate encryption: Constant-size ciphertexts/keys constructions with adaptive security or attribute hiding","authors":"Yi-Fan Tseng","doi":"10.1016/j.jisa.2024.103959","DOIUrl":"10.1016/j.jisa.2024.103959","url":null,"abstract":"<div><div>In order to realize the functionality for blacklisting, we introduce a novel primitive, negated subset-predicate encryption (NSPE), where a ciphertext associated with a set <span><math><msub><mrow><mi>S</mi></mrow><mrow><mi>C</mi></mrow></msub></math></span> can be only decrypted by a private key related to a set <span><math><msub><mrow><mi>S</mi></mrow><mrow><mi>K</mi></mrow></msub></math></span> iff <span><math><mrow><msub><mrow><mi>S</mi></mrow><mrow><mi>K</mi></mrow></msub><mo>⁄</mo><mo>⊆</mo><msub><mrow><mi>S</mi></mrow><mrow><mi>C</mi></mrow></msub></mrow></math></span>. Compared to adopting complex tools to realize such a functionality, e.g., key-policy attribute-based encryption (KPABE) for non-monotonic access structure, NSPE provides a more concise and efficient way. In this manuscript, we first conceptualize the definition and security requirements for NSPE, and give several constructions, including fully secure constructions with different features, generic construction with weak attribute-hiding, and selectively secure construction with shorter ciphertexts/keys. All of the proposed schemes are proven secure under well-studied assumptions. Compared with the architecture using complex primitives such as KPABE to achieve the same functionality, our schemes provide a more concise and efficient method, especially in terms of the private key size.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103959"},"PeriodicalIF":3.8,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Vector map zero-watermarking algorithm considering feature set granularity
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-01-04 DOI: 10.1016/j.jisa.2024.103955
Changqing Zhu , Heyan Wang , Yazhou Zhao , Xingxiang Jiang , Hua Sun , Jia Duan , Hui Li , Luanyun Hu , Na Ren
Current vector map zero-watermarking algorithms that integrate blockchain technology typically focus on a limited subset of feature classes within datasets, resulting in significant energy consumption during copyright registration and hindering the advancement of vector map copyright protection through blockchain and zero-watermarking techniques. To address this challenge, this paper presents a novel vector map zero-watermarking algorithm that considers feature set granularity (ZW-CFSG). This algorithm effectively utilizes boundary contours and internal features to characterize dataset attributes, subsequently converting these features into zero-watermarks. To evaluate the efficacy of the ZW-CFSG algorithm, a comprehensive vector map copyright protection model is developed, integrating both blockchain and zero-watermarking mechanisms. The zero-watermark is securely registered on the blockchain, with energy consumption metrics employed to assess the algorithm's efficiency. Experimental findings reveal that the adoption of the ZW-CFSG algorithm can significantly reduce energy consumption associated with blockchain-based zero-watermarking, thereby enhancing the efficiency of copyright registration while ensuring compliance with rigorous requirements for copyright uniqueness and resilience.
{"title":"Vector map zero-watermarking algorithm considering feature set granularity","authors":"Changqing Zhu ,&nbsp;Heyan Wang ,&nbsp;Yazhou Zhao ,&nbsp;Xingxiang Jiang ,&nbsp;Hua Sun ,&nbsp;Jia Duan ,&nbsp;Hui Li ,&nbsp;Luanyun Hu ,&nbsp;Na Ren","doi":"10.1016/j.jisa.2024.103955","DOIUrl":"10.1016/j.jisa.2024.103955","url":null,"abstract":"<div><div>Current vector map zero-watermarking algorithms that integrate blockchain technology typically focus on a limited subset of feature classes within datasets, resulting in significant energy consumption during copyright registration and hindering the advancement of vector map copyright protection through blockchain and zero-watermarking techniques. To address this challenge, this paper presents a novel vector map zero-watermarking algorithm that considers feature set granularity (ZW-CFSG). This algorithm effectively utilizes boundary contours and internal features to characterize dataset attributes, subsequently converting these features into zero-watermarks. To evaluate the efficacy of the ZW-CFSG algorithm, a comprehensive vector map copyright protection model is developed, integrating both blockchain and zero-watermarking mechanisms. The zero-watermark is securely registered on the blockchain, with energy consumption metrics employed to assess the algorithm's efficiency. Experimental findings reveal that the adoption of the ZW-CFSG algorithm can significantly reduce energy consumption associated with blockchain-based zero-watermarking, thereby enhancing the efficiency of copyright registration while ensuring compliance with rigorous requirements for copyright uniqueness and resilience.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103955"},"PeriodicalIF":3.8,"publicationDate":"2025-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170176","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
RPCP-PURI: A robust and precise computational predictor for Phishing Uniform Resource Identification
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-31 DOI: 10.1016/j.jisa.2024.103953
Tayyaba Asif , Faiza Mehmood , Syed Ahmed Mazhar Gillani , Muhammad Nabeel Asim , Muhammad Usman Ghani , Waqar Mahmood , Andreas Dengel
The widespread growth of internet services has led to a substantial increase in traffic across multifarious online applications such as shopping, transportation, e-commerce, and banking. Cyber-criminals are stealing internet users credentials through Phishing Uniform Resource Locator (PURL). To make sure safe usage of web services, researchers have developed several AI-supported PURL predictors. Prime motivation behind development of each new predictor was to extract comprehensive features from URLS and more accurately discriminate benign and phishing URLs. Different predictors are enriched with diverse types of feature extraction strategies and deep potential exploration of these strategies remain unexplored. With an aim to develop more powerful PURL predictor, contributions of this manuscript are manifold: It brings different sets of feature extraction strategies at single platform and explores their individual as well as combine potential. It evaluates and compare the effectiveness of BERT language model for detection of phishing URLs (PURLs). It presents a novel LSTM and CNN-based hybrid predictor, which utilizes DeepWalk-generated URL embeddings to effectively discriminate between phishing and benign URLs. Extensive experimentation across three public benchmark datasets (EBBU2017, phishing sites URLs and Phishing and benign webpages) demonstrates that proposed hybrid predictor surpasses the performance of existing predictors by 0.2%, 1.9% and 1.2% respectively.
{"title":"RPCP-PURI: A robust and precise computational predictor for Phishing Uniform Resource Identification","authors":"Tayyaba Asif ,&nbsp;Faiza Mehmood ,&nbsp;Syed Ahmed Mazhar Gillani ,&nbsp;Muhammad Nabeel Asim ,&nbsp;Muhammad Usman Ghani ,&nbsp;Waqar Mahmood ,&nbsp;Andreas Dengel","doi":"10.1016/j.jisa.2024.103953","DOIUrl":"10.1016/j.jisa.2024.103953","url":null,"abstract":"<div><div>The widespread growth of internet services has led to a substantial increase in traffic across multifarious online applications such as shopping, transportation, e-commerce, and banking. Cyber-criminals are stealing internet users credentials through Phishing Uniform Resource Locator (PURL). To make sure safe usage of web services, researchers have developed several AI-supported PURL predictors. Prime motivation behind development of each new predictor was to extract comprehensive features from URLS and more accurately discriminate benign and phishing URLs. Different predictors are enriched with diverse types of feature extraction strategies and deep potential exploration of these strategies remain unexplored. With an aim to develop more powerful PURL predictor, contributions of this manuscript are manifold: It brings different sets of feature extraction strategies at single platform and explores their individual as well as combine potential. It evaluates and compare the effectiveness of BERT language model for detection of phishing URLs (PURLs). It presents a novel LSTM and CNN-based hybrid predictor, which utilizes DeepWalk-generated URL embeddings to effectively discriminate between phishing and benign URLs. Extensive experimentation across three public benchmark datasets (EBBU2017, phishing sites URLs and Phishing and benign webpages) demonstrates that proposed hybrid predictor surpasses the performance of existing predictors by 0.2%, 1.9% and 1.2% respectively.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103953"},"PeriodicalIF":3.8,"publicationDate":"2024-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Crypto-space reversible data hiding for 3D mesh models with k-Degree neighbor diffusion
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-27 DOI: 10.1016/j.jisa.2024.103957
Kai Gao , Ji-Hwei Horng , Ching-Chun Chang , Chin-Chen Chang
Reversible data hiding in crypto-space secures the cover media through encryption for privacy protection and provides an additional payload for embedding data management information, enabling covert communication or access control. However, the existing research reports mainly focus on the cover media of digital images, with scant attention to 3D mesh models. In this paper, we propose a separable and reversible data hiding scheme based on a novel k-degree neighbor diffusion strategy for encrypted 3D mesh models (RDHEM). By considering the model scale and the topological configuration between vertices, the proposed scheme finds an adaptive and unique solution for model vertex grouping, effectively boosting the utilization rate of model vertices for data embedding. Experimental results show that our scheme outperforms state-of-the-art schemes in both data embedding capacity and vertex utilization rate.
{"title":"Crypto-space reversible data hiding for 3D mesh models with k-Degree neighbor diffusion","authors":"Kai Gao ,&nbsp;Ji-Hwei Horng ,&nbsp;Ching-Chun Chang ,&nbsp;Chin-Chen Chang","doi":"10.1016/j.jisa.2024.103957","DOIUrl":"10.1016/j.jisa.2024.103957","url":null,"abstract":"<div><div>Reversible data hiding in crypto-space secures the cover media through encryption for privacy protection and provides an additional payload for embedding data management information, enabling covert communication or access control. However, the existing research reports mainly focus on the cover media of digital images, with scant attention to 3D mesh models. In this paper, we propose a separable and reversible data hiding scheme based on a novel <em>k</em>-degree neighbor diffusion strategy for encrypted 3D mesh models (RDHEM). By considering the model scale and the topological configuration between vertices, the proposed scheme finds an adaptive and unique solution for model vertex grouping, effectively boosting the utilization rate of model vertices for data embedding. Experimental results show that our scheme outperforms state-of-the-art schemes in both data embedding capacity and vertex utilization rate.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103957"},"PeriodicalIF":3.8,"publicationDate":"2024-12-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170748","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Hiding speech in music files
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-24 DOI: 10.1016/j.jisa.2024.103951
Xiaohong Zhang, Shijun Xiang, Hongbin Huang
In large-capacity audio steganography, how to reduce distortion of the steganographic audio and reconstruct the high-quality secret audio are two crucial issues. In this paper, we propose a new invertible audio steganography network, InvASNet, to conceal secret speech in music files. Firstly, we adopt an orthogonal module to decompose the audio into uncorrelated components. In such a way, we can constrain the embedding of the secret audio into the less perceptible high-frequency subband of the host audio, thereby minimizing potential distortion in the low-frequency subband. Secondly, we consider the concealment and recovery processes as a pair of reversible operations, and then introduce the forward and inverse processes of the invertible neural networks (INNs) to model them, respectively. Compared with existing methods based on convolutional neural networks, our approach possesses a highly reversible structure and can leverage the lost information effectively. Furthermore, to enhance the capability of reversible audio, we develop a feature fitting module to learn more adaptive weights and biases of mappings in INNs. Extensive experimental results show that the proposed InvASNet achieves superior imperceptibility and competitive security in large-capacity steganography.
{"title":"Hiding speech in music files","authors":"Xiaohong Zhang,&nbsp;Shijun Xiang,&nbsp;Hongbin Huang","doi":"10.1016/j.jisa.2024.103951","DOIUrl":"10.1016/j.jisa.2024.103951","url":null,"abstract":"<div><div>In large-capacity audio steganography, how to reduce distortion of the steganographic audio and reconstruct the high-quality secret audio are two crucial issues. In this paper, we propose a new invertible audio steganography network, InvASNet, to conceal secret speech in music files. Firstly, we adopt an orthogonal module to decompose the audio into uncorrelated components. In such a way, we can constrain the embedding of the secret audio into the less perceptible high-frequency subband of the host audio, thereby minimizing potential distortion in the low-frequency subband. Secondly, we consider the concealment and recovery processes as a pair of reversible operations, and then introduce the forward and inverse processes of the invertible neural networks (INNs) to model them, respectively. Compared with existing methods based on convolutional neural networks, our approach possesses a highly reversible structure and can leverage the lost information effectively. Furthermore, to enhance the capability of reversible audio, we develop a feature fitting module to learn more adaptive weights and biases of mappings in INNs. Extensive experimental results show that the proposed InvASNet achieves superior imperceptibility and competitive security in large-capacity steganography.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103951"},"PeriodicalIF":3.8,"publicationDate":"2024-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170747","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Efficient and privacy-preserving butterfly counting on encrypted bipartite graphs
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-22 DOI: 10.1016/j.jisa.2024.103952
Xin Pang , Lanxiang Chen
Bipartite graphs have numerous real-world applications, with the butterfly motif serving as a key higher-order structure that models cohesion within these graphs. Analyzing butterflies is crucial for a comprehensive understanding of networks, making butterfly counting a significant focus for researchers. In recent years, various efficient methods for exact butterfly counting, along with sampling-based approximate schemes, have been proposed for plaintext bipartite graphs. However, these methods often overlook data privacy concerns, which are critical in real-world scenarios such as doctor–patient and user–item relationships. Additionally, traditional encryption methods do not work due to the nature of graph structures. To tackle these challenges, we propose two schemes for exact butterfly counting on encrypted bipartite graphs (EB-BFC), enabling butterfly counting for specific vertices or edges to protect privacy of butterfly counting. Firstly, we demonstrate how structured encryption techniques could be used to encrypt the bipartite graph and construct a secure index, resulting in the efficient, privacy-preserving scheme EB-BFC1. Secondly, to ensure vertex data privacy, we propose a butterfly counting scheme based on Private Set Intersection, EB-BFC2. Finally, we demonstrate the security and efficiency of our proposed schemes through theoretical proofs and experiments on real-world datasets.
{"title":"Efficient and privacy-preserving butterfly counting on encrypted bipartite graphs","authors":"Xin Pang ,&nbsp;Lanxiang Chen","doi":"10.1016/j.jisa.2024.103952","DOIUrl":"10.1016/j.jisa.2024.103952","url":null,"abstract":"<div><div>Bipartite graphs have numerous real-world applications, with the butterfly motif serving as a key higher-order structure that models cohesion within these graphs. Analyzing butterflies is crucial for a comprehensive understanding of networks, making butterfly counting a significant focus for researchers. In recent years, various efficient methods for exact butterfly counting, along with sampling-based approximate schemes, have been proposed for plaintext bipartite graphs. However, these methods often overlook data privacy concerns, which are critical in real-world scenarios such as doctor–patient and user–item relationships. Additionally, traditional encryption methods do not work due to the nature of graph structures. To tackle these challenges, we propose two schemes for exact <u>b</u>utter<u>f</u>ly <u>c</u>ounting on <u>e</u>ncrypted <u>b</u>ipartite graphs (EB-BFC), enabling butterfly counting for specific vertices or edges to protect privacy of butterfly counting. Firstly, we demonstrate how structured encryption techniques could be used to encrypt the bipartite graph and construct a secure index, resulting in the efficient, privacy-preserving scheme EB-BFC<sub>1</sub>. Secondly, to ensure vertex data privacy, we propose a butterfly counting scheme based on Private Set Intersection, EB-BFC<sub>2</sub>. Finally, we demonstrate the security and efficiency of our proposed schemes through theoretical proofs and experiments on real-world datasets.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103952"},"PeriodicalIF":3.8,"publicationDate":"2024-12-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
PhotonKey: A key pairing system for IoT resource and input constrained devices using light sensors
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-18 DOI: 10.1016/j.jisa.2024.103926
Danté Gray, Maryam Mehrnezhad
IoT environments are in need of key pairing protocols capable of operating within the unique constraints present, namely storage, processing, input, and power. In this paper, we present PhotonKey, a system designed to facilitate the generation of identical cryptographic keys for two resource and input-constrained IoT devices. These keys are derived from the devices’ individual observations of a public light event. Our contributions also extend to a custom, cost-effective hardware solution termed a ‘Synchronisation Machine’, which introduces synchronous rotation patterns to the light-sensing-capable devices during data collection with mechanical precision. This hardware solution serves the dual purpose of facilitating data collection and reducing adversarial capabilities. We evaluate the performance of our system using a large dataset comprising over 1000 samples, far surpassing the scale seen in related works. Finally, we demonstrate PhotonKey’s ability to produce statistically random bit-streams and achieve 0% equal error rates, even in the face of an ‘impossibly well-performing’ adversary.
{"title":"PhotonKey: A key pairing system for IoT resource and input constrained devices using light sensors","authors":"Danté Gray,&nbsp;Maryam Mehrnezhad","doi":"10.1016/j.jisa.2024.103926","DOIUrl":"10.1016/j.jisa.2024.103926","url":null,"abstract":"<div><div>IoT environments are in need of key pairing protocols capable of operating within the unique constraints present, namely <em>storage</em>, <em>processing</em>, <em>input</em>, and <em>power</em>. In this paper, we present <em>PhotonKey</em>, a system designed to facilitate the generation of identical cryptographic keys for two resource and input-constrained IoT devices. These keys are derived from the devices’ individual observations of a public light event. Our contributions also extend to a custom, cost-effective hardware solution termed a ‘Synchronisation Machine’, which introduces synchronous rotation patterns to the light-sensing-capable devices during data collection with mechanical precision. This hardware solution serves the dual purpose of facilitating data collection and reducing adversarial capabilities. We evaluate the performance of our system using a large dataset comprising over 1000 samples, far surpassing the scale seen in related works. Finally, we demonstrate PhotonKey’s ability to produce statistically random bit-streams and achieve 0% equal error rates, even in the face of an ‘impossibly well-performing’ adversary.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103926"},"PeriodicalIF":3.8,"publicationDate":"2024-12-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171134","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
类型
全部 化学•材料 生命科学 医学 物理 工程技术 环境•农林 材料科学 地球科学 法学 管理学 化学 环境科学与生态学 计算机科学 教育学 经济学 农林科学 人文科学 生物学 数学 物理与天体物理 心理学 综合性期刊 其他 工业工程 理学 历史学 农学 文学 信息工程
数据库
全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley
期刊
Journal of Information Security and Applications
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1