Data sharing is pivotal in sectors such as healthcare, finance, and social networking. Encrypting sensitive data, while essential for privacy protection, introduces complexity to data sharing and poses privacy risks when leveraging cloud servers. Blockchain-based searchable encryption offers a balance between privacy preservation and data availability; however, user anonymity remains a significant concern. Traditional storage systems, which rely on centralized servers, limit data stability and scalability. To address these challenges, we have introduced BISE, a solution that leverages the power of blockchain to achieve data integrity, using searchable encryption for secure searches and IPFS for decentralized storage. Constructed on Hyperledger Fabric and IPFS, our system demonstrates efficiency through simulations. This integrated approach ensures data privacy, integrity, and availability, with efficient updates and queries, making it a robust solution for sensitive data sharing in various domains.
{"title":"BISE: Enhance data sharing security through consortium blockchain and IPFS","authors":"Mingxuan Chen , Puhe Hao , Weizhi Meng , Yasen Aizezi , Guozi Sun","doi":"10.1016/j.jisa.2025.104320","DOIUrl":"10.1016/j.jisa.2025.104320","url":null,"abstract":"<div><div>Data sharing is pivotal in sectors such as healthcare, finance, and social networking. Encrypting sensitive data, while essential for privacy protection, introduces complexity to data sharing and poses privacy risks when leveraging cloud servers. Blockchain-based searchable encryption offers a balance between privacy preservation and data availability; however, user anonymity remains a significant concern. Traditional storage systems, which rely on centralized servers, limit data stability and scalability. To address these challenges, we have introduced BISE, a solution that leverages the power of blockchain to achieve data integrity, using searchable encryption for secure searches and IPFS for decentralized storage. Constructed on Hyperledger Fabric and IPFS, our system demonstrates efficiency through simulations. This integrated approach ensures data privacy, integrity, and availability, with efficient updates and queries, making it a robust solution for sensitive data sharing in various domains.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104320"},"PeriodicalIF":3.7,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145685936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-12-27DOI: 10.1016/j.jisa.2025.104352
Tao Shen , Zikang Wang , Xianlin Yang , Fenhua Bai , Kai Zeng , Chi Zhang , Bei Gong
The development of Internet of Things (IoT) technology is accompanied by security concerns. Remote attestation is an essential technique for ensuring the software integrity of IoT devices. However, most existing remote attestation schemes rely on the assumption that the verifier is trusted, and the assumption of pre-shared keys or other secrets, meaning that the verifier and prover need to be mutually known and able to communicate directly. However, in dynamic and asynchronous networks, such as publish/subscribe networks, these assumptions may not be realistic. In such environments, the prover and verifier have not pre-shared keys, software states, or other secrets, making it impossible to perform attestation. Additionally, public key encryption is expensive for resource-constrained IoT devices. Therefore, this paper proposes a Lightweight and Transparent Remote Attestation with Anonymity (LTRAA). It uses symmetric polynomials instead of public-key encryption for identity authentication. This method allows for the verification of software state and data attestation even when the verifier and prover are unfamiliar with each other, and it is both publicly and transparently verifiable. Moreover, it ensures bidirectional identity authentication for interacting parties under anonymity and traceability, without excessive overhead for resource-constrained devices. Performance experiments on a Raspberry Pi further show that the running overhead is the lowest compared to similar remote attestation schemes such as PROVE and SCRAPS.
{"title":"LTRAA: Lightweight and transparent remote attestation with anonymity","authors":"Tao Shen , Zikang Wang , Xianlin Yang , Fenhua Bai , Kai Zeng , Chi Zhang , Bei Gong","doi":"10.1016/j.jisa.2025.104352","DOIUrl":"10.1016/j.jisa.2025.104352","url":null,"abstract":"<div><div>The development of Internet of Things (IoT) technology is accompanied by security concerns. Remote attestation is an essential technique for ensuring the software integrity of IoT devices. However, most existing remote attestation schemes rely on the assumption that the verifier is trusted, and the assumption of pre-shared keys or other secrets, meaning that the verifier and prover need to be mutually known and able to communicate directly. However, in dynamic and asynchronous networks, such as publish/subscribe networks, these assumptions may not be realistic. In such environments, the prover and verifier have not pre-shared keys, software states, or other secrets, making it impossible to perform attestation. Additionally, public key encryption is expensive for resource-constrained IoT devices. Therefore, this paper proposes a Lightweight and Transparent Remote Attestation with Anonymity (LTRAA). It uses symmetric polynomials instead of public-key encryption for identity authentication. This method allows for the verification of software state and data attestation even when the verifier and prover are unfamiliar with each other, and it is both publicly and transparently verifiable. Moreover, it ensures bidirectional identity authentication for interacting parties under anonymity and traceability, without excessive overhead for resource-constrained devices. Performance experiments on a Raspberry Pi further show that the running overhead is the lowest compared to similar remote attestation schemes such as PROVE and SCRAPS.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104352"},"PeriodicalIF":3.7,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145841424","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2026-01-02DOI: 10.1016/j.jisa.2025.104358
Aditya Garg , Naman Bansal , Sumit Yadav , Nisha Kandhoul , Sanjay K. Dhurandher , Isaac Woungang
Federated Learning presents a distributed system approach that is capable of achieving higher pri- vacy and security guarantees by not sharing its local data. However, federated learning is vulnerable to Byzantine faults, where unreliable or malicious agents can disrupt the central aggregation process and degrade performance. Existing Byzantine-resilient algorithms often face challenges of lim- ited effectiveness under non-independent and identically distributed (non-IID) data distribution. This paper presents the FedDNA Algorithm, a novel adaptive aggregation algorithm that enhances robust- ness by focusing on the internal behaviour of client models rather than just their parameters. FedDNA is based on the concept of a model fingerprint, a unique signature of a machine learning model’s inter- but this manipulation will almost always cause a sudden, detectable change in the model’s internal computations, which is captured by the fingerprint. Another distinguishing feature of FedDNA is its adaptive threshold mechanism based on Median Absolute Deviation (MAD), which dynamically adjusts in response to the internal consistency of client updates, thereby enhancing the algorithm’s robustness against Byzantine behaviour. To evaluate the effectiveness of the proposed approach, an extensive feasibility study was conducted comparing it with existing algorithms. Experimental results indicate that FedDNA achieves good accuracy and stability under Byzantine attacks, outperforming state-of-the-art methods by effectively identifying and mitigating the influence of faulty nodes in both independent and identically distributed (IID) and non-independent and identically distributed (non-IID) data distributions.
{"title":"FedDNA: Behavioural based approach for byzantine defense in federated learning via model fingerprinting and adaptive thresholding","authors":"Aditya Garg , Naman Bansal , Sumit Yadav , Nisha Kandhoul , Sanjay K. Dhurandher , Isaac Woungang","doi":"10.1016/j.jisa.2025.104358","DOIUrl":"10.1016/j.jisa.2025.104358","url":null,"abstract":"<div><div>Federated Learning presents a distributed system approach that is capable of achieving higher pri- vacy and security guarantees by not sharing its local data. However, federated learning is vulnerable to Byzantine faults, where unreliable or malicious agents can disrupt the central aggregation process and degrade performance. Existing Byzantine-resilient algorithms often face challenges of lim- ited effectiveness under non-independent and identically distributed (non-IID) data distribution. This paper presents the FedDNA Algorithm, a novel adaptive aggregation algorithm that enhances robust- ness by focusing on the internal behaviour of client models rather than just their parameters. FedDNA is based on the concept of a model fingerprint, a unique signature of a machine learning model’s inter- but this manipulation will almost always cause a sudden, detectable change in the model’s internal computations, which is captured by the fingerprint. Another distinguishing feature of FedDNA is its adaptive threshold mechanism based on Median Absolute Deviation (MAD), which dynamically adjusts in response to the internal consistency of client updates, thereby enhancing the algorithm’s robustness against Byzantine behaviour. To evaluate the effectiveness of the proposed approach, an extensive feasibility study was conducted comparing it with existing algorithms. Experimental results indicate that FedDNA achieves good accuracy and stability under Byzantine attacks, outperforming state-of-the-art methods by effectively identifying and mitigating the influence of faulty nodes in both independent and identically distributed (IID) and non-independent and identically distributed (non-IID) data distributions.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104358"},"PeriodicalIF":3.7,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145884190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2026-01-07DOI: 10.1016/j.jisa.2025.104355
Wanhu Nie, Changsheng Zhu
In recent years, the surge in malware variants has made fast and accurate classification a critical cybersecurity challenge. Visualization-based deep learning methods offer promising solutions, among which the State Transition Probability Matrix (STPM) effectively reduces redundancy by modeling binaries as Markov chains. However, STPM is inherently a mathematical statistical model that disregards visual characteristics, resulting in Markov images with inherent flaws such as sparse pixel distribution and insufficient brightness. This paper reveals the fundamental conflict between mathematical semantics and visual perception requirements in STPM visualization and proposes a feature spatial transformation method, γ-M2I, for visual malware classification. The core idea of γ-M2I is to introduce a plug-and-play feature spatial transformation module into traditional STPM visualization schemes to mitigate its intrinsic visual limitations, utilizing spatial transformations (γ-mapping) to optimize feature distribution and enhance the representational capacity of feature maps. This stems from the feature space transformation’s ability to preserve low-frequency state transitions while relatively suppressing high-frequency noise. γ-M2I operates independently of STPM and can be seamlessly integrated into STPM-based frameworks and convolutional neural network architectures. This modular design supports rapid adaptation to advanced models. Extensive experiments conducted on benchmark malware classification datasets, including Malimg and BIG-2015, demonstrate that the proposed method achieves high accuracy rates of 99.82% and 99.46%, with F1-scores of 99.73% and 99.22%, respectively, outperforming existing state-of-the-art approaches. Moreover, it exhibits robustness against evasion techniques employed by malware variants, such as packing, encryption and obfuscation.
{"title":"γ-M2I: Image-based malware classification via feature spatial transformation","authors":"Wanhu Nie, Changsheng Zhu","doi":"10.1016/j.jisa.2025.104355","DOIUrl":"10.1016/j.jisa.2025.104355","url":null,"abstract":"<div><div>In recent years, the surge in malware variants has made fast and accurate classification a critical cybersecurity challenge. Visualization-based deep learning methods offer promising solutions, among which the State Transition Probability Matrix (STPM) effectively reduces redundancy by modeling binaries as Markov chains. However, STPM is inherently a mathematical statistical model that disregards visual characteristics, resulting in Markov images with inherent flaws such as sparse pixel distribution and insufficient brightness. This paper reveals the fundamental conflict between mathematical semantics and visual perception requirements in STPM visualization and proposes a feature spatial transformation method, <em>γ</em>-M2I, for visual malware classification. The core idea of <em>γ</em>-M2I is to introduce a plug-and-play feature spatial transformation module into traditional STPM visualization schemes to mitigate its intrinsic visual limitations, utilizing spatial transformations (<em>γ</em>-mapping) to optimize feature distribution and enhance the representational capacity of feature maps. This stems from the feature space transformation’s ability to preserve low-frequency state transitions while relatively suppressing high-frequency noise. <em>γ</em>-M2I operates independently of STPM and can be seamlessly integrated into STPM-based frameworks and convolutional neural network architectures. This modular design supports rapid adaptation to advanced models. Extensive experiments conducted on benchmark malware classification datasets, including Malimg and BIG-2015, demonstrate that the proposed method achieves high accuracy rates of 99.82% and 99.46%, with <em>F</em><sub>1</sub>-scores of 99.73% and 99.22%, respectively, outperforming existing state-of-the-art approaches. Moreover, it exhibits robustness against evasion techniques employed by malware variants, such as packing, encryption and obfuscation.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104355"},"PeriodicalIF":3.7,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145926053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Large Language Models (LLMs) are increasingly integrated into sensitive domains such as healthcare and autonomous systems, yet adoption is constrained by security risks that conventional assurance methods do not capture. Traditional software assurance techniques are inadequate for LLM-specific vulnerabilities, including prompt injection, insecure output handling, and training data poisoning. We introduce a quantitative security assurance framework for LLM applications that translates security requirements and vulnerabilities into measurable scores. The framework computes an Assurance Metric (AM) as , where VM is weighted using CVSS v4.0, and maps results to five security assurance levels, making security posture comparable, auditable, and actionable. Requirements span input/output validation, training data, development and deployment, access control, third-party services, and security procedures; vulnerability tests align with the OWASP Top 10 for LLMs (prompt injection, insecure output handling, training data poisoning, denial of service, sensitive information disclosure, overreliance, and model theft). Case study results show uncensored models (e.g., Llama2-uncensored) exhibit significantly higher exposure, especially to prompt injection and output-handling attacks–while censored and fine-tuned models attain higher assurance levels. Significance and impact: the framework provides transparent, quantitative scoring to compare systems, prioritize mitigations, and support evidence-based deployment and governance in high-takes environments, with continuous human oversight emphasized.
{"title":"Securing large language models: A quantitative assurance framework approach","authors":"Sander Stamnes Karlsen , Muhammad Mudassar Yamin , Ehtesham Hashmi , Basel Katt , Mohib Ullah","doi":"10.1016/j.jisa.2025.104351","DOIUrl":"10.1016/j.jisa.2025.104351","url":null,"abstract":"<div><div>Large Language Models (LLMs) are increasingly integrated into sensitive domains such as healthcare and autonomous systems, yet adoption is constrained by security risks that conventional assurance methods do not capture. Traditional software assurance techniques are inadequate for LLM-specific vulnerabilities, including prompt injection, insecure output handling, and training data poisoning. We introduce a quantitative security assurance framework for LLM applications that translates security requirements and vulnerabilities into measurable scores. The framework computes an Assurance Metric (AM) as <span><math><mrow><mi>A</mi><mi>M</mi><mo>=</mo><mi>R</mi><mi>M</mi><mo>−</mo><mi>V</mi><mi>M</mi></mrow></math></span>, where VM is weighted using CVSS v4.0, and maps results to five security assurance levels, making security posture comparable, auditable, and actionable. Requirements span input/output validation, training data, development and deployment, access control, third-party services, and security procedures; vulnerability tests align with the OWASP Top 10 for LLMs (prompt injection, insecure output handling, training data poisoning, denial of service, sensitive information disclosure, overreliance, and model theft). Case study results show uncensored models (e.g., Llama2-uncensored) exhibit significantly higher exposure, especially to prompt injection and output-handling attacks–while censored and fine-tuned models attain higher assurance levels. Significance and impact: the framework provides transparent, quantitative scoring to compare systems, prioritize mitigations, and support evidence-based deployment and governance in high-takes environments, with continuous human oversight emphasized.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104351"},"PeriodicalIF":3.7,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145790944","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-12-20DOI: 10.1016/j.jisa.2025.104349
Yan Gao , Lunzhi Deng , Yaying Wu , Na Wang , Huawei Huang , Siwei Li
In the modern healthcare system, patients’ electronic health records (EHRs) often need to be shared among various medical institutions to support continuous treatment and cross-institutional collaboration. To maintain the confidentiality and authenticity of medical data, improve data-sharing efficiency, and restrict each institution’s access to only its relevant data, a signcryption scheme capable of simultaneously signcrypting distinct EHRs for multiple receivers is an efficient solution for secure cross-institutional data sharing. This paper introduces a blockchain-based proxy broadcast signcryption (PBSC) scheme supporting multi-message synchronous transmission. In our work, patients delegate their signcryption rights to a trusted proxy medical institution, which signcrypts distinct plaintexts into a single ciphertext and stores the ciphertext off-chain. To enforce secure access, we design a blockchain-based access control mechanism, allowing only authorized users to retrieve and decrypt the off-chain ciphertext. Under the random oracle model, we prove the proposed PBSC scheme is confidential and unforgeable. Comparative analysis shows our scheme reduces computational costs by 50 % versus existing state-of-the-art schemes, thus rendering it highly suitable for secure EHRs sharing.
{"title":"Blockchain-based proxy broadcast signcryption supporting multi-message synchronous transmission suitable for cross-institutional EHRs sharing system","authors":"Yan Gao , Lunzhi Deng , Yaying Wu , Na Wang , Huawei Huang , Siwei Li","doi":"10.1016/j.jisa.2025.104349","DOIUrl":"10.1016/j.jisa.2025.104349","url":null,"abstract":"<div><div>In the modern healthcare system, patients’ electronic health records (EHRs) often need to be shared among various medical institutions to support continuous treatment and cross-institutional collaboration. To maintain the confidentiality and authenticity of medical data, improve data-sharing efficiency, and restrict each institution’s access to only its relevant data, a signcryption scheme capable of simultaneously signcrypting distinct EHRs for multiple receivers is an efficient solution for secure cross-institutional data sharing. This paper introduces a blockchain-based proxy broadcast signcryption (PBSC) scheme supporting multi-message synchronous transmission. In our work, patients delegate their signcryption rights to a trusted proxy medical institution, which signcrypts distinct plaintexts into a single ciphertext and stores the ciphertext off-chain. To enforce secure access, we design a blockchain-based access control mechanism, allowing only authorized users to retrieve and decrypt the off-chain ciphertext. Under the random oracle model, we prove the proposed PBSC scheme is confidential and unforgeable. Comparative analysis shows our scheme reduces computational costs by 50 % versus existing state-of-the-art schemes, thus rendering it highly suitable for secure EHRs sharing.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104349"},"PeriodicalIF":3.7,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145790945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-12-15DOI: 10.1016/j.jisa.2025.104326
Muhammed Saadetdin KAYA , Kenan İNCE
The exponential growth of visual data and the expansion of resource-constrained IoT platforms have intensified the demand for lightweight yet secure image protection schemes. Conventional ciphers, while cryptographically strong, often fail to meet real-time and hardware-efficiency requirements for image data. To address this gap, this study presents the Knit Scrambling (KS) framework, a textile-inspired deterministic permutation framework designed for reversible image scrambling with linear computational cost. This approach models an image as a sequence interwoven from multiple subsequences following cyclic knitting patterns, ensuring both reversibility and high diffusion. A specific instantiation, termed Triple Check Pattern (TCP), realizes the KS framework by dividing the image into three subsequences and applying cyclic pattern rotations to enhance pixel decorrelation while preserving strict invertibility. The confusion process is integrated with a lightweight diffusion stage based on a key-nonce-derived chaotic keystream generated by a one-dimensional logistic map, eliminating plaintext dependence and enabling per-image uniqueness. Experimental analyses conducted on benchmark color images show near-uniform histograms, high entropy close to eight bits, and strong differential performance, with average NPCR around 99.6 percent and UACI approximately 33.5 percent. Statistical randomness evaluation using the NIST SP 800-22 test suite confirms the scheme’s ability to produce unpredictable ciphertexts, while runtime benchmarking on both desktop and embedded-class hardware demonstrates real-time feasibility. The results indicate that the proposed framework provides an effective and hardware-efficient alternative to existing chaos-based and geometric scrambling approaches for lightweight image encryption in IoT environments. The proposed framework (KS) defines a general textile-inspired permutation model, while its implementation through the TCP algorithm demonstrates how this model can be practically realized to achieve efficient and reversible image scrambling.
{"title":"Knit scrambling: A novel image scrambling framework and its demonstration in image encryption","authors":"Muhammed Saadetdin KAYA , Kenan İNCE","doi":"10.1016/j.jisa.2025.104326","DOIUrl":"10.1016/j.jisa.2025.104326","url":null,"abstract":"<div><div>The exponential growth of visual data and the expansion of resource-constrained IoT platforms have intensified the demand for lightweight yet secure image protection schemes. Conventional ciphers, while cryptographically strong, often fail to meet real-time and hardware-efficiency requirements for image data. To address this gap, this study presents the Knit Scrambling (KS) framework, a textile-inspired deterministic permutation framework designed for reversible image scrambling with linear computational cost. This approach models an image as a sequence interwoven from multiple subsequences following cyclic knitting patterns, ensuring both reversibility and high diffusion. A specific instantiation, termed Triple Check Pattern (TCP), realizes the KS framework by dividing the image into three subsequences and applying cyclic pattern rotations to enhance pixel decorrelation while preserving strict invertibility. The confusion process is integrated with a lightweight diffusion stage based on a key-nonce-derived chaotic keystream generated by a one-dimensional logistic map, eliminating plaintext dependence and enabling per-image uniqueness. Experimental analyses conducted on benchmark color images show near-uniform histograms, high entropy close to eight bits, and strong differential performance, with average NPCR around 99.6 percent and UACI approximately 33.5 percent. Statistical randomness evaluation using the NIST SP 800-22 test suite confirms the scheme’s ability to produce unpredictable ciphertexts, while runtime benchmarking on both desktop and embedded-class hardware demonstrates real-time feasibility. The results indicate that the proposed framework provides an effective and hardware-efficient alternative to existing chaos-based and geometric scrambling approaches for lightweight image encryption in IoT environments. The proposed framework (KS) defines a general textile-inspired permutation model, while its implementation through the TCP algorithm demonstrates how this model can be practically realized to achieve efficient and reversible image scrambling.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104326"},"PeriodicalIF":3.7,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145791475","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents a novel Malicious Secure Private Set Intersection (MSL-PSI) protocol that is lightweight in communication that leverages polynomials and Bloom filters for efficient privacy-preserving set intersection. The protocol requires only a single round of symmetric communication, where both parties simultaneously obtain the intersection result without additional sharing. Under the Universal Composability (UC) framework, MSL-PSI is proven secure against malicious adversaries. Experimental results demonstrate superior performance on small-scale datasets compared to state-of-the-art methods, with significantly lower communication overhead. The protocol’s Bloom filter-based design enables dynamic updates and scalability, making it suitable for applications like privacy-preserving data analysis and contact tracing, particularly in communication-constrained environments.
{"title":"Malicious secure lightweight private set intersection","authors":"Duobin Lyu , Jinsong Wang , Zening Zhao , Zhao Zhao","doi":"10.1016/j.jisa.2025.104342","DOIUrl":"10.1016/j.jisa.2025.104342","url":null,"abstract":"<div><div>This paper presents a novel Malicious Secure Private Set Intersection (MSL-PSI) protocol that is lightweight in communication that leverages polynomials and Bloom filters for efficient privacy-preserving set intersection. The protocol requires only a single round of symmetric communication, where both parties simultaneously obtain the intersection result without additional sharing. Under the Universal Composability (UC) framework, MSL-PSI is proven secure against malicious adversaries. Experimental results demonstrate superior performance on small-scale datasets compared to state-of-the-art methods, with significantly lower communication overhead. The protocol’s Bloom filter-based design enables dynamic updates and scalability, making it suitable for applications like privacy-preserving data analysis and contact tracing, particularly in communication-constrained environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104342"},"PeriodicalIF":3.7,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145841425","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2026-01-16DOI: 10.1016/j.jisa.2025.104367
Vasco Simões , João Garcia , Paulo Carreira
The emergence of Computer Vision (CV) in self-driving vehicles, smart retail, and safety monitoring provides substantial economic benefits. However, it also presents significant privacy concerns for individuals captured on video. Standard techniques to mitigate privacy threats in video processing require some form of video anonymization, such as using blurring or other obfuscation operations to redact human figures from the input data before processing or storage. Yet, the irreversible nature of redaction operations hinders the use of CV in valuable applications, such as quality assurance, safety, or fraud litigation.
This paper presents and validates a novel approach for video anonymization that guarantees the anonymity and security of human subjects appearing in the video while maintaining high levels of scene intelligibility. Our approach is based on per-subject episodic key-derived cryptography to securely store data of individuals and enable selective per-subject deanonymization. In this way we can create video streams wherein only consenting subjects can be re-identified. Moreover, our approach can be integrated into CV processing pipelines and, as we also demonstrate, allow for the interchangeability of the visual anonymization techniques, which deliver various degrees of anonymity according to application needs while maintaining significant intelligibility and preserving the scene integrity.
{"title":"Privacy-aware video deanonymization: a configurable pipeline for selective reversal with intelligibility preservation","authors":"Vasco Simões , João Garcia , Paulo Carreira","doi":"10.1016/j.jisa.2025.104367","DOIUrl":"10.1016/j.jisa.2025.104367","url":null,"abstract":"<div><div>The emergence of Computer Vision (CV) in self-driving vehicles, smart retail, and safety monitoring provides substantial economic benefits. However, it also presents significant privacy concerns for individuals captured on video. Standard techniques to mitigate privacy threats in video processing require some form of video anonymization, such as using blurring or other obfuscation operations to redact human figures from the input data before processing or storage. Yet, the irreversible nature of redaction operations hinders the use of CV in valuable applications, such as quality assurance, safety, or fraud litigation.</div><div>This paper presents and validates a novel approach for video anonymization that guarantees the anonymity and security of human subjects appearing in the video while maintaining high levels of scene intelligibility. Our approach is based on per-subject episodic key-derived cryptography to securely store data of individuals and enable selective per-subject deanonymization. In this way we can create video streams wherein only consenting subjects can be re-identified. Moreover, our approach can be integrated into CV processing pipelines and, as we also demonstrate, allow for the interchangeability of the visual anonymization techniques, which deliver various degrees of anonymity according to application needs while maintaining significant intelligibility and preserving the scene integrity.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104367"},"PeriodicalIF":3.7,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145977325","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-12-05DOI: 10.1016/j.jisa.2025.104325
Mengdi Zhao, Huiyan Chen, Xi Lin
Governmental and military organizations frequently manage sensitive documents that require both secure distribution and long-term preservation. These documents are typically encrypted and disseminated across multiple departments or agencies under access policies. To ensure confidentiality and accountability, attribute-based proxy re-encryption (ABPRE) allows flexible one-to-many data sharing. However, once receivers’ keys are exposed, unauthorized decryption of historical ciphertexts becomes possible, creating severe risks to national security and organizational integrity. The central challenge lies in reconciling document archiving with effective protection against post-compromise leakage. To tackle this issue, we present a lattice-based puncturable key-policy attribute-based proxy re-encryption (P-KP-ABPRE) scheme. In our design, recipients may autonomously revoke decryption capability for specific tags, thereby revoking access to selected ciphertexts without requiring data owner involvement or global re-encryption. This recipient-driven revocation mechanism not only achieves forward security but also reduces system overhead while preserving the reusability of ciphertexts. Built upon the learning with errors (LWE) assumption, our scheme supports multi-bit encryption, and demonstrates security against quantum attacks and chosen-plaintext attacks (CPA).
{"title":"Lattice-based puncturable attribute-based proxy re-encryption scheme in cloud computing","authors":"Mengdi Zhao, Huiyan Chen, Xi Lin","doi":"10.1016/j.jisa.2025.104325","DOIUrl":"10.1016/j.jisa.2025.104325","url":null,"abstract":"<div><div>Governmental and military organizations frequently manage sensitive documents that require both secure distribution and long-term preservation. These documents are typically encrypted and disseminated across multiple departments or agencies under access policies. To ensure confidentiality and accountability, attribute-based proxy re-encryption (ABPRE) allows flexible one-to-many data sharing. However, once receivers’ keys are exposed, unauthorized decryption of historical ciphertexts becomes possible, creating severe risks to national security and organizational integrity. The central challenge lies in reconciling document archiving with effective protection against post-compromise leakage. To tackle this issue, we present a lattice-based puncturable key-policy attribute-based proxy re-encryption (P-KP-ABPRE) scheme. In our design, recipients may autonomously revoke decryption capability for specific tags, thereby revoking access to selected ciphertexts without requiring data owner involvement or global re-encryption. This recipient-driven revocation mechanism not only achieves forward security but also reduces system overhead while preserving the reusability of ciphertexts. Built upon the learning with errors (LWE) assumption, our scheme supports multi-bit encryption, and demonstrates security against quantum attacks and chosen-plaintext attacks (CPA).</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104325"},"PeriodicalIF":3.7,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145685937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号