Journal of Information Security and Applications最新文献

The medicine supply chain (MSC) is an intricate structure that extends across multiple organizations and geographic locations and is an important basis for essential daily services. It involves manufacturing, distributing, and delivering medicine to patients. The intermediaries in the MSC include manufacturers, warehouses, distributors, transporters, retailers, consumers, and patients, in which each intermediary plays a vital role and responsibility in an MSC. MSC poses different challenges, such as medicine counterfeiting, data temperament, and cold chain shipping, leading to various security and privacy issues. To overcome the aforementioned issues, public blockchain (BC) provides transparency, traceability, and data security to some extent but often fails to protect MSC’s data privacy. To address the aforementioned, we adopted the Hyperledger Fabric consortium BC, which preserves the data security and privacy of the proposed scheme. Hyperledger Fabric uses a role-based access control (RBAC) policy for all writers and readers, where each reader and writer accesses all the smart contract information based on their static roles (reader and writer). This RBAC scheme limits the dynamicity and granularity of the access control. With this concern, we adopt the combination of RBAC and attribute-based access control (ABAC) schemes to provide fine-grained access to the smart contract functions. Additionally, we use a distributed interplanetary file system (IPFS) to enhance the scalability of the proposed scheme. Before saving data, IPFS does not use any encryption algorithm. We embraced the advanced encryption standard (AES) algorithm to encrypt MSC data. Next, we integrated RBAC and fine-grained ABAC through smart contracts to prevent unauthorized access in an MSC environment. Further, the proposed scheme is evaluated using various performance parameters, such as scalability for different number of clients, average latency (0.12 s), minimum execution time is around (115 s) for 100 transactions execution, and throughput of (72.5) transactions per second (TPS) of invoke-based smart contract functions while 618.7 (TPS) for query-based smart contract functions.

In Internet of Things (IoT) system, the data acquisition devices collect substantial volumes of diverse categories data, such as temperature, frequency and quantity data, etc., which is subsequently transmitted to the data center for analysis. To ensure precise outcomes, it is crucial to authenticate the data and their categories against any possible tampering, destruction or forgery throughout its transmission process. Traditional aggregate signature schemes are not capable of performing authentication on data as while as its category, which can lead to inefficiencies and security risks in data processing and management. On the other hand, authentication schemes relying on a central platform are susceptible to single point of failure and corruption issues at the center. To address these challenges, a novel data authentication protocol, named Classified Certificateless Aggregate Signature (CCAS), is proposed in this paper to perform aggregate authentication on data with specified categories, and is implemented in collaboration with Hyperledger Fabric. Elaborate design making the authentication is efficient and eliminating the need to manage the certificates. And an abnormal data isolation algorithm is proposed when an aggregate authentication fails, which can quickly identify abnormal data and preserves normal data. A rigorous proof on the unforgeability of the CCAS protocol is given, and multiple experiments are conducted to evaluate the scheme. The experimental results demonstrate the high efficiencies of CCAS, smart contracts on Fabric and our solution, indicating that proposed scheme is suitable for the classified authentication of IoT collection data in decentralized form.

Iris recognition has found extensive applications in real-world situations and financial contexts. However, Iris template protection schemes are highly vulnerable to well-planned attacks that can lead to the leakage of personal information. Once biological information is compromised, this loss is irreversible for the individual. Cancelable protection schemes for iris templates based on the Bloom filter have substantial attention in the field of iris biometrics. Nevertheless, Bloom filter-based template protection schemes face specific security challenges. Therefore, it is crucial to propose a method to protect iris templates that is both secure and efficient. To address irreversible limitations in security analysis, we propose a template protection scheme, a cancelable iris biometric protection scheme based on inverse merger and Bloom filter. The primary idea of the proposed scheme is to perform an inverse merger operation on the acquired codewords before mapping the iris templates to the Bloom filter specifically. Through a comparison of the sizes between the original templates and their inverted counterparts, the template with the smaller size is chosen as the definitive result, subsequently being mapped into the Bloom filter. Our proposed scheme exhibits significant advancements in accuracy across multiple datasets, as evidenced by empirical validations. In the optimal case, our model achieves an excellent performance of 98.04% in terms of GAR, while achieving a significant reduction of 0.51% in terms of EER. Furthermore, a comparative analysis with existing iris template protection methods is performed to evaluate its relative effectiveness in resisting the attack of averaging the columns of a block. The results demonstrate that the scheme exhibits robust resistance to such attacks. The experimental analysis demonstrated that the scheme provided a good balance between accuracy and safety.

The Internet of Things (IoT) is integrating the Internet and smart devices in almost every domain, such as home automation, e-healthcare systems, vehicular networks, industrial control, and military applications. In these areas, sensory data, which is collected from multiple sources and managed through intermediate processing by multiple nodes, is used for decision-making processes. Ensuring data integrity and keeping track of data provenance are core requirements in such a highly dynamic context, since data provenance is an important tool for the assurance of data trustworthiness. Dealing with such requirements is challenging due to the limited computational and energy resources in IoT networks. This requires addressing several challenges such as processing overhead, secure provenance, bandwidth consumption and storage efficiency. In this paper, we propose Zero-watermarkIng based data pRovenanCe for iOt Networks (ZIRCON), a novel zero-watermarking approach to securely transmit provenance and ensure data integrity of sensor data in an IoT network. In ZIRCON, provenance information is stored in a tamper-proof network database through watermarks, generated at the source node before transmission. We provide an extensive security analysis showing the resilience of our scheme against passive and active attacks. We also compare our scheme with existing works based on performance metrics such as computational time, energy usage, and cost analysis. The results show that ZIRCON is robust against several attacks, lightweight, storage-efficient, and better in energy usage and bandwidth consumption, compared to prior art.

In the security domain, the growing need for reliable authentication methods highlights the importance of thermal face recognition for enhancing law enforcement surveillance and safety especially in IoT applications. Challenges like computational resources and alterations in facial appearance, e.g., plastic surgery could affect face recognition systems. This study presents a novel, robust thermal face recognition model tailored for law enforcement, leveraging thermal signatures from facial blood vessels using a new CNN architecture (Max and Average Pooling- MAP-CNN). This architecture addresses expression, illumination, and surgical invariance, providing a robust feature set critical for precise recognition in law enforcement and border control. Additionally, the model employs the NM-PSO algorithm, integrating neighborhood multi-granulation rough set (NMGRS) with particle swarm optimization (PSO), which efficiently handles both categorical and numerical data from multi-granulation perspectives, leading to a 57% reduction in feature dimensions while maintaining high classification accuracy outperforming ten contemporary models on the Charlotte-ThermalFace dataset by about 10% across key metrics. Rigorous statistical tests confirm NM-PSO’s superiority, and further robustness testing of the face recognition model against image ambiguity and missing data demonstrated its consistent performance, enhancing its suitability for security-sensitive environments with 99% classification accuracy.

Electronic voting systems can support a key behavioral process in inter-organizational collaboration – collective decision-making – but typically face challenges related to single points of failure from centralized databases and trusted third parties to deal with privacy voting requirements. To address such issues, this work presents a decentralized voting system based on blockchain technology, Fully Homomorphic Encryption, tokenization, and Proof-of-Stake mechanisms to promote the system’s sustainability while enhancing voting privacy and anonymization. Our solution introduces verifiability to voting processes without any trusted intermediaries. We use the inter-organizational collaboration use case since it introduces additional voting requirements in the private domain, such as promoting cooperative behavioral processes to develop trustworthy relationships between organizations. Our proof-of-concept implementation and evaluation results show that the proposed solution provides voting privacy with adequate computational costs.

Recently, deep learning-based Quantization Index Modulation (QIM) steganalysis algorithms have achieved great success. However, most of them are supervised learning algorithms that rely on a large number of labeled samples and have poor generalization performance. Towards addressing the challenge, we present a novel semi-supervised ladder network, termed SSLadNet, for weak signal detection in QIM steganalysis of VoIP streams. In particular, we integrate supervised learning and unsupervised learning into an end-to-end learning architecture via a ladder network, and achieve joint optimization for semi-supervised learning by backpropagation to minimize the sum of supervised and unsupervised cost functions. To the best of our knowledge, this is the first deep learning-based semi-supervised detection model applied to QIM steganalysis that can effectively extract rich features reflecting the correlation changes between codewords caused by QIM steganography. Experimental results showed that even for the labeled samples with a number of 512, SSLadNet can achieve a detection accuracy of around 96.09% for $1000\mathrm{ms}$ long samples and 100% embedding rate, and outperforms the state-of-the-art methods based on semi-supervised learning.

It proposes a Hybrid Secure Signcryption Algorithm (HySSA), a small-size block chain (BC), and a planned system that secures an electronic health record (EHR) exchange through enabled device transmissions with minimal encryption and signature overhead. HySSA has two stages of operation. Patients are fitted with proximity sensor nodes (PSNs), which establish a wireless personal area network (WBAN) in the first phase of the procedure. It is up to the nodes to decide which cluster head (CH) in their vicinity can send data to the WBAN’s Gateway sensor nodes (GSN) containing EHR meta-data. Second, GSN implements a lightweight signcryption technique for authorized stakeholders that combines data encryption and signing in the second phase of its development. An interplanetary file system provides secure keys for access to the data, which is exchanged over open channels (IPFS). Data mining results are stored to lower computing expenses, and block ledgers are used in global chain architectures. Compared to other schemes, the proposed HySSA scheme is cheaper for transaction and signing expense parameters, throughput of transactions, and computational and communication expenses. It takes HySSA a standard of 3.32 s (s) to sign and 6.52 s (s) to verify in simulation. It takes 3.325 s to mine 200 blocks, compared to 7.8 s for traditional schemes. The throughput of transactions was 142.78 Mbps, as opposed to the standard 102.45 Mbps. Computing time (CC) is 45.80 ms, while communication time (CCM) is 97 bytes, indicating that the suggested approach is competitive with other current approaches in terms of security.

Encryption technology provides the ability of confidential transmission to ensure the security of Industrial Internet communication, but it makes detecting malicious encrypted traffic very difficult. To resolve the conflict between the difficulty of malicious encrypted traffic detection and the requirements of traffic privacy protection, we propose a cloud-assisted Industrial Internet malicious encrypted traffic detection scheme with privacy protection. To accurately match the encrypted traffic and the detection rules, a privacy set intersection protocol based on the oblivious pseudorandom function and random garbled Bloom filter is constructed, which can detect malicious traffic without revealing data content. Meanwhile, our scheme can allow semi-trusted cloud servers to assist resource-constrained end devices to participate in private calculations. The key-homomorphic encryption is introduced to obfuscate the detection rules, making the detection rules always transparent to end users and semi-trusted cloud servers. We also design the random input verification to make the malicious end users do not have any opportunity to participate in the privacy set intersection calculation using arbitrary data. The scheme analysis and performance evaluation results show that our scheme can effectively guarantee the security of encrypted traffic detection with better detection performance and limited resource consumption.

Adversarial embedding, which can deceive the CNN-based steganalyzers, has emerged as an effective strategy to improve image steganography security. However, its efficacy might be easily weakened when confronting re-trained or unknown steganalyzers. In this work, the security of adversarial embedding-based image steganography is further improved by ensemble steganalysis and adversarial perturbation minimization. Different from the existing works that rely on a single targeted steganalyzer, the proposed approach develops an ensemble steganographic classifier, which leverages the majority voting rule to smartly select those pixels that are more suitable for adversarial embedding. To mitigate the interference caused by adversarial embedding, two strategies are adopted. Firstly, a cover image is divided into two non-overlapping regions in terms of pixel gradient amplitude. The regions with higher gradient amplitudes are progressively conducted with adversarial embedding until the targeted steganalyzer is effectively deceived. Secondly, the embedding costs are fine-tuned to minimize the degradation of image quality. Extensive experimental results demonstrate that the proposed approach achieves superior steganography security. Under black-box attacks, with S-UNIWARD and HILL as baseline methods and Deng-Net as the targeted steganalyzer, the proposed approach improves the average detection accuracy of 4.88% and 2.47% for S-UNIWARD and HILL, respectively. In comparison, the existing works only achieve improvements of 2.88% and 2.93% for S-UNIWARD, and 1.44% and 1.12% for HILL, respectively.