首页 > 最新文献

Journal of Information Security and Applications最新文献

英文 中文
Revisiting boomerang attacks on lightweight ARX and AND-RX ciphers with applications to KATAN, SIMON and CHAM
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-16 DOI: 10.1016/j.jisa.2024.103950
Li Yu , Je Sen Teh
In this paper, we investigate the security of lightweight block ciphers, focusing on those that utilize the ADD-Rotate-XOR (ARX) and AND-Rotate-XOR (AND-RX) design paradigms. More specifically, we examine their resilience against boomerang-style attacks. First, we propose an automated search strategy that leverages the boomerang connectivity table (BCT) for AND operations (BCT) to conduct a complete search for boomerang and rectangle distinguishers for AND-RX ciphers. The proposed search strategy automatically considers all possible BCT switches in the middle of the boomerang to optimize distinguishing probability. The correctness of the search strategy was verified experimentally. We were able to find the best boomerang and rectangle distinguishers to date in the single-key model for lightweight block ciphers KATAN32/48/64 and SIMON32/48. Next, we investigated BCT properties of ARX ciphers and discovered that a truncated boomerang switch could be formulated for the lightweight ARX cipher, CHAM. We were able to find the best single-key and related-key rectangle distinguishers to date for CHAM. Our findings provide more accurate security margins of these lightweight ciphers against boomerang-style attacks.
{"title":"Revisiting boomerang attacks on lightweight ARX and AND-RX ciphers with applications to KATAN, SIMON and CHAM","authors":"Li Yu ,&nbsp;Je Sen Teh","doi":"10.1016/j.jisa.2024.103950","DOIUrl":"10.1016/j.jisa.2024.103950","url":null,"abstract":"<div><div>In this paper, we investigate the security of lightweight block ciphers, focusing on those that utilize the <span>ADD</span>-Rotate-XOR (ARX) and <span>AND</span>-Rotate-XOR (<span>AND</span>-RX) design paradigms. More specifically, we examine their resilience against boomerang-style attacks. First, we propose an automated search strategy that leverages the boomerang connectivity table (<span>BCT</span>) for <span>AND</span> operations (<span><math><mrow><mo>∧</mo><mi>B</mi><mi>C</mi><mi>T</mi></mrow></math></span>) to conduct a complete search for boomerang and rectangle distinguishers for <span>AND</span>-RX ciphers. The proposed search strategy automatically considers all possible <span><math><mrow><mo>∧</mo><mi>B</mi><mi>C</mi><mi>T</mi></mrow></math></span> switches in the middle of the boomerang to optimize distinguishing probability. The correctness of the search strategy was verified experimentally. We were able to find the best boomerang and rectangle distinguishers to date in the single-key model for lightweight block ciphers <span>KATAN</span>32/48/64 and <span>SIMON</span>32/48. Next, we investigated <span>BCT</span> properties of ARX ciphers and discovered that a truncated boomerang switch could be formulated for the lightweight ARX cipher, <span>CHAM</span>. We were able to find the best single-key and related-key rectangle distinguishers to date for <span>CHAM</span>. Our findings provide more accurate security margins of these lightweight ciphers against boomerang-style attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103950"},"PeriodicalIF":3.8,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171133","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Robust zero-watermarking algorithm via multi-scale feature analysis for medical images
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-11 DOI: 10.1016/j.jisa.2024.103937
Xiaochao Wang , Qianqian Du , Ling Du , Huayan Zhang , Jianping Hu
With the rapid growth of information technology, the development and implementation of copyright protection for medical images has become crucial. In this paper, we develop a distinguishable zero-watermarking algorithm via multi-scale feature analysis for medical images. We first detect the global features of the image with speeded-up robust features (SURF) and select the feature regions from the image through texture analysis. Then, we adopt local binary pattern (LBP) to detect the local texture features of these feature areas, and perform singular value decomposition (SVD) to extract the scale features and the detail features; these features are fused to form the feature matrix, and the average hash (aHash) algorithm is applied to the feature matrix to generate the binary feature map. Finally, we perform exclusive-or (XOR) operation between the feature images and the watermark image to generate zero-watermarks, which will be stored in the copyright protection center for further copyright authentication. Experimental results show that the average NC value of the proposed algorithm reaches 0.99 under most attacks, and the average BER of similar image extraction watermark keep below 0.27, which outperforms the current state-of-the-art (SOTA) watermarking algorithms.
{"title":"Robust zero-watermarking algorithm via multi-scale feature analysis for medical images","authors":"Xiaochao Wang ,&nbsp;Qianqian Du ,&nbsp;Ling Du ,&nbsp;Huayan Zhang ,&nbsp;Jianping Hu","doi":"10.1016/j.jisa.2024.103937","DOIUrl":"10.1016/j.jisa.2024.103937","url":null,"abstract":"<div><div>With the rapid growth of information technology, the development and implementation of copyright protection for medical images has become crucial. In this paper, we develop a distinguishable zero-watermarking algorithm via multi-scale feature analysis for medical images. We first detect the global features of the image with speeded-up robust features (SURF) and select the feature regions from the image through texture analysis. Then, we adopt local binary pattern (LBP) to detect the local texture features of these feature areas, and perform singular value decomposition (SVD) to extract the scale features and the detail features; these features are fused to form the feature matrix, and the average hash (aHash) algorithm is applied to the feature matrix to generate the binary feature map. Finally, we perform exclusive-or (XOR) operation between the feature images and the watermark image to generate zero-watermarks, which will be stored in the copyright protection center for further copyright authentication. Experimental results show that the average NC value of the proposed algorithm reaches 0.99 under most attacks, and the average BER of similar image extraction watermark keep below 0.27, which outperforms the current state-of-the-art (SOTA) watermarking algorithms.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103937"},"PeriodicalIF":3.8,"publicationDate":"2024-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A novel PVO-based RDH scheme utilizes an interleaved data embedding technique using dual-pixels
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-10 DOI: 10.1016/j.jisa.2024.103939
Tuan Duc Nguyen , Thanh Tinh Dao
Today, Reversible Data Hiding (RDH) based on Pixel Value Ordering (PVO) approaches have gained significant attention from scientists. The number of PVO-based RDH schemes developed to protect valuable data in the military and medical sectors has constantly increased. In this paper, we propose a dual-pixels (where two consecutive pixels have a mutually influential relationship) reversible data hiding method and utilize it to develop a new PVO-based RDH scheme. In this proposed approach, the dual-pixels unit is employed as an embedding unit, and a maximum of two message bits are hidden into a dual-pixels pair. Additionally, the embedding capacity is enhanced by utilizing an interleaved data hiding technique. Experimental results indicate that the proposed scheme is superior to related state-of-the-art approaches in terms of embedding capacity and visual quality.
{"title":"A novel PVO-based RDH scheme utilizes an interleaved data embedding technique using dual-pixels","authors":"Tuan Duc Nguyen ,&nbsp;Thanh Tinh Dao","doi":"10.1016/j.jisa.2024.103939","DOIUrl":"10.1016/j.jisa.2024.103939","url":null,"abstract":"<div><div>Today, Reversible Data Hiding (RDH) based on Pixel Value Ordering (PVO) approaches have gained significant attention from scientists. The number of PVO-based RDH schemes developed to protect valuable data in the military and medical sectors has constantly increased. In this paper, we propose a dual-pixels (where two consecutive pixels have a mutually influential relationship) reversible data hiding method and utilize it to develop a new PVO-based RDH scheme. In this proposed approach, the dual-pixels unit is employed as an embedding unit, and a maximum of two message bits are hidden into a dual-pixels pair. Additionally, the embedding capacity is enhanced by utilizing an interleaved data hiding technique. Experimental results indicate that the proposed scheme is superior to related state-of-the-art approaches in terms of embedding capacity and visual quality.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103939"},"PeriodicalIF":3.8,"publicationDate":"2024-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Detection of identity swapping attacks in low-resolution image settings
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-09 DOI: 10.1016/j.jisa.2024.103911
Akshay Agarwal, Nalini Ratha
While significant advances have been made in high-resolution and well-controlled face images/videos, low-resolution face analytics is a much more complicated and yet unsolved problem. On top of that, if the face images occurring in the low-resolution videos are fake (especially deepfake), then detecting the authenticity of those faces becomes exceptionally challenging. In the literature, several works have been proposed for deepfake detection on high-resolution images. However, no studies tackle the vital aspect of low resolution. In this research, we address this issue and propose a first-ever low-resolution identity swap attack detection algorithm. We assert that due to less information content, even a complex architecture might not be able to learn an effective decision space. Therefore, a novel artifacts amplification and classification algorithm is proposed to handle the lack of information content. We report our results using extensive evaluations using multiple databases, resolution settings ranging from very low-resolution face images of size (16×16) to medium resolution (128×128), and attack types. These extensive experiments demonstrate the strength of the proposed algorithm and its effectiveness in making it ready for in-the-wild settings. Our results show the novel findings and the superiority of the proposed algorithm compared to existing state-of-the-art works.
{"title":"Detection of identity swapping attacks in low-resolution image settings","authors":"Akshay Agarwal,&nbsp;Nalini Ratha","doi":"10.1016/j.jisa.2024.103911","DOIUrl":"10.1016/j.jisa.2024.103911","url":null,"abstract":"<div><div>While significant advances have been made in high-resolution and well-controlled face images/videos, low-resolution face analytics is a much more complicated and yet unsolved problem. On top of that, if the face images occurring in the low-resolution videos are fake (especially deepfake), then detecting the authenticity of those faces becomes exceptionally challenging. In the literature, several works have been proposed for deepfake detection on high-resolution images. However, no studies tackle the vital aspect of <em>low resolution</em>. In this research, we address this issue and propose a <em>first-ever low-resolution identity swap attack detection algorithm</em>. We assert that due to less information content, even a complex architecture might not be able to learn an effective decision space. Therefore, a novel artifacts amplification and classification algorithm is proposed to handle the lack of information content. We report our results using extensive evaluations using multiple databases, resolution settings ranging from very low-resolution face images of size (<span><math><mrow><mn>16</mn><mo>×</mo><mn>16</mn></mrow></math></span>) to medium resolution (<span><math><mrow><mn>128</mn><mo>×</mo><mn>128</mn></mrow></math></span>), and attack types. These extensive experiments demonstrate the strength of the proposed algorithm and its effectiveness in making it ready for in-the-wild settings. Our results show the novel findings and the superiority of the proposed algorithm compared to existing state-of-the-art works.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103911"},"PeriodicalIF":3.8,"publicationDate":"2024-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
TPE-DNA: Approximate thumbnail preserving encryption based on difference expansion and DNA encoding
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-09 DOI: 10.1016/j.jisa.2024.103938
Dongming Huo , Hanwen Wang , Guangxiang Ji , Chang Cheng , Xiaoqing Song , Lisheng Wei , Chuanzhao Zhang , Chao Han , Xin Zhou
As cloud storage technology evolves, a growing user base is uploading client-acquired images to the cloud. However, the storage of unencrypted images on these platforms raises concerns regarding unauthorized data mining and the potential for theft by malicious third parties. Thumbnail preservation encryption (TPE) has been introduced to address the balance between privacy and usability of images stored in the cloud. Existing approximate TPE methods, however, are prone to more information leakage from cipher images and often fail to achieve perfect reconstruction of the plain images. This paper introduces an enhanced approximate TPE strategy that integrates DNA encoding with differential expansion, ensuring that the information exposed by the cipher image is limited exclusively to the thumbnail of the plain image, without compromising additional details. The DNA encoding rules, along with its associated operations and decoding rules, are governed by a piecewise linear chaotic map, with the encryption key derived from the hash value of the plain image to bolster system security. The application of differential expansion facilitates reversible data hiding, enabling the decryption algorithm to accurately reconstruct the plain image without loss. Simulation outcomes confirm the efficacy and reliability of the proposed approximate TPE scheme.
{"title":"TPE-DNA: Approximate thumbnail preserving encryption based on difference expansion and DNA encoding","authors":"Dongming Huo ,&nbsp;Hanwen Wang ,&nbsp;Guangxiang Ji ,&nbsp;Chang Cheng ,&nbsp;Xiaoqing Song ,&nbsp;Lisheng Wei ,&nbsp;Chuanzhao Zhang ,&nbsp;Chao Han ,&nbsp;Xin Zhou","doi":"10.1016/j.jisa.2024.103938","DOIUrl":"10.1016/j.jisa.2024.103938","url":null,"abstract":"<div><div>As cloud storage technology evolves, a growing user base is uploading client-acquired images to the cloud. However, the storage of unencrypted images on these platforms raises concerns regarding unauthorized data mining and the potential for theft by malicious third parties. Thumbnail preservation encryption (TPE) has been introduced to address the balance between privacy and usability of images stored in the cloud. Existing approximate TPE methods, however, are prone to more information leakage from cipher images and often fail to achieve perfect reconstruction of the plain images. This paper introduces an enhanced approximate TPE strategy that integrates DNA encoding with differential expansion, ensuring that the information exposed by the cipher image is limited exclusively to the thumbnail of the plain image, without compromising additional details. The DNA encoding rules, along with its associated operations and decoding rules, are governed by a piecewise linear chaotic map, with the encryption key derived from the hash value of the plain image to bolster system security. The application of differential expansion facilitates reversible data hiding, enabling the decryption algorithm to accurately reconstruct the plain image without loss. Simulation outcomes confirm the efficacy and reliability of the proposed approximate TPE scheme.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103938"},"PeriodicalIF":3.8,"publicationDate":"2024-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Beyond known threats: A novel strategy for isolating and detecting unknown malicious traffic
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-07 DOI: 10.1016/j.jisa.2024.103920
Qianwei Meng, Qingjun Yuan, Xiangbin Wang, Yongjuan Wang, Guangsong Li, Yanbei Zhu, Siqi Lu
Traditional network intrusion detection systems excel at screening known attack types, but face significant challenges when dealing with unseen malicious traffic, often misclassifying such novel attacks into known classes. Existing unknown malicious traffic detection methods frequently fail to effectively control the distribution of known classes in the representation space and do not reserve sufficient representation space for unknown malicious traffic, blurring the boundaries between known and unknown traffic classifications. Furthermore, because known traffic types are centrally distributed within the representation space, whereas unknown malicious traffic types are scattered throughout, additional constraint processing of hard samples is required. To this end, we propose a one-class classification model for unknown malicious traffic called OC-MAL. The core of OC-MAL is to make full use of hard samples to force constraints on the distribution of the known classes in the representation space, separating the unknown and known classes well and realizing the accurate detection of unknown malicious traffic. We fuse a Deep SVDD and an autoencoder in which the reconstruction loss ensures that the latent variables of known classes retain rich category information and the distance loss ensures that known classes are tightly clustered at the center of a hypersphere in representation space. Moreover, the two are combined to further improve the discriminative power on unknown malicious traffic. We evaluated the OC-MAL model on a public malicious traffic dataset. The results showed that it achieves an average AUC value of 95.16% on the malicious traffic dataset, outperforming other state-of-the-art methods.
{"title":"Beyond known threats: A novel strategy for isolating and detecting unknown malicious traffic","authors":"Qianwei Meng,&nbsp;Qingjun Yuan,&nbsp;Xiangbin Wang,&nbsp;Yongjuan Wang,&nbsp;Guangsong Li,&nbsp;Yanbei Zhu,&nbsp;Siqi Lu","doi":"10.1016/j.jisa.2024.103920","DOIUrl":"10.1016/j.jisa.2024.103920","url":null,"abstract":"<div><div>Traditional network intrusion detection systems excel at screening known attack types, but face significant challenges when dealing with unseen malicious traffic, often misclassifying such novel attacks into known classes. Existing unknown malicious traffic detection methods frequently fail to effectively control the distribution of known classes in the representation space and do not reserve sufficient representation space for unknown malicious traffic, blurring the boundaries between known and unknown traffic classifications. Furthermore, because known traffic types are centrally distributed within the representation space, whereas unknown malicious traffic types are scattered throughout, additional constraint processing of hard samples is required. To this end, we propose a one-class classification model for unknown malicious traffic called OC-MAL. The core of OC-MAL is to make full use of hard samples to force constraints on the distribution of the known classes in the representation space, separating the unknown and known classes well and realizing the accurate detection of unknown malicious traffic. We fuse a Deep SVDD and an autoencoder in which the reconstruction loss ensures that the latent variables of known classes retain rich category information and the distance loss ensures that known classes are tightly clustered at the center of a hypersphere in representation space. Moreover, the two are combined to further improve the discriminative power on unknown malicious traffic. We evaluated the OC-MAL model on a public malicious traffic dataset. The results showed that it achieves an average AUC value of 95.16% on the malicious traffic dataset, outperforming other state-of-the-art methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103920"},"PeriodicalIF":3.8,"publicationDate":"2024-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171129","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
MSD-CDRL: A generic fusion detection framework for logic covert attack towards cyber-physical system security
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-06 DOI: 10.1016/j.jisa.2024.103947
Lianpeng Li , Saifei Liu
Cyber-physical systems (CPSs) enable the integrated design of computing, communication, and physical systems, making the system more reliable, efficient, and collaborative in real time, with important and widespread applications. However, they have serious vulnerabilities to logic covert attacks (LCAs), while few existing approaches focus on LCAs. This paper developed a generic fusion detection framework that combines a mean standard deviation (MSD) module and a constrained deep reinforcement learning (CDRL) approach for CPSs. The MSD module is used to extract the fluctuation and trend characteristics of sensor measurements. Meanwhile, we use the CPS model in the DRL training process, which reduces the computational complexity and speeds up the convergence of the DRL. By establishing the physical platform and co-simulation system, the superior performance of MSD-CDRL has been demonstrated compared with three state-of-the-art methods (composite deep learning, observed Petri Nets, and DRL). Experimental results indicated that the ability of MSD-CDRL in detection accuracy has been increased significantly and the detection efficiency is 60 % higher than the existing verification methods.
{"title":"MSD-CDRL: A generic fusion detection framework for logic covert attack towards cyber-physical system security","authors":"Lianpeng Li ,&nbsp;Saifei Liu","doi":"10.1016/j.jisa.2024.103947","DOIUrl":"10.1016/j.jisa.2024.103947","url":null,"abstract":"<div><div>Cyber-physical systems (CPSs) enable the integrated design of computing, communication, and physical systems, making the system more reliable, efficient, and collaborative in real time, with important and widespread applications. However, they have serious vulnerabilities to logic covert attacks (LCAs), while few existing approaches focus on LCAs. This paper developed a generic fusion detection framework that combines a mean standard deviation (MSD) module and a constrained deep reinforcement learning (CDRL) approach for CPSs. The MSD module is used to extract the fluctuation and trend characteristics of sensor measurements. Meanwhile, we use the CPS model in the DRL training process, which reduces the computational complexity and speeds up the convergence of the DRL. By establishing the physical platform and co-simulation system, the superior performance of MSD-CDRL has been demonstrated compared with three state-of-the-art methods (composite deep learning, observed Petri Nets, and DRL). Experimental results indicated that the ability of MSD-CDRL in detection accuracy has been increased significantly and the detection efficiency is 60 % higher than the existing verification methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103947"},"PeriodicalIF":3.8,"publicationDate":"2024-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
COLM under attack: A cryptanalytic exploration of COLM variants
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-05 DOI: 10.1016/j.jisa.2024.103936
Debasmita Chakraborty, Mridul Nandi
Authenticated Encryption with Associated Data (AEAD) schemes have become a powerful solution for addressing contemporary security challenges. Within the recipients of recognition from the CAESAR competition, COLM AEAD emerges as a distinctive focus of interest within the realm of cryptanalysis. It draws significant attention, specifically in the context of endeavors related to universal forgery, retrieval of plaintext, and the exploration of tag guessing attacks. Recently, Ulusoy et al. (JISA 2022) proposed attacks on COLM by constructing simulation models of the encryption or decryption oracles of the underlying block cipher (SEBC or SDBC). To counter these attacks, they also suggested potential enhancements for COLM. Thus, this paper aims to delve into the security aspects of those variants of COLM discussed by Ulusoy et al. (JISA 2022). In this paper, firstly, we construct SEBC and SDBC of COLM with a generalized linear mixing function and propose all three types of attacks using SEBC and SDBC. While Datta et al. (IACR ToSC 2017) previously investigated the INT-RUP security of COLM with a generalized linear mixing function, the construction of SEBC/SDBC for such a scenario remained an open question until now. Additionally, we present a new SEBC/SDBC construction of COLM where the whitening mask L is encrypted using a separate key distinct from the main key. Furthermore, we consider situations where the masking values in the associated data processing are altered, preventing conventional methods like Lu’s (ASIACCS 2017) from recovering L. Nevertheless, we propose an alternative method to recover L, facilitating cryptanalysis of this particular variant of COLM. This analysis sheds light on the security strengths and vulnerabilities of these variants, offering valuable insights for further advancements in COLM.
{"title":"COLM under attack: A cryptanalytic exploration of COLM variants","authors":"Debasmita Chakraborty,&nbsp;Mridul Nandi","doi":"10.1016/j.jisa.2024.103936","DOIUrl":"10.1016/j.jisa.2024.103936","url":null,"abstract":"<div><div>Authenticated Encryption with Associated Data (AEAD) schemes have become a powerful solution for addressing contemporary security challenges. Within the recipients of recognition from the CAESAR competition, <span>COLM</span> AEAD emerges as a distinctive focus of interest within the realm of cryptanalysis. It draws significant attention, specifically in the context of endeavors related to universal forgery, retrieval of plaintext, and the exploration of tag guessing attacks. Recently, Ulusoy et al. (JISA 2022) proposed attacks on <span>COLM</span> by constructing simulation models of the encryption or decryption oracles of the underlying block cipher (SEBC or SDBC). To counter these attacks, they also suggested potential enhancements for <span>COLM</span>. Thus, this paper aims to delve into the security aspects of those variants of <span>COLM</span> discussed by Ulusoy et al. (JISA 2022). In this paper, firstly, we construct SEBC and SDBC of <span>COLM</span> with a generalized linear mixing function and propose all three types of attacks using SEBC and SDBC. While Datta et al. (IACR ToSC 2017) previously investigated the INT-RUP security of <span>COLM</span> with a generalized linear mixing function, the construction of SEBC/SDBC for such a scenario remained an open question until now. Additionally, we present a new SEBC/SDBC construction of <span>COLM</span> where the whitening mask <span><math><mi>L</mi></math></span> is encrypted using a separate key distinct from the main key. Furthermore, we consider situations where the masking values in the associated data processing are altered, preventing conventional methods like Lu’s (ASIACCS 2017) from recovering <span><math><mi>L</mi></math></span>. Nevertheless, we propose an alternative method to recover <span><math><mi>L</mi></math></span>, facilitating cryptanalysis of this particular variant of <span>COLM</span>. This analysis sheds light on the security strengths and vulnerabilities of these variants, offering valuable insights for further advancements in <span>COLM</span>.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103936"},"PeriodicalIF":3.8,"publicationDate":"2024-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Hierarchical Threshold Multi-Key Fully Homomorphic Encryption 分层阈值多密钥全同态加密
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-03 DOI: 10.1016/j.jisa.2024.103919
Xiaohan Wan , Hao Lin , Mingqiang Wang , Wenting Shen
Fully Homomorphic Encryption (FHE) supports computation on encrypted data without the need for decryption, thereby enabling secure outsourcing of computing to an untrusted cloud. Subsequently, motivated by application scenarios where private information is offered by different data owners, Multi-Key Fully Homomorphic Encryption (MKFHE) and Threshold Fully Homomorphic Encryption (ThFHE) were successively introduced. However, both MKFHE and ThFHE have some limitations: MKFHE requires the participation of all members during the decryption process and does not support decryption using a subset of members, while ThFHE requires pre-fixed participants and does not support dynamic joining or exiting.
To address these limitations, in this paper, we propose a new notion called Hierarchical Threshold Multi-key Fully Homomorphic Encryption (HTM-FHE), which combines the features of MKFHE and ThFHE, incorporating the advantages of both. Then we provide the first construction of HTM-FHE based on lattice, denoted as HTM-TFHE. Our scheme can evaluate a binary gate on ciphertexts encrypted under different groups’ public keys followed by a bootstrapping procedure. The semantic and simulation security of HTM-TFHE is proven under the LWE assumption. Furthermore, HTM-TFHE supports fine-grained access control for encrypted data, which provides benefits in practical applications.
完全同态加密(FHE)支持在不需要解密的情况下对加密数据进行计算,从而可以将计算安全地外包给不受信任的云。随后,基于不同数据所有者提供私有信息的应用场景,相继引入了多密钥全同态加密(MKFHE)和阈值全同态加密(ThFHE)。然而,MKFHE和ThFHE都有一定的局限性:MKFHE在解密过程中需要所有成员参与,不支持使用成员子集进行解密,而ThFHE需要预先固定参与者,不支持动态加入或退出。为了解决这些限制,本文提出了一种新的概念,称为分层阈值多密钥完全同态加密(html - fhe),它结合了MKFHE和ThFHE的特点,并结合了两者的优点。在此基础上,提出了基于格的HTM-FHE结构,记为HTM-TFHE。我们的方案可以对在不同组的公钥下加密的密文进行二进制门的评估,然后进行自启动过程。在LWE假设下,证明了html - tfhe的语义安全性和仿真安全性。此外,html - tfhe支持对加密数据的细粒度访问控制,这在实际应用中提供了好处。
{"title":"Hierarchical Threshold Multi-Key Fully Homomorphic Encryption","authors":"Xiaohan Wan ,&nbsp;Hao Lin ,&nbsp;Mingqiang Wang ,&nbsp;Wenting Shen","doi":"10.1016/j.jisa.2024.103919","DOIUrl":"10.1016/j.jisa.2024.103919","url":null,"abstract":"<div><div>Fully Homomorphic Encryption (FHE) supports computation on encrypted data without the need for decryption, thereby enabling secure outsourcing of computing to an untrusted cloud. Subsequently, motivated by application scenarios where private information is offered by different data owners, Multi-Key Fully Homomorphic Encryption (MKFHE) and Threshold Fully Homomorphic Encryption (ThFHE) were successively introduced. However, both MKFHE and ThFHE have some limitations: MKFHE requires the participation of all members during the decryption process and does not support decryption using a subset of members, while ThFHE requires pre-fixed participants and does not support dynamic joining or exiting.</div><div>To address these limitations, in this paper, we propose a new notion called Hierarchical Threshold Multi-key Fully Homomorphic Encryption (HTM-FHE), which combines the features of MKFHE and ThFHE, incorporating the advantages of both. Then we provide the first construction of HTM-FHE based on lattice, denoted as <span><math><mrow><mi>HTM</mi><mtext>-</mtext><mi>TFHE</mi></mrow></math></span>. Our scheme can evaluate a binary gate on ciphertexts encrypted under different groups’ public keys followed by a bootstrapping procedure. The semantic and simulation security of <span><math><mrow><mi>HTM</mi><mtext>-</mtext><mi>TFHE</mi></mrow></math></span> is proven under the LWE assumption. Furthermore, <span><math><mrow><mi>HTM</mi><mtext>-</mtext><mi>TFHE</mi></mrow></math></span> supports fine-grained access control for encrypted data, which provides benefits in practical applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103919"},"PeriodicalIF":3.8,"publicationDate":"2024-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142759297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Color image encryption algorithm based on hybrid chaos and layered strategies 基于混合混沌和分层策略的彩色图像加密算法
IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2024-12-02 DOI: 10.1016/j.jisa.2024.103921
YongHui Huang, QiLin Zhang, YongBiao Zhao
As the need for information security grows, chaotic system-based digital image encryption algorithms have gained considerable interest in recent years. However, many existing algorithms rely solely on a single chaotic mapping for pixel or bit-plane encryption. While these methods provide a certain level of security, there is still room for improvement, particularly in enhancing encryption depth. This paper proposes a color image encryption algorithm based on hybrid chaos and layered strategies to address this issue. First, We confirm the strong chaotic behavior of the newly introduced Chebyshev–Tent (CT) mapping through a detailed analysis of its chaotic properties, including the Lyapunov exponent, bifurcation diagram, NIST SP 800-22 test, sample entropy analysis, 0–1 test analysis, and sensitivity to initial conditions. The chaotic sequences generated by CT and Sine-Tent-Cosine (STC) mapping are then jointly incorporated into the scrambling and diffusion processes. Furthermore, to enhance the randomness of the scrambling process, we present a chaotic Fisher–Yates scrambling algorithm based on chaotic sequences to scramble different layers of the image. This layered encryption approach, which combines the advantages of multiple chaotic mappings, not only improves encryption depth but also increases complexity across different image dimensions. The experimental results and security assessments demonstrate the robustness and reliability of the proposed algorithm.
随着信息安全需求的增长,基于混沌系统的数字图像加密算法近年来受到了广泛关注。然而,许多现有的算法仅依赖于单个混沌映射来进行像素或位平面加密。虽然这些方法提供了一定程度的安全性,但仍有改进的余地,特别是在增强加密深度方面。针对这一问题,本文提出了一种基于混合混沌和分层策略的彩色图像加密算法。首先,我们通过对新引入的Chebyshev-Tent (CT)映射的混沌性质的详细分析,包括Lyapunov指数、分岔图、NIST SP 800-22测试、样本熵分析、0-1测试分析和对初始条件的敏感性,证实了其强混沌行为。然后将CT和STC (sin - tent - cos)映射生成的混沌序列联合纳入置乱和扩散过程。此外,为了增强置乱过程的随机性,提出了一种基于混沌序列的混沌Fisher-Yates置乱算法,对图像的不同层进行置乱。这种分层加密方法结合了多重混沌映射的优点,不仅提高了加密深度,而且增加了不同图像维度的复杂度。实验结果和安全性评估证明了该算法的鲁棒性和可靠性。
{"title":"Color image encryption algorithm based on hybrid chaos and layered strategies","authors":"YongHui Huang,&nbsp;QiLin Zhang,&nbsp;YongBiao Zhao","doi":"10.1016/j.jisa.2024.103921","DOIUrl":"10.1016/j.jisa.2024.103921","url":null,"abstract":"<div><div>As the need for information security grows, chaotic system-based digital image encryption algorithms have gained considerable interest in recent years. However, many existing algorithms rely solely on a single chaotic mapping for pixel or bit-plane encryption. While these methods provide a certain level of security, there is still room for improvement, particularly in enhancing encryption depth. This paper proposes a color image encryption algorithm based on hybrid chaos and layered strategies to address this issue. First, We confirm the strong chaotic behavior of the newly introduced Chebyshev–Tent (CT) mapping through a detailed analysis of its chaotic properties, including the Lyapunov exponent, bifurcation diagram, NIST SP 800-22 test, sample entropy analysis, 0–1 test analysis, and sensitivity to initial conditions. The chaotic sequences generated by CT and Sine-Tent-Cosine (STC) mapping are then jointly incorporated into the scrambling and diffusion processes. Furthermore, to enhance the randomness of the scrambling process, we present a chaotic Fisher–Yates scrambling algorithm based on chaotic sequences to scramble different layers of the image. This layered encryption approach, which combines the advantages of multiple chaotic mappings, not only improves encryption depth but also increases complexity across different image dimensions. The experimental results and security assessments demonstrate the robustness and reliability of the proposed algorithm.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103921"},"PeriodicalIF":3.8,"publicationDate":"2024-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142759390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
类型
全部 化学•材料 生命科学 医学 物理 工程技术 环境•农林 材料科学 地球科学 法学 管理学 化学 环境科学与生态学 计算机科学 教育学 经济学 农林科学 人文科学 生物学 数学 物理与天体物理 心理学 综合性期刊 其他 工业工程 理学 历史学 农学 文学 信息工程
数据库
全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley
期刊
Journal of Information Security and Applications
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1