Journal of Information Security and Applications最新文献_第6页

Anomaly detection for blockchain nodes based on eBPF and fine-tuning large language model 基于eBPF和大语言模型微调的区块链节点异常检测

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-10 DOI: 10.1016/j.jisa.2025.104329

Jincheng Su , Zhide Chen , Kexin Zhu , Chen Feng

While blockchain technology is widely used across various fields, it faces growing security challenges. Traditional blockchain anomaly detection methods, such as log analysis and fixed pattern recognition, struggle to handle complex and dynamic attack techniques. This paper proposes the Blockchain Live Anomaly Detection with eBPF and LLMs (BLAD-eLLM) scheme, which combines the efficient data capture capabilities of extended Berkeley Packet Filter (eBPF) technology for kernel-level security monitoring with the deep text understanding and semantic analysis power of large language models (LLMs) to enhance the network layer security of blockchain nodes. The proposed approach analyzes blockchain network activities comprehensively, aiming for accurate identification of potential anomalous behaviors. Furthermore, a knowledge-enhanced reasoning framework is developed, integrating Retrieval-Augmented Generation (RAG) for contextual blockchain threat intelligence and Chain-of-Thought (COT) prompting for multi-step attack analysis while employing Weight-Decomposed Low-Rank Adaptation (DoRA) based prompt fine-tuning to optimize the LLMs’ domain-specific adaptability and detection accuracy. Experimental results demonstrate that the proposed scheme significantly improves blockchain anomaly detection accuracy while maintaining minimal impact on system performance, ensuring the stability and security of the blockchain system.

区块链技术在各个领域得到广泛应用的同时，也面临着越来越多的安全挑战。传统的区块链异常检测方法，如日志分析和固定模式识别，难以处理复杂的动态攻击技术。本文提出了区块链实时异常检测与eBPF和llm （blade - ellm）方案，该方案将扩展伯克利包过滤（eBPF）技术用于内核级安全监控的高效数据捕获能力与大型语言模型（llm）的深度文本理解和语义分析能力相结合，以增强区块链节点的网络层安全性。该方法全面分析区块链网络活动，旨在准确识别潜在的异常行为。此外，开发了一个知识增强推理框架，集成了用于上下文区块链威胁情报的检索增强生成（RAG）和用于多步攻击分析的思维链（COT）提示，同时采用基于权重分解的低秩自适应（DoRA）提示微调来优化llm的特定领域适应性和检测精度。实验结果表明，该方案在保证区块链系统稳定性和安全性的同时，显著提高了区块链异常检测精度。

{"title":"Anomaly detection for blockchain nodes based on eBPF and fine-tuning large language model","authors":"Jincheng Su , Zhide Chen , Kexin Zhu , Chen Feng","doi":"10.1016/j.jisa.2025.104329","DOIUrl":"10.1016/j.jisa.2025.104329","url":null,"abstract":"<div><div>While blockchain technology is widely used across various fields, it faces growing security challenges. Traditional blockchain anomaly detection methods, such as log analysis and fixed pattern recognition, struggle to handle complex and dynamic attack techniques. This paper proposes the Blockchain Live Anomaly Detection with eBPF and LLMs (BLAD-eLLM) scheme, which combines the efficient data capture capabilities of extended Berkeley Packet Filter (eBPF) technology for kernel-level security monitoring with the deep text understanding and semantic analysis power of large language models (LLMs) to enhance the network layer security of blockchain nodes. The proposed approach analyzes blockchain network activities comprehensively, aiming for accurate identification of potential anomalous behaviors. Furthermore, a knowledge-enhanced reasoning framework is developed, integrating Retrieval-Augmented Generation (RAG) for contextual blockchain threat intelligence and Chain-of-Thought (COT) prompting for multi-step attack analysis while employing Weight-Decomposed Low-Rank Adaptation (DoRA) based prompt fine-tuning to optimize the LLMs’ domain-specific adaptability and detection accuracy. Experimental results demonstrate that the proposed scheme significantly improves blockchain anomaly detection accuracy while maintaining minimal impact on system performance, ensuring the stability and security of the blockchain system.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104329"},"PeriodicalIF":3.7,"publicationDate":"2025-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145738763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Security analysis of a novel image encryption algorithm based on 3D chaos 一种基于三维混沌的图像加密算法的安全性分析

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-09 DOI: 10.1016/j.jisa.2025.104332

Rong Zhou, Simin Yu

The paper analyzes the security of a novel encryption algorithm based on a 3D chaos from three aspects. The algorithm uses a typical two-round permutation-diffusion structure and consists of three parts: key selection, permutation, and diffusion with feedback. The keys consist of three initial values, three control parameters, one interference parameter, and two correlation coefficients of 3D chaos. The algorithm has passed the tests for histogram, correlation, difference analysis, and trend fluctuation analysis, and its security has been verified. However, after analysis in this paper, it has three major vulnerabilities: first, the algorithm has an equivalent key because the original key is irrelevant to plaintext. Second, diffusion is a linear operation, it results in the separability between the pixel values of the plaintext and the keys that form the pixel values of the ciphertext. Hence, the plaintext can be reconstructed according to the characteristics of ciphertext. Third, the feedback in diffusion makes ciphertext have a strong sensitivity to plaintext, but the sensitivity of plaintext to ciphertext is low and there is no avalanche effect. Therefore, it cannot resist differential attack. This paper analyzes the algorithm from three vulnerabilities, respectively, and proposes three decoding methods. Meanwhile, targeted measures are discussed to resist common attacks. Finally, the three methods are extended to cryptanalysis on general encryption algorithm with similar vulnerabilities. Theoretical analysis and experimental results show that these three decoding methods are effective.

本文从三个方面分析了一种基于三维混沌的新型加密算法的安全性。该算法采用典型的两轮置换扩散结构，由键选择、置换和带反馈的扩散三部分组成。键由3个初始值、3个控制参数、1个干涉参数和2个三维混沌相关系数组成。该算法通过了直方图、相关性、差异分析、趋势波动分析等测试，验证了算法的安全性。然而，经过本文的分析，该算法存在三大漏洞：首先，由于原密钥与明文无关，该算法具有等效密钥。其次，扩散是一种线性操作，它导致了明文的像素值与构成密文像素值的密钥之间的可分离性。因此，可以根据密文的特点对明文进行重构。第三，扩散中的反馈使得密文对明文具有较强的敏感性，但明文对密文的敏感性较低，不存在雪崩效应。因此，它无法抵抗差分攻击。本文分别从三个漏洞对该算法进行了分析，并提出了三种解码方法。同时，讨论了针对常见攻击的针对性措施。最后，将这三种方法推广到具有类似漏洞的通用加密算法的密码分析中。理论分析和实验结果表明，这三种译码方法都是有效的。

{"title":"Security analysis of a novel image encryption algorithm based on 3D chaos","authors":"Rong Zhou, Simin Yu","doi":"10.1016/j.jisa.2025.104332","DOIUrl":"10.1016/j.jisa.2025.104332","url":null,"abstract":"<div><div>The paper analyzes the security of a novel encryption algorithm based on a 3D chaos from three aspects. The algorithm uses a typical two-round permutation-diffusion structure and consists of three parts: key selection, permutation, and diffusion with feedback. The keys consist of three initial values, three control parameters, one interference parameter, and two correlation coefficients of 3D chaos. The algorithm has passed the tests for histogram, correlation, difference analysis, and trend fluctuation analysis, and its security has been verified. However, after analysis in this paper, it has three major vulnerabilities: first, the algorithm has an equivalent key because the original key is irrelevant to plaintext. Second, diffusion is a linear operation, it results in the separability between the pixel values of the plaintext and the keys that form the pixel values of the ciphertext. Hence, the plaintext can be reconstructed according to the characteristics of ciphertext. Third, the feedback in diffusion makes ciphertext have a strong sensitivity to plaintext, but the sensitivity of plaintext to ciphertext is low and there is no avalanche effect. Therefore, it cannot resist differential attack. This paper analyzes the algorithm from three vulnerabilities, respectively, and proposes three decoding methods. Meanwhile, targeted measures are discussed to resist common attacks. Finally, the three methods are extended to cryptanalysis on general encryption algorithm with similar vulnerabilities. Theoretical analysis and experimental results show that these three decoding methods are effective.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104332"},"PeriodicalIF":3.7,"publicationDate":"2025-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145738762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

BISE: Enhance data sharing security through consortium blockchain and IPFS BISE：通过联盟区块链和IPFS增强数据共享安全性

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-05 DOI: 10.1016/j.jisa.2025.104320

Mingxuan Chen , Puhe Hao , Weizhi Meng , Yasen Aizezi , Guozi Sun

Data sharing is pivotal in sectors such as healthcare, finance, and social networking. Encrypting sensitive data, while essential for privacy protection, introduces complexity to data sharing and poses privacy risks when leveraging cloud servers. Blockchain-based searchable encryption offers a balance between privacy preservation and data availability; however, user anonymity remains a significant concern. Traditional storage systems, which rely on centralized servers, limit data stability and scalability. To address these challenges, we have introduced BISE, a solution that leverages the power of blockchain to achieve data integrity, using searchable encryption for secure searches and IPFS for decentralized storage. Constructed on Hyperledger Fabric and IPFS, our system demonstrates efficiency through simulations. This integrated approach ensures data privacy, integrity, and availability, with efficient updates and queries, making it a robust solution for sensitive data sharing in various domains.

数据共享在医疗保健、金融和社交网络等领域至关重要。对敏感数据进行加密虽然对隐私保护至关重要，但会给数据共享带来复杂性，并在利用云服务器时带来隐私风险。基于区块链的可搜索加密在隐私保护和数据可用性之间提供了平衡；然而，用户匿名仍然是一个重大问题。传统的存储系统依赖于集中式服务器，限制了数据的稳定性和可扩展性。为了应对这些挑战，我们引入了BISE，这是一种利用区块链功能实现数据完整性的解决方案，使用可搜索加密进行安全搜索，使用IPFS进行分散存储。本系统基于Hyperledger Fabric和IPFS架构，通过仿真验证了系统的有效性。这种集成的方法确保数据隐私、完整性和可用性，并具有高效的更新和查询，使其成为各种领域中敏感数据共享的健壮解决方案。

引用次数: 0

Lattice-based puncturable attribute-based proxy re-encryption scheme in cloud computing 云计算中基于格的可穿透属性代理重加密方案

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-05 DOI: 10.1016/j.jisa.2025.104325

Mengdi Zhao, Huiyan Chen, Xi Lin

Governmental and military organizations frequently manage sensitive documents that require both secure distribution and long-term preservation. These documents are typically encrypted and disseminated across multiple departments or agencies under access policies. To ensure confidentiality and accountability, attribute-based proxy re-encryption (ABPRE) allows flexible one-to-many data sharing. However, once receivers’ keys are exposed, unauthorized decryption of historical ciphertexts becomes possible, creating severe risks to national security and organizational integrity. The central challenge lies in reconciling document archiving with effective protection against post-compromise leakage. To tackle this issue, we present a lattice-based puncturable key-policy attribute-based proxy re-encryption (P-KP-ABPRE) scheme. In our design, recipients may autonomously revoke decryption capability for specific tags, thereby revoking access to selected ciphertexts without requiring data owner involvement or global re-encryption. This recipient-driven revocation mechanism not only achieves forward security but also reduces system overhead while preserving the reusability of ciphertexts. Built upon the learning with errors (LWE) assumption, our scheme supports multi-bit encryption, and demonstrates security against quantum attacks and chosen-plaintext attacks (CPA).

政府和军事组织经常管理需要安全分发和长期保存的敏感文件。这些文档通常是加密的，并根据访问策略在多个部门或机构之间传播。为了确保机密性和可问责性，基于属性的代理重加密（ABPRE）允许灵活的一对多数据共享。然而，一旦接收者的密钥被暴露，就有可能对历史密文进行未经授权的解密，从而对国家安全和组织完整性造成严重威胁。核心的挑战在于协调文件存档与有效防止泄漏后的保护。为了解决这个问题，我们提出了一种基于格子的可穿透密钥策略属性的代理重加密方案（P-KP-ABPRE）。在我们的设计中，接收者可以自主撤销特定标签的解密能力，从而撤销对选定密文的访问，而不需要数据所有者参与或全局重新加密。这种由接收方驱动的撤销机制不仅实现了前向安全性，而且在保证密文可重用性的同时降低了系统开销。基于错误学习（LWE）假设，我们的方案支持多比特加密，并演示了对量子攻击和选择明文攻击（CPA）的安全性。

{"title":"Lattice-based puncturable attribute-based proxy re-encryption scheme in cloud computing","authors":"Mengdi Zhao, Huiyan Chen, Xi Lin","doi":"10.1016/j.jisa.2025.104325","DOIUrl":"10.1016/j.jisa.2025.104325","url":null,"abstract":"<div><div>Governmental and military organizations frequently manage sensitive documents that require both secure distribution and long-term preservation. These documents are typically encrypted and disseminated across multiple departments or agencies under access policies. To ensure confidentiality and accountability, attribute-based proxy re-encryption (ABPRE) allows flexible one-to-many data sharing. However, once receivers’ keys are exposed, unauthorized decryption of historical ciphertexts becomes possible, creating severe risks to national security and organizational integrity. The central challenge lies in reconciling document archiving with effective protection against post-compromise leakage. To tackle this issue, we present a lattice-based puncturable key-policy attribute-based proxy re-encryption (P-KP-ABPRE) scheme. In our design, recipients may autonomously revoke decryption capability for specific tags, thereby revoking access to selected ciphertexts without requiring data owner involvement or global re-encryption. This recipient-driven revocation mechanism not only achieves forward security but also reduces system overhead while preserving the reusability of ciphertexts. Built upon the learning with errors (LWE) assumption, our scheme supports multi-bit encryption, and demonstrates security against quantum attacks and chosen-plaintext attacks (CPA).</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"97 ","pages":"Article 104325"},"PeriodicalIF":3.7,"publicationDate":"2025-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145685937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MVNIDS: A multiview-based network intrusion detection system MVNIDS：基于多视图的网络入侵检测系统

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-02 DOI: 10.1016/j.jisa.2025.104321

Sunit Kumar Nandi, Ritesh Ratti, Sanasam Ranbir Singh, Sukumar Nandi

Traditional Network Intrusion Detection Systems (NIDS) predominantly rely on signature-based and supervised learning approaches that require large volumes of labeled attack data. However, generating such labeled data is costly, time-consuming, and often impractical, especially in the presence of class imbalance and zero-day attacks. To address these limitations, this paper proposes MVNIDS, a Multiview-based Network Intrusion Detection System employing a self-supervised learning paradigm. The proposed method constructs three complementary views from raw packet capture data, namely, Network View, Flow View, and Image View, each capturing distinct protocol, temporal, and structural characteristics of network traffic. Independent autoencoder models are trained on benign samples for each view, and their reconstruction errors are fused through a majority-voting mechanism to automatically generate “Attack” and “Benign” pseudo-labels. These labels are subsequently used to train a binary classifier for final intrusion detection. Experimental evaluation on the CICIDS2018 dataset, focusing on FTP BruteForce and UDP DoS attacks, demonstrates that MVNIDS outperforms most view-specific and supervised baselines, achieving up to 98.3 % F1-score and 98.5 % accuracy. The multiview representation enhances detection robustness and enables effective identification of zero-day and variant attacks, highlighting MVNIDS as a scalable, computationally efficient, and generalizable framework for modern network security applications.

传统的网络入侵检测系统（NIDS）主要依赖于基于签名和监督学习的方法，这些方法需要大量标记攻击数据。然而，生成这样的标记数据是昂贵的、耗时的，而且通常是不切实际的，特别是在存在类不平衡和零日攻击的情况下。为了解决这些限制，本文提出了MVNIDS，一种采用自监督学习范式的基于多视图的网络入侵检测系统。该方法从原始数据包捕获数据构建三个互补视图，即网络视图、流视图和图像视图，每个视图捕获网络流量的不同协议、时间和结构特征。在每个视图的良性样本上训练独立的自编码器模型，并通过多数投票机制融合其重建误差，自动生成“攻击”和“良性”伪标签。这些标签随后用于训练用于最终入侵检测的二值分类器。对CICIDS2018数据集的实验评估，重点是FTP暴力攻击和UDP DoS攻击，表明MVNIDS优于大多数特定视图和监督基线，达到98.3%的f1得分和98.5%的准确率。多视图表示增强了检测鲁棒性，能够有效识别零日攻击和变体攻击，突出了MVNIDS作为现代网络安全应用的可扩展、计算效率高和可通用的框架。

{"title":"MVNIDS: A multiview-based network intrusion detection system","authors":"Sunit Kumar Nandi, Ritesh Ratti, Sanasam Ranbir Singh, Sukumar Nandi","doi":"10.1016/j.jisa.2025.104321","DOIUrl":"10.1016/j.jisa.2025.104321","url":null,"abstract":"<div><div>Traditional Network Intrusion Detection Systems (NIDS) predominantly rely on signature-based and supervised learning approaches that require large volumes of labeled attack data. However, generating such labeled data is costly, time-consuming, and often impractical, especially in the presence of class imbalance and zero-day attacks. To address these limitations, this paper proposes MVNIDS, a Multiview-based Network Intrusion Detection System employing a self-supervised learning paradigm. The proposed method constructs three complementary views from raw packet capture data, namely, Network View, Flow View, and Image View, each capturing distinct protocol, temporal, and structural characteristics of network traffic. Independent autoencoder models are trained on benign samples for each view, and their reconstruction errors are fused through a majority-voting mechanism to automatically generate “Attack” and “Benign” pseudo-labels. These labels are subsequently used to train a binary classifier for final intrusion detection. Experimental evaluation on the CICIDS2018 dataset, focusing on FTP BruteForce and UDP DoS attacks, demonstrates that MVNIDS outperforms most view-specific and supervised baselines, achieving up to 98.3 % F1-score and 98.5 % accuracy. The multiview representation enhances detection robustness and enables effective identification of zero-day and variant attacks, highlighting MVNIDS as a scalable, computationally efficient, and generalizable framework for modern network security applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104321"},"PeriodicalIF":3.7,"publicationDate":"2025-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145684285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A Dual-Layer image encryption framework using chaotic AES with dynamic S-Boxes and steganographic QR codes 基于混沌AES动态s盒和隐写QR码的双层图像加密框架

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 DOI: 10.1016/j.jisa.2025.104322

Md Rishadul Bayesh , Dabbrata Das , Md Ahadullah

This paper presents a robust image encryption and key distribution framework that integrates an enhanced AES-128 algorithm with chaos theory and advanced steganographic techniques for dual-layer security. The encryption engine features a dynamic ShiftRows operation controlled by a logistic map, variable S-boxes generated from a two-dimensional Hénon map for substitution and key expansion, and feedback chaining with post-encryption XOR diffusion to improve confusion, diffusion, and key sensitivity. To address secure key delivery, the scheme introduces dual-key distribution via steganographically modified QR codes. A static key and an AES-encrypted dynamic session key are embedded with a covert hint message using least significant bit (LSB) steganography. This design ensures the dynamic key can only be decrypted after reconstructing the static key from the hidden message, offering multi-factor protection against interception. Experimental results demonstrate the framework outperforms existing chaos-based and hybrid AES methods, achieving near-ideal entropy ( 7.997 bits per pixel), minimal pixel correlation, and strong differential resistance with NPCR (>99.6 %) and UACI ( 33 %–34 %). Encrypted images show uniform histograms and robustness against noise and data loss. The framework offers a scalable, secure solution for sensitive image transmission in applications such as surveillance, medical imaging, and digital forensics, bridging the gap between cryptographic strength and safe key distribution

本文提出了一种鲁棒的图像加密和密钥分发框架，该框架将增强的AES-128算法与混沌理论和先进的隐写技术相结合，用于双层安全。加密引擎的特点是动态ShiftRows操作，由逻辑映射控制，从二维hsamnon映射生成变量s -box，用于替换和密钥扩展，以及带有加密后异或扩散的反馈链，以改善混淆、扩散和密钥敏感性。为了解决安全密钥传递问题，该方案通过隐写修改的QR码引入了双密钥分发。静态密钥和aes加密的动态会话密钥使用最低有效位（LSB）隐写技术嵌入隐蔽提示消息。这种设计确保动态密钥只能在从隐藏消息重构静态密钥后才能解密，从而提供多因素防止拦截的保护。实验结果表明，该框架优于现有的基于混沌和混合AES方法，实现了接近理想的熵（7.997比特/像素），最小的像素相关性，以及与NPCR （> 99.6%）和UACI（33% - 34%）的强差分抵抗。加密后的图像具有均匀的直方图和抗噪声和数据丢失的鲁棒性。该框架为监控、医学成像和数字取证等应用中的敏感图像传输提供了可扩展的安全解决方案，弥合了加密强度和安全密钥分发之间的差距

{"title":"A Dual-Layer image encryption framework using chaotic AES with dynamic S-Boxes and steganographic QR codes","authors":"Md Rishadul Bayesh , Dabbrata Das , Md Ahadullah","doi":"10.1016/j.jisa.2025.104322","DOIUrl":"10.1016/j.jisa.2025.104322","url":null,"abstract":"<div><div>This paper presents a robust image encryption and key distribution framework that integrates an enhanced AES-128 algorithm with chaos theory and advanced steganographic techniques for dual-layer security. The encryption engine features a dynamic ShiftRows operation controlled by a logistic map, variable S-boxes generated from a two-dimensional Hénon map for substitution and key expansion, and feedback chaining with post-encryption XOR diffusion to improve confusion, diffusion, and key sensitivity. To address secure key delivery, the scheme introduces dual-key distribution via steganographically modified QR codes. A static key and an AES-encrypted dynamic session key are embedded with a covert hint message using least significant bit (LSB) steganography. This design ensures the dynamic key can only be decrypted after reconstructing the static key from the hidden message, offering multi-factor protection against interception. Experimental results demonstrate the framework outperforms existing chaos-based and hybrid AES methods, achieving near-ideal entropy ( 7.997 bits per pixel), minimal pixel correlation, and strong differential resistance with NPCR (>99.6 %) and UACI ( 33 %–34 %). Encrypted images show uniform histograms and robustness against noise and data loss. The framework offers a scalable, secure solution for sensitive image transmission in applications such as surveillance, medical imaging, and digital forensics, bridging the gap between cryptographic strength and safe key distribution</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104322"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145684286","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An efficient certificateless authentication scheme based on RSA accumulator for smart healthcare 基于RSA累加器的智能医疗高效无证书认证方案

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-27 DOI: 10.1016/j.jisa.2025.104319

Zhuowei Shen , Xiao Kou , Taiyao Yang

With the growing prevalence of smart healthcare applications in hospitals, certificateless cryptography has become one of the widely used methods to achieve secure communications. To reduce the heavy overhead caused by bilinear pairing operations, schemes based on elliptic curve cryptography (ECC) have been proposed to improve efficiency. However, many of these certificateless aggregate signature (CLAS) schemes focus solely on authenticity and integrity, neglecting the dynamic nature of inpatient membership. For instance, upon the discharge of inpatients from the ward following recovery, it becomes necessary to revoke their corresponding identities. Meanwhile, existing solutions, such as the time period key or the cuckoo filter, have failed to meet the demand due to the lack of timely membership changes and computational determinism individually. To address the dynamic requirement of real-world environments, we introduce an ECC-based CLAS scheme with an efficient membership update mechanism. By integrating the RSA accumulator into the CLAS framework and transmitting the auxiliary information via broadcasting, our proposed scheme facilitates efficient and timely membership updates with low overhead. Through comprehensive evaluations, our scheme outperforms comparable schemes regarding computational and communication overheads during the signing-verification and membership update phases.

随着智能医疗应用在医院的日益普及，无证加密已成为实现安全通信的广泛方法之一。为了减少双线性配对运算带来的繁重开销，提出了基于椭圆曲线密码术（ECC）的方案来提高效率。然而，许多无证书聚合签名（CLAS）方案只关注真实性和完整性，而忽略了住院会员的动态特性。例如，住院病人康复出院后，需要撤销其相应的身份。同时，现有的解决方案，如时间段密钥或杜鹃过滤器，由于缺乏及时的成员变化和单独的计算确定性而无法满足需求。为了满足现实环境的动态需求，我们引入了一种基于ecc的CLAS方案，该方案具有高效的成员更新机制。通过将RSA累加器集成到CLAS框架中，并通过广播传输辅助信息，我们提出的方案以低开销实现了高效、及时的成员更新。通过综合评估，我们的方案在签名验证和成员更新阶段的计算和通信开销方面优于可比方案。

{"title":"An efficient certificateless authentication scheme based on RSA accumulator for smart healthcare","authors":"Zhuowei Shen , Xiao Kou , Taiyao Yang","doi":"10.1016/j.jisa.2025.104319","DOIUrl":"10.1016/j.jisa.2025.104319","url":null,"abstract":"<div><div>With the growing prevalence of smart healthcare applications in hospitals, certificateless cryptography has become one of the widely used methods to achieve secure communications. To reduce the heavy overhead caused by bilinear pairing operations, schemes based on elliptic curve cryptography (ECC) have been proposed to improve efficiency. However, many of these certificateless aggregate signature (CLAS) schemes focus solely on authenticity and integrity, neglecting the dynamic nature of inpatient membership. For instance, upon the discharge of inpatients from the ward following recovery, it becomes necessary to revoke their corresponding identities. Meanwhile, existing solutions, such as the time period key or the cuckoo filter, have failed to meet the demand due to the lack of timely membership changes and computational determinism individually. To address the dynamic requirement of real-world environments, we introduce an ECC-based CLAS scheme with an efficient membership update mechanism. By integrating the RSA accumulator into the CLAS framework and transmitting the auxiliary information via broadcasting, our proposed scheme facilitates efficient and timely membership updates with low overhead. Through comprehensive evaluations, our scheme outperforms comparable schemes regarding computational and communication overheads during the signing-verification and membership update phases.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104319"},"PeriodicalIF":3.7,"publicationDate":"2025-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145615159","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Intervalmapping and QR code based multi-stage reversible watermarking scheme for vector map distribution and source tracing 基于间隔映射和QR码的矢量图分布和源跟踪多阶段可逆水印方案

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-24 DOI: 10.1016/j.jisa.2025.104303

Xu Xi, Mingkang Wu, Jie Zhang, Huimin Tian, Jinglong Du

Digital watermarking is crucial for vector map safeguard, yet current applications focus on watermark response mechanisms targeted at thieves and unauthorized users, existing studies presume data protection in the context of harmful propagation and unlawful use, while ignoring the responsibility tracing of data distributors. To address this issue, this study designs a secure distribution scheme of vector maps using QR codes and a reversible watermarking algorithm to trace and identify both distributor and propagation paths. During watermark encoding, QR codes carry watermark information, recording distributor and recipient details at each distribution stage. By leveraging the high payload capacity and error-correction capability of QR codes, the data distribution path is effectively recorded. With each data distribution, watermark extraction and re-embedding are executed. In terms of algorithm design, a reversible watermarking algorithm based on interval mapping is designed based on quantitative index modulation. The algorithm defines sub-intervals according to embedding strength, modulates coordinate points using grouped watermark information, and uses the average coordinates of all vertices as a key for watermark extraction and data recovery. The experimental results show that the proposed scheme can successfully extract the QR codes and recover the embedded information even after ten consecutive cycles of embedding and extraction. This is achieved while maintaining high robustness and controlled perturbations, even when the scheme undergoes to strong geometric and vertex-editing attacks like rotation, vertex deletion, and cropping.

数字水印对矢量图安全至关重要，但目前的应用主要集中在针对窃贼和未经授权用户的水印响应机制上，现有研究将数据保护假设在有害传播和非法使用的背景下，而忽略了数据分发者的责任追踪。为了解决这个问题，本研究设计了一个安全的矢量地图分发方案，使用QR码和可逆水印算法来跟踪和识别分发和传播路径。在水印编码过程中，QR码携带水印信息，记录每个分发阶段的分发者和接收者的详细信息。利用二维码的高载荷能力和纠错能力，有效记录数据分发路径。在每一次数据分布中，都进行水印提取和重新嵌入。在算法设计方面，设计了一种基于定量指标调制的区间映射可逆水印算法。该算法根据嵌入强度定义子区间，利用分组水印信息调制坐标点，并以所有顶点的平均坐标作为水印提取和数据恢复的关键。实验结果表明，在连续10个周期的嵌入和提取后，该方法仍能成功提取出嵌入的信息。这是在保持高鲁棒性和可控扰动的同时实现的，即使该方案经历了强烈的几何和顶点编辑攻击，如旋转、顶点删除和裁剪。

{"title":"Intervalmapping and QR code based multi-stage reversible watermarking scheme for vector map distribution and source tracing","authors":"Xu Xi, Mingkang Wu, Jie Zhang, Huimin Tian, Jinglong Du","doi":"10.1016/j.jisa.2025.104303","DOIUrl":"10.1016/j.jisa.2025.104303","url":null,"abstract":"<div><div>Digital watermarking is crucial for vector map safeguard, yet current applications focus on watermark response mechanisms targeted at thieves and unauthorized users, existing studies presume data protection in the context of harmful propagation and unlawful use, while ignoring the responsibility tracing of data distributors. To address this issue, this study designs a secure distribution scheme of vector maps using QR codes and a reversible watermarking algorithm to trace and identify both distributor and propagation paths. During watermark encoding, QR codes carry watermark information, recording distributor and recipient details at each distribution stage. By leveraging the high payload capacity and error-correction capability of QR codes, the data distribution path is effectively recorded. With each data distribution, watermark extraction and re-embedding are executed. In terms of algorithm design, a reversible watermarking algorithm based on interval mapping is designed based on quantitative index modulation. The algorithm defines sub-intervals according to embedding strength, modulates coordinate points using grouped watermark information, and uses the average coordinates of all vertices as a key for watermark extraction and data recovery. The experimental results show that the proposed scheme can successfully extract the QR codes and recover the embedded information even after ten consecutive cycles of embedding and extraction. This is achieved while maintaining high robustness and controlled perturbations, even when the scheme undergoes to strong geometric and vertex-editing attacks like rotation, vertex deletion, and cropping.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104303"},"PeriodicalIF":3.7,"publicationDate":"2025-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145615158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A privacy-preserving information sharing scheme in online social networks 在线社交网络中保护隐私的信息共享方案

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-21 DOI: 10.1016/j.jisa.2025.104304

Yehong Luo , Nafei Zhu , Jingsha He , Anca Delia Jurcut , Yuzi Yi , Xiangjun Ma , Juan Fang

Information leakage during sharing among users is a critical concern for individuals in online social networks (OSNs). The key to addressing the concern is to align privacy protection policies with the subjective willingness of privacy subjects to maximize the utility of information while achieving privacy protection. In this paper, we propose a new framework that can be used to dynamically modulate the extent of information sharing and privacy protection by regulating the scale of propagation of privacy information. In the proposed framework, we firstly define privacy information propagation conditions (PPCs) and then design a PPC-based privacy-preserving information sharing scheme. This scheme performs privacy risk assessment according to the subjective willingness and the consensus on the sensitivity of privacy information as the basis for trade-offs between privacy protection and information sharing. We introduce PPC-TD3, a variant of Twin Delayed Deep Deterministic policy gradient (TD3) integrated with our PPC framework, to identify decision points that maximize information-sharing utility while ensuring robust privacy protection. Theoretical analysis and extensive experiment show that the proposed framework can optimally balance privacy protection and information sharing through identifying the point where the utility of information is maximized.

在线社交网络（online social network, OSNs）中，用户共享过程中的信息泄露是个人关注的一个重要问题。解决这一问题的关键是使隐私保护政策符合隐私主体的主观意愿，在实现隐私保护的同时实现信息效用最大化。在本文中，我们提出了一个新的框架，可以通过调节隐私信息的传播规模来动态调节信息共享和隐私保护的程度。在该框架中，我们首先定义了隐私信息传播条件（PPCs），然后设计了一个基于PPCs的隐私信息共享方案。该方案根据隐私信息的主观意愿和对隐私信息敏感性的共识进行隐私风险评估，作为隐私保护与信息共享之间权衡的基础。我们引入了PPC-TD3，这是双延迟深度确定性策略梯度（TD3）的一种变体，与我们的PPC框架集成在一起，以确定最大限度地提高信息共享效用的决策点，同时确保强大的隐私保护。理论分析和大量实验表明，该框架通过识别信息效用最大化的点，可以实现隐私保护和信息共享的最优平衡。

{"title":"A privacy-preserving information sharing scheme in online social networks","authors":"Yehong Luo , Nafei Zhu , Jingsha He , Anca Delia Jurcut , Yuzi Yi , Xiangjun Ma , Juan Fang","doi":"10.1016/j.jisa.2025.104304","DOIUrl":"10.1016/j.jisa.2025.104304","url":null,"abstract":"<div><div>Information leakage during sharing among users is a critical concern for individuals in online social networks (OSNs). The key to addressing the concern is to align privacy protection policies with the subjective willingness of privacy subjects to maximize the utility of information while achieving privacy protection. In this paper, we propose a new framework that can be used to dynamically modulate the extent of information sharing and privacy protection by regulating the scale of propagation of privacy information. In the proposed framework, we firstly define privacy information propagation conditions (PPCs) and then design a PPC-based privacy-preserving information sharing scheme. This scheme performs privacy risk assessment according to the subjective willingness and the consensus on the sensitivity of privacy information as the basis for trade-offs between privacy protection and information sharing. We introduce PPC-TD3, a variant of Twin Delayed Deep Deterministic policy gradient (TD3) integrated with our PPC framework, to identify decision points that maximize information-sharing utility while ensuring robust privacy protection. Theoretical analysis and extensive experiment show that the proposed framework can optimally balance privacy protection and information sharing through identifying the point where the utility of information is maximized.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104304"},"PeriodicalIF":3.7,"publicationDate":"2025-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569602","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Revocable multi-authority attribute-based keyword search scheme for enhanced security in multi-owner settings 可撤销的基于多授权机构属性的关键字搜索方案，用于增强多所有者设置中的安全性

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-20 DOI: 10.1016/j.jisa.2025.104315

Zongmin Wang, Qiang Wang, Fucai Zhou, Jian Xu

Attribute-based keyword search (ABKS) has emerged as an effective approach for secure, fine-grained data retrieval in encrypted cloud environments. Although traditional ABKS effectively enforces access policies, it suffers from significant limitations in multi-owner settings, where decentralized control and collaborative governance are required. In addition, existing ABKS schemes encounter several unresolved security challenges. First, as ABKS is built upon attribute-based encryption (ABE), it inevitably inherits its shortcomings, including key escrow and single points of failure. Second, it lacks the ability to detect servers that intentionally return incorrect results, while existing verification mechanisms risk exposing sensitive information. Third, misbehaving cloud service providers face no penalty and may continue to provide services without restriction.

To address these challenges, we propose a revocable multi-authority attribute-based keyword search (RMA-ABKS) scheme tailored for multi-owner environments. RMA-ABKS integrates multi-authority ABE with searchable encryption to decentralize trust and eliminate key escrow, while enabling collaborative access policy formulation across multiple owners. For the remaining challenges, we incorporate a blockchain-based blind verification mechanism to ensure result integrity without privacy leakage, and a cryptographic revocation mechanism to disable malicious cloud servers. Formal security proofs demonstrate selective security and resilience, while experimental evaluations confirm computational efficiency comparable to advanced schemes.

基于属性的关键字搜索（ABKS）已经成为加密云环境中安全、细粒度数据检索的有效方法。尽管传统的ABKS有效地执行了访问策略，但它在多所有者设置中存在显着的局限性，其中需要分散控制和协作治理。此外，现有的ABKS方案遇到了一些未解决的安全挑战。首先，由于ABKS建立在基于属性的加密（ABE）之上，它不可避免地继承了它的缺点，包括密钥托管和单点故障。其次，它缺乏检测故意返回错误结果的服务器的能力，而现有的验证机制有暴露敏感信息的风险。第三，行为不端的云服务提供商不会受到处罚，可以继续不受限制地提供服务。为了解决这些挑战，我们提出了一种针对多所有者环境量身定制的可撤销的多权威基于属性的关键字搜索（RMA-ABKS）方案。RMA-ABKS将多权威ABE与可搜索加密集成在一起，以分散信任并消除密钥托管，同时实现跨多个所有者的协作访问策略制定。对于剩下的挑战，我们采用了基于区块链的盲验证机制来确保结果的完整性而不会泄露隐私，并采用了加密撤销机制来禁用恶意云服务器。正式的安全证明证明了选择性安全性和弹性，而实验评估证实了与高级方案相当的计算效率。

{"title":"Revocable multi-authority attribute-based keyword search scheme for enhanced security in multi-owner settings","authors":"Zongmin Wang, Qiang Wang, Fucai Zhou, Jian Xu","doi":"10.1016/j.jisa.2025.104315","DOIUrl":"10.1016/j.jisa.2025.104315","url":null,"abstract":"<div><div>Attribute-based keyword search (ABKS) has emerged as an effective approach for secure, fine-grained data retrieval in encrypted cloud environments. Although traditional ABKS effectively enforces access policies, it suffers from significant limitations in multi-owner settings, where decentralized control and collaborative governance are required. In addition, existing ABKS schemes encounter several unresolved security challenges. First, as ABKS is built upon attribute-based encryption (ABE), it inevitably inherits its shortcomings, including key escrow and single points of failure. Second, it lacks the ability to detect servers that intentionally return incorrect results, while existing verification mechanisms risk exposing sensitive information. Third, misbehaving cloud service providers face no penalty and may continue to provide services without restriction.</div><div>To address these challenges, we propose a revocable multi-authority attribute-based keyword search (RMA-ABKS) scheme tailored for multi-owner environments. RMA-ABKS integrates multi-authority ABE with searchable encryption to decentralize trust and eliminate key escrow, while enabling collaborative access policy formulation across multiple owners. For the remaining challenges, we incorporate a blockchain-based blind verification mechanism to ensure result integrity without privacy leakage, and a cryptographic revocation mechanism to disable malicious cloud servers. Formal security proofs demonstrate selective security and resilience, while experimental evaluations confirm computational efficiency comparable to advanced schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104315"},"PeriodicalIF":3.7,"publicationDate":"2025-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0