Journal of Information Security and Applications最新文献_第7页

Realization of multi-image encryption algorithm based on DNA and chaotic system on FPGA 基于DNA和混沌系统的多图像加密算法在FPGA上的实现

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-03 DOI: 10.1016/j.jisa.2025.104267

Nermeen H. Abdelzaher , Mohammed H. Yacoub , Lobna A. Said

This paper introduces an efficient FPGA-based image encryption architecture for securing the transmission of grayscale images over high-data-rate networks. The design supports single and multi-image encryption by fusing multiple grayscale input images into a single encrypted three-channel representation. The fractional-order Nose-Hoover hyperchaotic system and the logistic map are employed to generate pseudo-random sequences for the permutation, scrambling, and DNA processing stages. The initial conditions for the chaotic systems result from XORing a SHA-256 hash of the fused image with a user-defined key. Each channel undergoes a sequence of operations: permutation, pixel-level scrambling, DNA encoding, DNA-based XOR operation, and decoding. The proposed algorithm is implemented on an Xilinx Kintex UltraScale KCU105 FPGA and operates at a maximum frequency of 51.3 MHz. The system’s security performance is evaluated through several widely employed statistical metrics. The cipher image achieve an average entropy of 7.9995 in encrypting four 512 × 512 images using the multi-image encryption scheme. The design is robust against differential attacks, achieving high NPCR and UACI averages of 99.6% and 33.47%, respectively. Additionally, it demonstrates robustness against various analysis methods, including cropping attacks and noise attacks. The algorithm passes the NIST statistical test and demonstrates robustness against known plaintext attacks, supporting its suitability for secure and high-throughput image communication applications.

本文介绍了一种高效的基于fpga的图像加密体系结构，用于在高数据速率网络上保护灰度图像的传输。该设计通过将多个灰度输入图像融合到单个加密的三通道表示中来支持单图像和多图像加密。采用分数阶Nose-Hoover超混沌系统和logistic映射来生成排列、置乱和DNA处理阶段的伪随机序列。混沌系统的初始条件是由使用用户定义的密钥对融合图像的SHA-256哈希进行XORing产生的。每个通道都要经历一系列操作：排列、像素级置乱、DNA编码、基于DNA的异或操作和解码。该算法在Xilinx Kintex UltraScale KCU105 FPGA上实现，最大工作频率为51.3 MHz。系统的安全性能通过几个广泛使用的统计指标进行评估。采用多图像加密方案对4张512 × 512的图像进行加密，得到的加密图像的平均熵为7.9995。该设计对差分攻击具有鲁棒性，NPCR和UACI平均值分别达到99.6%和33.47%。此外，它还证明了对各种分析方法的鲁棒性，包括裁剪攻击和噪声攻击。该算法通过了NIST的统计测试，并证明了对已知明文攻击的鲁棒性，支持其适用于安全和高吞吐量的图像通信应用。

{"title":"Realization of multi-image encryption algorithm based on DNA and chaotic system on FPGA","authors":"Nermeen H. Abdelzaher , Mohammed H. Yacoub , Lobna A. Said","doi":"10.1016/j.jisa.2025.104267","DOIUrl":"10.1016/j.jisa.2025.104267","url":null,"abstract":"<div><div>This paper introduces an efficient FPGA-based image encryption architecture for securing the transmission of grayscale images over high-data-rate networks. The design supports single and multi-image encryption by fusing multiple grayscale input images into a single encrypted three-channel representation. The fractional-order Nose-Hoover hyperchaotic system and the logistic map are employed to generate pseudo-random sequences for the permutation, scrambling, and DNA processing stages. The initial conditions for the chaotic systems result from XORing a SHA-256 hash of the fused image with a user-defined key. Each channel undergoes a sequence of operations: permutation, pixel-level scrambling, DNA encoding, DNA-based XOR operation, and decoding. The proposed algorithm is implemented on an Xilinx Kintex UltraScale KCU105 FPGA and operates at a maximum frequency of 51.3 MHz. The system’s security performance is evaluated through several widely employed statistical metrics. The cipher image achieve an average entropy of 7.9995 in encrypting four 512 × 512 images using the multi-image encryption scheme. The design is robust against differential attacks, achieving high NPCR and UACI averages of 99.6% and 33.47%, respectively. Additionally, it demonstrates robustness against various analysis methods, including cropping attacks and noise attacks. The algorithm passes the NIST statistical test and demonstrates robustness against known plaintext attacks, supporting its suitability for secure and high-throughput image communication applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104267"},"PeriodicalIF":3.7,"publicationDate":"2025-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145428832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SecTwin: A secure and efficient authentication mechanism for vehicular digital twins SecTwin：一种安全有效的车辆数字孪生认证机制

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-02 DOI: 10.1016/j.jisa.2025.104292

Muhammad Tanveer , Kainat Toor , Abdullah G. Alharbi , Syed Rizwan Hassan

As vehicular digital twin (VDT) networks continue to evolve, ensuring secure and efficient communication between physical vehicles and their digital counterparts is crucial. Traditional authentication protocols rely on computationally intensive cryptographic techniques, leading to increased latency and resource consumption in real-time vehicular environments. To address these challenges, this paper proposes SecTwin, a lightweight authentication mechanism designed specifically for VDT networks. SecTwin leverages TinyJAMBU authenticated encryption and hash-based authentication to establish a secure and resource-efficient communication framework between autonomous vehicles and their DTs. By integrating lightweight cryptographic techniques and secure key management, SecTwin enhances the security and efficiency of VDT networks, paving the way for reliable and safe autonomous vehicle communication. The informal demonstrates that SecTwin is resilient against key security threats, including replay attacks, impersonation, and man-in-the-middle attacks. Moreover, formal security analysis using the random oracle model and Scyther shows SecTwin is secure. Additionally, performance evaluations reveal that SecTwin reduces communication cost by 51.22%, to 52.38% and execution time by 63.29% to 82.63%, making it highly suitable for latency-sensitive vehicular applications.

随着车辆数字孪生（VDT）网络的不断发展，确保实体车辆与数字车辆之间安全高效的通信至关重要。传统的身份验证协议依赖于计算密集型的加密技术，导致实时车辆环境中的延迟和资源消耗增加。为了应对这些挑战，本文提出了专为VDT网络设计的轻量级身份验证机制SecTwin。SecTwin利用TinyJAMBU身份验证加密和基于哈希的身份验证，在自动驾驶汽车和它们的dt之间建立了一个安全和资源高效的通信框架。通过集成轻量级加密技术和安全密钥管理，SecTwin增强了VDT网络的安全性和效率，为可靠和安全的自动驾驶汽车通信铺平了道路。非正式证明了SecTwin能够抵御关键的安全威胁，包括重播攻击、模拟和中间人攻击。此外，使用随机oracle模型和Scyther进行了形式化的安全性分析，表明SecTwin是安全的。此外，性能评估显示，SecTwin将通信成本降低了51.22%，降至52.38%，执行时间降低了63.29%，降至82.63%，非常适合对延迟敏感的车载应用。

{"title":"SecTwin: A secure and efficient authentication mechanism for vehicular digital twins","authors":"Muhammad Tanveer , Kainat Toor , Abdullah G. Alharbi , Syed Rizwan Hassan","doi":"10.1016/j.jisa.2025.104292","DOIUrl":"10.1016/j.jisa.2025.104292","url":null,"abstract":"<div><div>As vehicular digital twin (VDT) networks continue to evolve, ensuring secure and efficient communication between physical vehicles and their digital counterparts is crucial. Traditional authentication protocols rely on computationally intensive cryptographic techniques, leading to increased latency and resource consumption in real-time vehicular environments. To address these challenges, this paper proposes SecTwin, a lightweight authentication mechanism designed specifically for VDT networks. SecTwin leverages TinyJAMBU authenticated encryption and hash-based authentication to establish a secure and resource-efficient communication framework between autonomous vehicles and their DTs. By integrating lightweight cryptographic techniques and secure key management, SecTwin enhances the security and efficiency of VDT networks, paving the way for reliable and safe autonomous vehicle communication. The informal demonstrates that SecTwin is resilient against key security threats, including replay attacks, impersonation, and man-in-the-middle attacks. Moreover, formal security analysis using the random oracle model and Scyther shows SecTwin is secure. Additionally, performance evaluations reveal that SecTwin reduces communication cost by 51.22%, to 52.38% and execution time by 63.29% to 82.63%, making it highly suitable for latency-sensitive vehicular applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104292"},"PeriodicalIF":3.7,"publicationDate":"2025-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145474740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Defeating evasive malware with Peekaboo: Extracting authentic malware behavior with dynamic binary instrumentation 用躲猫猫打败逃避恶意软件：用动态二进制工具提取真实的恶意软件行为

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-10-31 DOI: 10.1016/j.jisa.2025.104290

Matthew Gaber, Mohiuddin Ahmed, Helge Janicke

The accuracy of Artificial Intelligence (AI) in malware detection is dependent on the features it is trained with, where the quality and authenticity of these features is dependent on the dataset and the analysis tool. Evasive malware, that alters its behavior in analysis environments, is challenging to extract authentic features from where widely used static and dynamic analysis tools have several limitations. However, Dynamic Binary Instrumentation (DBI) allows deep and precise control of the malware sample, thereby facilitating the extraction of authentic behavior from evasive malware. Considering the limitations of malware analysis for use with AI, this research had two primary objectives: investigation of the evasive techniques used by modern malware and the creation of Peekaboo, a DBI tool to extract authentic data from live Windows malware samples. Peekaboo instruments and defeats evasive techniques that target analysis tools and virtual environments. A dataset of 20,500 samples was assembled and each sample was run for up to 15 min to observe not only the anti-analysis techniques used but also its complete behavior. Peekaboo outperforms other tools on several fronts, it is the only tool to measure start and completion rates, capture the executed Assembly (ASM) instructions, record all network traffic and implements the largest coverage against evasive techniques.

人工智能（AI）在恶意软件检测中的准确性取决于它所训练的特征，其中这些特征的质量和真实性取决于数据集和分析工具。规避型恶意软件会改变其在分析环境中的行为，很难从广泛使用的静态和动态分析工具中提取出真实的特征。然而，动态二进制检测（DBI）允许对恶意软件样本进行深入和精确的控制，从而促进从规避恶意软件中提取真实行为。考虑到与AI一起使用的恶意软件分析的局限性，本研究有两个主要目标：调查现代恶意软件使用的规避技术，以及创建Peekaboo（一种DBI工具，用于从实时Windows恶意软件样本中提取真实数据）。针对分析工具和虚拟环境的躲猫猫工具和失败规避技术。收集了20,500个样本的数据集，每个样本运行长达15分钟，不仅观察使用的反分析技术，还观察其完整行为。Peekaboo在几个方面都优于其他工具，它是测量启动率和完成率的唯一工具，捕获已执行的汇编（ASM）指令，记录所有网络流量，并实现最大范围的规避技术。

{"title":"Defeating evasive malware with Peekaboo: Extracting authentic malware behavior with dynamic binary instrumentation","authors":"Matthew Gaber, Mohiuddin Ahmed, Helge Janicke","doi":"10.1016/j.jisa.2025.104290","DOIUrl":"10.1016/j.jisa.2025.104290","url":null,"abstract":"<div><div>The accuracy of Artificial Intelligence (AI) in malware detection is dependent on the features it is trained with, where the quality and authenticity of these features is dependent on the dataset and the analysis tool. Evasive malware, that alters its behavior in analysis environments, is challenging to extract authentic features from where widely used static and dynamic analysis tools have several limitations. However, Dynamic Binary Instrumentation (DBI) allows deep and precise control of the malware sample, thereby facilitating the extraction of authentic behavior from evasive malware. Considering the limitations of malware analysis for use with AI, this research had two primary objectives: investigation of the evasive techniques used by modern malware and the creation of Peekaboo, a DBI tool to extract authentic data from live Windows malware samples. Peekaboo instruments and defeats evasive techniques that target analysis tools and virtual environments. A dataset of 20,500 samples was assembled and each sample was run for up to 15 min to observe not only the anti-analysis techniques used but also its complete behavior. Peekaboo outperforms other tools on several fronts, it is the only tool to measure start and completion rates, capture the executed Assembly (ASM) instructions, record all network traffic and implements the largest coverage against evasive techniques.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104290"},"PeriodicalIF":3.7,"publicationDate":"2025-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Intrusion detection systems in IoT: A detailed review of threat categories, detection strategies, and future technologies 物联网中的入侵检测系统：对威胁类别、检测策略和未来技术的详细回顾

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-10-31 DOI: 10.1016/j.jisa.2025.104291

Burak Aydin , Hakan Aydin , Sedat Gormus

The rapid growth of the Internet of Things (IoT) has transformed numerous sectors by enabling enhanced connectivity and automation among devices in industrial settings. However, this expansion has brought forward notable security concerns, as Internet enabled and connected devices has become increasingly vulnerable to a variety of cyberattacks. This has elevated the importance of Internet of Things security, necessitating robust defense mechanisms. In this paper, we thoroughly examine Intrusion Detection Systems (IDS) within the context of IoT networks, focusing on the different types of attacks and the corresponding detection methods designed to counteract them. Specifically, we classify IoT-specific threats into categories such as network based, device-level, data-centric, and insider attacks, providing insights into their mechanisms, impacts, and real-world occurrences. To address these threats, various IDS approaches are discussed, including signature based IDS, anomaly based IDS, specification based IDS, and hybrid IDS techniques. We further explore the application of Machine Learning in enhancing IDS capabilities for Internet of Things security. Each method’s strengths and limitations are evaluated in terms of accuracy, adaptability, computational efficiency, and scalability. By exploring emerging trends, ongoing challenges, and potential future directions in IDS research for IoT, this study underscores the urgent need for adaptive, scalable, and effective IDS frameworks to protect IoT ecosystems against evolving cyber threats. In addition, this survey provides a critical assessment of the current research landscape, highlighting the fundamental challenges that remain unresolved and outlining future research directions derived both from the existing literature and our own domain-specific analysis.

物联网（IoT）的快速增长通过增强工业环境中设备之间的连接和自动化，改变了许多行业。然而，这种扩张也带来了显著的安全问题，因为支持互联网和连接的设备越来越容易受到各种网络攻击。这提升了物联网安全的重要性，需要强大的防御机制。在本文中，我们深入研究了物联网网络背景下的入侵检测系统（IDS），重点关注不同类型的攻击以及相应的检测方法。具体来说，我们将物联网特定的威胁分为基于网络、设备级、以数据为中心和内部攻击等类别，并提供了对其机制、影响和现实世界事件的见解。为了解决这些威胁，本文讨论了各种入侵检测方法，包括基于签名的入侵检测、基于异常的入侵检测、基于规范的入侵检测和混合入侵检测技术。我们进一步探索机器学习在增强物联网安全入侵检测能力方面的应用。每种方法的优点和局限性都是根据准确性、适应性、计算效率和可伸缩性来评估的。通过探索物联网入侵防御研究的新兴趋势、持续挑战和潜在的未来方向，本研究强调了对自适应、可扩展和有效的入侵防御框架的迫切需求，以保护物联网生态系统免受不断变化的网络威胁。此外，本调查还对当前的研究前景进行了批判性评估，突出了尚未解决的基本挑战，并从现有文献和我们自己的领域特定分析中概述了未来的研究方向。

{"title":"Intrusion detection systems in IoT: A detailed review of threat categories, detection strategies, and future technologies","authors":"Burak Aydin , Hakan Aydin , Sedat Gormus","doi":"10.1016/j.jisa.2025.104291","DOIUrl":"10.1016/j.jisa.2025.104291","url":null,"abstract":"<div><div>The rapid growth of the Internet of Things (IoT) has transformed numerous sectors by enabling enhanced connectivity and automation among devices in industrial settings. However, this expansion has brought forward notable security concerns, as Internet enabled and connected devices has become increasingly vulnerable to a variety of cyberattacks. This has elevated the importance of Internet of Things security, necessitating robust defense mechanisms. In this paper, we thoroughly examine Intrusion Detection Systems (IDS) within the context of IoT networks, focusing on the different types of attacks and the corresponding detection methods designed to counteract them. Specifically, we classify IoT-specific threats into categories such as network based, device-level, data-centric, and insider attacks, providing insights into their mechanisms, impacts, and real-world occurrences. To address these threats, various IDS approaches are discussed, including signature based IDS, anomaly based IDS, specification based IDS, and hybrid IDS techniques. We further explore the application of Machine Learning in enhancing IDS capabilities for Internet of Things security. Each method’s strengths and limitations are evaluated in terms of accuracy, adaptability, computational efficiency, and scalability. By exploring emerging trends, ongoing challenges, and potential future directions in IDS research for IoT, this study underscores the urgent need for adaptive, scalable, and effective IDS frameworks to protect IoT ecosystems against evolving cyber threats. In addition, this survey provides a critical assessment of the current research landscape, highlighting the fundamental challenges that remain unresolved and outlining future research directions derived both from the existing literature and our own domain-specific analysis.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104291"},"PeriodicalIF":3.7,"publicationDate":"2025-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424927","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Collusion-resistant multi-user searchable symmetric encryption with conjunctive query and suppressed pattern leakage 具有联合查询和抑制模式泄漏的抗合谋多用户可搜索对称加密

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-10-28 DOI: 10.1016/j.jisa.2025.104289

Yanpeng Ba , Yuan Ping , Zengpeng Li , Zheng Yuan

Existing multi-user searchable symmetric encryption (MUSSE) schemes often depend on the honesty of users or the assumption that multiple servers will not collude, which compromises security to some extent. While a few collusion-resistant MUSSE schemes are designed for single-server settings, they are limited to single-keyword searches and suffer from significant pattern leakage, making them vulnerable to leakage-abuse attacks (LAAs). We introduce CQ-MUSSE, the first collusion-resistant MUSSE scheme in a single-server setting that supports conjunctive queries to address these limitations. Indeed, CQ-MUSSE enables users to search for multiple keywords simultaneously with a single query. The scheme leverages bloom filters to construct forward indexes and incorporates random dummy keywords into queries to obfuscate search patterns effectively reducing pattern leakage. This design enhances security at the expense of a minor reduction in search result accuracy. The scheme can precisely return documents matching the conjunctive query when pattern leakage is ignored. Experimental evaluations confirm that CQ-MUSSE provides greater search flexibility and improved security with only a moderate increase in computational overhead.

现有的多用户可搜索对称加密（MUSSE）方案往往依赖于用户的诚实性或多台服务器不会串通的假设，这在一定程度上损害了安全性。虽然一些抗合谋的MUSSE方案是为单服务器设置而设计的，但它们仅限于单关键字搜索，并且遭受严重的模式泄漏，使它们容易受到泄漏滥用攻击（LAAs）。我们引入了CQ-MUSSE，这是单服务器设置中第一个抗合谋的MUSSE方案，它支持连接查询来解决这些限制。实际上，CQ-MUSSE允许用户通过一个查询同时搜索多个关键字。该方案利用布隆过滤器构建前向索引，并在查询中加入随机虚拟关键字来混淆搜索模式，有效减少模式泄漏。这种设计增强了安全性，但代价是搜索结果的准确性略有降低。该方案可以在忽略模式泄漏的情况下，精确地返回与连接查询匹配的文档。实验评估证实，CQ-MUSSE提供了更大的搜索灵活性和改进的安全性，而计算开销仅略有增加。

{"title":"Collusion-resistant multi-user searchable symmetric encryption with conjunctive query and suppressed pattern leakage","authors":"Yanpeng Ba , Yuan Ping , Zengpeng Li , Zheng Yuan","doi":"10.1016/j.jisa.2025.104289","DOIUrl":"10.1016/j.jisa.2025.104289","url":null,"abstract":"<div><div>Existing multi-user searchable symmetric encryption (MUSSE) schemes often depend on the honesty of users or the assumption that multiple servers will not collude, which compromises security to some extent. While a few collusion-resistant MUSSE schemes are designed for single-server settings, they are limited to single-keyword searches and suffer from significant pattern leakage, making them vulnerable to leakage-abuse attacks (LAAs). We introduce CQ-MUSSE, the first collusion-resistant MUSSE scheme in a single-server setting that supports conjunctive queries to address these limitations. Indeed, CQ-MUSSE enables users to search for multiple keywords simultaneously with a single query. The scheme leverages bloom filters to construct forward indexes and incorporates random dummy keywords into queries to obfuscate search patterns effectively reducing pattern leakage. This design enhances security at the expense of a minor reduction in search result accuracy. The scheme can precisely return documents matching the conjunctive query when pattern leakage is ignored. Experimental evaluations confirm that CQ-MUSSE provides greater search flexibility and improved security with only a moderate increase in computational overhead.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104289"},"PeriodicalIF":3.7,"publicationDate":"2025-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424929","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

WeiDetect: Weibull distribution-based defense against poisoning attacks in federated learning for network intrusion detection systems WeiDetect：在网络入侵检测系统的联邦学习中，基于Weibull分布的中毒攻击防御

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-10-28 DOI: 10.1016/j.jisa.2025.104275

Sameera K.M. , Vinod P. , Anderson Rocha , Rafidha Rehiman K.A. , Mauro Conti

The rapid growth of Internet of Things (IoT) devices has expanded the cyber-attack surface, making traditional Network Intrusion Detection Systems (NIDS) less effective against modern, dynamic threats. The rise of privacy concerns and legal restrictions also limits the use of centralized security systems, highlighting the need for decentralized alternatives. Federated Learning (FL)-based NIDS addresses this by training models without sharing private user data. However, these systems are still vulnerable to poisoning attacks and can suffer from performance issues due to varied client data. In this paper, we introduce WeiDetect, a novel two-phase defense mechanism for FL-based NIDS. Operating on the server side, WeiDetect tackles both adversarial attacks and client data heterogeneity. It works by evaluating local models with a validation dataset, fitting their performance scores to a Weibull distribution for identifying and excluding malicious or low-quality models before aggregation. Our experimental results show that WeiDetect outperforms existing defenses, improving target class recall by up to 70% and enhancing the global model’s F1 score by 1%–14%.

物联网（IoT）设备的快速增长扩大了网络攻击面，使传统的网络入侵检测系统（NIDS）对现代动态威胁的有效性降低。隐私问题和法律限制的增加也限制了集中式安全系统的使用，凸显了对分散替代方案的需求。基于联邦学习（FL）的NIDS通过在不共享私有用户数据的情况下训练模型来解决这个问题。然而，这些系统仍然容易受到中毒攻击，并且由于客户端数据的变化，可能会出现性能问题。本文介绍了一种新的基于网络入侵的两阶段防御机制WeiDetect。在服务器端操作，WeiDetect处理对抗性攻击和客户端数据异构。它的工作原理是用验证数据集评估局部模型，将它们的性能分数拟合到威布尔分布，以便在聚合之前识别和排除恶意或低质量的模型。我们的实验结果表明，WeiDetect优于现有的防御，将目标类别召回率提高了70%，并将全局模型的F1分数提高了1%-14%。

{"title":"WeiDetect: Weibull distribution-based defense against poisoning attacks in federated learning for network intrusion detection systems","authors":"Sameera K.M. , Vinod P. , Anderson Rocha , Rafidha Rehiman K.A. , Mauro Conti","doi":"10.1016/j.jisa.2025.104275","DOIUrl":"10.1016/j.jisa.2025.104275","url":null,"abstract":"<div><div>The rapid growth of Internet of Things (IoT) devices has expanded the cyber-attack surface, making traditional Network Intrusion Detection Systems (NIDS) less effective against modern, dynamic threats. The rise of privacy concerns and legal restrictions also limits the use of centralized security systems, highlighting the need for decentralized alternatives. Federated Learning (FL)-based NIDS addresses this by training models without sharing private user data. However, these systems are still vulnerable to poisoning attacks and can suffer from performance issues due to varied client data. In this paper, we introduce WeiDetect, a novel two-phase defense mechanism for FL-based NIDS. Operating on the server side, WeiDetect tackles both adversarial attacks and client data heterogeneity. It works by evaluating local models with a validation dataset, fitting their performance scores to a Weibull distribution for identifying and excluding malicious or low-quality models before aggregation. Our experimental results show that WeiDetect outperforms existing defenses, improving target class recall by up to 70% and enhancing the global model’s F1 score by 1%–14%.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104275"},"PeriodicalIF":3.7,"publicationDate":"2025-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424930","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Quantum-safe and provable secure vehicle to infrastructure authenticated key-agreement for VANETs 量子安全和可验证的安全车辆到基础设施的VANETs认证密钥协议

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-10-27 DOI: 10.1016/j.jisa.2025.104274

Nahida Majeed Wani , Girraj Kumar Verma , Neeraj Kumar

The rapid progression of Vehicular Ad-Hoc Networks (VANETs) has greatly eased the dissemination of safety-critical data among vehicles. However, the susceptibility of wireless links in VANETs to malicious attacks presents a significant obstacle. To mitigate the obstacle, various authenticated key agreement (AKA) schemes have been devised to establish secure communication between vehicles and infrastructure. However, the advent of quantum computing threatens the security of traditional number theory-based AKA schemes. As a countermeasure, lattice-based schemes have emerged, offering quantum resistance. However, many such lattice-based schemes incur high computational and communication overhead. To overcome these limitations, this paper proposes an efficient and provably secure lattice-based AKA scheme for VANETs. Devised AKA protocol leverages quantum-safe lattice-based cryptography to ensure communication security between vehicles and infrastructure. A comprehensive security analysis within the Real-or-Random model framework validates the proposed scheme’s robustness. Furthermore, performance analysis shows that the proposed scheme reduces computational cost by approximately 92% and communication cost by 29% compared to the existing recent approach, making it well-suited for VANET deployment.

车载自组织网络（VANETs）的快速发展极大地简化了安全关键数据在车辆之间的传播。然而，vanet中无线链路对恶意攻击的易感性是一个重大障碍。为了减轻这一障碍，已经设计了各种身份验证密钥协议（AKA）方案来建立车辆和基础设施之间的安全通信。然而，量子计算的出现威胁着传统的基于数论的AKA方案的安全性。作为一种对策，基于晶格的方案已经出现，提供量子抗性。然而，许多这样的基于格的方案会产生很高的计算和通信开销。为了克服这些限制，本文提出了一种高效且可证明安全的基于格子的VANETs AKA方案。设计AKA协议利用基于量子安全的格子加密技术来确保车辆和基础设施之间的通信安全。在Real-or-Random模型框架内进行了全面的安全性分析，验证了该方案的鲁棒性。此外，性能分析表明，与现有的最新方法相比，所提出的方案减少了约92%的计算成本和29%的通信成本，使其非常适合VANET部署。

{"title":"Quantum-safe and provable secure vehicle to infrastructure authenticated key-agreement for VANETs","authors":"Nahida Majeed Wani , Girraj Kumar Verma , Neeraj Kumar","doi":"10.1016/j.jisa.2025.104274","DOIUrl":"10.1016/j.jisa.2025.104274","url":null,"abstract":"<div><div>The rapid progression of Vehicular Ad-Hoc Networks (VANETs) has greatly eased the dissemination of safety-critical data among vehicles. However, the susceptibility of wireless links in VANETs to malicious attacks presents a significant obstacle. To mitigate the obstacle, various authenticated key agreement (AKA) schemes have been devised to establish secure communication between vehicles and infrastructure. However, the advent of quantum computing threatens the security of traditional number theory-based AKA schemes. As a countermeasure, lattice-based schemes have emerged, offering quantum resistance. However, many such lattice-based schemes incur high computational and communication overhead. To overcome these limitations, this paper proposes an efficient and provably secure lattice-based AKA scheme for VANETs. Devised AKA protocol leverages quantum-safe lattice-based cryptography to ensure communication security between vehicles and infrastructure. A comprehensive security analysis within the Real-or-Random model framework validates the proposed scheme’s robustness. Furthermore, performance analysis shows that the proposed scheme reduces computational cost by approximately 92% and communication cost by 29% compared to the existing recent approach, making it well-suited for VANET deployment.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104274"},"PeriodicalIF":3.7,"publicationDate":"2025-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Multi-party post-quantum key exchange schemes 多方后量子密钥交换方案

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-10-27 DOI: 10.1016/j.jisa.2025.104288

Xuejun Fan , Fei Zhao , Xiu Xu

With the growing number of multi-user interaction scenarios, the security and efficiency of multi-party key exchange protocols have become increasingly important. Meanwhile, the rapid advancement of quantum computing brings security risks for traditional public key protocols, spurring interest in post-quantum key exchange schemes. Among various approaches, isogeny-based ones are notable for their compact parameter sizes, making them attractive for storage-constrained environments. In particular, CSIDH and its more efficient surface variant, CSURF, stand out for retaining a Diffie–Hellman (DH) structure that is rare in the post-quantum landscape.

To diversify the isogeny-based landscape and adapt the well-studied constructions from the classical DH world to the post-quantum setting, we leverage the hard homogeneous space in CSURF and propose three multi-party key exchange protocols, G-CSURF, CSURFBD and CSURFBDII. All of the protocols are formally proven to be correct and secure under the SCSSDDH assumption. Theoretical analysis reveals that CSURFBD and CSURFBDII require fewer rounds than G-CSURF, with CSURFBDII further optimizing computational and communication efficiency compared to CSURFBD. Moreover, our implementations of the three protocols demonstrate a speed-up of approximately 2% compared with the existing CSIDH-based multi-party key exchange protocols. Notably, the CSURFBDII scheme achieves the highest efficiency among the existing isogeny-based group key exchange primitives by virtue of its special tree structure and its efficient shared key computation strategy.

随着多用户交互场景的增多，多方密钥交换协议的安全性和效率变得越来越重要。同时，量子计算的快速发展给传统的公钥协议带来了安全风险，激发了人们对后量子密钥交换方案的兴趣。在各种方法中，基于等同源的方法以其紧凑的参数大小而闻名，这使得它们对存储受限的环境具有吸引力。特别是，CSIDH及其更高效的表面变体CSURF，因保留了在后量子领域中罕见的迪菲-赫尔曼（DH）结构而脱颖而出。为了使基于等基因的景观多样化，并使经典DH世界的结构适应后量子环境，我们利用CSURF中的硬同质空间，提出了三种多方密钥交换协议，G-CSURF， CSURFBD和CSURFBDII。在SCSSDDH假设下，所有协议都被正式证明是正确和安全的。理论分析表明，CSURFBD和CSURFBDII比G-CSURF所需的轮数更少，与CSURFBD相比，CSURFBDII进一步优化了计算和通信效率。此外，与现有的基于csidh的多方密钥交换协议相比，我们对这三个协议的实现证明了大约2%的速度提升。值得注意的是，CSURFBDII方案由于其特殊的树状结构和高效的共享密钥计算策略，在现有的基于同基因的组密钥交换原语中实现了最高的效率。

{"title":"Multi-party post-quantum key exchange schemes","authors":"Xuejun Fan , Fei Zhao , Xiu Xu","doi":"10.1016/j.jisa.2025.104288","DOIUrl":"10.1016/j.jisa.2025.104288","url":null,"abstract":"<div><div>With the growing number of multi-user interaction scenarios, the security and efficiency of multi-party key exchange protocols have become increasingly important. Meanwhile, the rapid advancement of quantum computing brings security risks for traditional public key protocols, spurring interest in post-quantum key exchange schemes. Among various approaches, isogeny-based ones are notable for their compact parameter sizes, making them attractive for storage-constrained environments. In particular, CSIDH and its more efficient surface variant, CSURF, stand out for retaining a Diffie–Hellman (DH) structure that is rare in the post-quantum landscape.</div><div>To diversify the isogeny-based landscape and adapt the well-studied constructions from the classical DH world to the post-quantum setting, we leverage the hard homogeneous space in CSURF and propose three multi-party key exchange protocols, G-CSURF, CSURFBD and CSURFBDII. All of the protocols are formally proven to be correct and secure under the SCSSDDH assumption. Theoretical analysis reveals that CSURFBD and CSURFBDII require fewer rounds than G-CSURF, with CSURFBDII further optimizing computational and communication efficiency compared to CSURFBD. Moreover, our implementations of the three protocols demonstrate a speed-up of approximately 2% compared with the existing CSIDH-based multi-party key exchange protocols. Notably, the CSURFBDII scheme achieves the highest efficiency among the existing isogeny-based group key exchange primitives by virtue of its special tree structure and its efficient shared key computation strategy.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104288"},"PeriodicalIF":3.7,"publicationDate":"2025-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The ransomware blueprint: Attack patterns and strategic variations across gangs 勒索软件的蓝图：跨团伙的攻击模式和战略变化

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-10-24 DOI: 10.1016/j.jisa.2025.104264

Francesco Saccone , Pietro Melillo , Arnaldo Sgueglia , Andrea Di Sorbo , Corrado Aaron Visaggio

In recent years, ransomware attacks have attracted the attention of researchers and companies, prompting new issues in identifying effective defense techniques. The study provides a comprehensive analysis of ransomware attacks and their employed tactics from 2020 to 2024, leveraging a large dataset of over 16,000 documented ransomware incidents involving 155 distinct gangs. Using this data, we identify the exploited software vulnerabilities (CVEs) and map them to specific adversarial behaviors within the MITRE ATT&CK framework. In addition to this technical mapping, we differentiated between broadly targeting “generalist” gangs and industry-focused ”specialist” gangs, and we examined variations in attack patterns across target sectors and geographic origins. Our methodology reveals the core ”ransomware blueprint”: a unified kill-chain model comprising recurring techniques spanning initial access through encryption. Key findings include the use of high-severity, widely deployed CVEs (particularly public-facing exploits, such as T1190) as entry points, followed by routine privilege escalation, lateral movement, and impact actions (e.g., T1486 for data encryption). The analysis also reveals regional and sectoral differences: (i) Russian-origin groups often emphasize rapid disruption and recovery inhibition, and (ii) other groups focus on stealthier reconnaissance. Generalist gangs (e.g., LockBit, Cl0p, ALPHV) employ advanced techniques across multiple industries, while specialist gangs concentrate on narrower sectors, using simpler methods such as phishing and credential reuse. Moreover, the number of shared techniques is employed to assess the degree of interconnection among the gangs. These findings provide actionable intelligence for defenders, highlighting the need for multi-layered defenses, targeted vulnerability management, and sector-specific hardening strategies to mitigate evolving ransomware threats.

近年来，勒索软件攻击引起了研究人员和公司的注意，引发了寻找有效防御技术的新问题。该研究对2020年至2024年期间的勒索软件攻击及其使用的策略进行了全面分析，利用了涉及155个不同团伙的16,000多个记录在案的勒索软件事件的大型数据集。使用这些数据，我们确定了被利用的软件漏洞（cve），并将它们映射到MITRE攻击和CK框架内的特定对抗性行为。除了这种技术映射之外，我们区分了广泛瞄准的“通才”团伙和专注于行业的“专家”团伙，并且我们检查了跨目标部门和地理来源的攻击模式的变化。我们的方法揭示了核心的“勒索软件蓝图”：一个统一的杀伤链模型，包括从初始访问到加密的重复技术。主要发现包括使用高严重性、广泛部署的cve（特别是面向公众的漏洞利用，如T1190）作为入口点，然后是常规特权升级、横向移动和影响操作（例如，用于数据加密的T1486）。分析还揭示了区域和部门差异：(i)俄罗斯裔团体经常强调快速破坏和恢复抑制，（ii）其他团体侧重于隐身侦察。通才型团伙（例如LockBit、Cl0p、ALPHV）在多个行业使用先进的技术，而专业团伙则专注于更狭窄的领域，使用更简单的方法，如网络钓鱼和凭证重用。此外，使用共享技术的数量来评估帮派之间的相互联系程度。这些发现为防御者提供了可操作的情报，强调了多层次防御、有针对性的漏洞管理和针对特定行业的强化策略的必要性，以减轻不断演变的勒索软件威胁。

{"title":"The ransomware blueprint: Attack patterns and strategic variations across gangs","authors":"Francesco Saccone , Pietro Melillo , Arnaldo Sgueglia , Andrea Di Sorbo , Corrado Aaron Visaggio","doi":"10.1016/j.jisa.2025.104264","DOIUrl":"10.1016/j.jisa.2025.104264","url":null,"abstract":"<div><div>In recent years, ransomware attacks have attracted the attention of researchers and companies, prompting new issues in identifying effective defense techniques. The study provides a comprehensive analysis of ransomware attacks and their employed tactics from 2020 to 2024, leveraging a large dataset of over 16,000 documented ransomware incidents involving 155 distinct gangs. Using this data, we identify the exploited software vulnerabilities (CVEs) and map them to specific adversarial behaviors within the MITRE ATT&CK framework. In addition to this technical mapping, we differentiated between broadly targeting “generalist” gangs and industry-focused ”specialist” gangs, and we examined variations in attack patterns across target sectors and geographic origins. Our methodology reveals the core ”ransomware blueprint”: a unified kill-chain model comprising recurring techniques spanning initial access through encryption. Key findings include the use of high-severity, widely deployed CVEs (particularly public-facing exploits, such as T1190) as entry points, followed by routine privilege escalation, lateral movement, and impact actions (e.g., T1486 for data encryption). The analysis also reveals regional and sectoral differences: (i) Russian-origin groups often emphasize rapid disruption and recovery inhibition, and (ii) other groups focus on stealthier reconnaissance. Generalist gangs (e.g., LockBit, Cl0p, ALPHV) employ advanced techniques across multiple industries, while specialist gangs concentrate on narrower sectors, using simpler methods such as phishing and credential reuse. Moreover, the number of shared techniques is employed to assess the degree of interconnection among the gangs. These findings provide actionable intelligence for defenders, highlighting the need for multi-layered defenses, targeted vulnerability management, and sector-specific hardening strategies to mitigate evolving ransomware threats.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104264"},"PeriodicalIF":3.7,"publicationDate":"2025-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Entropy collapse in mobile sensors: The hidden risks of sensor-based security 移动传感器中的熵崩溃：基于传感器的安全隐患

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-10-24 DOI: 10.1016/j.jisa.2025.104272

Carlton Shepherd, Elliot A.J. Hurley

Mobile sensor data has been proposed for security-critical applications such as device pairing, proximity detection, and continuous authentication. However, the foundational premise that these signals provide sufficient entropy remains under-explored. In this work, we systematically analyse the entropy of mobile sensor data using four datasets from multiple application contexts (UCI-HAR, SHL, Relay, and PerilZIS). Using direct computation and estimation, we report entropy values – max, Shannon, collision, and min-entropy – for an exhaustive range of sensor combinations. We demonstrate that the entropy of mobile sensors remains far below what is considered secure by modern standards for security applications, even when many sensors are combined. In particular, we observe an alarming divergence between average-case Shannon entropy and worst-case min-entropy. Single-sensor min-entropy varies between 3.408–4.483 bits despite Shannon entropy being several multiples higher. We also show that redundancies between sensor modalities contribute to a

\approx

75% reduction between Shannon and min-entropy. Indeed, min-entropy plateaus between 8.1–23.9 bits when combining up to 22 modalities, while Shannon entropy can exceed 80 bits. Adding sensors typically increases Shannon entropy but moves min-entropy by only

\approx

1–2 bits per added modality, evidencing entropy collapse under redundancy. Our results reveal that adversaries may feasibly predict sensor signals through an exhaustive exploration of the measurement space. Our work also calls into question the widely held assumption that adding more sensors inherently yields higher security. Ultimately, we strongly urge caution when relying on mobile sensor data for security applications.

移动传感器数据已被提议用于安全关键应用，如设备配对、接近检测和连续认证。然而，这些信号提供足够熵的基本前提仍有待探索。在这项工作中，我们使用来自多个应用环境（UCI-HAR， SHL， Relay和PerilZIS）的四个数据集系统地分析了移动传感器数据的熵。使用直接计算和估计，我们报告熵值-最大，香农，碰撞和最小熵-为详尽的传感器组合范围。我们证明，移动传感器的熵仍然远远低于现代安全应用标准所认为的安全，即使许多传感器组合在一起。特别是，我们观察到平均情况下香农熵和最坏情况下最小熵之间的惊人差异。单传感器最小熵在3.408-4.483比特之间变化，尽管香农熵高出几倍。我们还表明，传感器模式之间的冗余有助于香农和最小熵之间减少约75%。事实上，当组合多达22种模态时，最小熵稳定在8.1-23.9比特之间，而香农熵可以超过80比特。增加传感器通常会增加香农熵，但每个增加模态只会使最小熵增加≈1-2位，这表明冗余下的熵崩溃。我们的研究结果表明，对手可以通过对测量空间的详尽探索来预测传感器信号。我们的研究也对人们普遍持有的假设提出了质疑，即增加更多的传感器本质上就会提高安全性。最后，我们强烈建议在依赖移动传感器数据进行安全应用时要谨慎。

{"title":"Entropy collapse in mobile sensors: The hidden risks of sensor-based security","authors":"Carlton Shepherd, Elliot A.J. Hurley","doi":"10.1016/j.jisa.2025.104272","DOIUrl":"10.1016/j.jisa.2025.104272","url":null,"abstract":"<div><div>Mobile sensor data has been proposed for security-critical applications such as device pairing, proximity detection, and continuous authentication. However, the foundational premise that these signals provide sufficient entropy remains under-explored. In this work, we systematically analyse the entropy of mobile sensor data using four datasets from multiple application contexts (UCI-HAR, SHL, Relay, and PerilZIS). Using direct computation and estimation, we report entropy values – max, Shannon, collision, and min-entropy – for an exhaustive range of sensor combinations. We demonstrate that the entropy of mobile sensors remains far below what is considered secure by modern standards for security applications, even when many sensors are combined. In particular, we observe an alarming divergence between average-case Shannon entropy and worst-case min-entropy. Single-sensor min-entropy varies between 3.408–4.483 bits despite Shannon entropy being several multiples higher. We also show that redundancies between sensor modalities contribute to a <span><math><mo>≈</mo></math></span>75% reduction between Shannon and min-entropy. Indeed, min-entropy plateaus between 8.1–23.9 bits when combining up to 22 modalities, while Shannon entropy can exceed 80 bits. Adding sensors typically increases Shannon entropy but moves min-entropy by only <span><math><mo>≈</mo></math></span>1–2 bits per added modality, evidencing entropy collapse under redundancy. Our results reveal that adversaries may feasibly predict sensor signals through an exhaustive exploration of the measurement space. Our work also calls into question the widely held assumption that adding more sensors inherently yields higher security. Ultimately, we strongly urge caution when relying on mobile sensor data for security applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104272"},"PeriodicalIF":3.7,"publicationDate":"2025-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0