Journal of Information Security and Applications最新文献

Interrupting the web tracking kill chain is enough to disrupt the tracker’s ability to leverage the collected information; however, this may disrupt the personalized services enjoyed by many. Empowering the user to select which domains can be co-tracked gives him/her the upper hand over web trackers. This allows the user to enjoy the personalized services without fearing full inter-domain tracking. To achieve this, we propose a solution that attempts to introduce layers of anonymization serving as temporary identities to be used by the user while browsing. Those identities will be used for limited time (to sustain the customization and user experience resulting from tracking), and then discarded for a new identity. This approach allows the user to divide the activity into profiles which eliminates browsing history spilling over to other sessions. We proved the security of this approach mathematically and we demonstrated its usability using an open-source Proof-of-Concept built on top of blockchain.

Wireless Mesh Network (WMN) has become the most favorable choice among various networking options due to its distributed nature. It offers continuous Internet services, in comparison with other conventional networks, through a self-healing and self-configuration approach. Due to the high mobility of mesh clients, handover authentication is an operation that demands significant attention in WMNs. Through the exchange of messages, mesh clients (MCs) and mesh routers (MRs) initiate the operation, allowing the client to authenticate itself with the foreign mesh router (FMR). In existing protocols, these messages were shared in plaintext format, making it easy for an attacker to breach their integrity. Therefore, a secure communication method should be established between MCs and MRs for message exchange. In this paper, we propose a protocol that offers efficient authentication while preserving message integrity during the handover operation. The experimental results show that our proposed protocol performs better and overcomes the limitations present in the existing protocols.

Vast volumes of printed documents continue to be used for various important as well as trivial applications. Such applications often rely on the information provided in the form of printed text documents whose integrity verification poses a challenge due to time constraints and lack of resources. Source printer identification provides essential information about the origin and integrity of a printed document in a fast and cost-effective manner. Even when fraudulent documents are identified, information about their origin can help stop future frauds. If a smartphone camera replaces scanner for the document acquisition process, document forensics would be more economical, user-friendly, and even faster in many applications where remote and distributed analysis is beneficial. Building on existing methods, we propose to learn a single CNN model from the fusion of letter images and their printer-specific noise residuals. In the absence of any publicly available dataset, we created a new dataset consisting of 2250 document images of text documents printed by eighteen printers and acquired by a smartphone camera at five acquisition settings. The proposed method achieves 98.42% document classification accuracy using images of letter ‘e’ under a 5 × 2 cross-validation approach. Further, when tested using about half a million letters of all types, it achieves 90.33% and 98.01% letter and document classification accuracies, respectively, thus highlighting the ability to learn a discriminative model without dependence on a single letter type. Also, classification accuracies are encouraging under various acquisition settings, including low illumination and change in angle between the document and camera planes.

Password-based authentication systems have many weaknesses, yet they remain overwhelmingly used and their announced disappearance is still undated. The system admin overcomes the imperfection by skilfully enforcing a strong password policy and sane password management on the server side. But in the end, the user behind the password is still responsible for the password’s strength. A poor choice can have dramatic consequences for the user or even for the service behind, especially considering critical infrastructure. On the other hand, law enforcement can benefit from a suspect’s weak decisions to recover digital content stored in an encrypted format. Generic password cracking procedures can support law enforcement in this matter — however, these approaches quickly demonstrate their limitations. This article proves that more targeted approaches can be used in combination with traditional strategies to increase the likelihood of success when contextual information is available and can be exploited.

The Internet of Things (IoT) generates a significant volume of geo-tagged images via surveillance sensors in edge–cloud computing environments. Image search is essential to facilitate information sharing, data analysis, and strategic decision-making. However, outsourced images are typically encrypted for privacy protection, posing a challenge in simultaneously searching for visual and geographical relevance on encrypted images. To address this, this paper proposes an edge intelligence empowered privacy-preserving top-$k$ geo-tagged image search scheme for IoT in edge–cloud computing. The scheme presents a novel single-to-multi searchable encryption method for geo-tagged images that enables multiple users to perform secure nearest neighbor queries on a data source. Additionally, an extended anchor-based position determination method and an inner product-based distance calculation method are designed to enable geo-tagged image similarity calculation on ciphertext. Finally, a secure pruning method is introduced to improve query performance. Experiments are conducted to verify the performance of the scheme in terms of high efficiency and accuracy of the search.

Nowadays, many security service providers have their own vulnerability databases and consider them as corporate property. How to ensure the normal use of client while protecting the privacy of these assets has become a problem that needs to be solved. This paper mainly introduces a privacy comparison protocol based on BGN and a version number standardization method, which can be used in scenarios of vulnerability database privacy comparison. Our scheme PCPHE adds random offsets and special preprocessing to avoid common factor attacks that may occur in privacy comparison, while ensuring that client does not know the specific vulnerability database content of the security service provider in a limited number of queries.

The application of Software-defined Networking (SDN) in low-latency scenarios, such as 6G, has received immense attention. Notably, our research reveals that SDN remains susceptible to link fabrication attacks (LFA) in low-latency environments, where existing detection methods fail to effectively detect LFA. To address this issue, we propose a novel detection method called Correlated Link Verification (CLV). CLV is composed of three phases. Firstly, we introduce a data processing method to mitigate measurement error and enhance robustness. Secondly, we present a multipath transmission simulation method to convert the measured performance disparity between correlated links into statistical features. Thirdly, we propose a dynamic threshold calculation method, which utilizes the statistical features to determine thresholds based on extreme value theory and probability distribution fitting. Finally, CLV identifies the fabricated link within correlated links based on the thresholds and current statistical features. Extensive experiments have been conducted to validate the feasibility, effectiveness, scalability and robustness of CLV. The experimental results demonstrate that CLV can effectively detect LFA in low-latency SDN networks.

Hiding countermeasure is among the best-known secure implementation techniques designed to counteract side-channel attacks. It uses a permutation algorithm to shuffle data. In today’s Post-Quantum Cryptography (PQC), hiding countermeasure has earned the limelight for its “shufflability” in lattice-based, and code-based, cryptographic algorithms. In this narrative, most importantly, as a rule, fast generation of permutations is paramount to both efficacy and security of an algorithm. The Fisher–Yates (FY) shuffling method has long been a popular choice for this purpose: the FY method generates randomly shuffled (finite) indices. However, despite its theoretical verity, with the FY method we anticipate the following risks of misuse, which can lead to biased shuffling sequences: (i) incorrect implementation, (ii) poor random source, and (iii) the chosen random number being too small. In this paper, we introduce a new statistical test called “approximate permutation criterion” (“APC”). We use it to examine some known cases of misused FY shuffling (i–iii). APC takes into consideration the fact that the super-exponential rate of growth of the factorial function $N!$, which represents the number of permutations of $N$ indices, defies any meaningful form of statistical tests. With APC one can verify whether the output permutations are biased or not with much lower testing cost. Mathematically, in this paper we introduce the so-called “$k$th order permutation verification”, the underpinning notion upon which APC is based. We also compare APC with full sample space to demonstrate how well it encapsulates the statistical randomness of random permutations. We thereby provide a new method that identifies a bias that exists in the output permutations when implementing FY Shuffling through a visual ratio test and the chi-square (${\chi }^2$) distribution test.

Cloud file sharing (CFS) in cloud storage is one of the essential tools for enterprises to improve their core competitiveness. In the sharing process, user dynamic management and players/readers abuse has always been a problem that needs to be solved, but malicious encryptors are also a new challenge. Therefore, preventing malicious encryption is another way to protect copyright issues. This scheme proposes a traitor tracing scheme with puncturable-based broadcast encryption in cloud storage, which is an improved scheme proposed in Ref. Garg et al. (2010). Based on the original completely collusion resistant traitor tracing scheme, the uniform distribution of hash output is used to prevent malicious encryptors. In addition, users can perform authentication during the decryption phase to prevent replay attacks. At the same time, the puncture algorithm is introduced, so that normal users can dynamically revoke themselves without affecting the normal use of other users. We prove that the scheme is secure under chosen plaintext attack (CPA). Theoretical analysis also shows that our scheme can prevent malicious encryptors in cloud file sharing and allow normal users to dynamically revoke. After experimental verification, our scheme offers distinct advantages over the existing one.