Pub Date : 2025-10-16DOI: 10.1016/j.jisa.2025.104268
Qian Zhou , Jiayang Wu , Weizhi Meng
Secure communication protocols for drones are crucial in ensuring safety in potentially threatening network environments. However, existing protocols often suffer from weak autonomy, lack of optimization for ARM architecture, and inefficient utilization of lightweight cryptographic algorithms. To address these issues, this paper designs and analyzes an Autonomous Bidirectional Authentication and Lightweight Encryption Protocol (ABA-LEP) for drones under ARM architecture. The protocol optimizes the fixed-point scalar multiplication in SM2 for ARM architecture to accelerate authentication and key agreement efficiency, and employs simple operations like one-time pad limited XOR for lightweight secure communication encryption. Experiments conducted on the ARM Cortex M-4 based CrazyFlie 2.1 drone demonstrate that, in resource-constrained environments, the ABA-LEP achieves a performance improvement of up to 80.18% in fixed-point scalar multiplication with a 256-bit operand, compared to existing techniques. Additionally, the number of transmitted messages per unit time increases by up to 97.02%. The protocol’s resilience against multiple types of attacks has also been verified using the formal verification tool ProVerif.
{"title":"ABA-LEP: Autonomous Bidirectional Authentication and Lightweight Encryption Protocol for drones under ARM architecture","authors":"Qian Zhou , Jiayang Wu , Weizhi Meng","doi":"10.1016/j.jisa.2025.104268","DOIUrl":"10.1016/j.jisa.2025.104268","url":null,"abstract":"<div><div>Secure communication protocols for drones are crucial in ensuring safety in potentially threatening network environments. However, existing protocols often suffer from weak autonomy, lack of optimization for ARM architecture, and inefficient utilization of lightweight cryptographic algorithms. To address these issues, this paper designs and analyzes an Autonomous Bidirectional Authentication and Lightweight Encryption Protocol (ABA-LEP) for drones under ARM architecture. The protocol optimizes the fixed-point scalar multiplication in SM2 for ARM architecture to accelerate authentication and key agreement efficiency, and employs simple operations like one-time pad limited XOR for lightweight secure communication encryption. Experiments conducted on the ARM Cortex M-4 based CrazyFlie 2.1 drone demonstrate that, in resource-constrained environments, the ABA-LEP achieves a performance improvement of up to 80.18% in fixed-point scalar multiplication with a 256-bit operand, compared to existing techniques. Additionally, the number of transmitted messages per unit time increases by up to 97.02%. The protocol’s resilience against multiple types of attacks has also been verified using the formal verification tool ProVerif.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104268"},"PeriodicalIF":3.7,"publicationDate":"2025-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145334788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-15DOI: 10.1016/j.jisa.2025.104237
Le Zhang , Tong Li , Yao Lu , Yuanrong Xu , Guangming Lu
Image steganography ensures covert communication by hiding secret information within cover images. The existing low-capacity steganography methods achieve satisfactory performances when hiding limited binary information within a cover image. However, it is still a challenge to recover high-quality revealed secret images from highly secure stego images with limited computational cost for large-capacity image steganography. This paper proposes an Efficient U-shape Invertible Neural Network (EUIN-Net) for large-capacity image steganography. Due to the gradual fusion and separation properties of the U-shape invertible mechanism, our EUIN-Net comprehensively fuses the secret and cover images on different scales and depths in the forward hiding process. Besides, the proposed EUIN-Net also maintains the independence of the cover and secret information in the backward revealing process. Moreover, the long-range dependency can be retrieved through using the skip connections between each pair U-shape invertible blocks. The above factors can drive our EUIN-Net to promote the quality of stego and revealed secret images. Furthermore, the shared and multi-scale characteristics of the U-shaped invertible blocks during the hiding and revealing stages contribute to significant reductions of our EUIN-Net in the model size, Flops, and GPU Memory occupancies. Extensive experiments demonstrate that the proposed EUIN-Net can achieve satisfactory performances with limited computational cost for large-capacity image steganography.
{"title":"Efficient U-shape invertible neural network for large-capacity image steganography","authors":"Le Zhang , Tong Li , Yao Lu , Yuanrong Xu , Guangming Lu","doi":"10.1016/j.jisa.2025.104237","DOIUrl":"10.1016/j.jisa.2025.104237","url":null,"abstract":"<div><div>Image steganography ensures covert communication by hiding secret information within cover images. The existing low-capacity steganography methods achieve satisfactory performances when hiding limited binary information within a cover image. However, it is still a challenge to recover high-quality revealed secret images from highly secure stego images with limited computational cost for large-capacity image steganography. This paper proposes an Efficient U-shape Invertible Neural Network (EUIN-Net) for large-capacity image steganography. Due to the gradual fusion and separation properties of the U-shape invertible mechanism, our EUIN-Net comprehensively fuses the secret and cover images on different scales and depths in the forward hiding process. Besides, the proposed EUIN-Net also maintains the independence of the cover and secret information in the backward revealing process. Moreover, the long-range dependency can be retrieved through using the skip connections between each pair U-shape invertible blocks. The above factors can drive our EUIN-Net to promote the quality of stego and revealed secret images. Furthermore, the shared and multi-scale characteristics of the U-shaped invertible blocks during the hiding and revealing stages contribute to significant reductions of our EUIN-Net in the model size, Flops, and GPU Memory occupancies. Extensive experiments demonstrate that the proposed EUIN-Net can achieve satisfactory performances with limited computational cost for large-capacity image steganography.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104237"},"PeriodicalIF":3.7,"publicationDate":"2025-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145324330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-15DOI: 10.1016/j.jisa.2025.104266
Kéren A. Saint-Hilaire , Christopher Neal , Frédéric Cuppens , Nora Boulahia-Cuppens , Francesca Bassi , Makhlouf Hadji
With the increase in cyberattacks, developing appropriate strategies to mitigate and prevent them is essential. In the literature, tools exist that either help prevent or mitigate them. Attack graphs help define mitigation strategies because they help represent and visualize the attacker’s position on a system. However, the mitigation actions are not instantiated on the attack graph. This paper proposes an approach to generate an automated attack-defense graph based on real-time monitored system alerts and an extensive and comprehensive state-of-the-art review. We propose to enrich logical attack graphs generated by a logical reasoner. The enrichment process is possible thanks to a vulnerability ontology that infers additional impacts for an exploited vulnerability. We propose a countermeasure selection approach based on graph matching to generate an optimal Incident Response (IR) playbook. We propose instantiating the generated playbook’s IR actions to get an attack-defense graph in real-time. This instantiation is done thanks to anti-correlation. The anti-correlation ensures that the countermeasures are instantiated on the appropriate attack graph nodes. Only the IR actions whose execution can be launched automatically are applied. We validate our approach using two use-case scenarios that target critical industrial infrastructures. We analyze the countermeasures instantiated on the attack graphs for the scenarios that can achieve the attack goal. We evaluated the approach concerning the security relevance of instantiated countermeasures in attack graphs for several attack paths. The countermeasures instantiated on a node are always relevant to the attacker’s action represented by this node. We also evaluate the approach regarding time performance, considering several situations for the use-case scenarios. The generation time depends on the number of vulnerabilities involved in the scenario. The generation time is on average 0.161 s when the playbook has been generated before the attack defense graph generation process.
{"title":"A real-time automated attack-defense graph generation approach","authors":"Kéren A. Saint-Hilaire , Christopher Neal , Frédéric Cuppens , Nora Boulahia-Cuppens , Francesca Bassi , Makhlouf Hadji","doi":"10.1016/j.jisa.2025.104266","DOIUrl":"10.1016/j.jisa.2025.104266","url":null,"abstract":"<div><div>With the increase in cyberattacks, developing appropriate strategies to mitigate and prevent them is essential. In the literature, tools exist that either help prevent or mitigate them. Attack graphs help define mitigation strategies because they help represent and visualize the attacker’s position on a system. However, the mitigation actions are not instantiated on the attack graph. This paper proposes an approach to generate an automated attack-defense graph based on real-time monitored system alerts and an extensive and comprehensive state-of-the-art review. We propose to enrich logical attack graphs generated by a logical reasoner. The enrichment process is possible thanks to a vulnerability ontology that infers additional impacts for an exploited vulnerability. We propose a countermeasure selection approach based on graph matching to generate an optimal Incident Response (IR) playbook. We propose instantiating the generated playbook’s IR actions to get an attack-defense graph in real-time. This instantiation is done thanks to anti-correlation. The anti-correlation ensures that the countermeasures are instantiated on the appropriate attack graph nodes. Only the IR actions whose execution can be launched automatically are applied. We validate our approach using two use-case scenarios that target critical industrial infrastructures. We analyze the countermeasures instantiated on the attack graphs for the scenarios that can achieve the attack goal. We evaluated the approach concerning the security relevance of instantiated countermeasures in attack graphs for several attack paths. The countermeasures instantiated on a node are always relevant to the attacker’s action represented by this node. We also evaluate the approach regarding time performance, considering several situations for the use-case scenarios. The generation time depends on the number of vulnerabilities involved in the scenario. The generation time is on average 0.161 s when the playbook has been generated before the attack defense graph generation process.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104266"},"PeriodicalIF":3.7,"publicationDate":"2025-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145324328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-15DOI: 10.1016/j.jisa.2025.104260
Junfeng Tian, Zhengping Jiang, Yilun Jin
Drone networks are dynamic and cooperative networks composed of multiple drones through wireless communication, which are widely used in search and rescue, patrol, and monitoring missions. Although multi-drone collaboration alleviates the limitations of individual drones in terms of computational and communication capabilities, large-scale deployments still face dual challenges of data security and communication efficiency. To address these issues, we propose a hierarchical consensus-based certificateless aggregate signcryption called the HCCAS scheme. Within each local airspace, a drone with superior computational and communication capabilities is elected as a local leader using the PBFT consensus algorithm. This local leader is responsible for aggregating the signcryption from all drones within its region. Subsequently, local leaders elect a global leader via the RAFT consensus algorithm, which transmits the total aggregated signcryption to the ground control station. In addition, HCCAS incorporates a pseudonym validity mechanism to provide conditional identity privacy protection. An efficient forgery localization mechanism based on a two-dimensional array is also designed, significantly reducing the computational overhead during verification. Compared with existing schemes, HCCAS achieves multiple security goals while reducing average computational cost and communication overhead by 52.09% and 39.69%, respectively. These results indicate enhanced adaptability and practicality in resource-constrained environments.
{"title":"HCCAS: A hierarchical consensus-based certificateless aggregate signcryption scheme for drone networks","authors":"Junfeng Tian, Zhengping Jiang, Yilun Jin","doi":"10.1016/j.jisa.2025.104260","DOIUrl":"10.1016/j.jisa.2025.104260","url":null,"abstract":"<div><div>Drone networks are dynamic and cooperative networks composed of multiple drones through wireless communication, which are widely used in search and rescue, patrol, and monitoring missions. Although multi-drone collaboration alleviates the limitations of individual drones in terms of computational and communication capabilities, large-scale deployments still face dual challenges of data security and communication efficiency. To address these issues, we propose a hierarchical consensus-based certificateless aggregate signcryption called the HCCAS scheme. Within each local airspace, a drone with superior computational and communication capabilities is elected as a local leader using the PBFT consensus algorithm. This local leader is responsible for aggregating the signcryption from all drones within its region. Subsequently, local leaders elect a global leader via the RAFT consensus algorithm, which transmits the total aggregated signcryption to the ground control station. In addition, HCCAS incorporates a pseudonym validity mechanism to provide conditional identity privacy protection. An efficient forgery localization mechanism based on a two-dimensional array is also designed, significantly reducing the computational overhead during verification. Compared with existing schemes, HCCAS achieves multiple security goals while reducing average computational cost and communication overhead by 52.09% and 39.69%, respectively. These results indicate enhanced adaptability and practicality in resource-constrained environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104260"},"PeriodicalIF":3.7,"publicationDate":"2025-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145324326","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In recent years, ride-sharing services have experienced widespread adoption due to their ability to significantly reduce travel costs and carbon emissions. However, as the demand for ride-sharing increases, users are faced with growing challenges related to privacy protection and data security during the process of sharing transportation resources. In particular, there is a pressing need for effective solutions to mitigate the risks of the leakage of personally sensitive information and insufficient security verification. To address these challenges, a cloud-assisted, traceable ride-sharing scheme is proposed, leveraging a multi-party threshold private set intersection (MP-TPSI) protocol integrated with a digital signature verification mechanism. The proposed framework comprises an innovative MP-TPSI protocol, which includes two primary components: a multi-party cardinality testing phase that employs a secure comparison protocol (SCP) to determine if the intersection size surpasses a predefined threshold, coupled with a Proof of Ownership protocol to trace malicious users; and a PSI phase that securely computes the intersection using cloud-assisted computation. Furthermore, digital signature technology is incorporated to establish a robust verification framework, which ensures the authenticity of user identities and effectively mitigates the risks associated with ride mismatches and privacy leakage. Finally, comparative evaluation results demonstrate that the proposed MP-TPSI protocol achieves effective privacy protection with lower communication and computational overhead compared to existing schemes.
{"title":"Cloud-assisted verifiable and traceable multi-party threshold private set intersection protocol for ride-sharing scheme","authors":"Qing Wu , Xijia Dong , Leyou Zhang , Yue Lei , Ziquan Zhao","doi":"10.1016/j.jisa.2025.104256","DOIUrl":"10.1016/j.jisa.2025.104256","url":null,"abstract":"<div><div>In recent years, ride-sharing services have experienced widespread adoption due to their ability to significantly reduce travel costs and carbon emissions. However, as the demand for ride-sharing increases, users are faced with growing challenges related to privacy protection and data security during the process of sharing transportation resources. In particular, there is a pressing need for effective solutions to mitigate the risks of the leakage of personally sensitive information and insufficient security verification. To address these challenges, a cloud-assisted, traceable ride-sharing scheme is proposed, leveraging a multi-party threshold private set intersection (MP-TPSI) protocol integrated with a digital signature verification mechanism. The proposed framework comprises an innovative MP-TPSI protocol, which includes two primary components: a multi-party cardinality testing phase that employs a secure comparison protocol (SCP) to determine if the intersection size surpasses a predefined threshold, coupled with a Proof of Ownership protocol to trace malicious users; and a PSI phase that securely computes the intersection using cloud-assisted computation. Furthermore, digital signature technology is incorporated to establish a robust verification framework, which ensures the authenticity of user identities and effectively mitigates the risks associated with ride mismatches and privacy leakage. Finally, comparative evaluation results demonstrate that the proposed MP-TPSI protocol achieves effective privacy protection with lower communication and computational overhead compared to existing schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104256"},"PeriodicalIF":3.7,"publicationDate":"2025-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145324327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-13DOI: 10.1016/j.jisa.2025.104263
Yuren Zhang, Jiapeng Xiu
As vehicles become more intelligent and connected, automotive Ethernet is gradually replacing the traditional CAN bus as the backbone of in-vehicle networks. However, this transition introduces new security vulnerabilities. This paper presents a novel centralized network architecture and explores potential intrusion threats. Existing intrusion detection methods struggle to handle automotive Ethernet protocols universally and typically use a single machine learning network structure. Additionally, these models often fail to ensure temporal sensitivity and real-time performance. To address these issues, we propose Sliding Window-Based Temporal Convolutional Residual Attention Networks (SW-TempCRAN), a real-time intrusion detection system tailored for automotive Ethernet environments. SW-TempCRAN integrates several novel components, including protocol-general windowed feature extraction, time-aware positional encoding, convolutional residual attention networks and MLP classification with sequence-feature aggregation. It uses custom protocol-parsing scripts to extract key header and merge payload data, and combines Convolutional Neural Networks (CNN) with attention residual mechanisms. This design allows the model to capture attack patterns over time, identify local features and compress the computational load. We also improve positional encoding to better suit network traffic data, ensuring time sensitivity, while pre-generating the encoding matrix to avoid real-time computation complexity. Experiments on two public datasets show SW-TempCRAN outperforms state-of-the-art methods in evaluation metrics. SW-TempCRAN achieves F1-scores of 99.82 % and 98.05 % on two datasets, with a detection delay of less than 1.5 ms on a server testbed.
{"title":"Real-time Automotive Ethernet Intrusion Detection Using Sliding Window-Based Temporal Convolutional Residual Attention Networks","authors":"Yuren Zhang, Jiapeng Xiu","doi":"10.1016/j.jisa.2025.104263","DOIUrl":"10.1016/j.jisa.2025.104263","url":null,"abstract":"<div><div>As vehicles become more intelligent and connected, automotive Ethernet is gradually replacing the traditional CAN bus as the backbone of in-vehicle networks. However, this transition introduces new security vulnerabilities. This paper presents a novel centralized network architecture and explores potential intrusion threats. Existing intrusion detection methods struggle to handle automotive Ethernet protocols universally and typically use a single machine learning network structure. Additionally, these models often fail to ensure temporal sensitivity and real-time performance. To address these issues, we propose Sliding Window-Based Temporal Convolutional Residual Attention Networks (SW-TempCRAN), a real-time intrusion detection system tailored for automotive Ethernet environments. SW-TempCRAN integrates several novel components, including protocol-general windowed feature extraction, time-aware positional encoding, convolutional residual attention networks and MLP classification with sequence-feature aggregation. It uses custom protocol-parsing scripts to extract key header and merge payload data, and combines Convolutional Neural Networks (CNN) with attention residual mechanisms. This design allows the model to capture attack patterns over time, identify local features and compress the computational load. We also improve positional encoding to better suit network traffic data, ensuring time sensitivity, while pre-generating the encoding matrix to avoid real-time computation complexity. Experiments on two public datasets show SW-TempCRAN outperforms state-of-the-art methods in evaluation metrics. SW-TempCRAN achieves F1-scores of 99.82 % and 98.05 % on two datasets, with a detection delay of less than 1.5 ms on a server testbed.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104263"},"PeriodicalIF":3.7,"publicationDate":"2025-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145324329","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-11DOI: 10.1016/j.jisa.2025.104253
Jinzhao Wang , Wenlong Tian , Junwei Tang , Xuming Ye , Yaping Wan , Zhiyong Xu , Lingna Chen
In the era of big data, deep learning models play a crucial role in identifying underlying patterns within data. However, the need for large volumes of training data, often scattered across various organizations with privacy constraints, poses a significant challenge. Federated Learning (FL) addresses this by enabling the collaborative training of models without sharing the underlying data. Despite its promise, FL encounters challenges with model privacy leakage and computational overhead, particularly when dealing with non-identically distributed (Non-IID) data. To overcome these challenges, we introduce Sym-CS-HFL, a novel Privacy-Preserving Federated Learning (PPFL) framework that combines Symmetric Homomorphic Encryption with a Local Adaptive Aggregation (LAA) scheme. Our approach minimizes the reliance on asymmetric keys, simplifying the encryption process and reducing computational overhead. We implement a DCT-Neural Network Compressive Sensing Scheme to decrease communication costs substantially. Furthermore, the LAA scheme addresses the heterogeneity in Non-IID data, enhancing model convergence and accuracy. Our experiments on diverse datasets, including MNIST, FashionMNIST, CIFAR-10/100, and AG News, demonstrate that Sym-CS-HFL achieves a Top-3 test accuracy while significantly reducing communication overhead by to compared to existing HE schemes. The computational overhead is also reduced, with training times only to that of plaintext training. These results underscore Sym-CS-HFL’s effectiveness in maintaining high performance and privacy in PPFL.
{"title":"Sym-CS-HFL: A secure and efficient solution for privacy-preserving heterogeneous federated learning","authors":"Jinzhao Wang , Wenlong Tian , Junwei Tang , Xuming Ye , Yaping Wan , Zhiyong Xu , Lingna Chen","doi":"10.1016/j.jisa.2025.104253","DOIUrl":"10.1016/j.jisa.2025.104253","url":null,"abstract":"<div><div>In the era of big data, deep learning models play a crucial role in identifying underlying patterns within data. However, the need for large volumes of training data, often scattered across various organizations with privacy constraints, poses a significant challenge. Federated Learning (FL) addresses this by enabling the collaborative training of models without sharing the underlying data. Despite its promise, FL encounters challenges with model privacy leakage and computational overhead, particularly when dealing with non-identically distributed (Non-IID) data. To overcome these challenges, we introduce Sym-CS-HFL, a novel Privacy-Preserving Federated Learning (PPFL) framework that combines Symmetric Homomorphic Encryption with a Local Adaptive Aggregation (LAA) scheme. Our approach minimizes the reliance on asymmetric keys, simplifying the encryption process and reducing computational overhead. We implement a DCT-Neural Network Compressive Sensing Scheme to decrease communication costs substantially. Furthermore, the LAA scheme addresses the heterogeneity in Non-IID data, enhancing model convergence and accuracy. Our experiments on diverse datasets, including MNIST, FashionMNIST, CIFAR-10/100, and AG News, demonstrate that Sym-CS-HFL achieves a Top-3 test accuracy while significantly reducing communication overhead by <span><math><mrow><mn>15</mn><mo>.</mo><mn>2</mn><mo>×</mo></mrow></math></span> to <span><math><mrow><mn>74</mn><mo>×</mo></mrow></math></span> compared to existing HE schemes. The computational overhead is also reduced, with training times only <span><math><mrow><mn>1</mn><mo>.</mo><mn>1</mn><mo>×</mo></mrow></math></span> to <span><math><mrow><mn>1</mn><mo>.</mo><mn>8</mn><mo>×</mo></mrow></math></span> that of plaintext training. These results underscore Sym-CS-HFL’s effectiveness in maintaining high performance and privacy in PPFL.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104253"},"PeriodicalIF":3.7,"publicationDate":"2025-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145324332","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-10DOI: 10.1016/j.jisa.2025.104258
Xin Pu , Xi Xiong , Yuanyuan Li , Zhaorong Liu , Yan Yu
Adversarial attacks on code data face significant challenges due to its discrete and non-differentiable nature. Soft-label black-box code adversarial attacks, in particular, are a highly complex task, with research in this area still in its early stages. Existing methods leave room for improvement in performance. For instance, greedy search-based attacks often get trapped in local optima, resulting in excessive perturbations. To tackle these challenges, we propose a novel framework, CodeSearchAttack, for crafting high-quality adversarial examples. CodeSearchAttack leverages constrained K-means to identify diverse substitutions in the variable embedding space and employs an improved beam search to craft adversarial examples. Additionally, it calculates variable importance using information derived from soft labels. Experiments on four code classification tasks demonstrate that CodeSearchAttack significantly outperforms state-of-the-art baseline methods. Under a query budget of 100, CodeSearchAttack achieves superior attack efficacy compared to existing soft-label attacks.
{"title":"CodeSearchAttack: Enhancing soft-label black-box adversarial attacks on code","authors":"Xin Pu , Xi Xiong , Yuanyuan Li , Zhaorong Liu , Yan Yu","doi":"10.1016/j.jisa.2025.104258","DOIUrl":"10.1016/j.jisa.2025.104258","url":null,"abstract":"<div><div>Adversarial attacks on code data face significant challenges due to its discrete and non-differentiable nature. Soft-label black-box code adversarial attacks, in particular, are a highly complex task, with research in this area still in its early stages. Existing methods leave room for improvement in performance. For instance, greedy search-based attacks often get trapped in local optima, resulting in excessive perturbations. To tackle these challenges, we propose a novel framework, CodeSearchAttack, for crafting high-quality adversarial examples. CodeSearchAttack leverages constrained K-means to identify diverse substitutions in the variable embedding space and employs an improved beam search to craft adversarial examples. Additionally, it calculates variable importance using information derived from soft labels. Experiments on four code classification tasks demonstrate that CodeSearchAttack significantly outperforms state-of-the-art baseline methods. Under a query budget of 100, CodeSearchAttack achieves superior attack efficacy compared to existing soft-label attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104258"},"PeriodicalIF":3.7,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Securing communications within smart grids presents a critical challenge, particularly due to the increasing vulnerability of conventional authenticated key agreement schemes to quantum computing threats. Furthermore, ensuring robust security against physical attacks on devices like smart meters while maintaining low computational and communication overhead remains a significant hurdle. To address this issue, this study proposes NTRU-P3AKE (NTRU-based Three-Party Authenticated Key Exchange). This novel scheme integrates the Nth-Truncated Ring Unit (NTRU) algorithm with Physical Unclonable Functions (PUFs) and fuzzy extractors, enabling robust authentication and key agreement among smart meters, the control center, and service providers. The NTRU-P3AKE scheme supports registration via an open channel. It leverages NTRU to mitigate quantum threats, employs PUFs to resist physical attacks, and ensures forward security through dynamic random number updates. The proposed scheme’s security is rigorously evaluated via informal security analysis and formal verification. The latter uses the ProVerif tool and Burrows–Abadi–Needham (BAN) logic analysis. Comprehensive evaluations validate its exceptional efficiency, achieving a 99.0% reduction in computational overhead (0.244 ms) compared to the most computationally intensive scheme, a 70.8% reduction in communication cost (1440 bits) versus the most bandwidth-heavy approach, and a 79.4% reduction in energy consumption on smart meters (0.166 mJ) relative to the most energy-intensive protocol. These advancements make the proposed solution particularly suitable for resource-constrained smart grid environments requiring both high security and operational efficiency.
{"title":"A security-enhanced three-party authentication and key agreement scheme for smart grid communication","authors":"Qi Yuan , Zhuoqian He , Xiangjun Cheng , Ying Xia , Yue Shao","doi":"10.1016/j.jisa.2025.104254","DOIUrl":"10.1016/j.jisa.2025.104254","url":null,"abstract":"<div><div>Securing communications within smart grids presents a critical challenge, particularly due to the increasing vulnerability of conventional authenticated key agreement schemes to quantum computing threats. Furthermore, ensuring robust security against physical attacks on devices like smart meters while maintaining low computational and communication overhead remains a significant hurdle. To address this issue, this study proposes NTRU-P3AKE (NTRU-based Three-Party Authenticated Key Exchange). This novel scheme integrates the Nth-Truncated Ring Unit (NTRU) algorithm with Physical Unclonable Functions (PUFs) and fuzzy extractors, enabling robust authentication and key agreement among smart meters, the control center, and service providers. The NTRU-P3AKE scheme supports registration via an open channel. It leverages NTRU to mitigate quantum threats, employs PUFs to resist physical attacks, and ensures forward security through dynamic random number updates. The proposed scheme’s security is rigorously evaluated via informal security analysis and formal verification. The latter uses the ProVerif tool and Burrows–Abadi–Needham (BAN) logic analysis. Comprehensive evaluations validate its exceptional efficiency, achieving a 99.0% reduction in computational overhead (0.244 ms) compared to the most computationally intensive scheme, a 70.8% reduction in communication cost (1440 bits) versus the most bandwidth-heavy approach, and a 79.4% reduction in energy consumption on smart meters (0.166 mJ) relative to the most energy-intensive protocol. These advancements make the proposed solution particularly suitable for resource-constrained smart grid environments requiring both high security and operational efficiency.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104254"},"PeriodicalIF":3.7,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265393","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-10DOI: 10.1016/j.jisa.2025.104257
Zhenye Du, Youlong Yang, Kaitian Gao
Mediated semi-quantum key distribution (M-SQKD) is a class of quantum cryptographic protocols that allow two or more legitimate classical users to share a string of secure keys with the help of a third-party quantum server. Research has shown that these protocols remain valid even if the server is an adversary. Recently, two circular M-SQKD (CM-SQKD) protocols have emerged, where the server and all legitimate users form a topological loop when transmitting qubits. In this paper, we extend two existing CM-SQKD protocols, one based on a single state and the other on an entangled state, into multi-mediated versions. In the asymptotic case, we derive new bounds for the key rate of the two protocols and give noise tolerances, thus proving their unconditional security. In particular, we improve on previous results when only one mediator works.
{"title":"Multi-mediated semi-quantum key distribution protocol with cyclic topology","authors":"Zhenye Du, Youlong Yang, Kaitian Gao","doi":"10.1016/j.jisa.2025.104257","DOIUrl":"10.1016/j.jisa.2025.104257","url":null,"abstract":"<div><div>Mediated semi-quantum key distribution (M-SQKD) is a class of quantum cryptographic protocols that allow two or more legitimate classical users to share a string of secure keys with the help of a third-party quantum server. Research has shown that these protocols remain valid even if the server is an adversary. Recently, two circular M-SQKD (CM-SQKD) protocols have emerged, where the server and all legitimate users form a topological loop when transmitting qubits. In this paper, we extend two existing CM-SQKD protocols, one based on a single state and the other on an entangled state, into multi-mediated versions. In the asymptotic case, we derive new bounds for the key rate of the two protocols and give noise tolerances, thus proving their unconditional security. In particular, we improve on previous results when only one mediator works.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104257"},"PeriodicalIF":3.7,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号