IET Information Security最新文献

The current multikey fully homomorphic encryption (MKFHE) needs to add exponential noise in the distributed decryption phase to ensure the simulatability of partial decryption. Such a large noise causes the ciphertext modulus of the scheme to increase exponentially compared to the single-key fully homomorphic encryption (FHE), further reducing the efficiency of the scheme and making the hardness problem on the lattice on which the scheme relies have a subexponential approximation factor $$ (which means that the security of the scheme is reduced). To address this problem, this paper analyzes in detail the noise in partial decryption of the MKFHE based on the learning with error (LWE) problem. It points out that this part of the noise is composed of private key and the noise in initial ciphertext. Therefore, as long as the encryption scheme is leak-resistant and the noise in partial decryption is independent of the noise in the initial ciphertext, the semantic security of the ciphertext can be guaranteed. In order to make the noise in the initial ciphertext independent of the noise in the partial decryption, this paper proves the smudging lemma on discrete Gaussian distribution and achieves this goal by multiplying the initial ciphertext by a “dummy” ciphertext with a plaintext of 1. Based on the above method, this paper removes the exponential noise in the distributed decryption phase for the first time and reduces the ciphertext modulus of MKFHE from 2^{ω(λL logλ)} to 2^{O(λ + L)} as the same level as the FHE.

Purpose: This study explores cryptocurrency security concerns in the context of Saudi Arabia, focusing on a cross-sectional survey to assess evolving technical threats and public risk perceptions. While regulatory concerns are acknowledged, the primary emphasis is on security risks, making this one of the few studies to specifically investigate digital asset vulnerabilities from a Saudi perspective. The novelty lies in bridging the views of both the general public and industry professionals to offer multidimensional insights into the country’s cryptocurrency environment.

Methods: A large-scale online survey was conducted with 392 participants, including individuals from the general public, IT sector, banking institutions, and regulatory bodies. The instrument captured perceptions of various technical security threats—such as 51% attacks, phishing, timejacking, and double-spending—alongside key public concerns about cryptocurrency safety. The mixed-participant approach enabled a balanced analysis of cross-sector risk awareness.

Results: The findings indicate a significant disparity between public understanding and expert awareness regarding cryptocurrency security. Notably, 87.3% of respondents support the idea of central banks issuing their own digital currencies (CBDCs), reflecting widespread demand for safer and more regulated alternatives. Core risks identified include token theft, manipulative trading behavior, and technical vulnerabilities in decentralized platforms.

Conclusion: This research contributes original insights into cryptocurrency security from a regional lens, integrating technical and perceptual dimensions often overlooked in existing literature. The study’s multistakeholder findings offer valuable input for policymakers, regulators, and technology developers seeking to build secure and trusted crypto ecosystems in emerging markets like Saudi Arabia.

Pseudo-random number generator (PRNG) is a type of algorithm that generates a sequence of random numbers using a mathematical formula, which is widely used in computer science, such as simulation, modeling applications, data encryption, et cetera. The efficiency and security of PRNG are closely related to its output bits at each iteration. Especially, we have recently found that linear congruential generator (LCG) is commonly used as the underlying PRNG in short message service (SMS) app, fast knapsack generator (FKG), and programming languages such as Python, while the quadratic generator plays an important role in Monte Carlo method. Therefore, in this paper, we revisit the security of these two number-theoretic pseudo-random generators and obtain the best results for attacking these two kinds of PRNGs up to now. More precisely, we prove that when the mapping function of LCG and the quadratic generator is unknown, if during each iteration, generators only output the most significant bits of v_i, one can also recover the seed of PRNG when enough consecutive or nonconsecutive outputs are obtained. The primary tool of our attack is the Coppersmith method which can find small roots on polynomial equations. Our advantage lies in applying the local linearization technique to the polynomial equations to make them simple and easy to solve and applying the analytic combinatorics method to simplify the calculation of solution conditions in the Coppersmith method. Experimental data validate the effectiveness of our work.

In the past decade, the fourth industrial revolution has transformed data management in the construction industry, enhancing processes from storage to exchange. However, this digitisation has also led to increased security challenges, particularly cyber-attacks. This study aims to identify measures to mitigate these threats in construction project data management. Using a quantitative approach, data was collected from construction professionals in Gauteng, South Africa, including quantity surveyors, architects and engineers, via a structured online questionnaire. Findings revealed that effective measures against cyber-attacks include adequate staff training, antivirus software and regular password changes. The study recommends that construction professionals secure their computers and software, as they house critical project data vulnerable to exploitation, even long after project completion. By keeping stakeholders informed about current data security practices, this research encourages the adoption of Industry 4.0 technologies, despite the risks posed by cyber-attacks.

Large language models (LLMs) have evolved significantly, achieving unprecedented linguistic capabilities that underpin a wide range of AI applications. However, they also pose risks and challenges such as ethical concerns, bias and computational sustainability. How to balance the high performance in revolutionising information processing with the risks they pose is critical to their future development. LLM is a type of NLP model and many of the LLM risks are also risks that NLP has experienced in the past. We, therefore, summarise these risks, focusing more on the underlying understanding of these risks/technical tools, rather than simply describing their occurrence in LLM. In this paper, we first discuss and compare the current state of research on the four main risks in the process of developing LLMs: data, system, pretraining and inference, and then, try to summarise the rationale, complexity, prospects and challenges of the key issues and challenges in each phase. Finally, this review concludes with a discussion of the fundamental issues that should be of most concern and risk and that should be addressed in the early stages of modelling research, including the correlated issues of privacy preservation and countering attacks and model robustness. Based on the LLM research and development (R&D) process perspective, this review summarises the actual risks and provides guidance for research directions, with the aim of helping researchers to identify these risk points and technology directions worth investigating, as well as helping to establish a safe and efficient R&D process.

In this paper, we propose a generic construction of dual-server public key authenticated encryption with keyword search (DS-PAEKS) from PAEKS, public key encryption, and signatures. We also show that previous DS-PAEKS scheme is vulnerable by providing a concrete attack. That is, the proposed generic construction yields the first DS-PAEKS schemes. Our attack with a slight modification works against previous dual-server public key encryption with keyword search (DS-PEKS) schemes.

With the continuous advancement of big data and artificial intelligence technologies, event prediction is increasingly being utilized across a multitude of domains. Predicting events allows for the exploration of the developmental trajectories and summarization of patterns associated with these events. However, events typically encompass a myriad of elements and intricate relationships, necessitating an enhancement in the precision of event prediction. However, the existing methods suffer from poor data quality, insufficient feature information, limited generalization capability of the models, and difficulties in evaluating prediction errors. This paper proposes a novel event prediction method based on graph representation learning, aiming to improve the accuracy of event prediction while reducing the time cost. By constructing causal graphs and introducing the script event simulation method, the architecture combines graph neural networks (GNNs) with BERT to simplify the event prediction process. Additionally, by combining GNNs with pretrained language models, a dynamic graph representation learning method is proposed. This means that a unified graph representation learning model can be built by following specific rules, thus predicting the development trajectory of events more accurately. The study evaluates the effectiveness of dynamic graph representation learning technology in a specific scenario, specifically in the context of employee career choices. By converting the career graph of employees into low-dimensional representations, the effectiveness of the dynamic graph representation learning method in predicting employee career decisions is validated. This innovation not only improves the accuracy of event prediction but also helps better understand and respond to complex event relationships in practical applications, providing decision-makers with more powerful information support. Therefore, this research has important theoretical and practical significance, providing valuable references for future studies in related fields.

Malware can greatly compromise the integrity and trustworthiness of information and is in a constant state of evolution. Existing feature fusion-based detection methods generally overlook the correlation between features. And mere concatenation of features will reduce the model’s characterization ability, lead to low detection accuracy. Moreover, these methods are susceptible to concept drift and significant degradation of the model. To address those challenges, we introduce a feature graph-based malware detection method, malware feature graph (MFGraph), to characterize applications by learning feature-to-feature relationships to achieve improved detection accuracy while mitigating the impact of concept drift. In MFGraph, we construct a feature graph using static features extracted from binary PE files, then apply a deep graph convolutional network to learn the representation of the feature graph. Finally, we employ the representation vectors obtained from the output of a three-layer perceptron to differentiate between benign and malicious software. We evaluated our method on the EMBER dataset, and the experimental results demonstrate that it achieves an AUC score of 0.98756 on the malware detection task, outperforming other baseline models. Furthermore, the AUC score of MFGraph decreases by only 5.884% in 1 year, indicating that it is the least affected by concept drift.

A powerful theory for evaluating block ciphers against integral distinguishers was introduced by Hebborn et al. at ASIACRYPT 2021. To show the integral-resistance property for a block cipher, their core idea is to construct a full-rank integral-resistance matrix. However, their method does not work practically for 5-round AES due to the large S-box and complex linear layer. In this paper, we are concerned with the integral-resistance property of 5-round AES. By carefully investigating the S-box and the linear layer of AES, some significant properties about the propagation of the division property on the round function of AES are derived. In particular, with these properties, it is easy to determine the appearance of all maximum-degree monomials after 5-round AES encryption on a properly chosen set of key-patterns. Consequently, a full-rank integral-resistance matrix is formed to show that there is no integral distinguisher for five rounds and higher of AES under the assumption of independent round keys. Since it is well known that there is a 4-round integral distinguisher for AES, our result is tight for AES. As far as we know, this is the first proof for the integral-resistance property of 5-round AES.

Nowadays, social media platforms provide space that allows communication and sharing of various resources using a variety of natural languages in different cultural and multilingual aspects. Although this interconnectedness offers numerous benefits, it also exposes users to the risk of encountering offensive (OFFN) and harmful content, including hateful speech. In order to create a model for detecting hateful content in resource-rich languages, lexicons, word embedding, topic modeling, and transformer language models were applied. Low-resource languages, including Ethiopian languages, suffering in lack of such linguistic resources. Multilingual hateful content detection brings complex challenges due to cultural and linguistic varieties. The paper proposes a multilingual hateful content identification model using a transformer language model and hybrid lexicon techniques to enhance hateful content recognition in low-resource Ethiopian languages. First, hateful content disseminated on Facebook in Ethiopian-languages target was identified as (insult, identity hate, antagonistic, and threat) using topic modeling techniques. Then, we compiled different hateful terms from sources such as guidelines and proclamations related to the Ethiopian context. We created Ethiopian context-based transformer language models. We utilized topic words-based datasets to construct pretrained transformer language models and multilingual lexicons of major Ethiopian languages. Finally, their performance was compared by integrating them into deep learning-based low-resource Ethiopian languages’ hateful content detection framework. Among applied deep learning algorithms with Ethiopian language linguistic resources, word2vec-based multilingual lexicons with convolutional neural network (CNN) outperform than others. The result indicated that constructing topic words based multilingual word2vec lexicons outperformed than transformers language model based on topics modeling for low-resource Ethiopian languages, effectively produce the promising hate speech (HATE) detection approach of low-resource Ethiopian languages.