IET Information Security最新文献

Pattern matching is widely used in applications such as genomic data query analysis, network intrusion detection, and deep packet inspection (DPI). Performing pattern matching on plaintext data is straightforward, but the need to protect the security of analyzed data and analyzed patterns can significantly complicate the process. Due to the privacy security issues of data and patterns, researchers begin to explore pattern matching on encrypted data. However, existing solutions are typically built on static pattern matching methods, lacking dynamism, namely, the inability to perform addition or deletion operations on the analyzed data. This lack of flexibility might hinder the adaptability and effectiveness of pattern matching on encrypted data in the real-world scenarios. In this paper, we design a dynamic pattern matching scheme on encrypted data with forward and backward security, which introduces much-needed dynamism. Our scheme is able to implement the addition operation and the deletion operation on the encrypted data without affecting the security of the original pattern matching scheme. Specifically, we design secure addition and deletion algorithms based on fragmentation data structures, which are compatible with the static pattern matching scheme. Moreover, we make significant improvements to the key generation algorithm, the encryption algorithm, and the match algorithm of the static scheme to ensure forward and backward security. Theoretical analysis proves that our scheme satisfies forward and backward security while ensuring the nonfalsifiability of encrypted data. The experimental results show that our scheme has a slight increase in time cost compared to the static pattern matching scheme, demonstrating its practicality and effectiveness in dynamic scenarios.

Biometric authentication is adopted in many access control scenarios in recent years. It is very convenient and secure since it compares the user’s own biometrics with those stored in the database to confirm their identification. Since then, with the vigorous development of machine learning, the performance and accuracy of biometric authentication have been greatly improved. Face recognition technology combined with convolutional neural network (CNN) is extremely efficient and has become the mainstream of access control systems (ACSs). However, identity information and access logs stored in traditional databases can be tampered by malicious insiders. Therefore, we propose a face recognition ACS that is resistant to data forgery. In this paper, a deep convolutional network is utilized to learn Euclidean embedding (based on FaceNet) of each image and achieve face recognition and verification. Quorum, which is built on the Ethereum blockchain, is used to store facial feature vectors and login information. Smart contracts are made to automatically put data into blocks on the chain. One is used to store feature vectors, and the other to record the arrival and departure times of employees. By combining these cutting-edge technologies, an intelligent and immutable ACS that can withstand distributed denial-of-service (DDoS) and other internal and external attacks is created. Finally, an experiment is conducted to assess the effectiveness of the proposed system to demonstrate its practicality.

Intelligent connected vehicles (ICVs) are one of the fast-growing directions that plays a significant role in the area of autonomous driving. To realize collaborative computation among ICVs, federated learning (FL) or federated-based large language model (FedLLM) as a promising distributed approach has been used to support various collaborative application computations in ICVs scenarios, for example, analyzing vehicle driving information to realize trajectory prediction, voice-activated controls, conversational AI assistants. Unfortunately, recent research reveals that FL systems are still faced with privacy challenges from honest-but-curious server, honest-but-curious distributed participants, or the collusion between participants and the server. These threats can lead to the leakage of sensitive private data, such as location information and driving conditions. Homomorphic encryption (HE) is one of the typical mitigation that has few effects on the model accuracy and has been studied before. However, single-key HE cannot resist collusion between participants and the server, multikey HE is not suitable for ICVs scenarios. In this work, we proposed a novel approach that combines FL with homomorphic proxy re-encryption (PRE) which is based on participants’ ID information. By doing so, the FL-based ICVs can be able to successfully defend against privacy threats. In addition, we analyze the security and performance of our method, and the theoretical analysis and the experiment results show that our defense framework with ID-based homomorphic PRE can achieve a high-security level and efficient computation. We anticipate that our approach can serve as a fundamental point to support the extensive research on FedLLMs privacy-preserving.

Industrial control systems (ICSs) increasingly leverage the industrial internet of things (IIoTs) for sensor-based automation, enhancing operational efficiency. However, the rapid expansion of the IIoTs brings with it an inherent susceptibility to potential threats from network intrusions, which pose risks to both the network infrastructure and associated equipment. The landscape of botnets is characterized by its diverse array and intricate attack methodologies, spanning a broad spectrum. In recent years, the domain of industrial control has witnessed the emergence of botnets, further accentuating the need for robust security measures. Addressing the challenge of categorizing and detecting the diverse botnet attacks, this paper proposes a two-stage feature selection–based method for botnet detection. In the first stage, a spatiotemporal convolutional recurrent network is employed to construct a hybrid network capable of classifying benign traffic and identifying traffic originating from distinct botnet families. Subsequently, in the second stage, core features specific to the traffic of each botnet family are meticulously screened using the F-test. The identified features are then utilized to categorize the respective attack types through the application of extreme gradient boosting (XGBOOST). To evaluate the efficacy of the proposed method, we conducted experiments using the N-BaIoT dataset under 10 different attack scenarios from the Gafgyt and Mirai botnet families. The results demonstrate that our method achieves a classification accuracy and F1-score exceeding 99%, establishing it as the highest-performing model for botnet detection within this dataset.

Public-key authenticated encryption with keyword search (PAEKS) is a novel cryptographic primitive to resist against keyword-guessing attacks (KGAs) and preserve the privacy of keywords in both ciphertexts and trapdoors. Recently, a designated-server PAEKS (dPAEKS) scheme was proposed to withstand KGAs. The scheme was claimed to satisfy both multi-ciphertext indistinguishability (MCI) and multi-trapdoor privacy (MTP). However, our cryptanalysis demonstrates that it is insecure against KGAs, where a malicious server (inside attacker) can obtain the information of the keywords embedded in the ciphertext and the trapdoor. As a result, both the MCI and MTP of the scheme are broken. In addition, the paper also shows that it is possible to break the security of MTP, even for an outside attacker. Finally, we also provide a method to fix these security flaws.

In July 2021, the IT management software company Kaseya was the victim of a ransomware cyberattack. The perpetrator of this attack was ransomware evil (REvil), an allegedly Russian-based ransomware threat group. This paper addresses the general events of the incident and the actions executed by the constituents involved. The attack was conducted through specially crafted hypertext transfer protocol (HTTP) requests to circumvent authentication and allow hackers to upload malicious payloads through Kaseya’s virtual system administrator (VSA). The attack led to the emergency shutdown of many VSA servers and a federal investigation. REvil has had a tremendous impact performing ransomware operations, including worsening international relations between Russia and world leaders and costing considerable infrastructure damage and millions of dollars in ransom payments. We present an overview of Kaseya’s defense strategy involving customer interaction, a PowerShell script to detect compromised clients, and a cure-all decryption key that unlocks all locked files.

The increasing reliance on big data and artificial intelligence (AI) in the Fourth Industrial Revolution has raised significant concerns about individual privacy protection. This has led various countries to enact or amend privacy protection acts to address these concerns. However, there is a lack of comprehensive research comparing these laws across multiple countries, especially considering recent legislative developments. This study fills this gap by conducting a comparative analysis of privacy information protection acts in five major regions: the European Union (EU), the United States (focusing on California), China, Japan, and South Korea. The analysis explores the diverse approaches to privacy protection adopted by each region, influenced by their unique historical, political, and cultural contexts. For instance, the EU’s General Data Protection Regulation (GDPR) emphasizes individual rights influenced by historical abuses of personal information. At the same time, the California Consumer Privacy Act (CCPA) prioritizes consumer rights within a self-regulatory framework, reflecting the state’s technology-driven economy. The study also examines China’s Personal Information Protection Law (PIPL), which prioritizes national security; Japan’s Act on the Protection of Personal Information (APPI), which navigates the tension between individual privacy and societal norms; and South Korea’s Personal Information Protection Act (PIPA), which balances individual autonomy with a sense of community, reflecting Confucian values. By identifying specific limitations and areas for improvement in each region’s data protection laws, this study contributes to the ongoing discourse on international data privacy regulation. It offers valuable insights for policymakers and stakeholders seeking to navigate the complexities of the data economy while ensuring robust safeguards for individual privacy.

Masking schemes are widely adopted strategies for countering side-channel analysis (SCA) attacks. The initial hardware masking strategy, threshold implementation (TI), provides robust security against glitches in hardware platforms. The minimum number of shares required for a TI scheme depends not only on the desired security order but also on the algebraic degree of the target function. For instance, implementing a second-order TI scheme for quadratic nonlinear functions requires at least five shares to ensure security, leading to substantially high implementation costs for higher order TI schemes. To address this issue, Shahmirzadi et al. proposed a method in CHES 2021 for constructing a 3-share second-order masking scheme. Despite its advancements, their search method is complex and time consuming. Our study presents a more efficient search method for a 3-share second-order masking scheme, ensuring both uniformity and second-order probing security. Our approach can find a valid second-order scheme in under a minute, making it tens to over a 1000 times faster than the method described in CHES 2021. Utilizing our methodology, we have effectively constructed second-order secure implementations for several cryptographic primitives (e.g., Keccak, SKINNY, Midori, PRESENT, PRINCE, GIFT, and RECTANGLE) and evaluated their implementation costs and security.

With the trend of large-scale renewable distributed energy sources (DERs) penetrating into the smart grids (SGs), the SGs entail heavy reliance on information and communication technologies (ICT) and increasing impact of social behaviors on system operation and management. The SGs can be viewed as cyber–physical–social systems (CPSSs). However, the deep coupling of cyber, physical, and social spaces leads the SGs to be more complex and openness, and thus, a higher risk of exposure to various threats. To study the threats, countermeasures, and challenges of the high-DER-penetrated SGs from a cyber–physical–social perspective, the key features of the SGs on devices, networks, and applications are first analyzed. On this basis, the threats faced by the SGs due to the widespread deployment of terminal devices, open network environments, and the increasing importance of social behaviors are analyzed. Subsequently, the limitations of the deployed security measures in current power systems are discussed, and an overview of the state-of-art countermeasures for the SGs security faced by the threats is organized in three stages: prevention, detection, and mitigation. Finally, the research challenges, key gaps, and future directions for security enhancement of the SGs are also discussed.

Functional signatures were allowed anyone to sign any messages in the range of function f, who possesses the secret key sk_f. However, the existing construction does not satisfy the property of message and function privacy. In this paper, we propose a new notion which is called functional message authentication codes (MACs). In a functional MAC scheme, there are two types of secret keys. One is a master secret key which can be used to generate a valid tag for any messages. The other is authenticating keys for a function f, which can be used to authenticate any messages belonged to the range of f. Except the unforgeability, we require the proposed functional MAC to satisfy function and message privacy which indicates that the authenticating process reveals nothing other than the function values and the corresponding tags. We give a functional MAC construction based on a functional encryption (FE) scheme with function privacy, a perfectly binding commitment scheme, a standard signature scheme, and a symmetric encryption scheme with semantic security. Then, we show an application of functional MAC to constructing verifiable outsourcing computation, which ensures that the client does not accept an incorrect evaluation from the server with overwhelming probability.