The ISC International Journal of Information Security

Abstract Cube Attack is a successful case of Algebraic Attack. Cube Attack consists of two phases, linear equation extraction and solving the extracted equation system. Due to the high complexity of equation extraction phase in finding linear equations, we can extract nonlinear ones that could be approximated to linear equations with high probability. The probabilistic equations could be considered as linear ones under some noises. Existing approaches to solve noisy equation systems work well provided that the equation system has low error rate; however, as the error rate increases, the success rate of finding the exact solution diminishes, making them rather inefficient in high error rate. In this paper, we extend Cube Attack to probabilistic equations. First, an approximation approach based on linear combinations of nonlinear equations is presented to find probabilistic linear equations with high probability. Then, we present an approach to improve the efficiency of current solving approaches and make them practical to solve high error rate linear equation system. Finally, utilizing proposed approaches, we find the right key under extended noisy equation system with lower complexity in comparison to the original Cube Attack.

Abstract A novel feature extraction algorithm using Otsu’s Threshold (OT-features) on scrambled images and the Instantaneous Clustering (IC-CBIR) approach is proposed for Content-Based Image Retrieval in cloud computing. Images are stored in the cloud in an encrypted or scrambled form to preserve the privacy content of the images. The proposed method extracts the features from the scrambled images using the Otsu’s threshold. Initially, the Otsu’s threshold is estimated from the scrambled image and based on this threshold the image is divided into two classes in the first iteration. Again, the new threshold values are estimated from two classes. The difference between the new threshold and the previous threshold gives two features. This process is repeated for number of iteration to obtain the complete OT-features of the scrambled image. This paper also proposes an instantaneous clustering approach (IC-CBIR) where the image is moved into a cluster as soon as the image is uploaded by the image owner. Therefore while retrieving the images, the images near to a particular cluster are matched instead of matching with a complete set of image features in the dataset which reduces the search time. The performance of the proposed algorithm is being tested using four different types of the dataset such as Corel 10K, Misc, Oxford flower, and INRIA Holidays dataset. The experimental evaluation reveals that the proposed method outperforms better than the traditional CBIR algorithm on encrypted images in terms of precision, time of search and time of index construction.

Abstract Digital signature schemes are used to guarantee for non-repudiation and authenticity of any kind of data like documents, messages or software. The Winternitz one-time signature (WOTS) scheme, which can be described using a certain number of so-called “function chains”, plays an important role in the design of both stateless and stateful many-time signature schemes. The main idea of WOTS scheme is the use of a limited number of function chains, all of which begin at some random values. This work introduces WOTS-GES, a new WOTS type signature scheme in which the need for computing all of the intermediate values of the chains is eliminated. More precisely, to compute each algorithm of the proposed scheme, we only need to calculate one intermediate value. This significantly reduces the number of required operations needed to calculate the algorithms of WOTS-GES. To achieve this results, we have used the concept of “leveled” multilinear maps which is also
referred to as graded encoding schemes. We expect these results to increase the efficiency of Winternitz based digital signature schemes.

Abstract The emergence of quantum computing threatens the security of traditional
cryptographic primitives underpinning anonymous communication protocols
like mix networks (mixnets), necessitating quantum-resistant alternatives. This
paper introduces QuMixnet, a mixnet protocol designed to withstand quantum
attacks while ensuring robust anonymity and privacy. QuMixnet employs
post-quantum cryptographic primitives, utilizing CRYSTALS-Dilithium for
digital signatures to guarantee authenticity and CRYSTALS-Kyber for key
encapsulation to secure message encryption with symmetric ciphers (e.g.,
AES-GCM). Operating on a peer-to-peer (P2P) architecture, every node can
serve as a sender, receiver, or mix node, enhancing anonymity by obscuring
participant roles. Sender-determined routing ensures that only the sender knows
the full message path, with onion routing layered encryption across nodes. To
counter traffic analysis, QuMixnet implements message padding to a fixed size,
dummy messages for traffic covering, and batch processing with shuffling. A
security model, evaluated through formal security games, confirms resilience
of QuMixnet against adversaries with quantum capabilities, achieving strong
sender and receiver anonymity, communication anonymity, confidentiality, and
integrity. QuMixnet advances anonymous communication by offering a scalable,
quantum-safe solution that fortifies privacy against evolving threats.

Abstract Least Significant Bit Matching (LSBM) is a simple steganography approach that has been detected under multiple attacks. Imperceptibility (i.e., maintenance of high perceptual image quality) and security are significant parameters in steganography. However, most conventional steganography techniques rely on single-objective optimization, which focuses on improving one parameter while often compromising others. This limitation underscores the need for approaches that balance conflicting objectives. To address this, the present study employs the Non-Dominated Sorting Genetic Algorithm II (NSGA-II) to optimize security and imperceptibility. This methodology includes a cover image division into blocks, each with two critical decisions: (1) seed determination for the pseudo-random number generator to simultaneously identify optimal pixels for data embedding and (2) selecting whether the pixel value should be increased or reduced upon a mismatch between the data bit and pixel LSB. Pixels with the highest data bit–LSB correspondence are optimal, and a pixel value change (increase or reduction) is to minimize block histogram variation. This multiobjective optimization is carried out using NSGA-II. It was comparatively revealed that the developed methodology remarkably improved image quality metrics and decreased detection accuracy at different embedding rates. At embedding rates of 0.3, 0.5, and 0.8 bpp, the Peak Signal-to-Noise Ratio (PSNR) was approximately 57.65, 55.55, and 52.75, respectively. This result represents a 1.5-2.5% improvement compared to conventional LSBM techniques. 

Abstract Authenticated encryption schemes are important cryptographic primitives that received extensive attention recently. They can provide both confidentiality and authenticity services, simultaneously. Correlation power analysis (CPA) can be a thread for authenticated ciphers, similar to the any physical implementation of any other cryptographic scheme. In this paper, a three-step CPA attack against COLM, one of the winners of CAESAR, is presented to indicate its vulnerability. To validate this attack, COLM is implemented on the FPGA of the SAKURA-G board. A successful CPA attack with zero value power model is mounted by measuring and collecting 1,800 power traces. In addition, a protected hardware architecture for COLM is proposed to make this design secure against first-order CPA attacks, where a domain-oriented masking (DOM) scheme with two-input/output shares is used to protect it. To verify these countermeasures, we mount first and second-order CPA attacks and a non-specified t-test on the protected COLM.
Keywords: Authenticated Cipher, COLM, CPA, DOM, Masking.

Abstract The advent of cloud computing in the healthcare system makes accuracy and speed increased, costs reduced, and health services widely used. However, system users are always seriously concerned about the security of outsourced data. The ciphertext-policy attribute-based encryption (CP-ABE) is a promising way to ensure the security of and facilitate access control over outsourced data. However, conventional CP-ABE schemes have security flaws such as lack of attribute privacy and resistance to the keywords guessing attacks as well as the disability to multi-keyword searches. To meet such shortcomings, we present a scheme supporting multi-keyword search and fine-grained access control, simultaneously. The proposed scheme is resistant to the offline keywords guessing attack. Privacy-preserving in the access structure is another feature of the proposed scheme. The security analysis indicates that our scheme is selectively secure in the standard model. Finally, the performance evaluation of the proposed scheme shows the efficiency is reasonable despite the added functionalities.

Abstract Detecting Advanced Persistent Threats (APTs) is crucial, and a practical approach involves using an intrusion detection system (IDS) integrated with supervised machine learning algorithms. These algorithms require a balanced dataset with ample attack samples to learn and recognize attack patterns effectively. However, widely used APT datasets, such as DAPT2020 and SCVIC-APT-2021, suffer from imbalance issues that limit the performance of machine learning-based intrusion detection systems (IDS). We introduce DSRL-APT-2023, a new balanced synthetic APT dataset generated using CTGAN to address this challenge. The CTGAN model is trained on the DAPT2020 dataset to create this balanced dataset. We evaluate and compare the performance of six standard supervised machine learning algorithms—Decision Tree, Support Vector Machine, K-Nearest Neighbor, Logistic Regression, Random Forest, and Multi-Layer Perceptron— alongside an intrusion detection system (IDS) called Intelligent Intrusion Detection System, which is based on tree-structured machine learning models. Our evaluation focuses on detecting attacks in DSRL-APT-2023 and compares its performance to DAPT2020 and SCVIC-APT-2021. Additionally, we assess the data quality of synthetic datasets generated by two prominent GANs, CopulaGAN, and CTGAN, with CTGAN demonstrating slightly superior performance in generating high-quality tabular data. Our results demonstrate that machine learning algorithms and the Intelligent IDS can accurately detect attacks in the synthetic dataset, as evidenced by the F1-Score metrics.

Abstract Today, intrusion detection systems are used in the networks as one of the essential methods to detect new attacks. Usually, these systems deal with a broad set of data and many features. Therefore, selecting proper features and benefitting from previously learned knowledge is suitable for efficiently detecting new attacks. A new graph-based method for online feature selection is proposed in this article to increase the accuracy in detecting attacks. In the proposed method, irrelevant features are first removed by inputting a limited number of instances. Then, features are clustered based on graph theory to reduce the search space. After the arrival of new instances at each stage, new clusters of features are created that may differ from the clusters created in the previous step. Therefore, to find the appropriate clusters, these two clusters are combined to select some relevant features with minimum redundancy. The evaluation results show that the proposed method has better performance, for instance classification with a lesser run time than similar online feature selection methods. The proposed method is also faster with a suitable accuracy in instances classification compared to some offline methods.

Abstract Internet of things (IoT) is an innovation in the world of technology. Continuous technological advancements based on the IoT cloud and booming wireless technology have revolutionized the living of human and remote health monitoring of patients is no exclusion. The Telecare Medicine Information Systems (TMIS) is a system between Home Health Care (HHC) Organizations and patients at home that collects, saves, manage and transmits the Electronic Medical Record (EMR) of patients. Therefore, security in remote medicine has always been a very big and serious challenge. Therefore, biometrics-based schemes play a crucial role in IoT, Wireless Sensor Networks (WSN), etc. Recently, Xiong et al. and Mehmood \textit{et al.} presented key exchange methods for healthcare applications that they claimed these schemes provide greater privacy. But unfortunately, we show that these schemes suffer from privacy issues and key compromise impersonation attack. To remove such restrictions, in this paper, a novel scheme (ECKCI) using Elliptic Curve Cryptography (ECC) with KCI resistance property was proposed. Furthermore, we demonstrate that the ECKCI not only overcomes problems such as key compromise impersonation attack in previous protocols, but also resists all specific attacks. Finally, a suitable equilibrium between the performance and security of ECKCI in comparisons with these recently proposed protocols was obtained. Also, the simulation results with the Scyther and ProVerif tools show that the ECKCI is safe in terms of security.

Abstract The future of the IoT requires new methods of payment that can handle millions of transactions per second. IOTA cryptocurrency aims at providing such a solution. It uses a consensus algorithm based on directed acyclic graphs (DAG) that is called Tangle. A tip selection algorithm (TSA) is a part of Tangle that determine which unconfirmed blocks (tips) should be confirmed by new blocks. There is always a chance that a small number of valid blocks never get confirmed and become stale. If a significant part of blocks become stale, the Tangle is considered unstable. In this paper, we mathematically prove that a TSA is stable in all transaction rates if and only if the probability of selecting all tips is at least $1/2n$ in which $n$ is the total number of tips. Accordingly, we demonstrate that the MCMC TSA used in IOTA would not be stable in high transaction rates.

Abstract This paper explores the algebraic matching approach for detection of vulnerabilities in binary codes. The algebraic programming system is used for implementing this method. It is anticipated that models of vulnerabilities and programs to be verified are presented as behavior algebra and action language specifications. The methods of algebraic matching are based on rewriting rules and techniques with usage of conditional rewriting. This process is combined with symbolic modeling that gives a possibility to provide accurate detection of vulnerabilities. The paper provides examples of formalization of vulnerability models and translation of binary codes to behavior algebra expressions.

Abstract The widespread use of wireless cellular networks has made security an ever increasing concern. GSM is the most popular wireless cellular standard, but security is an issue. The most critical weakness in the GSM protocol is the use of one-way entity authentication, i.e., only the mobile station is authenticated by the network. This creates many security problems including vulnerability against man-in-the-middle attacks. Several solutions have been proposed to establish mutual entity authentication. However, none provide a aw-free bilateral authentication protocol. In this paper, we show that a recently proposed solution is vulnerable to a "type attack". Then, we propose a novel mutual entity authentication using the TESLA protocol. The proposed solution not only provides secure bilateral authentication, but also decreases the call setup time and the required connection bandwidth. An important feature of the proposed protocol is that it is compatible with the GSM standard.

Abstract This paper proposes an efficient joint secret key encryption-channel coding cryptosystem, based on regular Extended Difference Family Quasi-Cyclic Low-Density Parity-Check codes. The key length of the proposed cryptosystem decreases up to 85 percent using a new efficient compression algorithm. Cryptanalytic methods show that the improved cryptosystem has a significant security advantage over Rao-Nam cryptosystem against chosen plaintext attacks, benefiting from an improvement on the structure of the Rao-Nam cryptosystem and proper choices of code parameters. Moreover, the proposed cryptosystem benefits from the highest code rate and a proper error performance.

Abstract   The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an important issue. The Attribute-Based Access Control (ABAC) model is a proper candidate to be used in such an access control system. The correct deployment and enforcement of ABAC policies in a ULS system requires secure and scalable collaboration among different distributed authorization components. A large number of these authorization components should be able to join different domains dynamically and communicate with each other anonymously. Dynamic configuration and reconfiguration of authorization components makes authorization system more complex to manage and maintain in a ULS system. In this paper, an access control middleware is proposed to overcome the complexity of deployment and enforcement of ABAC policies in ULS systems. The proposed middleware is data-centric and consists of two layers. The lower layer is a Data-Distribution-Service (DDS) middleware used for loosely-coupled-communication among authorization components. The upper layer is used for secure configuration and reconfiguration of authorization components. An executable model of the proposed middleware is also represented by a Colored-Petri-Net (CPN) model. This executable model is used to analyze the behavior of the proposed middleware.

Abstract An Optimistic Fair Exchange (OFE) protocol is a good way for two parties to exchange their digital items in a fair way such that at the end of the protocol execution, both of them receive their items or none of them receive anything. In an OFE protocol there is a semi-trusted third party, named arbitrator, which involves in the protocol if it is necessary. But there is a security problem when arbitrator acts dishonestly and colludes with the verifier, that is, the arbitrator can complete the transaction without getting signer's agreement. Huang et al. in 2011 addressed this issue by formalizing the accountability property. However, Huang et al.'s scheme is secure in the random oracle model which is not available in the real world. We present the first generic accountable OFE protocol that is secure in the standard model by using traceable ring signatures (TRSs) as our primitive. We prove the security of our protocol under the chosen-key model and multi-user setting.

Abstract In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this approach and then we model and verify some famous security protocols using Scyther. Theorem proving is based on deriving the desired goals from assumption of protocols via a deduction system. We define a deduction system named Simple Logic for Authentication to formally define the notion of authenticated communication based on the structure of the messages, and then we several famous protocols using our proposed deduction system and compare it with the verification results of Scyther model checking.

Abstract Certificateless public key cryptography (CL-PKC) is a useful method in order to solve the problems of traditional public key infrastructure (i.e., large amount of computation, storage and communication costs for managing certificates) and ID-based public key cryptography (i.e., key escrow problem), simultaneously. A signcryption scheme is an important primitive in cryptographic protocols which provides the goals of signing and encrypting, simultaneously. In 2010, Liu et al. presented the first certificateless signcryption (CLSC) scheme in the standard model, but their scheme is vulnerable against different attacks presented in the literature, till now. In this paper, we improve their scheme and propose a new CLSC scheme, which is semantically secure against adaptive chosen ciphertext attack under the (Ѕ₂, 5)-BDHE-Set assumption and existentially unforgeable against adaptive chosen message attack under the 3-CDHE assumption in the standard model. Our scheme is more efficient than all other secure CLSC schemes in the standard model proposed up to now.

Abstract Impossible differential attack is a well-known mean to examine robustness of block ciphers. Using impossible differential cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low
energy consumption. Midori state size can be either 64 bits for Midori64 or 128 bits for Midori128; however, both versions have key size equal to 128 bits.
In this paper, we mainly study security of Midori64. To this end, we use various techniques such as early-abort, memory reallocation, miss-in-the-middle and turning to account the inadequate key schedule algorithm of Midori64. We first show two new 7round impossible differential characteristics which are, to the best of our knowledge, the longest impossible differential characteristics found for Midori64. Based on the new characteristics, we mount three impossible differential attacks for 10, 11, and 12 rounds on Midori64 with 2 87.7 , 2 90.63 , and 2 90.51 time complexity, respectively, to retrieve the master-key.

Abstract Correctness verification of query results is a significant challenge in database outsourcing. Most of the proposed approaches impose high overhead, which makes them impractical in real scenarios. Probabilistic approaches are proposed in order to reduce the computation overhead pertaining to the verification process. In this paper, we use the notion of trust as the basis of our probabilistic approach to efficiently verify the correctness of query results. The trust is computed based on observing the history of interactions between clients and the service provider. Our approach exploits Merkle Hash Tree as an authentication data structure. The amount of trust value towards the service provider leads to investigating just an appropriate portion of the tree. Implementation results of our approach show that considering the trust, derived from the history of interactions, provides a trade-off between performance and security, and reduces the imposed overhead for both clients and the service provider in database outsourcing scenario.

Abstract In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi which are candidates of the first round of the NIST-LWC competition.

GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respectively. We show that the security bounds for some variants of its hash and AEAD are less than the designers' claims. For example, the designers' security claim of preimage attack for a hash function when the rate is 128 bits and the capacity is $256$ bits, is 2^{256}, however, we show that the security of preimage for this parameter set is 2^{128}. Also, the designer claimed security of confidentiality for an AEAD, when the rate is 8 bits and the capacity is 224 bits, is 2^{116}, however, we show the security of confidentiality for it is 2^{112$.

We also investigate the structure of the permutation used in InGAGE and present an attack to recover the key for reduced rounds of a variant of InGAGE. In an instance of AEAD of InGAGE, when the rate is 8 bits and the capacity is 224 bits, we recover the key when the number of the composition of the main permutation with itself, i.e., r_{1}, is less than 8.

We also show that CiliPadi is vulnerable to the length extension attack by presenting concrete examples of forged messages.

Abstract Most of the current research on static analysis of Android applications for security vetting either work on Java source code or the Dalvik bytecode. Nevertheless, Android allows developers to use C or C++ code in their programs that is compiled into various binary architectures. Moreover, Java and the native code components (C or C++) can collaborate with each other using Java Native Interface. Recent research shows that native codes are frequently used in both benign and malicious Android applications. Most of the present Android static analysis tools avert considering native codes in their analysis and applied trivial models for their data-flow analysis. As we know only the open source JN-SAF tool has tried to solve this issue statically. However, there are still challenges like libC functions and multi-threading in native codes that we want to address in this work. We presented SANT as an extension of JN-SAF for supporting Static Analysis of Native Threads. We considered modeling libC functions in our data-flow analysis to have a more precise analysis when dealing with security vetting of native codes. We also used control flow and data dependence graphs in SANT to handle multiple concurrent threads and find implicit data-flow between them. Our experiments show that the conducted improvements outperforms JN-SAF in real-world benchmark applications.

Abstract Oblivious Transfer (OT) is one of the fundamental building blocks in cryptography that enables various privacy-preserving applications. Constructing efficient OT schemes has been an active research area. This paper presents three efficient two-round pairing-free k-out-of-n oblivious transfer protocols with standard security. Our constructions follow the minimal communication pattern: the receiver sends k messages to the sender, who responds with n+k messages, achieving the lowest data transmission among pairing-free k-out-of-n OT schemes. Furthermore, our protocols support adaptivity and enable the sender to encrypt the n messages offline, independent of the receiver’s variables, offering significant performance advantages in one-sender-multiple-receiver scenarios. We provide security proofs under the Computational Diffie-Hellman (CDH) and RSA assumptions, without relying on the Random Oracle Model. Our protocols combine minimal communication rounds, adaptivity, offline encryption capability, and provable security, making them well-suited for privacy-preserving applications requiring efficient oblivious transfer. 

Abstract Numerous studies have been conducted to present new attacks using the time difference between the processor access to main memory and cache memory. Access-driven attacks are a series of cache-based attacks using fewer measurement samples to extract sensitive key values due to the ability of the attacker to evict or access cache lines compared to the other attacks based on this feature. In the access-driven attacks, the attacker frequently needs to evict or reload data from the cache memory before or after performing the targeted cryptosystem which requires the knowledge about the virtual or physical addresses. Knowledge of address offset for the corresponding data blocks in cryptographic libraries is a prerequisite for an adversary to reload or evict cache lines in Intel processors. Preventing the access of attackers to the address offsets can potentially be a countermeasure to mitigate access-driven attacks. In this paper, we demonstrate how to perform the Evict+Time attack on Intel x86 CPUs without any privilege of knowing address offsets.

Abstract The Internet of Things (IoT) offers transformative potential across sectors like energy, defense, and healthcare, but its limited resources make it vulnerable to cyberattacks, necessitating robust security measures such as intrusion detection systems (IDS) to safeguard its infrastructure. This article presents a study that helps intrusion detection systems identify malicious and legitimate communications. To help the system make the best decisions possible, the subcategory of the attacked traffic is also classified. We trained the suggested models to be capable of binary and multi-class classification, targeting common attacks like denial of service (DoS), distributed denial of service (DDoS), reconnaissance, and information theft directed at IoT devices. Our methodology makes use of recently published IoT datasets, such as BoTIoT, ToNIoT, WUSTL-IIOT-20212021, and CiCIoT. To assess and contrast the performance of the proposed models on these datasets, we first applied stratified undersampling to convert the original imbalanced datasets into balanced subsets, which were then used for training and evaluation. Among the models evaluated, biLSTM achieved the highest accuracy of 99.66% and MCC of 0.99759 on the WUSTL-IIoT-2021 dataset. On the BoTIoT dataset, CNN with Dual Focal Loss reached 97.76% accuracy and 0.95536 MCC. For ToNIoT, LSTM achieved 97.01% accuracy with an MCC of 0.93643, while on the CiCIoT dataset, biLSTM obtained 96.23% accuracy and 0.96347 MCC. The results show that biLSTM and LSTM models give higher performance than FNN and CNN models in terms of precision, recall, F1 score, and MCC across all datasets, demonstrating improved performance for temporal IoT intrusion detection tasks.