IET Information Security

Distributed denial-of-service (DDoS) attacks pose a significant threat to network security due to their widespread impact and detrimental consequences. Currently, deep learning methods are widely applied in DDoS anomaly traffic detection. However, they ...

The exclusive-or (XOR) hash combiner is a classical hash function combiner, which is well known as a good PRF and MAC combiner, and is used in practice in TLS versions 1.0 and 1.1. In this work, we analyze the second preimage resistance of the XOR ...

Many lightweight block ciphers have been proposed for IoT devices that have limited resources. SLIM, LBC-IoT, and SLA are lightweight block ciphers developed for IoT systems. The designer of SLIM presented a 7-round differential distinguisher and an 11-...

System on Wafer (SoW) based on chiplets may be implanted with hardware Trojans (HTs) by untrustworthy third-party chiplet vendors. However, traditional HTs protection techniques cannot guarantee complete protection against HTs, which poses a great ...

Existing healthcare data-sharing solutions often combine attribute-based encryption techniques with blockchain technology to achieve fine-grained access control. However, the transparency of blockchain technology may introduce potential risks of exposing ...

The π-calculus is a basic theory of mobile communication based on the notion of interaction, which, is aimed at analyzing and modeling the behaviors of communication processes in communicating and mobile systems, and is widely applied to the security ...

Lattice-based encryption schemes are significant cryptographic primitives to defend information security against quantum menace, and the decryption failure rate is related to both theoretical and realistic security. We quantitatively analyze how the ...

The continuous malicious attacks on Internet of Things devices pose a potential threat to the economic and private information security of end-users, especially on the dominant Android devices. Combining static analysis methods with deep Learning is a ...

Given a differential characteristic and an existing plaintext pair that satisfies it (referred to as a right pair), generating additional right pairs at a reduced cost is an appealing prospect. The neutral bit technique, referred to as neutral differences ...

Feedback shift registers (FSRs) are used as a fundamental component in electronics and confidential communication. A FSR f is said to be reducible if all the output sequences of another FSR g can also be generated by f and the FSR g costs less memory than f. A ...

Artificial intelligence algorithms and big data analysis methods are commonly employed in network intrusion detection systems. However, challenges such as unbalanced data and unknown network intrusion modes can influence the effectiveness of these ...

Source code vulnerabilities are one of the significant threats to software security. Existing deep learning-based detection methods have proven their effectiveness. However, most of them extract code information on a single intermediate representation of ...

Universal composability (UC) is a primary security flavor for designing oblivious transfer (OT) due to its advantage of arbitrary composition. However, the study of UC-secure OT over lattices is still far behind compared with constructions over prequantum ...

At Eurocrypt 2020, Coron et al. proposed a masking technique allowing the use of random numbers from pseudo-random generators (PRGs) to largely reduce the use of expansive true-random generators (TRNGs). For security against d probes, they describe a ...

Blockchain is commonly employed in access control to provide safe medical data exchange because of the characteristics of decentralization, nontamperability, and traceability. Patients share personal health data by granting access rights to users or ...

In the past decade, cybersecurity has become increasingly significant, driven largely by the increase in cybersecurity threats. Among these threats, SQL injection attacks stand out as a particularly common method of cyber attack. Traditional methods for ...

Two-party private set intersection (PSI) plays a pivotal role in secure two-party computation protocols. The communication cost in a PSI protocol is normally influenced by the sizes of the participating parties. However, for parties with unbalanced sets, ...

Differential and linear cryptanalysis are two important methods to evaluate the security of block ciphers. Building on these two methods, differential-linear (DL) cryptanalysis was introduced by Langford and Hellman in 1994. This cryptanalytic method has ...

Prospects of cloud computing as a technology that optimizes resources, reduces complexity, and provides cost-effective solutions to its consumers are well established. The future of cloud is the “cloud of clouds,” where cloud service providers (CSPs) ...

Named Data Networking (NDN) is a promising network architecture that differs from the traditional TCP/IP network, as it focuses on data rather than the host. A new secure model is required to provide the data-oriented trust instead of the host-oriented ...

As the winner of the NIST lightweight cryptography project, Ascon has undergone extensive self-evaluation and third-party cryptanalysis. In this paper, we use constraint programming (CP) as a tool to analyze the Ascon permutation and propose several ...

The static scanning identification of android application packages (APK) has been widely proven to be an effective and scalable method. However, the existing identification methods either collect feature values from known APKs for inefficient comparative ...

We propose a one-time blind signature scheme based on coding theory, which is improved on the basis of the SHMWW protocol. By adding two blinding factors, the anonymity of users is protected. The analysis proves that the scheme is secure and meets the ...

GEA-1, a proprietary stream cipher, was initially designed and used to protect against eavesdropping general packet radio service (GPRS) between the phone and the base station. Now, a variety of current mobile phones still support this standard cipher. In ...

Cloud computing (CC) is a network-based concept where users access data at a specific time and place. The CC comprises servers, storage, databases, networking, software, analytics, and intelligence. Cloud security is the cybersecurity authority dedicated ...

Ciphertext-policy attribute-based encryption (CP-ABE) is a cryptographic scheme suitable for secure data sharing on cloud storage. The CP-ABE based on lattice theory has the property of resisting quantum attack. Some data objects uploaded to the cloud by ...

The SM4 block cipher is standardized in ISO/IEC, and it is also the national standard of commercial cryptography in China. In this paper, we propose two new techniques called “split-and-join” and “off-peak and stagger” to make SM4 more applicable to ...

As the practical applications of fully homomorphic encryption (FHE), secure multi-party computation (MPC) and zero-knowledge (ZK) proof continue to increase, so does the need to design and analyze new symmetric-key primitives that can adapt to these ...

We present a password-authenticated (2, 3)-threshold group key share (PATS) mechanism. Although PATS resembles threshold secret sharing schemes, it has a different structure. The innovative perspective of the PATS mechanism that makes a difference from ...

The increasing interconnectivity in our infrastructure poses a significant security challenge, with external threats having the potential to penetrate and propagate throughout the network. Bayesian attack graphs have proven to be effective in capturing ...