Search Results (67)

Institutional adoption of blockchain technology in supply chains, healthcare, and public administration remains constrained. Organizations that manage digital assets on behalf of large numbers of non-technical users lack custody architectures suited to their scale. Existing approaches either require users to manage private keys directly; rely on centralized custodians that store encrypted keys; or depend on distributed protocols such as multi-party computation, which impose substantial infrastructure and coordination overhead. This paper presents CryptoVault, a stateless custody architecture for institutional blockchain deployments that derives private keys on demand from a single master seed using BIP-44 hierarchical deterministic (HD) wallets, eliminating persistent storage entirely. Only an AES-256-GCM-encrypted derivation index is persisted per wallet; the corresponding private key is re-derived at signing time and discarded immediately after use, ensuring no private key material ever rests on disk. The security model requires the simultaneous compromise of three independent components (the encrypted derivation index, the encryption key, and the master seed) for full key recovery, compared to two components in custody systems that persist encrypted private keys. An empirical evaluation under concurrent load demonstrates 13 to 22 ms steady-state signing latency on development hardware, with re-derivation accounting for approximately 4 to 7% of that total, confirming that on-demand derivation introduces negligible overhead. Thus, CryptoVault has been validated against an agricultural cooperative deployment as a representative institutional scenario, with an architecture that generalizes to any organization managing wallets on behalf of users who have no direct interaction with cryptographic material. A reference implementation is available as open-source software. Full article

With digital assets increasingly comprising a significant portion of personal wealth, the secure management and transfer of digital legacies have emerged as a pressing concern. Secret sharing offers a solution to this problem. However, distributing shares containing the unique private key for digital assets poses significant risks of theft or tampering, potentially leading to the illegal appropriation of user assets. This paper presents a leakage-resistant digital inheritance distribution scheme based on sparse-matrix secret sharing. It employs an efficient thresholding scheme that uses sparse matrices, achieving near-linear complexity for share reconstruction via a random striped matrix. Reconstruction time is significantly reduced compared to traditional polynomial interpolation methods. To address the realistic scenario where an asset owner holds multiple independent digital accounts, we propose a multi-account blinding and aggregation mechanism. This mechanism allows the dealer to establish isolated group keys for each account in a single round of communication, while preventing adversaries from linking different accounts to the same owner. A key-derivation and encrypted-transmission mechanism is then designed based on the aggregated group keys. Group keys are established by consensus among heirs, from which each heir derives a unique session key. Authenticated encryption ensures the confidentiality, integrity, and identity-bound transmission of shares. Through security proofs and experimental performance evaluation, it is demonstrated that the proposed scheme satisfies adaptive security requirements with the hash function H modeled as a random oracle, while all other cryptographic primitives (PRF, AES-GCM, HMAC) are assumed to be secure under standard computational assumptions. Full article

In the current context, classic software licensing and protection mechanisms based exclusively on host application checks can be circumvented by patching, emulation and replay attacks in user-controlled environments. This paper presents an adaptive hardware key implemented on the ESP32-S3 platform, which externalizes sensitive decisions and cryptographic operations from the host application to a dedicated device. The solution combines a device-anchored root of trust (secure boot and flash memory encryption), a PKI-verifiable identity (Public Key Infrastructure X.509 certificate and digital signatures as proof of ownership), hierarchical key derivation to avoid static secrets and the establishment of an authenticated encrypted session for all essential data exchanges. User access is conditioned by three-factor authentication (PIN—Personal Identification Number, TOTP—Time based One Time Password and USB physical presence) and a “code-in-dongle” mechanism, in which the important logic runs on the device and the application receives tokens with limited duration. Experimental validation demonstrates correct provisioning, secure session establishment, negative brute-force testing, as well as lifecycle support via signed OTA (Over-The-Air) with anti-rollback and encrypted backup/recovery. Build reports indicate a balanced flash distribution and available DIRAM (Data/Instruction RAM) margin, while IRAM (Instruction RAM) saturation (99.99%) reflects a normal architectural behavior of the ESP32-S3 unified memory model rather than a capacity constraint. Full article

LoRaWAN holds immense potential in smart applications for its low-power, long-range communication capabilities and in-built AES-128 encryption for end-to-end security. However, prior research has identified critical security vulnerabilities, most notably its use of AES-128 encryption in ECB mode, which lacks semantic security. Sertainty UXP (Unbreakable Exchange Protocol) technology enhances AES by embedding intelligence directly into the data. Sertainty Corporation’s UXP encryption employs AES-256-GCM, which offers authenticated encryption with integrated access control and policy enforcement at the data level, making it a promising candidate for securing sensitive IoT data. The objective of this study is to evaluate whether Sertainty UXP can operate effectively within the strict payload and performance constraints of LoRaWAN. To benchmark performance and overhead, several encryption algorithms, including AES-256-GCM, ASCON-128, SPECK, and XTEA, were implemented for comparison. For experimentation, smart meter data is encrypted with these algorithms and transmitted over LoRaWAN using the LoRa-E5 development board by Seeed Studio. The system’s performance is evaluated based on latency, payload size, and message integrity. Payloads are strategically split into LoRaWAN-compatible chunks and reassembled upon reception to meet network constraints. The results show that integrating UXP encryption within LoRaWAN is technically feasible, though it introduces additional overhead and latency. Despite this, the ability to embed robust encryption and controls directly within the data object offers significant potential to enhance end-to-end IoT security. The research concludes that Sertainty UXP can offer a viable and forward-looking solution for securing resource-constrained networks, provided implementation strategies carefully manage the trade-offs between security strength and transmission efficiency. Full article

Big data has significantly transformed data processing and analytics across various domains. However, ensuring security and data confidentiality in distributed platforms such as Hadoop remains a challenging task. Distributed environments face major security issues, particularly in the management and protection of large-scale data. In this article, we focus on the cost of secure information transmission, implementation complexity, and scalability. Furthermore, we address the confidentiality of information stored in Hadoop by analyzing different AES encryption modes and examining their potential to enhance Hadoop security. At the application layer, we operate within our Hadoop environment using an extended, secure, and widely used MQTT protocol for large-scale data communication. This approach is based on implementing MQTT with TLS, and before connecting, we add a hash verification of the data nodes’ identities and send the JWT. This protocol uses TCP at the transport layer for underlying transmission. The advantage of TCP lies in its reliability and small header size, making it particularly suitable for big data environments. This work proposes a triple-layer protection framework. The first layer is the assessment of the performance of existing AES encryption modes (CTR, CBC, and GCM) with different key sizes to optimize data confidentiality and processing efficiency in large-scale Hadoop deployments. Afterwards, we propose evaluating the integrity of DataNodes using a novel verification mechanism that employs SHA-3-256 hashing to authenticate nodes and prevent unauthorized access during cluster initialization. At the third tier, the integrity of data blocks within Hadoop is ensured using SHA-3-256. Through extensive performance testing and security validation, we demonstrate integration. Full article

Industrial Internet of Things (IIoT) deployments increasingly rely on low-cost microcontrollers and single-board computers to stream operational telemetry for monitoring, control, and predictive maintenance, yet the canonical “TLS-to-broker” model does not protect message content from a compromised or curious MQTT broker. This study therefore designs and implements a practical, application-layer end-to-end (E2E) encryption pipeline spanning an ESP32 data client (C++/mbedTLS), an untrusted MQTT broker, and a Raspberry Pi gateway (Python/PyCryptodome) using AES-256-GCM with Additional Authenticated Data (AAD). Sensor measurements are serialized as compact JSON, encrypted and authenticated on the ESP32, framed into a binary record, Base64-encoded for MQTT payload carriage, and verified/decrypted only at the gateway. Experiments on ESP32-WROOM-32 and Raspberry Pi 4 show an average ESP32 packet-preparation latency of 41.754 ms (JSON 1.0 ms; AES-GCM 29.5 ms; Base64 11.2 ms), robust rejection of ciphertext tampering and unauthorized devices via MAC verification and whitelist checks, and 99.72% decrypt-and-store success over a one-hour run (718/720 messages). These results indicate that commodity IIoT hardware can support practical and replicable E2E confidentiality and integrity without sacrificing operational throughput, while eliminating the MQTT broker as a de facto man-in-the-middle. Full article

Background: The aqueous and methanolic extracts (AE and ME) of Bergenia ciliata leaves have contradictory silver nanoparticles (AgNP) synthesis potential, influenced by photoirradiation. Method: In the current study, photoirradiation-mediated AgNP synthesis potential of two sub-extracts of ME, namely aqueous precipitated ME (PME) and aqueous dissolved ME (DME), were studied through comparison of their physicochemical properties. Results: In dark, DME demonstrated significant AgNP synthesis, whereas PME did not synthesize AgNPs. However, photoirradiation reversed the role of both the sub-extracts in nanoparticles synthesis. PME also demonstrated an inhibitory effect on AE-mediated AgNP synthesis in dark. GC-MS identified pyrogallol as the major reducing agent in both the sub-extracts. Photoirradiation significantly influenced the nanoparticle size and percent elemental composition of the AgNP. In dark, PME and DME produced AgNP of approx. 23.94 nm and 31.08 nm diameters, respectively, which significantly increased to 47.26 nm and 47.48 nm, respectively, on photoirradiation. Although no significant change in the percent silver composition was observed in PME-AgNP on photoirradiation (approx. 68%), DME demonstrated enhanced silver percent from approx. 58% to 72% on photoirradiation. Both DME- and PME-AgNPs were stable up to 15 days at 4 °C. Conclusions: PME has photoirradiation-mediated dual property of inhibition and enhancement of AgNPs synthesis. Full article

The Enhanced Cipher Block Chaining scheme (eCBC) is an authentication encryption scheme (AE) improved from the CBC encryption scheme. It is shown that eCBC scheme fails to achieve ciphertext integrity (INT-CTXT): the IV is unauthenticated and the tag is a linear XOR of ciphertext hashes, enabling trivial forgeries such as IV substitution, block cancellation, and permutation. Furthermore, the medical image application diagonal block encryption based on eCBC scheme is also insecure. Its deterministic design leaks structural information, breaking confidentiality (IND-CPA). At the same time, it also inherits the forgery weaknesses of eCBC scheme, breaking authenticity. The results highlight that neither eCBC scheme nor its application meet AE security goals. And it is recommended to use standardized AE schemes such as SIV, GCM, or Ascon instead of ad hoc designs. Full article

Juniperus is one of the vital genera of the Cupressaceae family; many Juniperus species (juniper) have served as traditional folk medicines. The aims of this study are to analyze its chemical composition and to evaluate the mosquito larvicidal activity of leaf essential oil and its constituents. The constituents of leaf essential oil were analyzed by GC-MS. Leaf essential oil is mainly composed of hydrocarbon monoterpenes and, secondly, oxygenated monoterpenes. Leaf essential oil exhibited good brine shrimp lethality activity, which is highly correlated with larvicidal activity, with the LC₅₀ of 49.89 μg/mL. Leaf essential oil showed a strong mosquito larvicidal activity against two Dengue vector mosquitoes, Aedes aegypti and Ae. albopictus, the LC₅₀ values for both species were lower than 50 μg/mL. Among the major constituents of leaf essential oil, compounds limonene, sabinene, and β-myrcene also exhibited a significant larvicidal effect. Through these investigations, it is expected that leaf essential oil from J. chinensis var. kaizuka and its constituents are of potential use as environmental control chemicals against Dengue vector mosquitoes. Full article

Industrial control systems (ICS) are increasingly vulnerable to evolving cyber threats due to the convergence of operational and information technologies. This research presents a robust cybersecurity framework that integrates machine learning-based anomaly detection with advanced cryptographic techniques to protect ICS communication networks. Using the ICS-Flow dataset, we evaluate several ensemble models, with XGBoost achieving 99.92% accuracy in binary classification and Decision Tree attaining 99.81% accuracy in multi-class classification. Additionally, we implement an LSTM autoencoder for temporal anomaly detection and employ the ADWIN technique for real-time drift detection. To ensure data security, we apply AES-CBC with HMAC and AES-GCM with RSA encryption, which demonstrates resilience against brute-force, tampering, and cryptanalytic attacks. Security assessments, including entropy analysis and adversarial evaluations (IND-CPA and IND-CCA), confirm the robustness of the encryption schemes against passive and active threats. A hardware implementation on a PYNQ Zynq board shows the feasibility of real-time deployment, with a runtime of 0.11 s. The results demonstrate that the proposed framework enhances ICS security by combining AI-driven anomaly detection with RSA-based cryptography, offering a viable solution for protecting ICS networks from emerging cyber threats. Full article

The chemical composition of leaf essential oil of the harmful invasive species Chromolaena odorata collected in Vietnam was analyzed by GC/MS and chiral GC. All three essential oil samples (O1, O2 and O3) in this study fell into chemotype I characterized by α-pinene/geigerene/germacrene D/(E)-β-caryophyllene from a total of six different chemotypes. Chemotype I demonstrated larvicidal effects against Aedes aegypti (Linnaeus, 1762), Aedes albopictus Aedes albopictus (Skuse, 1894), Culex fuscocephala (Theobald, 1907) and Culex quinquefasciatus (Say, 1823), with 24 h LC₅₀ values ranging from 11.73 to 69.87 µg/mL. In contrast, its microemulsion formulation exhibited enhanced toxicity, yielding 24 h LC₅₀ values between 11.16 and 32.43 µg/mL. This chemotype also showed repellent efficacy against Ae. aegypti, with protection times ranging from 70.75 to 122.7 min. Fumigant toxicity was observed against Aedes aegypti, with LC₅₀ values of 40.27% at 0.5 h and 0.34% at 24 h. Molluscicidal activity was recorded with 48 h LC₅₀ values between 3.82 and 54.38 µg/mL against Indoplanorbis exustus (Deshayes, 1833), Pomacea canaliculate (Lamarck, 1822), Physa acuta (Draparnaud, 1805). Additionally, the chemotype exhibited acetylcholinesterase inhibitory activity, with an IC₅₀ value of 70.85 µg/mL. Antimicrobial potential was also demonstrated, with MIC values ranging from 2.0 to 128.0 µg/mL against Enterococcus faecalis, Staphylococcus aureus, Bacillus cereus, Escherichia coli, Salmonella enterica, and Candida albicans. The C. odorata essential oil can be considered as a potential bioresource for human health protection strategies. Full article

Acmella radicans, commonly known as the “toothache plant,” is traditionally attributed with medicinal properties, although few studies have validated its biological effects. In the present study, a chemical analysis of the wild plant was performed using gas chromatography–mass spectrometry (GC-MS). In addition, the antioxidant, anti-inflammatory, and antibacterial potential of ethanolic extracts from the roots (RE) and aerial parts (AE), as well as their respective fractions, was evaluated. The dichloromethane fractions of the aerial parts (DFAE) and root extracts (DFRE) at a concentration of 25 μg/mL demonstrated the highest inhibition of nitric oxide (NO) production, reducing levels to 22.2 ± 1.9 and 22.2 ± 2.9 μM, respectively. Moreover, these fractions exhibited a notable inhibition of TNF-α production, lowering its concentration to 22.6 ± 3.3 pg/mL (DFAE) and 24.8 ± 5.3 pg/mL (DFRE) at 25 µg/mL. GC-MS chemical profiling revealed the presence of alkamides such as N-isobutyl-2E,6Z,8E-decatrienamide, N-(2-methylbutyl)-2E,6Z,8E-decatrienamide, and N-(2-phenylethyl)-2E,4Z-octadienamide in both root and aerial part extracts. The dichloromethane fractions showed a higher abundance of alkamides compared to the hexane fractions, suggesting that these compounds may be at least partially responsible for the observed anti-inflammatory activity. Additionally, AE showed moderate activity against S. typhimurium and low activity against other bacteria, while RE was especially effective against a resistant strain of S. aureus, indicating an MIC of 31.25 μg/mL, likely due to its high content of alkamides, particularly spilanthol. Several fractions also inhibited bacteria such as P. aeruginosa, S. aureus, and E. coli, possibly because of the presence of alkamides and compounds like β-amyrin. Full article

Modern networked industrial applications often require low-latency communication. Some applications evolve over time, however, are tied to yet existing infrastructures, like power grids spanning across large areas. For instance, medium voltage direct current (MVDC) grids are evolving to a promising alternative to traditional medium voltage alternating current (MVAC) grids due to their efficiency and suitability for novel use cases like electric mobility. MVDC grids, however, require an active control and fault handling strategy. Some strategies demand for a continuous state exchange of the converter substations via a low-latency communication channel with less than 1 millisecond. While some communication approaches for MVDC grids are described in the literature, none of them is inherently designed to be secure. In this paper, we present a protocol for ultra-low-latency secure state exchange (PULLSE) based on conventional non-deterministic Ethernet and AES-GCM. We chose Ethernet in order to not limit the approaches usability in terms of hardware requirements or communication patterns. PULLSE is designed to prevent traffic eavesdropping, replay, and manipulation attacks. Full article

The rapid growth of Internet of Things (IoT) deployment has led to an unprecedented volume of interconnected, resource-constrained devices. Securing their communication is essential, especially in vehicular environments, where sensitive data exchange requires robust authentication, integrity, and confidentiality guarantees. In this paper, we present an empirical evaluation of TLS (Transport Layer Security)-enhanced MQTT (Message Queuing Telemetry Transport) on low-cost, quad-core Cortex-A72 ARMv8 boards, specifically the Raspberry Pi 4B, commonly used as prototyping platforms for On-Board Units (OBUs) and Road-Side Units (RSUs). Three MQTT entities, namely, the broker, the publisher, and the subscriber, are deployed, utilizing Elliptic Curve Cryptography (ECC) for key exchange and authentication and employing the AES_256_GCM and ChaCha20_Poly1305 ciphers for confidentiality via appropriately selected libraries. We quantify resource consumption in terms of CPU utilization, execution time, energy usage, memory footprint, and goodput across TLS phases, cipher suites, message packaging strategies, and both Ethernet and WiFi interfaces. Our results show that (i) TLS 1.3-enhanced MQTT is feasible on Raspberry Pi 4B devices, though it introduces non-negligible resource overheads; (ii) batching messages into fewer, larger packets reduces transmission cost and latency; and (iii) ChaCha20_Poly1305 outperforms AES_256_GCM, particularly in wireless scenarios, making it the preferred choice for resource- and latency-sensitive V2X applications. These findings provide actionable recommendations for deploying secure MQTT communication on an IoT platform. Full article

Citrus canker, caused by Xanthomonas citri subsp. citri, and bacterial blight, caused by Xanthomonas citri subsp. malvacearum, results in substantial economic losses worldwide, and searching for new antibacterial agents is a critical challenge. In this study, regional isolates AE28 and RQ3 were obtained from characteristic lesions on Citrus limon and Gossypium hirsutum, respectively. Essential oils extracted by steam distillation from the fresh aerial parts of Pelargonium graveolens and Schinus molle exhibited complete (100%) inhibition of bacterial growth in vitro at a concentration of 1000 ppm, as determined by diffusion tests. To evaluate the potential of these essential oils for controlling Xanthomonas-induced diseases, in vivo assays were conducted on lemon leaves and cotton cotyledons inoculated with the regional AE28 and RQ3 strains. Two treatment approaches were tested: preventive application (24 h before inoculation) and curative application (24 h after inoculation). Preventive and curative treatments with P. graveolens essential oil significantly reduced citrus canker severity, whereas S. molle essential oil did not show a significant reduction compared to the control. In contrast, regardless of the treatment’s timing, both essential oils effectively reduced bacterial blight severity in cotton cotyledons by approximately 1.5-fold. Gas chromatography–mass spectrometry (GC-MS) analysis identified geraniol and citronellol as the major components of P. graveolens essential oil, while limonene and t-cadinol were predominant in S. molle. These findings highlight the promising potential of botanical products as bactericidal agents, warranting further research to optimize their application and efficacy. Full article