Search Results (30)

LoRaWAN holds immense potential in smart applications for its low-power, long-range communication capabilities and in-built AES-128 encryption for end-to-end security. However, prior research has identified critical security vulnerabilities, most notably its use of AES-128 encryption in ECB mode, which lacks semantic security. Sertainty UXP (Unbreakable Exchange Protocol) technology enhances AES by embedding intelligence directly into the data. Sertainty Corporation’s UXP encryption employs AES-256-GCM, which offers authenticated encryption with integrated access control and policy enforcement at the data level, making it a promising candidate for securing sensitive IoT data. The objective of this study is to evaluate whether Sertainty UXP can operate effectively within the strict payload and performance constraints of LoRaWAN. To benchmark performance and overhead, several encryption algorithms, including AES-256-GCM, ASCON-128, SPECK, and XTEA, were implemented for comparison. For experimentation, smart meter data is encrypted with these algorithms and transmitted over LoRaWAN using the LoRa-E5 development board by Seeed Studio. The system’s performance is evaluated based on latency, payload size, and message integrity. Payloads are strategically split into LoRaWAN-compatible chunks and reassembled upon reception to meet network constraints. The results show that integrating UXP encryption within LoRaWAN is technically feasible, though it introduces additional overhead and latency. Despite this, the ability to embed robust encryption and controls directly within the data object offers significant potential to enhance end-to-end IoT security. The research concludes that Sertainty UXP can offer a viable and forward-looking solution for securing resource-constrained networks, provided implementation strategies carefully manage the trade-offs between security strength and transmission efficiency. Full article

Deepfake technology can produce highly realistic manipulated media which pose as significant cybersecurity threats, including fraud, misinformation, and privacy violations. This research proposes a deepfake prevention approach based on symmetric and asymmetric ciphers. Post-quantum asymmetric ciphers were utilized to perform digital signature operations, which offer essential security services, including integrity, authentication, and non-repudiation. Symmetric ciphers were also employed to provide confidentiality and authentication. Unlike classical ciphers that are vulnerable to quantum attacks, this study adopts quantum-resilient ciphers to offer long-term security. The proposed approach enables entities to digitally sign media content before public release on other platforms. End users can subsequently verify the authenticity of content using the public keys of the media creators. To identify the most efficient ciphers to perform cryptography operations required for deepfake prevention, the study explores the implementation of quantum-resilient symmetric and asymmetric ciphers standardized by NIST, including Dilithium, Falcon, SPHINCS+, and Ascon-80pq. Additionally, this research provides comprehensive comparisons between the various classical and post-quantum ciphers in both categories: symmetric and asymmetric. Experimental results revealed that Dilithium-5 and Falcon-512 algorithms outperform other post-quantum ciphers, with a time delay of 2.50 and 251 ms, respectively, for digital signature operations. The Falcon-512 algorithm also demonstrates superior resource efficiency, making it a cost-effective choice for digital signature operations. With respect to symmetric ciphers, Ascon-80pq achieved the lowest time consumption, taking just 0.015 ms to perform encryption and decryption operations. Also, it is a significant option for constrained devices, since it consumes fewer resources compared to standard symmetric ciphers, such as AES. Through comprehensive evaluations and comparisons of various symmetric and asymmetric ciphers, this study serves as a blueprint to identify the most efficient ciphers to perform the cryptography operations necessary for deepfake prevention. Full article

Path planning for high-DOF robotic manipulators in highly constrained environments (e.g., narrow passages) remains challenging due to poor configuration-space (C-space) connectivity, low computational efficiency, and susceptibility to local minima. This paper proposes a hybrid planner, termed ASCON, which couples the directional guidance of an improved Artificial Potential Field (APF) with the global exploration capability of RRT-Connect to achieve robust planning in non-convex, strongly constrained workspaces. A smoothed potential-field formulation is introduced to suppress oscillations and improve motion smoothness, while a link-radius-based envelope collision-checking strategy is incorporated to ensure safety margins for real deployment. The evaluation is conducted in two benchmark scenarios—dual-layer stacked obstacles and a 100 mm narrow passage—with 50 independent trials per method per scenario; a run is considered successful only if a collision-free feasible path is found within preset iteration/time limits using fixed hyperparameters. Results show that, compared with conventional APF, ASCON reduces average planning time by 66.0%, decreases iteration count by 80.5%, shortens path length by 13.5%, and lowers peak jerk by 40.3%. Physical experiments further validate practical feasibility by guiding a real manipulator through a 100 mm narrow passage in a collision-free manner, demonstrating efficient, smooth, and robust planning under extreme constraints. Full article

The efficiency optimization of encryption and decryption algorithms in cloud environments is addressed in this study, where the processing speed of encryption and decryption is enhanced through the application of multi-threaded parallel technology. In view of the high-concurrency and distributed storage characteristics of cloud platforms, a multi-threaded concurrency mechanism is adopted for the direct processing of data streams. Compared with the traditional serial processing mode, four distinct encryption algorithms, namely AES, DES, SM4 and Ascon, are employed, and different data units are processed concurrently by means of multithreaded technology. Based on multi-dimensional performance evaluation indicators (including throughput, memory footprint and security level), comparative analyses are carried out to optimize the design scheme; accordingly, multi-threaded collaborative encryption is realized to improve the overall operation efficiency. Experimental results indicate that, in comparison with the traditional serial encryption method, the encryption and decryption latency of the algorithm is reduced by around 50%, which significantly lowers the time overhead associated with encryption and decryption processes. Simultaneously, the throughput of AES and DES algorithms is observed to be doubled, which leads to a remarkable improvement in communication efficiency. Moreover, under the premise that the original secure communication capability is guaranteed, system resource overhead is effectively reduced by SM4 and Ascon algorithms. On this basis, a quantitative reference basis is provided for cloud platforms to develop targeted encryption strategies tailored to diverse business demands. In conclusion, the proposed approach is of profound significance for advancing the synergistic optimization of security and performance in cloud-native data communication scenarios. Full article

This study introduces an energy-aware hybrid security framework that safeguards embedded systems against code theft, closing a critical gap. The approach integrates bitstream encryption, dynamic key generation, and Dynamic Function eXchange (DFX)-based memory obfuscation, yielding a layered hardware–software countermeasure to Read-Only Memory (ROM) scraping, side-channel attacks, and Man-in-the-Middle (MITM) intrusions by eavesdropping on communications on pins, cables, or Printed Circuit Board (PCB) routes. Prototyped on a Xilinx Zynq-7020 System-on-Chip (SoC) and applicable to MicroBlaze-based designs, it derives a fresh Authenticated Encryption with Associated Data (AEAD) key for each record via an Ascon-eXtendable-Output Function (XOF)–based Key Derivation Function (KDF) bound to a device identifier and a rotating slice from a secret pool, while relocating both the pool and selected Block RAM (BRAM)-resident code pages via Dynamic Function eXchange (DFX). This moving-target strategy frustrates ROM scraping, probing, and communication-line eavesdropping, while cryptographic confidentiality and integrity are provided by a lightweight AEAD (Ascon). Hardware evaluation reports cycles/byte, end-to-end latency, and per-packet energy under identical conditions across lightweight AEAD baselines; the framework’s key-derivation and DFX layers are orthogonal to the chosen AEAD. The threat model, field layouts (Nonce/AAD), receiver-side acceptance checks, and quantitative bounds are specified to enable reproducibility. By avoiding online key exchange and keeping long-lived secrets off Programmable Logic (PL)-based external memories while continuously relocating their physical locus, the framework provides a deployable, energy-aware defense in depth against code-theft vectors in FPGA-based systems. Overall, the work provides an original and deployable solution for strengthening the security of commercial products against code theft in embedded environments. Full article

The Enhanced Cipher Block Chaining scheme (eCBC) is an authentication encryption scheme (AE) improved from the CBC encryption scheme. It is shown that eCBC scheme fails to achieve ciphertext integrity (INT-CTXT): the IV is unauthenticated and the tag is a linear XOR of ciphertext hashes, enabling trivial forgeries such as IV substitution, block cancellation, and permutation. Furthermore, the medical image application diagonal block encryption based on eCBC scheme is also insecure. Its deterministic design leaks structural information, breaking confidentiality (IND-CPA). At the same time, it also inherits the forgery weaknesses of eCBC scheme, breaking authenticity. The results highlight that neither eCBC scheme nor its application meet AE security goals. And it is recommended to use standardized AE schemes such as SIV, GCM, or Ascon instead of ad hoc designs. Full article

The increasing adoption of digital technologies, robotic systems, and IoT applications in sectors such as medicine, agriculture, and industry drives a surge in data generation and necessitates secure and efficient encryption. For resource-constrained systems, lightweight yet robust cryptographic algorithms are critical. This study addresses the security demands of IoRT systems by proposing an enhanced chaos-based encryption method. The approach integrates the lightweight structure of NIST-standardized Ascon-AEAD128 with the randomness of the Zaslavsky map. Ascon-AEAD128 is widely used on many hardware platforms; therefore, it must robustly resist both passive and active attacks. To overcome these challenges and enhance Ascon’s security, we integrate into Ascon the keys and nonces generated by the Zaslavsky chaotic map, which is deterministic, nonperiodic, and highly sensitive to initial conditions and parameter variations.This integration yields a chaos-based Ascon variant with a higher encryption security relative to the standard Ascon. In addition, we introduce exploratory variants that inject non-repeating chaotic values into the initialization vectors (IVs), the round constants (RCs), and the linear diffusion constants (LCs), while preserving the core permutation. Real-time tests are conducted using Raspberry Pi 3B devices and ROS 2–based IoRT robots. The algorithm’s performance is evaluated over 100 encryption runs on 12 grayscale/color images and variable-length text transmitted via MQTT. Statistical and differential analyses—including histogram, entropy, correlation, chi-square, NPCR, UACI, MSE, MAE, PSNR, and NIST SP 800-22 randomness tests—assess the encryption strength. The results indicate that the proposed method delivers consistent improvements in randomness and uniformity over standard Ascon-AEAD128, while remaining comparable to state-of-the-art chaotic encryption schemes across standard security metrics. These findings suggest that the algorithm is a promising option for resource-constrained IoRT applications. Full article

Hash functions are fundamental components in both cryptographic and non-cryptographic systems, supporting secure authentication, data integrity, fingerprinting, and indexing. While the Ascon family, selected by the National Institute of Standards and Technology (NIST) in 2023 for lightweight cryptography, has been extensively evaluated in its authenticated encryption mode, its hashing and extendable-output variants, namely Ascon-Hash256, Ascon-XOF128, and Ascon-CXOF128, have not received the same level of empirical attention. This paper presents a structured benchmarking study of these hash variants using both the SMHasher framework and custom Python-based simulation environments. SMHasher is used to evaluate statistical and structural robustness under constrained, patterned, and low-entropy input conditions, while Python-based experiments assess application-specific performance in Bloom filter-based replay detection at the network edge, Merkle tree aggregation for blockchain transaction integrity, lightweight device fingerprinting for IoT identity management, and tamper-evident logging for distributed ledgers. We compare the performance of Ascon hashes with widely used cryptographic functions such as SHA3 and BLAKE2s, as well as high-speed non-cryptographic hashes including MurmurHash3 and xxHash. We assess avalanche behavior, diffusion consistency, output bias, and keyset sensitivity while also examining Ascon-XOF’s variable-length output capabilities relative to SHAKE for applications such as domain-separated hashing and lightweight key derivation. Experimental results indicate that Ascon hash functions offer strong diffusion, low statistical bias, and competitive performance across both cryptographic and application-specific domains. These properties make them well suited for deployment in resource-constrained systems, including Internet of Things (IoT) devices, blockchain indexing frameworks, and probabilistic authentication architectures. This study provides the first comprehensive empirical evaluation of Ascon hashing modes and offers new insights into their potential as lightweight, structurally resilient alternatives to established hash functions. Full article

The increase in Internet of Things (IoT) devices has introduced significant security challenges, primarily due to their inherent constraints in computational power, memory, and energy. This study provides a comparative performance analysis of selected modern cryptographic algorithms on a resource-constrained IoT platform, the Nordic Thingy:53. We evaluated a set of ciphers including the NIST lightweight standard ASCON, eSTREAM finalists Salsa20, Rabbit, Sosemanuk, HC-256, and the extended-nonce variant XChaCha20. Using a dual test-bench methodology, we measured energy consumption and performance under two distinct scenarios: a low-data-rate Bluetooth mesh network and a high-throughput bulk data transfer. The results reveal significant performance variations among the algorithms. In high-throughput tests, ciphers like XChaCha20, Salsa20, and ASCON32 demonstrated superior speed, while HC-256 proved impractically slow for large payloads. The Bluetooth mesh experiments quantified the direct relationship between network activity and power draw, underscoring the critical impact of cryptographic choice on battery life. These findings offer an empirical basis for selecting appropriate cryptographic solutions that balance security, energy efficiency, and performance requirements for real-world IoT applications. Full article

In modern industrial control systems (ICSs), communication protocols such as Modbus TCP remain widely used due to their simplicity, interoperability, and real-time performance. However, these communication protocols (e.g., Modbus TCP) were originally designed without security considerations, lacking essential features such as encryption, integrity protection, and authentication. This exposes ICS deployments to severe security threats, including eavesdropping, command injection, and replay attacks, especially when operating over unsecured networks. To address these critical vulnerabilities while preserving the lightweight nature of the protocol, we propose a Modbus TCP security enhancement scheme that integrates ASCON, an NIST-standardized authenticated encryption algorithm, with the CBOR Object Signing and Encryption (COSE) framework. Our design embeds COSE_Encrypt0 structures into Modbus application data, enabling end-to-end confidentiality, integrity, and replay protection without altering the protocol’s semantics or timing behavior. We implement the proposed scheme in C and evaluate it in a simulated embedded environment representative of typical ICS devices. Experimental results show that the solution incurs minimal computational and memory overhead, while providing robust cryptographic guarantees. This work demonstrates a practical pathway for retrofitting legacy ICS protocols with modern lightweight cryptography, enhancing system resilience without compromising compatibility or performance. Full article

Asphalt concrete (ascon) manufacturing facilities in South Korea are located near urban areas and emit various air pollutants, including polycyclic aromatic hydrocarbons (PAHs) such as benzo(a)pyrene (BaP), a Group 1 carcinogen. However, few measurement-based studies exist in Korea, and no domestic BaP emission factor has been established, making its effective management difficult. In this study, PAH concentrations emitted from stacks were measured using gas chromatography/mass spectrometry at 29 facilities located near densely populated areas. BaP was detected at all facilities, and emission factors were calculated based on the ascon materials and dryer fuel types. The calculated emission factors were found to be 31 to 6230 times higher than the AP-42 standards provided by the US Environmental Protection Agency. This discrepancy likely arises from differences between processes and fuel characteristics. Using the California Puff model, BaP concentrations in the near area were predicted, corresponding to as much as 30% of the US National Ambient Air Quality Standards. These findings indicate a potentially significant environmental health risk in nearby communities. The findings of this study can serve as foundational data for formulating policies and providing institutional support aimed at managing emissions from ascon manufacturing facilities in Korea. Full article

Deployment of Unmanned Aerial Vehicles (UAVs) continues to expand rapidly across a wide range of applications, including environmental monitoring, precision agriculture, and disaster response. Despite their increasing ubiquity, UAVs remain inherently vulnerable to security threats due to resource-constrained hardware, energy limitations, and reliance on open wireless communication channels. These factors render traditional cryptographic solutions impractical, thereby necessitating the development of lightweight, UAV-specific security mechanisms. This review article presents a comprehensive analysis of lightweight encryption techniques and key management strategies designed for energy-efficient and secure UAV communication. Special emphasis is placed on recent cryptographic advancements, including the adoption of the ASCON family of ciphers and the emergence of post-quantum algorithms that can secure UAV networks against future quantum threats. Key management techniques such as blockchain-based decentralized key exchange, Physical Unclonable Function (PUF)-based authentication, and hierarchical clustering schemes are evaluated for their performance and scalability. To ensure comprehensive protection, this review introduces a multilayer security framework addressing vulnerabilities from the physical to the application layer. Comparative analysis of lightweight cryptographic algorithms and multiple key distribution approaches is conducted based on energy consumption, latency, memory usage, and deployment feasibility in dynamic aerial environments. Unlike design- or implementation-focused studies, this work synthesizes existing literature across six interconnected security dimensions to provide an integrative foundation. Our review also identifies key research challenges, including secure and efficient rekeying during flight, resilience to cross-layer attacks, and the need for standardized frameworks supporting post-quantum cryptography in UAV swarms. By highlighting current advancements and research gaps, this study aims to guide future efforts in developing secure communication architectures tailored to the unique operational constraints of UAV networks. Full article

The Internet of Things (IoT) has become an integral part of today’s smart and digitally connected world. IoT devices and technologies now connect almost every aspect of daily life, generating, storing, and analysing vast amounts of data. One important use of IoT is in utility management, where essential services such as water are supplied through IoT-enabled infrastructure to ensure fair, efficient, and sustainable delivery. The large volumes of data produced by water distribution networks must be safeguarded against manipulation, theft, and other malicious activities. Incidents such as the Queensland user data breach (2020–21), the Oldsmar water treatment plant attack (2021), and the Texas water system overflow (2024) show that attacks on water treatment plants, distribution networks, and supply infrastructure are common in Australia and worldwide, often due to inadequate security measures and limited technical resources. Lightweight cryptographic algorithms are particularly valuable in this context, as they are well-suited for resource-constrained hardware commonly used in IoT systems. This study focuses on the in-house developed ChaosFortress lightweight cryptographic algorithm, comparing its performance with other widely used lightweight cryptographic algorithms. The evaluation and comparative testing used an Arduino and a LoRa-based transmitter/receiver pair, along with the NIST Statistical Test Suite (STS). These tests assessed the performance of ChaosFortress against popular lightweight cryptographic algorithms, including ACORN, Ascon, ChaChaPoly, Speck, tinyAES, and tinyECC. ChaosFortress was equal in performance to the other algorithms in overall memory management but outperformed five of the six in execution speed. ChaosFortress achieved the quickest transmission time and topped the NIST STS results, highlighting its strong suitability for IoT applications. Full article

Ascon is a family of lightweight cryptographic algorithms designed for Authenticated Encryption with Associated Data (AEAD), hashing, and Extendable Output Functions (XOFs) in resource-constrained environments. While the AEAD variants of Ascon provide confidentiality and authenticity, they do not inherently detect replayed messages. This work presents an FPGA implementation of Ascon-128, the primary AEAD variant, on a Xilinx Artix-7 device with integrated replay detection. A 128-bit Linear Feedback Shift Register (LFSR) is used to generate a unique sequential nonce per encryption, enabling high-speed, stateless nonce generation with minimal logic complexity. At the decryption end, replay detection is performed by hashing the received nonce using Ascon-XOF128 and verifying its freshness via a Bloom Filter stored in on-chip Block RAM (BRAM). Leveraging the flexibility of Ascon-XOF128 to generate variable length outputs, our design derives all ten Bloom Filter indices from a single 256-bit XOF output using the same permutation core as the AEAD data path, thereby eliminating the need for additional hashing logic. The Bloom Filter ensures zero false negatives, and our configuration achieves a low False Positive Rate (FPR) of 0.77% theoretically and 0.17% empirically after testing 100,000 nonces, consistent with analytical models. Replay detection is fully overlapped with decryption and introduces no additional delay for messages of 64 bytes or more when using the optimized two Rounds Per Clock Cycle (RPCC) permutation core operating at 100 MHz. This architecture extends Ascon with hardware-based replay protection, offering a lightweight and scalable security solution for practical IoT deployments. Full article

The increasing interconnectivity of devices on the Internet of Things (IoT) introduces significant security challenges, particularly around authentication and data management. Traditional centralized approaches are not sufficient to address these risks, requiring more robust and decentralized solutions. This paper presents a decentralized authentication protocol leveraging blockchain technology and the IPFS data management framework to provide secure and real-time communication between IoT devices. Using the Ethereum blockchain, smart contracts, elliptic curve cryptography, and ASCON encryption, the proposed protocol ensures the confidentiality, integrity, and availability of sensitive IoT data. The mutual authentication process involves the use of asymmetric key pairs, public key registration on the blockchain, and the Diffie–Hellman key exchange algorithm to establish a shared secret that, combined with a unique identifier, enables secure device verification. Additionally, IPFS is used for secure data storage, with the content identifier (CID) encrypted using ASCON and integrated into the blockchain for traceability and authentication. This integrated approach addresses current IoT security challenges and provides a solid foundation for future applications in decentralized IoT environments. Full article