Search Results (364)

Modern industrial ecosystems, particularly those embracing Industry 4.0, increasingly depend on coherent optical networks operating at 400 Gbps and beyond. These high-capacity infrastructures, coupled with advanced digital signal processing and phase-sensitive detection, enable real-time data exchange for automated manufacturing, robotics, and interconnected factory systems. However, they introduce multilayer security challenges—ranging from hardware synchronization gaps to protocol overhead manipulation. Moreover, the rise of large-scale quantum computing intensifies these threats by potentially breaking classical key exchange protocols and enabling the future decryption of stored ciphertext. In this paper, we present a systematic vulnerability analysis of coherent optical networks that use OTU4 framing, Media Access Control Security (MACsec), and 400G ZR+ transceivers. Guided by established risk assessment methodologies, we uncover critical weaknesses affecting management plane interfaces (e.g., MDIO and I²C) and overhead fields (e.g., Trail Trace Identifier, Bit Interleaved Parity). To mitigate these risks while preserving the robust data throughput and low-latency demands of industrial automation, we propose a post-quantum security framework that merges spectral phase masking with multi-homodyne coherent detection, strengthened by quantum key distribution for key management. This layered approach maintains backward compatibility with existing infrastructure and ensures forward secrecy against quantum-enabled adversaries. The evaluation results show a substantial reduction in exposure to timing-based exploits, overhead field abuses, and cryptographic compromise. By integrating quantum-safe measures at the optical layer, our solution provides a future-proof roadmap for network operators, hardware vendors, and Industry 4.0 stakeholders tasked with safeguarding next-generation manufacturing and engineering processes. Full article

Commitment schemes (CSs) are essential to many cryptographic protocols and schemes with applications that include privacy-preserving computation on data, privacy-preserving authentication, and, in particular, oblivious transfer protocols. For quantum oblivious transfer (qOT) protocols, unconditionally binding commitment schemes that do not rely on hardness assumptions from structured mathematical problems are required. These additional constraints severely limit the choice of commitment schemes to random oracle-based constructions or Naor’s bit commitment scheme. As these protocols commit to individual bits, the use of such commitment schemes comes at a high bandwidth and computational cost. In this work, we investigate improvements to the efficiency of commitment schemes used in qOT protocols and propose an extension of Naor’s commitment scheme requiring the existence of one-way functions (OWFs) to reduce communication complexity for 2-bit strings. Additionally, we provide an interactive string commitment scheme with preprocessing to enable the fast and efficient computation of commitments. Full article

The rapid expansion of Internet of Things (IoT) devices has heightened the demand for lightweight and secure cryptographic mechanisms suitable for resource-constrained environments. While SHA-256 remains a widely used standard, the emergence of SHA-3 particularly the KangarooTwelve variant offers potential benefits in flexibility and post-quantum resilience for lightweight resource-constrained devices. This paper presents a comparative evaluation of the energy costs associated with SHA-256 and SHA-3 hashing in Contiki 3.0, using three generationally distinct IoT platforms: Sky Mote, Z1 Mote, and Wismote. Unlike previous studies that rely on hardware acceleration or limited scope, our work conducts a uniform, software-only analysis across all motes, employing consistent radio duty cycling, ContikiMAC (a low-power Medium Access Control protocol) and isolating the cryptographic workload from network overhead. The empirical results from the Cooja simulator reveal that while SHA-3 provides advanced security features, it incurs significantly higher CPU and, in some cases, radio energy costs particularly on legacy hardware. However, modern platforms like Wismote demonstrate a more balanced trade-off, making SHA-3 viable in higher-capability deployments. These findings offer actionable guidance for designers of secure IoT systems, highlighting the practical implications of cryptographic selection in energy-sensitive environments. Full article

The Internet of Drones (IoD) overcomes the physical limitations of traditional ground networks with its dynamic topology and 3D spatial flexibility, playing a crucial role in various fields. However, eavesdropping and spoofing attacks in open channel environments threaten data confidentiality and integrity, posing significant challenges to IoD communication. Existing foundational schemes in IoD primarily rely on symmetric cryptography and digital certificates. Symmetric cryptography suffers from key management challenges and static characteristics, making it unsuitable for IoD’s dynamic scenarios. Meanwhile, elliptic curve-based public key cryptography is constrained by high computational complexity and certificate management costs, rendering it impractical for resource-limited IoD nodes. This paper leverages the low computational overhead of Chebyshev polynomials to address the limited computational capability of nodes, proposing a certificateless public key cryptography scheme. Through the semigroup property, it constructs a lightweight authentication and key agreement protocol with identity privacy protection, resolving the security and performance trade-off in dynamic IoD environments. Security analysis and performance tests demonstrate that the proposed scheme resists various attacks while reducing computational overhead by 65% compared to other schemes. This work not only offers a lightweight certificateless cryptographic solution for IoD systems but also advances the engineering application of Chebyshev polynomials in asymmetric cryptography. Full article

Starting from the basic form of GN-authenticated key agreement (GN-AK), the current research proposes an improved protocol by integrating a new scalar multiplication technique based on a dual-base chain representation with bases $1/2$ and 3. This representation allows the use of pointwise halving operations, significantly reducing the complexity of elliptic curve calculations. The resulting protocol maintains cryptographic security based on the elliptic curve discrete logarithm problem (ECDLP) while providing improved performance for key establishment in constrained environments. Full article

As the demand for expansive back-end systems in online applications continues to grow, novel frameworks are necessitated to address the escalating operational demands, energy consumption, and associated costs. Traditional Client–Server models, while offering centralized security and reliability, are characterized by their high deployment and maintenance expenses. Conversely, Peer-to-Peer (P2P) models, despite being cost-effective and scalable, are hindered by inherent security and data integrity challenges. Moreover, the lack of a central authority in P2P systems complicates a definitive resolution of scenarios involving stakes, where users cannot withdraw without incurring a tangible loss. In this research work, a hybrid back-end framework is introduced, combining the advantages of both models through the utilization of cryptographic algorithms and Secure Multi-Party Computation (MPC) protocols. The baseline solution is lightweight and fully composable, making it capable of utilizing different more complex slot-in MPC techniques. The proposed framework’s effectiveness is demonstrated through a simplified two-player Spades game, although it is fully generalizable to any application. Evaluations across multiple case studies reveal substantial performance enhancements compared to conventional approaches, particularly post-initialization, highlighting the scheme’s potential as a cost-effective, energy-efficient, and secure solution for modern online applications. Full article

Key exchange mechanisms are foundational to secure communication, yet traditional methods face challenges from quantum computing. The Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) is a post-quantum cryptographic key exchange protocol with unknown successful quantum vulnerabilities. This study evaluates the ML-KEM using experimental benchmarks. We implement the ML-KEM in Python for clarity and in C++ for performance, demonstrating the latter’s substantial performance improvements. The C++ implementation achieves microsecond-level execution times for key generation, encapsulation, and decapsulation. Python, while slower, provides a user-friendly introduction to the ML-KEM’s operation. Moreover, our Python benchmark confirmed that the ML-KEM consistently outperformed RSA in execution speed across all tested parameters. Beyond benchmarking, the ML-KEM is shown to handle the computational hardness of the Module Learning With Errors (MLWE) problem, ensuring resilience against quantum attacks, classical attacks, and Artificial Intelligence (AI)-based attacks, since the ML-KEM has no pattern that could be detected. To evaluate its practical feasibility on constrained devices, we also tested the C++ implementation on a Raspberry Pi 4B, representing IoT use cases. Additionally, we attempted to run integration and benchmark tests for the ML-KEM on microcontrollers such as the ESP32 DevKit, ESP32 Super Mini, ESP8266, and Raspberry Pi Pico, but these trials were unsuccessful due to memory constraints. The results showed that while the ML-KEM can operate effectively in such environments, only devices with sufficient resources and runtimes can support its computational demands. While resource-intensive, the ML-KEM offers scalable security across diverse domains such as IoT, cloud environments, and financial systems, making it a key solution for future cryptographic standards. Full article

The development of information security mechanisms follows a cyclic refinement model: new cryptographic solutions are proposed, their limitations are studied, and improvements are introduced to overcome those limitations. This paper contributes to this process by proposing a blind signature scheme with tunable anonymity, adapted to application-specific requirements. The core of the model is a parameter T that allows the user to balance confidentiality with transparency from the settings and adapt the signature behavior to the particular requirements of a beneficiary. Compared to the models currently used in blind signature protocols, this approach offers improved resistance to brute force attacks and improves security against adaptive and man-in-the-middle threats. Due to the reduced computational power requirements needed to calculate cryptographic primitives, it is usable for devices with power constraints. Being able to be integrated into a blockchain infrastructure, the process supports both persistent and verifiable data records, which gives it flexibility to adapt to different types of decentralized platforms. Full article

IoT devices typically have limited memory resources and computing power. For this reason, it is often not possible to use the authentication and trusted environment mechanisms commonly used on the Internet. Due to the autonomous operation of IoT devices, solutions that require user interaction should be excluded. Additionally, due to the limited capabilities of IoT devices, mechanisms performing complex cryptographic operations are also not always recommended. This paper proposes a set of mechanisms for building a trusted IoT environment using a hardware TPM 2.0 module. The developed set includes procedures for securely registering nodes in the network, which are designed for use in an untrusted and uncontrolled environment. The authors also proposed a protocol for device authentication using PCR registries supported by the TPM based on the Proof of Knowledge concept. Using a direct method, the solution also involves implementing a symmetric key distribution protocol based on the KTC (Key Translation Centre) scheme. The developed procedures can be used in networks where nodes have limited memory resources and low computing power. The communication interface used in the developed demonstrator is LoRa (Long Range), for which a proprietary method of identifying network devices has been proposed to ensure the confidentiality of the communicating parties’ identities. Full article

Edge computing (EC) faces unique security threats due to its distributed architecture, resource-constrained devices, and diverse applications, making it vulnerable to data breaches, malware infiltration, and device compromise. The mitigation strategies against EC data security threats include encryption, secure authentication, regular updates, tamper-resistant hardware, and lightweight security protocols. Physical Unclonable Functions (PUFs) are digital fingerprints for device authentication that enhance interconnected devices’ security due to their cryptographic characteristics. PUFs produce output responses against challenge inputs based on the physical structure and intrinsic manufacturing variations of an integrated circuit (IC). These challenge-response pairs (CRPs) enable secure and reliable device authentication. Our work implements the Arbiter PUF (APUF) on Altera Cyclone IV FPGAs installed on the ALINX AX4010 board. The proposed APUF has achieved performance metrics of 49.28% uniqueness, 38.6% uniformity, and 89.19% reliability. The robustness of the proposed APUF against machine learning (ML)-based modeling attacks is tested using supervised Support Vector Machines (SVMs), logistic regression (LR), and an ensemble of gradient boosting (GB) models. These ML models were trained over more than 19K CRPs, achieving prediction accuracies of 61.1%, 63.5%, and 63%, respectively, thus cementing the resiliency of the device against modeling attacks. However, the proposed APUF exhibited its vulnerability to Multi-Layer Perceptron (MLP) and random forest (RF) modeling attacks, with 95.4% and 95.9% prediction accuracies, gaining successful authentication. APUFs are well-suited for device authentication due to their lightweight design and can produce a vast number of challenge-response pairs (CRPs), even in environments with limited resources. Our findings confirm that our approach effectively resists widely recognized attack methods to model PUFs. Full article

With the increasing demand for drones in diverse tasks, the Internet of Drones (IoD) has recently emerged as a significant technology in academia and industry. The IoD environment enables various services, such as traffic and environmental monitoring, disaster situation management, and military operations. However, IoD communication is vulnerable to security threats due to the exchange of sensitive information over insecure public channels. Moreover, public key-based cryptographic schemes are impractical for communication with resource-constrained drones due to their limited computational capability and resource capacity. Therefore, a secure and lightweight key agreement scheme must be developed while considering the characteristics of the IoD environment. In 2024, Alzahrani proposed a secure key agreement protocol for securing the IoD environment. However, Alzahrani’s protocol suffers from high computational overhead due to its reliance on elliptic curve cryptography and is vulnerable to drone and mobile user impersonation attacks and session key disclosure attacks by eavesdropping on public-channel messages. Therefore, this work proposes a lightweight and security-enhanced key agreement scheme for the IoD environment to address the limitations of Alzahrani’s protocol. The proposed protocol employs a physical unclonable function and simple cryptographic operations (XOR and hash functions) to achieve high security and efficiency. This work demonstrates the security of the proposed protocol using informal security analysis. This work also conducted formal security analysis using the Real-or-Random (RoR) model, Burrows–Abadi–Needham (BAN) logic, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation to verify the proposed protocol’s session key security, mutual authentication ability, and resistance to replay and MITM attacks, respectively. Furthermore, this work demonstrates that the proposed protocol offers better performance and security by comparing the computational and communication costs and security features with those of relevant protocols. Full article

In this paper, we propose a secure homomorphic K-means clustering protocol based on the Paillier cryptosystem to address the urgent need for privacy-preserving clustering techniques in sensitive domains such as healthcare and finance. The protocol uses the additive homomorphism property of the Paillier cryptosystem to perform K-means clustering on the encrypted data, which ensures the confidentiality of the data during the whole calculation process. The protocol consists of three main components: secure computation distance (SCD) protocol, secure cluster assignment (SCA) protocol and secure cluster center update (SUCC) protocol. The SCD protocol securely computes the squared Euclidean distance between the encrypted data point and the encrypted cluster center. The SCA protocol securely assigns data points to clusters based on these cryptographic distances. Finally, the SUCC protocol securely updates the cluster centers without leaking the actual data points as well as the number of intermediate sums. Through security analysis and experimental verification, the effectiveness and practicability of the protocol are proved. This work provides a practical solution for secure clustering based on homomorphic encryption and contributes to the research in the field of privacy-preserving data mining. Although this protocol solves the key problems of secure distance computation, cluster assignment and centroid update, there are still areas for further research. These include optimizing the computational efficiency of the protocol, exploring other homomorphic encryption schemes that may provide better performance, and extending the protocol to handle more complex clustering algorithms. Full article

Unmanned Underwater Vehicles (UUVs) play an irreplaceable role in marine exploration, environmental monitoring, and national defense. The UUV depends on underwater acoustic communication (UAC) technology to enable reliable data transmission and support efficient collaboration. As the complexity of UUV missions has increased, secure UAC has become a critical element in ensuring successful mission execution. However, underwater channels are inherently characterized by high error rates, limited bandwidth, and signal interference. These problems severely limit the efficacy of traditional security methods and expose UUVs to the risk of data theft and signaling attacks. Cryptography-based security methods are important means to protect data, effectively balancing security requirements and resource constraints. They provide technical support for UUVs to build secure communication. This paper systematically reviews key advances in cryptography-based secure UAC technologies, focusing on three main areas: (1) efficient authentication protocols, (2) lightweight cryptographic algorithms, and (3) fast cryptographic synchronization algorithms. By comparing the performance boundaries and application scenarios of various technologies, we discuss the current challenges and critical issues in underwater secure communication. Finally, we explore future research directions, aiming to provide theoretical references and technical insights for the further development of secure UAC technologies for UUVs. Full article

Recent advances in quantum computing have prompted urgent consideration of the migration of classical cryptographic systems to post-quantum alternatives. However, it is impossible to fully understand the impact that migrating to current Post-Quantum Cryptography (PQC) algorithms will have on various applications without the actual implementation of quantum-resistant cryptography. On the other hand, PQC algorithms come with complexity and long processing times, which may impact the quality of service (QoS) of many applications. Therefore, PQC-based protocols with practical implementations across various applications are essential. This paper introduces a new framework for PQC standalone and PQC–AES (Advanced Encryption Standard) hybrid public-key encryption (PKE) protocols. Building on prior results, we focus on securing applications such as file transfer, video streaming, and chat-based communication using enhanced PQC-based protocols. The extended PQC-based protocols use a sequence number-based mechanism to effectively counter replay and man-in-the-middle attacks and mitigate standard cybersecurity attack vectors. Experimental evaluations examined encryption/decryption speeds, throughput, and processing overhead for the standalone PQC and the PQC–AES hybrid schemes, benchmarking them against traditional AES-256 in an existing client–server environment. The results demonstrate that the new approaches achieve a significant balance between security and system performance compared to conventional deployments. Furthermore, a comprehensive security analysis confirms the robustness and effectiveness of the proposed PQC-based protocols across diverse attack scenarios. Notably, the PQC–AES hybrid protocol demonstrates greater efficiency for applications handling larger data volumes (e.g., 10–100 KB) with reduced latency, underscoring the practical necessity of carefully balancing security and operational efficiency in the post-quantum migration process. Full article

Current improvements in quantum computing present a substantial challenge to classical cryptographic systems, which typically rely on problems that can be solved in polynomial time using quantum algorithms. Consequently, post-quantum cryptography (PQC) has emerged as a promising solution to emerging quantum-based cryptographic challenges. The greatest threat is public-key cryptosystems, which are primarily responsible for key exchanges. In PQC, key encapsulation mechanisms (KEMs) are crucial for securing key exchange protocols, particularly in Internet communication, virtual private networks (VPNs), and secure messaging applications. CRYSTALS-Kyber and NTRU are two well-known PQC KEMs offering robust security in the quantum world. However, even when quantum computers are functional, they are not easily accessible. IoT devices will not be able to utilize them directly, so there will still be a requirement to protect IoT devices from quantum attacks. Concerns such as limited computational power, energy efficiency, and memory constraints in devices such as those used in IoTs, embedded systems, and smart cards limit the use of these techniques in constrained environments. These concerns always arise there. To address this issue, this study conducts a broad comparative analysis of Kyber and NTRU, with special focus on their security, performance, and implementation efficiency in such environments (IOT/constrained environments). In addition, a case study was conducted by applying KEMs to a low-power embedded device to analyze their performance in real-world scenarios. These results offer an important comparison for cyber security engineers and cryptographers who are involved in integrating post-quantum cryptography into resource-constrained devices. Full article