Search Results (750)

Extra-virgin olive oil (EVOO) is a chemically complex lipid matrix whose minor constituents—especially phenolic secoiridoids—drive sensory quality, oxidative stability, and health benefits. However, these bioactives are vulnerable to heat, light, oxygen, and pro-oxidant metals during processing and distribution, while the high cost of EVOO often makes it a target for adulteration and mislabeling. This review critically assesses nano-enabled, food-grade strategies that (i) preserve phenolics and aroma compounds through nanoencapsulation, inclusion complexes, Pickering stabilization, and structured lipid systems; (ii) control their release and bioaccessibility during digestion; and (iii) enhance authenticity verification via sensor-ready packaging, spectroscopy/chemometrics, and digital traceability systems (IoT, machine learning, blockchain). We align these innovations with the “product identity constraints” of the EVOO category and with official quality standards used in routine control (IOC/EU). Finally, we explore circular valorization of olive-mill by-products within food-centered biorefineries, outlining pathways to convert biomass into ingredients, materials, and energy, thus reducing environmental impacts. Research priorities are proposed to develop scalable, regulation-compliant nanotechnologies that extend shelf life and increase consumer trust without compromising EVOO category standards. Full article

As a foundational protocol in wireless sensor networks (WSNs), LEACH has long contended with the dual challenges of energy load balancing and security defense. To clarify the protocol’s evolutionary trajectory within the modern IoT context, this paper presents a systematic review and restructuring of LEACH’s optimization mechanisms. The core contributions of this study are threefold: First, it establishes a taxonomy for energy optimization in LEACH. It provides an in-depth analysis of how intelligent algorithms—such as fuzzy logic and meta-heuristics—reshape cluster head election and data transmission paths in heterogeneous network environments, thereby resolving the inherent blindness of traditional mechanisms. Second, it elucidates the evolutionary patterns of LEACH security mechanisms. The paper details the transition of defense strategies from early static encryption and authentication to dynamic countermeasure mechanisms, offering a clear framework for understanding the protocol’s defensive boundaries. Finally, addressing the bottleneck where high security levels often incur high energy costs, the paper explores the feasibility of incorporating zero-trust architecture (ZTA) into WSNs within the future outlook section. This discussion aims to provide a new theoretical perspective for future research on balancing enhanced defense capabilities with energy efficiency. Full article

Message Queuing Telemetry Transport (MQTT) is a lightweight publish–subscribe protocol widely deployed in Internet of Things (IoT) systems. Although MQTT defines authentication and authorization mechanisms, their enforcement accuracy, configuration sensitivity, and operational cost under controlled misconfiguration conditions remain insufficiently quantified. This study experimentally quantifies authentication enforcement behavior and Access Control List (ACL) misconfiguration impact within a standards-compliant MQTT deployment under controlled laboratory conditions. Rather than benchmarking a specific software product, the work measures protocol-defined security behavior—including authentication success rate, false acceptance rate (FAR), false rejection rate (FRR), privilege-boundary preservation, authentication latency, and broker CPU utilization—across systematically constructed operational and failure scenarios. Username/password and mutual TLS authentication were evaluated under valid and stress-induced connection conditions, alongside structured ACL policies incorporating wildcard over-permission. Across repeated trials, username/password authentication achieved higher observed connection reliability (≈0.95), while TLS-based authentication provided stronger cryptographic identity assurance at the cost of increased authentication latency (≈42.6 ms vs. 14.8 ms) and higher CPU utilization (≈23.7% vs. 9.4%). No false acceptances were observed within 100 unauthorized trials per configuration, corresponding to a 95% confidence upper bound of <3% for FAR under a binomial model. Under controlled ACL misconfiguration, 22 of 100 evaluated authorization operations accessed topics beyond the originally intended least-privilege scope, yielding a reproducible privilege expansion rate of 0.22. This expansion resulted from wildcard policy semantics rather than an enforcement malfunction. The results provide controlled empirical quantification of reliability–security trade-offs and configuration-driven privilege-boundary behavior within a standards-compliant MQTT deployment. While the findings reflect enforcement behavior as realized in the evaluated implementation and laboratory environment, the proposed measurement framework establishes reproducible criteria for assessing MQTT security enforcement accuracy under controlled conditions. Full article

Resource-constrained IoT systems face a fundamental conflict between cryptographic security and energy efficiency, particularly in critical infrastructure monitoring requiring long-term autonomous operation. This study presents a hybrid framework integrating signal-adaptive compression with hardware-accelerated authenticated encryption to resolve this trade-off. The Dynamic Payload Compression with Selective Encryption framework classifies sensor data into three SNR regimes and applies adaptive compression strategies: 24.15-fold compression for low-SNR backgrounds, 1.77-fold for transitional states, and no compression for high-SNR leak detection events. Experimental validation using 2714 acoustic sensor samples demonstrates 5.91-fold average payload reduction with 100% detection accuracy. The integration with STM32L5 hardware AES acceleration reduces power–data correlation from 0.820 to 0.041, increasing differential power analysis attack complexity from 500 to over 221,000 required traces. Compression-induced timing variance provides additional side-channel masking, burying cryptographic signals beneath a 0.00009 signal-to-noise ratio. Projected on 19,200 mAh lithium thionyl chloride batteries, the system achieves 14-year operational lifetime under realistic duty cycles, exceeding industrial requirements for critical infrastructure protection while maintaining robust security against physical attacks. Full article

The Internet of Drones (IoD) has emerged as a critical extension of the Internet of Things, enabling unmanned aerial vehicles to support diverse applications, including precision agriculture, logistics, disaster monitoring, and security surveillance. Despite its rapid growth, securing IoD communications remains a significant challenge due to the open wireless environment, high drone mobility, and strict computational and energy constraints. Existing authentication mechanisms either rely on computationally expensive cryptographic operations or remain validated only at the protocol or simulation level, leaving a critical gap in practical, hardware-validated solutions suitable for resource-constrained drone platforms. This gap motivates the need for a lightweight, privacy-preserving authentication scheme that is both theoretically sound and experimentally deployable on real hardware. To address this, we propose a Physically Unclonable Functions (PUF)-assisted lightweight authentication scheme for IoD environments that binds cryptographic keys to each drone’s intrinsic hardware characteristics via PUFs. The scheme employs dynamically generated pseudo-identities to conceal permanent drone identities and prevent tracking, while authentication and key agreement are achieved using efficient symmetric cryptographic primitives, including SHA-256 for key derivation and updates, AES-256 for secure communication, and lightweight XOR operations to minimize overhead. Forward secrecy is ensured through rolling key updates, and periodic renewal of PUF challenges enhances resistance to replay and modeling attacks. To validate practicality, both software-based and hardware-based implementations were developed and evaluated. The software evaluation demonstrates a low communication overhead of 708.5 bytes and an average computation time of 18.87 ms. The hardware implementation on a Nexys A7-100T FPGA operates at 100 MHz with only 12.49% LUT utilization and low dynamic power consumption of approximately 182.5 mW. These results confirm that the proposed framework achieves an effective balance between security, privacy, and efficiency. The significance of this work lies in providing a fully hardware-validated, PUF-based authentication framework specifically tailored to the real-world constraints of IoD environments, offering a practical foundation for securing next-generation drone networks. Full article

The rapid evolution of 6G networks and large-scale Internet of Things (IoT) deployments intensifies security and privacy challenges in embedded SIM (eSIM) Remote SIM Provisioning (RSP), particularly during the bootstrap and profile delivery phases. Traditional perimeter-based and VPN-centric approaches expose static attack surfaces, making provisioning workflows vulnerable to denial-of-service (DoS) attacks, reconnaissance, and profile lock-in risks. This paper presents MTD-SDP-eSIM, a hardware-anchored Zero Trust Architecture that secures eSIM provisioning by integrating the embedded Universal Integrated Circuit Card (eUICC) as a root of trust with Software-Defined Perimeter (SDP), Software-Defined Networking (SDN), and Moving Target Defense (MTD). The framework introduces Hardware-Anchored Single Packet Authorization (ES-SPA), which cryptographically binds initial access to tamper-resistant eUICC credentials and enforces an authenticate-before-connect model. A unified Zero Trust controller dynamically orchestrates SDP access control, SDN-based micro-segmentation, and MTD-driven Network Address Shuffling during high-risk provisioning phases. This framework is validated on a high-fidelity 6G testbed built using ns-3, Open5GS, and P4-programmable switches. Experimental results demonstrate a 90% DoS survival rate during provisioning, a 35% scalability improvement over VPN-based baselines, and a 75% reduction in profile lock-in failures through runtime deletion verification. These findings confirm that anchoring dynamic network defenses in hardware-rooted identity significantly enhances the resilience, scalability, and privacy of eSIM provisioning for massive 6G IoT deployments. Full article

With the advancement of 5G and the Internet of Things (IoT), traditional upper-layer authentication mechanisms are vulnerable to attacks, while quantum computing threatens cryptographic security. Radio frequency fingerprint identification (RFFI) offers a physical-layer solution by exploiting inherent hardware imperfections. However, in complex electromagnetic environments, narrowband and especially agile interference (characterized by low power and narrow bandwidth) can severely distort fingerprint features, rendering conventional detection algorithms ineffective. To address this challenge, this paper proposes a novel interference detection framework tailored for Orthogonal Frequency Division Multiplexing (OFDM) systems. First, a signal transmission model incorporating non-ideal hardware characteristics (e.g., DC offset, I/Q imbalance) is established. Based on this model, we design an agile interference detection algorithm comprising two key components: (1) a time-series anomaly detection method that fuses multi-domain expert features (fractal, complexity, and high-order statistics) with machine learning, demonstrating superior performance over the traditional CME algorithm under narrowband interference, and (2) a progressive search segmental detection algorithm that, combined with reconstruction error features extracted by an autoencoder, effectively identifies low-power agile interference by appropriately trading-off computation time for detection sensitivity. Finally, an OFDM simulation platform is developed to validate the proposed methods. The results show that the segmental detection algorithm achieves reliable detection at a jammer-to-signal ratio (JSR) as low as −10 dB, significantly outperforming existing approaches and enhancing the robustness of RFFI in challenging interference environments. Full article

Unmanned Aerial Vehicle (UAV)-assisted hierarchical federated learning (HFL) has emerged as a promising architecture for Internet of Things (IoT)-based smart agriculture, which enables scalable model training over large and sparse farmlands. In this setting, UAVs act as mobile edge servers, aggregating local updates from distributed agricultural IoT devices and relaying them to the cloud server. While HFL improves scalability and reduces communication overhead, it still faces critical security threats due to its reliance on public wireless channels and the vulnerability of model aggregation to malicious updates. In this paper, we propose a secure authentication scheme that integrates anomaly detection with elliptic curve cryptography (ECC)-based mutual authentication to protect both the communication and training phases. In the proposed scheme, UAVs authenticate participating clients before receiving their local models, then perform anomaly detection to identify and exclude malicious participants. If a client is found to be malicious, its identity credentials are revoked and broadcast by the cloud server to prevent future participation. The security of the proposed scheme is formally verified using Burrows–Abadi–Needham (BAN) logic, the Real-or-Random (RoR) model, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, along with informal security analysis. The performance evaluation includes comparisons of security features, computation cost, and communication cost with other related schemes, and an experimental assessment of anomaly detection performance. The results demonstrate that our scheme provides strong security guarantees, low overhead, and effective malicious client detection, making it well suited for UAV-assisted HFL in smart agriculture. Full article

Physical Unclonable Functions (PUFs) represent a highly promising hardware security primitive, yet they face constraints of insufficient reliability and threats from modeling attacks. This paper designs a novel Feed-Forward Crossbar Matrix Arbiter PUF (FC-MA PUF). It incorporates an inter-stage crossbar structure, a feed-forward control system, and a mechanism for selecting reliable challenge-response pairs. These features significantly enhance the structural non-linearity and stability, substantially improving security and adaptability to a wider range of operating environments. It provides a high-strength authentication solution with low resource overhead for lightweight security-demanding devices such as IoT devices. The proposed FC-MA PUF has been successfully implemented on a Field-Programmable Gate Array (FPGA) platform. Experimental results for the selected 4-stage FC-MA PUF configuration show a bias, inter-chip uniqueness, and bit error rate (BER) of 49.88%, 49.68%, and 0.018%, respectively. Furthermore, the structure allows for flexible configuration of the number of feed-forward modules based on practical application requirements: a greater number of feed-forward modules enhances security but also leads to an increased BER and a decreased proportion of stable challenge-response pairs. Experimental results based on a training set of 1,000,000 challenge-response pairs demonstrate that: with two feed-forward units, the stable (Challenge Response Pair)CRP ratio is 39.72% and the Covariance Matrix Adaptation Evolutionary Strategies (CMA-ES) attack prediction success rate is 58.20%; with three units, the ratio decreases to 29.12% and the prediction rate drops to 54.91%; with four units, these values further decline to 20.18% and 52.33% respectively. These results confirm that the proposed FC-MA PUF effectively resists multiple modeling attacks, including Logistic Regression (LR), Support Vector Machine (SVM), and CMA-ES. Full article

In this paper, we propose a novel multisecret sharing (MSS) scheme that integrates a recently developed exponential-speedup matrix spectral factorization algorithm into the construction of paraunitary matrices over finite fields. By exploiting the block-matrix generalization of the Janashia-Lagvilava method, we significantly enhance the efficiency and scalability of the MSS scheme. The proposed method ensures perfect secrecy, collusion resistance, and efficient reconstruction, while enabling practical deployment in large-scale distributed systems such as secure cloud storage, IoT networks, and blockchain authentication. Security and performance analyses demonstrate the superiority of the new approach over existing MSS schemes. Full article

The Medical Internet of Things (MIoT) has promoted smart healthcare through the deep integration of wearable devices, wireless communication, and cloud services. However, this framework faces security risks, as attackers may exploit public channels to impersonate legitimate devices or services and steal sensitive data. Therefore, establishing authentication between wearable devices and servers prior to data transmission is crucial. Existing schemes suffer from two critical drawbacks: vulnerability to quantum attacks and excessively high communication overhead, highlighting the need for improved solutions. The authors of this paper present a multi-factor identity authentication protocol to achieve post-quantum security and privacy protection. The scheme integrates lattice-based Kyber key encapsulation and a fuzzy commitment mechanism to secure biological templates and enable post-quantum key agreement. Additionally, hash functions and lightweight error correction codes are employed to reduce terminal communication overhead. The security of the scheme is rigorously proved in the Real-or-Random model, and the analysis confirms that the scheme satisfies common security requirements for wireless networks. The proposed scheme is also compared with existing schemes, and the results demonstrate that it achieves a balance between security and overhead. Full article

Radio frequency fingerprint identification (RFFI) based on physical-layer characteristics provides a reliable solution for secure authentication of Internet of Things (IoT) devices. Deep neural networks have demonstrated strong capability in improving RFFI performance; however, their high computational complexity and large parameter size pose significant challenges for deployment on resource-constrained edge devices. In RFFI tasks, existing pruning methods often lack effective performance recovery strategies, which leads to noticeable degradation in identification accuracy after pruning. To address this issue, this paper proposes a pruning method based on adversarial learning and polarization regularization. Polarization regularization is applied to learnable soft masks to effectively distinguish channels to be pruned from those to be retained. In addition, an adversarial learning-based performance recovery strategy is introduced to align the output feature distributions between the baseline network and the pruning network, thereby improving identification accuracy after pruning. Experimental results on multiple RFFI datasets demonstrate that the proposed method can effectively prune ResNet18 and VGG16, achieving substantial reductions in model complexity with only minor losses in identification performance. Full article

Modern computing platforms increasingly rely on random number generators (RNGs) for modeling probabilistic processes in simulation, probabilistic computing, and system validation. They are also essential for cryptographic operations such as key generation, authenticated encryption, and digital signatures. Deterministic Random Bit Generators (DRBGs), as specified in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-90A, provides a standardized method for expanding entropy into cryptographically strong pseudorandom sequences. This work presents the design and Field Programmable Gate Array (FPGA) implementation of a hash-based DRBG using Ascon-Hash256, a lightweight, quantum-resistant hash function from the NIST-standardized Ascon cryptographic suite. It implements hash-based derivation, instantiation, generation, and reseeding of the generator via iterative hash invocations and state updates. Leveraging Ascon’s sponge-based structure, the design achieves efficient entropy absorption and diffusion while maintaining an area-efficient FPGA architecture, making it well suited for resource-constrained platforms. The diffusion properties of the proposed DRBG are evaluated through avalanche and reproducibility analyses, confirming strong sensitivity to input variations and secure, repeatable operation. Moreover, Monte Carlo and stochastic-diffusion evaluation of the generated bitstreams demonstrates correct convergence and statistically consistent behavior. These results confirm that the proposed hash-based DRBG provides reproducible, hardware-efficient, and cryptographically secure random numbers suitable for next-generation neuromorphic, probabilistic computing systems, and Internet of Things (IoT) devices. Full article

The Internet of things (IoT) is rapidly pervading daily life and linking everything. Although higher connectivity offers many benefits, including higher productivity, robotic processes, and decision-making guided by data, it also poses a number of security dangers. Modern risks to data authenticity and confidence are getting harder to handle through typical central safety solutions. In this paper, we present a detailed investigation of the latest innovations and approaches for assessing reputation and confidence in the blockchain-empowered Internet of Things (BIoT) area. A comprehensive literature search was conducted across major electronic databases, including IEEE, Springer, Elsevier, Wiley, MDPI, and top indexed conference proceedings. The publication year was restricted to the period from 2018 to 2025. The methodological quality of a total of 122 studies met the inclusion criteria assessed using predefined quality measures. We figure out existing flaws at each layer of IoT architecture, illustrating how autonomous, transparent, and impenetrable blockchain ledgers address these flaws. Plus, we analytically compare public, private, consortium, and hybrid blockchain networking architectures to emphasize the underlying compromises among security, reliability, and decentralization. We also assess how reputation evaluation techniques evolved over time, moving from classical fuzzy logic and weighted average models to modern mature game theory and machine learning (ML) models, addressing their limitations in terms of computational overhead, scalability, adaptability, and deployment feasibility in IoT systems. Additionally, we outline future directions for BIoT system trust assessment and identify research limitations and potential solutions. Our research indicates that although ML-driven models offer more accurate predictions for identifying illicit node activities, they are still constrained by limited unbalanced data and high processing overhead. Full article

The Internet of Medical Things (IoMT) has become a core component of modern healthcare infrastructures, enabling continuous patient monitoring, remote diagnostics, and data-driven clinical decision-making. Despite these advances, authentication in IoMT environments remains a critical security challenge, intensified by strict resource constraints of medical devices and the emerging threat posed by quantum computing to classical cryptographic techniques. This systematic review investigates authentication mechanisms in IoMT from both post-quantum and system-level perspectives. A structured literature review was conducted using a PRISMA-informed methodology across major scientific databases, including IEEE Xplore, ACM Digital Library, SpringerLink, ScienceDirect, and MDPI. From an initial set of 95 records, 63 studies were selected for qualitative synthesis following screening and eligibility assessment. To organise existing research, this study introduces a multi-dimensional classification framework that categorises authentication solutions according to cryptographic paradigm (classical, hybrid, and post-quantum), deployment architecture, system objectives, and clinical operational constraints. The comparative synthesis demonstrates important trade-offs between security strength, latency, computational overhead, and energy consumption that are frequently underexplored in the existing literature. Furthermore, the analysis identifies key research gaps related to scalability in heterogeneous medical environments, trust establishment across administrative and clinical domains, usability under strict timing constraints, and resilience against quantum-capable adversaries. Based on these findings, future research directions are outlined toward adaptive, lightweight, and context-aware post-quantum authentication frameworks designed for real-world IoMT deployments. Limitations of this review include restriction to English-language publications and selected databases. This study received no external funding, and the review protocol was not formally registered. Full article