Search Results (262)

IoT-based blockchain technology has improved the healthcare system to ensure the privacy and security of healthcare data. A Blockchain Bridge (BB) is a tool that enables multiple blockchain networks to communicate with each other. The existing approach combining the classical and quantum blockchain models failed to secure the data transmission during cross-chain communication. Thus, this study proposes a new BB verification for secure healthcare data transfer. Additionally, a brain tumor analysis framework is developed based on segmentation and neural networks. After the patient’s registration on the blockchain network, Brain Magnetic Resonance Imaging (MRI) data is encrypted using Hash-Keyed Quantum Cryptography and verified using a Peer-to-Peer Exchange model. The Brain MRI is preprocessed for brain tumor detection using the Fuzzy HaMan C-Means (FHMCM) segmentation technique. The features are extracted from the segmented image and classified using the LeCun Kaiming-based Convolutional ModSwish Neural Network (LCK-CMSNN) classifier. Subsequently, the brain tumor diagnosis report is securely transferred to the patient via a smart contract. The proposed model verified BB with a Verification Time (VT) of 12,541 ms, secured the input with a Security level (SL) of 98.23%, and classified the brain tumor with 99.15% accuracy, thus showing better performance than the existing models. Full article

The proliferation of Internet of Things (IoT) deployments demands Authentication and Key Agreement (AKA) protocols that scale from one initiator to many devices while preserving strong security guarantees on constrained hardware. Prior lightweight one-to-many designs often rely on a network-wide secret, reuse a single group session key across devices, or omit Perfect Forward Secrecy (PFS), leaving systems vulnerable to compromise and traffic exposure. To this end, we present in this paper a lightweight protocol, named Lightweight One-To-many User-to-Sensors Authentication and Key Agreement (LOTUS-AKA), that achieves mutual authentication, PFS, and per-sensor key isolation while keeping devices free of public-key costs. The user and gateway perform an ephemeral elliptic-curve Diffie–Hellman exchange to derive a short-lived group key, from which independent per-sensor session keys are expanded via Hashed Message Authentication Code HMAC-based Key Derivation Function (HKDF). Each sensor receives its key through a compact Authenticated Encryption with associated data (AEAD) wrap under its long-term secret; sensors perform only hashing and AEAD, with no elliptic-curve operations. The login path uses an augmented Password-Authenticated Key Exchange (PAKE) to eliminate offline password guessing in the smart-card theft setting, and a stateless cookie gates expensive work to mitigate denial-of-service. We provide a game-based security argument and a symbolic verification model, and we report microbenchmarks on Cortex-M–class platforms showing reduced device computation and linear low-constant communication overhead with the number of sensors. The design offers a practical path to secure, scalable multi-sensor sessions in resource-constrained IoT. Full article

This contribution outlines a completely new, fully local approach for secure web-based device control on the basis of browser inter-window messaging. Modern smart home IoT (Internet of Things) devices are commonly controlled with proprietary mobile applications via remote servers, which can have significant adverse implications for the end user. Given that many IoT devices in use today are limited in both available memory and processing speed, standard approaches such as HTTPS-based transport security are not always feasible and a need for more suitable alternatives for such constrained devices arises. The proposed local method for lightweight and secure web-based device control using inter-window messaging leverages existing standard web technologies to enable a maximum degree of privacy, choice, and sustainability within the smart home ecosystem. The implemented proof-of-concept shows that it is feasible to meet essential security objectives in a local web IoT control context while utilizing less than a kilobyte of additional memory compared to an unsecured solution, thereby promoting sustainability through hardening of the control protocols used by existing devices with too few resources for implementing standard web cryptography. In this way, the present work contributes to achieving the vision of a fully open and secure local smart home. Full article

The Internet of Things (IoT) has established an exceptional ecosystem of interconnected devices where a vast multitude of heterogeneous devices can communicate, collect, and share data for enhanced decision-making processes. To effectively analyze this immense volume of data, researchers have deployed advanced machine learning algorithms and deep neural networks. However, these approaches typically rely on centralized data storage for training, which raises significant privacy concerns. Federated Learning (FL) addresses this issue by allowing devices to train local models on their own data and share only model updates. Despite this advantage, FL remains vulnerable to several security threats, including model poisoning, data manipulation, and Byzantine attacks. Therefore, robust and scalable authentication mechanisms are essential to ensure secure participation in FL environments. This study provides a comprehensive survey of authentication in FL. We examine the authentication process, discuss the associated key challenges, and analyze architectural considerations relevant to securing FL deployments. Existing authentication schemes are reviewed and evaluated in terms of their effectiveness, limitations, and practicality. To provide deeper insight, we classify these schemes along two dimensions as follows: their underlying enabling technologies, such as blockchain, cryptography, and AI-based methods, and the system contexts in which FL operates. Furthermore, we analyze the datasets and experimental environments used in current research, identify open research challenges, and highlight future research directions. To the best of our knowledge, this study presents the first structured and comprehensive analysis of authentication mechanisms in FL, offering a foundational reference for advancing secure and trustworthy federated learning systems. Full article

The integration of the Internet of Things (IoT) and edge computing is transforming healthcare by enabling real-time acquisition, processing, and exchange of sensitive patient data close to the data source. However, the distributed nature of IoT-enabled smart healthcare systems exposes them to severe security and privacy risks during health information exchange (HIE). This study proposes an edge-enabled hybrid encryption framework that combines elliptic curve cryptography (ECC), HMAC-SHA256, and the Advanced Encryption Standard (AES) to ensure data confidentiality, integrity, and efficient computation in healthcare communication networks. The proposed model minimizes latency and reduces cloud dependency by executing encryption and verification at the network edge. It provides the first systematic comparison of hybrid encryption configurations for edge-based HIE, evaluating CPU usage, memory consumption, and scalability across varying data volumes. Experimental results demonstrate that the ECC + HMAC-SHA256 + AES configuration achieves high encryption efficiency and strong resistance to attacks while maintaining lightweight processing suitable for edge devices. This approach provides a scalable and secure solution for protecting sensitive health data in next-generation IoT-enabled smart healthcare systems. Full article

The rapid advancement of quantum computing poses significant threats to classical cryptographic methods, such as Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC), which currently secure Internet of Things (IoT) and cloud communications. Post-Quantum Cryptography (PQC), particularly lattice-based schemes, has emerged as a promising alternative. CRYSTALS-Kyber, standardized by the National Institute of Standards and Technology (NIST) as ML-KEM, has shown efficiency and practicality for constrained IoT devices. Most existing research has focused on PQC within the Transport Layer Security (TLS) protocol. Consequently, a critical gap exists in understanding PQC’s performance in lightweight IoT protocols. These are Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP), particularly under adverse network conditions. To address this gap, this paper provides a systematic review of the literature on the network resilience and performance of CRYSTALS-Kyber when integrated into these protocols operating over lossy and high-latency networks. Additional challenges include non-standardized integration, resource limitations, and side-channel vulnerabilities. This review provides a structured synthesis of current knowledge, highlights unresolved trade-offs between security and efficiency, and outlines future research directions, including protocol-level optimization, lightweight signature schemes, and resilience testing of PQC-secured IoT protocols under realistic conditions. Full article

Recently, the record-level rise in Internet of Things (IoT) devices has produced unparalleled security challenges, particularly for resource-constrained devices operating under limited computational resources, memory, and power. In this context, traditional cryptographic methods not only fail but are also expensive and require extensive resources, given their static nature. In this article, an Adaptive Hybrid Cryptographic Framework (AHCF) is proposed to address the security challenges of resource-constrained IoT devices by adaptively balancing performance and protection levels, which can adaptively adjust cryptographic parameters based on the state of the device at a given time under a specific network environment and security needs. It also effectively balances security level and resource usage and employs low-overhead asymmetric key management with lightweight symmetric cryptography and machine learning-based predictors for the optimal selection of encryption schemes. Experimental testing on multiple IoT platforms has demonstrated its significant benefits, namely 42% less energy consumption, a 38% increase in processor speed, and improved security responsiveness over static deployments. This solution can be applied on boards with as little as 2 KB RAM and 16 KB flash and outperforms existing IoT standards and protocols. Full article

The exponential growth of the Internet of Things (IoT) has increased the demand for robust security solutions that are tailored to devices with limited resources. This paper presents a systematic review of recent literature on lightweight encryption algorithms designed to meet this challenge. Through an analysis of 22 distinct ciphers, the study identifies the main algorithms proposed and catalogues the key metrics used for their evaluation. The most common performance criteria are execution speed, memory usage, and energy consumption, while security is predominantly assessed using techniques such as differential and linear cryptanalysis, alongside statistical tests such as the avalanche effect. However, the most critical finding is the profound lack of standardized frameworks for both performance benchmarking and security validation. This methodological fragmentation severely hinders objective, cross-study comparisons, making evidence-based algorithm selection a significant challenge and impeding the development of verifiably secure IoT systems. Full article

The explosive growth in Internet of Things (IoT) technologies has given rise to significant security concerns, especially with the emergence of sophisticated and zero-day malware attacks. Conventional malware detection methods based on static or dynamic analysis often fail to meet the real-time operational needs and limited-resource constraints typical of IoT systems. This paper proposes TRIM-SEC (Transformer-Integrated Malware Security and Encryption for IoT), a lightweight and scalable framework that unifies intelligent threat detection with secure data transmission. The framework begins with Autoencoder-Based Feature Denoising (AEFD) to eliminate noise and enhance input quality, followed by Principal Component Analysis (PCA) for efficient dimensionality reduction. Malware classification is performed using a Transformer-Augmented Neural Network (TANN), which leverages multi-head self-attention to capture both contextual and temporal dependencies, enabling accurate detection of diverse threats such as Zero-Day, botnets, and zero-day exploits. For secure communication, TRIM-SEC incorporates Lightweight Elliptic Curve Cryptography (LECC), enhanced with Particle Swarm Optimization (PSO) to generate cryptographic keys with minimal computational burden. The framework is rigorously evaluated against advanced baselines, including LSTM-based IDS, CNN-GRU hybrids, and blockchain-enhanced security models. Experimental results show that TRIM-SEC delivers higher detection accuracy, fewer false alarms, and reduced encryption latency, which makes it well-suited for real-time operation in smart IoT ecosystems. Its balanced integration of detection performance, cryptographic strength, and computational efficiency positions TRIM-SEC as a promising solution for securing next-generation IoT environments. Full article

Today, vaccines play a crucial role in ensuring personal safety and are the most effective method for preventing related diseases. The ages over which vaccines are efficacious, from infancy to the old, is of utmost importance. With the recent outbreak of COVID-19 in 2019, the demand for vaccines and their usage has significantly increased. This surge in demand has led to issues such as vaccine counterfeiting and related problems, which have raised concerns among the public regarding vaccine administration. As a result, this has also resulted in a lack of trust in vaccine manufacturing companies and raised doubts about production processes. To address these concerns, this study proposed a vaccine production supervision system with Internet of Things (IoT) device based on blockchain. By utilizing IoT devices, vaccine-sensitive production data can be collected and encrypted and leaks that could lead to great benefit losses for vaccine manufacturing companies can also be prevented. This system adopts a digital signature technique to import immutable characteristics to the data, offering conclusive evidence in case any issues occur with the vaccine in the future. Finally, the system also integrates with the Inter Planetary File System (IPFS) with a blockchain solution, storing manufacturing plant vaccine production records in a secure, publicly accessible, and decentralized storage space, and also enabling public verification. Full article

The integration of federated learning into Industrial Internet of Things (IIoT) networks enables collaborative intelligence but also exposes systems to identity spoofing, model poisoning, and malicious update injection. This paper presents Leash-FL, a lightweight self-healing framework that combines certificateless elliptic curve cryptography with blockchain to enhance resilience in resource-constrained IoT environments. Certificateless ECC with pseudonym rotation enables efficient millisecond-scale authentication with minimal metadata, supporting secure and unlinkable participation. A similarity-governed screening mechanism filters poisoned and free-rider updates, while blockchain-backed checkpoint rollback ensures rapid recovery without service interruption. Experiments on intrusion detection, anomaly detection, and vision datasets show that Leash-FL sustains over 85 percent accuracy with 50 percent malicious clients, reduces backdoor success rates to under 5 percent within four recovery rounds, and restores accuracy up to three times faster than anomaly-screening baselines. The blockchain layer achieves low-latency consensus, high throughput, and modest ledger growth, significantly outperforming Ethereum-based systems. Membership changes are efficiently managed with sub-50 ms join and leave operations and re-admission within 60 ms, while guaranteeing forward and backward secrecy. Leash-FL delivers a cryptography-driven approach that unifies lightweight authentication, blockchain auditability, and self-healing recovery into a secure, resilient, and scalable federated learning solution for next-generation IIoT networks. Full article

Wireless Medical Sensor Networks (WMSNs) collect and transmit patients’ physiological data in real time through various sensors, playing an increasingly important role in intelligent healthcare. Authentication protocols in WMSNs ensure that users can securely access real-time data from sensor nodes. Although many researchers have proposed authentication schemes to resist common attacks, insufficient attention has been paid to insider attacks and ephemeral secret leakage (ESL) attacks. Moreover, existing adversary models still have limitations in accurately characterizing an attacker’s capabilities. To address these issues, this paper extends the traditional adversary model to better reflect practical deployment scenarios, assuming a semi-trusted server and allowing adversaries to obtain users’ temporary secrets. Based on this enhanced model, we design an efficient ECC-based authentication and key agreement protocol that ensures the confidentiality of users’ passwords, biometric data, and long-term private keys during the registration phase, thereby mitigating insider threats. The proposed protocol combines anonymous authentication and elliptic curve cryptography (ECC) key exchange to satisfy security requirements. Performance analysis demonstrates that the proposed protocol achieves lower computational and communication costs compared with existing schemes. Furthermore, the protocol’s security is formally proven under the Random Oracle (ROR) model and verified using the ProVerif tool, confirming its security and reliability. Therefore, the proposed protocol can be effectively applied to secure data transmission and user authentication in wireless medical sensor networks and other IoT environments. Full article

This paper presents a certificateless group signature scheme designed specifically for Unmanned Aerial Vehicle (UAV) communications in resource-constrained environments. The scheme leverages Physical Unclonable Functions (PUFs) and elliptic curve cryptography (ECC) to provide a lightweight security solution while maintaining essential security properties including anonymity, unforgeability, traceability, and unlikability. We describe the cryptographic protocols for system setup, key generation, signing, verification, and revocation mechanisms. The implementation shows promising results for UAV applications where computational resources are limited, while still providing robust security guarantees for group communications. Our approach eliminates the need for computationally expensive certificate management while ensuring that only legitimate group members can create signatures that cannot be linked to their identities except by authorized group managers. Full article

The General Data Protection Regulation (GDPR) imposes additional demands and obligations on service providers that handle and process personal data. In this paper, we examine how advanced cryptographic techniques can be employed to develop a privacy-preserving solution for ensuring GDPR compliance in Industrial Internet of Things (IIoT) systems. The primary objective is to ensure that sensitive data from IIoT devices is encrypted and accessible only to authorized entities, in accordance with Article 32 of the GDPR. The proposed system combines Decentralized Attribute-Based Encryption (DABE) with smart contracts on a blockchain to create a decentralized way of managing access to IIoT systems. The proposed system is used in an IIoT use case where industrial sensors collect operational data that is encrypted according to DABE. The encrypted data is stored in the IPFS decentralized storage system. The access policy and IPFS hash are stored in the blockchain’s smart contracts, allowing only authorized and compliant entities to retrieve the data based on matching attributes. This decentralized system ensures that information is stored encrypted and secure until it is retrieved by legitimate entities, whose access rights are automatically enforced by smart contracts. The implementation and evaluation of the proposed system have been analyzed and discussed, showing the promising achievement of the proposed system. Full article

The Zero Trust Architecture (ZTA) model has emerged as a foundational cybersecurity paradigm that eliminates implicit trust and enforces continuous verification across users, devices, and networks. This study presents a systematic literature review of 74 peer-reviewed articles published between 2016 and 2025, spanning domains such as cloud computing (24 studies), Internet of Things (11), healthcare (7), enterprise and remote work systems (6), industrial and supply chain networks (5), mobile networks (5), artificial intelligence and machine learning (5), blockchain (4), big data and edge computing (3), and other emerging contexts (4). The analysis shows that authentication, authorization, and access control are the most consistently implemented ZTA components, whereas auditing, orchestration, and environmental perception remain underexplored. Across domains, the main challenges include scalability limitations, insufficient lightweight cryptographic solutions for resource-constrained systems, weak orchestration mechanisms, and limited alignment with regulatory frameworks such as GDPR and HIPAA. Cross-domain comparisons reveal that cloud and enterprise systems demonstrate relatively mature implementations, while IoT, blockchain, and big data deployments face persistent performance and compliance barriers. Overall, the findings highlight both the progress and the gaps in ZTA adoption, underscoring the need for lightweight cryptography, context-aware trust engines, automated orchestration, and regulatory integration. This review provides a roadmap for advancing ZTA research and practice, offering implications for researchers, industry practitioners, and policymakers seeking to enhance cybersecurity resilience. Full article