Search Results (26)

Autonomous drone swarms are increasingly deployed in critical domains such as infrastructure inspection, environmental monitoring, and emergency response. While their distributed operation enables scalability and resilience, it also introduces new vulnerabilities, particularly in authentication and trust establishment. Conventional cryptographic solutions, including public key infrastructures (PKI) and symmetric key protocols, impose computational and connectivity requirements unsuited to resource-constrained and external infrastructure-free swarm deployments. In this paper, we present a decentralized authentication scheme rooted in hardware security primitives (HSPs); specifically, Physical Unclonable Functions (PUFs) and True Random Number Generators (TRNGs). The protocol leverages master-initiated token broadcasting, iterative HSP seed evolution, randomized response delays, and statistical trust evaluation to detect cloning, replay, and impersonation attacks without reliance on centralized authorities or pre-distributed keys. Simulation studies demonstrate that the scheme achieves lightweight operation, rapid anomaly detection, and robustness against wireless interference, making it well-suited for real-time swarm systems. Full article

With the rapid development of the Internet of Medical Things (IoMT), the data generated and collected by various sensors and medical devices are gradually increasing. How to realize flexible, efficient, and secure data sharing while ensuring data confidentiality and patient privacy has become a critical research challenge. The traditional Public Key Infrastructure (PKI) must deal with the complicated certificate management problem. An identity-based cryptosystem has the inherent key-escrow risk. These concerns make them unsuitable for resource-constrained and dynamic IoMT environments. To address it, this paper introduces a cloud data sharing protocol for IoMT using a Certificateless Proxy Re-encryption (CL-PRE) scheme that integrates an efficient access-list-based user revocation mechanism. In our system, a patient’s data can be encrypted and securely stored in a semi-trusted third party like the cloud server. When the patient wants to grant the access to designated users, e.g., doctors or medical institutions, a delegated proxy server will re-encrypt the ciphertext to a new one, which is decryptable by the designators. The proxy server also learns nothing during the re-encryption process, so as to maintain the end-to-end confidentiality. As for the security, the authors formally prove that the proposed CL-PRE mechanism for IoMT achieves Type-I and Type-II indistinguishability against adaptive chosen-identity and chosen-ciphertext attacks (IND-PrID-CCA) under the Decisional Bilinear Diffie–Hellman (DBDH) assumption. Moreover, the functional and computational comparisons with previous studies reveal the qualitative advantage of simultaneously achieving certificateless properties and user revocation, and the quantitative advantage of an optimized encryption cost (requiring only one bilinear pairing and two scalar multiplications), making it a theoretically efficient solution for resource-constrained IoMT devices. Full article

The security of the digital certificates used in authenticating network devices relies on cryptographic algorithms like the RSA and ECC, which are vulnerable to quantum attacks. This study addresses the urgent need to secure the Simple Certificate Enrollment Protocol (SCEP), widely used in PKI-based systems, by integrating post-quantum cryptographic (PQC) algorithms—Dilithium, Falcon, and SPHINCS+. The experimental results show that Dilithium2 (1312 bytes) and Falcon512 (897 bytes) offer the best performance and throughput, with Falcon512 also being the most efficient in terms of the storage consumption. This research represents the first integration of PQC algorithms into the SCEP, establishing a foundation for scalable, quantum-resilient certificate enrollment in future PKI systems. Full article

As a data-centric next-generation network architecture, Named Data Networking (NDN) exhibits inherent compatibility with the distributed nature of the Internet of Things (IoT) through its name-based routing mechanism. However, existing signature schemes for NDN-IoT face dual challenges: resource-constrained IoT terminals struggle with certificate management and computationally intensive bilinear pairings under traditional Public Key Infrastructure (PKI), while NDN routers require low-latency batch verification for high-speed data forwarding. To address these issues, this study proposes ECAE, an efficient certificateless aggregate signature scheme based on elliptic curve cryptography (ECC). ECAE introduces a partial private key distribution mechanism in key generation, enabling the authentication of identity by a Key Generation Center (KGC) for terminal devices. It leverages ECC and universal hash functions to construct an aggregate verification model that eliminates bilinear pairing operations and reduces communication overhead. Security analysis formally proves that ECAE resists forgery, replay, and man-in-the-middle attacks under the random oracle model. Experimental results demonstrate substantial efficiency gains: total computation overhead is reduced by up to 46.18%, and communication overhead is reduced by 55.56% compared to state-of-the-art schemes. This lightweight yet robust framework offers a trusted and scalable verification solution for NDN-IoT environments. Full article

With the rapid increase in the number of vehicles and the growing demand for low-latency and reliable communication, traditional vehicular network architectures face numerous challenges. Unmanned Aerial Vehicle (UAV)-assisted vehicular networks provide an innovative solution for real-time data transmission and efficient cross-domain communication, significantly enhancing resource allocation efficiency and traffic safety. However, these networks also raise privacy and security concerns. Traditional symmetric key and Public Key Infrastructure (PKI)-based authentication schemes suffer from issues such as key management, certificate verification, and data leakage risks. While blockchain technology has been explored to address these problems, it still suffers from inefficiencies and high computational overhead. This paper proposes a UAV-assisted vehicular network architecture that leverages UAVs as trusted intermediaries for cross-domain authentication, effectively reducing authentication delays and improving scalability. Through ProVerif security proofs and detailed theoretical analysis, the proposed scheme is demonstrated to meet the security requirements of vehicular networks and withstand a broader range of attacks. Performance evaluation results show that the proposed scheme achieves at least a 20% reduction in computational and communication overhead compared to existing schemes, highlighting its significant advantages. Additionally, the average consensus time for the proposed scheme is at least 40% lower than existing schemes. The novelty of the proposed scheme lies in the integration of UAVs as trusted intermediaries with blockchain technology, addressing key management and privacy issues, and providing an efficient and secure solution for high-density vehicular networks. Full article

This paper introduces PK-Judge, a novel neural network watermarking framework designed to enhance the intellectual property (IP) protection by incorporating an asymmetric cryptograp hic approach in the verification process. Inspired by the paradigm shift from HTTP to HTTPS in enhancing web security, this work integrates public key infrastructure (PKI) principles to establish a secure and verifiable watermarking system. Unlike symmetric approaches, PK-Judge employs a public key infrastructure (PKI) to decouple ownership validation from the extraction process, significantly increasing its resilience against adversarial attacks. Additionally, it incorporates a robust challenge-response mechanism to mitigate replay attacks and leverages error correction codes (ECC) to achieve an Effective Bit Error Rate (EBER) of zero, ensuring watermark integrity even under conditions such as fine-tuning, pruning, and overwriting. Furthermore, PK-Judge introduces a new requirement based on the principle of separation of privilege, setting a foundation for secure and scalable watermarking mechanisms in machine learning. By addressing these critical challenges, PK-Judge advances the state-of-the-art in neural network IP protection and integrity, paving the way for trust-based AI technologies that prioritize security and verifiability. Full article

As quantum computing advances, current cryptographic protocols are increasingly vulnerable to quantum attacks, particularly those based on Public Key Infrastructure (PKI) like RSA or Elliptic Curve Cryptography (ECC). This paper presents a comprehensive review of Post-Quantum Cryptography (PQC) as a solution to protect digital systems in the quantum era. We provide an in-depth analysis of various quantum-resistant cryptographic algorithms, including lattice-based, code-based, hash-based, isogeny-based, and multivariate approaches. The review highlights the National Institute of Standards and Technology (NIST) PQC standardization process, highlighting key algorithms, such as CRYSTALS–Kyber, CRYSTALS–Dilithium, Falcon, and SPHINCS+, and discusses the strengths, vulnerabilities, and implementation challenges of the leading algorithms. In addition, we explore transition strategies for organizations, emphasizing hybrid cryptography to ensure backward compatibility during migration. This study offers key insights into the future of cryptographic standards and the critical steps necessary to prepare for the transition from classical to quantum-resistant systems. Full article

Due to their inherent openness, wireless sensor networks (WSNs) are vulnerable to eavesdropping attacks. Addressing the issue of secure Internet Key Exchange (IKE) in the absence of reliable third parties like CA/PKI (Certificate Authority/Public Key Infrastructure) in WSNs, a novel key synchronization method named NDPCS-KS is proposed in the paper. Firstly, through an initial negotiation process, both ends of the main channels generate the same initial key seeds using the Channel State Information (CSI). Subsequently, negotiation keys and a negative database (NDB) are synchronously generated at the two ends based on the initial key seeds. Then, in a second-negotiation process, the NDB is employed to filter the negotiation keys to obtain the keys for encryption. NDPCS-KS reduced the risk of information leakage, since the keys are not directly transmitted over the network, and the eavesdroppers cannot acquire the initial key seeds because of the physical isolation of their eavesdropping channels and the main channels. Furthermore, due to the NP-hard problem of reversing the NDB, even if an attacker obtains the NDB, deducing the initial key seeds is computationally infeasible. Therefore, it becomes exceedingly difficult for attackers to generate legitimate encryption keys without the NDB or initial key seeds. Moreover, a lightweight anti-replay and identity verification mechanism is designed to deal with replay attacks or forgery attacks. Experimental results show that NDPCS-KS has less time overhead and stronger randomness in key generation compared with other methods, and it can effectively counter replay, forgery, and tampering attacks. Full article

With superior computing power and efficient data collection capability, Internet of Medical Things (IoMT) significantly improves the accuracy and convenience of medical work. As most communications are over open networks, it is critical to encrypt data to ensure confidentiality before uploading them to cloud storage servers (CSSs). Public key encryption with keyword search (PEKS) allows users to search for specific keywords in ciphertext and plays an essential role in IoMT. However, PEKS still has the following problems: 1. As a semi-trusted third party, the CSSs may provide wrong search results to save computing and bandwidth resources. 2. Single-keyword searches often produce many irrelevant results, which is undoubtedly a waste of computing and bandwidth resources. 3. Most PEKS schemes rely on bilinear pairings, resulting in computational inefficiencies. 4. Public key infrastructure (PKI)-based or identity-based PEKS schemes face the problem of certificate management or key escrow. 5. Most PEKS schemes are vulnerable to offline keyword guessing attacks, online keyword guessing attacks, and insider keyword guessing attacks. We present a certificateless verifiable and pairing-free conjunctive public keyword searchable encryption (CLVPFC-PEKS) scheme. An efficiency analysis shows that the performance advantage of the new scheme is far superior to that of the existing scheme. More importantly, we provide proof of security under the standard model (SM) to ensure the reliability of the scheme in practical applications. Full article

Internet applications rely on Secure Socket Layer (SSL)/Transport Security Layer (TSL) certifications to establish secure communication. However, the centralized nature of certificate authorities (CAs) poses a risk, as malicious third parties could exploit the CA to issue fake certificates to malicious web servers, potentially compromising the privacy and integrity of user data. In this paper, we demonstrate how the utilization of decentralized certificate verification with blockchain technology can effectively address and mitigate such attacks. We present a decentralized public key infrastructure (PKI) based on a distributed trust model, e.g., Web of Trust (WoT) and blockchain technologies, to overcome vulnerabilities like single points of failure and to prevent tampering with existing certificates. In addition, our infrastructure establishes a trusted key-ring network that decouples the authentication process from CAs in order to enhance secure certificate issuance and accelerate the revocation process. Furthermore, as a proof of concept, we present the implementation of our proposed system in the Ethereum blockchain, confirming that the proposed framework meets the five identified requirements. Our experimental results demonstrate the effectiveness of our proposed system in practice, albeit with additional overhead compared to conventional PKIs. Full article

Log-based public key infrastructure(PKI) refers to a robust class of CA-attack-resilient PKI that enhance transparency and accountability in the certificate revocation and issuance process by compelling certificate authorities (CAs) to submit revocations to publicly and verifiably accessible logs. However, log-based PKIs suffer from a reliance on centralized and consistent sources of information, rendering them susceptible to split-world attacks, and they regrettably fail to provide adequate incentives for recording or monitoring CA behavior. Blockchain-based PKIs address these limitations by enabling decentralized log audits through automated financial incentives. However, they continue to face challenges in developing a scalable revocation mechanism suited for lightweight clients. In this paper, we introduce BRT, a scalable blockchain-based system for certificate and revocation transparency. It serves to log, audit, and validate the status of certificates within the transport layer security (TLS)/secure sockets layer(SSL) PKI domain. We designed an audit-on-chain framework, coupled with an off-chain storage/computation system, to enhance the efficiency of BRT when operating in a blockchain environment. By implementing a blockchain-based prototype, we demonstrate that BRT achieves storage-efficient log recording with a peak compression rate reaching 8%, cost-effective log updates for large-scale certificates, and near-instantaneous revocation checks for users. Full article

Blind signatures have been widely applied when privacy preserving is required, and the delegation of blind signature rights and a proxy blind signature (Proxy-BS) become necessary when the signer cannot sign. Existing Proxy-BS schemes are based on traditional cryptographically hard problems, and they cannot resist quantum attacks. Moreover, most current Proxy-BS schemes depend on public key infrastructure (PKI), which leads to high certificate storage and management overhead. To simplify key management and resist quantum attacks, we propose a post-quantum secure identity-based proxy blind signature (ID-Proxy-BS) scheme on a lattice using a matrix cascade technique and lattice cryptosystem. Under the random oracle model (ROM), the security of the proposed scheme is proved. Security shows that the proposed scheme assures security against quantum attacks and satisfies the correctness, blindness, and unforgeability. In addition, we apply the ID-Proxy-BS scheme on a lattice to e-voting and propose a quantum-resistant proxy e-voting system, which is resistant to quantum attacks and achieves the efficiency of e-voting. Full article

In the current era, blockchain has approximately 30 consensus algorithms. This architecturally distributed database stores data in an encrypted form with multiple checks, including elliptical curve cryptography (ECC) and Merkle hash tree. Additionally, many researchers aim to implement a public key infrastructure (PKI) cryptography mechanism to boost the security of blockchain-based data management. However, the issue is that many of these are required for advanced cryptographic protocols. For all consensus protocols, security features are required to be discussed because these consensus algorithms have recently been attacked by address resolution protocols (ARP), distributed denial of service attacks (DDoS), and sharding attacks in a permission-less blockchain. The existence of a byzantine adversary is perilous, and is involved in these ongoing attacks. Considering the above issues, we conducted an informative survey based on the consensus protocol attack on blockchain through the latest published article from IEEE, Springer, Elsevier, ACM, Willy, Hindawi, and other publishers. We incorporate various methods involved in blockchain. Our main intention is to gain clarity from earlier published articles to elaborate numerous key methods in terms of a survey article. Full article

Modern Public Key Infrastructures (PKIs) allow users to create and maintain centrally stored cryptographic certificates. These infrastructures use a so-called certificate chain. At the root of the chain, a root Certification Authority (CA) is responsible for issuing the base certificate. Every verification and certification step within the chain is based upon the security of said root CA. Thus, its operation security is of great concern. Since the root certificates are stored locally on the root CA, any Denial of Service (DoS) attack may render the whole certificate chain, which is based on of the attacked root CA, inoperable. Therefore, this article evaluates different approaches to a decentralized data storage system that is based on the Distributed Ledger Technology (DLT). To show the real-world potential of the proposed approaches, we also evaluate the different technologies using a novel PKI mechanism called Near Field Communication Key Exchange (NFC-KE). The results indicate that modern distributed data storage solutions such as Interplanetary Filesystem (IPFS) and SIA can have significant performance and decentralization benefits in comparison to purely Blockchain-based technologies like Hyperledger Fabric. However, they lack any Smart Contract functionality, which requires a software developer to implement verification mechanisms in centralized software solutions. Full article

Vehicular ad hoc networks (VANETs) allow communication between stationary or moving vehicles with the assistance of wireless technology. Among various existing issues in smart VANETs, secure communication is the key challenge in VANETs with a 5G network. Smart vehicles must communicate with a broad range of advanced road systems including traffic control and smart payment systems. Many security mechanisms are used in VANETs to ensure safe transmission; one such mechanism is cryptographic digital signatures based on public key infrastructure (PKI). In this mechanism, secret private keys are used for digital signatures to validate the identity of the message along with the sender. However, the validation of the digital signatures in fast-moving vehicles is extremely difficult. Based on an improved perceptron model of an artificial neural network (ANN), this paper proposes an efficient technique for digital signature verification. Still, manual signatures are extensively used for authentication across the world. However, manual signatures are still not employed for security in automotive and mobile networks. The process of converting manual signatures to pseudo-digital-signatures was simulated using the improved Elman backpropagation (I-EBP) model. A digital signature was employed during network connection to authenticate the legitimacy of the sender’s communications. Because it contained information about the vehicle on the road, there was scope for improvement in protecting the data from attackers. Compared to existing schemes, the proposed technique achieved significant gains in computational overhead, aggregate verification delay, and aggregate signature size. Full article