Sign in to use this feature.

Years

Between: -

Subjects

remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline

Journals

Article Types

Countries / Regions

Search Results (245)

Search Parameters:
Keywords = attribute-based encryption

Order results
Result details
Results per page
Select all
Export citation of selected articles as:
39 pages, 3618 KB  
Article
Efficient Authenticated Fine-Grained Access Engine for Encrypted Data in Mobile Edge Cloud
by Zhishuo Zhang, Jianding Guo, Caixing Shao, Wen Huang and Shijie Zhou
Electronics 2026, 15(13), 2933; https://doi.org/10.3390/electronics15132933 - 4 Jul 2026
Viewed by 102
Abstract
Fine-grained, authenticated, traceable, and efficient encrypted access control is indispensable for secure data sharing in mobile edge cloud networks, especially for resource-constrained data requesters. Despite the prevalence of outsourced ciphertext-policy attribute-based encryption (CP-ABE) solutions, existing schemes still suffer from critical practical limitations. First, [...] Read more.
Fine-grained, authenticated, traceable, and efficient encrypted access control is indispensable for secure data sharing in mobile edge cloud networks, especially for resource-constrained data requesters. Despite the prevalence of outsourced ciphertext-policy attribute-based encryption (CP-ABE) solutions, existing schemes still suffer from critical practical limitations. First, requester-side transformation keys are typically unverified prior to computationally expensive outsourced decryption operations. Second, commitment-based verification mechanisms fail to validate the identity of data publishers. Third, the online computational overhead scales linearly with either the requester attribute set or the policy-matching set, severely degrading practical efficiency. To address these issues, this paper proposes ePoFSC, a novel policy-oriented functional signcryption scheme for authenticated encrypted data sharing in mobile edge cloud scenarios. The proposed ePoFSC scheme integrates pre-auditing and caching mechanisms for requester trapdoors before online access requests, enabling constant-time operations for request generation, request verification, and request header construction independent of requester attribute scale. In the outsourced decryption phase, ePoFSC offloads all costly pairing and exponentiation operations with constant computational complexity, leaving only lightweight policy-dependent group multiplications for terminal requesters. Furthermore, ePoFSC tightly couples decryption verification with publisher authentication and requester traceability to realize comprehensive access accountability. Rigorous security analysis formally validates the confidentiality, publisher-side unforgeability, and requester traceability of the proposed scheme. Extensive experimental evaluations on the BLS12-381 curve verify that ePoFSC achieves prominent performance superiority over existing state-of-the-art schemes in both the encryption and data recovery phases. Full article
(This article belongs to the Special Issue Secure and Privacy-Enhanced Data Sharing)
17 pages, 355 KB  
Article
Threshold Attribute-Based Encryption Scheme Supporting Multiple Access Policies
by Vu Nam Luu, Willy Susilo and Viet Cuong Trinh
Symmetry 2026, 18(6), 1058; https://doi.org/10.3390/sym18061058 - 19 Jun 2026
Viewed by 213
Abstract
Threshold Attribute-based Encryption has attracted significant attention due to its growing importance in practical applications, such as distributed cloud storage or anonymous access control. In a threshold attribute-based encryption scheme, a sender can select a set of attributes and a corresponding threshold t [...] Read more.
Threshold Attribute-based Encryption has attracted significant attention due to its growing importance in practical applications, such as distributed cloud storage or anonymous access control. In a threshold attribute-based encryption scheme, a sender can select a set of attributes and a corresponding threshold t, which is referred to as an access policy, to encrypt a message. Decryption is successful if and only if a user possesses at least t attributes from the specified attribute set. Existing threshold attribute-based encryption schemes typically consider only the setting in which a single message is encrypted under a single access policy. However, in many practical applications, more flexible encryption scenarios are needed, such as encrypting a single message under multiple access policies or encrypting multiple messages under their corresponding access policies. In this work, we first formalize the notion of threshold attribute-based encryption supporting the encryption of multiple messages under multiple access policies. We then propose the first construction of a threshold attribute-based encryption scheme based on the Key Encapsulation Mechanism paradigm that supports such functionality while achieving constant-size ciphertext. Our proposed scheme relies on bilinear pairings and is proven secure in the Generic Bilinear Group Model. As a classical pairing-based construction, it does not provide post-quantum security and is therefore unsuitable for scenarios requiring long-term confidentiality or resilience against harvest-now, decrypt-later attacks. Full article
(This article belongs to the Section Computer)
Show Figures

Figure 1

27 pages, 1800 KB  
Article
TLS-Aware Anomaly Detection for Encrypted IoT Traffic Using a β-Variational Autoencoder with ANOVA–Mutual Information Feature Selection
by Muhammad Nouman, Raja Ujjan and Muhsin Hassanu
Future Internet 2026, 18(6), 310; https://doi.org/10.3390/fi18060310 - 8 Jun 2026
Viewed by 299
Abstract
The rapid growth of the Internet of Things (IoT) has increased dependency on Transport Layer Security (TLS) for securing device communications, enhancing confidentiality while reducing the visibility required by traditional intrusion detection systems. As payload inspection becomes impractical in encrypted environments, anomaly detection [...] Read more.
The rapid growth of the Internet of Things (IoT) has increased dependency on Transport Layer Security (TLS) for securing device communications, enhancing confidentiality while reducing the visibility required by traditional intrusion detection systems. As payload inspection becomes impractical in encrypted environments, anomaly detection must instead rely on flow-level statistics and TLS metadata. This is challenging because IoT traffic is heterogeneous, non-stationary, and distributionally inconsistent across datasets, while many existing studies rely on single-dataset evaluation and therefore provide limited evidence of real-world generalisation. We introduce a TLS-aware anomaly detection framework that combines a β-Variational Autoencoder (β-VAE) with a hybrid ANOVA–Mutual Information (ANOVA–MI) feature-selection pipeline. The incremental contribution lies not in the individual use of these components, but in their integrated application to encrypted IoT anomaly detection under strict cross-dataset evaluation, where feature filtering, probabilistic latent regularisation, and threshold transferability are jointly examined without retraining or recalibration on target datasets. The framework models benign encrypted IoT traffic using probabilistic latent representations and identifies anomalies through reconstruction-error-based scoring. Network flows from the BoT-IoT, IoT-23, and ToN-IoT datasets were processed using Zeek and CICFlowMeter to construct a unified metadata feature space incorporating flow statistics and TLS attributes such as JA3 and JA3S fingerprints. The model was trained on benign BoT-IoT traffic and evaluated in both in-dataset and cross-dataset scenarios. The model achieves strong in-dataset performance on BoT-IoT (ROC-AUC 0.9996; F1 0.9922) and retains robust anomaly-ranking and threshold-based detection capability under cross-dataset domain shift (IoT-23: ROC-AUC 0.9882, F1 0.9422; ToN-IoT: ROC-AUC 0.9465, F1 0.8732). A comparative evaluation against deterministic autoencoders and classical baselines further indicates that the proposed β-VAE achieves stronger cross-dataset anomaly-ranking performance than the compared methods. These findings support the suitability of probabilistic latent modelling for privacy-preserving anomaly detection in encrypted IoT environments. Full article
(This article belongs to the Section Cybersecurity)
Show Figures

Graphical abstract

50 pages, 1251 KB  
Article
Blockchain-Enabled Lattice-Based Attribute-Based Searchable Encryption with Instant Revocation
by Zhishan Feng, Wenzhong Yang, Ying Hu, Yabo Yin, Tianqi Ma, Xiaodan Tian and Xiangxin Deng
Electronics 2026, 15(11), 2471; https://doi.org/10.3390/electronics15112471 - 4 Jun 2026
Viewed by 210
Abstract
As cloud computing proliferates, outsourced data faces severe security threats, yet existing searchable encryption (SE) schemes rely on classical hardness assumptions, centralized trust authorities, and static access control, leaving critical gaps in quantum resistance, single-point-of-failure prevention, and dynamic permission management. To address these [...] Read more.
As cloud computing proliferates, outsourced data faces severe security threats, yet existing searchable encryption (SE) schemes rely on classical hardness assumptions, centralized trust authorities, and static access control, leaving critical gaps in quantum resistance, single-point-of-failure prevention, and dynamic permission management. To address these limitations, we propose BL-ABSE, a blockchain-enhanced, lattice-based attribute-based searchable encryption framework. BL-ABSE employs the Ring Learning With Errors (RLWE) problem as its security foundation and applies the Number Theoretic Transform (NTT) to reduce polynomial multiplication from O(n2) to O(nlogn). To eliminate single-point trust risks, the framework further integrates a (t,n) threshold key protocol across an edge-node consortium governed by Practical Byzantine Fault Tolerance (PBFT) consensus. A smart-contract-maintained on-chain revocation list enables permission withdrawal via a single blockchain transaction without re-encryption. Experimental evaluation demonstrates that commitment generation requires approximately 23 ms at n=1024, search latency scales linearly at roughly 29 µs per record, and revocation completes in approximately 2 s regardless of system scale. Formal security proofs under the quantum polynomial-time (QPT) adversary model reduce six security properties—index indistinguishability, query privacy, threshold key security, Byzantine fault tolerance, audit immutability, and revocation immediacy—to the hardness of RLWE and the Short Integer Solution (SIS) problems. To the best of our knowledge, BL-ABSE is the first framework to simultaneously achieve post-quantum security, attribute-based access control, decentralized key management, instant revocation, and immutable auditing within a single unified framework. We further conduct threshold parameter verification, end-to-end revocation latency decomposition, blockchain throughput stress testing, search-pattern leakage quantification, and communication/storage overhead analysis, providing a comprehensive evaluation of both performance and security trade-offs. We explicitly characterize the search-pattern leakage inherent in the deterministic commitment design as a correctness–privacy trade-off and discuss mitigation directions. Full article
Show Figures

Figure 1

23 pages, 6270 KB  
Article
Efficient and Secure Medical Data Sharing: An Improved CP-ABE Scheme with Outsourced Decryption
by Qingqing Li, Lin Wang and Moli Zhang
Electronics 2026, 15(9), 1907; https://doi.org/10.3390/electronics15091907 - 1 May 2026
Viewed by 433
Abstract
Addressing the challenges of privacy leakage, fragmented data silos, and high computational overhead in traditional ciphertext-policy attribute-based encryption (CP-ABE) for medical data sharing, this paper proposes an improved CP-ABE framework with outsourced decryption, integrated with consortium blockchain and the InterPlanetary File System (IPFS). [...] Read more.
Addressing the challenges of privacy leakage, fragmented data silos, and high computational overhead in traditional ciphertext-policy attribute-based encryption (CP-ABE) for medical data sharing, this paper proposes an improved CP-ABE framework with outsourced decryption, integrated with consortium blockchain and the InterPlanetary File System (IPFS). The framework introduces a medical-scenario-adapted CP-ABE architecture based on a lightweight FAME design, optimizing attribute key generation and transformation key design to accommodate resource-constrained medical terminals. A hybrid encryption system is employed, combining symmetric encryption for high-efficiency processing of large medical data and CP-ABE for fine-grained access control of symmetric keys. To reduce user computational burden, a proxy-assisted secure decryption architecture is implemented, where the proxy server handles most decryption tasks while ensuring resistance to malicious proxy behavior. Furthermore, the framework provides rigorous formal security verification, achieving IND-CPA security and resilience against collusion and malicious proxy attacks. Comprehensive performance evaluations demonstrate significant improvements in key generation, encryption, and decryption efficiency, offering a better balance between security and efficiency for practical medical data sharing applications. Full article
Show Figures

Figure 1

27 pages, 1832 KB  
Article
Leveraging Confidential Computing to Enhance Data Privacy in Hyperledger Fabric
by Stefano Avola, Pierpaolo Baglietto, Massimo Maresca and Andrea Parodi
Blockchains 2026, 4(2), 4; https://doi.org/10.3390/blockchains4020004 - 16 Apr 2026
Viewed by 1010
Abstract
In this paper, we present a system built on Hyperledger Fabric (HLF) that leverages Confidential Computing (CC) technologies to strengthen data privacy guarantees beyond those achievable through application-level mechanisms alone. While HLF natively supports data confidentiality through Private Collections (PCs), which restrict data [...] Read more.
In this paper, we present a system built on Hyperledger Fabric (HLF) that leverages Confidential Computing (CC) technologies to strengthen data privacy guarantees beyond those achievable through application-level mechanisms alone. While HLF natively supports data confidentiality through Private Collections (PCs), which restrict data visibility to a subset of authorized network participants, these mechanisms do not protect data at the hardware level: a privileged or compromised hosting platform can access plaintext data in memory and on the filesystem irrespective of HLF access control policies. To address this limitation, we integrate CC into HLF by adopting Intel Software Guard Extensions (SGX) in conjunction with the Gramine framework. This integration enables the execution of HLF components—peer nodes, orderers, Chaincodes and client applications—within Trusted Execution Environments (TEEs). Furthermore, to securely grant access to selected data to a trusted third-party software (TPS) external to the blockchain network, we leverage the Remote Attestation (RA) feature provided by CC, as streamlined by Gramine and enforced on a per-request basis, ensuring that only verified enclaves (or “SGX enclaves”) with expected measurements may access private data. In addition, the Sealing mechanism is employed to persistently store cryptographic material required by HLF components on the filesystem while preserving both confidentiality and integrity. Together, PCs, RA, Sealing, and enclave-based execution establish a layered privacy guarantee: PCs enforce application-level data segregation among channel participants; RA provides measurement-based access control for an external TPS; Sealing ensures that cryptographic material and blockchain state remain encrypted on the filesystem; and enclave-based execution protects data in use through hardware-level memory encryption. The proposed system has been applied and experimentally validated in a logistics use case in the Port of Genoa: benchmarks against an experimental HLF deployment demonstrate an average 95th-percentile (p95) performance overhead of approximately 1.3× attributable to SGX memory encryption and Gramine-based enclave execution, whereas an elevated memory usage footprint (33–35 GB per organization) has been measured, mainly due to the Gramine environment: this remains an open direction for future work. Full article
(This article belongs to the Special Issue Feature Papers in Blockchains 2026)
Show Figures

Figure 1

20 pages, 1504 KB  
Article
Decision-Support Framework for Cybersecurity Risk Assessment in EV Charging Infrastructure
by Roberts Grants, Nadezhda Kunicina, Rasa Brūzgienė, Šarūnas Grigaliūnas and Andrejs Romanovs
Energies 2026, 19(8), 1814; https://doi.org/10.3390/en19081814 - 8 Apr 2026
Viewed by 572
Abstract
Rapid expansion of electric vehicle adoption has led to increased dependence on a charging infrastructure that is tightly integrated with energy distribution systems and digital communication networks. As electric vehicle charging stations evolve into complex cyber–physical systems, cybersecurity risks pose a growing threat [...] Read more.
Rapid expansion of electric vehicle adoption has led to increased dependence on a charging infrastructure that is tightly integrated with energy distribution systems and digital communication networks. As electric vehicle charging stations evolve into complex cyber–physical systems, cybersecurity risks pose a growing threat to grid reliability and user trust. This paper presents a hybrid decision-support framework for cybersecurity risk assessment in EV charging infrastructure that advances beyond prior multi-criteria decision-making approaches by combining interpretability with data-driven validation. Specifically, the framework integrates the Analytic Hierarchy Process (AHP) for expert-driven weighting of cybersecurity attributes with PROMETHEE for flexible threat prioritization, enabling transparent and auditable risk rankings. The framework categorizes cybersecurity criteria across four infrastructure layers—transmission, distribution, consumer, and electric vehicle charging stations—and assigns relative weights through expert-driven pairwise comparisons. PROMETHEE is then applied to rank potential cyber threats based on these weights, allowing for flexible prioritization of cybersecurity interventions. The methodology is validated using the real-world WUSTL-IIoT-2018 SCADA dataset, which includes simulated reconnaissance (network scanning), device identification, and exploitation attacks. While this dataset does not natively include OCPP 2.0 or ISO 15118 protocols, the experimental results demonstrate strong discrimination power (AUC = 0.99, recall = 95%) and provide a basis for extension to modern EVSE communication standards. The results identify critical metrics such as anomalous source packet behavior and encryption reliability as key vulnerability markers, aligning with documented EV charging attack scenarios. By bridging expert judgment with empirical traffic data, the proposed framework offers both technical robustness and explainability, supporting grid operators, SOC teams, and infrastructure planners in systematically assessing risks, allocating resources, and enhancing the resilience of EV charging ecosystems against evolving cyber threats. Full article
Show Figures

Figure 1

29 pages, 3152 KB  
Article
Enhancing Darknet Traffic Classification: Integrating Traffic-Aware SMOTE and Adaptive Weighted Feature Aggregation
by Javeriah Saleem, Rafiqul Islam, Irfan Altas and Md Zahidul Islam
J. Cybersecur. Priv. 2026, 6(2), 68; https://doi.org/10.3390/jcp6020068 - 7 Apr 2026
Cited by 1 | Viewed by 763
Abstract
With the widespread adoption of anonymity networks such as Tor, I2P, and JonDonym, reliably classifying darknet traffic remains challenging due to feature redundancy and severe class imbalance in encrypted flows. Existing approaches often rely on static feature-selection strategies and generic oversampling methods, which [...] Read more.
With the widespread adoption of anonymity networks such as Tor, I2P, and JonDonym, reliably classifying darknet traffic remains challenging due to feature redundancy and severe class imbalance in encrypted flows. Existing approaches often rely on static feature-selection strategies and generic oversampling methods, which limit robustness and may distort traffic semantics. This study proposes an adaptive classification framework integrating Adaptive Weighted Feature Aggregation (AWFA) for reliability-aware feature selection and Traffic-Aware SMOTE (TA-SMOTE) for semantically constrained perturbations of packet-size and timing features while preserving flow-level structure. The framework is evaluated on a two-layer hierarchy comprising browser-level (L1) and application-level (L2) classification. At the L2, the proposed AWFA and TA-SMOTE pipeline attains a macro-F1 score of 73.81%, significantly exceeding PCA-based reduction and traditional RF-based selection with SMOTE. At the browser level (L1), macro-F1 rises from 91.58% to 96.09% while reducing the feature space from 84 to 40 attributes, highlighting both performance improvements and structural efficiency gains. Additional semantic validation confirms that the balancing process preserves the statistical and structural characteristics of genuine darknet traffic. These results indicate that reliability-aware feature aggregation and traffic-aware balancing provide a practical, trustworthy approach to modern darknet traffic classification. Full article
(This article belongs to the Section Privacy)
Show Figures

Figure 1

23 pages, 2048 KB  
Article
Enhancing Fine-Grained Encrypted Traffic Classification via Temporal Bi-Directional GraphSAGE
by Junbin Yang, Haihua Shen, Zulong Diao and Yiran He
Appl. Sci. 2026, 16(7), 3427; https://doi.org/10.3390/app16073427 - 1 Apr 2026
Viewed by 807
Abstract
Encrypted traffic classification is essential for network management and security, yet payload inspection is ineffective under modern protocols such as Transport Layer Security (TLS) and Quick UDP Internet Connections (QUIC). Existing metadata-based methods perform well for coarse-grained tasks but often fail to distinguish [...] Read more.
Encrypted traffic classification is essential for network management and security, yet payload inspection is ineffective under modern protocols such as Transport Layer Security (TLS) and Quick UDP Internet Connections (QUIC). Existing metadata-based methods perform well for coarse-grained tasks but often fail to distinguish structurally similar applications because they model temporal behavior only implicitly or coarsely. We propose the Bi-Directional Directed Temporal Graph (BiDT), a framework based on a Directed Temporal Interaction Graph (DTIG) and a Bi-Directional GraphSAGE (BiGraphSAGE). The DTIG represents packets as nodes and explicitly encodes inter-arrival times (IATs) as directed edge attributes, preserving both causal structure and communication rhythm. The BiGraphSAGE then aggregates temporal interaction features from forward and backward perspectives. We evaluated the BiDT on the VNAT benchmark and validated it on ISCX-VPN. On the challenging 10-class VNAT dataset, the BiDT achieves 98.57% accuracy and outperforms strong baselines, including complete separation of easily confused protocols such as SCP and SFTP. The results on ISCX-VPN further confirm the effectiveness of the proposed design. These findings show that explicit temporal edge modeling is effective for fine-grained encrypted traffic classification. Full article
(This article belongs to the Section Computing and Artificial Intelligence)
Show Figures

Figure 1

24 pages, 531 KB  
Article
VMkCwPIR: A Single-Round Scalable Multi-Keyword PIR Protocol Supporting Non-Primary Key Queries
by Junyu Lu, Shengnan Zhao, Yuchen Huang, Zhongtian Jia, Lili Zhang and Chuan Zhao
Information 2026, 17(4), 337; https://doi.org/10.3390/info17040337 - 1 Apr 2026
Viewed by 512
Abstract
Keyword Private Information Retrieval (Keyword PIR) enables private querying over keyword-based databases, which are typically sparse, as opposed to the dense arrays used in standard Index PIR. However, existing Keyword PIR schemes are limited to single-keyword queries and generally assume that keywords serve [...] Read more.
Keyword Private Information Retrieval (Keyword PIR) enables private querying over keyword-based databases, which are typically sparse, as opposed to the dense arrays used in standard Index PIR. However, existing Keyword PIR schemes are limited to single-keyword queries and generally assume that keywords serve as unique identifiers, making them inadequate for practical scenarios where keywords are non-unique attributes and clients need to retrieve records matching multiple keywords simultaneously. To bridge this gap, we propose MkCwPIR, the first single-round, exact-match multi-keyword PIR protocol that supports conjunctive keyword queries while preserving strict keyword privacy against the server. Our construction employs Constant-weight codes and Newton–Girard identities to encode multi-keyword selection into a compact algebraic representation, representing a functional extension of CwPIR (Usenix Security ’22). While this functional expansion introduces additional computational overhead due to the processing of multiple keywords, we further introduce VMkCwPIR—an optimized variant leveraging BFV vectorized homomorphic encryption. Experimental results demonstrate that although the base MkCwPIR incurs higher latency due to its enhanced logical capabilities, the vectorized optimizations in VMkCwPIR effectively close this performance gap. Consequently, VMkCwPIR achieves a performance level comparable to the single-keyword CwPIR. Experimental results demonstrate that when processing a query with eight keywords, VMkCwPIR achieves a server-side execution time comparable to executing only four independent single-keyword queries in CwPIR, while maintaining constant communication overhead for up to 16 keywords. Full article
Show Figures

Figure 1

29 pages, 2839 KB  
Article
Privacy-Preserving Data Sharing with Personalized Encrypted Retrieval
by Hongfei Song, Lianhai Wang, Shujiang Xu, Shuhui Zhang, Wei Shao and Qizheng Wang
Appl. Sci. 2026, 16(6), 2771; https://doi.org/10.3390/app16062771 - 13 Mar 2026
Viewed by 545
Abstract
With the rapid development of cloud-based data sharing technologies, enterprises and organizations tend to outsource their local data to cloud servers. They adopt searchable encryption (SE) techniques to access and search encrypted data. However, most existing SE schemes use static ranking strategies based [...] Read more.
With the rapid development of cloud-based data sharing technologies, enterprises and organizations tend to outsource their local data to cloud servers. They adopt searchable encryption (SE) techniques to access and search encrypted data. However, most existing SE schemes use static ranking strategies based on query–index similarity. These strategies fail to capture users’ personalized retrieval preferences and often result in suboptimal search performance. In this article, we present a privacy-preserving data sharing framework with personalized encrypted retrieval (PP-PER) that combines SE technology with federated learning. PP-PER trains user interest models locally on user devices by utilizing historical query behavior. Only encrypted model parameters are uploaded for aggregation, which avoids the centralized collection of users’ private data. In addition, we design an attention-based user query update algorithm. The learned personalized features are integrated into the ciphertext query process. This design enables personalized ranking results and improves the user retrieval experience. Furthermore, PP-PER combines matrix factorization with ciphertext-policy attribute-based encryption (CP-ABE). This mechanism ensures secure document key distribution and supports fine-grained access control. Finally, we formalize the security model under a practical threat and leakage setting and provide a theoretical analysis of the proposed scheme. Experimental results on real-world datasets further validated its practicality and effectiveness. Full article
Show Figures

Figure 1

32 pages, 599 KB  
Article
MAPE-ZT: A Multi-Layer Access Policy Encryption System for Zero Trust Architectures
by Ashutosh Soni, Surendra Kumar Nanda, Jayanti Rout, Mrutyunjaya Sathua, Ganapati Panda and Manob Jyoti Saikia
Future Internet 2026, 18(3), 135; https://doi.org/10.3390/fi18030135 - 5 Mar 2026
Viewed by 520
Abstract
Organizations usually rely on stringent access control mechanisms where access policies are an important asset. Their storage or transmission in plaintext can compromise sensitive access rules. It is important in dynamic environments where access decisions are made in real time such as Zero [...] Read more.
Organizations usually rely on stringent access control mechanisms where access policies are an important asset. Their storage or transmission in plaintext can compromise sensitive access rules. It is important in dynamic environments where access decisions are made in real time such as Zero Trust (ZT). Existing ZT approaches were found to oversee the aspect of securing these policies. This investigation presents a Multi-layer Access Policy Encryption System for ZT systems (MAPE-ZT). The first stage uses the trapdoor index to generate a secure index to find the applicable access policies. Advanced Encryption Standard-256 is used in counter mode for the encryption of the policies. They are re-encrypted using the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to allow decryption based on a matching set of attributes. Various experiments using quantitative metrics, including comparison with baseline access control systems simulation, scalability evaluation, storage overhead, etc., highlight the efficacy of the MAPE-ZT and establish new benchmarks. The result count entropy for the policies ranged 3.84–4.21 for different scales of policies. The evaluation in different scales of systems shows that the MAPE-ZT reduces various observable patterns even if the deployment size grows. Its unique design of securing policies makes this approach scalable for multi-domain integration. Full article
(This article belongs to the Collection Information Systems Security)
Show Figures

Graphical abstract

20 pages, 868 KB  
Article
Toward Efficient Cloud Data Sharing: A Pairing-Free ABE Scheme with Redefinable Weighted Access Policy
by Shuwang Wang, Guofeng Lin, Xinxin Ye, Yan Huang, Shumei Zhu, Wanyi Yi, Qiong Wang and Jun Wang
Appl. Sci. 2026, 16(5), 2509; https://doi.org/10.3390/app16052509 - 5 Mar 2026
Viewed by 492
Abstract
Attribute-based encryption (ABE) provides a robust mechanism for fine-grained access control, making it an ideal candidate for secure cloud data sharing. However, existing schemes often incur significant computational overhead, hindering their large-scale deployment, especially on resource-constrained nodes. In this work, we propose a [...] Read more.
Attribute-based encryption (ABE) provides a robust mechanism for fine-grained access control, making it an ideal candidate for secure cloud data sharing. However, existing schemes often incur significant computational overhead, hindering their large-scale deployment, especially on resource-constrained nodes. In this work, we propose a practical ABE scheme that simultaneously simplifies access policy structures and enhances overall efficiency. By introducing a weighted access policy, our scheme achieves rich expressiveness while maintaining a compact logic structure, offering enhanced flexibility through the redefinability of attribute weights. Notably, the proposed construction is pairing-free and yields small-size ciphertexts and private keys compared to traditional tree-based models. Security analysis demonstrates that our scheme is selectively secure against chosen-ciphertext attacks. Extensive simulation results show that encryption and decryption latency is reduced to nearly 10 ms when 20 attributes are involved, which is a typical requirement in cloud data sharing scenarios. This validates the efficiency of our scheme in resource-constrained environments. Full article
Show Figures

Figure 1

24 pages, 1160 KB  
Article
Enhancing Data Security in Satellite Communication Systems: Integrating Quantum Cryptography with CatBoost Machine Learning
by Mohd Nadeem, Syed Anas Ansar, Sakshi Halwai, Arpita Singh and Rajeev Kumar
Information 2026, 17(3), 220; https://doi.org/10.3390/info17030220 - 25 Feb 2026
Cited by 1 | Viewed by 1004
Abstract
In modern communication networks, particularly satellite-based systems, data security faces significant challenges from vulnerabilities such as signal interception, jamming, and latency during long distance transmissions. Traditional cryptographic methods are increasingly vulnerable to quantum computing threats, underscoring the need for advanced solutions to protect [...] Read more.
In modern communication networks, particularly satellite-based systems, data security faces significant challenges from vulnerabilities such as signal interception, jamming, and latency during long distance transmissions. Traditional cryptographic methods are increasingly vulnerable to quantum computing threats, underscoring the need for advanced solutions to protect data integrity, confidentiality, and availability. This research investigates the fusion of quantum cryptography and Machine Learning (ML) to improve security in satellite communication. The Quantum Key Distribution (QKD), which is grounded in quantum mechanics, enables unbreakable encryption by detecting eavesdropping via quantum state disturbances. The CatBoost ML algorithm is applied to a dataset of 10,000 records featuring categorical attributes for prioritizing security elements such as anomaly detection, encryption types, and access controls. The model yields an accuracy of 89.23% and Area under Curve the Receiver Operating Characteristic (AUC-ROC) score of 94.56%, effectively predicting threat levels. Feature importance reveals anomaly detection (28.5%) and quantum encryption (22.3%) as primary contributors. While hurdles such as high implementation costs and transmission range limitations persist, this quantum ML synergy provides a proactive, adaptive framework for resilient, future-ready communication networks. Full article
(This article belongs to the Special Issue 2nd Edition of 5G Networks and Wireless Communication Systems)
Show Figures

Figure 1

25 pages, 8203 KB  
Article
A Lightweight and Efficient Elliptic Curve Cryptography Based File Hierarchy Attribute-Based Encryption Scheme with Enhanced Security and Cross-Domain Data Sharing
by Yating Chen, Niansong Mei and Bo Wu
Electronics 2026, 15(4), 762; https://doi.org/10.3390/electronics15040762 - 11 Feb 2026
Viewed by 546
Abstract
In cloud computing, ciphertext-policy attribute-based encryption (CP-ABE) is widely adopted for secure data storage and flexible fine-grained access control. For collaborative scenarios involving hierarchical file structures, file hierarchy CP-ABE (FH-CPABE) schemes have been proposed. However, existing file hierarchy CP-ABE schemes rely on computationally [...] Read more.
In cloud computing, ciphertext-policy attribute-based encryption (CP-ABE) is widely adopted for secure data storage and flexible fine-grained access control. For collaborative scenarios involving hierarchical file structures, file hierarchy CP-ABE (FH-CPABE) schemes have been proposed. However, existing file hierarchy CP-ABE schemes rely on computationally intensive bilinear pairing operations, resulting in high overhead. To address this issue, this paper proposes ECC-FH-CPABE, a lightweight and efficient file hierarchy CP-ABE scheme based on elliptic curve cryptography (ECC). By replacing bilinear pairings with scalar multiplication on elliptic curve points, our scheme achieves superior computational efficiency while reducing communication overhead. To ensure strong security while maintaining lightweight performance, this scheme introduces ECC-based data noise to resist user collusion attacks. In addition, ECC-FH-CPABE supports cross-domain data sharing with efficient batch operations, relieving performance bottlenecks. Security analysis proves that the scheme is secure against chosen-plaintext attacks. Extensive simulation results show that ECC-FH-CPABE significantly improves both computational efficiency and communication efficiency compared to existing schemes. Full article
Show Figures

Figure 1

Back to TopTop