Search Results (74)

The Internet of Vehicles (IoV) is rapidly emerging as a core component of intelligent transportation systems, enabling real-time communication among vehicles, infrastructure, and cloud platforms. However, the increasing interconnectivity of vehicular systems and the advancement of quantum computing introduce significant security challenges to existing cryptographic mechanisms. Conventional schemes such as RSA and Elliptic Curve Cryptography (ECC) are vulnerable to quantum attacks and are computationally inefficient for resource-constrained vehicular environments. To address these limitations, this paper proposes a Double-Ring Hybrid Sparse NTRU (DRH-SNTRU) framework, a lightweight and quantum-resistant cryptographic scheme for secure IoV communication. The proposed framework introduces three key enhancements: (i) controlled-support sparse polynomial structures to reduce polynomial multiplication complexity while improving entropy distribution; (ii) a double-ring algebraic architecture that separates key operations from message processing to enhance structural security and minimize coefficient leakage; and (iii) hybrid ephemeral keys derived from contextual entropy to strengthen forward secrecy and adaptive security. An optional ciphertext evaluation mechanism is further incorporated to detect malformed and replayed ciphertexts prior to decryption. Security analysis demonstrates that the proposed framework achieves IND-CPA security under the hardness assumption of the NTRU lattice problem and can be extended to resist chosen-ciphertext attacks through the integrated validation mechanism. Experimental benchmarking across polynomial dimensions N = 512 to 8192 demonstrates that DRH-SNTRU achieves low setup overhead below 3 μs, efficient decryption latency of approximately 305.64 μs at N = 8192, and compact sparse private key representation of only 117 bytes at higher dimensions. Compared with Standard NTRUEncrypt, NTRU-HRSS, and Ring-LWE Encryption, the proposed framework demonstrates improved decryption efficiency, lightweight storage overhead, and enhanced ciphertext integrity protection while maintaining practical scalability for resource-constrained post-quantum IoV environments. Full article

The rapid proliferation of Internet of Things (IoT) devices in cloud-based e-learning platforms has posed significant security risks, particularly in protecting learner information, authentication of devices, and safe communication in the highly heterogeneous learning settings. Current cryptographic solutions are largely based on classical public-key infrastructure (PKI) protocols such as RSA and ECC, which will become vulnerable with the advent of large-scale quantum computers capable of executing Shor’s algorithm. In addition, traditional perimeter-based security models are inadequate for handling the dynamics, scattered, and resource-limited characteristics of IoT-enabled educational systems. As a solution to these problems, this paper introduces ZeroTrustEdu, a scalable zero-trust cryptographic solution that combines lightweight post-quantum key management with adaptive trust scoring of cloud-connected IoT e-learning infrastructure. The proposed framework makes three fundamental contributions namely: (1) a hierarchical zero-trust security model with no implicit trust, operating across device, edge, and cloud layers; (2) a lightweight key distribution protocol based on the Module-Lattice Key Encapsulation Mechanism (ML-KEM) compliant with NIST FIPS 203 standards and (3) an adaptive behavioral trust scoring engine that dynamically adjusts device and user trust levels based on real-time interaction analytics. The architecture is evaluated using extensive NS-3 network simulations with up to 100,000 concurrent IoT nodes with formal security analysis under Chosen Plaintext Attack (CPA) and Chosen Ciphertext Attack (CCA) threat models. Comparative evaluation against RSA-2048, ECC-P256, and AES-256 baselines demonstrates that, ZeroTrustEdu delivers a 62% ± 3% (95% CI, 10 independent runs) reduction in ML-KEM encapsulation latency (12.8 ms for key encapsulation/decapsulation, contributing to a complete device authentication latency of 47.3 ms including ML-DSA signature operations), 45% reduced communication overheads, and 38% reduction in energy consumption on ARM Cortex-M4 constrained devices compared to RSA-2048 and achieves provable post-quantum security reducible to the hardness of the Module Learning With Errors (MLWE) problem. These findings demonstrate that the proposed architecture provides a viable, scalable, and quantum-resilient security solution for next-generation IoT-enabled e-learning environments. The cryptographic security of ZeroTrustEdu is guaranteed at the primitive level through NIST-standardized ML-KEM (FIPS 203) and ML-DSA (FIPS 204), with IND-CCA2 and EUF-CMA security formally proven in the respective standards; full protocol-level formal verification using automated theorem provers (ProVerif, Tamarin) is identified as valuable future work to rule out protocol-composition vulnerabilities beyond primitive-level guarantees. Full article

Under the paradigm of the Internet of Things (IoT), the processing of large-scale data not only imposes higher demands on data-sharing efficiency but also increases the risk of user privacy leakage. To address these challenges, this paper proposes a blockchain-assisted traceable and revocable broadcast encryption scheme for preventing malicious encryptors (BATR). To resist trapdoor attacks by malicious encryptors, the scheme utilizes the uniform distribution property of hash function outputs to generate the random numbers required for the encryption algorithm. To block malicious users from leaking private keys, which attackers could exploit to construct piracy decoders with decryption capabilities, the scheme enhances the traditional broadcast encryption system by incorporating public tracing and revocation mechanisms. The scheme employs personalized transmission technology, allowing data owners to share public data with a set of authorized users while also sharing personalized data with specific authorized users. Additionally, users communicate using pseudonyms to ensure that their real identities are not accessible to third parties, thereby meeting privacy protection requirements. With the assistance of blockchain, trusted authorities and users can invoke smart contract interfaces to trigger blockchain peer nodes to execute smart contracts, thereby acquiring or updating identity authentication information stored on the blockchain to achieve secure authentication. This paper provides an analysis of the correctness and security of BATR, demonstrating that BATR satisfies chosen-ciphertext security under the Random Oracle Model. We also present performance evaluations and describe the experimental setup used to obtain operation-time baselines. Finally, this paper conducts a performance analysis of the BATR scheme, which exhibits high computational efficiency and compact communication bandwidth, resulting in significant performance improvements. Full article

Attribute-based encryption (ABE) provides a robust mechanism for fine-grained access control, making it an ideal candidate for secure cloud data sharing. However, existing schemes often incur significant computational overhead, hindering their large-scale deployment, especially on resource-constrained nodes. In this work, we propose a practical ABE scheme that simultaneously simplifies access policy structures and enhances overall efficiency. By introducing a weighted access policy, our scheme achieves rich expressiveness while maintaining a compact logic structure, offering enhanced flexibility through the redefinability of attribute weights. Notably, the proposed construction is pairing-free and yields small-size ciphertexts and private keys compared to traditional tree-based models. Security analysis demonstrates that our scheme is selectively secure against chosen-ciphertext attacks. Extensive simulation results show that encryption and decryption latency is reduced to nearly 10 ms when 20 attributes are involved, which is a typical requirement in cloud data sharing scenarios. This validates the efficiency of our scheme in resource-constrained environments. Full article

In cloud computing, ciphertext-policy attribute-based encryption (CP-ABE) is widely adopted for secure data storage and flexible fine-grained access control. For collaborative scenarios involving hierarchical file structures, file hierarchy CP-ABE (FH-CPABE) schemes have been proposed. However, existing file hierarchy CP-ABE schemes rely on computationally intensive bilinear pairing operations, resulting in high overhead. To address this issue, this paper proposes ECC-FH-CPABE, a lightweight and efficient file hierarchy CP-ABE scheme based on elliptic curve cryptography (ECC). By replacing bilinear pairings with scalar multiplication on elliptic curve points, our scheme achieves superior computational efficiency while reducing communication overhead. To ensure strong security while maintaining lightweight performance, this scheme introduces ECC-based data noise to resist user collusion attacks. In addition, ECC-FH-CPABE supports cross-domain data sharing with efficient batch operations, relieving performance bottlenecks. Security analysis proves that the scheme is secure against chosen-plaintext attacks. Extensive simulation results show that ECC-FH-CPABE significantly improves both computational efficiency and communication efficiency compared to existing schemes. Full article

TLS 1.3 is a crucial protocol for securing modern internet communications. To facilitate a smooth transition to post-quantum security, hybrid key exchange, which combines classical key exchange algorithms with post-quantum key encapsulation mechanisms (KEMs), is proposed to enhance the security of the current TLS 1.3 handshake. However, existing drafts and implementations of hybrid key exchange for TLS 1.3 primarily rely on CCA-secure KEMs (i.e., secure against chosen-ciphertext attacks) based on the Fujisaki-Okamoto (FO) transform. The re-encryption step in their decapsulation algorithms not only introduces additional performance overhead but also raises the risk of side-channel attacks. Although Huguenin-Dumittan and Vaudenay (Eurocrypt 2022) and Zhou et al. (Asiacrypt 2024) demonstrated that the weaker CPA-secure KEMs (i.e., secure against chosen-plaintext attacks) suffice for constructing a secure TLS 1.3 handshake, their analyses were limited to single-KEM settings and did not consider the hybrid key exchange scenario. This work challenges the necessity of CCA security by proving that CPA-secure KEMs are sufficient for the TLS 1.3 handshake even in the hybrid key exchange setting. We provide the first formal security proofs for this claim, covering both the classical random oracle model (ROM) and the quantum random oracle model (QROM), thereby ensuring security against quantum adversaries. To validate the practical benefits, we conduct an extensive performance evaluation based on the latest OpenSSL implementation. Our results show that using CPA-secure KEMs yields up to 44.8% performance improvement at the key exchange layer and up to approximately 9% acceleration for the full TLS 1.3 handshake. Beyond performance gains, this approach reduces the codebase’s attack surface by eliminating the re-encryption step, thereby mitigating a class of side-channel vulnerabilities. Our work positions CPA-secure KEMs as a secure, efficient, and practical alternative for standardizing and deploying post-quantum TLS 1.3 even with hybrid key exchange. Full article

Searchable Encryption (SE) schemes enable data users to securely search over outsourced encrypted data stored in the cloud. To support fine-grained access control, Attribute-Based Encryption with Keyword Search (ABKS) extends SE by associating access policies with user attributes. However, existing ABKS schemes often suffer from limited security and functionality, such as lack of verifiability, vulnerability to collusion, and insider keyword-guessing attacks (IKGA), or inefficiency in multi-authority and post-quantum settings, restricting their practical deployment in real-world distributed systems. In this paper, we propose a verifiable ciphertext-policy multi-authority ABKS (MA-CP-ABKS) scheme based on the Module Learning with Errors (MLWE) problem, which provides post-quantum security, verifiability, and resistance to both collusion and IKGA. Moreover, the proposed scheme supports multi-keyword searchability and forward security, enabling secure and efficient keyword search in dynamic environments. We formally prove the correctness, verifiability, completeness, and security of the scheme under the MLWE assumption against selective chosen-keyword attacks (SCKA) in the standard model and IKGA in the random oracle model. The scheme also maintains efficient computation and manageable communication overhead. Implementation results confirm its practical performance, demonstrating that the proposed MA-CP-ABKS scheme offers a secure, verifiable, and efficient solution for multi-organizational cloud environments. Full article

With the rapid development of the Internet of Medical Things (IoMT), the data generated and collected by various sensors and medical devices are gradually increasing. How to realize flexible, efficient, and secure data sharing while ensuring data confidentiality and patient privacy has become a critical research challenge. The traditional Public Key Infrastructure (PKI) must deal with the complicated certificate management problem. An identity-based cryptosystem has the inherent key-escrow risk. These concerns make them unsuitable for resource-constrained and dynamic IoMT environments. To address it, this paper introduces a cloud data sharing protocol for IoMT using a Certificateless Proxy Re-encryption (CL-PRE) scheme that integrates an efficient access-list-based user revocation mechanism. In our system, a patient’s data can be encrypted and securely stored in a semi-trusted third party like the cloud server. When the patient wants to grant the access to designated users, e.g., doctors or medical institutions, a delegated proxy server will re-encrypt the ciphertext to a new one, which is decryptable by the designators. The proxy server also learns nothing during the re-encryption process, so as to maintain the end-to-end confidentiality. As for the security, the authors formally prove that the proposed CL-PRE mechanism for IoMT achieves Type-I and Type-II indistinguishability against adaptive chosen-identity and chosen-ciphertext attacks (IND-PrID-CCA) under the Decisional Bilinear Diffie–Hellman (DBDH) assumption. Moreover, the functional and computational comparisons with previous studies reveal the qualitative advantage of simultaneously achieving certificateless properties and user revocation, and the quantitative advantage of an optimized encryption cost (requiring only one bilinear pairing and two scalar multiplications), making it a theoretically efficient solution for resource-constrained IoMT devices. Full article

The rapid growth of smart healthcare improves medical efficiency through electronic data sharing but introduces security risks like privacy leaks and data tampering. However, existing ciphertext-policy attribute-based encryption faces challenges such as single points of failure, weak authentication, and inadequate integrity protection, hindering secure, efficient medical data sharing. Therefore, we propose LDDV, a lightweight decentralized medical data sharing scheme with dual verification. LDDV constructs a lightweight multi-authority collaborative key management architecture based on elliptic curve cryptography, which eliminates the risk of single point of failure and balances reliability and efficiency. Meanwhile, a lightweight dual verification mechanism based on elliptic curve digital signature provides identity authentication and data integrity verification. Security analysis and experimental results show that LDDV achieves 28–42% faster decryption speeds compared to existing schemes and resists specific threats such as chosen plaintext attacks. Full article

The rapid development of Internet technology, while providing convenient services for users, has also aroused deep concern among the public about the issue of privacy leakage during image data transmission. To address this situation, this article proposes a color image encryption algorithm based on RNA extended dynamic coding and quantum chaos (CIEA-RQ). This algorithm significantly improves the ability of the system to withstand cryptographic attacks by introducing RNA extended dynamic encoding with 384 encoding rules. The employed quantum chaotic map improves the randomness of chaotic sequences and increases the key space. First, the algorithm decomposes the plaintext image into bit planes and obtains two parts, high 4-bit and low 4-bit planes, based on different weights of information. Then, the high 4-bit planes are partitioned into blocks and scrambled, and the scrambled planes are confused using RNA extended coding rules. Meanwhile, the low 4-bit planes employ a lightweight XOR operation to improve encryption efficiency. Finally, the algorithm performs cross-iterative diffusion on the processed high 4-bit and low 4-bit planes and then synthesizes a color ciphertext image. Experimental simulations and security assessments demonstrate the superior numerical statistical outcomes of the CIEA-RQ. According to the criteria of cryptanalysis, it can effectively resist known-plaintext attacks and chosen-plaintext attacks. Therefore, the CIEA-RQ presented in this article serves as an efficient digital image privacy safeguard technique, promising extensive applications in image secure transmission for the upcoming generation of networks. Full article

As medical technology develops and digital demands grow, personal health records (PHRs) are becoming more patient-centered than before based on cloud-based health information exchanges. While enhancing data accessibility and sharing, these systems present privacy and security issues, including data breaches and unauthorized access. We developed a post-quantum, group-oriented encryption scheme using the Crystal-Kyber Key encapsulation mechanism (KEM). Leveraging lattice-based post-quantum cryptography, this scheme ensures quantum resilience and chosen ciphertext attack security for layered cloud PHR environments. It supports four encryption modes: individual, group, subgroup-specific, and authorized subgroup decryption, meeting diverse data access needs. With efficient key management requiring only one private key per user, the developed scheme strengthens the privacy and security of PHRs in a future-proof, flexible, and scalable manner. Full article

The rapid development of network communication technology has led to an increased focus on the security of image storage and transmission in multimedia information. This paper proposes an enhanced image security communication scheme based on Fibonacci interleaved diffusion and non-degenerate chaotic system to address the inadequacy of current image encryption technology. The scheme utilizes a hash function to extract the hash characteristic values of the plaintext image, generating initial perturbation keys to drive the chaotic system to generate initial pseudo-random sequences. Subsequently, the input image is subjected to a light scrambling process at the bit level. The Q matrix generated by the Fibonacci sequence is then employed to diffuse the obtained intermediate cipher image. The final ciphertext image is then generated by random direction confusion. Throughout the encryption process, plaintext correlation mechanisms are employed. Consequently, due to the feedback loop of the plaintext, this algorithm is capable of resisting known-plaintext attacks and chosen-plaintext attacks. Theoretical analysis and empirical results demonstrate that the algorithm fulfils the cryptographic requirements of confusion, diffusion, and avalanche effects, while also exhibiting a robust password space and excellent numerical statistical properties. Consequently, the security enhancement mechanism based on Fibonacci interleaved diffusion and non-degenerate chaotic system proposed in this paper effectively enhances the algorithm’s resistance to cryptographic attacks. Full article

With the widespread deployment of video surveillance systems, effective access control is essential to enhance the accuracy and security of video anomaly detection. This paper proposes a Searchable and Revocable Attribute-Based Encryption scheme (ABE-RS) that is specifically designed for dynamic video anomaly detection scenarios. By integrating a user management tree structure, attribute-based key distribution, and keyword grouping techniques, the proposed scheme enables efficient user-level revocation along with dynamic updates to ciphertexts and keyword indexes. Furthermore, an inverted index structure is introduced to accelerate keyword search, facilitating the rapid detection and retrieval of anomalous video events. Formal security analysis demonstrates that the scheme is secure against chosen plaintext attacks (CPAs) and chosen keyword attacks (CKAs). The experimental results demonstrate that the scheme maintains millisecond-level revocation efficiency in methodology involving 512 users and either 50 attributes or a thousand keywords. Full article

This study presents a decentralised ciphertext-policy attribute-based encryption (CP-ABE) scheme designed for secure and efficient access control in resource-constrained Internet-of-Things (IoT) environments. By utilising multi-authority architecture and outsourced computation, the scheme enhances scalability, simplifies key management by eliminating reliance on a certificate authority (CA), and ensures data confidentiality through randomised proxy keys. It is particularly suited for multi-scenario IoT applications involving information sharing, such as smart cities or industrial automation in strategic alliances or conglomerates. Demonstrating security against chosen-plaintext attacks under the decisional bilinear Diffie–Hellman assumption, the scheme offers a practical and scalable solution for decentralised access control. Full article

With the increasing emphasis on safeguarding maritime sovereignty and developing marine resources, the security of underwater acoustic communication has risen to a new level of importance. Given the complex environmental challenges faced by underwater acoustic channels, this paper proposes an NTRU-based key encapsulation scheme designed to ensure secure and reliable underwater data transmission, while maintaining privacy and integrity. In the public–private key pair generation phase, a ring sampling technique is employed to generate a compact NTRU trapdoor, which not only guarantees security but also effectively reduces the communication overhead. During the encapsulation phase, underwater acoustic channel characteristics during communication are introduced as temporary identity information to ensure the confidentiality and reliability of the key encapsulation mechanism. Furthermore, the traditional key encapsulation mechanism is extended by integrating a digital signature process, where the encapsulated ciphertext is signed. The use of digital signature technology verifies the authenticity and integrity of the transmitted data, ensuring that communication data remain secure and unaltered in complex underwater acoustic environments. Finally, we conduct a rigorous correctness analysis and security proofs, demonstrating that the proposed scheme achieves chosen ciphertext security, while meeting the demands of low bandwidth and limited computational capacity in underwater acoustic communication. Full article