Search Results (252)

Intel Software Guard Extensions (SGX) have been widely studied and adopted in privacy-preserving information systems to enhance the security and privacy guarantees of sensitive data computation. By constructing a protected enclave within the processor, SGX provides hardware-enforced confidentiality and integrity for sensitive data and critical code. Nevertheless, due to inevitable interactions between trusted enclaves and untrusted host environments, SGX applications remain vulnerable to memory corruption attacks. Existing detection techniques exhibit fundamental limitations, including the lack of systematic induction of SGX-specific memory corruption behaviors, the absence of fine-grained parameter-level taint modeling during call-chain construction, and relatively inefficient call-chain exploration strategies over large search spaces. To address these issues, we propose ParaTaintGX, an analysis framework that integrates parameter-level taint states into vulnerability detection. ParaTaintGX constructs fine-grained call-chain nodes that capture both functions and the taint states of their parameters. It further introduces a Multi-node Heuristic Priority Search Algorithm to guide call-chain exploration. In addition, a backtracking-based pruning strategy is applied during path analysis to efficiently identify memory corruption vulnerabilities. Our evaluation demonstrates that ParaTaintGX discovers 12 vulnerabilities across 10 open-source SGX projects, outperforming the best baseline tool by two vulnerabilities. It achieves 19.35% precision, surpassing the most precise existing tool by 8.37 percentage points. These results highlight its superior detection capability and precision. Full article

This article presents a novel framework for encrypting color images to enhance digital data security using deep learning and artificial intelligence techniques. The system employs a two-model neural architecture: the first, a Convolutional Neural Network (CNN), verifies sender authenticity during user authentication, while the second extracts unique fingerprint features. These features are converted into high-entropy encryption keys using Particle Swarm Optimization (PSO), minimizing key similarity and ensuring that no key is reused or transmitted. Keys are generated in real time simultaneously at both the sender and receiver ends, preventing interception or leakage and providing maximum confidentiality. Encrypted images are secured using the Advanced Encryption Standard (AES-256) with keys uniquely bound to each user’s biometric identity, ensuring personalized privacy. Evaluation using security and encryption metrics yielded strong results: entropy of 7.9991, correlation coefficient below 0.00001, NPCR of 99.66%, UACI of 33.9069%, and key space of 2²⁵⁶. Although the final encryption employs an AES-256 key (key space of 2²⁵⁶), this key is derived from a much larger deep-key space of 2⁸¹⁹² generated by multi-layer neural feature extraction and optimized via PSO, thereby significantly enhancing the overall cryptographic strength. The system also demonstrated robustness against common attacks, including noise and cropping, while maintaining recoverable original content. Furthermore, the neural models achieved classification accuracy exceeding 99.83% with an error rate below 0.05%, confirming the framework’s reliability and practical applicability. This approach provides a secure, dynamic, and efficient image encryption paradigm, combining biometric authentication and AI-based feature extraction for advanced cybersecurity applications. Full article

Background: Blockchain technology has emerged as a transformative communication solution for securing distributed systems. However, several vulnerabilities exist during transactions, including latency and network congestion issues during mempool processing, topology weaknesses, cross-chain bridge exploits, and cryptographic weaknesses. These vulnerabilities have led to attacks that have threatened system integrity, including Block Extractable Value (BEV) attacks, Maximal Extractable Value (MEV) attacks, sandwich attacks, liquidation, and Decentralized Finance (DeFi) reordering attacks, among others. Thus, implementing a robust security framework based on the Confidentiality, Integrity, and Availability (CIA) triad remains critical for addressing modern blockchain technology threats. Objective: This paper examines blockchain technology, its various vulnerabilities, and attacks to determine how criminals exploit the system during transactions. Further, it evaluates its impact on users. Then, implement a blockchain attack in a “MasterChain” virtual environment to demonstrate how vulnerable spots can be practically exploited and discuss the application of the CIA security triad through modern cryptographic primitives. Methods: The approach considers Hevner’s design science framework, which emphasizes creating innovative artifacts that address identified problems while contributing to the knowledge base through rigorous evaluation. Furthermore, we developed a MasterChain tool using Python with Flask for distributed node communication, utilizing the Elliptic Curve Digital Signature Algorithm (ECDSA) with the Standards for Efficient Cryptography Prime 256-bit Koblitz curve 1 (secp256k1) for digital signatures and Secure Hash Algorithm 3 (SHA-3) (Keccak-256) hashing for block integrity. Results: show how the CIA has been implemented to provide secure communication through ECDSA-based transactions, SHA-3 chain integrity verification, and a multi-node distributed architecture, respectively. The performance analysis shows that ECDSA provides 256-bit security with 64-byte signatures compared to 2048-bit Rivest–Shamir–Adleman (RSA)’s 256-byte signatures, achieving a 75% reduction in bandwidth overhead. SHA-3 provides immunity to length extension attacks while maintaining equivalent collision resistance to SHA-256. Conclusions: The MasterChain framework provides a practical foundation for implementing blockchain security that addresses both classical and emerging vulnerabilities. The adoption of ECDSA and SHA-3 (Keccak-256) positions the system favourably for modern blockchain applications, while providing insights into the cryptographic trade-offs between performance, security, and compatibility. Full article

Deepfake technology can produce highly realistic manipulated media which pose as significant cybersecurity threats, including fraud, misinformation, and privacy violations. This research proposes a deepfake prevention approach based on symmetric and asymmetric ciphers. Post-quantum asymmetric ciphers were utilized to perform digital signature operations, which offer essential security services, including integrity, authentication, and non-repudiation. Symmetric ciphers were also employed to provide confidentiality and authentication. Unlike classical ciphers that are vulnerable to quantum attacks, this study adopts quantum-resilient ciphers to offer long-term security. The proposed approach enables entities to digitally sign media content before public release on other platforms. End users can subsequently verify the authenticity of content using the public keys of the media creators. To identify the most efficient ciphers to perform cryptography operations required for deepfake prevention, the study explores the implementation of quantum-resilient symmetric and asymmetric ciphers standardized by NIST, including Dilithium, Falcon, SPHINCS+, and Ascon-80pq. Additionally, this research provides comprehensive comparisons between the various classical and post-quantum ciphers in both categories: symmetric and asymmetric. Experimental results revealed that Dilithium-5 and Falcon-512 algorithms outperform other post-quantum ciphers, with a time delay of 2.50 and 251 ms, respectively, for digital signature operations. The Falcon-512 algorithm also demonstrates superior resource efficiency, making it a cost-effective choice for digital signature operations. With respect to symmetric ciphers, Ascon-80pq achieved the lowest time consumption, taking just 0.015 ms to perform encryption and decryption operations. Also, it is a significant option for constrained devices, since it consumes fewer resources compared to standard symmetric ciphers, such as AES. Through comprehensive evaluations and comparisons of various symmetric and asymmetric ciphers, this study serves as a blueprint to identify the most efficient ciphers to perform the cryptography operations necessary for deepfake prevention. Full article

Quantum computing threatens the security foundations of global financial systems, exposing long-lived data and signed digital assets to “harvest-now, decrypt-later” attacks. While the timeline for cryptographically relevant quantum computers remains uncertain, regulatory signals from the USA, UK, EU, Canada, and Australia converge: financial institutions and payment infrastructures must begin migrating to post-quantum cryptography (PQC) now to preserve confidentiality, integrity, and systemic stability. This paper maps emerging standards and roadmaps, contrasting binding requirements like the EU’s DORA crypto-agility provisions with non-binding guidance from NIST, ENISA, and ETSI. Despite a shared intent to secure high-risk use cases by 2030–2031 and complete migration by 2035, divergences in enforcement and milestones create uncertainty for cross-border banks and financial market infrastructures. In parallel, technical adoption is advancing: major browsers, cryptographic libraries (OpenSSL/BoringSSL), and CDNs (e.g., AWS CloudFront) have deployed hybrid PQC key exchange in TLS 1.3, proving confidentiality defenses are viable at internet scale. The paper synthesizes historical transition lessons, sector-specific regulatory drivers, and operational constraints in payment infrastructures to derive a new, principle-based migration: crypto-agility, risk-prioritized scoping, hybrid deployment, vendor and supply-chain alignment, independent testing, and proactive supervisory engagement. Acting now reduces long-tail exposure and ensures readiness for imminent compliance and interoperability deadlines. Full article

The rapid digital transformation of healthcare has improved clinical efficiency, patient engagement, and data accessibility, but it has also introduced significant cyber security and data privacy challenges. Healthcare IT systems increasingly rely on interconnected networks, electronic health records (EHRs), tele-medicine platforms, cloud infrastructures, and Internet of Medical Things (IoMT) devices, which collectively expand the attack surface for cyber threats. This scoping review maps and synthesizes recent evidence on cyber security risks in healthcare, including ransomware, data breaches, insider threats, and vulnerabilities in legacy systems, and examines key data privacy concerns related to patient confidentiality, regulatory compliance, and secure data governance. We also review contemporary security strategies, including encryption, multi-factor authentication, zero-trust architecture, blockchain-based approaches, AI-enabled threat detection, and compliance frameworks such as HIPAA and GDPR. Persistent challenges include integrating robust security with clinical usability, protecting resource-limited hospital environments, and managing human factors such as staff awareness and policy adherence. Overall, the findings suggest that effective healthcare cyber security requires a multi-layered defense combining technical controls, continuous monitoring, governance and regulatory alignment, and sustained organizational commitment to security culture. Future research should prioritize adaptive security models, improved standardization, and privacy-preserving analytics to protect patient data in increasingly complex healthcare ecosystems. Full article

Unmanned Aerial Systems (UASs) are playing an increasingly critical role in both civilian and defense applications. However, their heavy reliance on unencrypted Global Navigation Satellite System (GNSS) signals, particularly GPS, makes them highly susceptible to signal spoofing attacks, posing severe operational and safety threats. This paper introduces a comprehensive, AI-driven multi-layer sensor framework that simultaneously enables real-time spoofing detection and secure command-and-control (C2) communication in lightweight UAS platforms. The proposed system enhances telemetry reliability through a refined preprocessing pipeline that includes a novel GPS Drift Index (GDI), robust statistical normalization, cluster-constrained oversampling, Kalman-based noise reduction, and quaternion filtering. These sensing layers improve anomaly separability under adversarial signal manipulation. On this enhanced feature space, a differentiable architecture search (DARTS) approach dynamically generates lightweight neural network architectures optimized for fast, onboard spoofing detection. For secure command and control, the framework integrates a low-latency cryptographic layer utilizing PRESENT-128 encryption and CMAC authentication, achieving confidentiality and integrity with only 1.79 ms latency and a 0.51 mJ energy cost. Extensive experimental evaluations demonstrate the framework’s outstanding detection accuracy (99.99%), near-perfect F1-score (0.999), and AUC (0.9999), validating its suitability for deployment in real-world, resource-constrained UAS environments. This research advances the field of AI-enabled sensor systems by offering a robust, scalable, and secure navigation framework for countering GPS spoofing in autonomous aerial vehicles. Full article

Wireless sensor networks comprise many resource-constrained nodes that must protect both local readings and routing metadata. The sensors collect data from the environment or from the individual to whom they are attached and transmit it to the nearest gateway node via a wireless network for further delivery to external users. Due to wireless communication, the transmitted messages may be intercepted, rerouted, or even modified by an attacker. Consequently, security and privacy issues are of utmost importance, and the nodes must be protected against unauthorized access during transmission over a public wireless channel. To address these issues, we propose the Probabilistic Bit-Similarity-Based Key Agreement Protocol (PBS-KAP). This novel method enables two nodes to iteratively converge on a shared secret key without transmitting it or relying on pre-installed keys. PBS-KAP enables two nodes to agree on a symmetric session key using probabilistic similarity alignment with explicit key confirmation (MAC). Optimized Garbled Circuits facilitate secure computation with minimal computational and communication overhead, while Secure Sketches combined with Fuzzy Extractors correct residual errors and amplify entropy, producing reliable and uniformly random session keys. The resulting protocol provides a balance between security, privacy, and usability, standing as a practical solution for real-world WSN and IoT applications without imposing excessive computational or communication burdens. Security relies on standard computational assumptions via a one-time elliptic–curve–based base Oblivious Transfer, followed by an IKNP Oblivious Transfer extension and a small garbled threshold circuit. No pre-deployed long-term keys are required. After the bootstrap, only symmetric operations are used. We analyze confidentiality in the semi-honest model. However, entity authentication, though feasible, requires an additional Authenticated Key Exchange step or malicious-secure OT/GC. Under the semi-honest OT/GC assumption, we prove session-key secrecy/indistinguishability; full entity authentication requires an additional AKE binding step or malicious-secure OT/GC. Full article

The Transport Layer Security (TLS) protocol is widely used nowadays to create secure communications over TCP/IP networks. Its purpose is to ensure confidentiality, authentication, and data integrity for messages exchanged between two endpoints. In order to facilitate its integration into widely used applications, the protocol is typically implemented through libraries, such as OpenSSL, BoringSSL, LibreSSL, WolfSSL, NSS, or mbedTLS. These libraries encompass functions that execute the specialized TLS handshake required for channel establishment, as well as the construction and processing of TLS records, and the procedures for closing the secure channel. However, these software libraries may contain vulnerabilities or errors that could potentially jeopardize the security of the TLS channel. To identify flaws or deviations from established standards within the implemented TLS code, a specialized tool known as TLS-Anvil can be utilized. This tool also verifies the compliance of TLS libraries with the specifications outlined in the Request for Comments documents published by the IETF. TLS-Anvil conducts numerous tests with a client/server configuration utilizing a specified TLS library and subsequently generates a report that details the number of successful tests. In this work, we exploit the results obtained from a selected subset of TLS-Anvil tests to generate rules used for anomaly detection in Suricata, a well-known signature-based Intrusion Detection System. During the tests, TLS-Anvil generates .pcap capture files that report all the messages exchanged. Such files can be subsequently analyzed with Wireshark, allowing for a detailed examination of the messages exchanged during the tests and a thorough understanding of their structure on a byte-by-byte basis. Through the analysis of the TLS handshake messages produced during testing, we develop customized Suricata rules aimed at detecting TLS anomalies that result from flawed implementations within the intercepted traffic. Furthermore, we describe the specific test environment established for the purpose of deriving and validating certain Suricata rules intended to identify anomalies in nodes utilizing a version of the OpenSSL library that does not conform to the TLS specification. The rules that delineate TLS deviations or potential attacks may subsequently be integrated into a threat detection platform supporting Suricata. This integration will enhance the capability to identify TLS anomalies arising from code that fails to adhere to the established specifications. Full article

With the rapid development of online aquatic product trading, traditional centralized platforms are facing increasing pressure in terms of data security, privacy protection, and trust. Problems such as tampering with transaction records, weak identity authentication, privacy leakage, and the difficulty of balancing matching efficiency with security limit the further development of these platforms. To address these issues, this paper proposes a blockchain-based identity authentication and access control scheme for online aquatic product trading. The scheme first introduces a dual authentication mechanism that combines a verifiable random function with a Schnorr-based zero-knowledge proof, providing strong decentralized identity verification and resistance to replay attacks. It then designs a dynamic access control strategy based on a multi-dimensional reputation model, which converts user behavior, attributes, and historical transaction performance into a comprehensive trust score used to determine fine-grained access rights. In addition, an AES-PEKS hybrid encryption method is employed to support encrypted keyword search and order matching while protecting the confidentiality of order data. This paper implements a multi-channel architecture for aquatic product trading prototype system on Hyperledger Fabric. This system separates registration, order processing, and reputation management into different channels to improve concurrency and enhance privacy protection. Security analysis shows that the proposed solution effectively defends against replay attacks, key leaks, data tampering, and privacy theft. Performance evaluation further demonstrates that, compared to a single-chain architecture, the multi-channel design, while increasing security mechanisms, maintains a stable throughput of approximately 223 tx/s even when concurrency reaches 600–800 tx/s, ensuring normal operation of the trading system. These results indicate that this solution provides a practical technical approach and system-level reference for building secure, reliable, and efficient online aquatic product trading platforms. Full article

This work studies the formation control problem of general linear multi-agent systems (MASs) under hybrid attacks that include man-in-the-middle attacks (MITM) and denial-of-service attacks (DoS). First, an improved Diffie–Hellman key exchange (DHKE)-based encryption–decryption mechanism is proposed. This mechanism combines the challenge–response mechanism and hash function, which can achieve identity authentication, detect MITM attacks and ensure the confidentiality and integrity of information. Second, considering that DoS attacks on different channels are independent, a division model for distributed DoS attacks is established, which can classify attacks into different patterns. Third, an edge-based event-triggered (ET) formation control scheme is proposed. This control method only relies on the information of neighbor agents, which not only saves communication resources but also resists distributed DoS attacks. Finally, sufficient conditions for the implementation of formation control for MASs under hybrid attacks are provided, and the effectiveness and advantages of the proposed strategy are verified by simulation. Full article

The rapid convergence of artificial intelligence (AI), cloud computing, and 5G communication has positioned extended reality (XR) as a core technology bridging the physical and virtual worlds. Encompassing virtual reality (VR), augmented reality (AR), and mixed reality (MR), XR has demonstrated transformative potential across sectors such as healthcare, industry, education, and defense. However, the compact architecture and limited computational capabilities of XR devices render conventional cryptographic authentication schemes inefficient, while the real-time transmission of biometric and positional data introduces significant privacy and security vulnerabilities. To overcome these challenges, this study introduces PXRA (PUF-based XR authentication), a lightweight and secure authentication and key distribution protocol optimized for cloud-assisted XR environments. PXRA utilizes a physically unclonable function (PUF) for device-level hardware authentication and offloads elliptic curve cryptography (ECC) operations to the cloud to enhance computational efficiency. Authenticated encryption with associated data (AEAD) ensures message confidentiality and integrity, while formal verification through ProVerif confirms the protocol’s robustness under the Dolev–Yao adversary model. Experimental results demonstrate that PXRA reduces device-side computational overhead by restricting XR terminals to lightweight PUF and hash functions, achieving an average authentication latency below 15 ms sufficient for real-time XR performance. Formal analysis verifies PXRA’s resistance to replay, impersonation, and key compromise attacks, while preserving user anonymity and session unlinkability. These findings establish the feasibility of integrating hardware-based PUF authentication with cloud-assisted cryptographic computation to enable secure, scalable, and real-time XR systems. The proposed framework lays a foundation for future XR applications in telemedicine, remote collaboration, and immersive education, where both performance and privacy preservation are paramount. Our contribution lies in a hybrid PUF–cloud ECC architecture, context-bound AEAD for session-splicing resistance, and a noise-resilient BCH-based fuzzy extractor supporting up to 15% BER. Full article

Cache-based side-channel attacks, specifically Flush+Reload and Prime+Probe, pose a critical threat to the confidentiality of AES-encrypted systems, particularly in shared resource environments such as Smart Agriculture IoT. While deep learning has shown promise in detecting these attacks, existing approaches based on Convolutional Neural Networks struggle with robustness when distinguishing between multiple attack vectors. In this paper, we propose a Transformer-based detection framework that leverages self-attention mechanisms to capture global temporal dependencies in cache timing traces. To overcome data scarcity issues, we constructed a comprehensive and balanced dataset comprising 10,000 timing traces. Experimental results demonstrate that while the baseline CNN model suffers a significant performance drop to 66.73% in mixed attack scenarios, our proposed Transformer model maintains a high classification accuracy of 94.00%. This performance gap represents a 27.27% absolute improvement, proving the proposed method effectively distinguishes between different attack types and benign system noise. We further integrate these findings into a visualization interface to facilitate real-time security monitoring. Full article

Electronic devices are now ubiquitous across both professional and personal domains, often containing sensitive information that should remain undisclosed to untrustworthy third parties. Consequently, there is an increased demand for effective security measures to prevent the leakage of confidential data. While some devices utilize mathematically secure algorithms to safeguard sensitive information, there remains a vulnerability to informational leaks through Side-Channel Attacks (SCAs) targeting hardware platforms. Non-profiled SCAs, including Correlation Power Analysis (CPA), are particularly practical since they require access only to the target device. In this study, we propose and investigate the use of Deep Learning (DL) techniques to enhance the effectiveness of non-profiled SCAs through an optimized Deep Learning Power Analysis (DLPA) algorithm. Optimized DLPA attacks are implemented using Multi-Layer Perceptron (MLP) and Convolutional Neural Network (CNN) models, and are applied to the PRIDE SBox-4 block across conventional CMOS-style circuits and secure Sense Amplifier-Based Logic (SABL) Dual Precharge Logic (DPL) structure circuits. Both FinFET and TFET device technologies are evaluated. The experimental results show that the optimized DLPA approach consistently outperforms traditional CPA attacks. The optimized DLPA method succeeds even against TFET-based SABL-DPL circuits, which are resistant to conventional techniques. These findings demonstrate the increased threat posed by DL-based SCAs and highlight the need for evaluating hardware security against advanced machine learning-based methods. Full article

The integration of the Internet of Things (IoT) and edge computing is transforming healthcare by enabling real-time acquisition, processing, and exchange of sensitive patient data close to the data source. However, the distributed nature of IoT-enabled smart healthcare systems exposes them to severe security and privacy risks during health information exchange (HIE). This study proposes an edge-enabled hybrid encryption framework that combines elliptic curve cryptography (ECC), HMAC-SHA256, and the Advanced Encryption Standard (AES) to ensure data confidentiality, integrity, and efficient computation in healthcare communication networks. The proposed model minimizes latency and reduces cloud dependency by executing encryption and verification at the network edge. It provides the first systematic comparison of hybrid encryption configurations for edge-based HIE, evaluating CPU usage, memory consumption, and scalability across varying data volumes. Experimental results demonstrate that the ECC + HMAC-SHA256 + AES configuration achieves high encryption efficiency and strong resistance to attacks while maintaining lightweight processing suitable for edge devices. This approach provides a scalable and secure solution for protecting sensitive health data in next-generation IoT-enabled smart healthcare systems. Full article