Search Results (230)

Wireless Medical Sensor Networks (WMSNs) collect and transmit patients’ physiological data in real time through various sensors, playing an increasingly important role in intelligent healthcare. Authentication protocols in WMSNs ensure that users can securely access real-time data from sensor nodes. Although many researchers have proposed authentication schemes to resist common attacks, insufficient attention has been paid to insider attacks and ephemeral secret leakage (ESL) attacks. Moreover, existing adversary models still have limitations in accurately characterizing an attacker’s capabilities. To address these issues, this paper extends the traditional adversary model to better reflect practical deployment scenarios, assuming a semi-trusted server and allowing adversaries to obtain users’ temporary secrets. Based on this enhanced model, we design an efficient ECC-based authentication and key agreement protocol that ensures the confidentiality of users’ passwords, biometric data, and long-term private keys during the registration phase, thereby mitigating insider threats. The proposed protocol combines anonymous authentication and elliptic curve cryptography (ECC) key exchange to satisfy security requirements. Performance analysis demonstrates that the proposed protocol achieves lower computational and communication costs compared with existing schemes. Furthermore, the protocol’s security is formally proven under the Random Oracle (ROR) model and verified using the ProVerif tool, confirming its security and reliability. Therefore, the proposed protocol can be effectively applied to secure data transmission and user authentication in wireless medical sensor networks and other IoT environments. Full article

Location-based services (LBSs), which are used for navigation, tracking, and mapping across digital devices and social platforms, establish a user’s position and deliver tailored experiences. Collecting and sharing such trajectory datasets with analysts for business purposes raises critical privacy concerns, as both symmetry in recurring behavior mobility patterns and asymmetry in irregular movement mobility patterns in sensitive locations collectively expose highly identifiable information, resulting in re-identification risks, trajectory disclosure, and location inference. In response, several privacy preservation models have been proposed, including k-anonymity, l-diversity, t-closeness, LKC-privacy, differential privacy, and location-based approaches. However, these models still exhibit privacy issues, including sensitive location inference (e.g., hospitals, pawnshops, prisons, safe houses), disclosure from duplicate trajectories revealing sensitive places, and the re-identification of unique locations such as homes, condominiums, and offices. Efforts to address these issues often lead to utility loss and computational complexity. To overcome these limitations, we propose a new ($\xi$, $ϵ$)-privacy model that combines data generalization and suppression with sliding windows and R-Tree structures, where sliding windows partition large trajectory graphs into simplified subgraphs, R-Trees provide hierarchical indexing for spatial generalization, and suppression removes highly identifiable locations. The model addresses both symmetry and asymmetry in mobility patterns by balancing generalization and suppression to protect privacy while maintaining data utility. Symmetry-driven mechanisms that enhance resistance to inference attacks and support data confidentiality, integrity, and availability are core requirements of cryptography and information security. An experimental evaluation on the City80k and Metro100k datasets confirms that the ($\xi$, $ϵ$)-privacy model addresses privacy issues with reduced utility loss and efficient scalability, while validating robustness through relative error across query types in diverse analytical scenarios. The findings provide evidence of the model’s practicality for large-scale location data, confirming its relevance to secure computation, data protection, and information security applications. Full article

Blockchain-based cold chain logistics (BCCL) systems establish a new logistics data-sharing mechanism with blockchain technology, which destroys the traditional data island problem and promotes cross-institutional data interoperability. However, security vulnerabilities, risks of data loss, exposure of private information, and particularly the emergence of quantum-based attacks pose heightened threats to the existing BCCL framework. This paper first introduces a transaction privacy preserving (TPP) model for BCCLS that aggregates the blockchain and ring signcryption scheme together to strengthen the security of the data exchange process. Then, a lattice-based ring signcryption (LRSC) scheme is proposed. This LRSC utilizes the lattice assumption to enhance resistance against quantum attacks while employing ring mechanisms to safeguard the anonymity and privacy of the actual signer. It also executes signature and encryption algorithms simultaneously to improve algorithm execution efficiency. Moreover, the formal security proof results show that this LRSC can capture the signer’s confidentiality and unforgeability. Experimental findings indicate that the LRSC scheme achieves higher efficiency compared with comparable approaches. The proposed TPP model and LRSC scheme effectively facilitate cross-institutional logistics data exchange and enhance the utilization of logistics information via the BCCL system. Full article

The integration of Internet of Things (IoT) technologies into public healthcare enables continuous monitoring and sustainable health management. However, conventional frameworks often depend on transmitting and storing raw personal data on centralized servers, posing challenges related to privacy, security, ethical compliance, and long-term sustainability. This study proposes a privacy-preserving framework that avoids the exposure of true health-related data. Sensor nodes encrypt collected measurements and collaborate with a secure computation core to evaluate health indicators under homomorphic encryption, maintaining confidentiality. For example, the system can determine whether a patient’s heart rate within a monitoring window falls inside clinically recommended thresholds, while the framework remains general enough to support a wide range of encrypted computations. A compliance verification client generates zero-knowledge range proofs, allowing external parties to verify whether health indicators meet predefined conditions without accessing actual values. Simulation results confirm the correctness of encrypted computation, controllability of threshold-based compliance judgments, and resistance to inference attacks. The proposed framework provides a practical solution for secure, auditable, and sustainable real-time health assessment in IoT-enabled public healthcare systems. Full article

Current systems for exchanging medical records struggle with efficiency and privacy issues. While establishing the Electronic Medical Record Exchange Center (EEC) in 2012 was intended to alleviate these issues, its centralized structure has brought about new attack vectors, such as performance bottlenecks, single points of failure, and an absence of patient consent over their data. Methods: This paper describes a novel EMR Gateway system that uses blockchain technology to exchange electronic medical records electronically, overcome the limitations of current centralized systems for sharing EMR, and leverage decentralization to enhance resilience, data privacy, and patient autonomy. Our proposed system is built on two interconnected blockchains: a Decentralized Identity Blockchain (DID-Chain) based on Ethereum for managing user identities via smart contracts, and an Electronic Medical Record Blockchain (EMR-Chain) implemented on Hyperledger Fabric to handle medical record indexes and fine-grained access control. To address the dual requirements of cross-platform data exchange and patient privacy, the system was developed based on the Fast Healthcare Interoperability Resources (FHIR) standard, incorporating stringent de-identification protocols. Our system is built using the FHIR standard. Think of it as a common language that lets different healthcare systems talk to each other without confusion. Plus, we are very serious about patient privacy and remove all personal details from the data to keep it confidential. When we tested its performance, the system handled things well. It can take in about 40 transactions every second and pull out data faster, at around 49 per second. To give you some perspective, this is far more than what the average hospital in Taiwan dealt with back in 2018. This shows our system is very solid and more than ready to handle even bigger workloads in the future. Full article

As quantum computing advances, traditional digital forensic techniques face significant risks due to the vulnerability of classical cryptographic algorithms to quantum attacks. This review explores the emerging field of quantum digital forensics, with a particular focus on the role of quantum entanglement in enhancing the integrity, authenticity, and confidentiality of digital evidence. It compares classical and quantum forensic mechanisms, examines entanglement-based quantum key distribution (QKD), quantum hash functions, and quantum digital signatures (QDS), and discusses the challenges in practical implementation, such as scalability, hardware limitations, and legal admissibility. The paper also reviews various entanglement detection methods critical to the validation of quantum states used in forensic processes. Full article

The Internet of Things (IoT) has surfaced as a revolutionary technology, enabling ubiquitous connectivity between devices and revolutionizing traditional lifestyles through smart automation. As IoT systems proliferate, securing device-to-device communication and server–client data exchange has become crucial. This paper presents a novel security framework that integrates elliptic curve cryptography (ECC) with artificial neural networks (ANNs) to enhance the Message Queuing Telemetry Transport (MQTT) protocol. Our study evaluated multiple machine learning algorithms, with ANN demonstrating superior performance in anomaly detection and classification. The hybrid approach not only encrypts communications but also employs the optimized ANN model to detect and classify anomalous traffic patterns. The proposed model demonstrates robust security features, successfully identifying and categorizing various attack types with 90.38% accuracy while maintaining message confidentiality through ECC encryption. Notably, this framework retains the lightweight characteristics essential for IoT devices, making it especially relevant for environments where resources are constrained. To our knowledge, this represents the first implementation of an integrated ECC-ANN approach for securing MQTT-based IoT communications, offering a promising solution for next-generation IoT security requirements. Full article

The smart grid (SG) plays a seminal role in the modern energy landscape by integrating digital technologies, the Internet of Things (IoT), and Advanced Metering Infrastructure (AMI) to enable bidirectional energy flow, real-time monitoring, and enhanced operational efficiency. However, these advancements also introduce critical challenges related to data privacy, cybersecurity, and operational balance. This review critically evaluates SG systems, beginning with an analysis of data privacy vulnerabilities, including Man-in-the-Middle (MITM), Denial-of-Service (DoS), and replay attacks, as well as insider threats, exemplified by incidents such as the 2023 Hydro-Québec cyberattack and the 2024 blackout in Spain. The review further details the SG architecture and its key components, including smart meters (SMs), control centers (CCs), aggregators, smart appliances, and renewable energy sources (RESs), while emphasizing essential security requirements such as confidentiality, integrity, availability, secure storage, and scalability. Various privacy preservation techniques are discussed, including cryptographic tools like Homomorphic Encryption, Zero-Knowledge Proofs, and Secure Multiparty Computation, anonymization and aggregation methods such as differential privacy and k-Anonymity, as well as blockchain-based approaches and machine learning solutions. Additionally, the review examines pricing models and their resolution strategies, Demand–Supply Balance Programs (DSBPs) utilizing optimization, game-theoretic, and AI-based approaches, and energy storage systems (ESSs) encompassing lead–acid, lithium-ion, sodium-sulfur, and sodium-ion batteries, highlighting their respective advantages and limitations. By synthesizing these findings, the review identifies existing research gaps and provides guidance for future studies aimed at advancing secure, efficient, and sustainable smart grid implementations. Full article

This paper examines the properties of classical secret sharing schemes used in information protection systems, including the protection of valuable and confidential data. It addresses issues such as implementation complexity, limited flexibility, vulnerability to new types of attacks, the requirements for such schemes, and analyzes existing approaches to their solutions. A new secret sharing scheme is proposed as a potential solution to these challenges. The developed scheme is based on multivariable functions. The shares distributed among participants represent the values of these functions. Secret reconstruction is reduced to solving a system of linear equations composed of such functions. The structure and mathematical foundation of the scheme are presented, along with an analysis of its properties. A key feature of the proposed scheme is the incorporation of functions aimed at authenticating participants and verifying the integrity of the distributed shares. The paper also provides a cryptanalysis of the scheme, evaluates its resistance to various types of attacks, and discusses the results obtained. Thus, this work contributes to the advancement of information security methods by offering a modern and reliable solution for the secure storage and joint use of secret data. Full article

Traditional encryption prioritises confidentiality but complicates search operations, requiring decryption before searches can be conducted. The public key encryption with keyword search (PEKS) scheme addresses this limitation by enabling authorised users to search for specific keywords within encrypted data without compromising the underlying encryption. This facilitates efficient and secure data retrieval without the need to decrypt the entire dataset. However, PEKS is susceptible to the keyword guessing attack (KGA), exploiting the deterministic nature of the PEKS trapdoor so that the adversary can correctly guess the keyword encrypted in a trapdoor. To enhance PEKS security to counter a KGA, various schemes have been proposed. A notable one is public key authenticated encryption with keyword search (PAEKS). PAEKS combines authentication and encryption with keyword-based search functionalities, ensuring data source authentication, encrypted information security, and keyword-based searches. However, many existing PAEKS schemes rely on computationally exhaustive bilinear pairing. In this paper, we propose a PAEKS scheme based on k-resilient identity-based encryption without bilinear pairing. By using the provable security approach, we show that our proposed PAEKS scheme satisfies both ciphertext privacy and trapdoor privacy. We present a comparison of the computation cost of our proposed PAEKS scheme with the existing PAEKS schemes and highlight its efficiency, particularly in the $\mathsf{Test}$ algorithm, where it achieves the fastest execution time. By performing experiments using the real-world Enron Email dataset, we show that the proposed scheme is efficient. Full article

Cyberattacks include Structured Query Language Injection (SQLi), which represents threats at the level of web applications that interact with the database. These attacks are carried out by executing SQL commands, which compromise the integrity and confidentiality of the data. In this paper, a machine learning (ML)-based model is proposed for identifying SQLi attacks. The authors propose a two-stage personalized software processing pipeline as a novel element. Although individual techniques are known, their structured combination and application in this context represent a novel approach to transforming raw SQL queries into input features for an ML model. In this research, a dataset consisting of 90,000 SQL queries was constructed, comprising 17,695 legitimate and 72,304 malicious queries. The dataset consists of synthetic data generated using the GPT-4o model and data from a publicly available dataset. These were processed within a pipeline proposed by the authors, consisting of two stages: syntactic normalization and the extraction of the eight semantic features for model training. Also, within the research, several ML models were analyzed using the Azure Machine Learning Studio platform. These models were paired with different sampling algorithms for selecting the training set and the validation set. Out of the 15 training-sampling algorithm combinations, the Voting Ensemble model achieved the best performance. It achieved an accuracy of 96.86%, a weighted AUC of 98.25%, a weighted F1-score of 96.77%, a weighted precision of 96.92%, and a Matthews correlation coefficient of 89.89%. These values demonstrate the model’s ability to classify queries as legitimate or malicious. The attack identification rate was only 15 malicious queries missed out of a total of 7200, and the number of false alarms was 211 cases. The results confirm the possibility of integrating this algorithm into an additional security layer within an existing web application architecture. In practice, the authors suggest adding an extra layer of security using synthetic data. Full article

Industrial Wireless Sensor Networks (IWSNs) play a critical role in Industry 4.0 environments, enabling real-time monitoring and control of industrial processes. However, existing lightweight authentication protocols for IWSNs remain vulnerable to sophisticated security attacks because of inadequate initial authentication phases. This study presents a security analysis of Gope et al.’s PUF-based authentication protocol for IWSNs and identifies critical vulnerabilities that enable man-in-the-middle (MITM) and denial-of-service (DoS) attacks. We demonstrate that Gope et al.’s protocol is susceptible to MITM attacks during both authentication and Secure Periodical Data Collection (SPDC), allowing adversaries to derive session keys and compromise communication confidentiality. Our analysis reveals that the sensor registration phase of the protocol lacks proper authentication mechanisms, enabling attackers to perform unauthorized PUF queries and subsequently mount successful attacks. To address these vulnerabilities, we propose an enhanced authentication scheme that introduces a sensor-initiated registration process. In our improved protocol, sensor nodes generate and control PUF challenges rather than passively responding to gateway requests. This modification prevents unauthorized PUF queries while preserving the lightweight characteristics essential for resource-constrained IWSN deployments. Security analysis demonstrates that our enhanced scheme effectively mitigates the identified MITM and DoS attacks without introducing significant computational or communication overhead. The proposed modifications maintain compatibility with the existing IWSN infrastructure while strengthening the overall security posture. Comparative analysis shows that our solution addresses the security weaknesses of the original protocol while preserving its practical advantages for industrial use. The enhanced protocol provides a practical and secure solution for real-time data access in IWSNs, making it suitable for deployment in mission-critical industrial environments where both security and efficiency are paramount. Full article

With the explosive growth of Internet of Things (IoT) devices, massive amounts of heterogeneous data are continuously generated. However, IoT data transactions and sharing face multiple challenges such as limited device resources, untrustworthy network environment, highly sensitive user privacy, and serious data silos. How to achieve fine-grained access control and privacy protection for massive devices while ensuring secure and reliable data circulation has become a key issue that needs to be urgently addressed in the current IoT field. To address the above challenges, this paper proposes a blockchain-based data transaction and privacy protection framework. First, the framework builds a multi-layer security architecture that integrates blockchain and IPFS and adapts to the “end–edge–cloud” collaborative characteristics of IoT. Secondly, a data sharing mechanism that takes into account both access control and interest balance is designed. On the one hand, the mechanism uses attribute-based encryption (ABE) technology to achieve dynamic and fine-grained access control for massive heterogeneous IoT devices; on the other hand, it introduces a game theory-driven dynamic pricing model to effectively balance the interests of both data supply and demand. Finally, in response to the needs of confidential analysis of IoT data, a secure computing scheme based on CKKS fully homomorphic encryption is proposed, which supports efficient statistical analysis of encrypted sensor data without leaking privacy. Security analysis and experimental results show that this scheme is secure under standard cryptographic assumptions and can effectively resist common attacks in the IoT environment. Prototype system testing verifies the functional completeness and performance feasibility of the scheme, providing a complete and effective technical solution to address the challenges of data integrity, verifiable transactions, and fine-grained access control, while mitigating the reliance on a trusted central authority in IoT data sharing. Full article

Voice biometric systems play a critical role in numerous security applications, including electronic device authentication, banking transaction verification, and confidential communications. Despite their widespread utility, these systems are increasingly targeted by sophisticated spoofing attacks that leverage advanced artificial intelligence techniques to generate realistic synthetic speech. Addressing the vulnerabilities inherent to voice-based authentication systems has thus become both urgent and essential. This study proposes a novel experimental analysis that extensively explores various dimensionality reduction strategies in conjunction with supervised machine learning models to effectively identify spoofed voice signals. Our framework involves extracting multicepstral features followed by the application of diverse dimensionality reduction methods, such as Principal Component Analysis (PCA), Truncated Singular Value Decomposition (SVD), statistical feature selection (ANOVA F-value, Mutual Information), Recursive Feature Elimination (RFE), regularization-based LASSO selection, Random Forest feature importance, and Permutation Importance techniques. Empirical evaluation using the ASVSpoof 2017 v2.0 dataset measures the classification performance with the Equal Error Rate (EER) metric, achieving values of approximately 10%. Our comparative analysis demonstrates significant performance gains when dimensionality reduction methods are applied, underscoring their value in enhancing the security and effectiveness of voice biometric verification systems against emerging spoofing threats. Full article

To ensure confidentiality and integrity in the era of quantum computing, most post-quantum cryptographic schemes are designed to achieve either encryption or digital signature functionalities separately. Although a few signcryption schemes exist that combine these operations into a single, more efficient process, they typically rely on complex vector, matrix, or polynomial-based structures. In this work, a novel post-quantum public-key encryption and signature (PQES) scheme based entirely on scalar integer operations is presented. The proposed scheme employs a simplified structure where the ciphertext, keys, and core cryptographic operations are defined over scalar integers modulo n, significantly reducing computational and memory overhead. By avoiding high-dimensional lattices or ring-based constructions, the PQES approach enhances implementability on constrained devices while maintaining strong security properties. The design is inspired by modified learning-with-errors (LWE) assumptions, adapted to scalar settings, making it suitable for post-quantum applications. Security and performance evaluations, achieving a signcryption time of 0.0007 s and an unsigncryption time of 0.0011 s, demonstrate that the scheme achieves a practical balance between efficiency and resistance to quantum attacks. Full article