Search Results (310)

The explosive growth of the Internet of Things (IoT) has brought an array of resource-constrained devices to domains such as smart homes, industrial automation, and healthcare, raising substantial cybersecurity challenges. Lightweight wireless protocols, such as Thread, Zigbee, and Z-Wave, are integral to IoT connectivity, but the degree to which their embedded cryptographic mechanisms satisfy formal cybersecurity certification schemes remains underexplored. This work draws primarily on recent peer-reviewed publications and major conference proceedings to rigorously evaluate Thread, Zigbee, and Z-Wave against the Common Criteria (CC) Functional Requirements for Cryptography (FCS) as specified in CC:2022 and the EU cybersecurity certification scheme on Common Criteria (EUCC). The assessment focuses on essential CC cryptographic components, including key generation (FCS_CKM.1), secure key distribution (FCS_CKM.2), agreement protocols (FCS_CKM_EXT.7), cryptographic operations (FCS_COP.1), and random bit generators (FCS_RBG.1). The analysis reveals that Thread demonstrates the strongest alignment with CC requirements by leveraging Advanced Encryption Standard—Counter with CBC-MAC mode (AES-CCM) authenticated encryption and Elliptic Curve Diffie-Hellman (ECDH)-based key exchange within a decentralized trust framework. Zigbee matches this cryptographic strength at the primitive level, but its dependency on a centralized Trust Center for key management complicates full compliance with key lifecycle and distribution controls. Z-Wave, especially through its S2 Security framework, improves by incorporating authenticated ECDH exchanges, though proprietary constraints and limited protocol transparency remain obstacles to independent assurance. This comparative study concludes that while all three protocols provide a baseline of robust cryptographic security, only Thread currently aligns with CC and EUCC certification schemes. Zigbee and Z-Wave will require additional protocol hardening and enhancement of cryptographic key lifecycle management to achieve comparable assurance levels. Ensuring conformance with formal cybersecurity standards is imperative for building trust and resilience across critical IoT infrastructures. Full article

The Internet of Vehicles (IoV) is rapidly emerging as a core component of intelligent transportation systems, enabling real-time communication among vehicles, infrastructure, and cloud platforms. However, the increasing interconnectivity of vehicular systems and the advancement of quantum computing introduce significant security challenges to existing cryptographic mechanisms. Conventional schemes such as RSA and Elliptic Curve Cryptography (ECC) are vulnerable to quantum attacks and are computationally inefficient for resource-constrained vehicular environments. To address these limitations, this paper proposes a Double-Ring Hybrid Sparse NTRU (DRH-SNTRU) framework, a lightweight and quantum-resistant cryptographic scheme for secure IoV communication. The proposed framework introduces three key enhancements: (i) controlled-support sparse polynomial structures to reduce polynomial multiplication complexity while improving entropy distribution; (ii) a double-ring algebraic architecture that separates key operations from message processing to enhance structural security and minimize coefficient leakage; and (iii) hybrid ephemeral keys derived from contextual entropy to strengthen forward secrecy and adaptive security. An optional ciphertext evaluation mechanism is further incorporated to detect malformed and replayed ciphertexts prior to decryption. Security analysis demonstrates that the proposed framework achieves IND-CPA security under the hardness assumption of the NTRU lattice problem and can be extended to resist chosen-ciphertext attacks through the integrated validation mechanism. Experimental benchmarking across polynomial dimensions N = 512 to 8192 demonstrates that DRH-SNTRU achieves low setup overhead below 3 μs, efficient decryption latency of approximately 305.64 μs at N = 8192, and compact sparse private key representation of only 117 bytes at higher dimensions. Compared with Standard NTRUEncrypt, NTRU-HRSS, and Ring-LWE Encryption, the proposed framework demonstrates improved decryption efficiency, lightweight storage overhead, and enhanced ciphertext integrity protection while maintaining practical scalability for resource-constrained post-quantum IoV environments. Full article

The rapid growth of Internet of Things (IoT) applications over 5G networks demands secure, low-latency data transmission while operating under strict resource constraints. However, existing studies have relied on simulations or partial implementations that fail to capture real 5G features, thus producing overly optimistic elucidations of cryptographic performance. In addition, the absence of end-to-end validation across system layers introduces an opaque flow effect, where transparency lacks across the full transmission path. To address this gap, this paper presents a fully integrated end-to-end 5G IoT security framework that introduces a modified RC4-NL (nonlinear) algorithm to enhance the security of lightweight stream ciphers while preserving computational efficiency. Environmental sensor data is encrypted on a Raspberry Pi 4B and transmitted over a commercial 5G standalone network using a Quectel FG50V module to a Multi-access Edge-Computing (MEC) server. A web-based dashboard built with FastAPI, accessed securely through an Ngrok tunnel, performs real-time decryption and visualization on 5G-connected mobile devices. This architecture eliminates the opaque flow effect and enables realistic performance evaluation, thereby avoiding the optimistic elucidations observed in simulation-based studies. This work experimentally evaluates cryptographic algorithms named Ascon, ChaCha20, AES, standard RC4, and the proposed RC4-NL under the same conditions. Experimental findings indicate that modified RC4-NL achieved an encryption time of 977 µs, a decryption time of 456 µs, and provides a lower power consumption of 0.40 watts, thus giving a proper trade-off between efficiency and enhanced security compared to standard RC4. Full article

Encryption protects data in the cloud but adds energy cost, especially for partially homomorphic encryption (PHE) schemes that allow computation on encrypted data. Their carbon footprint across cloud data center deployments remains underexplored. We benchmark eight PHE algorithms from the LightPHE open-source Python library, including RSA, ElGamal, Exponential ElGamal, Paillier, Damgård–Jurik, Okamoto–Uchiyama, Goldwasser–Micali, and Elliptic Curve ElGamal, across six cloud environments, and use timing data as input to a carbon estimation model covering Scope 1, Scope 2, and Scope 3 emissions across ten data center configurations. We ground the energy model with a dedicated Intel RAPL calibration on bare-metal hardware using 30 repetitions per configuration. The calibration measures average CPU package power at 34.7 W and total system power at 48.4 W, showing that a fixed 150 W CPU-only assumption overestimates actual CPU power by a factor of 4.3. We present calibrated estimates alongside a 150 W server-class scenario and a sensitivity analysis across power, PUE, and grid carbon intensity. Elliptic curve schemes provide equivalent classical security at a fraction of the energy cost of RSA, and algorithm-specific mathematical structure drives order-of-magnitude differences in carbon output. These results reveal an asymmetry between security and carbon cost across PHE algorithms and establish a sustainable-cryptography baseline for future PQC-based homomorphic schemes. Full article

Device-to-device (D2D) communication is expected to become a key component of 6G and IoT systems, enabling low-latency and infrastructure-independent connectivity. A major challenge is to establish secure session keys between previously unknown devices without relying on an online trusted third party, while also ensuring resilience against future quantum adversaries. This paper proposes a lightweight hybrid authentication and key agreement protocol for decentralized D2D communication. The approach combines IPFS-assisted distributed key discovery with a two-message protocol that uses post-quantum key encapsulation for long-term confidentiality, while retaining elliptic curve cryptography (ECC) for efficient real-time authentication under classical security assumptions.This design reflects the different temporal security requirements of confidentiality and authentication and provides a practical trade-off between quantum resilience and computational efficiency. The proposed scheme achieves mutual authentication under classical ECC assumptions, secure session key establishment, and resistance against common attacks, while providing post-quantum confidentiality protection against future quantum adversaries and removing the need for an online trusted third party (TTP) during protocol execution. The results demonstrate that the protocol offers a competitive and practical solution for secure decentralized D2D communication in IoT and future 6G environments. Full article

With the widespread adoption of cryptocurrencies, the ability to conduct continuous offline payments has increasingly become a critical technological requirement. In network-constrained scenarios, current dual-offline payment technologies are useful for single transactions. However, their limitations in continuous payment scenarios have become increasingly evident, making them unable to meet real-world application needs. This has prompted the industry to demand more urgent innovations in research on continuous offline payment capabilities. To address these challenges, this paper proposes a continuous dual-offline payment system capable of supporting multiple continuous payments. The system integrates elliptic curve cryptography (ECC) and zero-knowledge proof (ZKP) technology to generate secure asset credentials, ensuring both immutability and privacy credentials throughout the offline payment lifecycle. A dynamic credential decomposition mechanism enables the splitting of input credentials into change credentials and receipt credentials, facilitating uninterrupted dual-offline payments between hardware wallets. Additionally, it incorporates a batch verification scheme based on smart contracts, utilizing zero-balance verification and chained hash tracing to ensure payment uniqueness and prevent double-spending attacks, thereby guaranteeing the verifiability and validity of payment settlements. Experimental evaluations demonstrate that the proposed system reduces gas consumption per payment and improves execution efficiency during batch processing, combining high security with strong performance. This research provides a feasible solution for the application of digital currencies in offline scenarios, carrying significant theoretical value and practical significance for driving technological innovation and application expansion in the cryptocurrency field. In addition to cryptocurrency payments, the proposed system is also applicable to IoT and sensor network environments. Many IoT devices operate in disconnected or network-limited areas and require secure micro-transactions. Our dual-offline payment mechanism supports such scenarios, as the main cryptographic operations are lightweight enough for typical IoT hardware. This further extends the practical value of our system beyond traditional cryptocurrency payments. Full article

The rapid growth of Intelligent Transportation Systems (ITSs) necessitates secure and efficient Vehicle-to-Everything (V2X) communication. However, existing Physical Unclonable Function (PUF)-based schemes often suffer from modeling vulnerabilities and high overheads. This paper proposes a decentralized, dynamic, anonymous authentication protocol tailored for Vehicular Ad Hoc Networks (VANETs). By integrating Elliptic Curve Cryptography (ECC) with highly reliable Self-Adaption Deviation Locking PUFs (SDL PUFs), we design a dynamic Challenge–Response Pair (CRP) obfuscation mechanism. This mechanism effectively mitigates modeling threats, reducing the prediction success rate of machine learning (ML) and deep learning (DL) attacks by approximately 35% compared to raw SDL PUFs. The protocol ensures identity untraceability and forward secrecy through anonymous identifiers and ephemeral session keys. Security is formally verified under the Real-or-Random (ROR) model and validated using the AVISPA tool. Simulations in SUMO and Omnetpp demonstrate that the protocol is highly efficient, achieving a low computational overhead of 6.77 ms per entity and a communication cost of 192 bytes. Compared to state-of-the-art approaches, our solution provides superior robustness against advanced modeling attacks and significantly reduces latency, making it suitable for resource-constrained V2X environments. Full article

The increasing deployment of resource-constrained Internet of Things (IoT) devices requires security mechanisms that preserve confidentiality without compromising energy efficiency or responsiveness. Although Transport Layer Security (TLS) provides standardized protection for MQTT-based communication, its computational overhead may significantly affect embedded architectures. This study presents a controlled experimental evaluation of three communication configurations implemented on ESP32-based nodes: unencrypted Message Queuing Telemetry Transport (MQTT), MQTT over TLS 1.2, and an application-layer hybrid scheme combining Elliptic Curve Diffie–Hellman key exchange with AES-128 encryption. Second-level measurements of instantaneous current, accumulated energy, end-to-end latency, and memory footprint were collected across repeated experimental runs. Time-series diagnostics were performed to assess autocorrelation and stationarity, and block bootstrap resampling was applied to ensure dependence-aware statistical inference. The results indicate that TLS introduces the highest cumulative energy growth and latency dispersion, while the hybrid ECC–AES configuration demonstrates intermediate behavior with reduced overhead relative to TLS. Pareto frontier analysis shows that TLS is dominated in the joint energy–latency space, whereas the hybrid scheme represents a non-dominated compromise between security and efficiency. These findings provide a stability-aware and statistically robust framework for evaluating security–performance trade-offs in embedded IoT systems. Full article

The growing interconnection of critical engineering infrastructure through IoT introduces unprecedented exposure to cyber threats. Emerging quantum computing capabilities pose a transformative risk to classical cryptographic primitives such as Rivest–Shamir–Adleman and Elliptic-Curve Cryptography, which underpin secure communication and device authentication in industrial control systems, power grids, transportation networks, and healthcare infrastructure. This paper investigates quantum-resistant encryption, often termed post-quantum cryptography (PQC), as a sustainable security paradigm for IoT communication within critical systems. By analyzing lattice-based, code-based, multivariate, and hash-based schemes, the study evaluates trade-offs between computational cost, memory footprint, and latency constraints intrinsic to resource-limited IoT nodes. A hybrid architectural framework integrating the National Institute of Standards and Technology-standardized algorithms (e.g., Cryptographic Suite for Algebraic Lattices—Kyber, Dilithium) with lightweight symmetric primitives (e.g., Ascon, GIFT block cipher in Combined Feedback mode) is proposed for secure data transmission across heterogeneous IoT layers. Experimental simulations benchmark key-exchange throughput, ciphertext expansion, and resilience against quantum-adversarial models, demonstrating up to 65% reduction in handshake latency compared to baseline lattice implementations under constrained conditions. The paper concludes with policy and engineering recommendations for the adoption of quantum-resistant IoT protocols in energy, transportation, and industrial automation sectors, highlighting alignment with global PQC migration roadmaps and IEC 62443 cybersecurity standards. Full article

Cloud storage systems require strong and efficient encryption methods to ensure data security and reliability. However, selecting the most suitable encryption algorithm remains a challenge due to variations in performance, overhead, and reliability. This study aims to introduce a comparative analysis of five encryption algorithms—Advanced Encryption Standard (AES), Blowfish, Rivest-Shamir-Adleman (RSA), Elliptic Curve Cryptography (ECC), and Advanced Encryption Standard one-time password AES-OTP with RSA hybrid model (AES-OTP with RSA)—to identify the most suitable algorithm to protect sensitive data in cloud storage systems. The evaluation of these algorithms was based on encryption/decryption time, data size overhead, encryption/decryption throughput, performance metrics (accuracy, precision, recall, and F1-score), and error metrics mean square error and mean absolute error (MSE and MAE), using datasets of various sizes. The results indicated that AES provided the fastest encryption and decryption time, minimal overhead, and the highest throughput and accuracy, while Blowfish also performed efficiently but with slightly higher error rates. RSA and ECC, although secure, were slower and demonstrated more overhead. The hybrid AES-OTP with RSA model achieved a good balance between speed and secure key management. This study highlights the trade-offs between speed, security, and storage efficiency, offering guidance in selecting appropriate encryption algorithms for cloud-based data protection. Full article

Healthcare Wireless Sensor Networks (HWSNs) have attracted significant attention due to their vital role in diseases’ diagnosis, monitoring, and treatment. By continuously collecting patients’ physiological data and enabling remote medical services, these networks can greatly improve the quality of healthcare. However, the inadequate handling of security and privacy issues poses serious risks to patients. In this context, signcryption schemes are essential cryptographic primitives that simultaneously provide authentication, confidentiality, and data integrity with a low overhead. Recently, Deng et al. proposed a certificateless signcryption (CL-SC) scheme for HWSNs and proved its security in the standard model. In this paper, we demonstrate that their scheme is insecure under an enhanced adversarial model, where a super Type II adversary, which is a malicious key generation center, can replace the system’s master public key using the master secret key under its control, and subsequently forge valid signcryptions on arbitrary messages on behalf of a sensor node. To address this vulnerability, we propose an enhanced CL-SC scheme based on elliptic curve cryptography (ECC). Under the hardness assumptions of the Elliptic Curve Decisional Diffie–Hellman Problem (ECDDHP) and the Computation Attack Algorithm (CAA), the proposed scheme achieves confidentiality and existential unforgeability against both super Type I and super Type II adversaries in the standard model. Performance analysis further shows that our scheme is efficient and well suited for resource-constrained HWSN environments. Full article

As Open Radio Access Network (O-RAN) deployments expand and adversaries adopt “store-now, decrypt-later” strategies, operators need empirical data on the cost of migrating critical control interfaces to post-quantum cryptography (PQC). This paper experimentally evaluates the impact of integrating a NIST-aligned Module-Lattice Key-Encapsulation Mechanism (ML-KEM) into IKEv2/IPsec, protecting the E2 interface between the 5G Node B (gNB) and the Near-Real-Time RAN Intelligent Controller (Near-RT RIC). Using an open-source testbed built from srsRAN, Open5GS, FlexRIC and strongSwan (with liboqs), we compare three configurations: no IPsec, classical Elliptic Curve Diffie–Hellman (ECDH)-based IPsec, and ML-KEM-based IPsec. This study focuses on IPsec tunnel-setup latency and the runtime behaviour of Near-RT RIC xApps under realistic signalling workloads. Results from repeated, automated runs show that ML-KEM integration adds a small overhead to tunnel establishment, which is approximately 2.7~4.7 ms in comparison to classical IPsec, while xApp operation and RIC control loops remain stable in our experiments. These findings, produced from an open, reproducible testbed, indicate that ML-KEM-based IPsec on the E2 interface is practically feasible and inform quantum-safe migration strategies for O-RAN deployments. Full article

The advent of fault-tolerant quantum computers poses an existential threat to the current blockchain technology, which relies on cryptographic primitives like elliptic-curve cryptography and SHA-256 hashing. This manuscript surveys the emerging field of quantum-secure blockchains, categorizing the main research directions into two paradigms. The first, post-quantum blockchain, seeks to replace classical cryptographic elements with quantum-resistant algorithms. The second, more radical approach aims to construct an intrinsically quantum blockchain, where the ledger’s security and state are encoded directly in quantum mechanical principles. We delve into three promising intrinsic schemes: those based on Greenberger–Horne–Zeilinger (GHZ) states and entanglement in time, those leveraging multi-time states and pseudo-density matrices, and hypergraph-based approaches. As the principal original contribution of this work, we present a comprehensive theoretical framework for a topological quantum blockchain based on non-Abelian anyons, providing the first detailed encoding scheme mapping classical blockchain data to braiding sequences. We further develop the connection to Chern–Simons theory, establishing a field-theoretic foundation where the blockchain’s history is encoded in Wilson loops, and its immutability follows from topological and gauge invariance. Extending this framework, we introduce a holographic AdS/CFT interpretation, revealing that the topological blockchain can be understood as a dual description of a black hole analog in anti-de Sitter space, where the blockchain’s history is encoded in the microstates of a black hole and linking braids between blocks correspond to wormholes. We provide a detailed physical and mathematical analysis of each scheme, comparing their security assumptions, resource requirements, and feasibility in the near and long terms. The topological approach, in particular, offers a compelling new path toward a blockchain with inherent fault tolerance, where the chain’s history is encoded in the topology of anyon worldlines, making it naturally resistant to decoherence and local tampering. Full article

Unmanned Aerial Vehicle (UAV)-assisted hierarchical federated learning (HFL) has emerged as a promising architecture for Internet of Things (IoT)-based smart agriculture, which enables scalable model training over large and sparse farmlands. In this setting, UAVs act as mobile edge servers, aggregating local updates from distributed agricultural IoT devices and relaying them to the cloud server. While HFL improves scalability and reduces communication overhead, it still faces critical security threats due to its reliance on public wireless channels and the vulnerability of model aggregation to malicious updates. In this paper, we propose a secure authentication scheme that integrates anomaly detection with elliptic curve cryptography (ECC)-based mutual authentication to protect both the communication and training phases. In the proposed scheme, UAVs authenticate participating clients before receiving their local models, then perform anomaly detection to identify and exclude malicious participants. If a client is found to be malicious, its identity credentials are revoked and broadcast by the cloud server to prevent future participation. The security of the proposed scheme is formally verified using Burrows–Abadi–Needham (BAN) logic, the Real-or-Random (RoR) model, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, along with informal security analysis. The performance evaluation includes comparisons of security features, computation cost, and communication cost with other related schemes, and an experimental assessment of anomaly detection performance. The results demonstrate that our scheme provides strong security guarantees, low overhead, and effective malicious client detection, making it well suited for UAV-assisted HFL in smart agriculture. Full article

Secure cross-domain UAV authentication is challenging because identity verification alone is insufficient to guarantee safe operation. In many UAV applications, it is equally critical to verify that a UAV is currently located within an authorized geographic region. Existing approaches often expose precise GPS coordinates, rely on static identifiers that enable tracking, or fail to guarantee the freshness and authenticity of location evidence. These weaknesses allow replay, location spoofing, and trajectory inference attacks, especially in multi-domain environments. To address these limitations, we propose PrivLocAuth, a zero-knowledge-based cross-domain UAV authentication protocol that enforces geofence restrictions without revealing actual locations. In PrivLocAuth, UAVs encode their current coordinates into fresh Pedersen commitments, which are attested by the home Local Domain Server (LDS) using short-lived Schnorr signatures. Based on these attested commitments, UAVs generate Bulletproof range proofs to demonstrate compliance with cross-domain server-defined geofences. This design ensures that UAVs operate within authorized airspace while preserving strong location privacy. PrivLocAuth further incorporates a lightweight elliptic curve cryptography (ECC) and Schnorr signature-based credential framework that enables unlinkable authentication across-domains, preventing session correlation and identity tracking. Formal security analysis demonstrates resistance to impersonation, replay, geofence-bypass, and linkage attacks. Experimental evaluation shows low computational latency and minimal communication overhead, confirming the protocol’s suitability for resource-constrained UAV platforms operating in dynamic cross-domain environments. Full article