Search Results (3,593)

Optical networks constitute the backbone of contemporary communication infrastructures, supporting massive bandwidth, low-latency services, and high levels of scalability across core, metro, and access domains. As these systems evolve toward elastic, software-defined, and multi-domain architectures, their exposure to sophisticated security threats increases significantly. This paper provides a comprehensive survey of vulnerabilities and countermeasures in modern optical networks, spanning the physical, control, and cross-layer dimensions. We analyze major architectures—including WDM, TDM, PON, EON, and IP-over-WDM—and examine how their structural properties shape their security posture. A threat taxonomy is presented covering physical-layer attacks such as fiber tapping, optical jamming, crosstalk exploitation, and signal injection; control-plane risks including spoofing, malicious signaling, and SDN manipulation; and broader cross-layer attack vectors. We review state-of-the-art defense mechanisms, including physical-layer security (PLS), spectrum randomization, chaotic optical coding, device-level authentication, survivability techniques, intelligent monitoring, and quantum-secure solutions such as QKD. By integrating insights from recent experimental and operational studies, the survey highlights emerging challenges and identifies open problems related to secure orchestration, multi-tenant environments, and quantum-era resilience. The objective is to guide researchers, engineers, and network operators toward robust and future-proof security strategies for next-generation optical infrastructures. Full article

This paper presents a novel architecture for creating light agents embedded on Internet of Things (IoT) devices, specifically addressing challenges such as security, scalability, and adaptability. Despite the increasing adoption of agent-based approaches in IoT systems, security and robustness mechanisms are often treated as external or ad hoc components in many existing solutions. This limits their effectiveness in dynamic environments that transmit sensitive and personal data and are, by nature, potentially untrusted. The proposed architecture applies Pyro4 for efficient communication among agents and implements a multi-level security scheme that combines symmetric, asymmetric, and hybrid encryption with Time-Based One-Time Passwords (TOTP)-based authentication. This ensures the data confidentiality and integrity within dynamic IoT environments. A case study validates the “agent of things” concept by confirming key security mechanisms such as agent authentication, multi-factor access control, secure communication, and fault resilience. Qualitative testing proved the architecture effective in mitigating common vulnerabilities in distributed agent environments, achieving high reliability scores in terms of security and performance. Experimental results show that over 75% of agent operations were completed in under 2 milliseconds, with a success rate above 99%, confirming the architecture’s lightweight execution and real-time readiness of the architecture for IoT environments. Therefore, the proposed architecture is particularly useful for researchers and practitioners working on secure IoT systems, embedded multi-agent architectures, and intelligent edge computing environments. Full article

The accurate labeling of darknet traffic plays a vital role in real-time cybersecurity systems, as it enables the reliable identification and control of encrypted network applications. State-of-the-art studies have depended mainly on traditional machine learning with public datasets; however, incorporating deep learning (DL) techniques to analyze darknet traffic is still not effectively explored. This paper presented a unique DL-based framework. It integrated discriminative feature selection with an image-based representation of traffic. The work methodology applies the extraction of the most informative features from raw network flows and transforms them into grayscale images, enabling the effective capture of spatial patterns. Those images will be further processed by a hybrid conventional neural network (CNN) and bidirectional long short-term memory (BiLSTM) architecture that leverages the strengths of the CNN in terms of spatial feature extraction, with the modeling of bidirectional temporal dependencies of BiLSTM. For the model testing, two independent encrypted traffic datasets were combined to build a unified and diversified darknet traffic benchmark. The achieved results prove that the proposed hybrid architecture can achieve as high as 89% classification accuracy with an excellent detection and classification capability for darknet traffic. It confirmed a significant performance improvement of the encrypted traffic analysis by integrating feature selection and image-based DL. Full article

Secure compressive sensing (SCS) mostly benefits scenes such as IoT with finite computer resources, the fields of spaceflight and medicine, etc. Recently, research on SCS has aroused widespread interest. Nevertheless, existing work on embedding security of CS usually requires an extra cryptographic routine applied to the measurement vectors. In this paper, we proposed an SCS scheme boosted by the hyper-chaotic system, which outperforms state-of-the-art methods and endows the SCS with a high level of inherent security. Encryption and sampling processing are accomplished simultaneously in our scheme, i.e., security is achieved when sampling with a measurement matrix, which is generated by an initial-value (secret key)-driven discrete hyper-chaotic (HC) system. Moreover, the application of the HC matrix decreases both the computing and bandwidth consumption costs of secret key streams transmission compared with traditional CS-based encryption methods. Experimentally, the HC-based matrix demonstrates excellent reconstruction performance, achieving an average SSIM of 0.91 and PSNR of 29.09 dB on the Set5 dataset at a sampling ratio of 0.5, outperforming conventional matrices such as Bernoulli and Hadamard. Security analysis confirms that the system exhibits asymptotic spherical secrecy and high key sensitivity—a deviation of ${10}^{-16}$ in the initial value results in complete decryption failure. Furthermore, the scheme shows strong robustness against additive Gaussian white noise and cropping attacks, maintaining a PSNR above 15 dB even under 50% cropping. Compared to existing methods, the proposed approach reduces bandwidth consumption by transmitting only the HC initial parameters rather than the entire measurement matrix. These results demonstrate that the HC-driven SCS framework provides inherent security, high reconstruction fidelity, and practical efficiency, making it suitable for secure sensing in constrained environments. Full article

Scalable video coding plays an essential role in supporting heterogeneous devices, network conditions, and application requirements in modern video streaming systems. However, most existing scalable coding approaches primarily optimize human perceptual quality and provide limited support for data privacy, as well as for machine analyses and the integration of heterogeneous sensor data. This limitation motivated the development of adaptive scalable video coding frameworks. The proposed approach is designed to serve both human viewers and automated analysis systems while ensuring high security and compression efficiency. The method adaptively encrypts selected layers during transmission to protect sensitive content without degrading decoding or analysis performance. Experimental evaluations on benchmark datasets demonstrate that the proposed framework achieves superior rate distortion efficiency and reconstruction quality, while also improving machine analysis accuracy compared to existing traditional and learning-based codes. In video surveillance scenarios, where the base layer is preserved for analysis, the proposed scalable human machine coding (SHMC) method outperforms scalable extensions of H.265/High Efficiency Video Coding (HEVC), Scalable High Efficiency Video Coding (SHVC), reducing the average bit-per-pixel (bpp) by 26.38%, 30.76%, and 60.29% at equivalent mean Average Precision (mAP), Peak Signal-to-Noise Ratio (PSNR), and Multi-Scale Structural Similarity (MS-SSIM) levels. These results confirm the effectiveness of integrating scalable video coding with intelligent encryption for secure and efficient video transmission. Full article

Big data has significantly transformed data processing and analytics across various domains. However, ensuring security and data confidentiality in distributed platforms such as Hadoop remains a challenging task. Distributed environments face major security issues, particularly in the management and protection of large-scale data. In this article, we focus on the cost of secure information transmission, implementation complexity, and scalability. Furthermore, we address the confidentiality of information stored in Hadoop by analyzing different AES encryption modes and examining their potential to enhance Hadoop security. At the application layer, we operate within our Hadoop environment using an extended, secure, and widely used MQTT protocol for large-scale data communication. This approach is based on implementing MQTT with TLS, and before connecting, we add a hash verification of the data nodes’ identities and send the JWT. This protocol uses TCP at the transport layer for underlying transmission. The advantage of TCP lies in its reliability and small header size, making it particularly suitable for big data environments. This work proposes a triple-layer protection framework. The first layer is the assessment of the performance of existing AES encryption modes (CTR, CBC, and GCM) with different key sizes to optimize data confidentiality and processing efficiency in large-scale Hadoop deployments. Afterwards, we propose evaluating the integrity of DataNodes using a novel verification mechanism that employs SHA-3-256 hashing to authenticate nodes and prevent unauthorized access during cluster initialization. At the third tier, the integrity of data blocks within Hadoop is ensured using SHA-3-256. Through extensive performance testing and security validation, we demonstrate integration. Full article

5G systems have delivered on their promise of seamless connectivity and efficiency improvements since their global rollout began in 2020. However, maintaining subscriber identity privacy on the network remains a critical challenge. The 3GPP specifications define numerous identifiers associated with the subscriber and their activity, all of which are critical to the operations of cellular networks. While the introduction of the Subscription Concealed Identifier (SUCI) protects users across the air interface, the 5G Core Network (CN) continues to operate largely on the basis of the Subscription Permanent Identifier (SUPI)—the 5G-equivalent to the IMSI from prior generations—for functions such as authentication, billing, session management, emergency services, and lawful interception. Furthermore, the SUPI relies solely on the transport layer’s encryption for protection from malicious observation and tracking of the SUPI across activities. The crucial role of the largely unprotected SUPI and other closely related identifiers creates a high-value target for insider threats, malware campaigns, and data exfiltration, effectively rendering the Mobile Network Operator (MNO) a single point of failure for identity privacy. In this paper, we analyze the architectural vulnerabilities of identity persistence within the CN, challenging the legacy “honest-but-curious” trust model. To quantify the extent of subscriber identities being utilized and exchange within various API calls in the CN, we conducted a study of the occurrence of SUPI as a parameter throughout the collection of 5G SBI (Service-Based Interface) Core VNF (Virtual Network Function) API (Application Programming Interface) schemas. Our extensive analysis of the 3GPP specifications for 3GPP Release 18 revealed a total of 4284 distinct parameter names being used across all API calls, with a total of 171,466 occurrences across the API schema. More importantly, it revealed a highly skewed distribution in which subscriber identity plays a pivotal role. Specifically, the “supi” parameter ranks 57th with 397 occurrences. We found that SUPI occurs both as a direct parameter (“supi”) and within 72 other parameter names that contain subscriber identifiers as defined in 3GPP TS 23.003. For these 73 parameter names, we identified a total of 8757 occurrences. At over 5.11% of all parameter occurrences, this constitutes a disproportionately large share of total references. We also detail scenarios where subscriber privacy can be compromised by internal actors and review future privacy-preserving frameworks that aim to decouple subscriber identity from network operations. By suggesting a shift towards a zero-trust model for CN architecture and providing subscribers with greater control over their identity management, this work also offers a potential roadmap for mitigating insider threats in current deployments and influencing specific standardization and regulatory requirements for future 6G and Beyond-6G networks. Full article

The growing adoption of wearable devices creates a critical need for robust and secure Internet of Things solutions to manage biometric data streams. Current architectures often lack emphasis on seamless data capture, secure cloud storage and integrated dashboard visualization. This research addresses these gaps by investigating and evaluating an IoT framework leveraging lightweight communication and real-time visualization for improved healthcare monitoring. Drawing primarily on recent peer-reviewed journals and reputable conference proceedings, we evaluate an IoT architecture that securely integrates wearable biometric data into a cloud-based dashboard. The system utilizes encrypted advertising packets (e.g., AES-128-CCM) to broadcast biometric signals, eliminating the need for permanent device pairing and minimizing energy consumption. These packets are captured by our prototype ESP32-based (Espressif Systems, Shanghai, China) gateway node, decrypted and forwarded to a secure cloud environment that ensures persistent storage and accessibility. The cloud-based dashboard provides medical staff and end-users with real-time insights and long-term data tracking. Emphasis was placed on evaluating the system’s low latency performance, energy efficiency and data confidentiality. System evaluation demonstrates that encrypted advertising packets can securely transmit biometric signals, while drastically reducing energy consumption and latency. System evaluation demonstrates that encrypted BLE advertising serves as a superior alternative to traditional pairing-based methods for long-term medical monitoring. By implementing a dual-optimization strategy that balances data confidentiality with power efficiency, the proposed system achieved a 33-fold increase in operational autonomy compared with standard permanent BLE connections. These results represent a significant advancement in battery longevity for the IoMT ecosystem, providing a scalable solution for continuous, secure biometric signal transmission with minimal energy overhead. Full article

With the rapid growth of data transmission and visual encryption technologies, Visual Secret Sharing (VSS) has become an important technique for image-based information protection. However, many existing VSS schemes remain vulnerable to dishonest participants who attempt to recover secret images through unauthorized stacking or manipulation of shares. To address this issue, this paper proposes a dishonest-participant-resistant VSS scheme based on linearly polarized shares and Probability Distribution Trees (PDTs). The proposed method embeds both secret and fake images into polarized shares, such that any unauthorized stacking of ordinary shares produces a visually plausible fake image or random noise, while only stacking that includes the master share under a predefined optical ordering reveals the true secret image. Binary image binarization and probability-guided polarization assignment are employed to improve computational efficiency and increase uncertainty against adaptive attacks. In addition to visual inspection and contrast analysis, peak signal-to-noise ratio (PSNR), structural similarity index (SSIM), and visual information fidelity (VIF) are used as complementary metrics to distinguish authorized reconstructions from unauthorized and partial ones. Experimental results show that authorized reconstructions achieve high visual fidelity and perceptual recognizability, whereas unauthorized and partial reconstructions yield significantly degraded or misleading outputs, demonstrating effective suppression of information leakage and strong resistance against dishonest behavior. Consequently, the proposed scheme enhances security and practical usability compared with existing polarization-based VSS approaches. Full article

Intrusion Detection Systems (IDSs) have evolved to safeguard networks and systems from cyber attacks. Anomaly-based Intrusion Detection Systems (A-IDS) have been commonly employed to detect known and unknown anomalies. However, conventional anomaly detection approaches encounter substantial challenges when dealing with large-scale and heterogeneous data sources. These challenges include high False Positive Rates (FPRs), imbalanced data behavior, complex data handling, resource constraints, limited interpretability, and difficulties with encrypted networks. This survey reviews 60 technical papers (2019–2025) on graph-based anomaly detection (GBAD) approaches, highlighting their ability to address these challenges by utilizing the inherent structure of graphs to capture and analyze network connectivity patterns. Our analysis reveals that 32 studies (53%) employ two-stage methods while 28 (47%) use end-to-end approaches. Among the end-to-end methods, GNN-based techniques dominate, accounting for 18 of the 28 papers. We present a phased graph-based anomaly detection methodology for intrusion detection. This includes phases of data capturing, graph construction, graph pre-processing, anomaly detection, and post-detection analysis. Furthermore, we examine the evaluation methods and datasets employed in GBAD research and provide an analysis of the types of attacks identified by these methods. The most utilized datasets include CICIDS, UNSW-NB15, and DARPA, while precision, recall, and F1-score are employed in over 85% of studies. Lastly, we outline the key challenges and future directions that require significant research efforts in this area, and we offer some recommendations to address them. Full article

The rapid advancement of Generative Pre-trained Transformer (GPT) models has led to their widespread adoption across applied domains such as healthcare, finance, education, and enterprise software engineering. However, the large-scale data requirements and generative capabilities of these models introduce significant challenges related to data security, privacy preservation, and regulatory compliance. This paper presents a systematic literature review conducted in accordance with the PRISMA 2020 guidelines, analyzing 60 peer-reviewed empirical studies published between 2020 and 2025 in Q1 and Q2 journals indexed in the Web of Science Core Collection. The review examines the evolution of GPT architectures and evaluates state-of-the-art security and privacy techniques, including encryption, differential privacy, federated learning, data anonymization, model distillation, and secure deployment mechanisms. Key challenges identified include unintended memorization of sensitive data, adversarial prompt-based attacks, and performance degradation resulting from privacy-preserving constraints, with reported accuracy reductions ranging from 5% to 20% depending on the applied technique. Additionally, the analysis highlights increased computational overhead, in some cases exceeding 30–40% training or inference cost when advanced cryptographic methods are employed. Regulatory and ethical implications are assessed in relation to frameworks such as GDPR, CCPA, HIPAA, and the proposed EU Artificial Intelligence Act. The findings emphasize the need for privacy-by-design approaches and scalable governance strategies to support secure and trustworthy deployment of GPT models in applied real-world environments. Full article

Communication is defined as the process of transferring data and exchanging information between interconnected systems. Due to the increasing reliance on digital infrastructures by the military, financial, and healthcare sectors, it is important to ensure the confidential, authentication, and tamper-proof nature of communications. In addition, the increasing need for secure communications in the fields of network security and cryptography have led to the development of numerous systems. The basic requirement of these systems is that under the same key, identical plaintexts do not result in identical ciphertexts. The most significant contribution to this requirement has came from block cipher modes. There are many traditional modes of operation such as the Electronic Code Book (ECB) compromises between simplicity and security. Probabilistic Modes such as the Cipher Block Chaining Mode (CBC) provide a method to randomize data so that the potential for pattern analysis is eliminated, while Deterministic Modes such as ECB enable potential access to the patterns within the plaintexts. Conversely, since the randomization is in the Probabilistic Mode, there is no access to the patterns; however, the sequentiality of the blocks creates dependence and increases the computing overhead. To address these issues, a novel block cipher mode that provides the highest level of security and the most effective method for performing encryption and decryption will be proposed in this paper. It is anticipated that the improved security features and efficient encryption and decryption procedures will significantly improve confidentiality. The methods proposed will utilize compact key structures, parallel processing, a header generation based on multiple random values, and a Key-derived S Box. The experimental results show that SEBCM is more effective than CBC with respect to speed in both encryption and decryption. Full article

The Internet of Things (IoT) has transformed modern life through interconnected devices enabling automation across diverse environments. However, its reliance on legacy network architectures has introduced significant security vulnerabilities and efficiency challenges—for example, when Datagram Transport Layer Security (DTLS) encrypts transport-layer communications to protect IoT traffic, it simultaneously blinds intermediate proxies that need to inspect message contents for protocol translation and caching, forcing a fundamental trade-off between security and functionality. This paper presents an architectural solution based on the Recursive InterNetwork Architecture (RINA) to address these issues. We analyze current IoT network stacks, highlighting their inherent limitations—particularly how adding security at one layer often disrupts functionality at others, forcing a detrimental trade-off between security and performance. A central principle underlying our approach is the role of structural symmetry in RINA’s design. Unlike the heterogeneous, protocol-specific layers of TCP/IP, RINA exhibits recursive self-similarity: every Distributed IPC Facility (DIF), regardless of its position in the network hierarchy, instantiates identical mechanisms and offers the same interface to layers above. This architectural symmetry ensures predictable, auditable behavior while enabling policy-driven asymmetry for context-specific security enforcement. By embedding security within each layer and allowing flexible layer arrangement, RINA mitigates common IoT attacks and resolves persistent issues such as the inability of Performance Enhancing Proxies to operate on encrypted connections. We demonstrate RINA’s applicability through use cases spanning smart homes, healthcare monitoring, autonomous vehicles, and industrial edge computing, showcasing its adaptability to both RINA-native and legacy device integration. Our mixed-methods evaluation combines qualitative architectural analysis with quantitative experimental validation, providing both theoretical foundations and empirical evidence for RINA’s effectiveness. We also address emerging trends including AI-driven security and massive IoT scalability. This work establishes a conceptual foundation for leveraging recursive symmetry principles to achieve secure, efficient, and scalable IoT ecosystems. Full article

Vividly colored cholesteric liquid crystal polymer network (CLCN) patterns based on epoxy resin are used in decorative and anti-counterfeiting applications. These films are typically prepared via cationic photopolymerization and post-polymerization to achieve a high cross-linking degree. In this work, the cross-linking degree is controlled by varying the UV irradiation dosage during photopolymerization. Following this, the reflection band of the CLCN film changes after removing non-cross-linked compounds with acetone. Leveraging the low cationic polymerization rate and the chain termination capability of methanol, a structurally colored CLCN film with regionally tailored cross-linking was fabricated. With the treatment of acetone, a colorful pattern was observed. Moreover, upon immersion in methanol, the film swelled, revealing a colorful pattern. After the evaporation of methanol, the pattern disappeared. Consequently, this CLCN film holds significant potential for information encryption applications. Full article

In 1994, P. Shor discovered quantum algorithms that can break both the RSA cryptosystem and the ElGamal cryptosystem. In 2007, D-Wave demonstrated the first quantum computer. These events and further developments have brought a crisis to secret communication. In 2016, the National Institute of Standards and Technology (NIST) launched a global project to solicit and select a handful of encryption algorithms with the ability to resist quantum computer attacks. In 2022, it announced four candidates, CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and Sphincs+, for post-quantum cryptography standards. The first three are based on lattice theory and the last on a hash function. The security of lattice-based cryptosystems relies on the computational complexity of the shortest vector problem (SVP), the closest vector problem (CVP), and their generalizations. As we will explain, the SVP is a ball-packing problem, and the CVP is a ball-covering problem. Furthermore, both the SVP and CVP are equivalent to arithmetic problems for positive definite quadratic forms. This paper will briefly describe the mathematical problems on which lattice-based cryptography is built so that cryptographers can extend their views and learn something useful. Full article