Search Results (266)

The Internet of Medical Things (IoMT) has become a core component of modern healthcare infrastructures, enabling continuous patient monitoring, remote diagnostics, and data-driven clinical decision-making. Despite these advances, authentication in IoMT environments remains a critical security challenge, intensified by strict resource constraints of medical devices and the emerging threat posed by quantum computing to classical cryptographic techniques. This systematic review investigates authentication mechanisms in IoMT from both post-quantum and system-level perspectives. A structured literature review was conducted using a PRISMA-informed methodology across major scientific databases, including IEEE Xplore, ACM Digital Library, SpringerLink, ScienceDirect, and MDPI. From an initial set of 95 records, 63 studies were selected for qualitative synthesis following screening and eligibility assessment. To organise existing research, this study introduces a multi-dimensional classification framework that categorises authentication solutions according to cryptographic paradigm (classical, hybrid, and post-quantum), deployment architecture, system objectives, and clinical operational constraints. The comparative synthesis demonstrates important trade-offs between security strength, latency, computational overhead, and energy consumption that are frequently underexplored in the existing literature. Furthermore, the analysis identifies key research gaps related to scalability in heterogeneous medical environments, trust establishment across administrative and clinical domains, usability under strict timing constraints, and resilience against quantum-capable adversaries. Based on these findings, future research directions are outlined toward adaptive, lightweight, and context-aware post-quantum authentication frameworks designed for real-world IoMT deployments. Limitations of this review include restriction to English-language publications and selected databases. This study received no external funding, and the review protocol was not formally registered. Full article

Quantum Encryption in Phase Space (QEPS) is a physical-layer encryption framework that harnesses the quantum-mechanical properties of coherent states to secure optical communications against both classical and quantum computational threats. By applying randomized phase shifts, displacements, or their dynamic combinations—implemented as unitary transformations in phase space—QEPS disrupts the phase reference essential for coherent detection, establishing aphase synchronization barrier. This review synthesizes the theoretical foundations, security mechanisms, and experimental progress of the QEPS framework, encompassing its three principal variants: the round-trip Quantum Public Key Envelope (QPKE) protocol—a public-key-like scheme built upon phase randomization (QEPS-p), the symmetric phase-only QEPS-p, and the displacement-based QEPS-d. Experimental validations demonstrate that authorized users achieve bit-error rates (BERs) below the forward-error-correction threshold, whereas eavesdroppers are confined to BERs near 50%, equivalent to random guessing—all while utilizing standard coherent optical transceivers at data rates up to 200 Gb/s over 80 km of fiber. We further examine QEPS’s robustness to channel impairments, its seamless compatibility with existing digital signal processing (DSP) pipelines, and its distinctive position within the post-quantum cryptography landscape. Finally, we outline key challenges and future research directions toward deploying QEPS as a practical, quantum-resistant security layer for next-generation optical networks. Full article

The proliferation of Internet of Things (IoT) devices and embedded processors has recently spurred rapid advances in hardware-level security. This paper systematically reviews developments in securing microcontroller units (MCUs) and constrained embedded platforms from 2020 to 2026, a period marked by the finalization of NIST’s post-quantum cryptography standards and accelerated commercial deployment of hardware security primitives. Through analysis of the peer-reviewed literature, industry implementations, and standardization efforts, we survey five critical areas: post-quantum cryptography (PQC) implementations on resource-constrained hardware, physically unclonable functions (PUFs) for device authentication, hardware Roots of Trust and secure boot mechanisms, side-channel attack mitigations, and Trusted Execution Environments (TEEs) for microcontroller-class devices. For each domain, we analyze technical mechanisms, deployment constraints (power, memory, cost), security guarantees, and commercial maturity. Our review distinguishes itself through its integration perspective, examining how these primitives must be composed to secure real-world embedded systems, and its emphasis on post-standardization PQC developments. We highlight critical gaps including PQC memory overhead challenges, ML-resistant PUF designs, and TEE developer friction, while documenting commercial progress such as PSA Level 3 certified components and 500+ million PUF-enabled devices deployed. This synthesis provides practitioners with practical guidance for securing the next generation of IoT and embedded systems. Full article

The rapid advancement of quantum computing poses a severe threat to traditional public key cryptosystems. Lattice-based cryptography has emerged as a core candidate for post-quantum cryptography due to its presumed quantum resistance, robust security foundations, and functional versatility, with its concrete security relying on the computational hardness of lattice problems. Existing lattice-based cryptography surveys mainly focus on cryptosystem design, scheme comparisons, and post-quantum cryptography standardization progress, with only cursory coverage of classical lattice algorithms that underpin the concrete security of lattice-based cryptography. We present the first systematic survey of classical lattice algorithms, focusing on two core categories of algorithms for solving lattice problems: approximate algorithms and exact algorithms. The approximate algorithms cover mainstream lattice basis reduction methods such as Lenstra–Lenstra–Lovász (LLL), Block Korkine–Zolotarev (BKZ), and General Sieve Kernel (G6K) algorithms, as well as alternative frameworks. The exact algorithms encompass dominant techniques like enumeration and sieving algorithms, along with alternative strategies. We systematically trace the evolutionary trajectory and inherent logical connections of various algorithms, clarify their core mechanisms, and identify promising future research directions. This survey not only serves as an introductory guide for beginners but also provides a valuable reference for seasoned researchers, facilitating the concrete security evaluation of lattice-based cryptosystems and the design of novel lattice algorithms. Full article

Vehicular ad hoc networks (VANETs) require authentication systems that balance privacy, scalability, and post-quantum security. While lattice-based V-LDAA offers quantum resistance, it faces challenges in signature size, traceability, and integration. We propose post-quantum traceable direct anonymous attestation (PQ-TDAA), combining National Institute of Standards and Technology (NIST)-standard Dilithium2 and Falcon-512 signatures with adapted Beullens-style blind signatures and Fiat–Shamir simplified Schnorr proofs, reducing proof size by 69.2% (8 kB vs. V-LDAA’s 26 kB) and supporting European Telecommunications Standards Institute Technical Specification (ETSI TS) 102 941-compliant traceability through Road Side Unit (RSU)-assisted verification. Evaluated using SageMath, Python 3.11, and NS-3, PQ-TDAA-Falcon-512 achieves 8.1 ms and 49.7 ms end-to-end delays at 10 and 20 vehicles, respectively, with 64.7 Mbps goodput on congested 802.11p channels, showing promise for densities of ≤50 vehicles and advantages over Dilithium2. Real-world validation on ARM Cortex-A76 (Raspberry Pi 5, emulating automotive OBUs) yields sub-0.5 ms V2V cycles within 100 ms beacon intervals, supporting practical embedded deployment. Future work will extend PQ-TDAA to emerging 5G and NR-V2X settings, integrate more realistic mobility and channel models through coupled NS-3 and SUMO co-simulation, and investigate side-channel resistance for enhanced scalability and robustness in real deployments. Full article

Within the Madrid Quantum Communication Infrastructure (MadQCI), a cloud-like, quantum-enabled network scenario has been commissioned to promote the growth of the quantum technology scientific community. This scenario is designed to provide both quantum communication primitives and quantum-enabled services to potential end users. This work focuses on exposing these quantum services in a user-friendly manner by abstracting the underlying technical complexity, letting end users operate without prior knowledge of implementation details. To this end, multiple quantum services—the SD-QKD software stack, QRNG, Quantum-Safe TLS, and Quantum-Safe IPsec as a Service—are offered following the cloud “anything as a service” (XaaS) model. The delivery of quantum-enabled services is therefore researched using an applied and transferable cloud-based paradigm. Full article

The convergence of cyber-physical systems (CPSs), operational technologies (OTs), industrial control systems (ICSs), and quantum computing poses unprecedented challenges for the security and resilience of critical infrastructures (CIs). As quantum capabilities progress, classical cryptographic mechanisms such as RSA and ECC face increasing risks from quantum algorithms (Shor and Grover), while CPS and OT remain constrained by long life cycles, heterogeneity, and limited upgrade capabilities. This study conducts a systematic literature review (SLR) following a GQM-PICO-PRISMA methodological framework to examine 66 primary studies, selected from 1.522 records identified in seven scientific databases and published between 2005 and 2025. The review identifies dominant research domains, ranging from IoT/IIoT security to machine learning-based intrusion detection in CPS/OT environments, and synthesizes key challenges. Findings reveal significant fragmentation in CPS taxonomies, limited integration of post-quantum cryptography (PQC) into OT/ICS protocols, a scarcity of real-world datasets, and insufficient quantum threat modeling (QTM). This work consolidates and structures prior evidence into a literature-derived classification of quantum-era CPS/OT cybersecurity topics and distills a prioritized research agenda for advancing quantum-resilient architectures. Full article

Following the completion of the NIST post-quantum cryptography standardization, Kyber has been adopted as a key encapsulation mechanism (KEM) for quantum-resistant communication. Although lattice-based KEMs provide strong security and efficiency, most existing designs restrict the cyclotomic ring dimension to powers of two, which limits parameter flexibility for heterogeneous and resource-constrained Internet of Things (IoT) devices. In this paper, we propose Fyber, a post-quantum KEM based on the Module Learning With Errors (M-LWE) problem over a module ring defined by the cyclotomic polynomial $f\left(x\right)=x^n-x^{n/2}+1$, where n is a product of powers of 2 and 3. This construction enables mixed-radix parameter selection and allows finer-grained trade-offs between security and efficiency. To further improve performance on constrained platforms, we introduce an efficient non-Gaussian sampling method. The proposed KEM supports flexible security-level stratification for IoT applications, achieving reduced public key and ciphertext sizes for selected parameter sets at the cost of moderately increased computational overhead compared to Kyber, and fills intermediate security gaps between existing standardized parameter sets. Full article

The integration of unmanned aerial vehicles (UAVs) into vehicular ad hoc networks (VANETs) has emerged as a promising solution to overcome the limited coverage of conventional roadside unit (RSU)-based infrastructures. However, UAVs operate in open environments and cannot be fully trusted, while the rapid advancement of quantum computing threatens the long-term security of classical public-key cryptographic systems. As a result, many existing UAV-based VANET authentication schemes face fundamental limitations in future deployments. Most existing schemes either lack post-quantum security or incur excessive computational and communication overhead, making them unsuitable for real-time and high-mobility vehicular environments. In addition, the common assumptions of trusted UAVs do not align with realistic threat models. To address these issues, this paper proposes a lightweight post-quantum authentication and key exchange protocol based on the module learning with errors (MLWE) problem and physically unclonable functions (PUFs). The proposed scheme treats UAVs as untrusted relay nodes and excludes them from session key generation. Its security is evaluated using informal analysis, the real-or-random (RoR) model, BAN logic, and AVISPA, while performance evaluation indicates improved efficiency compared to existing schemes. Full article

Deepfake technology can produce highly realistic manipulated media which pose as significant cybersecurity threats, including fraud, misinformation, and privacy violations. This research proposes a deepfake prevention approach based on symmetric and asymmetric ciphers. Post-quantum asymmetric ciphers were utilized to perform digital signature operations, which offer essential security services, including integrity, authentication, and non-repudiation. Symmetric ciphers were also employed to provide confidentiality and authentication. Unlike classical ciphers that are vulnerable to quantum attacks, this study adopts quantum-resilient ciphers to offer long-term security. The proposed approach enables entities to digitally sign media content before public release on other platforms. End users can subsequently verify the authenticity of content using the public keys of the media creators. To identify the most efficient ciphers to perform cryptography operations required for deepfake prevention, the study explores the implementation of quantum-resilient symmetric and asymmetric ciphers standardized by NIST, including Dilithium, Falcon, SPHINCS+, and Ascon-80pq. Additionally, this research provides comprehensive comparisons between the various classical and post-quantum ciphers in both categories: symmetric and asymmetric. Experimental results revealed that Dilithium-5 and Falcon-512 algorithms outperform other post-quantum ciphers, with a time delay of 2.50 and 251 ms, respectively, for digital signature operations. The Falcon-512 algorithm also demonstrates superior resource efficiency, making it a cost-effective choice for digital signature operations. With respect to symmetric ciphers, Ascon-80pq achieved the lowest time consumption, taking just 0.015 ms to perform encryption and decryption operations. Also, it is a significant option for constrained devices, since it consumes fewer resources compared to standard symmetric ciphers, such as AES. Through comprehensive evaluations and comparisons of various symmetric and asymmetric ciphers, this study serves as a blueprint to identify the most efficient ciphers to perform the cryptography operations necessary for deepfake prevention. Full article

Large organizations face a critical systems integration challenge when executing multiple concurrent security modernization programs. This paper examines the U.S. Department of Defense’s simultaneous implementation of three transformational initiatives—post-quantum cryptography (PQC) migration, Zero Trust Architecture (ZTA) deployment, and AI security assurance—each operating under separate governance structures, timelines, and compliance frameworks. Through systematic evidence synthesis of 59 sources (47 policy/standards documents and 12 performance benchmarks), we identify cross-program dependencies that create integration failures when programs operate in isolation. We propose a shared modernization substrate—a four-layer infrastructure architecture (Cryptographic Services, Identity Management, Analytics Pipeline, Policy Orchestration) that enables coordinated execution while preserving program independence. The framework addresses the fundamental systems challenge of achieving interoperability across programs with misaligned schedules and competing resource demands. We introduce a five-level Triad Convergence Maturity Model (TCMM) with operationalized indicators enabling repeatable organizational assessment. Illustrative application to three DoD modernization contexts demonstrates the framework’s ability to differentiate maturity levels. Performance analysis synthesizes published benchmark data: enterprise PQC latency overhead is modest (measured), while tactical environment estimates of 158–383% overhead are derived from benchmark extrapolation under packet-loss assumptions (modeled). Scenario modeling suggests that coordinated incident response through the substrate architecture could substantially reduce risk exposure windows compared to siloed approaches (modeled). The framework transforms fragmented program execution into synchronized systems modernization, offering practical guidance for chief information officers, program managers, and enterprise architects managing concurrent technology transitions. Full article

Multi-tenancy is essential for scalable IoT–Cloud systems; however, it introduces complex security vulnerabilities at the intersection of shared cloud infrastructures and resource-constrained IoT environments. This systematic review evaluates next-generation security frameworks designed to enforce tenant isolation without violating the strict latency (<10 ms) and energy bounds of lightweight sensors. Adhering to PRISMA guidelines, we analyze selected high-quality studies to categorize intersectional threats, including cross-tenant data leakage, side-channel attacks, and privilege escalation. Our analysis identifies a critical, unresolved conflict: existing mitigation strategies often incur a 12% computational and communication overhead, creating a significant barrier for real-time applications. Furthermore, we critically analyze emerging technologies, including Zero Trust Architectures (ZTA), adaptive Artificial Intelligence (AI), blockchain, and Post-Quantum Cryptography (PQC). We find that direct PQC deployment is currently infeasible for LPWAN protocols due to key-size constraints (1.6 KB) that exceed typical payload limits. To address these challenges, we propose a novel multi-layer security design principle that offloads heavy isolation and cryptographic workloads to hardware-accelerated edge gateways, thereby maintaining tenant isolation without compromising real-time performance. Finally, this review serves as a roadmap for future research, highlighting federated learning and hardware enclaves as essential pathways for securing next-generation multi-tenant IoT ecosystems. Full article

The nascent quantum computing brings unprecedented threats to the security roots of blockchain technology, potentially compromising cryptographic protocols securing decentralized systems. This review paper discusses the developing quantum threat scenario, focusing on the effect of quantum algorithms on traditional cryptographic systems. We critically examine current blockchain architectures, highlighting their vulnerabilities in a post-quantum future. The paper explores newer quantum-resistant cryptographic and modular architectural techniques to enhance blockchain resilience. This review supports comprehensive comprehension of cutting-edge strategies and research gaps by combining the literature addressing quantum threat modeling and post-quantum cryptography in decentralized systems. Full article

Post-quantum cryptography (PQC) provides the essential cryptographic algorithms needed to secure digital networking systems against future adversaries equipped with quantum computing. This paper reviews the PQC research landscape and identifies open challenges and future directions for the critical transition to PQC in digital networking systems. Building on the NIST standardization process which has hardened the PQC cipher algorithm security, this paper analyzes and describes the recent research on PQC implementations and integrations into scalable and standardized networking systems (Internet, web and cellular networks). We review research on the security, side-channel threats, performances, overheads, and compatibility of PQC ciphers. We also study the research incorporating PQC into the standardized web and cellular networking protocols, ranging from testing the PQC feasibility to proposing protocol solutions and mechanisms to enable PQC. Our study highlights the PQC challenge of large parameter sizes, common across the PQC cipher algorithms, and the research proposing protocol- and system-level mechanisms to address them. Informed by the survey, this paper identifies and highlights the research gaps and future directions to facilitate further research and development for PQC and to secure next-generation digital networking systems. Full article

Post-quantum cryptography (PQC) is, and should be, currently dominating the field of cybersecurity, with many works designing and evaluating the transition of communications security to quantum-safe solutions. As the security level and implementations of post-quantum algorithms become more mature, the research on their application to realistic conditions changes accordingly, especially their application to widely adopted network architectures and corresponding protocols such as the Public Key Infrastructure (PKI). In this survey, we identified articles presenting ways of integrating PQC algorithms to PKI and classified related work according to the employed methods and benchmarking choices. The main results from many evaluations converge to similar conclusions on the performance of the most popular PC digital signature algorithms; however, modeling choices concerning architecture variants, hardware and measurement metrics vary. The diversity of the results and experimental setups makes comparison difficult and arrival at an objective conclusion regarding PKI requirements almost impossible. Ultimately, this review reveals a fragmented landscape of benchmarking practices for post-quantum PKI systems. The absence of standardized evaluation frameworks and common test environments limits the comparability and reproducibility of the findings. We aim to provide reference implementations, which are essential to guide the transition of PKI infrastructures toward robust, scalable, and quantum-resistant deployments. Full article