Search Results (36)

Background/Objectives: During kidney failure, chronic hemodialysis therapy (HD) is required to replace lost renal function, and patients on regular HD frequently report xerostomia. This systematic review and meta-analysis aims to compare salivary flow rates between patients with kidney failure on HD and healthy controls and to evaluate acute changes in salivary secretion before and after a dialysis session. Methods: A systematic review was conducted in accordance with PRISMA guidelines. PubMed, Web of Science, and Embase were searched for observational studies quantifying salivary flow rates in adult patients with kidney failure on chronic hemodialysis versus healthy controls or pre- versus post-dialysis. Data on salivary flow rates were extracted and stratified by subtype (whole or gland-specific) and condition (stimulated or unstimulated), along with key study characteristics including participant demographics, saliva collection methods, and dialysis duration. Study quality was appraised using NHLBI tools and categorized as poor, fair, or good. Where ≥2 homogeneous datasets existed, random-effects meta-analyses (α = 0.05) were performed to estimate mean differences (95% CI) for each salivary parameter; heterogeneity was evaluated via I². Results: A total of 20 studies (13 cross-sectional, 7 before-after) met inclusion, of which 17 studies (with a total of 1224 HD patients and 548 controls) were meta-analyzed. Compared with controls, HD patients showed lower secretion rates of unstimulated whole saliva (UWS: MD −0.11 mL/min; 95% CI −0.20 to −0.02; I² = 94%) and stimulated whole saliva (SWS: MD −0.77 mL/min; 95% CI −0.94 to −0.60; I² = 92%), whereas stimulated parotid saliva (SPS) did not differ significantly (MD −0.08 mL/min; 95% CI −0.77 to 0.60; I² = 96%). In before-after analyses, both UWS (MD +0.15 mL/min; 95% CI 0.02–0.28; I² = 90%) and SWS (MD +0.20 mL/min; 95% CI 0.14–0.26; I² = 0%) increased immediately post-HD. Conclusions: Despite methodological challenges and population heterogeneity, the evidence indicates salivary hypofunction in HD patients and improvement after hemodialysis. The magnitude of these effects seems influenced by underlying comorbidities (notably diabetes), HD duration, and methodological factors. Since saliva is of major importance to maintaining good oral health, recognizing and managing dry mouth should therefore be part of the comprehensive care of patients with kidney failure. Full article

Internet of Things (IoT) user authentication protocols enable secure authentication and session key negotiation between users and IoT devices via an intermediate server, allowing users to access sensor data or control devices remotely. However, the existing IoT user authentication schemes often assume that the servers (registration center and intermediate servers) are fully trusted, overlooking the potential risk of insider attackers. Moreover, most of the existing schemes lack critical security properties, such as resistance to ephemeral secret leakage attacks and offline password guessing attacks, and they are unable to provide perfect forward security. Furthermore, with the rapid growth regarding IoT devices, the servers must manage a large number of users and device connections, making the performance of the authentication scheme heavily reliant on the server’s computational capacity, thereby impacting the system’s scalability and efficiency. The design of security protocols is based on the underlying security model, and the current IoT user authentication models fail to cover crucial threats like insider attacks and ephemeral secret leakage. To overcome these limitations, we propose a new security model, IoT-3eCK, which assumes semi-trusted servers and strengthens the adversary model to better meet the IoT authentication requirements. Based on this model, we design an efficient protocol that ensures user passwords, biometric data, and long-term keys are protected from insider users during registration, mitigating insider attacks. The protocol also integrates dynamic pseudo-identity anonymous authentication and ECC key exchange to satisfy the security properties. The performance analysis shows that, compared to the existing schemes, the new protocol reduces the communication costs by over 23% and the computational overhead by more than 22%, with a particularly significant reduction of over 95% in the computational overhead at the intermediate server. Furthermore, the security of the protocol is rigorously demonstrated using the random oracle model and verified with automated tools, further confirming its security and reliability. Full article

The French Society of Toxinology (SFET) held its 30th Annual Meeting (RT30) on 2–3 December 2024 at Hôtel Le Saint Paul in Nice, France, on the beautiful French Riviera. It was the first time that the event was organized outside of Paris. The meeting brought together 74 participants and focused on the main theme, “Unlocking the Deep Secrets of Toxins”, which delved into cutting-edge research in the field of animal venoms and toxins from animal, plant, fungal, algal, mold and bacterial sources. The event emphasized the dynamic and ever-evolving nature of toxins, often influenced by environmental factors, their interactions with molecular or cellular ligands, their mechanisms of action and their potential applications in therapy. These key topics were explored in depth during oral communications and poster sessions across three main thematic areas, each dedicated to a specific aspect of toxinology. A fourth, more general session provided an opportunity for participants to present recent work that fell outside the main themes but still contributed valuable insights to the broader field. This report presents the abstracts of seven of the invited lectures, fifteen of the selected lectures and sixteen of the posters, following the authors’ agreement to publish them. Additionally, the names of the “Best Oral Communication” and “Best Poster” awardees are highlighted, recognizing the outstanding contributions made by early-career researchers and their innovative work in toxinology. Full article

IoT-based applications require effective anonymous authentication and key agreement (AKA) protocols to secure data and protect user privacy due to open communication channels and sensitive data. While AKA protocols for these applications have been extensively studied, achieving anonymity remains a challenge. AKA schemes using one-time pseudonyms face resynchronization issues after desynchronization attacks, and the high computational overhead of bilinear pairing and public key encryption limits its applicability. Existing schemes also lack essential security features, causing issues such as vulnerability to ephemeral secret leakage attacks and key compromise impersonation. To address these issues, we propose two novel AKA schemes, PUAKA and RCAKA, designed for different IoT traffic patterns. PUAKA improves end device anonymity in the periodic update pattern by updating one-time pseudonyms with authenticated session keys. RCAKA, for the remote control pattern, ensures anonymity while reducing communication and computation costs using shared signatures and temporary random numbers. A key contribution of RCAKA is its ability to resynchronize end devices with incomplete data in the periodic update pattern, supporting continued authentication. Both protocols’ security is proven under the Real-or-Random model. The performance comparison results show that the proposed protocols exceed existing solutions in security features and communication costs while reducing computational overhead by 32% to 50%. Full article

In edge–cloud collaboration scenarios, data sharing is a critical technological tool, yet smart devices encounter significant challenges in ensuring data-sharing security. Attribute-based keyword search (ABKS) is employed in these contexts to facilitate fine-grained access control over shared data, allowing only users with the necessary privileges to retrieve keywords. The implementation of secure data sharing is threatened since most of the current ABKS protocols cannot resist keyword guessing attacks (KGAs), which can be launched by an untrusted cloud server and result in the exposure of sensitive personal information. Using attribute-based encryption (ABE) as the foundation, we build a secure data exchange paradigm that resists KGAs in this work. In our paper, we provide a secure data-sharing framework that resists KGAs and uses ABE as the foundation to achieve fine-grained access control to resources in the ciphertext. To avoid malicious guessing of keywords by the cloud server, the edge layer computes two encryption session keys based on group key agreement (GKA) technology, which are used to re-encrypt the data user’s secret key of the keyword index and keyword trapdoor. The model is implemented using the JPBC library. According to the security analysis, the model can resist KGAs in the random oracle model. The model’s performance examination demonstrates its feasibility and lightweight nature, its large computing advantages, and lower storage consumption. Full article

Vehicular ad-hoc networks (VANETs) can significantly improve the level of urban traffic management. However, the sender unlinkability has become an intricate issue in the field of VANETs’ encryption. As the sender signcrypts a message, the receiver has to use the sender’s identity or public key to decrypt it. Consequently, the sender can be traced using the same identity or public key, which poses some security risks to the sender. To address this issue, we present an unlinkable and revocable signcryption scheme (URSCS), where an efficient and powerful signcryption mechanism is adopted for communication. The sender constructs a polynomial to generate a unique session key for each communication, which is then transmitted to a group of receivers, enabling the same secret message to be sent to multiple receivers. Each time a secret message is sent, a new key pair is generated, and an anonymization mechanism is introduced to conceal the true identity of the vehicle, thus preventing malicious attackers from tracing the sender through the public key or the real identity. With the introduction of the identification public key, this scheme supports either multiple receivers or a single receiver, where the receiver can be either road side units (RSUs) or vehicles. Additionally, a complete revocation mechanism is constructed with extremely low communication overhead, utilizing the Chinese remainder theorem (CRT). Formal and informal security analyses demonstrate that our URSCS scheme meets the expected security and privacy requirements of VANETs. The performance analysis shows that our URSCS scheme outperforms other represented schemes. Full article

For the secure deployment of network platforms tailored for IoT devices, the encryption of data transmission is equally as crucial as the process of authentication. In this context, we introduce the Secure and Scalable IoT network (SSI) network platform, designed to accommodate a diverse range of IoT devices. It provides scalability and implements effective many-to-many and end-to-end encryption across extensive regions. With the emergence of quantum computing, secure public key exchange mechanisms have become important. Among the various post-quantum cryptography (PQC) algorithms assessed, Nth Degree Truncated Polynomial Ring Units (NTRUs) have emerged as an optimally suited PQC algorithm for IoT devices constrained by limited computational capabilities. We have integrated NTRUs with SSI as a lightweight PQC solution. Moreover, SSI-PQM (Post-Quantum MACsec) enhances the SSI’s initial authentication structure to minimize PQC-TLS session attempts and protect the SSI’s important configuration information. When applying TLS with PQC for secret key exchange purposes, it was verified that this approach ensures stable performance in IoT environments. Upon the implementation of our proposed SSI-PQM on Raspberry Pi 3B+ based IoT devices, SSI-PQM exhibited acceptable performance at security levels from 80 to 128 and achieved a minimum speed improvement of 161% over RSA at security levels above 160. It can be concluded that SSI-PQM stands out as an effective Zero Trust-based IoT network platform, demonstrating its viability and efficiency in safeguarding data transmission against potential quantum computing threats. Full article

Smart grids integrate information technology, decision support systems, communication networks, and sensing technologies. All these components cooperate to facilitate dynamic power adjustments based on received client consumption reports. Although this brings forth energy efficiency, the transmission of sensitive data over the public internet exposes these networks to numerous attacks. To this end, numerous security solutions have been presented recently. Most of these techniques deploy conventional cryptographic systems such as public key infrastructure, blockchains, and physically unclonable functions that have either performance or security issues. In this paper, a fairly efficient authentication scheme is developed and analyzed. Its formal security analysis is carried out using the Burrows–Abadi–Needham (BAN) logic, which shows that the session key negotiated is provably secure. We also execute a semantic security analysis of this protocol to demonstrate that it can resist typical smart grid attacks such as privileged insider, guessing, eavesdropping, and ephemeral secret leakages. Moreover, it has the lowest amount of computation costs and relatively lower communication overheads as well as storage costs. Full article

5G acts as a highway enabling innovative digital transformation and the Fourth Industrial Revolution in our lives. It is undeniable that the success of such a paradigm shift hinges on robust security measures. Foremost among these is primary authentication, the initial step in securing access to 5G network environments. For the 5G primary authentication, two protocols, namely 5G Authentication and Key Agreement (5G-AKA) and Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA′), were proposed and standardized, where the former is for 3GPP devices, and the latter is for non-3GPP devices. Recent scrutiny has unveiled vulnerabilities in the 5G-AKA protocol, exposing it to security breaches, including linkability attacks. Moreover, mobile communication technologies are dramatically evolving while 3GPP has standardized Authentication and Key Management for Applications (AKMA) to reuse the credentials, generated during primary authentication, for 5G network applications. That makes it so significant for 5G-AKA to be improved to support forward secrecy as well as address security attacks. In response, several protocols have been proposed to mitigate these security challenges. In particular, they tried to strengthen security by reusing secret keys negotiated through the Elliptic Curve Integrated Encryption Scheme (ECIES) and countering linkability attacks. However, they still have encountered limitations in completing forward secrecy. Motivated by this, we propose an augmentation to 5G-AKA to achieve forward security and thwart linkability attacks (called 5G-AKA-FS). In 5G-AKA-FS, the home network (HN), instead of using its static ECIES key pair, generates a new ephemeral key pair to facilitate robust session key negotiation, truly realizing forward security. In order to thoroughly and precisely prove that 5G-AKA-FS is secure, formal security verification is performed by applying both BAN Logic and ProVerif. As a result, it is demonstrated that 5G-AKA-FS is valid. Besides, our performance comparison highlights that the communication and computation overheads are intrinsic to 5G-AKA-FS. This comprehensive analysis showcases how the protocol effectively balances between security and efficiency. Full article

To support more complex and robust online services, enterprise-class applications prefer to interconnect multiple servers as the pedestal to enhance the system’s interoperability. However, the multiserver architecture always struggles to reconcile the trade-off between convenience and security, leaving users exposed to a variety of network attack threats. Existing security authentication schemes based on the Chebyshev Chaotic Map for multiserver architectures cannot provide three-factor (including password, biometric feature, and smart card) security. Therefore, we propose a novel Physical-Unclonable-Function-based Lightweight Three-Factor Authentication (PUF-LTA) scheme, which can achieve three-factor security. The PUF-LTA scheme mainly includes two components: (1) PUF-assisted registration and (2) lightweight mutual authentication with one-time interaction. During the PUF-assisted registration process, to defend against side-channel attacks on smart cards, the login credentials of users are XORed with the unique identifier generated by the PUF so that the adversary cannot obtain these secret login credentials. During the lightweight mutual authentication process, we combine the Chebyshev polynomial map and symmetric encryption/decryption to negotiate the session key between users and servers, which only needs one interaction. The security performance of PUF-LTA is theoretically proved by leveraging the random oracle model. In contrast with relevant multiserver authentication schemes, PUF-LTA is more efficient and suitable for resource-constrained multiserver environments because it can ensure secure three-factor authentication and support flexible biometrics and password updates with less computation cost. Full article

Unmanned aerial vehicles have found applications in fields such as environmental monitoring and the military. Although the collected data in some of these application domains are sensitive, public channels are deployed during the communication process. Therefore, many protocols have been presented to preserve the confidentiality and integrity of the exchanged messages. However, numerous security and performance challenges have been noted in the majority of these protocols. In this paper, an elliptic curve cryptography (ECC) and symmetric key-based protocol is presented. The choice of ECC was informed by its relatively shorter key sizes compared to other asymmetric encryption algorithms such as the Rivest–Shamir–Adleman (RSA) algorithm. Security analysis showed that this protocol provides mutual authentication, session key agreement, untraceability, anonymity, forward key secrecy, backward key secrecy, and biometric privacy. In addition, it is robust against smart card loss, password guessing, known secret session temporary information (KSSTI), privileged insider, side-channeling, impersonation, denial-of-service (DoS), and man-in-the-middle (MitM) attacks. The comparative performance evaluation showed that it has relatively low computation, storage, and communication complexities. Full article

The latest version of ZigBee offers improvements in various aspects, including its low power consumption, flexibility, and cost-effective deployment. However, the challenges persist, as the upgraded protocol continues to suffer from a wide range of security weaknesses. Constrained wireless sensor network devices cannot use standard security protocols such as asymmetric cryptography mechanisms, which are resource-intensive and unsuitable for wireless sensor networks. ZigBee uses the Advanced Encryption Standard (AES), which is the best recommended symmetric key block cipher for securing data of sensitive networks and applications. However, AES is expected to be vulnerable to some attacks in the near future. Moreover, symmetric cryptosystems have key management and authentication issues. To address these concerns in wireless sensor networks, particularly in ZigBee communications, in this paper, we propose a mutual authentication scheme that can dynamically update the secret key value of device-to-trust center (D2TC) and device-to-device (D2D) communications. In addition, the suggested solution improves the cryptographic strength of ZigBee communications by improving the encryption process of a regular AES without the need for asymmetric cryptography. To achieve that, we use a secure one-way hash function operation when D2TC and D2D mutually authenticate each other, along with bitwise exclusive OR operations to enhance cryptography. Once authentication is accomplished, the ZigBee-based participants can mutually agree upon a shared session key and exchange a secure value. This secure value is then integrated with the sensed data from the devices and utilized as input for regular AES encryption. By adopting this technique, the encrypted data gains robust protection against potential cryptanalysis attacks. Finally, a comparative analysis is conducted to illustrate how the proposed scheme effectively maintains efficiency in comparison to eight competitive schemes. This analysis evaluates the scheme’s performance across various factors, including security features, communication, and computational cost. Full article

Authenticated key agreement is a process in which protocol participants communicate over a public channel to share a secret session key, which is then used to encrypt data transferred in subsequent communications. LLAKEP, an authenticated key agreement protocol for Energy Internet of Things (EIoT) applications, was recently proposed by Zhang et al. While the proposed protocol has some interesting features, such as putting less computation on edge devices versus the server side, its exact security level is unclear. As a result, we shed light on its security in this paper through careful security analysis against various attacks. Despite the designers’ security claims in the random oracle model and its verification using GNY logic, this study demonstrates that this protocol has security weaknesses. We show that LLAKEP is vulnerable to traceability, dictionary, stolen smart glass, known session-specific temporary information, and key compromise impersonation attacks. Furthermore, we demonstrate that it does not provide perfect forward secrecy. To the best of our knowledge, it is the protocol’s first independent security analysis. To overcome the LLAKEP vulnerabilities, we suggested the LLAKEP${}^{+}$ protocol, based on the same set of cryptographic primitives, namely the one-way hash function and ECC point multiplication. Our comprehensive security analysis demonstrates its resistance to different threats, such as impersonation, privileged insider assaults, and stolen smart glass attacks, along with its resistance to sophisticated assaults, such as key compromised impersonation (KCI) and known session-specific temporary information (KSTI). The overhead of the proposed protocol is acceptable compared to the provided security level. Full article

Recently, Zerrouki et al. proposed a Physically Unclonable Function (PUF) mutual authentication and session key establishment protocol for IoT (Internet of Things) devices. Zerrouki et al.’s PUF protocol is interesting because it does not require the storage of any sensitive information on the local memory of the IoT device, which avoids many potential attacks, especially side-channel attacks. Therefore, we carefully investigate the security of Zerrouki et al.’s PUF protocol under the leakage assumption of the session key. Our findings are in the following. First, Zerrouki et al.’s PUF protocol fails to provide known-key security. That is, the adversary can impersonate not only the server to cheat the IoT device but also the IoT device to cheat the server when the adversary corrupts a session key between the server and the IoT device. Second, Zerrouki et al.’s PUF protocol suffers from the key-compromise impersonation attack. It means that the adversary can impersonate the IoT device to cheat the server if the adversary discloses the server’s secret key. Third, Zerrouki et al.’s PUF protocol does not support backward secrecy for the session key. That is, the adversary is always able to derive the session key from the previous session key. We also suggest the root cause of these security flaws in Zerrouki et al.’s PUF protocol. As a case study, our cryptanalysis results would promote a security model for more robust and efficient PUF authentication and session key establishment protocol. Moreover, our idea of the key compromise can be used to evaluate other novel PUF protocol designs. Full article

A distinct security protocol is necessary for the exponential growth in intelligent edge devices. In particular, the autonomous devices need to address significant security concern to function smoothly in the high market demand. Nevertheless, exponential increase in the connected devices has made cloud networks more complex and suffer from information processing delay. Therefore, the goal of this work is to design a novel server-less mutual authentication protocol for the edge networks. The aim is to demonstrate an autonomous mutual authentication amongst the connected smart devices within the edge networks. The solution addresses applications of autonomous cars, smart things, and Internet of Things (IoT) devices in the edge or wireless sensor networks (WSN), etc. In this paper, the design proposes use of a public-key system, octet-based balanced-tree transitions, challenge–response mechanism, device unique ID (UID), pseudo-random number generator (PRNG), time-stamps, and event specific session keys. Ultimately, server-less design requires less infrastructure and avoids several types of network-based communication attacks, e.g., impersonating, Man in the middle (MITM), IoT-DDOS, etc. Additionally, the system overhead is eliminated by no secret key requirements. The results provide sufficient evidence about the protocol market competitiveness and demonstrate better benchmark comparison results. Full article