Search Results (196)

Databases serve as critical repositories of digital evidence in criminal investigations, and the recoverability of deleted data is a key determinant of forensic success. Microsoft SQL Server, one of the most widely deployed relational database management systems, has been the subject of multiple forensic studies examining how deleted records persist in physical database files across different acquisition methods. A previous study established a reference baseline using SQL Server 2008 and 2017, demonstrating that the Database Shrink operation causes version-specific and method-specific behavior: under logical collection with Shrink applied in SQL Server 2017, unallocated deleted data becomes fully initialized, rendering recovery impossible—a pattern not observed in SQL Server 2008 or under physical collection in either version. With the release of SQL Server 2025, the most significant architectural update to the platform in a decade, it remained unknown whether these forensic behaviors persist in the latest version. This study replicates the experimental design of in a controlled SQL Server 2025 environment, applying the same deletion scenario (DELETE command without conditions), the same two acquisition methods (logical and physical collection), and the same Shrink condition. The results demonstrate that SQL Server 2025 does not reproduce the version-specific initialization behavior observed in SQL Server 2017: across all four experimental conditions, deleted data residue in unallocated page space remains recoverable, indicating a fundamental change in the interaction between the Shrink operation and the logical collection mechanism. This recoverability is a double-edged property: while it benefits forensic investigators by preserving deleted evidence, it simultaneously represents a data-sanitization risk from a security and privacy standpoint, as deleted records are not reliably erased. These findings provide updated forensic guidance for digital investigators operating in contemporary SQL Server environments. Specifically, the results inform acquisition-method selection in real-world investigations where a suspect may have deleted records and where only a logical backup (.bak) is available to investigators. Full article

This paper presents a low-power hardware implementation of an AES-CCM coprocessor for secure chips in embedded systems. The proposed design performs key expansion only once and stores the round keys in an on-chip RAM to avoid redundant computations. Meanwhile, the S-box module is shared between the key expansion and encryption to reduce hardware overhead. A dual-mode architecture supporting parallel (two-core) and serial (single-core) operations is implemented to adapt to high-throughput and low-power scenarios. The design supports AES-128, with a 1.25 Kb RAM used to store the 10 round keys. Experimental results using TSMC 40 nm technology show that the parallel mode achieves a 5.4% power reduction at the cost of 12.8% area overhead compared with the reference design. The energy efficiency reaches 2.11 pJ/bit in the parallel mode and 2.17 pJ/bit in the serial mode. Full article

The Internet of Vehicles (IoV) is reshaping intelligent transportation through pervasive connectivity, real-time data exchange, cooperative perception, and vehicle–edge–cloud services, while also expanding cybersecurity and privacy risks across heterogeneous cyber–physical environments. This paper presents a PRISMA 2020-informed systematic review of IoV security and privacy protection research. A cross-layer and lifecycle-oriented analytical framework is developed by integrating a four-layer IoV architecture—sensing layer, network access layer, coordinative computing layer, and application layer—with a five-stage data lifecycle covering data collection, transmission, storage, usage, and disposal. Based on this framework, the paper examines representative threat surfaces, vehicle-to-everything (V2X) communication security, public key infrastructure (PKI) based authentication, trust management, privacy-preserving data sharing, intrusion detection, active defense, and AI-assisted security analytics. Privacy-preserving mechanisms, including differential privacy, federated learning, blockchain, homomorphic encryption, and secure multi-party computation, are further compared in terms of deployment layer, lifecycle stage, real-time suitability, and representative performance evidence. In addition, the review discusses the engineering relevance of UNECE WP.29 R155/R156, ISO/SAE 21434, and related national standards, with emphasis on compliance evidence, over-the-air (OTA) governance, supply-chain coordination, and lifecycle cybersecurity management. The review shows that no single protection mechanism can simultaneously satisfy the requirements of real-time performance, scalability, privacy preservation, trustworthiness, and regulatory compliance in dynamic IoV environments. Future research should emphasize lightweight and adaptive protection, cross-layer trust coordination, privacy–utility co-optimization, trustworthy AI-assisted security operations, and evidence-based lifecycle governance. This review provides a structured reference for researchers and a practical basis for secure and privacy-aware IoV system design. Full article

The digital transformation of agrifood systems demands an integrated infrastructure to ensure traceability, trust, and intelligent decision-making across complex and heterogeneous value chains. METROFOOD-IT, a large-scale national research infrastructure in food metrology aligned with the ESFRI METROFOOD-RI, addresses these challenges by combining advanced experimental facilities with a comprehensive digital ecosystem. This paper focuses on the IT kernel of METROFOOD-IT and presents an integrated architectural model that brings together four key technological paradigms: data acquisition through Internet of Things (IoT) and laboratory infrastructures, an Open Data Platform for interoperability and sharing, blockchain-based notarization for integrity and provenance, and Artificial Intelligence (AI) for knowledge extraction and decision support. Rather than describing these components in isolation, the paper abstracts from their implementation within the Italian National Recovery and Resilience Plan (NRRP) project METROFOOD-IT to distill a coherent and reusable architectural pattern in which data management, trust enforcement, and intelligent analytics are tightly coupled. Five explicit design principles are identified and articulated: federated data with centralized metadata, selective on-chain anchoring, user-unobtrusive trust infrastructure, explainability as a first-class architectural concern, and machine learning as the backbone of decision-making. Two empirical case studies—one centered on explainable AI for hyperspectral crop nitrogen assessment and the other on IoT-driven sustainable agriculture monitoring secured by distributed ledger technology—serve a dual role: they motivate and shape the architectural pattern, and they exemplify the operational regimes the resulting design supports. A reference deployment on the Ethereum Sepolia public test network, grounded on an IBM Power E1050 and IBM Storage Scale enterprise substrate, provides quantitative evidence for the proposed hybrid on-chain/off-chain pattern with streaming hash-only notarization. The architecture illustrates how research infrastructures can evolve into integrated digital platforms that enable transparent, verifiable, and scalable agrifood systems, and offers a foundation for generalizable design principles in data-intensive and trust-sensitive settings. Full article

Purpose-aware AI systems are increasingly deployed in safety-critical, multi-agent, and human-facing environments, where they must transform heterogeneous data into timely, explainable, and goal-aligned decisions under uncertainty. Existing architectures often couple perception, reasoning, communication, and security only at the pipeline level. This creates a research gap in unified semantic transformation, purpose-oriented judgment, bounded imperfection handling, and semantic self-protection. To address this gap, this paper proposes a DIKWP+BUG semantic–cognitive reference architecture for artificial-consciousness-oriented computing, without claiming definitive artificial consciousness. The architecture represents cognition through the Data–Information–Knowledge–Wisdom–Purpose (DIKWP) model and uses BUG theory to model bounded approximation, incomplete evidence, and confidence miscalibration in cross-dimensional reasoning. The model is mapped to an Artificial Consciousness Processing Unit (ACPU) reference substrate, an Artificial Consciousness Operating System (ACOS), a DIKWP semantic communication subsystem, and a concept–semantic fused security subsystem. The components are implemented through runtime emulation and evaluated in smart-city governance, autonomous-driving, and medical-triage simulations. Compared with selected baselines, the prototype increased cognitive throughput from $4.5\mathrm{k}$ to $7.8\mathrm{k}$ logged events, reduced perception–action latency from $340\mathrm{ms}$ to $120\mathrm{ms}$, reduced CPU utilization from $95\%$ to $68\%$, lowered smart-city congestion duration by $30\%$, improved emergency response time by approximately $40\%$, achieved 0 collisions versus approximately $2/10$ baseline IoV runs, and improved medical-triage accuracy from $85\%$ to $92\%$. These online-runtime results provide initial feasibility evidence under controlled simulation conditions; they do not include offline model-preparation costs and therefore should not be interpreted as end-to-end lifecycle speedups. Matched-compute ablation, statistical benchmarking, hardware prototyping, and real-world validation remain future work. Full article

The increasing interconnectivity and digital transformation of Communication, Navigation, and Surveillance (CNS) systems have expanded their attack surface, rendering traditional perimeter-based security models inadequate for protecting these critical infrastructures. Zero Trust Architecture (ZTA), founded on the principle of “never trust, always verify,” offers a paradigm shift towards continuous, context-aware security. This paper presents a literature review investigating the application of ZTA principles to secure modern CNS ecosystems, following the guidelines of the International Civil Aviation Organization (ICAO) through its Cybersecurity Strategy and Plan. We analyze the alignment of ZTA core tenets—such as least-privilege access, micro-segmentation, and continuous authentication—with the unique operational requirements of CNS systems. This paper also presents a cybersecurity framework, under development within the Future Communications Digital Infrastructure (FCDI) project of the SESAR JU program, which aims to assist CNS stakeholders in collaboratively identifying cybersecurity threats within their scope of responsibility. The review critically examines implementation challenges for specific CNS subsystems: secure aeronautical communications (e.g., LDACS), resilient PNT (Positioning, Navigation, and Timing) services, and integrated surveillance networks (e.g., ADS-B, multilateration). Furthermore, we identify and evaluate domain-specific challenges, including integration with legacy avionics and ground systems, managing stringent latency and reliability constraints, and protecting against sophisticated threats targeting supply chains and data fusion processes. By synthesizing current research and practical deployment insights, this review aims to provide a foundational reference for aerospace engineers, cybersecurity specialists, and policymakers, offering a roadmap to enhance the cyber-resilience of vital CNS infrastructure in an era of evolving digital threats. Full article

Deep learning is increasingly used in cybersecurity to detect, classify, prioritize, and explain evidence from network traffic, logs, binaries, graphs, text, code, and multimodal telemetry. However, the literature remains fragmented across tasks, datasets, architectures, trustworthiness properties, and deployment settings, making it difficult to judge whether benchmark performance transfers to operational cyber defense workflows. This paper presents a structured narrative review with an evidence-oriented synthesis, not a Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA)-counted systematic review. The synthesis uses a de-duplicated cited-source bibliography of 115 references as an evidence-mapping corpus; this corpus is reported for transparency and is not presented as a PRISMA final-inclusion set. The evidence map is organized through a five-axis framework: security task, data modality, model family, trustworthiness property, and deployment environment. In response to methodological and scope concerns common in broad survey work, the revision narrows the claims to a transparent cited-source synthesis, defines explicit inclusion boundaries, adds a data-charting codebook, reports non-exclusive coded emphasis matrices, and introduces practical tables for dataset selection, split protocols, deployment-reporting targets, and large language model (LLM)-enabled security operations center (SOC) risk controls. Across application areas, the reviewed literature indicates that benchmark accuracy is necessary but insufficient. Deployment readiness also depends on adversarial robustness, privacy protection, explainability, uncertainty calibration, drift handling, reproducibility, resource-aware resilience, and computational feasibility. The review identifies persistent gaps in temporal validation, cross-dataset testing, analyst-centered explanation, secure learning pipelines, agentic-LLM safety, and edge-aware deployment. The resulting research agenda emphasizes accurate, resilient, privacy-aware, explainable, reproducible, and deployable cybersecurity artificial intelligence systems. Full article

Critical infrastructures are increasingly Internet-connected cyber–physical systems whose recovery after cyber incidents must satisfy safety, timing, regulatory, and interdependency constraints. Yet, the use of large language models (LLMs) for generating recovery plans remains fragmented across cybersecurity, industrial control, digital twins, and AI assurance research. This review synthesizes that emerging field through a structured critical survey of studies on LLMs in incident response, OT/ICS resilience, and cyber–physical recovery, with a focused perspective on grounding, trust, and assurance mechanisms relevant to recovery-plan generation. It develops an architecture-centric taxonomy spanning prompt-only assistants, retrieval-augmented copilots, graph-aware planners, multi-agent systems, and hybrid verification/simulation pipelines; maps realistic applications across energy, water, manufacturing, transportation, healthcare, and telecommunications; and organizes limitations into technical, security, governance, and human-factor categories. Based on this synthesis, the paper proposes the Grounded Recovery Planning Stack as a reference architecture and outlines a staged roadmap from human-in-the-loop copilots to bounded orchestration. The main conclusion is that near-term value lies in grounded, auditable, compliance-aware copilots, whereas autonomous recovery execution remains premature without stronger validation, state-aware grounding, sector-specific benchmarks, and formal safeguards. Full article

This work presents a case study of a Large Language Model based system for automated classification of student survey responses. The system processes 22,286 open-text responses collected from 2062 students across 12 academic programs and 21 nationalities spanning the years 2010–2025. The system architecture has been deployed on institutional servers for security, while integrating databases, an asynchronous task queue for processing, a web-based service layer, and distributed background workers that interact with remote LLM inference services. This work provides a practical reference framework for educational institutions aiming to responsibly and effectively operationalize LLMs in real-world applications. Full article

In security and tactical surveillance applications, unmanned aerial vehicle (UAV) detection systems must provide both reliable recognition and stable real-time operation under communication-constrained conditions. However, remote server-based surveillance can suffer from unstable response times when the display or output path depends on a degraded network. This study formulates edge-based UAV surveillance under a network-denied operating condition as a stochastic latency-decomposition and constrained runtime-feasibility problem. The total system latency is decomposed into inference, processing, and display/I/O components, and an SSH X11-based lossless display-path proxy is used to examine how network-coupled output transmission can dominate the runtime path. In contrast, a Jetson AGX Orin-based edge implementation performs UAV detection, tracking, threat assessment, visualization, and output locally. A YOLO26-based reference detector accelerated with TensorRT and FP16 is evaluated using a high-resolution UAV dataset consisting of approximately 25,000 images from nine UAV classes. Five-fold cross-validation produced an mAP@0.5 of 0.7890 ± 0.0653. Runtime evaluation showed that the optimized edge system achieved 31.49 ± 2.49 FPS at SD resolution, satisfying the strict 30 FPS real-time condition, while HD resolution achieved 26.72 ± 1.31 FPS as a near-real-time high-detail mode. Under the SSH X11 proxy condition, the FHD runtime dropped to 4.85 ± 2.53 FPS with substantially increased display latency. These results indicate that real-time UAV surveillance depends not only on detector inference speed but also on execution architecture and display-path dependency, supporting the practical importance of network-independent edge deployment under communication-degraded conditions. Full article

Institutional adoption of blockchain technology in supply chains, healthcare, and public administration remains constrained. Organizations that manage digital assets on behalf of large numbers of non-technical users lack custody architectures suited to their scale. Existing approaches either require users to manage private keys directly; rely on centralized custodians that store encrypted keys; or depend on distributed protocols such as multi-party computation, which impose substantial infrastructure and coordination overhead. This paper presents CryptoVault, a stateless custody architecture for institutional blockchain deployments that derives private keys on demand from a single master seed using BIP-44 hierarchical deterministic (HD) wallets, eliminating persistent storage entirely. Only an AES-256-GCM-encrypted derivation index is persisted per wallet; the corresponding private key is re-derived at signing time and discarded immediately after use, ensuring no private key material ever rests on disk. The security model requires the simultaneous compromise of three independent components (the encrypted derivation index, the encryption key, and the master seed) for full key recovery, compared to two components in custody systems that persist encrypted private keys. An empirical evaluation under concurrent load demonstrates 13 to 22 ms steady-state signing latency on development hardware, with re-derivation accounting for approximately 4 to 7% of that total, confirming that on-demand derivation introduces negligible overhead. Thus, CryptoVault has been validated against an agricultural cooperative deployment as a representative institutional scenario, with an architecture that generalizes to any organization managing wallets on behalf of users who have no direct interaction with cryptographic material. A reference implementation is available as open-source software. Full article

In the era of cloud computing and serverless architectures, the security of applications and services has become a critical challenge. Serverless computing, often referred to as function as a service (FaaS), is a cloud computing model that allows developers to build and run applications without the need to manage traditional server infrastructure. Serverless architectures have gained popularity in cloud computing due to their flexibility and ability to scale automatically based on demand. These architectures are based on executing functions without the need to manage the underlying infrastructure. Denial of wallet (DoW) attacks refer to a type of cyberattack that aims to exploit and exhaust the financial resources of an organization by triggering excessive costs or charges within their cloud or serverless computing environment, exploiting characteristics such as the pay-as-you-go model, auto-scaling, limited control, and cost amplification. This research aims to assess existing methods for detecting distributed denial of service (DDoS) attacks and extend their application to detect denial of wallet (DoW) threats, leveraging a dataset tailored to serverless architectures. We investigate various strategies and techniques that employ entropy, machine learning and deep learning algorithms to enable early detection of DDoS and DoW attacks in serverless environments. This research provides insights into the options that are available for detecting DoW attacks in serverless environments, allowing security professionals and developers to make decisions on the most appropriate solutions to protect their applications and cloud services. Full article

Diffusion models have achieved groundbreaking progress in image generation, text-to-image, and other multimodal generation tasks, becoming the mainstream architecture in the field of generative artificial intelligence. However, studies have shown that diffusion models are vulnerable to backdoor attacks. By injecting specific triggers into the training data, attackers can manipulate the model to generate preset target images during the inference phase, posing a serious security threat. Existing defense methods suffer from three major limitations: detection methods typically rely on prior knowledge of specific attack types or require large amounts of real data; removal methods lack theoretical modeling of the intrinsic mechanism of backdoor injection; and there is no unified, low-data-dependency defense framework. To address the above issues, this paper proposes a unified defense framework named DIFFDEFEND. For the first time, it summarizes the essence of backdoor injection as “layer-by-layer propagation of distribution shifts” and designs a complete solution that achieves high-precision detection and effective removal without requiring real data. Specifically, this paper first proposes a multi-stage joint trigger inversion method that exploits the consistency constraints of distribution shifts across multiple time steps to achieve stable recovery of the trigger. Second, it constructs a dual-modal detector that combines the uniformity score of generated images with total variation loss to achieve high-precision identification of backdoored models. Finally, it designs a distribution-guided purification mechanism that freezes a clean reference model and optimizes the removal loss and retention loss, rapidly eliminating backdoor effects without relying on real data while preserving the model’s generation quality. Extensive experiments on three mainstream architectures—DDPM, NCSN, and LDM—and 13 different samplers demonstrate that DIFFDEFEND achieves near-100% detection accuracy, reduces the backdoor attack success rate to nearly 0, and keeps the model’s generation quality essentially unchanged, significantly outperforming existing methods. Full article

Artificial intelligence is increasingly embedded in cyber–physical systems that coordinate sensing, computation, communication, and control across critical and semi-critical physical environments. Within the European Union, however, its adoption is shaped not only by technological maturity and economic value, but also by an increasingly dense regulatory landscape governing data processing, cybersecurity, product security, accountability, traceability, interoperability, and safety-relevant deployment. A PRISMA ScR-informed scoping review is used to examine how European Union regulation influences artificial intelligence adoption across four representative domains: energy and smart grids, smart buildings, mobility and transport systems, and industrial and manufacturing environments. The analysis draws on primary legal sources, the peer-reviewed literature, and policy and standards-related materials, and is structured around three dimensions: regulatory barriers, technological and architectural challenges, and cross-sector implications for governance, innovation, and competitiveness. The results show that regulation functions simultaneously as a constraint and an enabling condition. It increases compliance burden, raises integration complexity, and slows deployment in higher risk settings, while promoting trustworthy artificial intelligence, stronger cybersecurity, lifecycle governance, clearer accountability, and more interoperable digital infrastructures. The central finding is that regulation is not external to artificial intelligence adoption in cyber–physical systems, but actively shapes the design space within which such systems can be developed, integrated, validated, and scaled. Future progress therefore depends on regulation-aware systems engineering, stronger implementation guidance, and cross-sector reference architectures capable of aligning legal compliance with technical architecture and operational value creation. Full article

Continuous-variable quantum communication (CVQC) operates under finite-resolution inference (finite data windows, calibration uncertainty, and estimator tolerances) and hardware control/readout limits that can be exploited by structured and adversarial disturbances. We study a feedback-inspired phase-space modulation strategy for implementation-layer resilience under DoS-like receiver-observable stress (e.g., fluctuation inflation, phase reference destabilization, or interface non-idealities), rather than proposing a protocol-level security proof. We propose a phase-first framework in which the defender selects a phase-space rotation angle $\theta$ (and, in principle, a squeezing parameter r) to minimize a receiver-observable centered second-moment degradation proxy, emphasizing containment rather than disturbance inversion. Because platforms expose different native observables, we evaluate phase-first modulation using two complementary tracks: (i) in theory/simulation, we monitor basis-dependent quadrature variance and covariance-derived summaries formed from mean-subtracted second moments so that $\Delta E_{\mathrm{cov}}$ reflects covariance inflation rather than coherent displacement; (ii) in the X8_01 hardware workflow, the readout is Fock sampling; thus, we use the shot-to-shot standard deviation ${\sigma }_N\left(\theta \right):=\sqrt{\widehat{Var}\left(N\left(\theta \right)\right)}$, where $N\left(\theta \right)$ denotes the shot-level detected count random variable at fixed $\theta$. In the reported hardware workflow, this shot-level count is formed by aggregating the returned Fock counts prior to postprocessing. We emphasize that ${\sigma }_N\left(\theta \right)$ is not claimed to estimate $Tr\left(V\right)$; it is an implementation-layer variability proxy aligned with the available readout. Our experimental validation is restricted to phase-only control instantiated as offline phase selection via one-dimensional grid search over $\theta$. Across numerical simulations and hardware phase-angle scans on Xanadu’s X8_01 photonic quantum processor, we find that static operating points can be brittle under strong DoS-like stress, whereas optimized phase selection can materially reduce a receiver-observed degradation proxy even without real-time feedback. Since $Tr\left(V\right)$ is invariant under pure rotations for phase-independent additive noise and ideal photon-number probabilities are invariant under a terminal Fock-basis phase gate, any observed $\theta$-dependence is interpreted operationally as evidence of a phase-dependent effective disturbance/measurement channel at the receiver interface. Simulation-only analyses indicate additional upside when squeezing is available, motivating future extensions incorporating higher-rate re-optimization, feedback-assisted architectures, and extended Gaussian control when available. Full article