Search Results (304)

Image watermarking is an essential technique for protecting the copyright of digital images. This paper proposes a novel color image watermarking algorithm based on the Walsh–Hadamard Transform (WHT). By analyzing the differences among WHT coefficients, an asymmetric embedding position selection strategy is designed to enhance the robustness of the algorithm. Specifically, the color image is first separated into red (R), green (G), and blue (B) channels, each of which is divided into non-overlapping 4 × 4 blocks. Then, suitable embedding regions are selected based on the entropy of each block. Finally, the optimal embedding positions are determined by comparing the differences between WHT coefficient pairs. To ensure watermark security, the watermark is encrypted using Logistic chaotic map prior to embedding. During the extraction phase, the watermark is recovered using the chaotic key and the pre-stored embedding position information. Extensive simulation experiments are conducted to evaluate the effectiveness of the proposed algorithm. The comparative results demonstrate that the proposed method maintains high imperceptibility while exhibiting superior robustness against various attacks, outperforming existing state-of-the-art approaches in overall performance. Full article

Recent advances in machine learning have enabled highly effective ciphertext-based cryptographic algorithm identification, posing a potential threat to encrypted communication. Inspired by adversarial example techniques, we present CSPM (Class-Specific Perturbation Mask Generation), a novel adversarial-defense framework that enhances ciphertext unidentifiability through misleading machine-learning-based cipher classifiers. CPSM constructs lightweight, reversible bit-level perturbations that alter statistical ciphertext features without affecting legitimate decryption. The method leverages class prototypes to capture representative bit-distribution patterns for each cryptographic algorithm and integrates two complementary mechanisms—mimicry-based perturbing, which steers ciphertexts toward similar cipher classes, and distortion-based perturbing, which disrupts distinctive statistical traits—through a ranking-based greedy search. Extensive experiments on seven widely used cryptographic algorithms and fifteen NIST statistical feature configurations demonstrate that CSPM consistently reduces algorithm-identification accuracy by over 25%. These results confirm that perturbation position selection, rather than magnitude, dominates attack efficacy. CSPM provides a practical defense mechanism, offering a new perspective for safeguarding encrypted communications against statistical and machine-learning-based traffic analysis. Full article

Data encryption is a core mechanism in modern security services for protecting confidential data at rest and in transit. This work introduces the Super Encryption Standard (SES), a symmetric block cipher that follows the overall workflow of the Advanced Encryption Standard (AES) but adopts a key-dependent design to enlarge the effective key space and improve execution efficiency. The SES accepts a user-supplied key file and a selectable block dimension, from which it derives per-block round material and a dynamic substitution box generated using SHA-512. Each round relies only on XOR and a conditional half-byte swap driven by key-derived row and column vectors, enabling lightweight diffusion and confusion with low implementation cost. Experimental evaluation using multiple color images of different sizes shows that the proposed SES algorithm achieves faster encryption than the AES baseline and produces a ciphertext that behaves statistically like random noise. The encrypted images exhibit very low correlation between adjacent pixels, strong sensitivity to even minor changes in the plaintext and in the key, and resistance to standard statistical and differential attacks. Analysis of the SES substitution box also indicates favorable differential and linear properties that are comparable to those of the AES. The SES further supports a very wide key range, scaling well beyond typical fixed-length keys, which substantially increases brute-force difficulty. Therefore, the SES is a promising cipher for image encryption and related data-protection applications. Full article

As smart education evolves, there is an increasing need for the cloud-centric management and sharing of student exercise physiological data gathered through wearable devices in the physical education domain. However, challenges arise in achieving authentication for data sources, ensuring the security of sensitive data, and implementing efficient dynamic access control. Traditional cryptographic schemes face limitations in resisting quantum attacks, authenticating data sources, protecting identity privacy, handling dynamic permission changes, and computational efficiency. To tackle these challenges, we put forward a lattice-based Online/Offline Identity-Based Matchmaking Proxy Re-Encryption (OO-IB-MPRE) scheme. The scheme offers post-quantum security assurances grounded in lattice cryptography (under the LWE/ISIS assumptions); incorporates Identity-Based matchmaking encryption (IB-ME) to realize bidirectional identity matching, which not only enables identity authentication for data sources but also safeguards the sender’s identity privacy from exposure to other entities; leverages Proxy Re-Encryption (PRE) to support dynamic management of access control; and combines online/offline encryption to adapt to resource constrained sensors. The security of the OO-IB-MPRE scheme is verified under standard lattice assumptions to meet the security requirements of semi-selective privacy and authenticity. Performance analysis and experimental validation demonstrate that in comparison to existing lattice-based PRE schemes, the devised scheme shows notable advantages in both space and computational overhead. Therefore, the proposed OO-IB-MPRE offers a secure, efficient, and scalable solution for the sensitive health data in smart physical education. Full article

With the rapid development of geological blockchains and Internet of Things-based data acquisition technologies, massive amounts of heterogeneous data are constantly emerging. However, this data is stored in a distributed manner across different organizational or business blockchains. Data sharing among multiple geological blockchains faces numerous challenges, either exposing sensitive data during verification or lacking effective authorization mechanisms. Therefore, how to achieve fine-grained access control and privacy protection across multiple blockchains has become a critical issue that must be addressed in geological data sharing. In this paper, we propose GeoCross, a cross-chain geological data sharing framework that enables fine-grained authorization management and privacy protection. First, GeoCross provides a hierarchical hybrid encryption mechanism that uses symmetric encryption for geological data protection and ciphertext-policy attribute-based encryption to enable flexible cross-chain access policies. Second, we integrate a Groth16-based zero-knowledge proof mechanism, which allows a chain to verify the existence, integrity, and accessibility of off-chain data without revealing the content. Furthermore, we introduce a Reputation-based Non-interactive Relay node Selection protocol (RNRS), which enhances the trustworthiness and fairness of cross-chain routing. Finally, we implement GeoCross in a multi-chain Hyperledger Fabric environment and evaluate its performance under real-world workloads. Results show that Groth16 verification requires only three bilinear pairings, achieving a throughput of up to 390 tps on a single chain and 1550 tps in a concurrent multi-chain environment. Even with 50% malicious nodes, the RNRS protocol still maintains a success rate of over 91%. These results demonstrate that GeoCross provides an efficient and practical solution for secure and privacy-preserving cross-chain geological data sharing. Full article

The proliferation of Internet of Things (IoT) devices has amplified botnet risks, while traditional network-based intrusion detection systems (IDSs) struggle under encrypted and/or sparse traffic. Power consumption offers an effective side channel for device-level detection. Yet, prior studies typically focus on a single model family (often a convolutional neural network (CNN)) and rarely assess generalization across devices or compare broader model classes. In this paper, we conduct unified benchmarking and comparison of classical (SVM and RF), deep (CNN, LSTM, and 1D Transformer), and hybrid (CNN + LSTM, CNN + Transformer, and CNN + RF) models on the CHASE’19 dataset and a newly curated three-class botnet dataset, using consistent preprocessing and evaluation across single- and cross-device settings, reporting both accuracy and efficiency (latency and throughput). Experimental results demonstrate that Random Forest achieves the highest single-device accuracy (99.43% on the Voice Assistant with Seed 42), while CNN + Transformer shows a strong accuracy–efficiency trade-off in cross-device scenarios (94.02% accuracy on the combined dataset at ∼60,000 samples/s when using the best-performing Seed 42). These results offer practical guidance for selecting models under accuracy, latency, and throughput constraints and establish a reproducible baseline for power-side-channel IDSs. Full article

Federated learning (FL) enables collaborative model training without centralizing raw data, but its application to large-scale vision models remains constrained by high communication cost, data heterogeneity, and privacy risks. Furthermore, in real-world applications such as autonomous driving and healthcare, model updates can inadvertently expose sensitive information even without direct data sharing. This highlights the need for frameworks that balance privacy, efficiency, and accuracy. The current approach to addressing information exposure involves encrypting data by incorporating additional encoding. However, such approaches to encrypting data significantly increase communication costs. In this paper, we propose Federated Share-A Low-Rank Adaptation with Differential Privacy (FedSA-LoRA-DP), a parameter-efficient and privacy-preserving federated learning framework. The framework combines selective aggregation of low-rank parameters with Differential Privacy (DP), ensuring that only lightweight components are shared while formally bounding individual data influence. Since DP simply perturbs the numeric values of existing parameters without altering their dimensionality or structure, it does not increase communication cost. This design allows FedSA-LoRA-DP to provide strong privacy guarantees while maintaining communication efficiency and model accuracy. Experiments on CIFAR-100, MNIST, and SVHN datasets demonstrate that the proposed framework achieves accuracy comparable to non-private counterparts, even under heterogeneous non-independent and identically distributed data and partial client participation. These results demonstrate that integrating differential privacy into low-rank adaptation enables privacy-preserving and communication-efficient federated learning without sacrificing model performance across heterogeneous environments. Full article

The Internet of Medical Things (IoMT) improves healthcare delivery through many medical applications. Because of medical data sensitivity and limited resources of wearable technology, privacy and security are significant challenges. Traditional encryption does not provide secure computation on encrypted data, and many blockchain-based IoMT solutions partially rely on centralized structures. IoMT with dynamic encryption is an innovative privacy-preserving system that combines sensitivity-based classification and advanced encryption to address these issues. The study proposes privacy-preserving IoMT framework that dynamically adapts its cryptographic strategy based on data sensitivity. The proposed approach uses a hybrid SDAIPA (SDAIA-HIPAA) classification model that integrates Saudi Data and Artificial Intelligence Authority (SDAIA) and Health Insurance Portability and Accountability Act (HIPAA) guidelines. This classification directly governs the selection of encryption mechanisms, where Advanced Encryption Standard (AES) is used for low-sensitivity data, and Fully Homomorphic Encryption (FHE) is used for high-sensitivity data. The Whale Optimization Algorithm (WOA) is used to maximize cryptographic entropy of FHE keys and improves security against attacks, resulting in an Optimized FHE that is conditionally used based on SDAIPA outputs. This proposed approach provides a novel scheme to dynamically align cryptographic intensity with data risk and avoids the overhead of uniform FHE use while ensuring strong privacy for critical records. Two datasets are used to assess the proposed approach with up to 806 samples. The results show that the hybrid OHE-WOA outperforms in the percentage of sensitivity of privacy index with dataset 1 by 78.3% and 12.5% and with dataset 2 by 89% and 19.7% compared to AES and RSA, respectively, which ensures its superior ability to preserve privacy. Full article

Advanced sensors in connected automated vehicles (CAVs) increasingly collect facial biometric information for environmental perception, posing serious privacy leakage risks. However, existing privacy protection methods for automotive data primarily focus on strict security mechanisms and fail to fully balance data usability. This paper presents a hierarchical format-preserving encryption (H-FPE) method for face privacy protection in autonomous sensors. The proposed method constructs a privacy-preserving framework for face detection based on YOLOv11 by employing a region-specific encryption strategy where the encryption strength is tailored to the importance of different facial regions. The encryption algorithm employs SM4-based Feistel structures with pseudo-random functions to ensure RGB value constraints while maintaining image format integrity. Experimental evaluation results in diverse scenarios demonstrate that the proposed privacy encryption method achieves superior privacy protection performance. In terms of encryption strength, the method achieves entropy efficiency exceeding 98%, with an average entropy increase of 0.77 bits, representing an improvement of approximately 9.4% over the traditional thumbnail-preserving encryption (TPE) method. Considering the usability of downstream tasks, the proposed method preserves pedestrian detection performance, with F1-scores exceeding 97% in selected scenarios, demonstrating a 0.5% difference compared to TPE while providing substantially stronger privacy protection. The H-FPE method effectively balances privacy protection and functional usability, offering a robust solution for facial data protection in autonomous sensor applications while preserving essential detection capabilities. Full article

Searchable Encryption (SE) schemes enable data users to securely search over outsourced encrypted data stored in the cloud. To support fine-grained access control, Attribute-Based Encryption with Keyword Search (ABKS) extends SE by associating access policies with user attributes. However, existing ABKS schemes often suffer from limited security and functionality, such as lack of verifiability, vulnerability to collusion, and insider keyword-guessing attacks (IKGA), or inefficiency in multi-authority and post-quantum settings, restricting their practical deployment in real-world distributed systems. In this paper, we propose a verifiable ciphertext-policy multi-authority ABKS (MA-CP-ABKS) scheme based on the Module Learning with Errors (MLWE) problem, which provides post-quantum security, verifiability, and resistance to both collusion and IKGA. Moreover, the proposed scheme supports multi-keyword searchability and forward security, enabling secure and efficient keyword search in dynamic environments. We formally prove the correctness, verifiability, completeness, and security of the scheme under the MLWE assumption against selective chosen-keyword attacks (SCKA) in the standard model and IKGA in the random oracle model. The scheme also maintains efficient computation and manageable communication overhead. Implementation results confirm its practical performance, demonstrating that the proposed MA-CP-ABKS scheme offers a secure, verifiable, and efficient solution for multi-organizational cloud environments. Full article

Recently, the record-level rise in Internet of Things (IoT) devices has produced unparalleled security challenges, particularly for resource-constrained devices operating under limited computational resources, memory, and power. In this context, traditional cryptographic methods not only fail but are also expensive and require extensive resources, given their static nature. In this article, an Adaptive Hybrid Cryptographic Framework (AHCF) is proposed to address the security challenges of resource-constrained IoT devices by adaptively balancing performance and protection levels, which can adaptively adjust cryptographic parameters based on the state of the device at a given time under a specific network environment and security needs. It also effectively balances security level and resource usage and employs low-overhead asymmetric key management with lightweight symmetric cryptography and machine learning-based predictors for the optimal selection of encryption schemes. Experimental testing on multiple IoT platforms has demonstrated its significant benefits, namely 42% less energy consumption, a 38% increase in processor speed, and improved security responsiveness over static deployments. This solution can be applied on boards with as little as 2 KB RAM and 16 KB flash and outperforms existing IoT standards and protocols. Full article

One-Time Passwords (OTPs) are a core component of multi-factor authentication in banking, e-commerce, and digital platforms. However, conventional delivery channels such as SMS and email are increasingly vulnerable to SIM-swap fraud, phishing, spoofing, and session hijacking. This study proposes an end-to-end mobile authentication architecture that integrates a permissioned Hyperledger Fabric blockchain for tamper-evident identity management, an AI-driven risk engine for behavioral and SIM-swap anomaly detection, Zero-Knowledge Proofs (ZKPs) for privacy-preserving verification, and geolocation-bound OTP validation for contextual assurance. Hyperledger Fabric is selected for its permissioned governance, configurable endorsement policies, and deterministic chaincode execution, which together support regulatory compliance and high throughput without the overhead of cryptocurrency. The system is implemented as a set of modular microservices that combine encrypted off-chain storage with on-chain hash references and smart-contract–enforced policies for geofencing and privacy protection. Experimental results show sub-0.5 s total verification latency (including ZKP overhead), approximately 850 transactions per second throughput under an OR-endorsement policy, and an F1-score of 0.88 for SIM-swap detection. Collectively, these findings demonstrate a scalable, privacy-centric, and interoperable solution that strengthens OTP-based authentication while preserving user confidentiality, operational transparency, and regulatory compliance across mobile network operators. Full article

The reliability of embedded processors in safety- and mission-critical domains is increasingly threatened by radiation-induced soft errors, particularly multiple-cell upsets (MCUs) that simultaneously corrupt adjacent cells in external SDRAM. While prior studies on the LEON3 processor have largely focused on single-event upsets (SEUs) in internal SRAM structures, they overlook MCU effects in off-chip SDRAM, a critical gap that limits fault coverage and compromises system-level reliability assessment in modern high-density embedded systems. This paper presents an SDRAM-based fault injection framework using FPGA emulation to evaluate the impact of MCUs on the LEON3 soft-core processor, with faults directly injected into the external memory subsystem where data corruptions can rapidly propagate into system-level failures. The methodology injects spatially correlated two-bit MCUs directly into SDRAM during realistic workload execution. Three architecturally diverse benchmarks were analyzed, each representing a distinct computational workload: a numerical (matrix multiplication), signal-processing (FFT), and a cryptographic (AES-128 encryption) application, chosen to capture arithmetic-intensive, iterative, and control-intensive execution profiles, respectively. The results reveal a distinct workload-dependent vulnerability profile. Matrix multiplication exhibited >99.99% fault activation, with outcomes overwhelmingly dominated by data store errors. FFT showed >97% activation in steady-state execution, following an initial phase sensitive to alignment and data access exceptions. AES displayed 88.12% non-propagating faults, primarily due to injections in inactive memory regions, but remained exposed to critical memory access violations and control-flow exceptions that enable fault-based cryptanalysis. These findings demonstrate that SEU-only models severely underestimate real-world MCU risks and underscore the necessity of selective, workload-aware fault-tolerance strategies: lightweight ECC for cryptographic data structures, alignment monitoring for signal processing, and algorithm-based fault tolerance (ABFT) for numerical kernels. This work provides actionable insights for hardening LEON3-based systems against emerging multi-bit threats in radiation-rich and adversarial environments. Full article

The exponential growth of the Internet of Things (IoT) has increased the demand for robust security solutions that are tailored to devices with limited resources. This paper presents a systematic review of recent literature on lightweight encryption algorithms designed to meet this challenge. Through an analysis of 22 distinct ciphers, the study identifies the main algorithms proposed and catalogues the key metrics used for their evaluation. The most common performance criteria are execution speed, memory usage, and energy consumption, while security is predominantly assessed using techniques such as differential and linear cryptanalysis, alongside statistical tests such as the avalanche effect. However, the most critical finding is the profound lack of standardized frameworks for both performance benchmarking and security validation. This methodological fragmentation severely hinders objective, cross-study comparisons, making evidence-based algorithm selection a significant challenge and impeding the development of verifiably secure IoT systems. Full article

In federated learning, secure aggregation is essential to protect the confidentiality of local model updates, ensuring that the server can access only the aggregated result without exposing individual contributions. However, conventional secure aggregation schemes lack mechanisms that allow participating nodes to verify whether the aggregation has been performed correctly, thereby raising concerns about the integrity of the global model. To address this limitation, we propose V-MHESA (Verifiable Masking-and-Homomorphic Encryption–combined Secure Aggregation), an enhanced protocol extending our previous MHESA scheme. V-MHESA incorporates verification tokens and shared-key management to simultaneously ensure verifiability, confidentiality, and authentication. Each node generates masked updates using its own mask, the server’s secret, and a node-only shared random nonce, ensuring that only the server can compute a blinded global update while the actual global model remains accessible solely to the nodes. Verification tokens corresponding to randomly selected model parameters enable nodes to efficiently verify the correctness of the aggregated model with minimal communication overhead. Moreover, the protocol achieves inherent authentication of the server and legitimate nodes and remains robust under node dropout scenarios. The confidentiality of local updates and the unforgeability of verification tokens are analyzed under the honest-but-curious threat model, and experimental evaluations on the MNIST dataset demonstrate that V-MHESA achieves accuracy comparable to prior MHESA while introducing only negligible computational and communication overhead. Full article