Search Results (198)

The Internet of Vehicles (IoVs) uses vehicles as the main carrier to communicate with other entities, promoting efficient transmission and sharing of traffic data. Using real identities for communication may leak private data, so pseudonyms are commonly used as identity credentials. However, existing anonymous authentication schemes have limitations, including large vehicle storage demands, information redundancy, time-dependent pseudonym updates, and public–private key updates coupled with pseudonym changes. To address these issues, we propose a certificateless strong anonymous privacy protection authentication scheme that allows vehicles to autonomously generate and dynamically update pseudonyms. Additionally, the trusted authority transmits each entity’s partial private key via a session key, eliminating reliance on secure channels during transmission. Based on the elliptic curve discrete logarithm problem, the scheme’s existential unforgeability is proven in the random oracle model. Performance analysis shows that it outperforms existing schemes in computational cost and communication overhead, with the total computational cost reduced by 70.29–91.18% and communication overhead reduced by 27.75–82.55%, making it more suitable for privacy-sensitive and delay-critical IoV environments. Full article

Data security is of the utmost importance in the domain of real-time environmental monitoring systems, particularly when employing advanced context-aware intelligent visual analytics. This paper addresses a significant deficiency in the Global System for Mobile Communications (GSM), a widely employed wireless communication system for environmental monitoring. The A5/1 encryption technique, which is extensively employed, ensures the security of user data by utilizing a 64-bit session key that is divided into three linear feedback shift registers (LFSRs). Despite the shown efficacy, the development of a probabilistic model for assessing the vulnerability of breaking or intercepting the session key (Kc) has not yet been achieved. In order to bridge this existing knowledge gap, this study proposes a probabilistic model that aims to evaluate the security of encrypted data within the framework of the Global System for Mobile Communications (GSM). The proposed model implements alterations to the current GSM encryption process by the augmentation of the quantity of Linear Feedback Shift Registers (LFSRs), consequently resulting in an improved level of security. The methodology entails increasing the number of registers while preserving the session key’s length, ensuring that the key length specified by GSM standards remains unaltered. This is especially important for environmental monitoring systems that depend on real-time data analysis and decision-making. In order to elucidate the notion, this analysis considers three distinct scenarios: encryption utilizing a set of five, seven, and nine registers. The majority function is employed to determine the registers that will undergo perturbation, hence increasing the complexity of the bit arrangement and enhancing the security against prospective attackers. This paper provides actual evidence using simulations to illustrate that an increase in the number of registers leads to a decrease in the vulnerability of data interception, hence boosting data security in GSM communication. Simulation results demonstrate that our method substantially reduces the risk of data interception, thereby improving the integrity of context-aware intelligent visual analytics in real-time environmental monitoring systems. Full article

Smart cities necessitate ultra-secure and scalable communication frameworks to manage billions of interconnected IoT devices, particularly in the face of the emerging quantum computing threats. This paper proposes the QESIF, a novel Quantum-Enhanced Secure IoT Framework that integrates Quantum Key Distribution (QKD) with classical IoT infrastructures via a hybrid protocol stack and a quantum-aware intrusion detection system (Q-IDS). The QESIF achieves high resilience against eavesdropping by monitoring quantum bit error rate (QBER) and leveraging entropy-weighted key generation. The simulation results, conducted using datasets TON IoT, Edge-IIoTset, and Bot-IoT, demonstrate the effectiveness of the QESIF. The framework records an average QBER of 0.0103 under clean channels and discards over 95% of the compromised keys in adversarial settings. It achieves Attack Detection Rates (ADRs) of 98.1%, 98.7%, and 98.3% across the three datasets, outperforming the baselines by 4–9%. Moreover, the QESIF delivers the lowest average latency of 20.3 ms and the highest throughput of 868 kbit/s in clean scenarios while maintaining energy efficiency with 13.4 mJ per session. Full article

Fog computing technology grants computing and storage resources to nearby IoT devices, enabling a fast response and ensuring data locality. Thus, fog-enabled IoT environments provide real-time and convenient services to users in healthcare, agriculture, and road traffic monitoring. However, messages are exchanged on public channels, which can be targeted to various security attacks. Hence, secure authentication protocols are critical for reliable fog-enabled IoT services. In 2024, Harbi et al. proposed a remote user authentication protocol for fog-enabled IoT environments. They claimed that their protocol can resist various security attacks and ensure session key secrecy. Unfortunately, we have identified several vulnerabilities in their protocol, including to insider, denial of service (DoS), and stolen verifier attacks. We also prove that their protocol does not ensure user untraceability and that it has an authentication problem. To address the security problems of their protocol, we propose a security-enhanced blockchain-based secure authentication protocol for fog-enabled IoT environments. We demonstrate the security robustness of the proposed protocol via informal and formal analyses, including Burrows–Abadi–Needham (BAN) logic, the Real-or-Random (RoR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. Moreover, we compare the proposed protocol with related protocols to demonstrate the excellence of the proposed protocol in terms of efficiency and security. Finally, we conduct simulations using NS-3 to verify its real-world applicability. Full article

With the increasing demand for drones in diverse tasks, the Internet of Drones (IoD) has recently emerged as a significant technology in academia and industry. The IoD environment enables various services, such as traffic and environmental monitoring, disaster situation management, and military operations. However, IoD communication is vulnerable to security threats due to the exchange of sensitive information over insecure public channels. Moreover, public key-based cryptographic schemes are impractical for communication with resource-constrained drones due to their limited computational capability and resource capacity. Therefore, a secure and lightweight key agreement scheme must be developed while considering the characteristics of the IoD environment. In 2024, Alzahrani proposed a secure key agreement protocol for securing the IoD environment. However, Alzahrani’s protocol suffers from high computational overhead due to its reliance on elliptic curve cryptography and is vulnerable to drone and mobile user impersonation attacks and session key disclosure attacks by eavesdropping on public-channel messages. Therefore, this work proposes a lightweight and security-enhanced key agreement scheme for the IoD environment to address the limitations of Alzahrani’s protocol. The proposed protocol employs a physical unclonable function and simple cryptographic operations (XOR and hash functions) to achieve high security and efficiency. This work demonstrates the security of the proposed protocol using informal security analysis. This work also conducted formal security analysis using the Real-or-Random (RoR) model, Burrows–Abadi–Needham (BAN) logic, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation to verify the proposed protocol’s session key security, mutual authentication ability, and resistance to replay and MITM attacks, respectively. Furthermore, this work demonstrates that the proposed protocol offers better performance and security by comparing the computational and communication costs and security features with those of relevant protocols. Full article

The accelerated uptake of unmanned aerial vehicles (UAVs) has significantly altered communication and data exchange landscapes but has also introduced substantial security challenges, especially in open-access UAV communication environments. To address these, Elliptic curve cryptography (ECC) offers robust security with computational efficiency, ideal for resource-constrained Internet of Drones (IoD) systems. This study proposes a Secure and Efficient Three-Way Key Exchange (SETKE) protocol using ECC, specifically tailored for IoD. The SETKE protocol’s security was rigorously analyzed within an extended Bellare–Pointcheval–Rogaway (BPR) model under the random oracle assumption, demonstrating its resilience. Formal verification using the AVISPA tool confirmed the protocol’s safety against man-in-the-middle (MITM) attacks, and formal proofs establish its Authenticated Key Exchange (AKE) security. In terms of performance, SETKE is highly efficient, requiring only 3 ECC scalar multiplications for the Service Requester drone, 4 for the Service Provider drone, and 3 for the Control Server, which is demonstrably lower than several existing schemes. My approach achieves this robust protection with minimal communication overhead (e.g., a maximum payload of 844 bits per session), ensuring its practicality for resource-limited IoD environments. The significance of this work for the IoD field lies in providing a provably secure, lightweight, and computationally efficient key exchange mechanism vital for addressing critical security challenges in IoD systems. Full article

In trans-border data (data transferred or accessed across national jurisdictions) exchange scenarios, identity authentication mechanisms serve as critical components for ensuring data security and privacy protection, with their effectiveness directly impacting the compliance and reliability of transnational operations. However, existing identity authentication systems face multiple challenges in trans-border contexts. Firstly, the transnational transfer of identity data struggles to meet the varying data-compliance requirements across different jurisdictions. Secondly, centralized authentication architectures exhibit vulnerabilities in trust chains, where single points of failure may lead to systemic risks. Thirdly, the inefficiency of certificate verification in traditional Public Key Infrastructure (PKI) systems fails to meet the real-time response demands of globalized business operations. These limitations severely constrain real-time identity verification in international business scenarios. To address these issues, this study proposes a trans-border distributed certificate-free identity authentication framework (STALE). The methodology adopts three key innovations. Firstly, it utilizes email addresses as unique user identifiers combined with a Certificateless Public Key Cryptography (CL-PKC) system for key distribution, eliminating both single-point dependency on traditional Certificate Authorities (CAs) and the key escrow issues inherent in Identity-Based Cryptography (IBC). Secondly, an enhanced Elliptic Curve Diffie–Hellman (ECDH) key-exchange protocol is introduced, employing forward-secure session key negotiation to significantly improve communication security in trans-border network environments. Finally, a distributed identity ledger is implemented, using the FISCO BCOS blockchain, enabling decentralized storage and verification of identity information while ensuring data immutability, full traceability, and General Data Protection Regulation (GDPR) compliance. Our experimental results demonstrate that the proposed method exhibits significant advantages in authentication efficiency, communication overhead, and computational cost compared to existing solutions. Full article

The validation of security protocols remains a complex and critical task in the cybersecurity landscape, often relying on labor-intensive testing or formal verification techniques with limited scalability. In this paper, we explore property-based testing (PBT) as a powerful yet underutilized methodology for the automated validation of security protocols. PBT enables the generation of large and diverse input spaces guided by declarative properties, making it well-suited to uncover subtle vulnerabilities in protocol logic, state transitions, and access control flows. We introduce the principles of PBT and demonstrate its applicability through selected use cases involving authentication mechanisms, cryptographic APIs, and session protocols. We further discuss integration strategies with existing security pipelines and highlight key challenges such as property specification, oracle design, and scalability. Finally, we outline future research directions aimed at bridging the gap between PBT and formal methods, with the goal of advancing the automation and reliability of secure system development. Full article

Medical Internet of Things (IoT) systems are crucial in monitoring the health status of patients. Recently, telemedicine services that manage patients remotely by receiving real-time health information from IoT devices attached to or carried by them have experienced significant growth. A primary concern in medical IoT services is ensuring the security of transmitted information and protecting patient privacy. To address these challenges, various authentication schemes have been proposed. We analyze the authentication scheme by Wang et al. and identified several limitations. Specifically, an attacker can exploit information stored in an IoT device to generate an illegitimate session key. Additionally, despite using a cloud center, the scheme lacks efficiency. To overcome these limitations, we propose an authentication and key distribution scheme that incorporates a physically unclonable function (PUF) and public-key computation. To enhance efficiency, computationally intensive public-key operations are performed exclusively in the cloud center. Furthermore, our scheme addresses privacy concerns by employing a temporary ID for IoT devices used to identify patients. We validate the security of our approach using the formal security analysis tool ProVerif. Full article

Unmanned aerial vehicles have been widely employed in recent years owing to their remarkable features such as low environmental requirements and high survivability, and a new tendency towards networking, intelligence, and collaboration has emerged. The realization of these novel capabilities requires a secure and efficient wireless communication channel; however, it is vulnerable to eavesdropping, forgery, and manipulation by attackers. Therefore, ensuring the security of the wireless communication between unmanned aerial vehicles and ground stations is an urgent issue. The traditional solution to this problem is to design an authenticated key-agreement protocol between unmanned aerial vehicles and ground stations. However, an analysis of existing representative methods has shown that these methods are computationally expensive and difficult to implement in resource-intensive aerial vehicles. Furthermore, existing key-agreement systems are highly dependent on the security of temporary session information. When the temporary session information is stolen, the attacker can obtain the session key for the current communication and perform information theft attacks. Therefore, a security-enhanced lightweight authenticated key-agreement protocol for unmanned aerial vehicles’ communication is proposed in this study. We present a low-computational-cost agreement method that can achieve secure key agreement in cases of temporary session information leakage. Both theoretical analysis and experimental verification show that our proposed protocol has superior security properties and lower computational costs than representative protocols. Full article

The rapid expansion of the IoT has led to increasing concerns about security, particularly in the early stages of communication where many IoT application-layer protocols, such as CoAP and MQTT, lack native support for secure key exchange. This absence exposes IoT systems to critical vulnerabilities, including dictionary attacks, session hijacking, and MitM threats, especially in resource-constrained environments. To address this challenge, this paper proposes the integration of OWL, a password-authenticated key exchange (PAKE) protocol, into existing IoT communication frameworks. OWL introduces a lightweight and secure mechanism for establishing high-entropy session keys from low-entropy credentials, without reliance on complex certificate infrastructures. Its one-round exchange model and resistance to both passive and active attacks make it particularly well-suited for constrained devices and dynamic network topologies. The originality of the proposal lies in embedding OWL directly into protocols like CoAP, enabling secure session establishment as a native feature rather than as an auxiliary security layer. Experimental results and formal analysis indicate that OWL achieves reduced authentication latency and lower computational overhead, while enhancing scalability, resilience, and protocol performance. The proposed solution provides an innovative, practical, and efficient framework for securing IoT communications from the foundational protocol level. Full article

Internet of Things (IoT) user authentication protocols enable secure authentication and session key negotiation between users and IoT devices via an intermediate server, allowing users to access sensor data or control devices remotely. However, the existing IoT user authentication schemes often assume that the servers (registration center and intermediate servers) are fully trusted, overlooking the potential risk of insider attackers. Moreover, most of the existing schemes lack critical security properties, such as resistance to ephemeral secret leakage attacks and offline password guessing attacks, and they are unable to provide perfect forward security. Furthermore, with the rapid growth regarding IoT devices, the servers must manage a large number of users and device connections, making the performance of the authentication scheme heavily reliant on the server’s computational capacity, thereby impacting the system’s scalability and efficiency. The design of security protocols is based on the underlying security model, and the current IoT user authentication models fail to cover crucial threats like insider attacks and ephemeral secret leakage. To overcome these limitations, we propose a new security model, IoT-3eCK, which assumes semi-trusted servers and strengthens the adversary model to better meet the IoT authentication requirements. Based on this model, we design an efficient protocol that ensures user passwords, biometric data, and long-term keys are protected from insider users during registration, mitigating insider attacks. The protocol also integrates dynamic pseudo-identity anonymous authentication and ECC key exchange to satisfy the security properties. The performance analysis shows that, compared to the existing schemes, the new protocol reduces the communication costs by over 23% and the computational overhead by more than 22%, with a particularly significant reduction of over 95% in the computational overhead at the intermediate server. Furthermore, the security of the protocol is rigorously demonstrated using the random oracle model and verified with automated tools, further confirming its security and reliability. Full article

Computing systems grouped in subnets use distributed security models, in general, by creating session keys based on the Diffie–Hellman model, and calculating the necessary parameters for this, on each of the systems. In the particular case of a network of devices heterogeneous in terms of computing power, such as IoT, the modeling of a security system of the entire structure will have to take into account the fact that some devices have a very low computing power. In this sense, starting from the study of some general models, used in structures of this type, an integrated structure was developed to secure communications and test certain vulnerable components, to calculate a degree of risk that they are maliciously intended. The system was developed with a customized mathematical model, a scheme for propagation and management of cryptographic parameters and a test in a real environment by creating the algorithmic model and implementing it within a structure of a beneficiary. Full article

Increasing adoption of electric vehicles (EVs) and the expansion of EV charging infrastructure present opportunities for enhancing sustainable transportation within smart cities. However, the interconnected nature of EV charging stations (EVCSs) exposes this infrastructure to various cyber threats, including false data injection, man-in-the-middle attacks, malware intrusions, and denial of service attacks. Financial attacks, such as false billing and theft of credit card information, also pose significant risks to EV users. In this work, we propose a Hyperledger Fabric-based blockchain network for EVCSs to mitigate these risks. The proposed blockchain network utilizes smart contracts to manage key processes such as authentication, charging session management, and payment verification in a secure and decentralized manner. By detecting and mitigating malicious data tampering or unauthorized access, the blockchain system enhances the resilience of EVCS networks. A comparative analysis of pre- and post-implementation of the proposed blockchain network demonstrates how it thwarts current cyberattacks in the EVCS infrastructure. Our analyses include performance metrics using the benchmark Hyperledger Caliper test, which shows the proposed solution’s low latency for real-time operations and scalability to accommodate the growth of EV infrastructure. Deployment of this blockchain-enhanced security mechanism will increase user trust and reliability in EVCS systems. Full article

In recent years, with the widespread application of UAV swarm, the security problems faced have been gradually discovered, such as the lack of reliable identity authentication, which makes UAVs vulnerable to invasion. To solve these security problems, a lightweight secure communication scheme supporting batch authentication for UAV swarm is proposed. Firstly, a layered secure communication model for UAV swarm is designed. Then, a secure transmission protocol is implemented by using elliptic curves under this model, which not only reduces the number of encryptions but also ensures the randomness and one-time use of the session key. Moreover, a UAV identity authentication scheme supporting batch signature verification is proposed, which improves the efficiency of identity authentication. The experiments show that, when the number of UAVs is 60, the computation cost of the proposed scheme is 0.071 s, and the communication cost is 0.203 s, fully demonstrating the efficiency and practicability of the scheme. Through comprehensive security analysis, the capability of the proposed scheme to resist various attacks is demonstrated. Full article