Search Results (593)

Accurate GNSS timing is fundamental to Power Time Synchronization Systems (PTSS). However, conventional substation infrastructures remain vulnerable to sophisticated spoofing attacks. In this research, a sensing-assisted array antenna-based spoofing mitigation method is proposed. The proposed architecture operates at the signal front-end and incorporates a dedicated spoofing sensing path to estimate the Direction-of-Arrival (DoA) of malicious signals, enabling adaptive null steering while preserving authentic satellite reception. To provide reliable spatial reference for DoA estimation, a unified high-precision attitude determination method is developed for compact 10 cm-scale array antennas under single-frequency and environmental error conditions. The method integrates the Constrained Least-squares AMBiguity Decorrelation Adjustment (C-LAMBDA)-based constrained ambiguity resolution, redundant antenna element-based vertical accuracy enhancement, and iterative refinement to mitigate centimeter-level environmental biases. Semi-simulated experiments demonstrate that the proposed method achieves baseline vector Root Mean Square Errors (RMSE) below 5 mm in horizontal components and approximately 10 mm in vertical components. The resulting attitude accuracies reach 2° in heading, 6° in pitch, and 4° in roll, while eliminating over 80% of systematic environmental phase errors with an average convergence within 6 iterations. These results satisfy the spatial accuracy requirements for effective spoofing suppression and front-end signal purification. Consequently, a robust technical approach is established for enhancing the anti-spoofing capabilities of PTSS without modifying existing infrastructure. Full article

Unmanned Aerial Vehicle (UAV) swarms operating in contested environments face a critical “semantic gap” between raw, high-velocity network traffic and high-level mission security constraints, compounded by the risk of privacy leakage during collaborative learning. Existing deep learning (DL)-based Network Intrusion Detection Systems (NIDSs) suffer from opacity, prohibitive resource consumption, and vulnerability to gradient leakage attacks in federated settings, while traditional rule-based systems fail to handle encrypted payloads and evolving attack patterns. To bridge this gap, we present NeSySwarm-IDS (Neuro-Symbolic Swarm Intrusion Detection System), an end-to-end differentiable neuro-symbolic framework that simultaneously achieves high accuracy, strong privacy guarantees, and built-in interpretability under resource constraints. NeSySwarm-IDS integrates an extremely lightweight 1D convolutional neural network with a differentiable Łukasiewicz fuzzy logic reasoner incorporating attack-specific rules. By aggregating only low-dimensional logic rule weights with calibrated differential privacy noise, we drastically reduce communication overhead while providing $(ϵ,\delta )$-DP guarantees with negligible utility loss. Extensive experiments on the UAV-NIDD dataset and our self-collected dataset demonstrate that NeSySwarm-IDS achieves near-perfect detection accuracy, significantly outperforming traditional machine learning baselines despite using limited training data. A detailed case study on GPS spoofing confirms the interpretability of our approach, providing axiomatic explanations suitable for autonomous mission verification. These results establish that end-to-end neuro-symbolic learning can effectively bridge the semantic gap in UAV swarm security while ensuring privacy and interpretability, offering a practical pathway for deploying trustworthy AI in contested environments. Full article

Secure cross-domain UAV authentication is challenging because identity verification alone is insufficient to guarantee safe operation. In many UAV applications, it is equally critical to verify that a UAV is currently located within an authorized geographic region. Existing approaches often expose precise GPS coordinates, rely on static identifiers that enable tracking, or fail to guarantee the freshness and authenticity of location evidence. These weaknesses allow replay, location spoofing, and trajectory inference attacks, especially in multi-domain environments. To address these limitations, we propose PrivLocAuth, a zero-knowledge-based cross-domain UAV authentication protocol that enforces geofence restrictions without revealing actual locations. In PrivLocAuth, UAVs encode their current coordinates into fresh Pedersen commitments, which are attested by the home Local Domain Server (LDS) using short-lived Schnorr signatures. Based on these attested commitments, UAVs generate Bulletproof range proofs to demonstrate compliance with cross-domain server-defined geofences. This design ensures that UAVs operate within authorized airspace while preserving strong location privacy. PrivLocAuth further incorporates a lightweight elliptic curve cryptography (ECC) and Schnorr signature-based credential framework that enables unlinkable authentication across-domains, preventing session correlation and identity tracking. Formal security analysis demonstrates resistance to impersonation, replay, geofence-bypass, and linkage attacks. Experimental evaluation shows low computational latency and minimal communication overhead, confirming the protocol’s suitability for resource-constrained UAV platforms operating in dynamic cross-domain environments. Full article

The Galileo Signal Authentication Service (SAS) is the next new feature to be offered by Galileo, the European GNSS. Its signal-in-space initial capability is expected already in the next months of 2025, starting with the L3 (Launch 3) Galileo elliptical-orbit satellites. It is the first-ever navigation signal authentication feature offered globally and openly. Galileo SAS uses the existing Galileo E6-C signal to be encrypted, in combination with OSNMA (Open Service Navigation Message Authentication), through the so-called semi-assisted authentication concept. In this concept, portions of the E6-C are re-encrypted with OSNMA future keys and published in a server. The concept allows signal authentication openly and for free, and without private key management by users. In exchange, the time between authentications is 30 s, inherited from OSNMA, and it introduces a latency between the E6-C signal reception and its authentication down to a few seconds. This work presents the status of Galileo SAS. It outlines its latest technical definition, already shared in previous publications. It will also present the MMARIO (Message and Measurement Authentication Receiver for Initial Operations) project, developing the first SAS server, receiver and testing platform. The paper also outlines the Galileo SAS plans for the near future, up to the Initial Service Declaration. Full article

In this paper, a notch bandpass filter based on spoof surface plasmon polaritons (SSPPs) is presented and systematically analyzed. The bandpass response is realized by a momentum-matched SSPP transition section and two SSPP resonant units. An annular slot defected ground structure (DGS), evolved from the conventional dumbbell DGS is etched on the ground plane to introduce an in-band notch. The notch frequency can be controlled independently by the DGS geometric parameters while the passband edges remain nearly unchanged. A prototype is fabricated and measured. The measured results agree well with the simulations. Two passbands are obtained from 0.67 to 3.40 GHz and from 3.67 to 4.77 GHz. The insertion loss is 0.48 dB at 2.00 GHz and 1.11 dB at 4.22 GHz. The return loss on both sides of the notch is better than −10 dB. A notch centered at 3.50 GHz provides −25 dB rejection. The compact structure and the independently controllable notch frequency make the proposed filter suitable for narrowband interference suppression in microwave and millimeter-wave front ends. Full article

As virtual reality technologies evolve toward widespread adoption in education, industry, and social communication, their increasing complexity exposes new and often overlooked security challenges. Immersive environments collect continuous multimodal data, including motion tracking, gaze, voice, and biometric indicators that extend far beyond traditional computing attack surfaces. This paper synthesizes recent research (2023–2025) on cybersecurity, privacy, and behavioral safety in virtual reality (VR) systems, identifies the main vulnerabilities, and proposes a unified defense architecture: the three-layer VR Security Framework (TVR-Sec). Through comparative review and conceptual integration of 31 peer-reviewed studies, three interdependent protection domains emerged: (1) System Integrity, securing hardware, firmware, and network communications against spoofing and malware; (2) User Privacy, ensuring the ethical management of biometric and behavioral data through federated learning and consent-based control; and (3) Socio-Behavioral Safety, addressing harassment, manipulation, and psychological exploitation in shared virtual spaces. The framework situates VR security as a multidimensional adaptive process that combines technical hardening with human-centered defense and ethical design. By aligning cyber–human protections through an AI-driven monitoring and policy engine, TVR-Sec advances a holistic paradigm for securing future immersive ecosystems. Full article

Safe train positioning is a key technology to make rail transportation more efficient and cost-effective. Within the EGNSS MATE project, the project partners SBB, DLR, and IABG researched the use of European Global Satellite Navigation Systems for this application. The main contributions are the development of a novel map-based sensor fusion algorithm, the development of a test catalogue for jamming and spoofing cyberthreats, and the collection of a large and rich dataset for testing and validation. The dataset includes over 200 h of sensor data and ground truth data, covering most of the Swiss normal gauge network. In addition, tests were conducted to assess the impact of jamming and spoofing attacks. Results show promising performance of the algorithms on most of the lines, excluding some long tunnels and sections with heavy multipath. The findings of the project results will help to introduce safe train positioning into ETCS by boosting development and standardisation efforts. Full article

As a next-generation serial communication protocol employed in automotive electronics and industrial control domains, Controller Area Network with Flexible Data-Rate (CAN-FD) enhances communication efficiency via the introduction of a dual-rate transmission mechanism, yet it still inherits the security vulnerabilities of traditional CAN networks. To enhance the security of node identity authentication in CAN-FD networks—a critical prerequisite for secure communication—we present an electronic control unit (ECU) authentication scheme that utilizes voltage hardware fingerprints (VHFs) as the core identity credential. Specifically, a single frame of data is utilized to integrate the control field’s voltage characteristics and data field’s edges, forming stable and distinguishable hardware fingerprints. We also analyze the VHF offset characteristics under typical spoofing attacks and wire-tapping attacks, and then propose a lightweight vehicle intrusion detection system (VIDS) scheme to identify attack scenarios and locate the compromised ECU in CAN-FD networks. Lastly, we conducted research on and discussed other VHF-influencing factors and put forward detailed specific solutions. Attack tests are conducted under four representative scenarios, namely substitution attack, masquerade attack, injection attack, and wire-tapping attack. The findings reveal that our scheme can not only accurately distinguish between various CAN-FD nodes but also identify specific attack types in real time. In detail, a single-frame node recognition rate exceeding 99% is achieved in approximately 2 ms, and in experiments covering multiple attack scenarios on this six-node prototype system, 100% recognition accuracy for attack types is realized in approximately 500 ms. Full article

The emergence of quantum computing poses a significant threat to the security of traditional encryption methods employed in satellite communication. To mitigate this vulnerability and enhance cybersecurity in the next generation of communication systems, a novel physical-layer solution is presented. This approach centers on enhancing satellite link security through the analysis of stochastic atmospheric scintillation, facilitated by machine learning (ML). The proposed method safeguards ground stations against Machine-in-the-Middle (MITM) attacks perpetrated from aerial platforms (AP) such as drones or Unmanned Aerial Vehicles (UAVs). The underlying principle leverages the distinct statistical parameters inherent to received signals. These parameters are contingent upon the specific propagation channel, which is influenced by rapid tropospheric scintillation. As signals from legitimate satellites and malicious drones traverse separate spatial paths within the dynamic atmosphere, they exhibit demonstrably divergent scintillation statistics. Wavelet filtering is employed to extract these statistics from the incoming signal. The extracted data is subsequently processed through an ML algorithm, enabling the differentiation between satellite signals and potential spoofing signals emanating from drones. Extensive simulations have been conducted, illustrating the efficacy and robustness of the proposed architecture, consistently achieving an authentication rate exceeding 98% across diverse scenarios. Additionally, experimental results obtained from measurement data collected from Nilesat and Eutelsat satellites at a ground station in Israel provide empirical validation for this innovative approach. Full article

Decentralized Identity (DID) systems aim to restore user control over digital identities by minimizing reliance on centralized authorities. However, ensuring secure identity management in distributed environments remains a significant challenge. Biometric authentication offers a compelling solution by leveraging unique, non-transferable human traits to enhance security and usability compared to traditional methods such as passwords or tokens. Integrating biometrics into DID frameworks represents an important step toward privacy-preserving, user-centric identity verification aligned with the principles of decentralization. Despite growing interest in both biometrics and DIDs, their integration remains largely underexplored in the literature, with hardly any survey providing a systematic analysis of this convergence. This work addresses this gap by presenting a comprehensive review of biometric-enabled DID systems, examining their architectures, potential, and limitations. It emphasizes the role of multimodal biometrics in enhancing accuracy, inclusiveness, and resistance to spoofing, while highlighting key challenges related to data immutability, privacy preservation, interoperability, and regulatory compliance. Overall, this survey establishes a structured foundation for future research on secure, scalable, and privacy-preserving biometric-enabled decentralized identity frameworks. Full article

Named entity recognition (NER), a core task in natural language processing (NLP), remains constrained by heavy reliance on annotated data, limited cross domain generalization, and difficulty in recognizing name entities out of vocabulary entities. In specialized domains such as analysis of Global Navigation Satellite System (GNSS) countermeasures, including anti-jamming and anti-spoofing, where datasets are small and domain knowledge is scarce, existing models exhibit marked performance degradation. To address these challenges, we propose HybridNER, a framework that integrates locally trained span-based models with large language models (LLMs). The approach employs a span prediction metasystem that first fuses outputs from multiple base learners by computing span to label compatibility scores and assigns an uncertainty estimate to each candidate entity. Entities with uncertainty above a preset threshold are then routed to an LLM for a second stage classification, and the final decision integrates both sources to realize complementary strengths. Experiments on multiple general purpose and domain specific datasets show that HybridNER achieves higher precision, recall, and F1 than traditional ensemble methods such as majority voting and weighted voting, with especially pronounced gains in specialized domains, thereby improving the robustness and generalization of NER. Full article

Compact multi-channel airborne radar stations increasingly rely on an LED-based visible light communication (VLC) service link under radio-frequency spectrum restrictions and strict end-to-end delay constraints. Despite the directional nature of optical links, the VLC channel remains vulnerable to active optical interference and signal injection; furthermore, when an AI-enabled integrity monitor is embedded into the receiver, the AI decision layer becomes a direct target of evasion and online poisoning. This paper proposes a lightweight, interpretable AI-based attack detection architecture in which a Poisson photon-counting observation model is used to form physically consistent features over the preamble and control-sequence interval, while the final decision is produced by an AI ensemble combining a monotonic logistic detector and a one-class detector. The considered threat profile includes sustained illumination and synchronized flashes (jamming/blinding), spoofing via false preambles, replay of recorded fragments, and online data poisoning during self-calibration. The adequacy of solutions is assessed using the detection probability P_D (ensemble: P_D ≥ 0.90 for DC-jamming mean-count increment Δλ_DC ≈ 7.56, pulsed-interference mean-count increment Δλ_pulse ≈ 12.89, and spoofing signal-scaling factor α ≈ 1.02), the false-alarm probability P_FA = 0.045, and the per-packet end-to-end latency (bounded by the observation-window duration LΔT = 20 μs, where window length L = 20 and interval duration ΔT = 1 μs), which confirms real-time CPU operation without GPU acceleration. Full article

While 5G addresses extreme performance tiers, 3GPP Releases 17 and 18 RedCap fill critical mid-tier performance gaps for diverse applications like industrial sensors and consumer wearables. The existing academic literature remains fragmented, focusing on isolated metrics rather than a holistic synthesis. There is a significant need to integrate technical specifications with empirical industry data. This survey systematically reviews Release 17/18 specifications, integrating literature from 2021 to 2025. We consolidate academic simulations and industry empirical reports to facilitate a rigorous comparative analysis across critical performance indicators. Findings evaluate complexity reduction via bandwidth limitation, antenna reduction, and HD-FDD. We provide a comprehensive security threat matrix, mapping vulnerabilities like RACH spoofing and paging suppression to countermeasures. RedCap cannot match eMBB throughput or NB-IoT’s battery life. Consequently, legacy LPWA remains more suitable for simple, decade-long sensing tasks. This work contributes a novel use-case taxonomy and a security analysis. This study provides practitioners with actionable insights into complexity trade-offs and network security risks. Future research should prioritize AI-driven management and “zero-maintenance” IoT through advanced power-saving innovations. Full article

In environments where Global Navigation Satellite Systems are denied, a common solution to estimate one’s position on the Earth is to use stars as inertial references, as was done centuries ago by navigators using a sextant. Nowadays, sextants have been replaced by star-sighting devices, composed of inertial sensors, precise clocks, and one or more star sensors, combining the short-term precision of inertial navigation techniques and the long-term precision of celestial ones. In this context, this paper aims at developing a star classifier for geopositioning purposes, i.e., a way to discriminate stars in the sky so that an observer can choose the stars that would provide the most precise estimate of their position regarding the sighting performances of the device used (sensor definition, precision of the inertial sensor, etc.). The star classifier proposed in this paper is based on differential calculations and spherical trigonometry, and leads to closed-form expressions that are easily embeddable to evaluate the potential of a star. These closed-form expressions are then validated on an experimental setup. Full article

The spoofing of Automatic Identification System (AIS) messages presents a hazard to safe maritime navigation. To prevent such spoofing, we present an authentication system based on Public Key Cryptography (PKC) that is both fully open source and backwards compatible with mariners’ existing use of the AIS. Using this, we have successfully demonstrated the ‘live’, over-the-air broadcast of authenticated AIS messages in a busy radio environment. The technique used is an improvement upon earlier work in that digital signatures are carried using the terrestrial VHF Data Exchange (VDE-TER) component of the VHF Data Exchange System (VDES). This prevents additional channel loading on the AIS and offers greater flexibility. Full article