Search Results (287)

Secure authentication in vehicular ad hoc networks (VANETs) remains a fundamental challenge due to their dynamic topology, susceptibility to attacks, and scalability constraints in multi-hop communication. Existing approaches based on elliptic curve cryptography (ECC), blockchain, and fog computing have achieved partial success but suffer from latency, resource overhead, and limited adaptability, leaving a gap for lightweight and hardware-rooted trust models. To address this, we propose a multi-hop mutual authentication protocol leveraging Physical Unclonable Functions (PUFs), which provide tamper-evident, device-specific responses for cryptographic key generation. Our design introduces a structured sequence of phases, including pre-deployment, registration, login, authentication, key establishment, and session maintenance, with optional multi-hop extension through relay vehicles. Unlike prior schemes, our protocol integrates fuzzy extractors for error tolerance, employs both inductive and game-based proofs for security guarantees, and maps BAN-logic reasoning to specific attack resistances, ensuring robustness against replay, impersonation, and man-in-the-middle attacks. The protocol achieves mutual trust between vehicles and RSUs while preserving anonymity via temporary identifiers and achieving forward secrecy through non-reused CRPs. Conceptual comparison with state-of-the-art PUF-based and non-PUF schemes highlights the potential for reduced latency, lower communication overhead, and improved scalability via cloud-assisted CRP lifecycle management, while pointing to the need for future empirical validation through simulation and prototyping. This work not only provides a secure and efficient solution for VANET authentication but also advances the field by offering the first integrated taxonomy-driven evaluation of PUF-enabled V2X protocols in multi-hop Wi-Fi environments. Full article

Coordinated cyber attacks tamper with measurement data to disrupt the situational awareness of active distribution systems. Various sensors report measurements asynchronously at different rates, which introduces challenges during state estimation. In addition, this forces cyber intruders to exert greater effort to compromise multiple communication channels and launch coordinated attacks. Therefore, multi-channel and asynchronous measurements could be harnessed to develop more secure cyber defense strategies. In this paper, a prediction-correction-based multi-rate observer is designed to exploit the value of asynchronous measurements for the detection of coordinated false data injection (FDI) attacks. First, a time-function-dependent prediction-correction strategy is proposed to adjust the sampling interval for each sensor’s measurement. Then, an observer is designed based on the trade-off between estimation error and the optimal period of the most recent sampling instant, with the convergence of estimation error with the maximum permitted sampling interval. Moreover, the conditions for exponential stability are developed using the Lyapunov–Krasovskii functional technique. Next, a coordinated FDI attack detection strategy is developed based on the dual nonlinear minimization problem. The proposed attack detection and secure state estimation strategies are tested on the IEEE 13-node system. Simulation results show that these schemes are effective in enhancing attack detection based on asynchronous measurements or compromised data. Full article

Quantum key distribution (QKD) networks promise information-theoretic security for multiple nodes by leveraging the fundamental laws of quantum mechanics. In practice, QKD networks require dedicated routing protocols to coordinate secure key distribution among distributed nodes. However, most existing routing protocols operate under the assumption that all relay nodes are honest and fully trustworthy, an assumption that may not hold in realistic scenarios. Malicious nodes may tamper with routing updates, causing inconsistent key-state views or divergent routing plans across the network. Such inconsistencies increase routing failure rates and lead to severe wastage of valuable secret keys. To address these challenges, we propose a distributed routing framework that combines two key components: (i) Causal Consistency Key-State Update, which prevents malicious nodes from propagating inconsistent key states and routing plans; and (ii) Trust-Aware Multi-path Flow Optimization, which incorporates trust metrics derived from discrepancies in reported states into the path-selection objective, penalizing suspicious links and filtering fabricated demands. Across 50-node topologies with up to 30% malicious relays and under all three attack modes, our protocol sustains a high demand completion ratio (DCR) (mean $0.90$, range $0.81$–$0.98$) while keeping key utilization low ($16.6$ keys per demand), decisively outperforming the baselines—Multi-Path Planned (DCR $0.48$, $30.8$ keys per demand) and OSPF (DCR $\le 0.12$, 296 keys per demand; max 1601). These results highlight that our framework balances reliability and efficiency, providing a practical and resilient foundation for secure QKD networking in adversarial environments. Full article

In image splicing tamper detection, forgery operations simultaneously introduce macroscopic semantic inconsistencies and microscopic tampering artifacts. Conventional methods often treat semantic understanding and low-level artifact perception as separate tasks, which impedes their effective synergy. Meanwhile, frequency-domain information, a crucial clue for identifying traces of tampering, is frequently overlooked. However, a simplistic fusion of frequency-domain and spatial features can lead to feature conflicts and information redundancy. To resolve these challenges, this paper proposes an Adaptive Multi-Scale Edge-Aware Network (AMSEANet). This network employs a synergistic enhancement cascade architecture, recasting semantic understanding and artifact perception as a single, frequency-aware process guided by deep semantics. It leverages data-driven adaptive filters to precisely isolate and focus on edge artifacts that signify tampering. Concurrently, the dense fusion and enhancement of cross-scale features effectively preserve minute tampering clues and boundary details. Extensive experiments demonstrate that our proposed method achieves superior performance on several public datasets and exhibits excellent robustness against common attacks, such as noise and JPEG compression. Full article

Botnet attacks on Internet of Things (IoT) devices are escalating at the 5G/6G multi-access edge, yet most federated learning frameworks for IoT malware detection (FL-IMD) still hinge on a central aggregator, enlarging the attack surface, weakening privacy, and creating a single point of failure. We propose a two-tier, fully decentralized FL architecture aligned with MEC’s Proximal Edge Server (PES)/Supplementary Edge Server (SES) hierarchy. PES nodes train locally and encrypt updates with the Cheon–Kim–Kim–Song (CKKS) scheme; SES nodes verify ECDSA-signed provenance, homomorphically aggregate ciphertexts, and finalize each round via an Algorand-style committee that writes a compact, tamper-evident record (update digests/URIs and a global-model hash) to an append-only ledger. Using the N-BaIoT benchmark with an unsupervised autoencoder, we evaluate known-device and leave-one-device-out regimes against a classical centralized baseline and a cryptographically hardened but server-centric variant. With the heavier CKKS profile, attack sensitivity is preserved (TPR $\ge 0.99$), and specificity (TNR) declines by only 0.20 percentage points relative to plaintext in both regimes; a lighter profile maintains TPR while trading 3.5–4.8 percentage points of TNR for about 71% smaller payloads. Decentralization adds only a negligible per-round overhead for committee finality, while homomorphic aggregation dominates latency. Overall, our FL-IMD design removes the trusted aggregator and provides verifiable, ledger-backed provenance suitable for trustless MEC deployments. Full article

With the in-depth integration of electric vehicles (EVs) and smart grids, the Cyber–Physical System for Vehicle–Grid (CPSVG) has become a crucial component of power systems. However, its inherent characteristic of deep cyber–physical coupling also renders it vulnerable to cyberattacks, particularly False Data Injection Attacks (FDIAs), which pose a severe threat to the safe and stable operation of the system. To address this challenge, this paper proposes an FDIA defense method based on K-Nearest Neighbor (KNN) and Graph Autoencoder (GAE). The method first employs the KNN algorithm to locate abnormal data in the system and identify the attacked nodes. Subsequently, Graph Autoencoder is utilized to reconstruct the tampered and contaminated data with high fidelity, restoring the accuracy and integrity of the data. Simulation verification was conducted in a typical vehicle–grid interaction system scenario. The results demonstrate that, compared with various scenarios such as no defense, traditional detection mechanisms, and only location-based data elimination, the proposed KNN-GAE method can more accurately identify and repair all attacked data. It provides reliable data input that is closest to the true values for subsequent state estimation, thereby significantly enhancing the system’s state awareness capability and operational stability after an attack. This study offers new insights and effective technical means for ensuring the security defense of the Vehicle–Grid Interaction Cyber–Physical System. Full article

With the advancement of technologies such as 5G, digital twins, and edge computing, the Internet of Things (IoT) as a critical component of intelligent systems is profoundly driving the transformation of various industries toward digitalization and intelligence. However, the exponential growth of network connection nodes has expanded the attack exposure surface of IoT devices. The IoT devices with limited storage and computing resources struggle to cope with new types of attacks, and IoT devices lack mature authorization and authentication mechanisms. It is difficult for traditional data-sharing solutions to meet the security requirements of cloud-based shared data. Therefore, this paper proposes a blockchain-based multi-authority IoT data-sharing scheme with attribute-based searchable encryption for intelligent system (BM-ABSE), aiming to address the security, efficiency, and verifiability issues of data sharing in an IoT environment. Our scheme decentralizes management responsibilities through a multi-authority mechanism to avoid the risk of single-point failure. By utilizing the immutability and smart contract function of blockchain, this scheme can ensure data integrity and the reliability of search results. Meanwhile, some decryption computing tasks are outsourced to the cloud to reduce the computing burden on IoT devices. Our scheme meets the static security and IND-CKA security requirements of the standard model, as demonstrated by theoretical analysis, which effectively defends against the stealing or tampering of ciphertexts and keywords by attackers. Experimental simulation results indicate that the scheme has excellent computational efficiency on resource-constrained IoT devices, with core algorithm execution time maintained in milliseconds, and as the number of attributes increases, it has a controllable performance overhead. Full article

Wireless sensor networks (WSNs) play a major role in various applications, but the main challenge is to maintain security and balanced energy efficiency. Classical routing protocols struggle to achieve both energy efficiency and security because they are more vulnerable to security risks and resource limitations. This paper introduces QSEER, a novel approach that uses quantum technologies to overcome these limitations. QSEER employs quantum-inspired optimization algorithms that leverage superposition and entanglement principles to efficiently explore multiple routing possibilities, thereby identifying energy-efficient paths and reducing redundant transmissions. The proposed protocol enhances the security of data transmission against eavesdropping and tampering by using the principles of quantum mechanics, thus mitigating potential security vulnerabilities. Through extensive simulations, we demonstrated the effectiveness of QSEER in achieving both security and energy efficiency objectives, which achieves 15.1% lower energy consumption compared to state-of-the-art protocols while maintaining 99.8% data integrity under various attack scenarios, extending network lifetime by an average of 42%. These results position QSEER as a significant advancement for next-generation WSN deployments in critical applications such as environmental monitoring, smart infrastructure, and healthcare systems. Full article

Industrial control systems (ICS) are increasingly vulnerable to evolving cyber threats due to the convergence of operational and information technologies. This research presents a robust cybersecurity framework that integrates machine learning-based anomaly detection with advanced cryptographic techniques to protect ICS communication networks. Using the ICS-Flow dataset, we evaluate several ensemble models, with XGBoost achieving 99.92% accuracy in binary classification and Decision Tree attaining 99.81% accuracy in multi-class classification. Additionally, we implement an LSTM autoencoder for temporal anomaly detection and employ the ADWIN technique for real-time drift detection. To ensure data security, we apply AES-CBC with HMAC and AES-GCM with RSA encryption, which demonstrates resilience against brute-force, tampering, and cryptanalytic attacks. Security assessments, including entropy analysis and adversarial evaluations (IND-CPA and IND-CCA), confirm the robustness of the encryption schemes against passive and active threats. A hardware implementation on a PYNQ Zynq board shows the feasibility of real-time deployment, with a runtime of 0.11 s. The results demonstrate that the proposed framework enhances ICS security by combining AI-driven anomaly detection with RSA-based cryptography, offering a viable solution for protecting ICS networks from emerging cyber threats. Full article

The rapid adoption of Metaverse technologies in healthcare, particularly for elder safety monitoring, has introduced new security challenges related to the authenticity of virtual representations. As healthcare providers increasingly rely on avatars and digital twins to monitor and interact with elderly patients remotely, ensuring the integrity of these virtual entities becomes paramount. This paper introduces SAVE (Securing Avatars in Virtual Environments), an emerging framework that leverages environmental fingerprinting based on Electric Network Frequency (ENF) signals to authenticate avatars and detect potential deepfake attacks in virtual healthcare settings. Unlike conventional authentication methods that rely solely on digital credentials, SAVE anchors virtual entities to the physical world by utilizing the unique temporal and spatial characteristics of ENF signals. We implement and evaluate SAVE in a Microverse-based nursing home environment designed for monitoring elderly individuals living alone. We evaluated SAVE using a prototype system with Raspberry Pi devices and multiple environmental sensors, demonstrating effectiveness across three attack scenarios in a 30-minute experimental window. Through the experimental evaluation of three distinct attack scenarios, unauthorized device attacks, device ID spoofing, and replay attacks using intercepted data, our system demonstrates high detection accuracy with minimal false positives. Results show that by comparing ENF fingerprints embedded in transmitted data with reference ENF signals, SAVE can effectively identify tampering and ensure the authenticity of avatar updates in real time. The SAVE approach enhances the security of virtual healthcare monitoring without requiring additional user intervention, making it particularly suitable for elderly care applications where ease of use is essential. Our findings highlight the potential of physical environmental fingerprints as a robust security layer for virtual healthcare systems, contributing to safer and more trustworthy remote monitoring solutions for vulnerable populations. Full article

In the digital era where images are easily accessible, concerns about image authenticity and integrity are increasing. To address this, we propose a deep learning-based fragile watermarking method for secure image authentication and content recovery. The method utilizes bottleneck features extracted by the convolutional encoder to carry both authentication and recovery information and employs deconvolution at the decoder to reconstruct image content. Additionally, the Arnold Transform is applied to scramble feature information, effectively enhancing resistance to collage attacks. At the detection stage, block voting and morphological closing operations improve tamper localization accuracy and robustness. Experiments tested various tampering ratios, with performance evaluated by PSNR, SSIM, precision, recall, and F1-score. Experiments under varying tampering ratios demonstrate that the proposed method maintains high visual quality and achieves reliable tamper detection and recovery, even at 75% tampering. Evaluation metrics including PSNR, SSIM, precision, recall, and F1-score confirm the effectiveness and practical applicability of the method. Full article

With the wide application of battery energy storage systems (BESSs) in DC microgrids, BESSs are facing increasingly severe cyber threats, among which, false data injection attacks (FDIAs) seriously undermine the accuracy of battery state estimation by tampering with sensor measurement data. To address this problem, this paper proposes an improved generative adversarial network (WGAN-GP)-based detection and defence method for FDIAs in battery energy storage systems. Firstly, a more perfect FDIA model is constructed based on the comprehensive consideration of the dual objectives of circumventing the bad data detection (BDD) system of microgrid and triggering the effective deviation of the system operating state quantity; subsequently, the WGAN-GP network architecture introducing the gradient penalty term is designed to achieve the efficient detection of the attack based on the anomalous scores output from the discriminator, and the generator reconstructs the tampered measurement data. Finally, the state prediction after repair is completed based on Gaussian process regression. The experimental results show that the proposed method achieves more than 92.9% detection accuracy in multiple attack modes, and the maximum reconstruction error is only 0.13547 V. The overall performance is significantly better than that of the traditional detection and restoration methods, and it provides an effective technical guarantee for the safe and stable operation of the battery energy storage system. Full article

The Extensible Authentication Protocol–Transport Layer Security (EAP-TLS) is a critical authentication protocol for wireless networks and secure IoT communications. However, it faces significant challenges from man-in-the-middle attacks, including message tampering, replay, and certificate forgery. Although model checking techniques have been applied to verify its security properties, the complexity of the EAP-TLS handshake often prevents accurate formal modeling; existing studies rarely assess the communication overhead of protocol enhancements. Moreover, traditional Logic of Events Theory (LoET) struggles to handle transport-layer protocols like EAP-TLS due to their intricate interaction processes. This study proposes a novel formal analysis approach, extending LoET by expanding five event classes, formulating corresponding rules, and introducing new axioms. Formal verification reveals attack paths involving plaintext theft, message tampering, and entity impersonation. The research proposes an enhanced strategy to mitigate these vulnerabilities through hash merging, encryption, and signature methods, alongside analyzing their communication costs to ensure feasibility. Using the extended LoET, the improved protocol is rigorously proven to satisfy strong authentication, thereby enhancing practical security. The proposed method achieves a time complexity of O(n²) and demonstrates superior performance in resisting state explosion compared with related approaches, thus establishing a more efficient and robust framework for EAP-TLS security analysis. Full article

Generative steganographic text covertly transmits hidden information through readable text that is unrelated to the message. Existing AI-based linguistic steganography primarily focuses on improving text quality to evade detection and therefore only addresses passive attacks. Active attacks, such as text tampering, can disrupt the symmetry between encoding and decoding, which in turn prevents accurate extraction of hidden information. To investigate these threats, we construct two attack models: the in-domain synonym substitution attack (ISSA) and the out-of-domain random tampering attack (ODRTA), with ODRTA further divided into continuous (CODRTA) and discontinuous (DODRTA) types. To enhance robustness, we propose a proactive adaptive-clustering defense against ISSA, and, for CODRTA and DODRTA, a post-hoc repair mechanism based on context-oriented search and the determinism of text generation. Experimental results demonstrate that these mechanisms effectively counter all attack types and significantly improve the integrity and usability of hidden information. The main limitation of our approach is the relatively high computational cost of defending against ISSA. Future work will focus on improving efficiency and expanding practical applicability. Full article

This systematic literature review pioneers the synthesis of cybersecurity challenges for automotive digital twins (DTs), a critical yet underexplored frontier in connected vehicle security. The notion of digital twins, which act as simulated counterparts to real-world systems, is revolutionizing secure system design within the automotive sector. As contemporary vehicles become more dependent on interconnected electronic systems, the likelihood of cyber threats is escalating. This comprehensive literature review seeks to analyze existing research on threat modeling and security testing in automotive digital twins, aiming to pinpoint emerging patterns, evaluate current approaches, and identify future research avenues. Guided by the PRISMA framework, we rigorously analyze 23 studies from 882 publications to address three research questions: (1) How are threats to automotive DTs identified and assessed? (2) What methodologies drive threat modeling? Lastly, (3) what techniques validate threat models and simulate attacks? The novelty of this study lies in its structured classification of digital twin types (physics based, data driven, hybrid), its inclusion of a groundbreaking threat taxonomy across architectural layers (e.g., ECU tampering, CAN-Bus spoofing), the integration of the 5C taxonomy with layered architectures for DT security testing, and its analysis of domain-specific tools such as VehicleLang and embedded intrusion detection systems. The findings expose significant deficiencies in the strength and validation of threat models, highlighting the necessity for more adaptable and comprehensive testing methods. By exposing gaps in scalability, trust, and safety, and proposing actionable solutions aligned with UNECE R155, this SLR delivers a robust framework to advance secure DT development, empowering researchers and industry to fortify vehicle resilience against evolving cyber threats. Full article