Sign in to use this feature.

Years

Between: -

Subjects

remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline

Journals

Article Types

Countries / Regions

Search Results (132)

Search Parameters:
Keywords = zero-trust architecture

Order results
Result details
Results per page
Select all
Export citation of selected articles as:
35 pages, 1360 KB  
Article
Decentralized Tele-Rehabilitation via Edge AI-Oracle Architecture for Spatiotemporal Pain Assessment
by Nataliya Bilous, Danylo Ostapchenko, Iryna Ahekian and Marcus Frohme
Sensors 2026, 26(13), 4136; https://doi.org/10.3390/s26134136 - 1 Jul 2026
Viewed by 234
Abstract
Remote tele-rehabilitation requires objective pain assessment, but existing approaches fail in two distinct ways. Self-report scales such as the Visual Analog Scale and the Numeric Pain Rating Scale are easy to falsify, opening a special case of the Oracle problem in blockchain-based insurance. [...] Read more.
Remote tele-rehabilitation requires objective pain assessment, but existing approaches fail in two distinct ways. Self-report scales such as the Visual Analog Scale and the Numeric Pain Rating Scale are easy to falsify, opening a special case of the Oracle problem in blockchain-based insurance. Cloud-based computer vision handles falsification but transmits raw biometric video off the patient’s device, violating privacy requirements. A decentralized Edge AI-Oracle architecture is proposed that combines MediaPipe Face Mesh landmark extraction with a recurrent classifier mapping Action-Unit feature sequences to a learned pain score aligned with the Prkachin and Solomon Pain Intensity scale. The recurrent cell is selected empirically across short-context (T = 2) and long-context (T = 120 frames at 24 fps) regimes, with a two-layer Long Short-Term Memory (LSTM) network adopted for deployment. Inference and Elliptic Curve Digital Signature Algorithm (ECDSA) signing run inside an ARM TrustZone Trusted Execution Environment (TEE). Biometric logs are stored off-chain on the InterPlanetary File System (IPFS). Smart contracts anchor results on-chain and open a 24 h optimistic verification window for an off-chain Watchtower auditor. On SynPAIN the LSTM reaches F1 = 0.683 on T = 120 video (leave-one-stratum-out), with a directional but non-significant advantage over Gated Recurrent Unit (GRU) (Wilcoxon p = 0.167). Cross-dataset validation on BioVid Heat Pain Database Part A (87 subjects, 174 paired observations, leave-one-subject-out) yields F1 = 0.519 for LSTM and 0.499 for GRU (Wilcoxon p = 0.549). A processor-only TEE surrogate benchmark estimates 1.96 ms (FP32) and 0.45 ms (INT8) inference latency at T = 120 with a 0.34 MB footprint and 707 µs ECDSA signing latency, leaving the INT8 inference latency more than an order of magnitude below the 33 ms per-frame budget. The dual-layer storage reduces gas costs by a factor of 23.4 (160,261 vs. 3,744,872 gas), corresponding to an illustrative mainnet cost of approximately 0.53 USD per submission at 1 gwei, rising to roughly 16 USD at a busier 30 gwei, and falling to approximately 0.005 USD on Arbitrum One (April 2026 reference parameters), so that continuous monitoring is economically practical on Layer-2. An adaptive-adversary analysis of the Watchtower shows that gross score tampering is detected at every usable operating threshold, whereas a rational adversary who inflates by less than the dispute threshold, or who shapes the injected score to fall just inside it, evades detection. Because the false-positive rate reaches zero only for δ0.15, the protocol bounds rather than eliminates patient-side fraud and motivates a zero-knowledge proof-of-inference successor. The framework is architecturally and economically feasible as a cryptographically verifiable, privacy-preserving tele-rehabilitation substrate aligned with General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA) requirements through the Zero-Video Transmission principle, while remaining economically viable under post-Dencun mainnet and Layer-2 conditions. Recognition accuracy on real-world data and robustness to small-magnitude tampering remain limitations that the interchangeable recognition and audit components must improve before clinical deployment. Full article
(This article belongs to the Special Issue AI and Big Data for Smart Healthcare: Ensuring Privacy and Security)
Show Figures

Figure 1

31 pages, 1555 KB  
Review
A Review of Zero Trust Architecture: Principles, Applications, and Implementation Challenges in Communication, Navigation, and Surveillance (CNS) Systems
by Nompilo Ngema, Bakhe Nleya and Rito Clifford Maswanganyi
Sensors 2026, 26(12), 3813; https://doi.org/10.3390/s26123813 - 15 Jun 2026
Viewed by 598
Abstract
The increasing interconnectivity and digital transformation of Communication, Navigation, and Surveillance (CNS) systems have expanded their attack surface, rendering traditional perimeter-based security models inadequate for protecting these critical infrastructures. Zero Trust Architecture (ZTA), founded on the principle of “never trust, always verify,” offers [...] Read more.
The increasing interconnectivity and digital transformation of Communication, Navigation, and Surveillance (CNS) systems have expanded their attack surface, rendering traditional perimeter-based security models inadequate for protecting these critical infrastructures. Zero Trust Architecture (ZTA), founded on the principle of “never trust, always verify,” offers a paradigm shift towards continuous, context-aware security. This paper presents a literature review investigating the application of ZTA principles to secure modern CNS ecosystems, following the guidelines of the International Civil Aviation Organization (ICAO) through its Cybersecurity Strategy and Plan. We analyze the alignment of ZTA core tenets—such as least-privilege access, micro-segmentation, and continuous authentication—with the unique operational requirements of CNS systems. This paper also presents a cybersecurity framework, under development within the Future Communications Digital Infrastructure (FCDI) project of the SESAR JU program, which aims to assist CNS stakeholders in collaboratively identifying cybersecurity threats within their scope of responsibility. The review critically examines implementation challenges for specific CNS subsystems: secure aeronautical communications (e.g., LDACS), resilient PNT (Positioning, Navigation, and Timing) services, and integrated surveillance networks (e.g., ADS-B, multilateration). Furthermore, we identify and evaluate domain-specific challenges, including integration with legacy avionics and ground systems, managing stringent latency and reliability constraints, and protecting against sophisticated threats targeting supply chains and data fusion processes. By synthesizing current research and practical deployment insights, this review aims to provide a foundational reference for aerospace engineers, cybersecurity specialists, and policymakers, offering a roadmap to enhance the cyber-resilience of vital CNS infrastructure in an era of evolving digital threats. Full article
(This article belongs to the Section Navigation and Positioning)
Show Figures

Figure 1

28 pages, 462 KB  
Systematic Review
Systematic Literature Review of AI-Driven Multi-Cloud Anomaly Detection in Zero-Trust Frameworks
by Ziad Almulla and Abdullah Albuali
Appl. Sci. 2026, 16(12), 5938; https://doi.org/10.3390/app16125938 - 12 Jun 2026
Viewed by 491
Abstract
Multi-cloud is becoming more challenging to secure as traditional perimeter-based security models have a hard time protecting workloads running across multiple cloud platforms, identities, and services. To address this challenge, organizations are shifting to Zero-Trust Architecture (ZTA), which focuses on constant verification and [...] Read more.
Multi-cloud is becoming more challenging to secure as traditional perimeter-based security models have a hard time protecting workloads running across multiple cloud platforms, identities, and services. To address this challenge, organizations are shifting to Zero-Trust Architecture (ZTA), which focuses on constant verification and stringent access control, coupled with anomaly detection methodologies to gain better visibility and threat detection in the distributed cloud environment. This paper presents a Systematic Literature Review (SLR) of anomaly detection approaches in multi-cloud environments and how these are applied in zero-trust security models. The review is conducted according to the guidelines of the 2020 Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA 2020), and is based on studies published between 2020 and 2025 selected from the databases of the following journals: Institute of Electrical and Electronics (IEEE) Xplore, Science Direct, MDPI, Google Scholar, and the Saudi Digital Library. Studies found on benchmark datasets such as CICIDS-2017 and UNSW-NB15 are not evaluated, as none addressed real multi-cloud environments. Although zero trust is highlighted in general, very few studies have implemented basics of zero trust such as micro-segmentation, identity federation, and enforcement through policy. Overall, this review identifies gaps around cross-cloud validation, explainability, and compliance-aware security design, including lack of attention to regulations such as the GDPR and HIPAA. These findings provide helpful recommendations for future research and development on practical and security solutions for multi-cloud environments. Full article
Show Figures

Figure 1

20 pages, 964 KB  
Article
Trusting the Unverifiable: The Transformation of SOX Internal Control Under Zero-Trust Architecture and AI-Driven ERP Systems
by Guy E. Toibin, Yotam Lurie and Shlomo Mark
Account. Audit. 2026, 2(2), 9; https://doi.org/10.3390/accountaudit2020009 - 8 Jun 2026
Viewed by 321
Abstract
Enterprise Resource Planning (ERP) systems have long served as the primary infrastructure for internal control in financial governance, functioning as deterministic, auditable systems of record. The emergence of Zero-Trust Architecture (ZTA) and artificial intelligence (AI) progressively challenges this model, transforming enterprise systems from [...] Read more.
Enterprise Resource Planning (ERP) systems have long served as the primary infrastructure for internal control in financial governance, functioning as deterministic, auditable systems of record. The emergence of Zero-Trust Architecture (ZTA) and artificial intelligence (AI) progressively challenges this model, transforming enterprise systems from passive ledgers into autonomous systems of judgment capable of influencing decisions with direct financial and regulatory consequences. This study investigates how trust mediates this transformation. Drawing on a longitudinal dataset of 968 survey responses collected across five measurement waves during a ZTA deployment in a multinational telecommunications organization, we apply an extended Technology Acceptance Model (TAM) to examine changes in perceived usefulness, ease of use, and trust. The findings reveal an Audit Paradox: ZTA simultaneously strengthens formal compliance controls while eroding user trust and perceived productivity, with only partial recovery following structured governance interventions. Building on these findings, we introduce a trust-contingent framework for ERP evolution and develop the concept of the Agency Gap, a structural misalignment between algorithmic decision-making authority and institutional accountability. This study extends accounting and auditing theory into AI-driven control environments and offers practical guidance for auditors, CFOs, and technology leaders navigating the governance of increasingly autonomous digital systems. This study contributes by empirically demonstrating the trust-mediated dynamics of advanced control architectures, introducing the Agency Gap as a theoretical construct addressing algorithmic accountability in AI-driven governance, and extending Sarbanes–Oxley (SOX) oriented control theory into probabilistic, algorithmic environments. Full article
Show Figures

Figure 1

56 pages, 5921 KB  
Review
AI-Driven Digital Twins in Sustainable Manufacturing: A Critical Review
by Francis T. Omigbodun
Sustainability 2026, 18(11), 5785; https://doi.org/10.3390/su18115785 - 5 Jun 2026
Viewed by 1241
Abstract
Manufacturing systems are undergoing a fundamental transition as efficiency-driven optimisation paradigms prove increasingly inadequate for meeting net-zero, resource-efficiency, and resilience objectives. Digital twins have emerged as a central enabler of this transition, offering continuously coupled physical–digital representations capable of real-time monitoring, prediction, and [...] Read more.
Manufacturing systems are undergoing a fundamental transition as efficiency-driven optimisation paradigms prove increasingly inadequate for meeting net-zero, resource-efficiency, and resilience objectives. Digital twins have emerged as a central enabler of this transition, offering continuously coupled physical–digital representations capable of real-time monitoring, prediction, and control. Recent advances in artificial intelligence have accelerated this evolution, transforming digital twins from static simulation artefacts into adaptive, learning-enabled systems embedded within cyber–physical manufacturing environments. However, this shift has also exposed critical challenges related to trust, interpretability, scalability, and sustainability alignment. This review provides a critical synthesis of AI-enabled digital twin research with a specific focus on manufacturing and additive manufacturing systems. It examines the progression from physics-based and data-driven twins toward hybrid AI–physics architectures that balance predictive performance with physical consistency and explainability. Beyond technical performance, the review reframes digital twins as decision-making infrastructures whose value depends on how effectively they integrate energy consumption, material efficiency, carbon intensity, and lifecycle impacts into optimisation and control logic. Particular attention is given to real-time optimisation, predictive maintenance, and intelligent asset management, highlighting persistent gaps in uncertainty propagation, cross-scale coordination, and sustainability-aware governance. The review further identifies structural barriers to large-scale industrial adoption, including data interoperability fragmentation, platform lock-in, organisational resistance, and regulatory ambiguity surrounding AI-driven decisions. Synthesising insights across domains, it argues that many current digital twin implementations remain technically sophisticated yet strategically conservative, reinforcing throughput-centred objectives rather than enabling systemic decarbonisation and circularity. The paper concludes by outlining future research directions and policy-relevant opportunities, emphasising the need for digital twins that reason across timescales, objectives, and lifecycle boundaries. By aligning manufacturing intelligence with measurable sustainability outcomes, AI-enabled digital twins can move from incremental efficiency gains toward transformative impact in net-zero and circular manufacturing systems. Full article
Show Figures

Figure 1

25 pages, 3877 KB  
Article
Lightweight Dual Blockchain Authentication for 6G-Enabled IoT Environments
by Mouchira Bensari, Azeddine Bilami, Karam Eddine Bilami, Pascal Lorenz and Jaafar Gaber
Telecom 2026, 7(3), 64; https://doi.org/10.3390/telecom7030064 - 1 Jun 2026
Viewed by 403
Abstract
The emergence of 6G heterogeneous networks integrating unmanned aerial vehicles (UAVs), intelligent reflecting surfaces (IRSs), Internet of Things (IoT) devices, and fog/edge nodes creates new opportunities for intelligent and latency-sensitive applications while introducing significant security challenges. Traditional authentication mechanisms are inadequate for such [...] Read more.
The emergence of 6G heterogeneous networks integrating unmanned aerial vehicles (UAVs), intelligent reflecting surfaces (IRSs), Internet of Things (IoT) devices, and fog/edge nodes creates new opportunities for intelligent and latency-sensitive applications while introducing significant security challenges. Traditional authentication mechanisms are inadequate for such dynamic, distributed, and heterogeneous environments that require secure collaborative communications. This paper proposes an authentication scheme based on Fog-RAN (Fog Radio Access Network) and a dual-blockchain architecture with smart contracts and elliptic curve cryptography (ECC). The proposed scheme provides secure network access, mutual authentication, traceability, auditability, and zero-trust enforcement. Formal verification using the ROR model, AVISPA and performance evaluation through smart-contract simulations indicate resilience to common network and cryptographic attacks and improved efficiency. Compared with existing schemes, the proposed approach reduces computation cost, bandwidth, and energy consumption by 64.2%, 59.6%, and 31.4%, respectively. These results support the suitability of the scheme for secure, scalable, and energy-efficient authentication in next-generation 6G networks. Full article
Show Figures

Figure 1

26 pages, 1994 KB  
Article
End-to-End Performance Analysis of an Intelligent Zero-Trust Framework for SDN: A Quantitative Evaluation of Latency and Overhead
by Walaa Alayed, Hassam Ahmed Tahir and Waqar Ul Hassan
Electronics 2026, 15(11), 2376; https://doi.org/10.3390/electronics15112376 - 1 Jun 2026
Viewed by 361
Abstract
The integration of deep learning-based anomaly detection with zero-trust authentication in software-defined networking (SDN) improves security but introduces operational costs. This paper presents a comprehensive performance analysis of the Intelligent Zero-Trust Security Framework for SDN (IZTSDN). We develop an extended MiniIZTA testbed and [...] Read more.
The integration of deep learning-based anomaly detection with zero-trust authentication in software-defined networking (SDN) improves security but introduces operational costs. This paper presents a comprehensive performance analysis of the Intelligent Zero-Trust Security Framework for SDN (IZTSDN). We develop an extended MiniIZTA testbed and measure the authentication latency, detection latency, mitigation latency, and resource usage across 4 to 64 nodes. Under normal conditions, the mean latency is 83±4 ms (95% CI, N=1000, σ=12 ms). Under DDoS attack, the mean latency increases to 235±11 ms (95% CI, N=1000, σ=38 ms), CPU usage reaches 94±2% (95% CI), and scalability becomes constrained beyond 16–32 nodes. The deep learning component is identified as the main bottleneck. We propose optimization strategies including hardware acceleration, efficient attention mechanisms, and a distributed architecture. These results provide practical guidance for deployment in virtualized, controller-centric SDN environments and offer a quantitative baseline for larger-scale extrapolation. Full article
(This article belongs to the Section Artificial Intelligence)
Show Figures

Figure 1

35 pages, 1110 KB  
Article
A Parameterizable Research Framework for Electronic Voting Based on Cryptographic Protocols and Blockchain Audit
by Tolegen Aidynov, Dina Satybaldina, Gulsipat Abisheva and Eldor Egamberdiyev
Cryptography 2026, 10(3), 34; https://doi.org/10.3390/cryptography10030034 - 27 May 2026
Viewed by 390
Abstract
Electronic voting requires the simultaneous admission of only legitimate participants, ballot uniqueness, vote confidentiality, storage integrity, and result verifiability. Blockchain alone does not solve these problems, since ledger immutability does not guarantee anonymity, ballot correctness, or reduced trust concentration. The purpose of this [...] Read more.
Electronic voting requires the simultaneous admission of only legitimate participants, ballot uniqueness, vote confidentiality, storage integrity, and result verifiability. Blockchain alone does not solve these problems, since ledger immutability does not guarantee anonymity, ballot correctness, or reduced trust concentration. The purpose of this work is to develop a parameterizable research framework for electronic voting scenarios with enhanced cryptographic protection, allowing the security level to be varied according to the requirements of a voting scenario. The main contribution of the work is a parameterizable research architecture for composing and experimentally comparing electronic voting configurations with different security and computational profiles. The cryptographic and audit mechanisms integrated into this architecture include blind-signature-based anonymous authorization, encrypted ballot submission, blockchain-style audit, receipt verification, homomorphic tally publication, and threshold-supported tally artifacts. These mechanisms are not proposed as new cryptographic primitives; rather, they are integrated into a reproducible prototype to study how their combination affects verifiability, privacy support, auditability, and computational cost. Compared with basic blockchain-based voting prototypes, this architecture explicitly separates security, privacy, and verifiability profiles and makes their computational cost observable. The implemented prototype is used as an experimental platform for analyzing supported security properties, threat modeling, and computational cost estimation. The results show that authentication, anonymous token issuance, and receipt verification maintain an almost constant cost at the studied scale, while the main cryptographic burden is associated with encrypted ballot submission and threshold-supported tally publication. The scientific novelty of the work lies in constructing a parameterizable architecture that integrates several cryptographic mechanisms and a blockchain audit layer into one reproducible research prototype. At the same time, the proposed approach retains prototype-level limitations associated with the absence of a full zero-knowledge proof stack, independently deployed threshold authorities, and coercion-resistance mechanisms. Full article
Show Figures

Figure 1

19 pages, 2931 KB  
Article
Enhancing the Adoption of Zero Trust in Organizations Using Machine Learning
by Aeshah Mohammed Alshehri, Samer H. Atawneh, Hussein Al Bazar and Roxane Elias Mallouhy
Future Internet 2026, 18(6), 278; https://doi.org/10.3390/fi18060278 - 24 May 2026
Viewed by 654
Abstract
Cybersecurity has become a critical concern for individuals, organizations, and governments, especially with the rise of sophisticated cyberattacks and remote work environments. Traditional security approaches are no longer sufficient, leading to the adoption of advanced frameworks such as the zero-trust model, which operates [...] Read more.
Cybersecurity has become a critical concern for individuals, organizations, and governments, especially with the rise of sophisticated cyberattacks and remote work environments. Traditional security approaches are no longer sufficient, leading to the adoption of advanced frameworks such as the zero-trust model, which operates on the principle “never trust, always verify.” This model enforces strict access controls and continuous monitoring across all network activities. Designing an intelligent zero-trust system is challenging due to the complexity of network environments and the evolving nature of malicious threats. This project proposes an advanced zero-trust architecture that integrates machine learning and multi-factor authentication (MFA) to strengthen security. Specifically, it employs Multilayer Perceptron models and k-Nearest Neighbors algorithms to analyze system logs and user behavior, enabling real-time anomaly detection and adaptive authentication mechanisms. The proposed framework is experimentally evaluated using the H-MOG behavioral–contextual authentication dataset, which captures multimodal user interaction patterns and supports continuous authentication analysis within Zero Trust environments. The integration of machine learning enhances the system’s ability to identify suspicious activities quickly and accurately, while MFA provides an additional layer of protection against unauthorized access. Moreover, the proposed framework emphasizes usability, ensuring that enhanced security does not impose excessive burden on users or IT teams. This allows the framework to respond more effectively to potential threats while maintaining usability. Overall, the proposed approach offers a practical and scalable solution that improves detection performance and strengthens continuous authentication and adaptive access control within Zero Trust environments. Full article
Show Figures

Graphical abstract

58 pages, 8495 KB  
Article
Detection and Mitigation of Mythos-Class Frontier Model Capabilities: A Layered Reference Architecture
by Robert Campbell
Computers 2026, 15(6), 331; https://doi.org/10.3390/computers15060331 - 22 May 2026
Viewed by 967
Abstract
Anthropic’s April 2026 Claude Mythos Preview release established a new operational threat category: frontier AI systems whose extended-context reasoning, recursive self-correction, native system-tool integration, and agentic scaffolding render dominant AI safety paradigms—RLHF, output filtering, contractual access vetting, human-in-the-loop supervision—insufficient as sole controls. This [...] Read more.
Anthropic’s April 2026 Claude Mythos Preview release established a new operational threat category: frontier AI systems whose extended-context reasoning, recursive self-correction, native system-tool integration, and agentic scaffolding render dominant AI safety paradigms—RLHF, output filtering, contractual access vetting, human-in-the-loop supervision—insufficient as sole controls. This paper develops a defense-in-depth reference architecture against that category, structured around four named contributions: a five-indicator operational definition of the Mythos-class (capability conjoined with scaffold, access pattern, autonomy depth, and persistence); the Mythos-Class Posture Rubric (MCPR), a three-tier detection framework spanning evaluation, deployment, and runtime with explicit routing to mitigation layers; a four-layer mitigation stack comprising the Vetted-Access Operational Pattern (VAOP), Authority-Bound Output Release (ABOR) cryptographically grounded in FIPS 203/204/205 post-quantum primitives, and the Compute-Plane Isolation Profile (CPIP); and an integrated architecture that crosswalks to the NIST AI Risk Management Framework, NIST Cybersecurity Framework 2.0, and CISA Zero Trust Maturity Model 2.0. The architecture is applied to three deployment surfaces—post-quantum cryptography migration, federal AI supply-chain assurance, and critical-infrastructure operational technology defense—demonstrating that the four contributions generalize across heterogeneous operational contexts. The contribution is a reference design rather than a deployed system; limitations, falsifiability criteria, and a research agenda for empirical refinement are developed. Full article
Show Figures

Graphical abstract

35 pages, 7273 KB  
Article
ZeroTrustEdu: A Lightweight Post-Quantum Cryptography Framework with Adaptive Trust Scoring for Secure Cloud-IoT E-Learning Platforms
by Weam Gaoud Alghabban
Electronics 2026, 15(10), 2132; https://doi.org/10.3390/electronics15102132 - 15 May 2026
Viewed by 408
Abstract
The rapid proliferation of Internet of Things (IoT) devices in cloud-based e-learning platforms has posed significant security risks, particularly in protecting learner information, authentication of devices, and safe communication in the highly heterogeneous learning settings. Current cryptographic solutions are largely based on classical [...] Read more.
The rapid proliferation of Internet of Things (IoT) devices in cloud-based e-learning platforms has posed significant security risks, particularly in protecting learner information, authentication of devices, and safe communication in the highly heterogeneous learning settings. Current cryptographic solutions are largely based on classical public-key infrastructure (PKI) protocols such as RSA and ECC, which will become vulnerable with the advent of large-scale quantum computers capable of executing Shor’s algorithm. In addition, traditional perimeter-based security models are inadequate for handling the dynamics, scattered, and resource-limited characteristics of IoT-enabled educational systems. As a solution to these problems, this paper introduces ZeroTrustEdu, a scalable zero-trust cryptographic solution that combines lightweight post-quantum key management with adaptive trust scoring of cloud-connected IoT e-learning infrastructure. The proposed framework makes three fundamental contributions namely: (1) a hierarchical zero-trust security model with no implicit trust, operating across device, edge, and cloud layers; (2) a lightweight key distribution protocol based on the Module-Lattice Key Encapsulation Mechanism (ML-KEM) compliant with NIST FIPS 203 standards and (3) an adaptive behavioral trust scoring engine that dynamically adjusts device and user trust levels based on real-time interaction analytics. The architecture is evaluated using extensive NS-3 network simulations with up to 100,000 concurrent IoT nodes with formal security analysis under Chosen Plaintext Attack (CPA) and Chosen Ciphertext Attack (CCA) threat models. Comparative evaluation against RSA-2048, ECC-P256, and AES-256 baselines demonstrates that, ZeroTrustEdu delivers a 62% ± 3% (95% CI, 10 independent runs) reduction in ML-KEM encapsulation latency (12.8 ms for key encapsulation/decapsulation, contributing to a complete device authentication latency of 47.3 ms including ML-DSA signature operations), 45% reduced communication overheads, and 38% reduction in energy consumption on ARM Cortex-M4 constrained devices compared to RSA-2048 and achieves provable post-quantum security reducible to the hardness of the Module Learning With Errors (MLWE) problem. These findings demonstrate that the proposed architecture provides a viable, scalable, and quantum-resilient security solution for next-generation IoT-enabled e-learning environments. The cryptographic security of ZeroTrustEdu is guaranteed at the primitive level through NIST-standardized ML-KEM (FIPS 203) and ML-DSA (FIPS 204), with IND-CCA2 and EUF-CMA security formally proven in the respective standards; full protocol-level formal verification using automated theorem provers (ProVerif, Tamarin) is identified as valuable future work to rule out protocol-composition vulnerabilities beyond primitive-level guarantees. Full article
(This article belongs to the Section Computer Science & Engineering)
Show Figures

Figure 1

17 pages, 2705 KB  
Article
A Cooperative Network Management Architecture for Manned–Unmanned Aircraft Teaming Using Network Drones
by Changmin Park and Hwangnam Kim
Electronics 2026, 15(10), 2102; https://doi.org/10.3390/electronics15102102 - 14 May 2026
Viewed by 386
Abstract
Conventional direct communication in Manned–Unmanned Teaming (MUM-T) suffers from fundamental scalability and security limitations. As the number of Unmanned Aerial Vehicles (UAVs) increases, the communication burden on the manned aircraft (MA) grows significantly, while security threats originating from UAVs may directly propagate to [...] Read more.
Conventional direct communication in Manned–Unmanned Teaming (MUM-T) suffers from fundamental scalability and security limitations. As the number of Unmanned Aerial Vehicles (UAVs) increases, the communication burden on the manned aircraft (MA) grows significantly, while security threats originating from UAVs may directly propagate to the MA. To address these challenges, this paper proposes a hierarchical communication architecture that introduces dedicated Network Drones (NDs) as intermediate communication mediators and trust boundaries between the MA and multiple UAV swarms. In the proposed design, the MA interacts exclusively with NDs, while UAV swarms communicate through ND-mediated links, effectively bounding the number of MA-facing connections and enabling scalable communication. Building on this structured communication model, a message-level Zero-Trust framework is enforced at the MA–ND interface. Each message is evaluated using a multi-dimensional risk model that incorporates authentication consistency, behavioral consistency, content validity, and contextual information, enabling early detection and containment of compromised UAV behavior. Furthermore, the architecture incorporates backup planning mechanisms, including dynamic reassociation and hot-standby operation, to ensure robust communication under ND failure conditions. Experimental results demonstrate that the proposed approach reduces MA-facing communication overhead, stabilizes end-to-end latency, and improves detection performance in terms of false positives and false negatives, while maintaining system robustness under failure scenarios. Full article
(This article belongs to the Special Issue Intelligent Technologies for Vehicular Networks, 2nd Edition)
Show Figures

Figure 1

73 pages, 1092 KB  
Article
Multi-Vector Adversarial Testing of an AI-Orchestrated Zero Trust Methodology on Constrained Edge Hardware
by Ian Matthew Campbell Coston, Karl David Hezel, Eadan Plotnizky and Mehrdad Nojoumian
Appl. Sci. 2026, 16(10), 4809; https://doi.org/10.3390/app16104809 - 12 May 2026
Viewed by 439
Abstract
This paper is the empirical validation companion to our prior methodology paper introducing the Automated Zero Trust Risk Management with DevSecOps Integration (AZTRM-D) methodology, conducted through multi-vector adversarial testing on physical NVIDIA Jetson Orin Nano hardware. AZTRM-D unifies DevSecOps automation, the NIST Risk [...] Read more.
This paper is the empirical validation companion to our prior methodology paper introducing the Automated Zero Trust Risk Management with DevSecOps Integration (AZTRM-D) methodology, conducted through multi-vector adversarial testing on physical NVIDIA Jetson Orin Nano hardware. AZTRM-D unifies DevSecOps automation, the NIST Risk Management Framework, and Zero Trust architecture with AI orchestration via Cybectr Sentinel, featuring six AI subsystems with formal specifications. Testing spanned three progressive hardening stages across seven attack categories under a blind three-tester protocol with inter-rater agreement analysis. Factory-default devices were fully compromised in under five minutes. After full hardening, zero successful breaches were recorded across any tested vector. The CI/CD pipeline achieved a vulnerability detection rate of 96.8% (Wilson 95% CI: [0.891, 0.991]). Sentinel delivered 94.1% precision, 91.8% recall, and 4.2 min average detection time within 12–18% CPU overhead on edge hardware. A 14-capability comparative analysis against five established frameworks found seven capabilities unique to AZTRM-D. The 93.7% adversarial detection rate is reported against DiCE-generated counterfactual inputs and is bounded by the black-box threat model used in evaluation; gradient-based white-box attack evaluation is documented as a scoped Stage 4 future-work item. All three testers are affiliated with Cybectr LLC, the developer of AZTRM-D and Cybectr Sentinel; this conflict of interest is the most significant limitation of the present work, and independent third-party laboratory validation is the highest-priority Stage 4 deliverable. Full article
(This article belongs to the Special Issue Advances in Artificial Intelligence for Cybersecurity)
Show Figures

Figure 1

39 pages, 10441 KB  
Article
IRAS-SDLC: Lifecycle Risk Aggregation for Secure AI-Augmented Software Assurance Under RMF and Zero Trust
by Samson Quaye, Maurice Dawson and Ahmed Ben Ayed
Systems 2026, 14(5), 546; https://doi.org/10.3390/systems14050546 - 11 May 2026
Viewed by 606
Abstract
Modern machine learning approaches for vulnerability detection achieve strong performance within specific datasets, yet their reliability degrades under domain shift, limiting their effectiveness for real-world secure software development lifecycle (SDLC) decision-making. In particular, probabilistic vulnerability predictions, while well-calibrated, exhibit instability across heterogeneous codebases, [...] Read more.
Modern machine learning approaches for vulnerability detection achieve strong performance within specific datasets, yet their reliability degrades under domain shift, limiting their effectiveness for real-world secure software development lifecycle (SDLC) decision-making. In particular, probabilistic vulnerability predictions, while well-calibrated, exhibit instability across heterogeneous codebases, reducing their suitability as standalone risk indicators. This paper introduces Intelligent Risk-Adaptive Secure SDLC (IRAS-SDLC), a lifecycle risk aggregation framework for Secure AI-Augmented Software Assurance under the Risk Management Framework (RMF) and Zero Trust. The proposed framework integrates model-derived vulnerability likelihood with structured security metrics, specifically exploitability and impact derived from standardized Common Vulnerability Scoring System (CVSS) data, to construct a unified and interpretable risk representation. This formulation enables consistent prioritization across SDLC phases while aligning with RMF control families and Zero Trust continuous verification principles. By combining learned semantic signals with domain-independent security factors, IRAS mitigates the instability of vulnerability likelihood under distributional shifts and provides a more robust basis for cross-domain risk assessment. The framework embeds risk evaluation early in the SDLC, enabling proactive identification of vulnerabilities during the requirements and design phases rather than post-implementation detection. Empirical evaluation demonstrates that IRAS-SDLC maintains meaningful risk estimation under domain shift and significantly improves lifecycle outcomes. In particular, early risk identification yields negative detection latency relative to conventional methods and reduces simulated remediation costs by up to an order of magnitude. IRAS-SDLC bridges the gap between machine learning-based vulnerability prediction and governance-aligned security assurance by providing a stable, interpretable, and lifecycle-aware risk assessment mechanism that is directly compatible with RMF-based compliance workflows and Zero Trust architectures. Full article
Show Figures

Figure 1

28 pages, 382 KB  
Article
Personal vs. Non-Personal Data Privacy in 6G Networks: Mechanisms, Compliance, and Architectural Patterns
by Maryam Almarwani and Reem Almarwani
Appl. Sci. 2026, 16(10), 4604; https://doi.org/10.3390/app16104604 - 7 May 2026
Viewed by 794
Abstract
Sixth-generation (6G) networks are expected to provide ubiquitous connectivity, AI-native orchestration, and seamless integration across terrestrial and non-terrestrial infrastructures. However, these capabilities introduce new privacy challenges related to the classification and protection of personal, quasi-personal, and non-personal data in complex data-driven environments. This [...] Read more.
Sixth-generation (6G) networks are expected to provide ubiquitous connectivity, AI-native orchestration, and seamless integration across terrestrial and non-terrestrial infrastructures. However, these capabilities introduce new privacy challenges related to the classification and protection of personal, quasi-personal, and non-personal data in complex data-driven environments. This paper presents a systematic review of 78 peer-reviewed studies published between 2019 and 2025. Following a PRISMA-based methodology, this review analyzes privacy-enhancing technologies (PETs), regulatory compliance frameworks, and architectural patterns for privacy preservation in 6G networks. The findings show that differential privacy (DP) and federated learning (FL) dominate current research, accounting for nearly 52% of the reviewed studies. Blockchain auditing and zero-knowledge proofs (ZKPs) collectively represent approximately 30%, while the remaining mechanisms, including physical-layer security (PLS), trusted execution environments (TEEs), homomorphic encryption (HE), secure multi-party computation (SMPC), and anonymization, account for roughly 18%. These mechanisms exhibit varying levels of privacy strength, utility preservation, latency, and energy cost. At the same time, evolving regulatory frameworks, including GDPR, PDPL, CCPA/CPRA, LGPD, and PIPL, increasingly extend privacy obligations to quasi-personal and aggregated data. Building on these findings, this paper proposes a unified taxonomy that clarifies the boundary between personal and non-personal data. It also provides a cross-layer mapping between PETs and compliance requirements across the Core/SBA, RAN, Edge/MEC, and NTN layers. Finally, this paper presents a forward-looking roadmap for 2025–2030, highlighting hybrid PET pipelines, post-quantum auditability, and AI-driven compliance automation as key directions for privacy-preserving 6G standardization. Full article
Show Figures

Figure 1

Back to TopTop