Search Results (174)

With the continuous development of quantum computing technology, the traditional public key cryptosystem is facing severe security challenges, especially in the resource-constrained UAV swarm communication scenario. To deal with this problem, this paper proposes a secure communication scheme for the post-quantum era, which combines the Kyber-based group key agreement mechanism and the lightweight identity authentication system constructed by sparse Merkle tree (SMT). The system is initialized by the edge node, and supports the dynamic joining and leaving of the UAV through the authentication and key management mechanism. To meet the security and performance requirements in different application scenarios, we design and integrate two mainstream post-quantum signature schemes to provide flexible identity authentication options. Experimental results show that the scheme has low resource overhead while ensuring security, which is suitable for the actual communication deployment of post-quantum UAV swarm. Full article

In recent years, fog-based vehicular ad hoc networks (VANETs) have become a hot research topic. Due to the inherent insecurity of open wireless channels between vehicles and fog nodes, establishing session keys through authenticated key agreement (AKA) protocols is critically important for securing communications. However, existing AKA schemes face several critical challenges: (1) When a large number of vehicles initiate AKA requests within a short time window, existing schemes that process requests one by one individually incur severe signaling congestion, resulting in significant quality of service degradation. (2) Many AKA schemes incur excessive computational and communication overheads due to the adoption of computationally intensive cryptographic primitives (e.g., bilinear pairings and scalar multiplications on elliptic curve groups) and unreasonable design choices, making them unsuitable for the low-latency requirements of VANETs. To address these issues, we propose a lightweight batch AKA scheme based on fog computing. In our scheme, when a group of vehicles requests AKA sessions with the same fog node within the set time interval, the fog node aggregates these requests and, with assistance from the traffic control center, establishes session keys for all vehicles by a round of operations. It has significantly reduced the operational complexity of the entire system. Moreover, our scheme employs Lagrange interpolation and lightweight cryptographic tools, thereby significantly reducing both computational and communication overheads. Additionally, our scheme supports conditional privacy preservation and includes a revocation mechanism for malicious vehicles. Security analysis demonstrates that the proposed scheme meets the security and privacy requirements of VANETs. Performance evaluation indicates that our scheme outperforms existing state-of-the-art solutions in terms of efficiency. Full article

As organizations continue to embrace digital transformation, the need for robust cybersecurity strategies has never been more critical. This paper explores the Zero Trust Architecture (ZTA) as a contemporary cybersecurity framework that addresses the challenges posed by increasingly interconnected systems. Zero Trust (ZT) operates under the principle of “never trust, always verify,” ensuring that every access request is thoroughly authenticated, regardless of the requester’s location within or outside the network. However, implementing ZT is a challenging task, requiring an adequate roadmap to prioritize the different initiatives in agreement with company culture, exposure and cyber posture. We apply multi-criteria decision analysis (MCDA) to evaluate the relative importance of various components within a ZT framework, using the Incomplete Analytic Hierarchy Process (IAHP). Expert opinions from professionals in cybersecurity and IT governance were gathered through structured questionnaires, leading to a prioritized ranking of the eight key ZT pillars, as defined by the Cybersecurity and Infrastructure Security Agency (CISA), Washington, DC, USA, along with a prioritization of the sub-elements within each pillar. The study provides actionable insights into the implementation of ZTA, helping organizations prioritize security efforts to mitigate risks effectively and build a resilient digital infrastructure. The evaluation results were used to create a prioritized framework, integrated into the ZEUS platform, developed with Teleconsys S.p.A., to enable detailed assessments of a firm’s cyber partner regarding ZT and identify improvement areas. The paper concludes by offering recommendations for future research and practical guidance for organizations transitioning to a ZT model. Full article

The increasing reliance on cloud services demands advanced security mechanisms to protect sensitive data and ensure robust access control. This study addresses critical challenges in cloud security by proposing a novel framework that integrates blockchain-based smart contracts to enhance authorization and authentication processes. Smart contracts, as self-executing agreements embedded with predefined rules, enable decentralized, transparent, and tamper-proof mechanisms for managing access control in cloud environments. The proposed system mitigates prevalent threats such as unauthorized access, data breaches, and identity theft through an immutable and auditable security framework. A prototype system, developed using Ethereum blockchain and Solidity programming, demonstrates the feasibility and effectiveness of the approach. Rigorous evaluations reveal significant improvements in key metrics: security, with a 0% success rate for unauthorized access attempts; scalability, maintaining low response times for up to 100 concurrent users; and usability, with an average user satisfaction rating of 4.4 out of 5. These findings establish the efficacy of smart contract-based solutions in addressing critical vulnerabilities in cloud services while maintaining operational efficiency. The study underscores the transformative potential of blockchain and smart contracts in revolutionizing cloud security practices. Future research will focus on optimizing the system’s scalability for higher user loads and integrating advanced features such as adaptive authentication and anomaly detection for enhanced resilience across diverse cloud platforms. Full article

The Internet of Drones (IoD) overcomes the physical limitations of traditional ground networks with its dynamic topology and 3D spatial flexibility, playing a crucial role in various fields. However, eavesdropping and spoofing attacks in open channel environments threaten data confidentiality and integrity, posing significant challenges to IoD communication. Existing foundational schemes in IoD primarily rely on symmetric cryptography and digital certificates. Symmetric cryptography suffers from key management challenges and static characteristics, making it unsuitable for IoD’s dynamic scenarios. Meanwhile, elliptic curve-based public key cryptography is constrained by high computational complexity and certificate management costs, rendering it impractical for resource-limited IoD nodes. This paper leverages the low computational overhead of Chebyshev polynomials to address the limited computational capability of nodes, proposing a certificateless public key cryptography scheme. Through the semigroup property, it constructs a lightweight authentication and key agreement protocol with identity privacy protection, resolving the security and performance trade-off in dynamic IoD environments. Security analysis and performance tests demonstrate that the proposed scheme resists various attacks while reducing computational overhead by 65% compared to other schemes. This work not only offers a lightweight certificateless cryptographic solution for IoD systems but also advances the engineering application of Chebyshev polynomials in asymmetric cryptography. Full article

The Internet of Drones (IoD) is rapidly expanding into sensitive applications, necessitating robust and efficient authentication. Traditional methods struggle against prevalent attacks, especially considering the unique vulnerabilities of the IoD, such as drone physical capture. This paper proposes Bio-2FA-IoD, a novel biometric-enhanced two-factor authentication protocol designed for secure IoD operations. Drawing on established 2FA principles and fuzzy extractor technology, Bio-2FA-IoD achieves strong mutual authentication between an operator (via an operator device), a drone (as a relay), and a ground control station (GCS), supported by a trusted authority. We detail the protocol’s registration and authentication phases, emphasizing reliable biometric key generation. A formal security analysis using BAN logic demonstrates secure belief establishment and key agreement, while a proof sketch under the Bellare–Pointcheval–Rogaway (BPR) model confirms its security against active adversaries in Authenticated Key Exchange (AKE) contexts. Furthermore, a comprehensive performance evaluation conducted using the Contiki OS and Cooja simulator illustrates Bio-2FA-IoD’s superior efficiency in computational and communication costs, alongside very low latency, high packet delivery rate, and minimal energy consumption. This positions it as a highly viable and lightweight solution for resource-constrained IoD environments. Additionally, this paper conceptually explores potential extensions to Bio-2FA-IoD, including the integration of Diffie–Hellman for enhanced perfect forward secrecy and a Sybil-free pseudonym management scheme for improved user anonymity and unlinkability. Full article

Starting from the basic form of GN-authenticated key agreement (GN-AK), the current research proposes an improved protocol by integrating a new scalar multiplication technique based on a dual-base chain representation with bases $1/2$ and 3. This representation allows the use of pointwise halving operations, significantly reducing the complexity of elliptic curve calculations. The resulting protocol maintains cryptographic security based on the elliptic curve discrete logarithm problem (ECDLP) while providing improved performance for key establishment in constrained environments. Full article

With the increasing demand for drones in diverse tasks, the Internet of Drones (IoD) has recently emerged as a significant technology in academia and industry. The IoD environment enables various services, such as traffic and environmental monitoring, disaster situation management, and military operations. However, IoD communication is vulnerable to security threats due to the exchange of sensitive information over insecure public channels. Moreover, public key-based cryptographic schemes are impractical for communication with resource-constrained drones due to their limited computational capability and resource capacity. Therefore, a secure and lightweight key agreement scheme must be developed while considering the characteristics of the IoD environment. In 2024, Alzahrani proposed a secure key agreement protocol for securing the IoD environment. However, Alzahrani’s protocol suffers from high computational overhead due to its reliance on elliptic curve cryptography and is vulnerable to drone and mobile user impersonation attacks and session key disclosure attacks by eavesdropping on public-channel messages. Therefore, this work proposes a lightweight and security-enhanced key agreement scheme for the IoD environment to address the limitations of Alzahrani’s protocol. The proposed protocol employs a physical unclonable function and simple cryptographic operations (XOR and hash functions) to achieve high security and efficiency. This work demonstrates the security of the proposed protocol using informal security analysis. This work also conducted formal security analysis using the Real-or-Random (RoR) model, Burrows–Abadi–Needham (BAN) logic, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation to verify the proposed protocol’s session key security, mutual authentication ability, and resistance to replay and MITM attacks, respectively. Furthermore, this work demonstrates that the proposed protocol offers better performance and security by comparing the computational and communication costs and security features with those of relevant protocols. Full article

The rapid integration of the Internet of Medical Things (IoMT) into healthcare systems raises urgent demands for secure communication mechanisms capable of protecting sensitive patient data. Quantum key agreement (QKA), a collaborative approach to key generation based on quantum principles, provides an attractive alternative to traditional quantum key distribution (QKD), as it eliminates dependence on a trusted authority and ensures equal participation from all users. QKA demonstrates particular suitability for IoMT’s decentralized medical networks by eliminating trusted authority dependence while ensuring equitable participation among all participants. This addresses fundamental challenges where centralized trust models introduce vulnerabilities and asymmetric access patterns that compromise egalitarian principles essential for medical data sharing. However, practical QKA applications in IoMT remain limited, particularly for schemes that avoid complex entanglement operations and authenticated classical channels. Among the few QKA protocols employing Grover’s search algorithm (GSA), existing proposals potentially suffer from limitations in fairness and security. In this paper, the author proposes an improved GSA-based QKA protocol that ensures fairness, security, and correctness without requiring an authenticated classical communication channel. The proposed scheme guarantees that each participant’s input equally contributes to the final key, preventing manipulation by any user subgroup. The scheme combines Grover’s algorithm with the decoy photon technique to ensure secure quantum transmission. Security analysis confirms resistance to external attacks, including intercept-resend, entanglement probes, and device-level exploits, as well as insider threats such as parameter manipulation. Fairness is achieved through a symmetric protocol design rooted in quantum mechanical principles. Efficiency evaluation shows a theoretical efficiency of approximately 25%, while eliminating the need for quantum memory. These results position the proposed protocol as a practical and scalable solution for future secure quantum communication systems, particularly within distributed IoMT environments. Full article

With the explosion of vehicle-to-infrastructure (V2I) communications in the internet of vehicles (IoV), it is still very important to ensure secure authentication and efficient key agreement because of the vulnerabilities in the existing protocols such as physical capture attacks, privacy leakage, and low computational efficiency. This paper proposes a physical unclonable function (PUF)-based multi-factor authentication and key agreement protocol tailored for V2I environments, named as PMAKA-IoV. The protocol integrates hardware-based PUFs with biometric features, utilizing fuzzy extractors to mitigate biometric template risks, while employing dynamic pseudonyms and lightweight cryptographic operations to enhance anonymity and reduce overhead. Security analysis demonstrates its resilience against physical capture attacks, replay attacks, man-in-the-middle attacks, and desynchronization attacks, and it is verified by formal verification using the strand space model and the automated Scyther tool. Performance analysis demonstrates that, compared to other related schemes, the PMAKA-IoV protocol maintains lower communication and storage overhead. Full article

The authentication of organic extra virgin olive oils (OEVOOs) is crucial for quality control and fraud prevention. This study applies proton-nuclear magnetic resonance (¹H-NMR) spectroscopy combined with chemometric analysis as a non-destructive, untargeted approach to differentiate EVOOs based on cultivation method (organic vs. conventional) and variety (Hojiblanca vs. Picual). Principal component analysis (PCA) and partial least squares-discriminant analysis (PLS-DA) demonstrated well-defined sample differentiation, while the variable importance in projection (VIP) selection and Tukey’s test identified key spectral regions responsible for classification. The results showed that sterols and lipid-related compounds played a major role in distinguishing organic from conventional oils, whereas fatty acids and phenolic compounds were more relevant for cultivar differentiation. These findings align with known metabolic differences, where Picual oils generally exhibit higher polyphenol content, and a distinct fatty acid composition compared to Hojiblanca. The agreement between chemometric classification models and statistical tests supports the potential of ¹H-NMR for OEVOO authentication. This method provides a comprehensive and reproducible metabolic fingerprint, enabling differentiation based on both agronomic practices and genetic factors. These findings suggest that ¹H-NMR spectroscopy, coupled with multivariate analysis, could be a valuable tool for quality control and fraud detection in the olive oil industry. Full article

Unmanned aerial vehicles have been widely employed in recent years owing to their remarkable features such as low environmental requirements and high survivability, and a new tendency towards networking, intelligence, and collaboration has emerged. The realization of these novel capabilities requires a secure and efficient wireless communication channel; however, it is vulnerable to eavesdropping, forgery, and manipulation by attackers. Therefore, ensuring the security of the wireless communication between unmanned aerial vehicles and ground stations is an urgent issue. The traditional solution to this problem is to design an authenticated key-agreement protocol between unmanned aerial vehicles and ground stations. However, an analysis of existing representative methods has shown that these methods are computationally expensive and difficult to implement in resource-intensive aerial vehicles. Furthermore, existing key-agreement systems are highly dependent on the security of temporary session information. When the temporary session information is stolen, the attacker can obtain the session key for the current communication and perform information theft attacks. Therefore, a security-enhanced lightweight authenticated key-agreement protocol for unmanned aerial vehicles’ communication is proposed in this study. We present a low-computational-cost agreement method that can achieve secure key agreement in cases of temporary session information leakage. Both theoretical analysis and experimental verification show that our proposed protocol has superior security properties and lower computational costs than representative protocols. Full article

The implementation of the Authentication and Key Agreement (AKA) protocol in the Internet of Drones (IoD) is crucial for enhancing the security and reliability of information transmission. However, almost all existing authentication protocols between drones and Ground Station (GS) may suffer from several attacks due to capture attacks. In addition, the authentication between drones requires the participation of GS, which not only increases the amount of computation and transmission but also faces challenges such as impersonation attacks, lack of privacy protection, and perfect forward security. Therefore, we propose a secure and lightweight drone-to-GS (D2G) and D2D AKA protocol with perfect forward secrecy for IoD. Our protocol integrates physical unclonable functions (PUF) symmetrically into GS and drones to protect secret information against capture attacks while ensuring that GS does not store secret information related to drones. Furthermore, the proposed protocol enables direct mutual authentication between drones in a symmetrical manner without GS involvement, improving security and efficiency, particularly in scenarios where drones must collaborate without GS connectivity. Formal security proof using the random oracle model confirms the protocol’s resilience against various attacks. The performance analysis indicates that our scheme improves computational efficiency by an average of 39.44% compared to existing schemes that offer comparable security. Additionally, our approach incurs zero storage overhead during the GS authentication process. This protocol offers a secure and efficient solution for IoD, enhancing both security and scalability. Full article

Computing systems grouped in subnets use distributed security models, in general, by creating session keys based on the Diffie–Hellman model, and calculating the necessary parameters for this, on each of the systems. In the particular case of a network of devices heterogeneous in terms of computing power, such as IoT, the modeling of a security system of the entire structure will have to take into account the fact that some devices have a very low computing power. In this sense, starting from the study of some general models, used in structures of this type, an integrated structure was developed to secure communications and test certain vulnerable components, to calculate a degree of risk that they are maliciously intended. The system was developed with a customized mathematical model, a scheme for propagation and management of cryptographic parameters and a test in a real environment by creating the algorithmic model and implementing it within a structure of a beneficiary. Full article

The Internet of Drones (IoD) is an emerging industry that offers convenient services for humans due to the high mobility and flexibility of drones. The IoD substantially enhances human life by enabling diverse drone applications across various domains. However, a malicious adversary can attempt security attacks because communication within an IoD environment is conducted through public channels and because drones are vulnerable to physical attacks. In 2023, Sharma et al. proposed a physical unclonable function (PUF)-based authentication and key agreement (AKA) scheme for the IoD. Regrettably, we discover that their scheme cannot prevent impersonation, stolen verifier, and ephemeral secret leakage (ESL) attacks. Moreover, Sharma et al.’s scheme cannot preserve user untraceability and anonymity. In this paper, we propose a secure and lightweight AKA scheme which addresses the shortcomings of Sharma et al.’s scheme. The proposed scheme has resistance against diverse security attacks, including physical capture attacks on drones, by leveraging a PUF. Furthermore, we utilize lightweight operations such as hash function and XOR operation to accommodate the computational constraints of drones. The security of the proposed scheme is rigorously verified, utilizing “Burrows–Abadi–Needham (BAN) logic”, “Real-or-Random (ROR) model”, “Automated Validation of Internet Security Protocols and Application (AVISPA)”, and informal analysis. Additionally, we compare the security properties, computational cost, communication cost, and energy consumption of the proposed scheme with other related works to evaluate performance. As a result, we determine that our scheme is efficient and well suited for the IoD. Full article