Search Results (302)

The growing interconnection of critical engineering infrastructure through IoT introduces unprecedented exposure to cyber threats. Emerging quantum computing capabilities pose a transformative risk to classical cryptographic primitives such as Rivest–Shamir–Adleman and Elliptic-Curve Cryptography, which underpin secure communication and device authentication in industrial control systems, power grids, transportation networks, and healthcare infrastructure. This paper investigates quantum-resistant encryption, often termed post-quantum cryptography (PQC), as a sustainable security paradigm for IoT communication within critical systems. By analyzing lattice-based, code-based, multivariate, and hash-based schemes, the study evaluates trade-offs between computational cost, memory footprint, and latency constraints intrinsic to resource-limited IoT nodes. A hybrid architectural framework integrating the National Institute of Standards and Technology-standardized algorithms (e.g., Cryptographic Suite for Algebraic Lattices—Kyber, Dilithium) with lightweight symmetric primitives (e.g., Ascon, GIFT block cipher in Combined Feedback mode) is proposed for secure data transmission across heterogeneous IoT layers. Experimental simulations benchmark key-exchange throughput, ciphertext expansion, and resilience against quantum-adversarial models, demonstrating up to 65% reduction in handshake latency compared to baseline lattice implementations under constrained conditions. The paper concludes with policy and engineering recommendations for the adoption of quantum-resistant IoT protocols in energy, transportation, and industrial automation sectors, highlighting alignment with global PQC migration roadmaps and IEC 62443 cybersecurity standards. Full article

Cloud storage systems require strong and efficient encryption methods to ensure data security and reliability. However, selecting the most suitable encryption algorithm remains a challenge due to variations in performance, overhead, and reliability. This study aims to introduce a comparative analysis of five encryption algorithms—Advanced Encryption Standard (AES), Blowfish, Rivest-Shamir-Adleman (RSA), Elliptic Curve Cryptography (ECC), and Advanced Encryption Standard one-time password AES-OTP with RSA hybrid model (AES-OTP with RSA)—to identify the most suitable algorithm to protect sensitive data in cloud storage systems. The evaluation of these algorithms was based on encryption/decryption time, data size overhead, encryption/decryption throughput, performance metrics (accuracy, precision, recall, and F1-score), and error metrics mean square error and mean absolute error (MSE and MAE), using datasets of various sizes. The results indicated that AES provided the fastest encryption and decryption time, minimal overhead, and the highest throughput and accuracy, while Blowfish also performed efficiently but with slightly higher error rates. RSA and ECC, although secure, were slower and demonstrated more overhead. The hybrid AES-OTP with RSA model achieved a good balance between speed and secure key management. This study highlights the trade-offs between speed, security, and storage efficiency, offering guidance in selecting appropriate encryption algorithms for cloud-based data protection. Full article

Healthcare Wireless Sensor Networks (HWSNs) have attracted significant attention due to their vital role in diseases’ diagnosis, monitoring, and treatment. By continuously collecting patients’ physiological data and enabling remote medical services, these networks can greatly improve the quality of healthcare. However, the inadequate handling of security and privacy issues poses serious risks to patients. In this context, signcryption schemes are essential cryptographic primitives that simultaneously provide authentication, confidentiality, and data integrity with a low overhead. Recently, Deng et al. proposed a certificateless signcryption (CL-SC) scheme for HWSNs and proved its security in the standard model. In this paper, we demonstrate that their scheme is insecure under an enhanced adversarial model, where a super Type II adversary, which is a malicious key generation center, can replace the system’s master public key using the master secret key under its control, and subsequently forge valid signcryptions on arbitrary messages on behalf of a sensor node. To address this vulnerability, we propose an enhanced CL-SC scheme based on elliptic curve cryptography (ECC). Under the hardness assumptions of the Elliptic Curve Decisional Diffie–Hellman Problem (ECDDHP) and the Computation Attack Algorithm (CAA), the proposed scheme achieves confidentiality and existential unforgeability against both super Type I and super Type II adversaries in the standard model. Performance analysis further shows that our scheme is efficient and well suited for resource-constrained HWSN environments. Full article

As Open Radio Access Network (O-RAN) deployments expand and adversaries adopt “store-now, decrypt-later” strategies, operators need empirical data on the cost of migrating critical control interfaces to post-quantum cryptography (PQC). This paper experimentally evaluates the impact of integrating a NIST-aligned Module-Lattice Key-Encapsulation Mechanism (ML-KEM) into IKEv2/IPsec, protecting the E2 interface between the 5G Node B (gNB) and the Near-Real-Time RAN Intelligent Controller (Near-RT RIC). Using an open-source testbed built from srsRAN, Open5GS, FlexRIC and strongSwan (with liboqs), we compare three configurations: no IPsec, classical Elliptic Curve Diffie–Hellman (ECDH)-based IPsec, and ML-KEM-based IPsec. This study focuses on IPsec tunnel-setup latency and the runtime behaviour of Near-RT RIC xApps under realistic signalling workloads. Results from repeated, automated runs show that ML-KEM integration adds a small overhead to tunnel establishment, which is approximately 2.7~4.7 ms in comparison to classical IPsec, while xApp operation and RIC control loops remain stable in our experiments. These findings, produced from an open, reproducible testbed, indicate that ML-KEM-based IPsec on the E2 interface is practically feasible and inform quantum-safe migration strategies for O-RAN deployments. Full article

The advent of fault-tolerant quantum computers poses an existential threat to the current blockchain technology, which relies on cryptographic primitives like elliptic-curve cryptography and SHA-256 hashing. This manuscript surveys the emerging field of quantum-secure blockchains, categorizing the main research directions into two paradigms. The first, post-quantum blockchain, seeks to replace classical cryptographic elements with quantum-resistant algorithms. The second, more radical approach aims to construct an intrinsically quantum blockchain, where the ledger’s security and state are encoded directly in quantum mechanical principles. We delve into three promising intrinsic schemes: those based on Greenberger–Horne–Zeilinger (GHZ) states and entanglement in time, those leveraging multi-time states and pseudo-density matrices, and hypergraph-based approaches. As the principal original contribution of this work, we present a comprehensive theoretical framework for a topological quantum blockchain based on non-Abelian anyons, providing the first detailed encoding scheme mapping classical blockchain data to braiding sequences. We further develop the connection to Chern–Simons theory, establishing a field-theoretic foundation where the blockchain’s history is encoded in Wilson loops, and its immutability follows from topological and gauge invariance. Extending this framework, we introduce a holographic AdS/CFT interpretation, revealing that the topological blockchain can be understood as a dual description of a black hole analog in anti-de Sitter space, where the blockchain’s history is encoded in the microstates of a black hole and linking braids between blocks correspond to wormholes. We provide a detailed physical and mathematical analysis of each scheme, comparing their security assumptions, resource requirements, and feasibility in the near and long terms. The topological approach, in particular, offers a compelling new path toward a blockchain with inherent fault tolerance, where the chain’s history is encoded in the topology of anyon worldlines, making it naturally resistant to decoherence and local tampering. Full article

Unmanned Aerial Vehicle (UAV)-assisted hierarchical federated learning (HFL) has emerged as a promising architecture for Internet of Things (IoT)-based smart agriculture, which enables scalable model training over large and sparse farmlands. In this setting, UAVs act as mobile edge servers, aggregating local updates from distributed agricultural IoT devices and relaying them to the cloud server. While HFL improves scalability and reduces communication overhead, it still faces critical security threats due to its reliance on public wireless channels and the vulnerability of model aggregation to malicious updates. In this paper, we propose a secure authentication scheme that integrates anomaly detection with elliptic curve cryptography (ECC)-based mutual authentication to protect both the communication and training phases. In the proposed scheme, UAVs authenticate participating clients before receiving their local models, then perform anomaly detection to identify and exclude malicious participants. If a client is found to be malicious, its identity credentials are revoked and broadcast by the cloud server to prevent future participation. The security of the proposed scheme is formally verified using Burrows–Abadi–Needham (BAN) logic, the Real-or-Random (RoR) model, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, along with informal security analysis. The performance evaluation includes comparisons of security features, computation cost, and communication cost with other related schemes, and an experimental assessment of anomaly detection performance. The results demonstrate that our scheme provides strong security guarantees, low overhead, and effective malicious client detection, making it well suited for UAV-assisted HFL in smart agriculture. Full article

Secure cross-domain UAV authentication is challenging because identity verification alone is insufficient to guarantee safe operation. In many UAV applications, it is equally critical to verify that a UAV is currently located within an authorized geographic region. Existing approaches often expose precise GPS coordinates, rely on static identifiers that enable tracking, or fail to guarantee the freshness and authenticity of location evidence. These weaknesses allow replay, location spoofing, and trajectory inference attacks, especially in multi-domain environments. To address these limitations, we propose PrivLocAuth, a zero-knowledge-based cross-domain UAV authentication protocol that enforces geofence restrictions without revealing actual locations. In PrivLocAuth, UAVs encode their current coordinates into fresh Pedersen commitments, which are attested by the home Local Domain Server (LDS) using short-lived Schnorr signatures. Based on these attested commitments, UAVs generate Bulletproof range proofs to demonstrate compliance with cross-domain server-defined geofences. This design ensures that UAVs operate within authorized airspace while preserving strong location privacy. PrivLocAuth further incorporates a lightweight elliptic curve cryptography (ECC) and Schnorr signature-based credential framework that enables unlinkable authentication across-domains, preventing session correlation and identity tracking. Formal security analysis demonstrates resistance to impersonation, replay, geofence-bypass, and linkage attacks. Experimental evaluation shows low computational latency and minimal communication overhead, confirming the protocol’s suitability for resource-constrained UAV platforms operating in dynamic cross-domain environments. Full article

Background: Blockchain technology has emerged as a transformative communication solution for securing distributed systems. However, several vulnerabilities exist during transactions, including latency and network congestion issues during mempool processing, topology weaknesses, cross-chain bridge exploits, and cryptographic weaknesses. These vulnerabilities have led to attacks that have threatened system integrity, including Block Extractable Value (BEV) attacks, Maximal Extractable Value (MEV) attacks, sandwich attacks, liquidation, and Decentralized Finance (DeFi) reordering attacks, among others. Thus, implementing a robust security framework based on the Confidentiality, Integrity, and Availability (CIA) triad remains critical for addressing modern blockchain technology threats. Objective: This paper examines blockchain technology, its various vulnerabilities, and attacks to determine how criminals exploit the system during transactions. Further, it evaluates its impact on users. Then, implement a blockchain attack in a “MasterChain” virtual environment to demonstrate how vulnerable spots can be practically exploited and discuss the application of the CIA security triad through modern cryptographic primitives. Methods: The approach considers Hevner’s design science framework, which emphasizes creating innovative artifacts that address identified problems while contributing to the knowledge base through rigorous evaluation. Furthermore, we developed a MasterChain tool using Python with Flask for distributed node communication, utilizing the Elliptic Curve Digital Signature Algorithm (ECDSA) with the Standards for Efficient Cryptography Prime 256-bit Koblitz curve 1 (secp256k1) for digital signatures and Secure Hash Algorithm 3 (SHA-3) (Keccak-256) hashing for block integrity. Results: show how the CIA has been implemented to provide secure communication through ECDSA-based transactions, SHA-3 chain integrity verification, and a multi-node distributed architecture, respectively. The performance analysis shows that ECDSA provides 256-bit security with 64-byte signatures compared to 2048-bit Rivest–Shamir–Adleman (RSA)’s 256-byte signatures, achieving a 75% reduction in bandwidth overhead. SHA-3 provides immunity to length extension attacks while maintaining equivalent collision resistance to SHA-256. Conclusions: The MasterChain framework provides a practical foundation for implementing blockchain security that addresses both classical and emerging vulnerabilities. The adoption of ECDSA and SHA-3 (Keccak-256) positions the system favourably for modern blockchain applications, while providing insights into the cryptographic trade-offs between performance, security, and compatibility. Full article

The fast expansion of the Internet of Things (IoT) has increased the need for strong security measures to protect the enormous network of interconnected devices. This paper proposes a unique approach that combines optimization, intuitive design principles, and Least Weighted Elliptic Curve Cryptography (LWECC) to improve IoT device security while reducing power consumption. The proposed optimization strategy focuses on lowering computational overhead, which is critical for IoT devices with limited energy and processing power. The proposed method significantly reduces the amount of energy required for cryptographic operations by carefully selecting appropriate elliptic curves and optimizing cryptographic algorithms, ensuring that IoT devices may continue to function without compromising security. Furthermore, by selecting elliptic curves with minimal attack vulnerability, the use of LWECC provides an additional layer of protection. This technique ensures that, even in the face of emerging threats, IoT devices remain highly resilient, reducing the chance of security breaches while preserving functionality without using excessive power. Experimental results show a power consumption of only 0.156 W and 0.25 W for memory and router topologies, respectively, with an error margin of 0.01. The stated error margin pertains to the simulation-based evaluation of transmission-level data handling within the LWECC-enabled memory/router pipeline, rather than the risk of physical memory-cell failure or fabrication yield. The value shows the maximum amount of packet/data-stream loss detected during encrypted data transfer, rather than hardware memory reliability. Full article

The rapid expansion of the Internet of Things (IoT) has led to billions of interconnected devices generating and exchanging sensitive data across diverse domains, which introduces challenges in identity management (IdM) regarding privacy, scalability, and verifiability. While blockchain technology provides decentralization and tamper resistance, its transparency and increasing on-chain storage demands make it unsuitable for large-scale IoT identity ecosystems. To overcome these challenges, IoT-SBIdM is proposed as a lightweight, privacy-preserving, and stateless blockchain-based identity management framework designed for IoT environments. This framework incorporates Elliptic Curve Cryptography (ECC)-based accumulators and Zero-Knowledge Proofs (ZKPs) to facilitate selective disclosure, enabling entities to prove credential authenticity without exposing sensitive identity information. Furthermore, the framework adopts W3C-compliant Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to promote interoperability and user-controlled identity ownership. The experimental results indicate that IoT-SBIdM achieves efficient smart contract execution by reducing gas costs through optimized registry logic. Moreover, the system maintains a compact block size of only 45 MB at higher block heights, outperforming comparable schemes in storage efficiency by achieving a 55% reduction relative to recent models and an approximate 94% reduction relative to older systems, thereby demonstrating superior scalability and storage efficiency, making it suitable for identity management solutions for IoT environments. Full article

In cloud computing, ciphertext-policy attribute-based encryption (CP-ABE) is widely adopted for secure data storage and flexible fine-grained access control. For collaborative scenarios involving hierarchical file structures, file hierarchy CP-ABE (FH-CPABE) schemes have been proposed. However, existing file hierarchy CP-ABE schemes rely on computationally intensive bilinear pairing operations, resulting in high overhead. To address this issue, this paper proposes ECC-FH-CPABE, a lightweight and efficient file hierarchy CP-ABE scheme based on elliptic curve cryptography (ECC). By replacing bilinear pairings with scalar multiplication on elliptic curve points, our scheme achieves superior computational efficiency while reducing communication overhead. To ensure strong security while maintaining lightweight performance, this scheme introduces ECC-based data noise to resist user collusion attacks. In addition, ECC-FH-CPABE supports cross-domain data sharing with efficient batch operations, relieving performance bottlenecks. Security analysis proves that the scheme is secure against chosen-plaintext attacks. Extensive simulation results show that ECC-FH-CPABE significantly improves both computational efficiency and communication efficiency compared to existing schemes. Full article

Wireless sensor networks ($WSNs$) are extensively used in $IoT$ applications. Secure access control and data protection are essential. Nonetheless, the wireless environment has an open nature. The limited resources of sensor devices render $WSNs$ susceptible to a variety of security attacks, causing significant difficulties in the design phase of efficient authentication and key agreement ($AKA$) protocols. This study proposes a physically unclonable function ($PUF$)-based lightweight and secure $AKA$ protocol for $WSNs$ based on elliptic curve cryptography ($ECC$). A secure password update scheme is offered, which would allow legitimate users to reset forgotten passwords without re-registration. According to formal security analysis using $BAN$ logic and $ProVerif$, the proposed protocol is secure against common attacks. Moreover, from an entropy perspective, the use of dynamic pseudonyms and fresh session randomness increase an adversary’s uncertainty about user identities, thereby limiting identity-related information leakage. Performance evaluation shows that the proposed protocol achieves lower computational and communication overhead than the existing ones, making it suitable for $WSNs$ with resource constraints. Full article

Secure real-time data interaction between vehicles and transportation infrastructure, such as RSUs (V2R), can achieve intelligent and safe driving, as well as efficient travel services, in Internet of Vehicles (IoV), a secure and efficient V2R authentication protocol, which plays an important role. Recently, scholars have proposed a two-factor V2R authentication protocol for the IoV. However, subsequent research has shown that this protocol is vulnerable to insider and ephemeral secret leakage attacks, and cannot achieve perfect forward secrecy. To address these security flaws, an improved scheme was further proposed. Nevertheless, this paper points out that the improved scheme still has shortcomings: it cannot provide anonymity and perfect forward secrecy, exhibits insufficient session key secrecy, and remains vulnerable to password guessing attacks, RSU capture attacks, and suffers from inappropriate pseudo-identity update mechanisms. Therefore, a novel Physical Unclonable Function-based Lightweight V2R Authentication (PUF-LA) scheme is proposed, which uses Elliptic Curve Cryptography (ECC) to achieve perfect forward secrecy, uses PUF to resist devices captured attacks, and achieves two-factor secrecy protection against password guessing attacks. The security performance of PUF-LA is theoretically proved by leveraging the random oracle model. In contrast with relevant authentication schemes, PUF-LA is more secure and has low computation costs. Full article

Current research on cryptocurrency dual-offline payment systems has garnered significant attention from both academia and industry, owing to its potential payment feasibility and application scalability in extreme environments and network-constrained scenarios. However, existing dual-offline payment schemes exhibit technical limitations in privacy preservation, failing to adequately safeguard sensitive data such as payment amounts and participant identities. To address this, this paper proposes a privacy-preserving dual-offline payment method utilizing a cryptographic challenge-response mechanism. The method employs zero-knowledge proof technology to cryptographically protect sensitive information, such as the payer’s wallet balance, during identity verification and payment authorization. This provides a technical solution that balances verification reliability with privacy protection in dual-offline transactions. The method adopts the payment credential generation and credential verification mechanism, combined with elliptic curve cryptography (ECC), to construct the verification protocol. These components enable dual-offline functionality while concealing sensitive information, including counterparty identities and wallet balances. Theoretical analysis and experimental verification on 100 simulated transactions show that this method achieves an average payment generation latency of 29.13 ms and verification latency of 25.09 ms, significantly outperforming existing technology in privacy protection, computational efficiency, and security robustness. The research provides an innovative technical solution for cryptocurrency dual-offline payment, advancing both theoretical foundations and practical applications in the field. Full article

Private Set Intersection (PSI) is a fundamental cryptographic primitive in privacy-preserving computation and has been widely applied in federated learning, secure data sharing, and privacy-aware data analytics. However, most existing PSI protocols rely on RSA or standard elliptic curve cryptography, which limits their applicability in scenarios requiring domestic cryptographic standards and often leads to high computational and communication overhead when processing large-scale datasets. In this paper, we propose a novel PSI protocol based on the Chinese commercial cryptographic standard SM2, referred to as SM2-OT-PSI. The proposed scheme constructs an oblivious transfer-based Oblivious Pseudorandom Function (OPRF) using SM2 public-key cryptography and the SM3 hash function, enabling efficient multi-point OPRF evaluation under the semi-honest adversary model. A formal security analysis demonstrates that the protocol satisfies privacy and correctness guarantees assuming the hardness of the Elliptic Curve Discrete Logarithm Problem. To further improve practical performance, we design a software–hardware co-design architecture that offloads SM2 scalar multiplication and SM3 hashing operations to a domestic reconfigurable cryptographic accelerator (RSP S20G). Experimental results show that, for datasets with up to millions of elements, the presented protocol significantly outperforms several representative PSI schemes in terms of execution time and communication efficiency, especially in medium and high-bandwidth network environments. The proposed SM2-OT-PSI protocol provides a practical and efficient solution for large-scale privacy-preserving set intersection under national cryptographic standards, making it suitable for deployment in real-world secure computing systems. Full article