Search Results (123)

The evolution of industrial automation toward Industry 3.0 and 4.0 has driven the emergence of Industrial Edge-Cloud Platforms, which increasingly depend on web interfaces for managing and monitoring critical operational technology. This convergence introduces significant security risks, particularly from Broken Access Control (BAC)—a vulnerability consistently ranked as the top web application risk by the Open Web Application Security Project (OWASP). BAC flaws in industrial contexts can lead not only to data breaches but also to disruptions of physical processes. To address this urgent need for robust web-layer defense, this paper presents VeriFlow, a static verification framework for access control in web applications. VeriFlow reformulates access control verification as a consistency problem between two core artifacts: (1) a Formal Access Control Policy (P), which declaratively defines intended permissions, and (2) a Navigational Graph, which models all user-driven UI state transitions. By annotating the graph with policy P, VeriFlow verifies a novel Path-Permission Safety property, ensuring that no sequence of legitimate UI interactions can lead a user from an authorized state to an unauthorized one. A key technical contribution is a static analysis method capable of extracting navigational graphs directly from the JavaScript bundles of Single-Page Applications (SPAs), circumventing the limitations of traditional dynamic crawlers. In empirical evaluations, VeriFlow outperformed baseline tools in vulnerability detection, demonstrating its potential to deliver strong security guarantees that are provable within its abstracted navigational model. By formally checking policy-graph consistency, it systematically addresses a class of vulnerabilities often missed by dynamic tools, though its effectiveness is subject to the model-reality gap inherent in static analysis. Full article

Traditional encryption prioritises confidentiality but complicates search operations, requiring decryption before searches can be conducted. The public key encryption with keyword search (PEKS) scheme addresses this limitation by enabling authorised users to search for specific keywords within encrypted data without compromising the underlying encryption. This facilitates efficient and secure data retrieval without the need to decrypt the entire dataset. However, PEKS is susceptible to the keyword guessing attack (KGA), exploiting the deterministic nature of the PEKS trapdoor so that the adversary can correctly guess the keyword encrypted in a trapdoor. To enhance PEKS security to counter a KGA, various schemes have been proposed. A notable one is public key authenticated encryption with keyword search (PAEKS). PAEKS combines authentication and encryption with keyword-based search functionalities, ensuring data source authentication, encrypted information security, and keyword-based searches. However, many existing PAEKS schemes rely on computationally exhaustive bilinear pairing. In this paper, we propose a PAEKS scheme based on k-resilient identity-based encryption without bilinear pairing. By using the provable security approach, we show that our proposed PAEKS scheme satisfies both ciphertext privacy and trapdoor privacy. We present a comparison of the computation cost of our proposed PAEKS scheme with the existing PAEKS schemes and highlight its efficiency, particularly in the $\mathsf{Test}$ algorithm, where it achieves the fastest execution time. By performing experiments using the real-world Enron Email dataset, we show that the proposed scheme is efficient. Full article

Pairing-free certificateless signature (PF-CLS) schemes are ideal authentication solutions for resource-constrained environments like the Internet of Things (IoT) due to their low computational, storage, and communication resource requirements. However, it has come to light that many PF-CLS schemes are vulnerable to forged signature attacks. In this paper, we use a novel attack method to prove that a class of PF-CLS schemes with the same security vulnerabilities cannot resist Type I adversary attacks, and we find that, even if some schemes are improved to invalidate existing attack methods, they still cannot defend against the new attack method proposed in this paper. Subsequently, we introduce an enhanced scheme proven to be resilient against both types of adversary attacks under the random oracle model (ROM). Performance analysis shows that, compared with several existing PF-CLS schemes, our scheme offers higher computational efficiency. Full article

Secure autonomous secret key distillation (SKD) systems traditionally depend on external common randomness (CR) sources, which often suffer from instability and limited reliability over long-term operation. In this work, we propose a novel SKD architecture that synthesizes CR by combining a keystream of a shared-key keystream generator $KSG\left(K_G\right)$ with locally generated binary Bernoulli noise. This construction emulates the statistical properties of the classical Maurer satellite scenario while enabling deterministic control over key parameters such as bit error rate, entropy, and leakage rate (LR). We derive a closed-form lower bound on the equivocation of the shared-secret key $K_G$ from the viewpoint of an adversary with access to public reconciliation data. This allows us to define an admissible operational region in which the system guarantees long-term secrecy through periodic key refreshes, without relying on advantage distillation. We integrate the Winnow protocol as the information reconciliation mechanism, optimized for short block lengths ($N=8$), and analyze its performance in terms of efficiency, LR, and final key disagreement rate (KDR). The proposed system operates in two modes: ideal secrecy, achieving secret key rates up to 22% under stringent constraints (KDR < 10⁻⁵, LR < 10⁻¹⁰), and perfect secrecy mode, which approximately halves the key rate. Notably, these security guarantees are achieved autonomously, without reliance on advantage distillation or external CR sources. Theoretical findings are further supported by experimental verification demonstrating the practical viability of the proposed system under realistic conditions. This study introduces, for the first time, an autonomous CR-based SKD system with provable security performance independent of communication channels or external randomness, thus enhancing the practical viability of secure key distribution schemes. Full article

In the deep integration process between digital infrastructure and new economic forms, structural imbalance between the evolution rate of cloud storage technology and the growth rate of data-sharing demands has caused systemic security vulnerabilities such as blurred data sovereignty boundaries and nonlinear surges in privacy leakage risks. Existing academic research indicates current proxy re-encryption schemes remain insufficient for cloud access control scenarios characterized by diversified user requirements and personalized permission management, thus failing to fulfill the security needs of emerging computing paradigms. To resolve these issues, a revocable attribute-based proxy re-encryption scheme supporting policy-hiding is proposed. Data owners encrypt data and upload it to the blockchain while concealing attribute values within attribute-based encryption access policies, effectively preventing sensitive information leaks and achieving fine-grained secure data sharing. Simultaneously, proxy re-encryption technology enables verifiable outsourcing of complex computations. Furthermore, the SM3 (SM3 Cryptographic Hash Algorithm) hash function is embedded in user private key generation, and key updates are executed using fresh random factors to revoke malicious users. Ultimately, the scheme proves indistinguishability under chosen-plaintext attacks for specific access structures in the standard model. Experimental simulations confirm that compared with existing schemes, this solution delivers higher execution efficiency in both encryption/decryption and revocation phases. Full article

Provable data possession (PDP) is a technique that enables the verification of data integrity in cloud storage without the need to download the data. PDP schemes are generally categorized into public and private verification. Public verification allows third parties to assess the integrity of outsourced data, offering good openness and flexibility, but it may lead to privacy leakage and security risks. In contrast, private verification restricts the auditing capability to the data owner, providing better privacy protection but often resulting in higher verification costs and operational complexity due to limited local resources. Moreover, most existing PDP schemes are based on classical number-theoretic assumptions, making them vulnerable to quantum attacks. To address these challenges, this paper proposes an identity-based PDP with a designated verifier over lattices, utilizing a specially leveled identity-based fully homomorphic signature (IB-FHS) scheme. We provide a formal security proof of the proposed scheme under the small-integer solution (SIS) and learning with errors (LWE) within the random oracle model. Theoretical analysis confirms that the scheme achieves security guarantees while maintaining practical feasibility. Furthermore, simulation-based experiments show that for a 1 MB file and lattice dimension of n = 128, the computation times for core algorithms such as TagGen, GenProof, and CheckProof are approximately 20.76 s, 13.75 s, and 3.33 s, respectively. Compared to existing lattice-based PDP schemes, the proposed scheme introduces additional overhead due to the designated verifier mechanism; however, it achieves a well-balanced optimization among functionality, security, and efficiency. Full article

Smart farming is an agricultural technology integrating advanced technology such as cloud computing, Artificial Intelligence (AI), the Internet of Things (IoT), and robots into traditional farming. Smart farming can help farmers by increasing agricultural production and managing resources efficiently. However, malicious attackers can attempt security attacks because communication in smart farming is conducted via public channels. Therefore, an authentication scheme is necessary to ensure security in smart farming. In 2024, Rahaman et al. proposed a privacy-centric authentication scheme for smart farm monitoring. However, we demonstrated that their scheme is vulnerable to stolen mobile device, impersonation, and ephemeral secret leakage attacks. This paper suggests a secure and privacy-preserving scheme to resolve the security defects of the scheme proposed by Rahaman et al. We also verified the security of our scheme through “the Burrows-Abadi-Needham (BAN) logic”, “Real-or-Random (RoR) model”, and “Automated Validation of Internet Security Protocols and Application (AVISPA) tool”. Furthermore, a performance analysis of the proposed scheme compared with related studies was conducted. The comparison result proves that our scheme was more efficient and secure than related studies in the smart farming environment. Full article

With the dramatic growth in dataset size, active learning has become one of the effective methods to deal with large-scale unlabeled data. However, most of the existing active learning methods are inefficient due poor target models and lack the ability to utilize the feature similarity between labeled and unlabeled data. Furthermore, data leakage is a serious threat to data privacy. In this paper, considering the features of the data itself, an augmented graph convolutional network is proposed which acts as a sampler for data selection in active learning, avoiding the involvement of the initial poor target model. Then, by applying the proposed GCN as a substitute for the initial poor target model, this paper proposes an active learning model based on augmented GCNs, which is able to select more representative data, enabling the active learning model to achieve better classification performance with limited labeled data. Finally, this paper proposes a homomorphic encryption-based federated active learning model to improve the data utilization and enhance the security of private data. Experiments were conducted on three datasets, Cora, CiteSeer and PubMed, and achieved accuracy rates of 94.47%, 92.86% and 91.51%, respectively, while providing provable security guarantees. Furthermore, the highest malicious user detection accuracy was 88.07%, and the global model test accuracy reached 88.42%, 84.22% and 81.46%, under a model poisoning attack. Full article

The accelerated uptake of unmanned aerial vehicles (UAVs) has significantly altered communication and data exchange landscapes but has also introduced substantial security challenges, especially in open-access UAV communication environments. To address these, Elliptic curve cryptography (ECC) offers robust security with computational efficiency, ideal for resource-constrained Internet of Drones (IoD) systems. This study proposes a Secure and Efficient Three-Way Key Exchange (SETKE) protocol using ECC, specifically tailored for IoD. The SETKE protocol’s security was rigorously analyzed within an extended Bellare–Pointcheval–Rogaway (BPR) model under the random oracle assumption, demonstrating its resilience. Formal verification using the AVISPA tool confirmed the protocol’s safety against man-in-the-middle (MITM) attacks, and formal proofs establish its Authenticated Key Exchange (AKE) security. In terms of performance, SETKE is highly efficient, requiring only 3 ECC scalar multiplications for the Service Requester drone, 4 for the Service Provider drone, and 3 for the Control Server, which is demonstrably lower than several existing schemes. My approach achieves this robust protection with minimal communication overhead (e.g., a maximum payload of 844 bits per session), ensuring its practicality for resource-limited IoD environments. The significance of this work for the IoD field lies in providing a provably secure, lightweight, and computationally efficient key exchange mechanism vital for addressing critical security challenges in IoD systems. Full article

Federated learning (FL) enables collaborative model training across multiple institutions without the sharing of raw patient data, making it particularly suitable for smart healthcare applications. However, recent studies revealed that merely sharing gradients provides a false sense of security, as private information can still be inferred through gradient inversion attacks (GIAs). While differential privacy (DP) provides provable privacy guarantees, traditional DP methods apply uniform protection, leading to excessive protection for low-sensitivity data and insufficient protection for high-sensitivity data, which degrades model performance and increases privacy risks. This paper proposes a new privacy notion, sensitivity-aware differential privacy, to better balance model performance and privacy protection. Our idea is that the sensitivity of each data sample can be objectively measured using real-world attacks. To implement this new notion, we develop the corresponding defense mechanism that adjusts privacy protection levels based on the variation in the privacy leakage risks of gradient inversion attacks. Furthermore, the method extends naturally to multi-attack scenarios. Extensive experiments on real-world medical imaging datasets demonstrate that, under equivalent privacy risk, our method achieves an average performance improvement of 13.5% over state-of-the-art methods. Full article

The rapid advancement of quantum computing technology poses a significant threat to conventional public key cryptographic infrastructure. The SM2 (state key cryptography algorithm no. 2) elliptic curve public key cryptographic algorithm, which adopts elliptic curve cryptography, has demonstrated strong resistance to quantum attacks. However, existing signcryption schemes remain vulnerable due to their reliance on a single certification authority (CA) managing all keys. The cryptography fundamental logics (CFL) authentication process eliminates the need for third-party involvement, achieving decentralized authentication and reducing the burden on certificate generation centers. Therefore, a decentralized signcryption scheme based on CFL was proposed using the SM2 national cryptographic algorithm. Unlike traditional signcryption schemes, this approach does not depend on the certification authority’s private key during the public–private key generation process. This innovation helps avoid risks associated with certification authority private key leakage and ensures decentralized characteristics. The proposed scheme was rigorously verified under the random oracle model (ROM) and based on the complexity assumption of the elliptic curve Diffie–Hellman (ECDH) problem. The theoretical analysis and experimental results demonstrate that compared to traditional methods, the proposed scheme exhibits higher efficiency in communication and computation. Specifically, the proposed scheme reduces computational overheads by approximately 30% and communication overheads by approximately 20% in practical working environments. These quantitative improvements highlight the scheme’s promising application prospects and practical value. Full article

Blind signatures are one of the key techniques of Privacy-Enhancing Technologies (PETs). They appear as a component of many schemes, including, in particular, the Privacy Pass technology. Blind-signature schemes provide provable privacy: the signer cannot derive any information about a message signed at user’s request. Unfortunately, in practice, this might be just an illusion. We consider a novel but realistic threat model where the user does not participate in the protocol directly but instead uses a provided black-box device. We then show that the black-box device may be implemented in such a way that, despite a provably secure unblinding procedure, a malicious signer can link the signing protocol transcript with a resulting unblinded signature. Additionally, we show how to transmit any short covert message between the black-box device and the signer. We prove the stealthiness of these attacks in anamorphic cryptography model, where the attack cannot be detected even if all private keys are given to an auditor. At the same time, an auditor will not detect any irregular behavior even if the secret keys of the signer and the device are revealed for audit purposes (anamorphic cryptography model). We analyze the following schemes: (1) Schnorr blind signatures, (2) Tessaro–Zhu blind signatures, and their extensions. We provide a watchdog countermeasure and conclude that similar solutions are necessary in practical implementations to defer most of the threats. Full article

Reinforcement learning is a machine learning framework that relies on a lot of trial-and-error processes to learn the best policy to maximize the cumulative reward through the interaction between the agent and the environment. In the actual use of this process, the computing resources possessed by a single user are limited so that the cooperation of multiple users are needed, but the joint learning of multiple users introduces the problem of privacy leakage. This research proposes a method to safely share the effort of multiple users in an encrypted state and perform the reinforcement learning with outsourcing service to reduce users calculations combined with the homomorphic properties of cryptographic algorithms and multi-key ciphertext fusion mechanism. The proposed scheme has provably security, and the experimental results show that it has an acceptable impact on performance while ensuring privacy protection. Full article

The proliferation of the Internet of Things (IoT) has worsened the challenge of maintaining data and user privacy. IoT end devices, often deployed in unsupervised environments and connected to open networks, are susceptible to physical tampering and various other security attacks. Thus, robust, efficient authentication and key agreement (AKA) protocols are essential to protect data privacy during exchanges between end devices and servers. The previous work in “Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT” proposed a novel AKA scheme for secure IoT environments. They claimed their protocol offers comprehensive security features, guarding against numerous potential flaws while achieving session key security. However, this paper demonstrates through logical and mathematical analyses that the previous work is vulnerable to various attacks. We conducted a security analysis using the extended Canetti and Krawczyk (eCK) model, which is widely employed in security evaluations. This model considers scenarios where an attacker has complete control over the network, including the ability to intercept, modify, and delete messages, while also accounting for the potential exposure of ephemeral private keys. Furthermore, we show that their scheme fails to meet critical security requirements and relies on flawed security assumptions. We prove our findings using the automated validation of internet security protocols and applications, a widely recognized formal verification tool. To strengthen attack resilience, we propose several recommendations for the advancement of more robust and efficient AKA protocols specifically designed for IoT environments. Full article

Electronic Health Records (EHRs: digital compilations of patient health status and diagnosis) are typically shared, analyzed, and stored on cloud servers. One operational challenge is to guarantee the accurate storage of EHRs, for instance, by utilizing Provable Data Possession (PDP). When a portion of one hospital’s EHRs needs to be transferred to another, outsourcing the computational costs of data transfer to the cloud and ensuring the integrity of the data transferred off-site becomes a problematic issue. In this article, to tackle these two problems, we put forward a certificateless provable data possession scheme with outsourced data transmission on secure cloud storage. Our scheme achieves the following functions: ensuring the data integrity for the transferred data; only the data owner or the data recipient themselves can verify the integrity of their own remote data; delegating most of the computations to the public cloud server to enable data transferability. Finally, we analyze the security and efficiency of the concrete scheme. The analysis demonstrates that our scheme is demonstrably secure and efficient. Full article