Search Results (79)

This paper explores the feasibility and implications of developing a privacy-preserving, data-driven cloud service for predicting the energy consumption of industrial robots. Using machine learning, we evaluated three neural network architectures—dense, LSTM, and convolutional–LSTM hybrids—to model energy usage based on robot trajectory data. Our results show that models incorporating manually engineered features (angles, velocities, and accelerations) significantly improve prediction accuracy. To ensure secure collaboration in industrial environments where data confidentiality is critical, we integrate privacy-preserving machine learning (ppML) techniques based on secure multi-party computation (SMPC). This allows energy inference to be performed without exposing proprietary model weights or confidential input trajectories. We analyze the performance impact of SMPC on different network types and evaluate two optimization strategies, using public model weights through permutation and evaluating activation functions in plaintext, to reduce inference overhead. The results highlight that network architecture plays a larger role in encrypted inference efficiency than feature dimensionality, with dense networks being the most SMPC-efficient. In addition to model development, we identify and discuss specific stages in the MLOps workflow—particularly model serving and monitoring—that require adaptation to support ppML. These insights are useful for integrating ppML into modern machine learning pipelines. Full article

Quantum private comparison (QPC) is a quantum cryptographic protocol designed to enable two mutually distrustful parties to securely compare sensitive data without disclosing their private information to each other or any external entities. This study proposes a novel QPC protocol that leverages Bell states to ensure data privacy, utilizing the fundamental principles of quantum mechanics. Within this framework, two participants, each possessing a secret integer, encode the binary representation of their values using Pauli-X and Pauli-Z operators applied to quantum states transmitted from a semi-honest third party (TP). The TP, which is bound to protocol compliance and prohibited from colluding with either participant, measures the received sequences to determine the comparison result without accessing the participants’ original inputs. Theoretical analyses and simulations validate the protocol’s strong security, high efficiency, and practical feasibility in quantum computing environments. An advantage of the proposed protocol lies in its optimized utilization of Bell states, which enhances qubit efficiency and experimental practicality. Moreover, the proposed protocol outperforms several existing Bell-state-based QPC schemes in terms of efficiency. Full article

As the demand for expansive back-end systems in online applications continues to grow, novel frameworks are necessitated to address the escalating operational demands, energy consumption, and associated costs. Traditional Client–Server models, while offering centralized security and reliability, are characterized by their high deployment and maintenance expenses. Conversely, Peer-to-Peer (P2P) models, despite being cost-effective and scalable, are hindered by inherent security and data integrity challenges. Moreover, the lack of a central authority in P2P systems complicates a definitive resolution of scenarios involving stakes, where users cannot withdraw without incurring a tangible loss. In this research work, a hybrid back-end framework is introduced, combining the advantages of both models through the utilization of cryptographic algorithms and Secure Multi-Party Computation (MPC) protocols. The baseline solution is lightweight and fully composable, making it capable of utilizing different more complex slot-in MPC techniques. The proposed framework’s effectiveness is demonstrated through a simplified two-player Spades game, although it is fully generalizable to any application. Evaluations across multiple case studies reveal substantial performance enhancements compared to conventional approaches, particularly post-initialization, highlighting the scheme’s potential as a cost-effective, energy-efficient, and secure solution for modern online applications. Full article

The Internet of Medical Things (IoMT) creates interconnected networks of smart medical devices, utilizing extensive medical data collection to improve patient outcomes, streamline resource management, and guarantee comprehensive life-cycle security. However, the private nature of medical data, coupled with strict compliance requirements, has resulted in the separation of information repositories in the IoMT network, severely hindering protected inter-domain data cooperation. Although current blockchain-based federated learning (BFL) approaches aim to resolve these issues, two persistent security weaknesses remain: privacy leakage and poisoning attacks. This study proposes a privacy-preserving poisoning-resistant blockchain-based federated learning (PPBFL) scheme for secure IoMT data sharing. Specifically, we design an active protection framework that uses a lightweight $(t,n)$-threshold secret sharing scheme to protect devices’ privacy and prevent coordination edge nodes from colluding. Then, we design a privacy-guaranteed cosine similarity verification protocol integrated with secure multi-party computation techniques to identify and neutralize malicious gradients uploaded by malicious devices. Furthermore, we deploy an intelligent aggregation system through blockchain smart contracts, removing centralized coordination dependencies while guaranteeing auditable computational validity. Our formal security analysis confirms the PPBFL scheme’s theoretical robustness. Comprehensive evaluations across multiple datasets validate the framework’s operational efficiency and defensive capabilities. Full article

Multi-signature applications allow multiple signers to collaboratively generate a single signature on the same message, which is widely applied in blockchain to reduce the percentage of signatures in blocks and improve the throughput of transactions. The k-sum attacks are one of the major challenges in designing secure multi-signature schemes. In this work, we address k-sum attacks from a novel angle by defining a Public Third Party (PTP), which is an automatic process that can be verifiable by the public and restricts the signing phase from continuing until receiving commitments from all signers. Further, a two-round multi-signature scheme HEMS with PTP is proposed, which is secure based on the discrete logarithm assumption in the random oracle model. As each signer communicates directly with the PTP instead of other co-signers, the total amount of communication is significantly reduced. In addition, as PTP participates in the computation of the aggregation and signing algorithms, the computation cost left for each signer and verifier remains the same as the basis Schnorr signature. To the best of our knowledge, this is the high efficiency that a Schnorr-based multi-signature scheme can achieve. Further, HEMS is applied in a blockchain platform, e.g., Fabric, to improve transaction efficiency. Full article

This research presents a novel framework and experimental results that combine zero-knowledge proofs (ZKPs) with private blockchain technology to safeguard whistleblower privacy while ensuring secure digital evidence submission and verification. For example, whistleblowers involved in corporate fraud cases can submit sensitive financial records anonymously while maintaining the credibility of the evidence. The proposed framework introduces several key innovations, including a private blockchain implementation utilising proof-of-work (PoW) consensus to ensure immutable storage and thorough scrutiny of submitted evidence, with mining difficulty dynamically aligned to the sensitivity of the data. It also features an adaptive difficulty mechanism that automatically adjusts computational requirements based on the sensitivity of the evidence, providing tailored protection levels. In addition, a unique two-phase validation process is incorporated, which generates a digital signature from the evidence alongside random challenges, significantly improving security and authenticity. The integration of ZKPs enables iterative hash-based verification between parties (Prover and Verifier) while maintaining the complete privacy of the source data. This research investigates the whistleblower’s niche in traditional digital evidence management systems (DEMSs), prioritising privacy without compromising evidence integrity. Experimental results demonstrate the framework’s effectiveness in preserving anonymity while assuring the authenticity of the evidence, making it useful for judicial systems and organisations handling sensitive disclosures. This paper signifies notable progress in secure whistleblowing systems, offering a way to juggle transparency with informant confidentiality. Full article

Cloud computing presents itself as one of the leading technologies in the IT solutions field, providing a variety of services and capabilities. Meanwhile, blockchain-based solutions emerge as advantageous as they permit data immutability, transaction efficiency, transparency, and trust due to decentralization and the use of smart contracts. In this paper, we are consolidating these two technologies into a secure framework for access control in cloud environments. A cross-chain-based methodology is used, in which transactions and interactions between multiple blockchains and cloud computing systems are supported, such that no separate third-party certificates are required in the authentication and authorization processes. This paper presents a cross-chain-based framework that integrates a full, fine-grained, attribute-based access control (ABAC) mechanism that evaluates cloud user access transaction attributes. It grants or denies access to the cloud resources by inferring knowledge about the attributes received using semantic reasoning based on ontologies, resulting in a more reliable method for information sharing over the cloud network. Our implemented cross-chain framework on the Cosmos ecosystem with the integrated semantic ABAC scored an overall access control (AC) processing time of 9.72 ms. Full article

Federated learning (FL) is a machine learning technique where clients exchange only local model updates with a central server that combines them to create a global model after local training. While FL offers privacy benefits through local training, privacy-preserving strategies are needed since model updates can leak training data information due to various attacks. To enhance privacy and attack robustness, techniques like homomorphic encryption (HE), Secure Multi-Party Computation (SMPC), and the Private Aggregation of Teacher Ensembles (PATE) can be combined with FL. Currently, no study has combined more than two privacy-preserving techniques with FL or comparatively analyzed their combinations. We conducted a comparative study of privacy-preserving techniques in FL, analyzing performance and security. We implemented FL using an artificial neural network (ANN) with a Malware Dataset from Kaggle for malware detection. To enhance privacy, we proposed models combining FL with the PATE, SMPC, and HE. All models were evaluated against poisoning attacks (targeted and untargeted), a backdoor attack, a model inversion attack, and a man in the middle attack. The combined models maintained performance while improving attack robustness. FL_SMPC, FL_CKKS, and FL_CKKS_SMPC improved both their performance and attack resistance. All the combined models outperformed the base FL model against the evaluated attacks. FL_PATE_CKKS_SMPC achieved the lowest backdoor attack success rate (0.0920). FL_CKKS_SMPC best resisted untargeted poisoning attacks (0.0010 success rate). FL_CKKS and FL_CKKS_SMPC best defended against targeted poisoning attacks (0.0020 success rate). FL_PATE_SMPC best resisted model inversion attacks (19.267 MSE). FL_PATE_CKKS_SMPC best defended against man in the middle attacks with the lowest degradation in accuracy (1.68%), precision (1.94%), recall (1.68%), and the F1-score (1.64%). Full article

In this paper, we introduce a quantum private set intersection (QPSI) scheme that leverages Bell states as quantum information carriers. Our approach involves encoding private sets into Bell states using unitary operations, enabling the computation of the intersection between two private sets from different users while keeping their individual sets undisclosed to anyone except for the intersection result. In our scheme, a semi-honest third party (TP) distributes the first and second qubits of the Bell states to the two users. Each user encodes their private sets by applying unitary operations on the received qubits according to predefined encoding rules. The modified sequence is encrypted and then sent back to TP, who can compute the set intersection without learning any information about the users’ private inputs. The simulation outcomes on the IBM quantum platform substantiate the viability of our scheme. We analyze the security and privacy aspects of the sets, showing that both external attacks and internal threats do not compromise the security of the private inputs. Furthermore, our scheme exhibits better practicality by utilizing easily implementable Bell states and unitary operations, rather than relying on multiple encoded states for set intersection calculations. Full article

The Internet of Things (IoT) contains many devices that can compute and communicate, creating large networks. Industrial Internet of Things (IIoT) represents a developed application of IoT, connecting with embedded technologies in production in industrial operational settings to offer sophisticated automation and real-time decisions. Still, IIoT compels significant cybersecurity threats beyond jamming and spoofing, which could ruin the critical infrastructure. Developing a robust Intrusion Detection System (IDS) addresses the challenges and vulnerabilities present in these systems. Traditional IDS methods have achieved high detection accuracy but need improved scalability and privacy issues from large datasets. This paper proposes a Fog-enabled Federated Learning-based Intrusion Detection System (FFL-IDS) utilizing Convolutional Neural Network (CNN) that mitigates these limitations. This framework allows multiple parties in IIoT networks to train deep learning models with data privacy preserved and low-latency detection ensured using fog computing. The proposed FFL-IDS is validated on two datasets, namely the Edge-IIoTset, explicitly tailored to environments with IIoT, and CIC-IDS2017, comprising various network scenarios. On the Edge-IIoTset dataset, it achieved 93.4% accuracy, 91.6% recall, 88% precision, 87% F1 score, and 87% specificity for jamming and spoofing attacks. The system showed better robustness on the CIC-IDS2017 dataset, achieving 95.8% accuracy, 94.9% precision, 94% recall, 93% F1 score, and 93% specificity. These results establish the proposed framework as a scalable, privacy-preserving, high-performance solution for securing IIoT networks against sophisticated cyber threats across diverse environments. Full article

Private Set Intersection (PSI) is a significant application of interest within Secure Multi-party Computation (MPC), even though we are still in the early stages of deploying MPC solutions to real-world problems. Threshold PSI (tPSI), a variant of PSI, allows two parties to determine the intersection of their respective sets only if the cardinality of the intersection is at least (or less than) a specified threshold t. In this paper, we propose a generic construction for two-party tPSI that extensively utilizes Oblivious Transfer (OT). Our approach is based on lightweight primitives and avoids costly public-key systems such as homomorphic encryption. We start by introducing the secret-sharing private membership test ${}^{\mathrm{ss}}\mathrm{PMT}$ that is based on the secret-sharing private equality test ${}^{\mathrm{ss}}\mathrm{PEQT}$. The ${}^{\mathrm{ss}}\mathrm{PMT}$ enables tPSI to be scaled for a wide range of practical applications, particularly benefiting parties with limited computational resources. Consequently, two distinct two-party tPSI protocols can be efficiently implemented: over-threshold PSI ($t^{\le }\mathrm{PSI}$) and under-threshold PSI $t^{>}\mathrm{PSI}$. In addition, we propose a lightweight two-party tPSI with limited leakage and a generic precomputing OT suitable for phased implementation. Experimental performance demonstrates that our protocols are highly efficient and computationally friendly, thus paving the way for broader deployment of tPSI solutions. Full article

Quantum private comparison (QPC) is a crucial component of quantum multiparty computing (QMPC), allowing parties to compare their private inputs while ensuring that no sensitive information is disclosed. Many existing QPC protocols that utilize Bell states encounter efficiency challenges. In this paper, we present a novel and efficient QPC protocol that capitalizes on the distinct characteristics of Bell states to enable secure comparisons. Our method transforms private inputs into unitary operations on shared Bell states, which are then returned to a third party to obtain the comparison results. This approach enhances efficiency and decreases the reliance on complex quantum resources. A single Bell state can compare two classical bits, achieving a qubit efficiency of 100%. We illustrate the feasibility of the protocol through a simulation on the IBM Quantum Cloud Platform. The security analysis confirms that our protocol is resistant to both eavesdropping and attacks from participants. Full article

After the end of IPv4 addresses, the Internet is moving towards IPv6 address architecture quickly with the support of virtualization techniques worldwide. IPv4 and IPv6 protocols will co-exist long during the changeover process. Some attacks, such as MITM attacks, do not discriminate by appearance and affect IPv4 and IPv6 address architectures. In an MITM attack, the attacker secretly captures the data, masquerades as the original sender, and sends it toward the receiver. The receiver replies to the attacker because the receiver does not authenticate the source. Therefore, the authentication between two parties is compromised due to an MITM attack. The existing authentication schemes adopt complicated mathematical procedures. Therefore, the existing schemes increase computation and communication costs. This paper proposes a lightweight and authentic end-to-end communication model to detect MITM attacks using a pre-shared symmetric key. In addition, we implement and analyze the performance of our proposed security model on Linux-based virtual machines connected to large-scale hybrid IPv4-IPv6 virtual networks. Moreover, security analyses prove the effectiveness of our proposed model. Finally, we compare the performance of our proposed security model with existing models in terms of computation cost and communication overhead. Full article

Authenticated key exchange is desired in scenarios where two participants must exchange sensitive information over an untrusted channel but do not trust each other at the outset of the exchange. As a unique hardware-based random oracle, physical unclonable functions (PUFs) can embed cryptographic hardness and binding properties needed for a secure, interactive authentication system. In this paper, we propose a lightweight protocol, termed PUF-MAKE, to achieve bilateral mutual authentication between two untrusted parties with the help of a trusted server and secure physical devices. At the end of the protocol, both parties are authenticated and possess a shared session key that they can use to encrypt sensitive information over an untrusted channel. The PUF’s underlying entropy hardness characteristics and the key-encryption-key (KEK) primitive act as the root of trust in the protocol’s construction. Other salient properties include a lightweight construction with minimal information stored on each device, a key refresh mechanism to ensure a fresh key is used for every authentication, and robustness against a wide range of attacks. We evaluate the protocol on a set of three FPGAs and a desktop server, with the computational complexity calculated as a function of primitive operations. A composable security model is proposed and analyzed considering a powerful adversary in control of all communications channels. In particular, session key confidentiality is proven through formal verification of the protocol under strong attacker (Dolev-Yao) assumptions, rendering it viable for high-security applications such as digital currency. Full article

With the rapid development of quantum computers, post-quantum cryptography (PQC) has become critical technology in the security field. PQC includes cryptographic techniques that are secure against quantum-computer-based attacks, utilizing methods such as code-based, isogeny-based, and lattice-based approaches. Among these, lattice-based cryptography is the most extensively studied due to its ease of implementation and efficiency. As quantum computing advances, the need for secure communication protocols that can withstand quantum computer-based threats becomes increasingly important. Traditional two-party AKE protocols have a significant limitation: the security of the entire system can be compromised if either of the communicating parties behaves maliciously. To overcome this limitation, researchers have proposed three-party AKE protocols, where a third party acts as an arbiter or verifier. However, we found that a recently proposed three-party AKE protocol is vulnerable to quantum-computer-based attacks. To address this issue, we propose a provably quantum secure three-party AKE protocol based on MLWE. The proposed scheme leverages the user’s biometric information and the server’s master key to prevent the exposure of critical parameters. We analyzed the security of the protocol using simulation tools such as the Burrows–Abadi–Needham (BAN) logic, Real-or-Random (RoR) model, and Automated Validation of Internet Security Protocols and Applications (AVISPA). Furthermore, comparative analysis with similar protocols demonstrates that our protocol is efficient and suitable. Full article