Abstract: Internet of Things (IoT) is evolving as a ubiquitous technology to thrive human lives with minimal time and effort. The resource-constrained IoT devices operating in an ambient environment with minimal or no safeguards are highly susceptible to physical invasion. The existing protocols suffer from huge computing resources required for cryptographic primitives and bandwidth overhead of high message passing during authentication. In addition, few of them suffer from multiple executions of disparate protocols incurring huge latency. Effective use of lightweight primitives with adequate security also propels to rethink the design of the IoT protocol. In this work, we developed a lightweight authentication and key exchange protocol that aptly suits the resource-constrained environment. The proposed protocol leverages cryptographic XOR, hash function for secure communication, and physically unclonable function (PUF) for unique device-dependent identity generation and lightweight security solution to prevent physical attacks. This standalone protocol can perform device-to-device and device-to-server authentication without incurring additional communication and computation resources, eradicating the need for disparate protocols. Extensive security analysis against adversarial attacks and bad PUF-model-based attacks are formally verified. In addition, a Scyther verification tool is utilized for security validation. Performance analysis advocates the lightweight features of this protocol. A prototype implemented with Xilinx Spartan-3E FPGA and Raspberry Pi for a smart street light monitoring system endorses the proposed protocol’s acceptability and safeguards against different adversarial attacks.

Abstract: Nowadays, Industrial Internet of Things (IIoT) technology has made a great progress and the industrial control systems (ICSs) have been used extensively, which has brought more and more serious information security threats to the ICS at the same time. The authenticated key agreement (AKA) protocol is a common method to ensure the communication security. This work proposes a lightweight AKA protocol based on the elliptic curve cryptography (ECC) algorithm to adapt to the resource-constrained environment. We only employ hash operation, XOR operation, and ECC algorithm to encrypt the data in the authentication and key agreement phase, and avoid involving the register center while proceeding the key agreement, to give consideration to both performance and security. The security analyses indicate that our protocol can meet nine critical security requirements, more than all of the existing protocols, and the performance analysis carried out indicates that our protocol has less computational and communication overheads in contrast to other corelative protocols.

Abstract: Abstract The advances on recent communication paradigms brings new security and privacy challenges, mainly about personal data collection by smart devices. Resource constrained devices face serious issues to run complex cryptographic algorithms. Trying to evaluate the performance impact of those algorithms in usual and common devices used in smart homes, in this paper we tested the impact of different cryptographic algorithms in low computational devices, typically used in smart devices applied in smart homes, testing different security configurations and using the two most used transport protocols (HTTP and MQTT). The experiment measures their effects on six commonly used embedded devices in IoT WSNs: ESP8622, ESP32, and Raspberry Pi (RPi) from 1 to 4. The experiment measured the power consumption, message delay, and additional message length (bytes). Moreover, the analysis was also used to model security algorithms. The experimental results from long runs (72 hours) reveal the cryptographic solution choice is significant for the message delay and additional message length.

Abstract: The Internet of things (IoT) is defined as a network of connected objects or devices that gather information and share or exchange them through communication systems. In many applications, maintaining the privacy and security of the exchanged data is of great importance. Therefore, protecting sensitive data against security threats is a major concern in IoT applications. Using multifactor authentication protocols is an efficient solution to provide these features. Recently, a two-factor authentication protocol using physical unclonable functions and wireless fingerprints has been proposed by Aman et al. In this article, we first analyze Aman et al.’s protocol and discuss its weaknesses and vulnerabilities. Then, we propose an improved two-factor authentication protocol to provide strong mutual authentication and overcome the mentioned issues. The informal security analysis of the proposed scheme demonstrates that it is resistant to several well-known attacks. We also perform a security analysis of the proposed scheme using Burrows–Abadi–Needham logic. We further evaluate the proposed protocol in terms of computational complexity and security features. The results demonstrate that our scheme has significantly better computational efficiency and provides better security features compared to Aman et al.’s protocol.

Abstract: The popularity of vehicles promotes the evolution of smart cities. This development makes vehicular ad-hoc network (VANET) a widely used inter-vehicular communication to obtain information about road conditions, speed, vehicle location and traffic congestion. Such a public network is vulnerable to different security threats. Overall, the security of private data in VANET is a critical task. It has been observed that various authentication protocols have been devised for VANETs. However, most of the proposed protocols are not secure and reliable because of different security threats, including denial of service, replay, forgery and impersonation attacks, etc. Furthermore, the existing protocols used extra communication overhead and computational cost, so they become infeasible for resource-constrained environments. In this article, we design a lightweight and secure privacy-preserving key agreement protocol for VANETs using the hashing technique, which provides an efficient and secure data transmission mechanism over a public communication channel. Detailed security analysis shows that the proposed protocol is secure against various attacks. To evaluate the performance of the protocol, we simulate key cryptographic operations of vehicles, a roadside unit, and a trusted party agent on Arduino, low-end and high-end devices, respectively. The experimental results show that compared with the other related protocols, the computational cost and communication overhead of our protocol are reduced on average by $8.797\%$ and $22.06 \%$ , respectively. Additionally, simulation results on NS3 show that our protocol consistently achieves a packet delivery ratio higher than $99.91 \%$ . Therefore, our protocol is secure and reliable for VANET environment.

Abstract: Electric vehicle (EV) is a fast-growing technology that could help reduce greenhouse gas emissions in the energy and transportation sectors. The characteristics of EVs allow for rapid smart city expansion and serve as a key weapon in the emergence of vehicle-to-grid (V2G) technology. The entities, such as EVs and charging stations, connect with one another in order to gather data about the status of the EV and the environment in which it is traveling. The exchange of information among entities in V2G over a public channel may be exposed to security threats. The user's devices are also vulnerable to physical attacks since they are left unprotected at their end. Hence, we suggest a lightweight protocol for key agreement and mutual authentication between entities operating in a V2G environment. Additionally, we assess the proposed scheme using the Scyther tool to conduct formal and informal security analyses in order to demonstrate how effectively it can counteract known security attacks. Finally, the performance study reveals that the suggested protocol provides a communication and computational benefit when compared to relevant protocols.

Abstract: Medical Internet of Things (MIoT) is a rapidly growing field that promises to revolutionize health care. The ability to connect devices and collect data from them has the potential to transform the way it monitors and treat patients. However, the security and privacy of this data is a major concern. The cryptography and other conventional methods for security in resource constrained MIoT has several shortcomings. First, it does not provide adequate protection for patient data. Second, it is not designed to work with the large number of devices and huge volumes of data that are typically generated in MIoT applications. In this paper, Secure M-Trust Privacy protocol (SMP) has been designed to address these issues. The SMP protocol uses a combination of trust, cryptographic and Machine Learning techniques to provide security and privacy for data in transit. The SMP protocol has been designed to work with the Smart Health Care Monitoring System to provide a secure and private communication channel between devices in the system. The SMP protocol is an improvement over the existing security and privacy protocols for medical data. The simulation results proves that the SMP protocol is more efficient and scalable than the existing protocols. The SMP protocol is a valuable addition to the MIoT landscape and can help improve the privacy of data exchanged between medical devices.

Abstract: Many proofs of interactive cryptographic protocols (e.g., as in Universal Composability) operate by proving the protocol at hand to be observationally equivalent to an idealized specification. While pervasive, formal tool support for observational equivalence of cryptographic protocols is still a nascent area of research. Current mechanization efforts tend to either focus on diff-equivalence, which establishes observational equivalence between protocols with identical control structures, or require an explicit witness for the observational equivalence in the form of a bisimulation relation. Our goal is to simplify proofs for cryptographic protocols by introducing a core calculus, IPDL, for cryptographic observational equivalences. Via IPDL, we aim to address a number of theoretical issues for cryptographic proofs in a simple manner, including probabilistic behaviors, distributed message-passing, and resource-bounded adversaries and simulators. We demonstrate IPDL on a number of case studies, including a distributed coin toss protocol, Oblivious Transfer, and the GMW multi-party computation protocol. All proofs of case studies are mechanized via an embedding of IPDL into the Coq proof assistant.

Abstract: Cryptographic voting protocols have recently seen much interest from practitioners due to their (planned) use in countries such as Estonia, Switzerland, France, and Australia. Practical protocols usually rely on tested designs such as the mixing-and-decryption paradigm. There, multiple servers verifiably shuffle encrypted ballots, which are then decrypted in a distributed manner. While several efficient protocols implementing this paradigm exist from discrete log-type assumptions, the situation is less clear for post-quantum alternatives such as lattices. This is because the design ideas of the discrete log-based voting protocols do not carry over easily to the lattice setting, due to specific problems such as noise growth and approximate relations.

Abstract: Cryptographic protocols are widely deployed to enhance the security of sensitive data shared across autonomous networks. Privacy and security issues are exacerbated due to increased vulnerability of the cryptographic key to various types of attack. It is extremely challenging to distribute cryptographic keys in contested areas on a real-time basis, therefore several protocols have been developed that use the fingerprints of electronic devices embedded in cyber physical systems for one-time use key generation. Various autonomous systems, including vehicles, robots, and industrial machines may be protected by these fingerprints, thus allowing the use of onetime encryption keys, thereby reducing the cybersecurity attack surface. To mitigate certain attacks and enhance security we propose methods to inject random noise in these keys, as well as the associated key recovery schemes. The benefit of noise injection is the ability to incrementally confuse the hacker while adding an extra layer of authenticity. The random percentage of noise injected in the key can only be identified and verified by an authorized party. An unexpected increase or decrease in the percentage of noise notifies the server that the autonomous system is potentially under attack. Experimentally, we demonstrate how noise levels up to 30% of the cryptographic keys can be injected, and how the temperature can alter the percentage of noise. We also quantify methods to increase the errors due to the instability of the fingerprints. Additionally, we review different strategies of noise injection and how we may leverage the injected noise for stronger authentication.

Abstract: Fourteen years after the invention of Bitcoin, there has been a proliferation of many permissionless blockchains. Each such chain provides a public ledger that can be written to and read from by anyone. In this multi-chain world, a natural question arises: what is the optimal security an existing blockchain, a consumer chain, can extract by only reading and writing to k other existing blockchains, the provider chains? We design a protocol, called interchain timestamping, and show that it extracts the maximum economic security from the provider chains, as quantified by the slashable safety resilience. We observe that interchain timestamps are already provided by light-client based bridges, so interchain timestamping can be readily implemented for Cosmos chains connected by the Inter-Blockchain Communication (IBC) protocol. We compare interchain timestamping with cross-staking, the original solution to mesh security, as well as with Trustboost, another recent security sharing protocol.

Abstract: The Internet of Things (IoT) is composed of a large number of miniaturized devices interconnected through the Internet. These devices, equipped with sensing, computing, and communication capabilities, can be used to remotely control the environment or the monitored infrastructure. However, IoT devices usually only have limited resources, and thus designing a lightweight security authentication protocol for them is a challenge. This article proposes an identity authentication protocol between embedded devices and server. The protocol uses the elliptic curve encryption algorithm and realizes the anonymity of the device by hashing their IDs and prevents the server from replay attacks by adding security attributes timestamp. We prove the security of the protocol and its resistance to security attacks and also formally verify it using the AVISPA tool. In addition, through experimental comparison with existing protocols, we demonstrate the performance superiority of the proposed protocol.

Abstract: IoMT has been gradually gaining traction in the healthcare industry and holds up the prospect of a time when it will not only be common but also fully expanded outside the confines of clinics and hospitals. IoMT deployment in real life calls for improved responsiveness and healthcare quality while reducing patient care expenses. But the cybercriminals try every computer, every hospital, every day several times. Consequently, shoddy security is one of the biggest problems of IoT in healthcare. IoMT demands more stringent security since medical data is sensitive and its contents are essential. IoMT devices are accessible for attackers to acquire control of, and once they do, they can start modifying the course of treatment possibly leading to patient fatalities. To satisfy the security requirements, this research suggests a group-based efficient authentication and key agreement (GBEAKA) protocol, which is suitable for low-power IoMT devices. The suggested protocol meets security objectives like authentication & key agreement between the devices, privacy of subscribers, unlinkability, key confirmation, and perfect forward/backward key secrecy between the sessions. More conclusive AVISPA tool and BAN logic has been used to analyze the security claims of the suggested protocol, and the findings show that it is secure against various cryptographic attacks. According to a mathematical study of the protocol, the suggested protocol is also compatible with low-power IoMT (LPIoMT) devices since it accomplishes its goals with the least amount of signaling overhead, bandwidth consumption, and computational cost.

Abstract: Actively secure two-party computation (2PC) is one of the canonical building blocks in modern cryptography. One main goal for designing actively secure 2PC protocols is to reduce the communication overhead, compared to semi-honest 2PC protocols. In this paper, we propose a new actively secure constant-round 2PC protocol with one-way communication of $$2\kappa +5$$ bits per AND gate (for $$\kappa $$ -bit computational security and any statistical security), essentially matching the one-way communication of semi-honest half-gates protocol. This is achieved by two new techniques: Our technique of yielding authenticated AND triples can also be used to optimize the two-way communication (i.e., the total communication) by combining it with the authenticated garbled circuits by Dittmer et al., which results in an actively secure 2PC protocol with two-way communication of $$2\kappa +3\rho +4$$ bits per AND gate.

Abstract: The rise of autonomous vehicles (AVs) has led to an increased reliance on vehicle-to-vehicle (V2V) communication networks to ensure real-time information sharing, situational awareness, and cooperative decision-making. However, the integration of quantum computing into cybersecurity threatens the cryptographic foundations upon which current V2V communication protocols rely. As quantum computers grow closer to practical implementation, traditional public-key encryption schemes—such as RSA and ECC—are rendered vulnerable to attacks from quantum algorithms like Shor’s and Grover’s. This review explores the necessity of adopting quantum-resistant cryptographic protocols to secure V2V communication frameworks. The study critically examines post-quantum cryptographic algorithms, including lattice-based, hash-based, code-based, multivariate polynomial, and isogeny-based schemes, with a focus on their applicability to latency-sensitive and resource-constrained vehicular environments. Furthermore, the paper evaluates the performance, scalability, and implementation challenges of integrating these cryptographic primitives into real-time autonomous systems. Case studies of pilot implementations and emerging research are reviewed to highlight the practicality of these protocols in vehicular edge computing and 5G-enabled automotive networks. The paper concludes by proposing a forward-looking roadmap for standardization and integration of quantum-resilient cryptography in intelligent transportation systems (ITS), ensuring long-term data integrity, authentication, and privacy across V2V infrastructures.

Abstract: State-separating proofs (SSP) is a recent methodology for structuring game-based cryptographic proofs in a modular way, by using algebraic laws to exploit the modular structure of composed protocols. While promising, this methodology was previously not fully formalized and came with little tool support. We address this by introducing SSProve, the first general verification framework for machine-checked state-separating proofs. SSProve combines high-level modular proofs about composed protocols, as proposed in SSP, with a probabilistic relational program logic for formalizing the lower-level details, which together enable constructing machine-checked cryptographic proofs in the Coq proof assistant. Moreover, SSProve is itself fully formalized in Coq, including the algebraic laws of SSP, the soundness of the program logic, and the connection between these two verification styles. To illustrate SSProve we use it to mechanize the simple security proofs of ElGamal and PRF-based encryption. We also validate the SSProve approach by conducting two more substantial case studies: First, we mechanize an SSP security proof of the KEM-DEM public key encryption scheme, which led to the discovery of an error in the original paper proof that has since been fixed. Second, we use SSProve to formally prove security of the sigma-protocol zero-knowledge construction, and we moreover construct a commitment scheme from a sigma-protocol to compare with a similar development in CryptHOL. We instantiate the security proof for sigma-protocols to give concrete security bounds for Schnorr’s sigma-protocol.

Abstract: As embedded integrated electronic systems (EIESs) become more pervasive (including in mission-critical applications), the need to ensure the security of data exchange in such a system against various malicious activities becomes more pronounced. However, designing secure and efficient solutions, such as authentication protocols, for the many different embedded systems with varying internal communication modes remains challenging. Therefore, in this paper, we propose a lightweight authenticated key-exchange (AKE) protocol for EIESs based on half-duplex and “command/response” bus. Specifically, the proposed protocol is designed to operate on resource-constrained devices, as well as having minimal number of interactions. We then prove the security of the proposed protocol and present the security parameter selection strategy for protocol implementation based on the empirical evaluations. Moreover, efficiency analysis also shows that the protocol can be effectively deployed in the EIESs environment.

Abstract: Private neural network inference has demonstrated great importance in various privacy-critical scenarios. However, the primary challenge remaining in prior works is that the evaluation on encrypted data levies prohibitively high run-time and communication overhead. In this work, we present FastSecNet, an efficient two-party cryptographic framework for private inference in the dealer-based pre-processing setting. Specifically, (1) FastSecNet provides an efficient ReLU protocol for the evalution of non-linear layers, which is built up on a recent advanced cryptographic primitive, function secret sharing (FSS). The core of this construction are an optimized ReLU representation and a customized FSS-based ReLU protocol. (2) For linear layer evaluation, we first propose an efficient PRG-based preprocessing protocol based on the fact that one of the inputs is uniformly random in the offline phase. Then, the online phase only communicates one element and consists of lightweight secret-sharing operations in a ring. Extensive evaluations conducted on 4 real-world datasets and 9 neural network models demonstrate that during the online phase, FastSecNet achieves 14× less runtime and 18× less communication cost compared to the state-of-the-art.

Abstract: Nowadays, technological advances provide people with more facilities and luxuries in life. Medicine is no exception; for example, different wireless sensors can be used to monitor patients’ state of health. These sensors are used in the so-called Wireless Body Area Networks (WBAN), to improve the efficiency of doctor-patient activities at any time, in any body area, and anywhere. However, health data contains sensitive information that becomes a critical issue requiring special attention when transmitted within a WBAN. In other words, WBAN must be protected from malicious devices that intercept, alter or access without authorization or even deny the health information being transmitted. In this article, we present the design of a new cryptographic protocol that guarantees three security services, authentication, confidentiality, and integrity by securing sensitive information communication through a WBAN. We also consider a keyless sensors authentication method to distinguish whether or not the devices are placed on the same individual’s body. A formal analysis of the protocol is carried out using cryptographic protocol verification tools to guarantee its correct construction and that it provides appropriate security.

Abstract: In quantum secure multi-party summation protocols, some attackers can impersonate legitimate participants in the summation process, and easily steal the summation results from the participants. This is often overlooked for existing secure multi-party summation protocols, thus rendering them insecure. Based on commutative encryption, a quantum secure multi-party summation protocol with identity authentication is proposed in this paper. In the protocol, each participant encodes a secret integer on photons via unitary operations. At the same time, a one-way hash function technique with a key is utilized to perform identity authentication operations for each participant. Finally, the summation is calculated with the help of a semi-trusted third party. The analysis of the protocol shows that the proposed protocol is correct and resistant to common and impersonation attacks. Compared to related protocols, the use and measurement of single photons makes the protocol easier to implement into existing technology. Furthermore, the simulation experiments on the IBM Q Experience cloud platform demonstrate the effectiveness of the presented protocol.

Abstract: Industrial networks become increasingly interconnected, which opens the floodgates for cyberattacks on legacy networks designed without security in mind. Consequently, the vast landscape of legacy industrial communication protocols urgently demands a universal solution to integrate security features retroactively. However, current proposals are hardly adaptable to new scenarios and protocols, even though most industrial protocols share a common theme: Due to their progressive development, previously important legacy features became irrelevant and resulting unused protocol fields now offer a unique opportunity for retrofitting security. Our analysis of three prominent protocols shows that headers offer between 36 and 63 bits of unused space. To take advantage of this space, we designed the REtrofittable ProtEction Library (RePeL), which supports embedding authentication tags into arbitrary combinations of unused header fields. We show that RePeL incurs negligible overhead beyond the cryptographic processing, which can be adapted to hit performance targets or fulfill legal requirements.

Abstract: In order to protect data privacy in cloud storage, sensitive data is encrypted before being uploaded to a cloud server. How to retrieve ciphertext safely and effectively has become a problem. Public key encryption with keyword search (PEKS) realizes the retrieval of ciphertexts in clouds without disclosing secret information. However, most PEKS protocols can not resist an keyword guessing attack (KGA) launched by untrusted cloud servers. Meanwhile, these protocols are unable to detect vulnerabilities, resulting in information leakage. In this article, we design a searchable public-key encryption with cryptographic reverse firewalls (SPKE-CRF), and use the JPBC library to implement the protocol. Security analysis shows that the SPKE-CRF protocol can resist a chosen keyword attack (CKA), a KGA, and an algorithm substitution attack (ASA) without secure channels. Performance analysis shows that the SPKE-CRF protocol has a significant communication and computational cost advantage while being resistant to the KGA and ASA from malicious insider attackers in cloud environments. Therefore, our SPKE-CRF protocol is secure and efficient for cloud storage.

Abstract: People have valid concerns about their privacy and the use of their personal information by corporations. People do not necessarily trust social media companies to protect their right to privacy. Social media companies are under pressure to provide greater levels of security and privacy to their users. The current gold standard of security protocols for messaging system is the Signal Protocol. The Signal protocol is an open-source end-to-end encryption model. It uses AES-256, HMAC-SHA256 and Curve25519 as its cryptographic primitives. This protocol is currently considered cryptographically sound and provides excellent information security. However, many social media companies are still using less secure protocols often underpinned by less secure primitives. This paper discusses in detail the various cryptographic primitives used in social media apps like WhatsApp, Twitter, Facebook, Snapchat and Instagram.

Abstract: Internet of Things (IoT) is a group of self-contained objects, which is a brand-new pattern that incorporates the current existence of various devices. It is one of the most recent technologies that offer worldwide connectivity, user, sensor, and information management. Devices can become ubiquitously connected, thanks to connectivity. IoT has a number of problems, including fading, energy use, data security, network security, etc. Security emerges as one of the biggest issues among these. In this paper, a survey on IoT security solutions is presented to illustrate the various IoT security procedures. The security protocols that are divided into four categories based on technologies used to provide security such as machine learning, trust, blockchain, and cryptography have been elaborated. The major purpose of these protocols is to address the issue of network routing assaults in IoT. Each protocol’s benefits and drawbacks are examined together with the performance indicators that were used.

Abstract: In this paper, we propose three protocols to share, among a set of $N$ competing entities, the responsibility to grant anonymous access to a resource. The protocols we propose vary in their settings to take into account central or distributed registration. We prove that any subset of guardian authorities can neither tamper with, nor forge, new access-key tokens. Besides, two of the methods we propose are resistant to the eventual appearance of quantum computers. The protocols we propose permit new approaches for cryptographic applications such as electronic voting or blockchain access.

Abstract: Modern business models improve the efficiency of supply chain management by attaching tags to products. These tagged products typically change owners multiple times during their life cycles. The ownership transfer protocol authorizes the new owner by replacing the old owner’s authentication information stored in the tag with the new owner’s. Until now, a considerable amount of literature has proposed solutions to the problem of RFID ownership transfer. Unfortunately, these existing protocols are either flawed in some security properties especially in protecting new and old owners’ privacy, or are associated with huge computational overheads. In this paper, we propose an ultra-lightweight RFID ownership transfer protocol based on permutation function. The tag and reader only use efficient bit operations, which greatly reduce the computational overhead. An important feature of the proposed protocol is that the new owner can impose calculations on data that has been encrypted by the old owner. The new owner is authorized by the old owner and does not have access to the tag’s key, which protects the old owner’s privacy stored in the tag side. We compare our protocol with existing work, and show the advantages in terms of security, computational overhead, and time cost.

Abstract: Cryptographic schemes are often deployed in microgrids to protect communication security. However, most existing schemes widely used in microgrids cannot ensure forward secrecy and non-repudiation under key leakage and dishonest insiders. Although some existing cryptographic techniques can theoretically overcome these vulnerabilities, their computational complexity may significantly extend the communication latency, making them less suitable for the time-sensitive microgrid control scenario. In this paper, a novel cryptographic scheme is proposed to guarantee not only confidentiality and integrity but also forward secrecy and non-repudiation of microgrid control communications. Built from key-evolving symmetric encryption and online/offline signature, the scheme can efficiently run in embedded controllers with limited computational resources. The security of the scheme is analyzed in the paper, with a recommended instantiation given through comprehensive comparisons of candidate cryptographic algorithms. Besides, the effectiveness and efficiency of the proposed scheme are tested on a microgrid model through cyber-physical co-simulation.