Search Results (898)

The Internet of things (IoT) has recently received a great deal of attention, and there has been a large increase in the number of IoT devices owing to its significance in current communication networks. In addition, the validation of devices is an important concern and a major safety demand in IoT systems, as any faults in the authentication or identification procedure will lead to threatening attacks that cause the system to close. In this study, a new, three-phase authentication protocol in IoT is implemented. The initial phase concerns the user registration phase, in which encryption takes place with a hybrid Elliptic Curve Cryptography (ECC)–Advanced Encryption Standard (AES) model with an optimization strategy, whereby key generation is optimally accomplished via a Self-Improved Aquila Optimizer (SI-AO). The second and third phases include the login process and the authentication phase, in which information flow control-based authentication is conducted. Finally, decryption is achieved based on the hybrid ECC–AES model. The employed scheme’s improvement is established using various metrics. Full article

The revolutionary breakthroughs in Machine Learning (ML) and Artificial Intelligence (AI) are extensively being harnessed across a diverse range of domains, e.g., forensic science, healthcare, virtual assistants, cybersecurity, and robotics. On the flip side, they can also be exploited for negative purposes, like producing authentic-looking fake news that propagates misinformation and diminishes public trust. Deepfakes pertain to audio or visual multimedia contents that have been artificially synthesized or digitally modified through the application of deep neural networks. Deepfakes can be employed for benign purposes (e.g., refinement of face pictures for optimal magazine cover quality) or malicious intentions (e.g., superimposing faces onto explicit image/video to harm individuals producing fake audio recordings of public figures making inflammatory statements to damage their reputation). With mobile devices and user-friendly audio and visual editing tools at hand, even non-experts can effortlessly craft intricate deepfakes and digitally altered audio and facial features. This presents challenges to contemporary computer forensic tools and human examiners, including common individuals and digital forensic investigators. There is a perpetual battle between attackers armed with deepfake generators and defenders utilizing deepfake detectors. This paper first comprehensively reviews existing image, video, and audio deepfake databases with the aim of propelling next-generation deepfake detectors for enhanced accuracy, generalization, robustness, and explainability. Then, the paper delves deeply into open challenges and potential avenues for research in the audio and video deepfake generation and mitigation field. The aspiration for this article is to complement prior studies and assist newcomers, researchers, engineers, and practitioners in gaining a deeper understanding and in the development of innovative deepfake technologies. Full article

Compared to traditional platform environments in the online realm, the metaverse, as a three-dimensional (3D) virtual world, exposes more identity data to the network. Once these data are compromised, it leads to privacy breaches. Therefore, how to ensure identity security in the metaverse environment has become an urgent problem to be solved. Although research on identity authentication schemes can help improve identity security, traditional identity authentication schemes in network environments are studied based on their own environmental characteristics, which makes it difficult to meet the security needs in the metaverse environment. As a result, in this paper we propose an elliptic curve cryptography (ECC)-based identity authentication scheme to address identity authentication issues in the metaverse environment. This scheme ensures secure communication among users, avatars, and platform servers. The security of this scheme was demonstrated through informal security analysis and the automated validation of internet security protocols and applications (AVISPA) formal security analysis tools, and the results showed that it can resist various known attacks. Compared with existing identity authentication schemes, this scheme has lower computational and communication costs. Full article

Authentication is a crucial security service on the Internet. In real-world applications, multiple independent trust domains often exist, with each recognizing only certain identities within their own systems. During cross-domain access, users cannot directly use their original certificates, which presents a cross-domain authentication problem. Traditional centralized schemes typically employ a trusted third party (TTP) to facilitate the transfer of identity trust across domains. These schemes inevitably inherit the vulnerabilities associated with single points of failure. In contrast, blockchain-based decentralized schemes effectively eliminate the potential threats posed by TTPs. However, the openness and transparency of the blockchain also bring new security issues, such as privacy leakage. In this paper, we propose a zk-SNARK-based anonymous scheme on the blockchain for cross-domain authentication. Specifically, our scheme adopts an authorization-then-proof structure, which strikes a delicate balance between anonymity and revocability. We provide theoretical proofs for the security of our scheme and explain how it achieves proactive revocability. Experimental evaluation results demonstrated that our scheme is both secure and efficient, and the revocation could be accomplished by introducing only 64 bytes of on-chain storage with one hash comparison. Full article

Users encounter various threats, such as cross-site scripting attacks and session hijacking, when they perform login operations in the browser. These attacks pose significant risks to the integrity and confidentiality of personal data. The browser fingerprint, as an authentication technique, can effectively enhance user security. However, attackers can bypass browser fingerprint authentication through phishing attacks and other methods, leading to unauthorized logins. To address these issues, we propose a secure browser fingerprint authentication scheme that integrates the data of the browser cache side-channel into the traditional browser fingerprint. Consequently, it enhances the dynamics and non-determinism of the browser fingerprint and improves the anti-attack capabilities of the authentication process. Experimental results demonstrate that this scheme can effectively mitigate phishing attacks and man-in-the-middle attacks, achieving a 95.33% recognition rate for attackers and a 96.17% recall rate for authorized users. Full article

With the rapid development of artificial intelligence and Internet of Things (IoT) technologies, automotive companies are integrating federated learning into connected vehicles to provide users with smarter services. Federated learning enables vehicles to collaboratively train a global model without sharing sensitive local data, thereby mitigating privacy risks. However, the dynamic and open nature of the Internet of Vehicles (IoV) makes it vulnerable to potential attacks, where attackers may intercept or tamper with transmitted local model parameters, compromising their integrity and exposing user privacy. Although existing solutions like differential privacy and encryption can address these issues, they may reduce data usability or increase computational complexity. To tackle these challenges, we propose a conditional privacy-preserving identity-authentication scheme, CPPA-SM2, to provide privacy protection for federated learning. Unlike existing methods, CPPA-SM2 allows vehicles to participate in training anonymously, thereby achieving efficient privacy protection. Performance evaluations and experimental results demonstrate that, compared to state-of-the-art schemes, CPPA-SM2 significantly reduces the overhead of signing, verification and communication while achieving more security features. Full article

The healthcare sector has undergone a profound transformation, owing to the influential role played by Internet of Medical Things (IoMT) technology. However, there are substantial concerns over these devices’ security and privacy-preserving mechanisms. The current literature on IoMT tends to focus on specific security features, rather than wholistic security concerning Confidentiality, Integrity, and Availability (CIA Triad), and the solutions are generally simulated and not tested in a real-world network. The proposed innovative solution is known as Secure-by-Design Real-Time IoMT Architecture for e-Health Population Monitoring (RTPM) and it can manage keys at both ends (IoMT device and IoMT server) to maintain high privacy standards and trust during the monitoring process and enable the IoMT devices to run safely and independently even if the server is compromised. However, the session keys are controlled by the trusted IoMT server to lighten the IoMT devices’ overheads, and the session keys are securely exchanged between the client system and the monitoring server. The proposed RTPM focuses on addressing the major security requirements for an IoMT system, i.e., the CIA Triad, and conducts device authentication, protects from Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, and prevents non-repudiation attacks in real time. A self-healing solution during the network failure of live e-health monitoring is also incorporated in RTPM. The robustness and stress of the system are tested with different data types and by capturing live network traffic. The system’s performance is analysed using different security algorithms with different key sizes of RSA (1024 to 8192 bits), AES (128 to 256 bits), and SHA (256 bits) to support a resource-constraint-powered system when integrating with resource-demanding secure parameters and features. In the future, other security features like intrusion detection and prevention and the user’s experience and trust level of such a system will be tested. Full article

Managing access between large numbers of distributed medical devices has become a crucial aspect of modern healthcare systems, enabling the establishment of smart hospitals and telehealth infrastructure. However, as telehealth technology continues to evolve and Internet of Things (IoT) devices become more widely used, they are also increasingly exposed to various types of vulnerabilities and medical errors. In healthcare information systems, about 90% of vulnerabilities emerge from medical error and human error. As a result, there is a need for additional research and development of security tools to prevent such attacks. This article proposes a zero-trust-based context-aware framework for managing access to the main components of the cloud ecosystem, including users, devices, and output data. The main goal and benefit of the proposed framework is to build a scoring system to prevent or alleviate medical errors while using distributed medical devices in cloud-based healthcare information systems. The framework has two main scoring criteria to maintain the chain of trust. First, it proposes a critical trust score based on cloud-native microservices for authentication, encryption, logging, and authorizations. Second, a bond trust scoring system is created to assess the real-time semantic and syntactic analysis of attributes stored in a healthcare information system. The analysis is based on a pre-trained machine learning model that generates the semantic and syntactic scores. The framework also takes into account regulatory compliance and user consent in the creation of the scoring system. The advantage of this method is that it applies to any language and adapts to all attributes, as it relies on a language model, not just a set of predefined and limited attributes. The results show a high $F1$ score of 93.5%, which proves that it is valid for detecting medical errors. Full article

The rapid development of the Industrial Internet of Things (IIoT) and its application across various sectors has led to increased interconnectivity and data sharing between devices and sensors. While this has brought convenience to users, it has also raised concerns about information security, including data security and identity authentication. IIoT devices are particularly vulnerable to attacks due to their lack of robust key management systems, efficient authentication processes, high fault tolerance, and other issues. To address these challenges, technologies such as blockchain and the formal analysis of security protocols can be utilized. And blockchain-based Industrial Internet of Things (BIIoT) is the new direction. These technologies leverage the strengths of cryptography and logical reasoning to provide secure data communication and ensure reliable identity authentication and verification, thereby becoming a crucial support for maintaining the security of the Industrial Internet. In this paper, based on the theory of the strand space attack model, we improved the Fiber Channel Password Authentication Protocol (FACP) security protocol in the network environment based on symmetric cryptography and asymmetric cryptography. Specifically, in view of the problem that the challenge value cannot reach a consensus under the symmetric cryptography system, and the subject identity cannot reach a consensus under the asymmetric cryptography system, an improved protocol is designed and implemented to meet the authentication requirements, and the corresponding attack examples are shown. Finally, the effectiveness and security of the protocol were verified by simulating different networking environments. The improved protocol has shown an increase in efficiency compared with the original protocol across three different network configurations. There was a 6.43% increase in efficiency when centralized devices were connected to centralized devices, a 5.81% increase in efficiency when centralized devices were connected to distributed devices, and a 6.32% increase in efficiency when distributed devices were connected to distributed devices. Experimental results show that this protocol can enhance the security and efficiency of communication between devices and between devices and nodes (servers, disks) in commonly used Ethernet passive optical network (EPON) environments without affecting the identity authentication function. Full article

Unauthenticated device access to a network presents substantial security risks. To address the challenges of access and identification for a vast number of devices with diverse functions in the era of the Internet of things (IoT), we propose an IoT device identification method based on hardware and software fingerprint features. This approach aims to achieve comprehensive “hardware–software–user” authentication. First, by extracting multimodal hardware fingerprint elements, we achieve identity authentication at the device hardware level. The time-domain and frequency-domain features of the device’s transient signals are extracted and further learned by a feature learning network to generate device-related time-domain and frequency-domain feature representations. These feature representations are fused using a splicing operation, and the fused features are input into the classifier to identify the device’s hardware attribute information. Next, based on the interaction traffic, behavioral information modeling and sequence information modeling are performed to extract the behavioral fingerprint elements of the device, achieving authentication at the software level. Experimental results demonstrate that the method proposed in this paper exhibits a high detection efficacy, achieving 99% accuracy in both software and hardware level identification. Full article

Many aspects of intangible cultural heritage have associated objects of material culture that augment or enable aspects of intangible heritage to be exercised or emphasized. Christmas markets have been publicized as the quintessential event in Germany leading up to Christmas, with the over 2000 locations attracting large numbers of local, domestic, and international visitors. From their origins as mercantile venues during the medieval period, Christmas markets have evolved into multisensory social and experiential events, where the acquisition of Christmas decorations or gifts has been supplanted by the consumption of mulled wine in a social setting. Christmas markets represent intangible cultural heritage staged in ephemeral surroundings. While the abundance of material culture in Christmas markets is widely understood, this focuses on the objects offered for sale at the markets, rather than the objects that characterize a Christmas market and enable its functioning. This paper provides the first comprehensive assessment of the portable material culture associated with the German Christmas markets, covering objects as diverse as payment tokens, lapel pins, special postmarks, beer mats, and commemorative cups issued for the consumption of mulled wine. These objects, as well as numerous other manifestations of material culture, are discussed in the wider framing of the materiality of the markets, examining their ontological qualities within the multiple spheres in which these objects attain meaning (i.e., personal, event, social, and public spheres). It demonstrates that the wide range of alienable material culture associated with German Christmas markets has different manifestations of materiality, depending on the viewpoint of the user (i.e., participant, vendor, organizer), and these manifestations have different expressions of representativeness. On this foundation, this paper examines the various groups of portable and alienable material culture and discusses them in terms of their authenticity and to what extent these are representative of German Christmas markets. While all items have a connection with Christmas markets and function as symbolic shorthand souvenirs, commemorative cups issued for the consumption of hot drinks as well as the deposit tokens associated with these are both genuine and authentic and are also representative of the conceptual, social, and experiential dimensions of the event. Full article

Next Generation Sequencing Technologies (NGS), particularly metabarcoding, are valuable tools for authenticating foodstuffs and detecting eventual fraudulent practices such as species substitution. This technique, mostly used for the analysis of prokaryotes in several environments (including food), is in fact increasingly applied to identify eukaryotes (e.g., fish, mammals, avian, etc.) in multispecies food products. Besides the “wet-lab” procedures (e.g., DNA extraction, PCR, amplicon purification, etc.), the metabarcoding workflow includes a final “dry-lab” phase in which sequencing data are analyzed using a bioinformatic pipeline (BP). BPs play a crucial role in the accuracy, reliability, and interpretability of the metabarcoding results. Choosing the most suitable BP for the analysis of metabarcoding data could be challenging because it might require greater informatics skills than those needed in standard molecular analysis. To date, studies comparing BPs for metabarcoding data analysis in foodstuff authentication are scarce. In this study, we compared the data obtained from two previous studies in which fish burgers and insect-based products were authenticated using a customizable, ASV-based, and command-line interface BP (BP1) by analyzing the same data with a customizable but OTU-based and graphical user interface BP (BP2). The final sample compositions were compared statistically. No significant difference in sample compositions was highlighted by applying BP1 and BP2. However, BP1 was considered as more user-friendly than BP2 with respect to data analysis streamlining, cost of analysis, and computational time consumption. This study can provide useful information for researchers approaching the bioinformatic analysis of metabarcoding data for the first time. In the field of food authentication, an effective and efficient use of BPs could be especially useful in the context of official controls performed by the Competent Authorities and companies’ self-control in order to detect species substitution and counterfeit frauds. Full article

Recent studies have focused on user authentication methods that use biometric signals such as electrocardiogram (ECG) and photo-plethysmography (PPG). These authentication technologies have advantages such as ease of acquisition, strong security, and the capability for non-aware authentication. This study addresses user authentication using electromyogram (EMG) signals, which are particularly easy to acquire, can be fabricated in a wearable form such as a wristwatch, and are readily expandable with technologies such as human–machine interface. However, despite their potential, they often exhibit lower accuracy (approximately 90%) than traditional methods such as fingerprint recognition. Accuracy can be improved using complex algorithms and multiple biometric authentication technologies; however, complex algorithms use substantial hardware resources, making their application to wearable devices difficult. In this study, a simple Siamese model with long short-term memory (LSTM) (SSiamese-LSTM) is proposed to achieve a high accuracy of over 99% with limited resources suitable for wearable devices. The hardware implementation was accomplished using field-programmable gate arrays (FPGAs). In terms of accuracy, EMG measurement results from Chosun University were used, and data from 100 individuals were employed for verification. The proposed digital logic will be integrated with an EMG sensor in the form of a watch that can be used for user authentication. Full article

In the current context of rapid Internet of Things (IoT) and cloud computing technology development, the Single Packet Authorization (SPA) protocol faces increasing challenges, such as security threats from Distributed Denial of Service (DDoS) attacks. To address these issues, we propose the Advanced Network-Hiding Access Control (AHAC) framework, designed to enhance security by reducing network environment exposure and providing secure access methods. AHAC introduces an independent control surface as the access proxy service and combines it with a noise generation mechanism for encrypted access schemes, replacing the traditional RSA signature method used in SPA protocols. This framework significantly improves system security, reduces computational costs, and enhances key verification efficiency. The AHAC framework addresses several limitations inherent in SPA: users need to know the IP address of resources in advance, exposing the resource address to potential attacks; SPA’s one-way authentication mechanism is insufficient for multi-level authentication in dynamic environments; deploying the knocking module and protected resources on the same host can lead to resource exhaustion and service unavailability under heavy loads; and SPA often uses high-overhead encryption algorithms like RSA2048. To counter these limitations, AHAC separates the Port Knocking module from the access control module, supports mutual authentication, and implements an extensible two-way communication mechanism. It also employs ECC and ECDH algorithms, enhancing security while reducing computational costs. We conducted extensive experiments to validate AHAC’s performance, high availability, extensibility, and compatibility. The experiments compared AHAC with traditional SPA in terms of time cost and performance. Full article

A new authentication method based on EEG signal is proposed here. Biometric features such as fingerprint scanning, facial recognition, iris scanning, voice recognition, and even brainwave patterns can be used for authentication methods. Brainwave patterns, also known as brain biometrics, can be captured using technologies like electroencephalography (EEG) to authenticate a user based on their unique brain activity. This method is still in the research phase and is not yet commonly used for authentication purposes. Extracting EEG features for authentication typically involves signal processing techniques to analyze the brainwave patterns. Here, a method based on statistics for extracting EEG features is designed to extract meaningful information and patterns from the brainwave data for various applications, including authentication, brain–computer interface systems, and neurofeedback training. Full article