In the realm of surging e‐commerce data and increasing digital transactions, ensuring end‐to‐end security is paramount to protect sensitive information and maintain user trust. The Advanced Encryption Standard (AES), a cornerstone of network security, relies on symmetric key encryption for secure communication. However, rapid advancements in cryptanalysis and computational power pose new threats to AES, particularly exposing vulnerabilities related to its static S‐Box design. This article is motivated by the urgent need to enhance cryptographic resilience in dynamic threat environments, especially for applications involving online financial systems, secure cloud storage, and real‐time communication. To address these concerns, we propose an involution‐based concurrent error detection (CED) mechanism for dynamic twin‐key generation, significantly improving resistance against differential and linear cryptanalysis. By exploring the evolution of involution structures in stream cipher construction, we introduce a low‐latency CED framework tailored for symmetric block ciphers. The proposed method outperforms traditional AES‐128 by leveraging a dual‐key encryption approach. Additionally, we design a programmable, key‐dependent S‐Box architecture that enhances unpredictability and fortifies the encryption process, particularly in hardware‐constrained environments such as IoT devices and embedded systems. Mathematical analysis substantiates the robustness and practicality of the proposed enhancements, offering a future‐ready solution to secure modern data systems against emerging decryption techniques.

Electronic health records (EHRs) have become a crucial application in cloud computing environments, necessitating advanced privacy‐preserving access control mechanisms. Ciphertext policy attribute‐based encryption (CP‐ABE) is a widely recognized solution for secure access control in outsourced data environments. However, existing CP‐ABE models face challenges related to revocation efficiency, access policy exposure, and computational burden on data owners (DOs). Even though several research works have extensively tackled this issue, most rely on re‐encryption or ciphertext updates and outsourcing strategies to proxies. However, optimization for querying all affected ciphertexts to reduce re‐encryption/ciphertext update costs is often overlooked, and the cost associated with frequent blockchain transactions for ciphertext updates and revocation records has not been addressed. Furthermore, most works do not support both attribute and user revocation efficiently. To address these issues, we propose an enhanced revocable CP‐ABE‐based access control scheme with optimized revocation performance (R‐CP‐ABE‐ORP). This scheme integrates ciphertext aggregation, lazy re‐encryption with revocation tokens, proxy‐assisted lightweight re‐encryption (PRE‐LR), blockchain, and bloom filters for fast queries to significantly improve revocation efficiency. The proposed scheme ensures forward and backward security while maintaining efficient ciphertext update and policy enforcement mechanisms. Experimental evaluations confirm that the proposed scheme outperforms related works in revocation efficiency, computational cost, and query performance.

Draco is a lightweight small‐state stream cipher proposed in 2022. It is designed to provide a 128‐bit security level and be provably secure against time‐memory‐data trade‐off (TMDTO) attacks. In this paper, we revisit the security of Draco against TMDTO attacks. Based on a new observation that for certain chosen initialization vectors (IVs) the state update function of Draco depends on only a small fraction of the nonvolatile internal state, a new TMDTO attack on Draco with a time complexity of 2 109.2 Draco iterations, a memory complexity of 2 109.6 bits and a data complexity of 2 64 bits is proposed. The attack is 2 5 times better in the time/memory complexity with the same data complexity compared with the existing TMDTO attack. Furthermore, the security level that Draco can theoretically provide against TMDTO attacks is analyzed. As result, another TMDTO attack on Draco with complexities all below 2 87 is proposed. The cryptanalytic result shows that the Draco stream cipher can only offer an 87‐bit security level against TMDTO attacks if the limitation on keystream length is not considered. Our results indicate that how to design a secure small‐state stream cipher still needs further exploration.

The fact that designing secure and efficient identity or attribute‐based encryption (ABE) schemes requires the use of specific algebraic tools like bilinear pairings or lattices is well known in the cryptographic community. However, some journals whose main topics are not cryptographic still publish papers proposing, for instance, ABE schemes in settings like the (pairing‐free) discrete logarithm one. The goal of this submission is to emphasize, once again, the statements in the two previous paragraphs. As an illustration, we describe attacks on five insecure schemes that have recently been published in (prestigious) journals.

In recent years, the development of advanced smart campus systems, accurately predicting and managing pedestrian volumes in public areas has become a crucial task for enhancing campus safety and information security. This critical task forms the foundation for essential decisions in areas like campus safety, event coordination, and resource allocation and more. University administrations have set higher expectations for accurately forecasting and controlling pedestrian volume in these public areas. However, the distinct spatiotemporal patterns and inherent intricacies of pedestrian volume on campuses, combined with the frequent collection of data as sparse trajectories, make traditional forecasting techniques struggle with both precision and computational efficiency in these areas. To address these challenges, this study introduces a two‐stage algorithmic framework. Furthermore, this research underscores the potential of accurate pedestrian volume forecasts in bolstering campus information security measures. By enabling more strategic deployment of security resources and facilitating informed decision‐making, our model contributes to the creation of safer campus environments. In the first step, we use the geospatial encoding algorithm “Geohash” to transform the sparse trajectory data from the campus into pedestrian volume information for public areas. Subsequently, we introduce the GPVP‐transformer (generalized pedestrian volume prediction transformer), a modified algorithm derived from the transformer’s encoder–decoder structure. In parallel, we compare our approach with traditional statistical methods, machine learning algorithms, and state‐of‐the‐art (SOTA) techniques in time series forecasting as our baseline comparisons. The findings demonstrate the robustness of our model in all evaluation results.

The increasing reliance on big data and artificial intelligence (AI) in the Fourth Industrial Revolution has raised significant concerns about individual privacy protection. This has led various countries to enact or amend privacy protection acts to address these concerns. However, there is a lack of comprehensive research comparing these laws across multiple countries, especially considering recent legislative developments. This study fills this gap by conducting a comparative analysis of privacy information protection acts in five major regions: the European Union (EU), the United States (focusing on California), China, Japan, and South Korea. The analysis explores the diverse approaches to privacy protection adopted by each region, influenced by their unique historical, political, and cultural contexts. For instance, the EU’s General Data Protection Regulation (GDPR) emphasizes individual rights influenced by historical abuses of personal information. At the same time, the California Consumer Privacy Act (CCPA) prioritizes consumer rights within a self‐regulatory framework, reflecting the state’s technology‐driven economy. The study also examines China’s Personal Information Protection Law (PIPL), which prioritizes national security; Japan’s Act on the Protection of Personal Information (APPI), which navigates the tension between individual privacy and societal norms; and South Korea’s Personal Information Protection Act (PIPA), which balances individual autonomy with a sense of community, reflecting Confucian values. By identifying specific limitations and areas for improvement in each region’s data protection laws, this study contributes to the ongoing discourse on international data privacy regulation. It offers valuable insights for policymakers and stakeholders seeking to navigate the complexities of the data economy while ensuring robust safeguards for individual privacy.

Backdoor attacks have significantly threatened the models of natural language processing (NLP). However, most textual backdoor attacks exhibit low levels of stealthiness, making them susceptible to detection and removal by defense strategies. In order to improve the performance and stealthiness of such backdoor attacks, this article introduces a novel backdoor attack named Bad Padding (BPad) based on steganography. BPad employs a word‐substitution steganographic method to hide triggers in sentences, thereby generating poisoned data. To ensure a high level of stealthiness for these poisoned samples, BPad developed a word substitution strategy that enhances both the diversity of the substituted words and the contextual coherence of the sentences. BPad also modifies the preprocessing stage by extracting triggers from the sentences and padding them as tokens at the end, effectively amplifying the impact of the trigger and making it easier for the model to learn the shortcut from the trigger to the target label, thereby achieving the injection of a backdoor. This article uses various metrics to present experimental measures of the attack performance and stealthiness of BPad. The results find that BPad achieved competitive results compared to baseline methods in non‐defense scenarios and outperforms baseline methods under both training and inference defense. Besides that, the attack samples generated by BPad demonstrate strong stealthiness in terms of semantic coherence, perplexity, and grammaticality.

The rapid growth of Internet of Things (IoT) devices has posed significant security challenges, particularly in detecting anomalies and malicious behaviors in network traffic. This study presents an innovative intrusion detection system (IDS) framework that combines Gaussian noise injection and Hurst parameter calculation with a hybrid convolutional neural network‐long short‐term memory (CNN‐LSTM) model for anomaly detection in IoT traffic. The proposed approach is evaluated using the CIC‐IDS2017 dataset, a comprehensive source representing network attacks. During the preprocessing stage, noise is added to simulate real‐world network fluctuations, and Hurst parameter values are calculated to measure the long‐term memory of traffic patterns. Principal component analysis (PCA) is also employed to reduce data dimensionality while preserving critical features, including the Hurst parameter. The CNN‐LSTM model, optimized with the Adam optimizer, effectively learns the spatiotemporal features of network traffic and demonstrates high accuracy in classifying benign and attack samples. Experimental results reveal that the model achieves an accuracy and detection rate of 99.69%, even in the presence of noise. Incorporating the Hurst parameter as a distinguishing feature enhances the detection of subtle anomalies that traditional IDS methods may overlook. The anomaly detection mechanism analyzes traffic patterns using an error threshold and flags deviations as potential security threats. The proposed IDS framework effectively distinguishes between normal and malicious traffic, balancing the detection of both rare and common attacks. The findings underscore the importance of integrating statistical metrics, such as the Hurst parameter, with deep learning models to enhance the robustness and reliability of IoT security systems. This hybrid approach addresses the dynamic and evolving nature of IoT networks, offering a scalable and efficient solution for real‐time anomaly detection. The proposed method marks a promising advancement in securing IoT ecosystems against evolving cyberthreats.

There are user privacy risks in cloud‐based vehicle dispatch platforms due to the unauthorized collection, use, and dissemination of data. However, existing data protection methods cannot balance privacy, usability, and efficiency well. To address this, we propose a local privacy‐preserving vehicle assignment strategy via spatial–temporal fusion (STF‐LPPVA). Specifically, the strategy allows the cloud platform to train and distribute a spatial–temporal representation model to the user side. Encoded by this model, drivers and passengers can privately fuze the spatial–temporal information of their trips and then transmit these fuzed vectors to the cloud platform. Based on the similarity of the vectors, the cloud platform can allocate vehicles using the Kuhn–Monkreth (KM) algorithm. In addition, we analyze the theoretical feasibility of the STF‐LPPVA strategy using entropy change and get good performance with a dataset from DiDi in Chengdu, China. The results show that the successful matching rate of the STF‐LPPVA strategy is very close to the original data matching with lower time overhead. Our approach can reduce the traveling distance by 66.5% and improve the matching success rate by 36.2% on average.