Message Authentication Research Articles

Real-Time Adaptive and Lightweight Anomaly Detection Based on a Chaotic System in Cyber–Physical Systems

When cyber–physical systems (CPSs) are connected to the Internet or other CPSs with connectivity, external adversaries can potentially gain access to the CPS and attempt to control the electronic control units (ECUs). In particular, the lack of confidentiality and integrity in the controller area networks (CANs) of CPSs makes it difficult to distinguish malicious data from legitimate data. The security vulnerabilities of CPSs, which are frequently exposed to adversaries, pose the risk of destabilizing the lives of humans. Therefore, we propose a real-time adaptive and lightweight anomaly detection (RALAD) mechanism that efficiently and securely detects anomalies within a given virtual group though verification of the data integrity and key management of stateless synchronization based on a chaotic system while driving. These characteristics prevent an adversary from authenticating maliciously modified messages even though it captures legitimate messages on the CAN bus. RALAD shows a clear difference from others in terms of (1) its unique secret key-sharing method and approach to secret key generation for each message, (2) safe controlling support after detecting anomalies, and (3) its software-based solution that eliminates the need for hardware secure modules. It leads to freedom from the issues of additional cost, weight, and wiring in CPSs. The proposed method achieves real-time anomaly detection, and the experiment results show a 100% detection rate for all attacks. This demonstrates that RALAD maintains high reliability and efficiency, even under various bus load conditions and attack rates.

Blockchain-enabled Secure Data Communication Protocols for 5G Networks

With the further expansion of 5G networks, a main priority continues to shift towards secure and efficient protocols for data transmission. Traditional 5G security mechanisms, such as 3GPP AKA protocols, have limitations in scalability, latency, and resilience against cyber threats, making them quite unsuitable for complex high-density 5G environments. This study proposes a Secure Blockchain-based Data Transmission Protocol (SBDTP) with the decentralized and tamper-resistant feature of blockchain, combined with a hybrid consensus mechanism driven by Proof of Stake (PoS) or Practical Byzantine Fault Tolerance (PBFT). In this respect, this study contributes to state-of-the-art research efforts in the field of enhancing data integrity, authentication, and confidentiality with reduced latency and energy consumption in 5G applications. Extensive simulations showed that SBDTP outperformed previous solutions by a large margin. This protocol reduces latency to 50-80 ms, increases throughput to 900 pps, allows up to 1000 nodes without performance degradation, and reduces energy consumption to 0.8 J per node. It also maintains a very close-to-perfection data integrity check rate of ~100% and a very minimal privacy loss rate of less than 1%, showing strong security that could serve well for real-time 5G applications such as IoT networks, autonomous vehicles, and smart cities. These results show that SBDTP offers an efficient and secure solution for data transmission over 5G networks, outperforming traditional and blockchain-based methods while fulfilling the tight requirements posed by next-generation networks. In the future, the protocol should be optimized for scalability, including further advanced privacy techniques to widen its adaptability to diverse 5G applications.

Pretty Good Privacy on Online Product Shopping

This paper surveys the integration of Pretty Good Privacy (PGP) encryption into e-commerce systems, focusing on the use of RSA and AES encryption algorithms. PGP provides a reliable mechanism for securing digital communication and transactions, and its combination of asymmetric (RSA) and symmetric (AES) encryption methods ensures data privacy, integrity, and authenticity. The paper reviews the principles of PGP, examines the encryption techniques involved, and explores their applications in securing online transactions in e-commerce platforms. Key Words: Pretty Good Privacy (PGP), RSA, AES, Product Authentication, Digital Signatures, Public Key Cryptography, E-commerce Security, Data Integrity, Online Shopping.

Orchestrating honeypot deployment in lightweight container platforms to improve security

A significant evolution has occurred in the architectural and infrastructural domains of web applications over the past several years. Monolithic systems are gradually being superseded by microservices-based architectures, which are now considered the de facto standard for web application development owing to their inherent portability, scalability, and ease of deployment. Concurrently, the prevalence of this architecture has rendered it susceptible to specialized cyberattacks. While honeypots have proven effective in the past for gathering real-world attack data and uncovering attacker methods, their growing popularity has made them a specific target for cyberattacks. Traditional honeypots lack the flexibility of microservices architecture. Honeypots have proven effective in gathering authentic attack data and analyzing attacker tactics. The core idea that honey traps help identify malicious packets with minimal effort to remove incorrect alerts is preserved. In addition to identifying and documenting specific attack methods used by intruders, this system helps thwart attacks by creating realistic simulations of the actual systems and applications within the network. This effectively slows down and confuses attackers by making it difficult for them to gain access to real devices. This paper presents a groundbreaking approach to honeypot management within cybersecurity, utilizing virtual clusters and a microservice architecture to significantly improve the effectiveness of threat detection. To conduct our research, we initially surveyed the internet to pinpoint container and container management systems operating on standard ports that might be susceptible to attacks. The monitoring of the instrumented approach generated a massive dataset, enabling researchers to make significant inferences about the behavior and goals of malevolent users. We advocate for the implementation of honeypots on lightweight distribution orchestration tools installed on Ubuntu servers, situated behind a meticulously crafted gateway and operating on standard port configurations. In light of the scan outcomes, we recommend the deployment of honeypot orchestration on streamlined distributions. To better protect your systems based on our scan results, we recommend implementing honeypot orchestration for easier deployment and management. By deploying honeypots on lightweight operating systems, you can optimize resource usage and improve performance while maintaining essential capabilities. These capabilities include monitoring attack patterns on vulnerable systems and analyzing the security measures implemented by those responsible for managing exposed systems.

Blockchain Empowered Quantum Safe Batch Aggregate Signature Algorithm for Authenticated Data Trading in Internet of Vehicles

ABSTRACTThis paper contains a quantum‐safe and efficient blockchain‐based data trading framework designed for the Internet of Vehicles (IoV). With the proliferation of connected vehicles, there is a growing need for quantum‐safe and trustworthy data sharing among vehicles, roadside infrastructure, and service providers. Due to Shor's algorithm, most of the existing traditional authenticated data delivery algorithms supporting blockchain will not work. The proposed framework supports blockchain's decentralized nature to ensure the authenticity of data and its transparency while minimizing the computational overhead to suit the distributed IoV communication environment. We have designed a blockchain‐based data trading framework for the IoV, utilizing practical Byzantine Fault Tolerance (pBFT) consensus to ensure authentic transactions. With respect to gaining consensus efficiency, the general Byzantine Fault Tolerant (BFT) framework uses an all‐to‐all message pattern to reach final decision block. To reduce the cost of communication complexity from to , aggregation of signatures has been used in the proposed blockchain consensus framework. Moreover, consensus mechanisms like Proof of Work (PoW) may not be applicable to IoV networking systems due to their comparatively high energy consumptions. This framework is scalable in terms of key generation time, and the storage complexity is less as compared to the storage complexity of the non‐aggregated signature methods. The proposed module lattice‐based aggregation of signatures offers approximately 58% faster rate of reading the blocks with respect to existing techniques. The consensus process benefits significantly from the implementation of aggregated signatures and verification, resulting in average energy consumption between 1.8% and 6.4%.

QHB-DA: A Quantum Hybrid Blockchain-Based Data Authenticity Framework for Supply Chain in Industry 4.0

QHB-DA: A Quantum Hybrid Blockchain-Based Data Authenticity Framework for Supply Chain in Industry 4.0

Image encryption algorithm combining semi-tensor product compressed sensing and double random-phase encoding

Abstract By combining semi-tensor product compressed sensing (STP-CS) and double random-phase encoding (DRPE) technology, this paper proposes an optical image encryption scheme with information authentication ability. Firstly, the phase information of the plaintext image is extracted by DRPE and quantized to generate the authentication information. Secondly, to compress the storage space and to realize the multiplication of different dimensional matrices, STP-CS is used to compress the plaintext image, and then the measurements are quantized by sigmoid map, and the quantized measurements are embedded into the authentication message. Finally, a random key stream is generated using a 2D infinite collapse map (2D-ICM) to generate chaotic sequences, and the embedding result is used to generate a ciphertext image by the permutation and XOR diffusion method. The receiver side can perform blind authentication of the ciphertext image during the inverse operation using a nonlinear cross-correlation method. The evaluation results indicate that our encryption scheme is more secure and effective.

Using Student Voice to Improve Schoolwide PBIS Implementation in Secondary Schools

Implementation of a culturally responsive positive behavioral interventions and supports (PBIS) framework is associated with positive outcomes for secondary students when implemented schoolwide. Yet, educators often report more implementation challenges in secondary school as compared to elementary school settings. Difficulties obtaining student buy-in may make PBIS implementation more challenging. Secondary student input on school climate and discipline systems could be an integral source of information for educators who are working to establish more effective behavioral support systems. Using authentic student voice data from an example secondary school, the authors provide a research-based approach to amplifying student voice and increasing student involvement in culturally responsive PBIS.

Experimental Assessment of OSNMA-Enabled GNSS Positioning in Interference-Affected RF Environments

This article investigates the performance of the Galileo Open Service Navigation Message Authentication (OSNMA) system in real-life environments prone to RF interference (RFI), jamming, and/or spoofing attacks. Considering the existing data that indicate a relatively high number of RFI- and spoofing-related incidents reported in Eastern Europe, this study details a data-collection campaign along various roads through urban, suburban, and rural settings, mostly in three border counties in East and South-East of Romania, and presents the results based on the data analysis. The key performance indicators are determined from the perspective of an end user relying only on Galileo OSNMA authenticated signals. The Galileo OSNMA signals were captured using one of the few commercially available GNSS receivers that can perform this OSNMA authentication algorithm incorporating the satellite signals. This work includes a presentation of the receiver’s operation and of the authentication results obtained during test runs that experienced an unusually high number of RFI-related incidents, followed by a detailed analysis of instances when such RFI impaired or fully prevented obtaining an authenticated position, velocity, and time (PVT) solution. The results indicate that Galileo OSNMA demonstrates significant robustness against interference in real-life RF-degraded environments, dealing with both accidental and intentional interference.

Development of Heuristic Strategy With Hybrid Encryption for Energy Efficient and Secure Data Storage Scheme in Blockchain‐Based Mobile Edge Computing

ABSTRACTInternet of Things (IoT) devices is extensively employed to collect physiological health data and provide diverse services to end‐users. Nevertheless, in recent applications, cloud computing‐based IoT proves beneficial for standard data storage and ensuring high‐security information sharing. Due to limitations in battery capacity, storage, and computing power, IoT devices are often considered resource‐constrained. Consequently, data signing by IoT devices, aimed at ensuring data integrity and authentication, typically demands significant computational resources. Unsafe data storage and high latency are considered as the major issues in the IoT‐based data storage mechanism for duplicating and misusing the information while it is stored in the cloud database. Hence, blockchain technologies are needed to provide high security over the stored data. Hence, the research aimed to implement an efficient blockchain‐based data storage system in mobile edge computing, safeguarding data from unauthorized access. In this approach, it contains four layers that are cloud layer, the entity layer, the block‐chain layer, and the edge computing layer. The user's data are stored in the optimal location in the entity layer, where the data storing location is find out using the proposed Hybrid Battle Royale with Archimedes Optimization Algorithm (HBRAOA). In the edge computing layer, an optimal key‐based homomorphic encryption algorithm using Elliptic Curve Cryptography (ECC) is introduced to encrypt data with the most optimal key, ensuring secure storage. This encryption method leverages the same HBRAOA to enhance the efficiency. Next, the digital signature is demonstrated to give the authorization of the user, and it is distributed to the blockchain layer. Thus, the indexes of the shared data are stored in the blockchain layer to avoid fault tolerance and tamper‐proofing. Finally, the cloud layer receives the valuable encrypted data, and the authenticated users with known encrypted keys are able to access the data by decrypting them. The result analysis shows that the performance of the developed model, which attains 27%, 98%, 35%, and 18% enhanced than Particle Swarm Optimization (PSO)‐ECC, Black Widow Optimization (BWO)‐ECC, Battle Royale Optimization (BRO)‐ECC and Archimedes Optimization Algorithm (AOA)‐ECC. The efficiency of the proposed blockchain‐based mobile edge computing scheme with the optimization strategy is validated by conducting several similarity measures over the conventional methods.

Hybrid Filtering for Student Major Recommendation: A Comparative Study

Choosing the right university major is an important decision for students, as delays or incorrect choices can harm their future careers and cause problems for academic departments. High dropout rates, which are frequently the result of poorly informed decisions, can be a considerable burden on faculty. This project aims to address these challenges by creating a recommendation system that provides individualized counsel to students based on their psychological profiles. A quantitative method was used, with questionnaires distributed to a large number of students. To verify the data's authenticity, replies were sought from students who were pleased with their selected majors rather than those who regretted their choices. The collected data formed the basis for a hybrid recommendation system that integrated Content-based Filtering and Collaborative Filtering methods. The system was then compared against standalone implementations of each filtering method to determine its usefulness in increasing suggestion accuracy. The results showed that the Hybrid Filtering strategy obtained a recommendation accuracy of 84.29%, outperforming Content-based Filtering at 81.43% and Collaborative Filtering at 78.57%. The proposed model is easy to implement in a school or a university, as long as the required data is available. Thus, the model can help a school or university to reduce dropout rates and boost academic outcomes.

A chaotic digital signature algorithm based on a dynamic substitution box

Given the large volumes of sensitive information transmitted over the Internet, digital signatures are essential for verifying message authenticity and integrity. A key challenge is minimizing computationally intensive operations, such as modular inverses, without compromising security. In this research, we propose the DSADH algorithm, which introduces a confusion step directly into the signature itself, rather than only applying it to the message, using a dynamic substitution box. It is generated with the number pi and changes with each signing. In addition, to enhance security, this work uses a 2048-bit prime, double the length frequently used. This proposal induces chaotic behavior in the signature, making it highly sensitive to any changes in the signer’s private key or message content, thereby enhancing authentication and integrity verification. Moreover, the proposed algorithm computes a single multiplicative modular inverse during verification and none during signing, unlike other approaches that require inverse computation in both stages. Since the required inverse is for the Diffie-Hellman session key, it always exists and can be precomputed per communication rather than per message. Consequently, DSADH is on average 45 times faster than DSA. Additionally, we introduce a method to assess signature security by constructing images from signature bytes generated by slight changes to the signer’s private key and message. Then, their chaotic behavior is evaluated with cryptographic metrics.

A blockchain-based self-adaptive collaboration mechanism for service-oriented manufacturing system

ABSTRACT The service-oriented manufacturing system, based on the cloud manufacturing platform, is adversely affected by factors such as diverse entities, geographical dispersion, and distributed collaboration. The system faces challenges like a lack of trust among entities and operational process uncertainty, thereby significantly reducing service collaboration efficiency. Blockchain, a promising technology in the information era, can address these issues by enhancing the authenticity of service data and trust among entities. In this paper, a blockchain-based operational mode is proposed to establish a completely trustworthy manufacturing environment. The potential abnormal events during collaborative service processes and their impacts are illustrated. According to these analyses, a self-adaptive service collaboration process is designed utilizing the blockchain, and a trust-based service collaboration model involving multiple entities is developed to enhance the system adjustment efficiency. This model, integrated with the solving algorithm, is deployed in smart contracts for automatic adjustment of service entities. An experimental study is conducted to verify the effectiveness of the proposed self-adaptive collaboration process and adjustment model. The results show that the proposed method can effectively boost the efficiency of the service-oriented manufacturing system.

HELP: Everlasting Privacy through Server-Aided Randomness

Everlasting (EL) privacy offers an attractive solution to the Store-Now-Decrypt-Later (SNDL) problem, where future increases in the attacker's capability could break systems which are believed to be secure today. Instead of requiring full information-theoretic security, everlasting privacy allows computationally-secure transmissions of ephemeral secrets, which are only "effective" for a limited periods of time, after which their compromise is provably useless for the SNDL attacker. In this work we revisit such everlasting privacy model of Dodis and Yeo (ITC'21), which we call Hypervisor EverLasting Privacy (HELP). HELP is a novel architecture for generating shared randomness using a network of semi-trusted servers (or "hypervisors"), trading the need to store/distribute large shared secrets with the assumptions that it is hard to: (a) simultaneously compromise too many publicly accessible ad-hoc servers; and (b) break a computationally-secure encryption scheme very quickly. While Dodis and Yeo presented good HELP solutions in the asymptotic sense, their solutions were concretely expensive and used heavy tools (like large finite fields or gigantic Toeplitz matrices). We abstract and generalize the HELP architecture to allow for more efficient instantiations, and construct several concretely efficient HELP solutions. Our solutions use elementary cryptographic operations, such as hashing and message authentication. We also prove a very strong composition theorem showing that our EL architecture can use any message transmission method which is computationally-secure in the Universal Composability (UC) framework. This is the first positive composition result for everlasting privacy, which was otherwise known to suffer from many "non-composition" results (Müller-Quade and Unruh; J of Cryptology'10).

Authenticity in the Presence of Leakage using a Forkcipher

Robust message authentication codes (MACs) and authenticated encryption (AE) schemes that provide authenticity in the presence of side-channel leakage are essential primitives. These constructions often rely on primitives designed for strong leakage protection, among others including the use of strong-unpredictable (tweakable) block-ciphers. This paper extends the strong-unpredictability security definition to the versatile and new forkcipher primitive. We show how to construct secure and efficient MAC and AEs that guarantee authenticity in the presence of leakage. We present a leakage-resistant MAC, ForkMAC, and two leakage-resistant AE schemes, ForkDTE1 and ForkDTE2, which use forkciphers instead of traditional secure (tweakable) block-ciphers as compared to the prior art. We prove and analyze their security in the presence of leakage based on a strong unpredictable forkcipher. A comparison with the state-of-the-art in terms of both security and efficiency is included in the paper. Key advantages and highlights promoted by the proposed constructions are that for the minimal assumptions they require, unpredictability with leakage-based security, the tag-generation of ForkMAC is the most efficient among leakage-resilient MAC proposals, like the block cipher based HBC. ForkDTE1 and 2 have a more efficient encryption than any other scheme, achieving integrity with leakage (and also providing misuse-resistance).

Securing and Enhancing Productivity of BYOD In Classrooms at Schools

The Bring Your Own Device (BYOD) model is increasingly adopted in educational settings, offering flexibility and personalized learning experiences for students. Despite its advantages, BYOD also presents challenges related to security vulnerabilities and varying levels of student productivity. This paper proposes a web portal solution aimed at addressing these dual challenges in BYOD classrooms. The portal integrates advanced security protocols, such as multi-factor authentication and encrypted data transmission, to safeguard sensitive information and network integrity. Additionally, it incorporates productivity-enhancing tools, including collaborative workspaces and assignment management systems, tailored to optimize student engagement and learning outcomes. Through the analysis of a case study involving the implementation of the portal in a local school district, the paper demonstrates significant improvements in both security measures and student productivity. This research contributes to the ongoing discourse on effectively managing technology in educational environments, providing practical insights for educators and IT professionals working with BYOD systems. Index Terms – “BYOD (Bring Your Own Device), Educational Technology, Classroom Security, Cybersecurity in Education, Productivity Tools, Web Portal Solutions, Student Engagement, Digital Learning Environments, Network Security, Collaborative Learning Tools.”.

Feasibility Study of Location Authentication for IoT Data Using Power Grid Signatures

Feasibility Study of Location Authentication for IoT Data Using Power Grid Signatures

Optimizing Traffic Flow and Enhancing Security in Cooperative Intelligent Transportation Systems Using NGSIM

Cooperative Intelligent Transportation Systems (C-ITS) cannot work effectively if they do not have both efficient traffic management and solid security. We put forward in this paper an original framework that takes advantage of the Next Generation Simulation (NGSIM) dataset to improve traffic flow and system security by identifying False Data Injection Attacks (FDIA). By applying leading machine learning algorithms to authentic traffic data, we generate models that support improved vehicle coordination as well as provide assistance with security vulnerabilities in C-ITS systems. We are concentrating our method on the optimization of traffic dynamics by making intelligent decisions, while keeping the system secure from malicious cyber attacks. Analyses of the NGSIM data revealed that our proposed approaches produced important advancements in traffic flow efficiency and the accuracy of anomaly detection. Results prove that our framework minimizes congestion and concurrently enhances the reliability and security of collaborative vehicle systems. This investigation proposes a practical approach for fusing traffic optimization with cybersecurity, improving smart city evolution and the future of autonomous vehicles and vehicle connectivity.

GPT wars: Creating and detecting fake ophthalmology data sets with artificial intelligence

Aims/Purpose: Recently, our group demonstrated how the Large Language Model GPT‐4 can fabricate fake ophthalmology data sets, designed to support false scientific evidence. The objectives of this study were: (1) to identify peculiar statistical patterns of AI‐generated data sets, (2) to attempt at enhancing the quality of fabricated data for eliminating any discernible mark of non‐authenticity, and (3) to develop a custom GPT trained to detect signs of fabrication.Methods: Three fictional studies were designed to compare treatment outcomes for a specific ocular disease. First, prompts were submitted to the custom GPT “Data Analyst” to produce 12 “unrefined” fake data sets for the three studies. Then, the custom GPT “Fake Data Creator” was developed to generate 12 “refined” fake data sets, specifically designed to evade authenticity checks. Forensic analysis was performed on all data sets using IBM SPSS. Finally, the custom GPT “Fake Data Detector” (FDD) was developed to replicate the forensic analysis and assign 1 point for each sign of fabrication.Results: Forensic analysis of the unrefined fake data sets revealed numerous flaws, most notably: name/gender mismatch (n = 12), non‐uniform distribution (n = 11) and repetitive patterns of last digits (n = 7), absence of correlation between study variables (n = 12), and distribution shape anomalies (n = 11). In refined fake data sets, the forensic analysis did not reveal statistical flaws, except for distribution shape anomalies (n = 7). Overall, 5 refined fake data sets (41.7%) passed forensic analysis as authentic. The results of the statistical analyses performed by GPT FDD were identical to those obtained with IBM SPSS, with a mean of 9.67±2.13 (95% IC 8.46‐10.87) and 1.00±1.00 (95% IC 0.43‐1.57) points respectively allocated to unrefined and refined data sets.Conclusions: Sufficiently sophisticated custom GPTs can perform complex statistical tasks and may be abused to fabricate seemingly authentic ophthalmology data sets, passing forensic analysis.References Taloni A, Scorcia V, Giannaccare G. Large Language Model Advanced Data Analysis Abuse to Create a Fake Data Set in Medical Research. JAMA Ophthalmol. 2023; 141(12):1174–1175. doi:10.1001/jamaophthalmol.2023.5162

GPT wars: Creating and detecting fake ophthalmology data sets with artificial intelligence

Aims/Purpose: Recently, our group demonstrated how the Large Language Model GPT‐4 can fabricate fake ophthalmology data sets, designed to support false scientific evidence. The objectives of this study were: (1) to identify peculiar statistical patterns of AI‐generated data sets, (2) to attempt at enhancing the quality of fabricated data for eliminating any discernible mark of non‐authenticity, and (3) to develop a custom GPT trained to detect signs of fabrication.Methods: Three fictional studies were designed to compare treatment outcomes for a specific ocular disease. First, prompts were submitted to the custom GPT “Data Analyst” to produce 12 “unrefined” fake data sets for the three studies. Then, the custom GPT “Fake Data Creator” was developed to generate 12 “refined” fake data sets, specifically designed to evade authenticity checks. Forensic analysis was performed on all data sets using IBM SPSS. Finally, the custom GPT “Fake Data Detector” (FDD) was developed to replicate the forensic analysis and assign 1 point for each sign of fabrication.Results: Forensic analysis of the unrefined fake data sets revealed numerous flaws, most notably: name/gender mismatch (n = 12), non‐uniform distribution (n = 11) and repetitive patterns of last digits (n = 7), absence of correlation between study variables (n = 12), and distribution shape anomalies (n = 11). In refined fake data sets, the forensic analysis did not reveal statistical flaws, except for distribution shape anomalies (n = 7). Overall, 5 refined fake data sets (41.7%) passed forensic analysis as authentic. The results of the statistical analyses performed by GPT FDD were identical to those obtained with IBM SPSS, with a mean of 9.67 ± 2.13 (95% IC 8.46‐10.87) and 1.00 ± 1.00 (95% IC 0.43‐1.57) points respectively allocated to unrefined and refined data sets.Conclusions: Sufficiently sophisticated custom GPTs can perform complex statistical tasks and may be abused to fabricate seemingly authentic ophthalmology data sets, passing forensic analysis.References Taloni A, Scorcia V, Giannaccare G. Large Language Model Advanced Data Analysis Abuse to Create a Fake Data Set in Medical Research. JAMA Ophthalmol. 2023; 141(12): 1174–1175. doi: 10.1001/jamaophthalmol.2023.5162