Security Implementation Research Articles

Higher-Order Time Sharing Masking

At CHES 2024, Time Sharing Masking (TSM) was introduced as a novel low-latency masking technique for hardware circuits. TSM offers area and randomness efficiency, as well as glitch-extended PINI security, but it is limited to first-order security. We address this limitation and generalize TSM to higher-order security while maintaining all of TSM’s advantages. Additionally, we propose an area-latency tradeoff. We prove HO-TSM glitch-extended PINI security and successfully evaluate our circuits using formal verification tools. Furthermore, we demonstrate area- and latency-efficient implementations of the AES S-box, which do not exhibit leakage in TVLA on FPGA. Our proposed tradeoff enables a first-order secure implementation of a complete AES-128 encryption core with 92 kGE, 920 random bits per round, and 20 cycles of latency, which does not exhibit leakage in TVLA on FPGA.

Audio encryption using polarized light beam

In recent years, the security of audio data has become paramount in terms of personal information, national security, and forensic evidence. However, most reported systems use digital algorithms and lack their implementation in the optical domain, which can provide better security due to the use of physical keys and high speed. In addition, recently developed phase-encoded audio encryption schemes in the optical domain have quality limitations due to precise wavefront measurement and control. Perfect experimental alignment to achieve good quality retrieved data is very challenging, due to which no optical implementation of voice security has been reported. This work introduces a robust audio encryption scheme using the polarization property of a light beam. Initially, one-dimensional (1D) audio combined with a random dataset acts as an encryption key and converts it to 1D cipher audio, which is transformed into a two-dimensional (2D) cipher-audio map. Subsequently, this is fragmented into several 2D segments, which are then encoded into the light beam using binary polarization states. An arbitrary sequence is maintained during encoding of the 2D segments into binary polarization states. The demonstrated technique is a non-interferometric method, and the decryption can be achieved through intensity recording only.

Enhancement and implementation of network infrastructure and security of general Miguel Malvar elementary school

Enhancement and implementation of network infrastructure and security of general Miguel Malvar elementary school

Optimizing Security of Radio Frequency Identification Systems in Assistive Devices: A Novel Unidirectional Systolic Design for Dickson-Based Field Multiplier

The emergence of the Internet of Things (IoT) technologies has greatly enhanced the lives of individuals with disabilities by leveraging radio frequency identification (RFID) systems to improve autonomy and access to essential services. However, these advancements also pose significant security risks, particularly through side-channel attacks that exploit weaknesses in the design and operation of RFID tags and readers, potentially jeopardizing sensitive information. To combat these threats, several solutions have been proposed, including advanced cryptographic protocols built on cryptographic algorithms such as elliptic curve cryptography. While these protocols offer strong protection and help minimize data leakage, they often require substantial computational resources, making them impractical for low-cost RFID tags. Therefore, it is essential to focus on the efficient implementation of cryptographic algorithms, which are fundamental to most encryption systems. Cryptographic algorithms primarily depend on various finite field operations, including field multiplication, field inversion, and field division. Among these operations, field multiplication is especially crucial, as it forms the foundation for executing other field operations, making it vital for the overall performance and security of the cryptographic framework. The method of implementing field multiplication operation significantly influences the system’s resilience against side-channel attacks; for instance, implementation using unidirectional systolic array structures can provide enhanced error detection capabilities, improving resistance to side-channel attacks compared to traditional bidirectional multipliers. Therefore, this research aims to develop a novel unidirectional systolic array structure for the Dickson basis multiplier, which is anticipated to achieve lower space and power consumption, facilitating the efficient and secure implementation of computationally intensive cryptographic algorithms in RFID systems with limited resources. This advancement is crucial as RFID technology becomes increasingly integrated into various IoT applications for individuals with disabilities, including secure identification and access control.

An SSI-Based Solution to Support Lawful Interception

Lawful Interception refers to the acquisition of the contents of communications between private individuals or organizations by subjects authorized by law. It involves three actors: the network operator (NO), the Law Enforcement Agency (LEA), and the Law Enforcement Monitoring Facility (LEMF). In the literature, standards and scientific solutions are proposed for the interception procedure and the interaction between the NO and the LEMF. However, no standard has been proposed for the interaction between the LEMF and the LEA. The absence of standards for controlling LEA (or a delegated agency) access to intercepted contents stored by the LEMF is a significant gap that should be overcome. This prevents the implementation of secure, interoperable, and automated procedures, leading to inefficiencies and security risks. In this paper, we propose to cover the above gap by adopting the Self-Sovereign Identity (SSI) paradigm. The adopted research methodology follows a multi-phase approach that includes studying existing solutions, system design, and technical feasibility testing. The study first examines existing standards and identity management frameworks and their limitations. Next, an SSI-based architecture is proposed to manage the interactions between LEA (or a delegated agency) and LEMF. Finally, a proof of concept of the proposed solution written in Python and using the Hyperledger Indy blockchain has been implemented to assess whether our proposal is technically feasible. The proposed solution enhances automation, security, and interoperability in lawful interception. Indeed, it enables machine-readable authorizations, reducing errors and improving efficiency by eliminating manual operations. Additionally, verifiable credentials and decentralized identifiers strengthen security and standardize interactions across jurisdictions, ensuring privacy-preserving identity management. By standardizing interactions between LEA and LEMF, this research contributes to a more secure, privacy-preserving, and legally compliant lawful interception process.

Anti-money laundering law strengthened on the implementation of carbon tax in Indonesia

Purpose This study aims to evaluate the efficacy of a comprehensive anti-money laundering framework in implementing the carbon tax in Indonesia. Design/methodology/approach This paper is a conceptual paper that uses a qualitative method. The primary sources are the regulations related to the carbon tax, followed by sets of rules for Indonesian anti-money laundering and green crime, among other things, environmental crime. Then, it continued to an analysis process until it concluded. Findings The money laundering scheme in the context of the carbon tax is challenging to trace and requires strengthening when integrated with other state revenue sources. Research limitations/implications Implementing a carbon tax is linked to money laundering risks, as it allows carbon buying and selling transactions on the carbon market. There could be a risk of state revenue leakage when implementing the carbon tax. Other than that, there are crime risks surrounding implementing the carbon tax. Therefore, other scholars can do research in the field of the compliance of the responsible parties when implementing a carbon tax. Practical implications Criminals are suspected of laundering money by purchasing carbon credits through brokers and reselling them, which obscures illicit sources and makes tracking difficult. Originality/value Indonesia should elaborate on anti-money laundering principles to ensure the secure implementation of the carbon tax in all areas and maintain financial system integrity.

Securing Cloud-Native Applications: A Comprehensive Guide to Modern Challenges and Solutions

Cloud-native architecture has fundamentally transformed enterprise technology landscapes, introducing complex security challenges that traditional approaches struggle to address. This technical article examines the evolution of cloud-native security, focusing on container vulnerabilities, service mesh complexity, and resource configuration management. The article explores emerging solutions, including zero-trust architectures, automated security controls, and advanced observability frameworks. Through analysis of implementation case studies and industry research, the article demonstrates the effectiveness of AI-driven security automation, continuous monitoring, and integrated security practices in modern cloud environments. The article highlights the critical importance of comprehensive security frameworks specifically designed for cloud-native architecture while providing actionable insights for organizations transitioning to advanced security implementations.

Performance Evaluation of Post-Quantum Cryptography: A Comprehensive Framework for Experimental Analysis

Post-quantum cryptography (PQC) is a critical area of research aimed at addressing the threat quantum computing poses to traditional cryptographic systems. It focuses on evaluating the efficiency, security, and practical performance of PQC algorithms through experimental analysis. This research supports the development of optimized cryptographic solutions, contributes to standardization efforts, and ensures secure and efficient implementations for a wide range of applications. Despite progress in PQC, gaps still exist in practical performance evaluations, particularly in resource-constrained environments. There is a lack of standardized comparisons, hindering the selection of suitable algorithms for specific use cases like IoT and cloud systems. Furthermore, research on scalability, integration challenges, and the trade-offs between security and efficiency remains insufficient. The methodology involves creating a comprehensive framework to evaluate various PQC algorithms, including lattice-based (e.g., Kyber, Dilithium), code-based (e.g., McEliece), and hash-based (e.g., SPHINCS+). These algorithms will be tested in diverse environments, from resource-constrained devices to high-performance infrastructures such as cloud platforms. Key metrics such as encryption/decryption speed, key sizes, memory usage, and computational efficiency will be measured, focusing on the trade-offs between security, efficiency, and scalability. The results will be benchmarked against standardized metrics to provide a clear understanding of each algorithm's suitability for real-world deployment. The findings indicate that lattice-based algorithms like Kyber offer a strong balance between security and efficiency but require considerable computational resources. Code-based algorithms like McEliece are highly secure but come with large key sizes and slower speeds. Hash-based schemes like SPHINCS+ provide strong security but are computationally expensive, making them less suitable for resource-limited systems. The highlights the importance of optimizing PQC algorithms according to specific application requirements, where the choice of algorithm must balance security, efficiency, and resource constraints, with continuous optimization needed to address evolving real-world demands.

A Compact and Parallel Swap-Based Shuffler Based on Butterfly Network and Its Complexity Against Side Channel Analysis

A prominent countermeasure against side-channel attacks, the hiding countermeasure , typically involves shuffling operations using a permutation algorithm. This is especially crucial in the era of Post-Quantum Cryptography, where computational characteristics of lattice and code-based cryptography heighten the need for robust defenses. In this context, securely and efficiently generating permutations is critical for an algorithm’s overall security and performance. Among the various approaches, the Fisher-Yates shuffle is widely adopted due to its security and ease of implementation. However, it is limited by a complexity of \(\mathcal {O}(N) \) due to its sequential nature. In response, we propose a time-area trade-off swap algorithm, \(\mathsf {FSS} \) , that leverages a Butterfly Network structure, achieving only log ( N ) depth, log ( N ) work, and \(\mathcal {O}(1) \) operation time in parallel. Our analysis calculates the maximum gain an attacker can achieve through butterfly operations with log ( N ) depth, from a side-channel analysis perspective. Notably, we derive a generalized formula for the attack complexity of higher-order side-channel attacks for arbitrary input sizes, utilizing the fractal structure of the butterfly network. Moreover, our research demonstrates the efficiency and security of this permutation approach across different platforms. We include practical implementation results on ASIC, as well as on CPU and GPU architectures, which underscore the algorithm’s performance advantages and robustness across diverse hardware environments. Through this exploration, we show that efficient and secure permutations can indeed be achieved with minimal randomness requirements.

Proactive Security for the Industrial IoT Networks in the AI Era: A Framework for Continuous Threat Exposure Management

This article investigates the convergence of Industrial Internet of Things (IIoT) technologies and Artificial Intelligence (AI), exploring the evolving landscape of AI-powered attacks and the critical need for proactive security measures. To mitigate these risks, this paper proposes a multi-faceted security approach that combines traditional security techniques with AI-driven solutions. Focusing on Continuous Threat Exposure Management (CTEM) and Attack Surface Management (ASM), and emphasizing real-time threat detection, automated response mechanisms, and a robust human-AI collaboration model, the study explores a paradigm shift from reactive to proactive security measures in response to the evolving cyber threats facing modern industrial environments. Through an in-depth analysis of successful security implementations across diverse industrial sectors, this research demonstrates the efficacy of integrating AI-driven security measures with existing infrastructure. By proactively addressing these challenges, organizations can harness the power of AI to safeguard their digital assets and ensure the integrity of their operations.

Implementation of Secure and Verifiable Access Control Procedures using the NTRU Cryptosystem to Store Big Data in the Cloud Environment

Background: Due to their complexity and size, deploying ciphertexts for clouds is considered the most useful approach to accessing large data stores. Method: However, access to a user's access legitimacy and improving a decrypted text on the cloud depending on an improved access policy (AP) specified by the data owner are the key challenges for making large data storage realistic and effective in clouds. The traditional ways either totally remove the problem of AP development or offer renewal to arbiter power, but in real-time, enhancing the AP is essential to maximising security and handling agility. Results: In this paper, a safe and verifiable access control program characterised by the NTRU cryptographic system for large storage of data in the clouds is proposed. Primarily, an improved NTRU decryption protocol to deal with the decryption failures of the prime NTRU is established, and in addition, the program is analysed for its security strength and computational performance. When a new AP is specified by the data owner, the cloud server allows the program to improve ciphertext and allows the owner to verify the upgrade to oppose the cloud's fraudulent behaviour. Conclusion: It enables (i) checking the user's legitimacy to access the data owner and qualified users, and (ii) allowing the user to verify the data provided by other users for the recovery of the right user. Strong analysis can prevent and block delinquency from various attacks, namely the collusion attack that could potentially target fraud users.

Navigating Climate Change: Exploring the Dynamics Between Plant-Soil Microbiomes and Their Impact on Plant Growth and Productivity.

Understanding the intricate interplay between plant and soil microbiomes and their effects on plant growth and productivity is vital in a rapidly changing climate. This review explores the interconnected impacts of climate change on plant-soil microbiomes and their profound effects on agricultural productivity. The ongoing rise in global temperatures, shifting precipitation patterns and extreme weather events significantly affect the composition and function of microbial communities in the rhizosphere. Changes in microbial diversity and activity due to rising temperatures impact nutrient cycling, microbial enzyme synthesis, soil health and pest and disease management. These changes also influence the dynamics of soil microbe communities and their capability to promote plant health. As the climate changes, plants' adaptive capacity and microbial partners become increasingly crucial for sustaining agriculture. Mitigating the adverse effects of climate change on plant growth and agricultural productivity requires a comprehensive understanding of the interconnected mechanisms driving these processes. It highlights various strategies for mitigating and adapting to environmental challenges, including soil management, stress-tolerant crops, cover cropping, sustainable land and water management, crop rotation, organic amendments and the development of climate-resilient crop varieties. It emphasises the need for further exploration of plant-soil microbiomes within the broader context of climate change. Promising mitigation strategies, including precision agriculture and targeted microbiome modifications, offer valuable pathways for future research and practical implementation of global food security and climate change.

Comprehensive Guide to AI Software Design: From Conception to Implementation

This technical article presents a comprehensive examination of artificial intelligence software development, covering design principles, implementation strategies, and deployment practices. The article explores the convergence of traditional software engineering with advanced AI methodologies, addressing critical aspects including intelligence gathering, business process integration, and technology selection frameworks. The article delves into domain-specific applications across healthcare, financial services, and retail sectors while analyzing technical considerations in machine learning infrastructure, natural language processing, and computer vision systems. The article further examines bias mitigation strategies, system limitations, and best practices for production deployment, offering insights into monitoring, security, and scalability considerations for AI implementations.

A Discussion on Potential Integration of Quantum Encription with Super Artificial Intelligence

This study delves into the possible integration of super artificial intelligence (SAI) with quantum encryption, a revolutionary technology that harnesses the principles of quantum mechanics to secure sensitive information. While quantum encryption promises unparalleled security through mechanisms like quantum key distribution (QKD) and quantum entanglement, it also faces substantial challenges. These include susceptibility to noise, scalability limitations, high implementation costs, and public trust issues. With the advent of quantum computing, traditional encryption methods are becoming increasingly vulnerable, creating an urgent need for quantum-resistant solutions. The study proposes that SAI, when integrated with quantum encryption, has the potential to enhance security, but also introduces novel risks such as security breaches, bias, and transparency issues. By analyzing these risks and benefits, the study aims to develop mitigation strategies to optimize the advantages of this integration. Through a thorough exploration of quantum encryption's conceptual and theoretical foundations, the study examines critical tools, methodologies, and variables, offering insights into future market trends and economic impacts. The research further proposes a function modelling to quantify the success probability of secure key establishment within quantum encryption protocols. Ultimately, this study contributes to advancing the understanding of the risks and opportunities surrounding the fusion of SAI and quantum encryption, providing valuable recommendations for secure and scalable implementation in various industries.

An In-Depth Approach to Strengthening Security in Open-Access Libraries Utilizing JSON Web Tokens (JWT)

In response to growing security concerns in software development, this study introduces an open-access library designed to enhance authentication systems using JSON Web Tokens (JWT). This research addresses critical challenges in integrating secure authentication mechanisms by developing a new, scalable, user-friendly library focused on security and ease of implementation. The library incorporates JWT rotation, Redis integration, and customizable validation to ensure robust, adaptable security for developers. Utilizing an agile, Extreme Programming (XP) methodology, the library was iteratively tested and optimized based on real-world developer feedback. The result of the new library shows improved usability, flexibility, and token management efficiency, demonstrating the effectiveness in supporting secure authentication practices compared to the state-of-the-art libraries. The new library is offering a practical, open-source solution to strengthen authentication systems in modern web applications, advancing the accessibility of secure, reliable software development tools.

Modernizing law enforcement: A technical deep dive into distributed case management systems

This article presents a comprehensive technical analysis of Distributed Case Management Systems (DCMS) in modern law enforcement operations. The article examines how these systems address the challenges of processing exponentially growing digital evidence, which has increased by 312% since 2019. Through implementation of microservices architecture and advanced caching strategies, DCMS demonstrates significant improvements in evidence processing efficiency, achieving 83% faster analysis times and improving accuracy rates from 67% to 94%. The article details the system's architectural components, including real-time collaboration frameworks processing 2.8 million queries per second and security implementations maintaining NIST 800-53 compliance. Performance metrics indicate a 79% increase in cross-jurisdictional case resolutions and 71% reduction in evidence verification times. The article also explores emerging technologies integration, including quantum-resistant encryption and blockchain-based evidence integrity systems processing 12.5 million transactions monthly.

Secure software development: leveraging application call graphs to detect security vulnerabilities.

The inconsistency in software development standards frequently leads to vulnerabilities that can jeopardize an application's cryptographic integrity. This situation can result in incomplete or flawed encryption processes. Vulnerabilities may manifest as missing, bypassed, or improperly executed encryption functions or the absence of critical cryptographic mechanisms, which eventually weaken security goals. This article introduces a thorough method for detecting vulnerabilities using dynamic and static analysis, focusing on a cryptographic function dominance tree. This strategy systematically minimizes the likelihood of integrity breaches in cryptographic applications. A layered and modular model is developed to maintain integrity by mapping the entire flow of cryptographic function calls across various components. The cryptographic function call graph and dominance tree are extracted and subsequently analyzed using an integrated dynamic and static technique. The extracted information undergoes strict evaluation against the anticipated function call sequence in the relevant cryptographic module to identify and localize potential security issues. Experimental findings demonstrate that the proposed method considerably enhances the accuracy and comprehensiveness of vulnerability detection in cryptographic applications, improving implementation security and resilience against misuse vulnerabilities.

Implementasi Jaringan VPN Site-to-Site dan Protocol OSPF Menggunakan Cisco di Sekolah Bina Bangsa

The development of technology is currently very rapid. The need for information is critical, especially in work, this need continues to grow along with users who want fast, safe, and efficient information. Sekolah Bina Bangsa is not directly connected to the network so it is very vulnerable to data leaks and can be considered less secure, so it is necessary to implement VPN (Virtual Private Network) technology. With VPN (Virtual Private Network), data delivery can be more secure because of the encryption method provided by this VPN technology. The OSPF (Open Shortest Path First) protocol is a technology that is applied to help reduce bandwidth in network usage because this protocol can determine the best path in choosing a network route, so it is expected to reduce the existing bandwidth. To prevent foreign devices that are not registered in the network system at school, the author proposes the implementation of Switch-port Security with a violation shutdown configuration. With this configuration, if a foreign device accesses the school network, it will automatically be shut down. Thus, by implementing the existing network system at Bina Bangsa School, it is hoped that data transmission between the Kebon Jeruk Campus and PIK can be carried out safely, can reduce bandwidth in the network, and also the internal network cannot be accessed carelessly by outsiders who are not registered in the network system at Bina Bangsa School.

ANÁLISE DO PROCESSO DE IMPLEMENTAÇÃO DE UM SISTEMA DE GESTÃO DA SEGURANÇA DA INFORMAÇÃO COM BASE NA ISO/IEC 27001

The theme of this research is the implementation of an Information Security Management System (ISMS) based on the ISO/IEC 27001 standard in an information technology organization. The main objective was to analyze the ISMS implementation process, addressing the stages of the PDCA cycle (Plan, Do, Check, Act) and the challenges faced by the organization. The methodology adopted was qualitative and exploratory, using case study, participant observation and document analysis to identify assets, assess risks and implement security controls. The main results showed significant improvements in information security governance, with increased resilience against cyber threats, strengthening customer confidence and optimizing internal processes. The risk matrix and the risk treatment plan stood out as effective tools in prioritizing corrective actions and allocating resources. It is concluded that, although formal ISO/IEC 27001 certification has not yet been obtained, the implementation of the ISMS has resulted in notable advances in the protection of information assets, contributing to regulatory compliance and a security-oriented organizational culture. The study offers practical insights for organizations seeking to improve their information security management strategies.

Practical security of twin-field quantum key distribution with optical phase-locked loop under wavelength-switching attack

The twin-field class quantum key distribution (TF-class QKD) has experimentally demonstrated the ability to surpass the fundamental rate-distance limit without requiring a quantum repeater, as a revolutional milestone. In TF-class QKD implementation, an optical phase-locked loop (OPLL) structure is commonly employed to generate a reference light with correlated phase, ensuring coherence of optical fields between Alice and Bob. In this configuration, the reference light, typically located in the untrusted station Charlie, solely provides wavelength reference for OPLL and does not participate in quantum-state encoding. However, the reference light may open a door for Eve to enter the source stations that are supposed to be well protected. Here, by identifying vulnerabilities of an acousto-optic modulator (AOM) in the OPLL scheme, we propose and demonstrate a wavelength-switching attack on a TF-class QKD system. This attack involves Eve deliberately manipulating the wavelength of the reference light to increase mean photon number of prepared quantum states, while maintaining stable interference between Alice and Bob as required by TF-class QKD protocols. The maximum observed increase in mean photon number is 8.7%, which has been theoretically proven to compromise the security of a TF-class QKD system. Moreover, we have shown that with well calibration of the modulators, the attack can be eliminated. Through this study, we highlight the importance of system calibration in the practical security in TF-class QKD implementation.