Autonomous vehicle (AV) networks require secure and efficient data processing under strict latency and resource constraints. This paper proposes a secure, lightweight edge-centric framework, SLEVA-AV, for Internet of Things (IoT)-enabled autonomous vehicle communication. The framework integrates multi-modal sensor data processing, lightweight key management, multi-stage encryption, and integrity verification within a unified pipeline. A key derivation function (KDF) is employed to generate session keys using contextual parameters, enabling efficient re-keying during vehicular mobility without repeated handshake overhead. The encryption process combines PRESENT, SPECK, and lightweight encryption algorithm (LEA) ciphers to enhance cryptographic strength, while SHA-256 ensures data integrity. The proposed system is implemented using a CARLA-based simulation environment and validated through CrypTool 2-based cryptographic analysis. Performance evaluation over 10,000 samples demonstrates low latency (0.039–0.794 s), reduced energy consumption (0.0196–0.0589 J), and negligible key management overhead. Comparative analysis with recent state-of-the-art approaches shows improved scalability and efficiency. Security validation through attack simulations demonstrates resistance against brute-force (2336 key space), differential (2−185), replay, and tampering attacks, achieving 100% detection accuracy. The results indicate that the proposed framework strikes a balanced trade-off among security strength, computational efficiency, and real-time performance, and it is suitable for deployment in IoT environments with high mobility and dynamic edge connectivity.

The integration of communication technologies has made authentication a crucial security element in the cyberphysical power system (CPPS) scenario. Since it offers a range of security services, such as credentials privacy, session-key (SK) security, and safe mutual authentication, authentication plays a significant role in the CPPS context. In this article, the threat of quantum attacks to the security of CPPS is analyzed. The attacks are developed based on the principles of quantum computing, and they can easily compromise SK security under the wellaccepted traditional difficulty problems of discrete logarithms and large integer factorization. A new efficient and secure authenticated post-quantum key agreement scheme is proposed for CPPS, leveraging ring learning with errors (RLWE) problem to achieve the security functionalities, for example, SK security. In the RLWE problem, a number-theoretic transform method is investigated to improve the efficiency of the proposed scheme. Moreover, the Indistinguishability under Chosen Ciphertext Attack security of the proposed scheme in this paper is formally proven in the random oracle model through the construction of a security game. Furthermore, security analysis shows the proposed scheme can ensure data confidentiality, SK security, forward secrecy, resistance to eavesdropping attacks, and quantum attack resistance under the RLWE problem. The proposed scheme reduces the computation and communication overheads for CPPS devices. Additionally, the proposed scheme offers more security functionalities than the existing schemes. Cite this article as: X. Li, Y. Zhu, X. Yuan, Z. Zhou and C. Jiang, “Secure authenticated post-quantum key agreement scheme based on ring learning with errors for cyber-physical power system,” Electrica, 2026, 26, 0182, doi: 10.5152/electrica.2026.25182.

In emerging environments such as cloud computing and the Internet of Things (IoT), secure authentication and key negotiation play a crucial role in protecting data transmitted over public networks. However, many existing authentication protocols are still designed based on classical public-key cryptography primitives, and quantum computing may threaten their security. To address this challenge, we propose a post-quantum authentication and key agreement protocol that uses the lattice-based Kyber key encapsulation mechanism (KEM). Our proposed protocol integrates cryptographic authentication, smart card protection, and post-quantum key encapsulation mechanisms, enabling mutual authentication between users and servers and securely establishing session keys. The security of the protocol is formally analyzed in the Real-or-Random (ROR) model under the random oracle assumption and the IND-CCA security of the underlying KEM scheme. Furthermore, through informal security analysis, we have further demonstrated that the protocol possesses important security properties, including anonymity, untraceability, perfect forward confidentiality, and resistance to known attacks. In addition, the computational cost and communication overhead of the proposed scheme are evaluated and compared with several representative authentication protocols. The results show that the proposed protocol can provide strong security while maintaining low computational cost and communication overhead.

Body area networks (BANs) require secure intra-body communication, yet sensor nodes are too resource-constrained for conventional public-key cryptography, and pre-shared key schemes conflict with plug-and-play clinical workflows. This paper introduces PhysioKey, a TinyML-based key agreement framework that derives symmetric session keys from physiological signals without pre-shared secrets or trusted third parties. A lightweight 1D-CNN (6320 parameters, INT8-quantized, 31.2 KB flash) extracts embeddings from ECG and PPG windows on ARM Cortex-M4 class devices, which are reconciled through fuzzy commitment with BCH error-correcting codes. Patient-level 5-fold cross-validation on PTB-XL (500 patients, dual-ECG) achieves EER of with ROC AUC ; on BIDMC (53 patients, ECG + PPG), a dual-encoder architecture reduces cross-modal EER to . Since standalone PhysioKey yields only 7–24 effective key bits, the recommended deployment mode is a hybrid PhysioKey + ECDH protocol providing 128-bit security while PhysioKey adds physical on-body authentication; standalone operation suits energy-constrained scenarios with its advantage over ECDH. HKDF-SHA-256 post-processing yields session keys passing all six NIST SP 800-22 tests (≥96% at the 1024-bit level).

Abstract To ensure the long-term security of anonymous communication against quantum computing threats, this paper proposes a QKD-assisted quantum secure onion routing protocol. The scheme employs a hybrid architecture comprising a star-topology QKD network, a classical onion routing network, and a blockchain-based pseudonym mechanism. By splitting trust between the central cloud and blockchain, the system prevents any single entity from compromising the complete path or session keys, thus balancing anonymity with scalability. Specifically, a quantum secure key agreement sub-protocol is designed: communicating parties XOR locally generated nonces with quantum keys and employ a hash family to achieve trust splitting. This method prevents both the central cloud and the blockchain from recovering session keys. Furthermore, a complete onion packet encapsulation process is established for layered encryption. Comprehensive analyses of correctness, security, and performance under practical QKD key rate constraints are provided. The results indicate that, under semi-honest and non-colluding assumptions, the proposed protocol achieves quantum secure anonymous communication while maintaining practical scalability.

The growing volume of sensitive data transmitted across embedded platforms has fueled a pressing need for compact yet resilient encryption engines. This paper presents a hybrid cryptographic architecture realized on a Xilinx Artix-7 field-programmable gate array, specifically the Nexys A7 development board. The proposed system brings together two mathematically distinct cipher families, namely the Advanced Encryption Standard operating on substitution-permutation rounds and Elliptic Curve Cryptography rooted in discrete-logarithm hardness, under a single unified controller. A hardware-resident random number generator, built around a linear-feedback shift register coupled with a ChaCha-inspired mixing stage, supplies session keys at run time without any software intervention. Functional correctness has been validated through behavioural simulation in Vivado, while a four-digit seven-segment display and sixteen on-board LEDs provide real-time visibility of plaintext, ciphertext, generated keys, and decrypted output directly on the physical board. Measured results confirm that both encryption and decryption pipelines complete within tens of clock cycles at the native 100 MHz fabric frequency, making the design well suited to resource-constrained Internet-of-Things endpoints where dedicated security co-processors are impractical.

ABSTRACT Objective To design a secure Federated Learning (FL) framework for Internet of Medical Things (IoMT) that protects sensitive patient data from both classical and quantum attacks. Methods Proposed the QSFedMA‐IoMT protocol integrating quantum and classical security techniques. Utilized entanglement‐based E91 protocol for generating a highly secure root key to establish trust. Applied BB84 protocol for efficient generation of per‐round session keys during FL updates. Incorporated classical cryptographic scheme AES‐GCM for secure communication. Employed privacy‐enhancing techniques such as norm‐clipping and Gaussian noise to mitigate information leakage during model training. Results Our work demonstrates robust resistance against both classical and quantum adversaries, while enhancing data privacy through secure key distribution and differential privacy mechanisms. It ensures the integrity of model updates within the federated learning process and achieves an effective balance between strong security guarantees and computational efficiency, making it well‐suited for IoMT environments. Conclusion The QSFedMA‐IoMT protocol delivers a robust and practical hybrid framework for securing federated learning in healthcare systems. By integrating E91 and BB84 protocols, it strengthens key management and trust establishment. The combination of quantum security with classical privacy‐preserving techniques ensures resilience, scalability, and efficiency. Overall, this work provides a promising direction for secure and privacy‐aware federated learning in next‐generation IoMT applications.

The fast growth of quantum computing puts widely used public-key cryptosystems like RSA and Elliptic Curve Cryptography (ECC) at risk because Shor's algorithm can quickly factor integers and find discrete logarithms. Grover’s algorithm similarly weakens symmetric ciphers like AES, necessitating larger key sizes. This work proposes the Hyperring RSA–AES Hybrid Encryption Scheme (HRA-HES), a hybrid cryptosystem that achieves post-quantum security for simple ciphers while preserving practical usability. HRA-HES derives session keys via Hyperring Learning with Noise within a Key Encapsulation Mechanism, and AES-256-GCM uses these keys to encrypt large data blocks. The multi-valued hyperaddition in the underlying hyperring structure disrupts the periodicity exploited by quantum period-finding algorithms. Implementation results show an encryption throughput of 850 Mbps and an average key generation time of about 2.1 ms, yielding improvements of up to 44% over prior baselines while maintaining low resource consumption, thus offering a scalable, quantum-aware transition framework.

In Social Internet of Vehicles (SIoV) environments, fog computing plays a crucial role in supporting real-time services by reducing the latency inherent in cloud-based architectures. However, fog nodes are typically deployed in physically exposed roadside environments and can be operated by several system operators, making them vulnerable to physical compromise and unauthorized access. Despite these threats, many existing authentication schemes assume fog nodes to be fully trusted or honest-but-curious, allowing them to decrypt transmitted data using a session key shared among vehicles, fog nodes, and cloud servers. To overcome these limitations, this paper proposes a quantum-secure pairwise key agreement scheme that establishes distinct session keys for vehicle–fog, fog–cloud, and vehicle–cloud communications. This design effectively prevents the disclosure of sensitive information even in the event of fog node compromise. Furthermore, Physical Unclonable Functions (PUFs) are employed to mitigate physical capture attacks, while lattice-based cryptography based on the Module Learning with Errors (MLWE) problem is integrated to ensure resistance against quantum computing attacks. The security of the proposed protocol is rigorously validated through formal analysis using AVISPA, BAN logic, and the Real-or-Random (RoR) model, in addition to informal security analysis. Comparative performance evaluations against related schemes demonstrate that the proposed approach achieves a balance between efficiency and security, making it well suited for practical deployment in SIoV environments.

LEAP:VANET: A lightweight and efficient authentication protocol for intelligent transportation system using VANET

Abstract-Cloud security mechanisms predominantly rely on static access control and post-hoc detection techniques that assume successful authentication implies sustained trust throughout a user session. In practice, a significant proportion of data breaches occur after authentication through compromised credentials, insider misuse, or gradual exploitation of authorized access, resulting in prolonged exposure of sensitive data before detection or intervention. This paper presents SENTRIX, a session-enabled, network-trust, risk-intelligent exposure architecture that reconceptualizes cloud data security by treating data visibility as a dynamically controlled variable rather than a binary access state. SENTRIX continuously constructs a session behavioral twin and computes a real-time trust score based on observed interaction patterns. Data exposure is adaptively reconstructed during the session, enabling progressive degradation through masking, precision reduction, throttling, and result limitation as trust declines. Upon trust collapse, the architecture enforces cryptographic containment by revoking session keys and re-encrypting sensitive data segments, rendering them inaccessible to the compromised session without permanent data loss. By coupling behavioral trust directly with data reconstruction and containment, SENTRIX minimizes cumulative data exposure during post-authentication breach windows and shifts cloud security from detection-centric defense to proactive damage minimization. The proposed architecture is domain-agnostic, cloud-deployable, and compatible with existing identity and access management systems, offering a practical and scalable approach to mitigating modern cloud security threats. Keywords: session security, adaptive data exposure, behavioral trust, cloud security architecture, cryptographic containment, post-authentication defense.

Secure and scalable authentication remains a fundamental challenge in Internet of Things (IoT) networks due to constrained device resources, dynamic topology, and the absence of centralized trust infrastructures. Conventional password-based and certificate-driven authentication schemes incur high computation, storage, and communication overhead, limiting their suitability for large-scale deployments. To address these limitations, this paper proposes ScLBS, a federated learning (FL)-based self-certified authentication scheme for distributed and sustainable IoT environments. ScLBS integrates self-certified public key cryptography with FL-driven trust adaptation, enabling decentralized public key derivation without reliance on third-party certificate authorities or exposure of private credentials. A zero-knowledge mechanism combined with location-aware authentication strengthens resistance to impersonation, Sybil, and replay attacks. Hierarchical key management supported by a [Formula: see text]-tree enables efficient group rekeying and preserves forward and backward secrecy under dynamic membership. Formal security verification is conducted under the Dolev-Yao adversary model using ProVerif, confirming secrecy of private and session keys (SKs) and correctness of authentication. Extensive NS-3 simulations and ablation analysis demonstrate that ScLBS achieves lower authentication delay, reduced message overhead, improved network utilization, and decreased energy consumption compared to representative IoT authentication schemes, while maintaining bounded FL overhead. These results indicate that ScLBS provides a balanced trade-off between security strength, scalability, and resource efficiency for constrained IoT networks.

Vehicular Ad hoc Networks (VANETs) enable vehicles and roadside units (RSUs) to exchange safety-related information over public wireless channels, thereby enhancing transportation system security and efficiency. However, malicious adversaries may impersonate RSUs to disseminate false information or masquerade as legitimate vehicles to gain unauthorized services. To counter such threats, mutual authentication between vehicles and RSUs is crucial. This task is particularly challenging due to the high mobility of vehicles and the resource constraints of both vehicles and RSUs. In this paper, we propose an Efficient and Anonymous Authentication Scheme with Session Key Agreement (EA2S2KA), which leverages Elliptic Curve Cryptography (ECC) and Physical Unclonable Functions (PUFs) to achieve lightweight, fast, and secure authentication. We conduct an informal security analysis, a formal security proof under the real-or-random (RoR) model, and formal security verification using AVISPA, all of which confirm that EA2S2KA resists a broad range of security threats in VANETs. Performance comparisons with recently proposed schemes show that EA2S2KA provides stronger security guarantees while achieving the lowest total computation cost and ranking among the top three in communication efficiency. Furthermore, NS-3 simulations confirm its practicality in large-scale and dynamic environments through evaluations of the authentication success rate, average authentication delay, and authentication message throughput.

This article presents general methodologies for plaintext attacks on block ciphers using the Tabu Search algorithm. These methods treat the cipher as a black box, with the objective of finding the session key. The primary innovation of our approach is the division of the key space into subsets based on a divisor, enabling the attack to focus on a specific portion of the total space. The following investigation demonstrates the successful application of these methods to a member of a block cipher family that includes the Advanced Encryption Standard (AES) cipher. One of the proposed methodologies, the subregions path attack, enables navigation of the key session space by applying specific predetermined strategies within these subregions.

Wireless sensor networks comprise many resource-constrained nodes that must protect both local readings and routing metadata. The sensors collect data from the environment or from the individual to whom they are attached and transmit it to the nearest gateway node via a wireless network for further delivery to external users. Due to wireless communication, the transmitted messages may be intercepted, rerouted, or even modified by an attacker. Consequently, security and privacy issues are of utmost importance, and the nodes must be protected against unauthorized access during transmission over a public wireless channel. To address these issues, we propose the Probabilistic Bit-Similarity-Based Key Agreement Protocol (PBS-KAP). This novel method enables two nodes to iteratively converge on a shared secret key without transmitting it or relying on pre-installed keys. PBS-KAP enables two nodes to agree on a symmetric session key using probabilistic similarity alignment with explicit key confirmation (MAC). Optimized Garbled Circuits facilitate secure computation with minimal computational and communication overhead, while Secure Sketches combined with Fuzzy Extractors correct residual errors and amplify entropy producing reliable and uniformly random session keys. The resulting protocol provides a balance between security, privacy, and usability, standing as a practical solution for real-world WSN and IoT applications without imposing excessive computational or communication burdens. Security relies on standard computational assumptions via a one-time elliptic–curve–based base Oblivious Transfer, followed by an IKNP Oblivious Transfer extension and a small garbled threshold circuit. No pre-deployed long-term keys are required. After the bootstrap, only symmetric operations are used. We analyze confidentiality in the semi-honest model. However, entity authentication, though feasible, requires an additional Authenticated Key Exchange step or malicious-secure OT/GC. Under the semi-honest OT/GC assumption, we prove session-key secrecy/indistinguishability; full entity authentication requires an additional AKE binding step or malicious-secure OT/GC.

ABSTRACT The Internet of Robotic Things (IoRT) requires secure and trustworthy collaboration among distributed robotic agents, yet conventional federated learning approaches often overlook trust management and secure keying. This research proposes QFTN, a quantum‐inspired federated trust negotiation framework for resilient data exchange in IoRT. Each robot employs isolation forest‐based anomaly detection and computes a local trust score from validation performance. Trust values are aggregated through a federated protocol, while quantum‐inspired logistic‐map chaos functions generate pseudo‐random session keys for Fernet‐based symmetric encryption. Data exchange is permitted only when trust scores exceed a defined threshold, ensuring compromised nodes are excluded. Evaluations on the CIC‐IoT‐2023 dataset show that QFTN achieves strong detection accuracy (99.94%), precision (99.81%), recall (99.79%), F 1 score (99.80%), efficient trust convergence, and robust protection against adversarial exchanges, outperforming conventional federated baselines. The framework demonstrates that lightweight, trust‐aware, and quantum‐inspired mechanisms can effectively secure next‐generation IoRT ecosystems.

In the evolving landscape of digital communication, the need for secure, lightweight, and efficient data protection mechanisms is more critical than ever, particularly for bandwidth-constrained and privacy-sensitive applications. This paper proposes a novel hybrid cryptographic framework that synergistically combines three powerful techniques: Elliptic Curve Cryptography (ECC), DNA-based cryptography, and LZ77 data compression. The framework utilizes ECC for secure key sharing between communication parties due to its strong security and low computational overhead. Once the session key is established, DNA cryptographic techniques are applied for the encryption and decryption of sensitive data, exploiting the high parallelism, randomness, and vast encoding capacity of DNA sequences. To further enhance transmission efficiency, the plaintext is first compressed using the LZ77 algorithm, reducing redundancy before encryption. This layered approach not only ensures high security and resistance to cryptanalytic attacks but also achieves significant data compression, making it suitable for secure data transmission in constrained environments such as Internet of Things (IoT) and telemedicine. Experimental results demonstrate that the proposed scheme maintains confidentiality, integrity, and performance, while significantly optimizing storage and transmission requirements.

The Smart Grid (SG) is an upgraded electrical system integrated with Information and Communication Technology (ICT) to provide two-way data exchange between power consumers and manufacturers. This innovation facilitates smooth digital connectivity between smart devices like Smart Appliances (SAs), Smart Meters (SMs), and the Service Provider (SP), enabling remote data management to achieve enhanced energy distribution. However, using insecure wireless communications channels poses serious security threats, such as replay, impersonation, man-in-the-middle, and physical capture attacks. Numerous cryptographic algorithms, including RSA, Bilinear Pairing, Data Encryption Standard (DES), and Advanced Encryption Standard (AES), are used in existing studies to address the problem of information breakout. Furthermore, because the parameters and key space are so large, these methods suffer from higher computing costs and communication overhead. To resolve this issue, we have proposed a lattice-based privacy-preserving framework for the SG network that can withstand quantum attacks. Moreover, because quantum computers cannot solve the lattice-based hard problems, the lattice-based signcryption scheme is developed to resist quantum attacks. We have also integrated blockchain technology with the proposed scheme to make the data tamper-resistant and secure against adversary attacks. The proposed protocol is intended to offer data confidentiality, data integrity, and unforgeability. The proposed protocol also withstands several known attacks, such as Man-in-the-Middle (MITM), replay, known session key, insider, and post-quantum attacks. We have simulated our scheme using the AVISPA simulation program, which proves the efficiency and effectiveness of our proposed scheme in meeting the required security properties.

As mission requirements continue to expand, the ability to communicate between unmanned aerial vehicles (UAVs) has become increasingly vital. However, security has also become a critical issue. UAVs typically operate in open wireless communication networks, which are highly susceptible to various attacks and pose significant threats to the overall security of UAV systems. Therefore, it is imperative to develop robust security protocols. Existing authentication schemes, while effective in ensuring security, mainly focus on lightweight design. However, the session keys between UAVs are generated with the assistance of the ground station. Should the communication link between the drone and the ground station come under attack, the session keys between drones cannot be updated. To address this issue, we propose the Anti-Fallback Security Framework (AFSF). This framework, based on a lightweight design philosophy, ensures UAV anonymity and effectively counters threats such as de-synchronization attacks and replay attacks. AFSF is specifically designed to secure communications between UAVs. Through formal proof, verification using the Scyther tool, and cryptographic analysis, we have conducted a comprehensive security evaluation of AFSF. The results demonstrate that AFSF is highly effective in withstanding a variety of security attacks. Moreover, we compared AFSF with two state-of-the-art existing schemes in terms of computational overhead, communication overhead, and energy consumption. The computational overhead of the proposed solution is 11.4 μs, the communication overhead is 18 μs, and the energy consumption is 7.04 μj. The findings indicate that AFSF outperforms the others in both resource consumption and security.

The application of wireless sensor networks (WSNs) in underground or underwater regions is becoming increasingly prevalent. This specific type of WSNs are referred to as wireless weak-link sensor networks (WWSNs), whose key distribution is identified as a prerequisite for ensuring network security. However, due to the fragile links of WWSNs, it is not feasible to directly transfer existing authenticated Diffie-Hellman (ADH) protocols from traditional WSNs to WWSNs. To address this challenge, we propose a disconnection-resistant authenticated Diffie-Hellman protocol (D-ADH) for key distribution in WWSNs. For mitigating the adverse impact of fragile links, we significantly reduce the number of node interactions in existing ADH protocols by having the sensor node use fixed negotiation public keys. Each sensor node only needs to receive the broadcast message of the base station on a single occasion to generate the session key. The results of simulation experiments and security analysis demonstrate that the proposed D-ADH protocol exhibits the lowest energy consumption, the longest network lifetime, the highest probability of successful key distribution and good network scalability compared to the state-of-the-art protocols, while maintaining an acceptable middle level security.