Digital Certificates Research Articles

An Efficient EHR Secure Exchange Among Healthcare Servers Using Light Weight Scheme

This work addresses the critical need for secure and patient-controlled Electronic Health Records (EHR) migration among healthcare hospitals' cloud servers (HHS). The relevant approaches often lack robust access control and leave data vulnerable during transfer. Our proposed scheme empowers patients to delegate EHR migration to a trusted Third-Party Hospital (TTPH); which is the Certification Authority (CA) while enforcing access control. The system leverages asymmetric encryption utilizing the Elliptic Curve Digital Signature Algorithm (ECDSA), EEC and ECDSA added robust security and lightness EHR sharing. Patient and user privacy is managed due to anonymity through cryptographic hashing for data protection and utilizes mutual authentication for secure communication. Formal security analysis using the Scyther tool and informal analysis was conducted to validate the system's robustness. The proposed scheme achieved EHR integrity due to the verification of the communicated HHS and ensuring the integrity of the HHS digital certificate during EHR migration. Ultimately, the result achieved in the proposed work demonstrated the scheme's high balance between data security and accuracy of communication, where the best result obtained represented 7.7/ ms as computational cost and 1248 /bits as communication cost compared with the relevant approaches.

The Challenge of Data Integration—Digital Twin Certification to Support Remote Operations

The Challenge of Data Integration—Digital Twin Certification to Support Remote Operations

Aspects of E-Government Interoperation: Case Study Research for Discovery Beyond Interoperability as Layered Capability

How different public agencies and their digital artifacts work together (often labeled as interoperability) is considered to be an important area for a successful evolution of e-government. Key knowledge in this area is the structuring into four different layers of interoperability: legal, organizational, semantic, and technical interoperability. This paper challenges this received view of digital interoperation. It does so through an in-depth qualitative case study on the management of digital medical certificates and an inductive and abductive data analysis. Twelve aspects of digital interoperation have emerged through this study. The aspects have been divided into two categories: intrinsic (aspects that directly relate to the digital transfer of information) and extrinsic (aspects that shape different parts of digital interoperation from the outside). Six intrinsic aspects have been identified (relational, performative, semantic, informational, architectural, and technical). These intrinsic categories also have roles as extrinsic. Besides these, there are six more extrinsic aspects (normative, regulative, economic, cognitive, interactive, and temporal). Based on empirical insights and theorizing, the paper argues for a broadening of interoperability as not only the capability to interoperate. A broader notion comprises a mix of organizational, human, and digital pre-conditions for interoperation.

Unmasking phishers: ML for malicious certificate detection

Phishing attacks increasingly use digital certificates to appear safe to users, and the frequency of such attacks has surged in recent years. As an example, around 80% of the 2021 phishing attacks used digital certificates to appear legitimate. The most common methods today for detecting phishing websites rely on users reporting the websites to phishing repositories, where they are then confirmed. This process can be slow, allowing the attacker to have time to have their phishing attack out on the Internet. Newer methods that implement machine learning models for the detection of phishing websites based on their digital certificate have been shown to be effective. This paper presents a system that uses certificate and domain name related features along with machine learning methods for the detection of phishing websites. To develop the system, data was collected from PhishTank and Tranco for domain names, and Censys was used for certificate retrieval. The domain related features are partly engineered using a time-series based deep learning model to get a vector representation of the domain name. Using the features engineered from the certificate and domain name, classical machine learning classifiers are trained and compared. Enriching the feature set with the vector representation of the domain names results in higher performance in distinguishing suspicious certificates from benign ones, going from an F1-score of 0.77 for a feature set solely based on certificate-related features to a performance of 0.89 with the enriched feature set. A time-based evaluation reflects the same performance with an F1-score of 0.88, which is an improvement compared to existing approaches to feature engineering.

Design and Implementation of Digital Calibration Certificate for RFID Tag Storage.

The digital transformation of metrology is one of the most active activities in the field of metrology at present, where the digital calibration certificate (DCC) being developed is the topic receiving the most concern in the current digital transformation. In practical industrial applications, the issue of storage carrier for the DCC plays a crucial role in its promotion and implementation. To address this issue, a DCC meta-model called DCC-Lite schema has been designed along with a corresponding processing method. This solution involves compressing and segmenting the DCC to make it suitable for storage using RFID tags. These RFID tags are affixed to the instruments and accompany them throughout their usage. Additionally, the DCC-RFID processing system has been developed to validate the effectiveness of the DCC meta-model and its corresponding processing method within a wireless temperature acquisition system. Experimental results demonstrate that the system successfully reads and writes the DCC stored within the RFID tag group. Furthermore, it enables automated parsing of the DCC calibration data by the machine and real-time compensation of measurement data to reduce measurement errors.

A Certificate-Less Distributed Key Management Scheme for Space Networks

The specificity and complexity of space networks render the traditional key management mechanism no longer applicable. The certificate-less-based distributed spatial network key management scheme proposed in this paper combines the characteristics of space networks, solving the problems regarding the difficulty of implementing centralized key management in space networks and the excessive overhead required for maintaining public key certificates by constructing a distributed key generation center and establishing strategies such as private key updates, master key component updates, and session key negotiation. This method also avoids the key escrow problem inherent in existing identity-based key management schemes. This scheme provides the DPKG construction method for space networks; designs the update strategy for the DPKG node’s master key sharing, providing a specific update algorithm; introduces the batch private key update mechanism; and uses the mapping function to evenly distribute the node’s update requests throughout the update time period, avoiding the problem of overly concentrated update requests. After analysis and simulation verification, it was proven that the scheme can meet the necessary security requirements, offering good stability and scalability.

A view on distributed sound level sensors from the perspective of legal metrology

Paper-based calibration certificates are gradually being replaced by equivalent digital calibration certificates (DCCs). The DCC is human-readable as well as machine-readable which simplifies the administration process significantly. During calibration procedure a measurement instrument is tested on-site in a testing laboratory. However, nowadays sound level sensors are increasingly deployed as distributed systems, where they transmit measurement data from one location (e.g. a workplace in a factory) to a measurement laboratory over available networks. This data transmission process has until now not been considered during calibration procedure or type approval tests. Therefore, requirements for the data transmission process according to the regulations of the European Cooperation in Legal Metrology (WELMEC Guide) must be considered. In this project two digital sound level sensors were selected and tested when deployed as distributed systems. The data collected were used to compare the two systems in accordance with the regulations of the WELMEC guide. In this work the first example of an acoustical DCC is presented and discussed. Further, a list of requirements is proposed that should be considered in the future when developing sound level sensors intended to be used as distributed systems.

Digital Certificate Management for Medical Devices

As the healthcare environment becomes increasingly digitally connected and cyber threats to healthcare technologies evolve, cybersecurity controls are necessary to ensure the safety and effectiveness of medical devices. Digital certificates are one such security control commonly utilized to secure various technologies and systems including medical devices. However, few academic resources describe the use of digital certificates in the unique context of medical devices. Additionally, digital certificate issues have the potential to impact the safety and effectiveness of medical devices and to negatively hinder the delivery of patient care. This article provides an introduction on the role of digital certificates to secure and manage access to medical devices, including potential issues and digital certificate management considerations.

Article: Balancing Digitalization and Proportionality: The Progress of the FASTER Initiative*

The European Commission’s proposed directive ‘Faster and Safer Relief of Excess Withholding Taxes’ (FASTER) aims to standardize, modernize, and digitalize the EU-wide withholding tax procedure to enhance efficiency and fraud resistance. The Council of the EU, through Economic and Financial Affairs Council (‘ECOFIN’), has agreed on a revised directive that retains the core objectives but introduces significant modifications. The initiative focuses on simplifying tax relief procedures, introducing a digital EU tax residence certificate, and implementing fast-track refund systems. The Council’s adjustments include extended deadlines for issuing certificates and fast-track refunds, as well as expanded obligations for financial intermediaries to report transactions and prevent fraud. The directive emphasizes digitalization and proportionality in its implementation. However, concerns about the proportionality of imposed liabilities on financial intermediaries and data protection remain critical issues. The revised directive is pending further consultation with the European Parliament and formal adoption by the Council, with an anticipated implementation deadline extended to 31 December 2028, and national application starting 1 January 2030.

The Contribution of Digital Preservation as a Digital Transformation Mechanism within the Scope of the Sustainable Development Objectives of the 2030 Agenda

This study reports how institutions in a contemporary context experiencing significant digital transformations face several challenges to keep their memory alive for the next generations. In this context, digital preservation becomes essential for institutions to preserve their history. Also noteworthy are the Sustainable Development Goals established in the United Nations 2030 Agenda, which focus on sustainable development directly related to digital preservation. This article aims to analyze how humanity should consider Objectives 9, 11, 12 and 13 of the 2030 Agenda, whose objectives are interrelated with the theme of this research work. The methodology used was a bibliographic survey on the Web of Science, Google Scholar and Brapci databases, with a qualitative approach and categorical analysis. It is concluded that the interrelationship of digital preservation through the tool of digital certification in documents in institutions can be used as a mechanism for digital transformation within the scope of the Sustainable Development Goals (SDGs) of the 2030 Agenda.

Intellectual Property Management and Legal Protection Mechanism of Blockchain-based Crowdsourced Testing

While promoting the vigorous development of crowdsourced testing services, Internet technology has also generated problems such as non-standard intellectual property management, unclear ownership of rights, and lack of trustworthiness. Based on the characteristics of being decentralized, traceable and tamper-proof of blockchain, IPFS, SHA256 algorithm, and digital certificate technology, this paper puts forward a new intellectual property management framework for crowdsourced testing to meet the requirements of intellectual property traceability of crowdsourced testing, right confirmation and query, and proposes the idea of applying on the chain and off chain decomposition and integration technology to address the storage performance bottleneck problem caused by data expansion on the chain, thus realizing a trusted intellectual property management system of crowdsourced testing. Meanwhile, this paper puts that the intellectual property of crowdsourced testing cannot be fully maintained only by technical means, and corresponding legal support means should be supplemented, including improving the laws and regulations on judicial and administrative protection of intellectual property, and properly handling the legal risk control of intellectual property of crowdsourced testing.

Blockchain-enhanced efficient and anonymous certificateless signature scheme and its application

Although the Internet of Things (IoT) brings efficiency and convenience to various aspects of people’s lives, security and privacy concerns persist as significant challenges. Certificateless Signatures eliminate digital certificate management and key escrow issues and can be well embedded in resource-constrained IoT devices for secure access control. Recently, Ma et al. designed an efficient and pair-free certificateless signature (CLS) scheme for IoT deployment. Unfortunately, We demonstrate that the scheme proposed by Ma et al. is susceptible to signature forgery attacks by Type-II adversaries. That is, a malicious-and-passive key generation center (KGC) can forge a legitimate signature for any message by modifying the system parameters without the user’s secret value. Therefore, their identity authentication scheme designed based on vehicular ad-hoc networks also cannot guarantee the claimed security. To address the security vulnerabilities, we designed a blockchain-enhanced and anonymous CLS scheme and proved its security under the Elliptic curve discrete logarithm (ECDL) hardness assumption. Compared to similar schemes, our enhanced scheme offers notable advantages in computational efficiency and communication overhead, as well as stronger security. In addition, a mutual authentication scheme that satisfies the cross-domain scenario is proposed to facilitate efficient mutual authentication and negotiated session key generation between smart devices and edge servers in different edge networks. Performance evaluation shows that our protocol achieves an effective trade-off between security and compute performance, with better applicability in IoT scenarios.

The Pitfalls of the Certificate-Based User Authentication Scheme on Korean Public Websites

The Korean government has employed a certificate-based user authentication scheme powered by Internet Explorer and ActiveX plug-ins for the past two decades. Users must obtain accredited digital certificates, install all required plug-ins on their machines, and undergo all user authentication procedures. Most clients mistakenly take a series of authentication procedures for granted and unwittingly make copies of security code cards, store accredited digital certificates on hard disks, and mechanically click “Yes” or “OK”. Public websites lack cross-platform and cross-browser compatibility and discriminate against those who do not use Windows. The government should require public organizations to provide at least a password-based n-factor authentication scheme over SSL/TLS and should reform institutional arrangements so that service providers take primary responsibility for online transactions. This “Galapagos e-government” case illustrates the importance of global technology standards and web accessibility.

Blockchain-Machine Learning Fusion for Enhanced Malicious Node Detection in Wireless Sensor Networks

In wireless sensor networks (WSNs), the presence of malicious nodes (MNs) poses significant challenges to data integrity, network stability, and system reliability. These issues are intensified by energy resource constraints and limitations within centralized authentication systems, necessitating an energy-efficient solution to ensure real-time responsiveness. Although artificial intelligence-driven approaches enhance detection capabilities, they overcome challenges related to data volume, coordination overhead, and latency in centralized control. This study introduces blockchain-machine learning (BC-ML), a novel hybrid model that seamlessly integrates blockchain and machine learning (ML) techniques to effectively identify MNs in WSNs. The model establishes an energy-efficient blockchain among cluster heads (CHs) for robust node authentication, incorporating a Schnorr-like zero-knowledge-proof technique to validate node data during communication initiation. Utilizing a hybrid lightweight approach with both symmetric and asymmetric ciphers enhances the security of node data transmission. A new proof-of-authority method is introduced, which leverages node digital certificates instead of conventional data transactions. This consensus mechanism reduces the processing overhead associated with larger data sizes in traditional proof-of-work methods, thereby improving both energy efficiency and scalability. To address dataset imbalances, the model employs a hybrid unsupervised ML technique, combining adaptive synthetic sampling with a convolutional neural network for efficient analysis of nodes and network features. The ML model, hosted on a robust data server, ensures ongoing oversight by updating CHs with security levels for detected MNs, thereby reducing storage and mitigating coordination challenges. Comprehensive analyses validate the effectiveness of the BC-ML model for detecting MNs, optimizing resource utilization, minimizing delays, and prolonging node and network lifetimes. Security analysis further confirms the ability of the model to mitigate diverse attacks and meet the stringent WSN security requirement.

Uncertainty Calculation as a Service: Integrating Cloud-Based Microservices for Enhanced Calibration and DCC Generation.

The calibration industry is renowned for its diverse and sophisticated equipment and complex processes, which necessitate innovative solutions to keep pace with rapidly advancing technology. This paper introduces an enhancement to an existing microservice-based cloud architecture, aimed at effectively managing the inherent complexity within this field. The enhanced architecture seamlessly integrates various equipment types and communication technologies, aligning diverse stakeholder expectations into a unified system that ensures efficient and accurate calibration processes. It highlights the integration of microservices to facilitate various methods of uncertainty calculation and the generation of digital calibration certificates (DCCs). A case study on RF power measurement illustrates the practical application and benefits of the enhanced architecture. Although initially focused on RF power measurement, the flexible architecture allows for future expansions to accommodate new standards and measurement techniques. The enhanced system offers a comprehensive approach to managing data flow from calibration equipment to the final generation of DCCs, utilizing cloud-based services for efficient data processing. As a future direction, this extension sets the groundwork for broader applicability across multiple measurement types, ensuring readiness for upcoming advancements in metrology.

A Blockchain and PKI-Based Secure Vehicle-to-Vehicle Energy-Trading Protocol

With the increasing awareness for sustainable future and green energy, the demand for electric vehicles (EVs) is growing rapidly, thus placing immense pressure on the energy grid. To alleviate this, local trading between EVs should be encouraged. In this paper, we propose a blockchain and public key infrastructure (PKI)-based secure vehicle-to-vehicle (V2V) energy-trading protocol. A permissioned blockchain utilizing the proof of authority (PoA) consensus and smart contracts is used to securely store data. Encrypted communication is ensured through transport layer security (TLS), with PKI managing the necessary digital certificates and keys. A multi-leader, multi-follower Stackelberg game-based trade algorithm is formulated to determine the optimal energy demands, supplies, and prices. Finally, we propose a detailed communication protocol that ties all the components together, enabling smooth interaction between them. Key findings, such as system behavior and performance, scalability of the trade algorithm and the blockchain, smart contract execution costs, etc., are presented through numerical results by implementing and simulating the protocol in various scenarios. This work not only enhances local energy trading among EVs, encouraging efficient energy usage and reducing burden on the power grid, but also paves a way for future research in sustainable energy management.

Enhancing road safety through misbehaviour detection in vehicle‐to‐everything systems of Korea

AbstractVehicle‐to‐everything communication systems play a crucial role in enhancing road safety and traffic efficiency through vehicle and roadside infrastructure interactions. To provide robust defences against external threats in secure and trustworthy information exchange, these systems utilise public key infrastructure to authenticate vehicle‐to‐everything participant identities with digital certificates and security credential management systems to administer these certificates and encryption keys. However, even with these defences, vulnerabilities persist, particularly from vehicles with legitimate certificates that may malfunction or be exploited for malicious purposes. To address these issues, this paper introduces a misbehaviour detection (MBD) system, notable for its combined use of local and global MBD algorithms. This system is specifically designed to combat both conventional and novel threats, including slander attacks, in which vehicles with legitimate certificates may be falsely accused, and sophisticated attacks targeting the global MBD system itself. The efficacy of our MBD system was rigorously validated at K‐City, the leading autonomous vehicle technology testing facility in Korea, demonstrating its ability to identify and counter internal misbehaviours precisely.

Investigation of Digital Calibration Certificate - Digital Test Report Sharing in Metrology Network

Investigation of Digital Calibration Certificate - Digital Test Report Sharing in Metrology Network

Constructing risk in trustworthy digital repositories

PurposeThis article investigates the construction of risk within trustworthy digital repository audits. It contends that risk is a social construct, and social factors influence how stakeholders in digital preservation processes comprehend and react to risk.Design/methodology/approachThis research employs a qualitative research design involving in-depth semi-structured interviews with stakeholders in the Trustworthy Digital Repository Audit and Certification (TRAC) process, and document analysis of the TRAC checklist and audit reports. I apply an analytic framework based on the Model for the Social Construction of Risk in Digital Preservation to this data.FindingsThe findings validate the argument that risk in digital preservation is indeed socially constructed and demonstrate that the eight factors in the Model for the Social Construction of Risk in Digital Preservation do indeed influence how stakeholders constructed their understanding of risk. Of the eight factors in the model, communication, expertise, uncertainty and vulnerability were found to be the most influential in the construction of risk during the TRAC audit process. The influence of complexity, organizations political culture, were more limited.Originality/valueThis article brings new insights to digital preservation by demonstrating the importance of understanding risk as a social construct. I argue that risk identification and/or assessment is only the first step in the long-term preservation of digital information and show that perceptions of risk in digital preservation are shaped by social factors by applying theories of social construction and risk perception to an analysis of the TRAC process.

Exploration of PQC-Based Digital Signature Schemes in TLS Certificates

The rapid development in quantum computers brings huge risks to traditional cryptographic systems. This paper talks about the integration of PQC-based digital signature schemes to solve challenges posed on Transport Layer Security certificates. In this paper, we give an analysis of the efficacy, security, and performance implications of various schemes in PQC—particularly lattice-based, hash-based, and multivariate polynomial-based algorithms. We detail more closely the challenges of the real deployment, directly connected with these digital signatures, considering communication overhead and computational costs. Our findings indicate that hybrid certificate chains, which integrate multiple PQC schemes, offer a feasible solution for a seamless transition to quantum-resistant standards with manageable performance trade-offs. Moreover, our study extends to the quantification of security benefits these PQC schemes provide against both quantum and classical computational attacks, underscoring their potential in enhancing the resilience of digital communication systems. This paper aims to contribute valuable insights to ongoing standardization discussions and support the broader adoption of PQC, thereby ensuring robust and future-proof security in digital communications amidst the advancing quantum computing era.