Internet of Things最新文献_第5页

PT-TrafficAnalyzer: A weighted ensemble prediction tree for IoT attack detection PT-TrafficAnalyzer：用于物联网攻击检测的加权集成预测树

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things

Pub Date : 2026-03-01 Epub Date: 2026-01-14 DOI: 10.1016/j.iot.2026.101874

Recep Sinan Arslan

The Internet of Things has a network structure that is vulnerable to cyberattacks and susceptible to attackers. Ensuring the privacy of organizations and individuals is a crucial issue in IoT networks, where sensitive data is transmitted and various types of attacks are prevalent. The importance of Intrusion Detection Systems (IDS) in detecting attacks and infiltration attempts on IoT networks is increasing daily. In this way, it will contribute to the resistance against attackers and the spread of this modern technology. In this study, Prediction Tree Traffic Analyzer (PT-TAnalyzer), an IDS system capable of detecting and classifying attacks on IoT networks, is proposed. PT-TAnalyzer features an ensemble model structure, where weighting is determined by the validation scores of machine learning models, and a prediction tree comprising eight ensemble models trained on the CIC-IoT-2023 dataset. This proposed model detects 34 attack types (including 33 malicious and one benign) with high success rates, due to its unique attack-detection approach, and does so efficiently and cost-effectively. Unlike traditional studies, it achieves this by using eight trained models rather than classifying all attacks with a single model and a single prediction structure within the tree architecture. In the tests performed, PT-TAnalyzer achieved 99.76 % accuracy in the binary classification experiment (Benign vs. Malicious) and 98.70 % accuracy in the 34-class experiment, yielding a similar F1 Score. The test time per sample is less than 0.1 ms. Compared with previous frameworks using the same dataset, PT-TAnalyzer shows a 2 % improvement in overall accuracy and a lower processing time. In practice, the proposed model can be deployed on IoT gateways or edge devices to provide real-time, low-cost, and scalable intrusion detection capabilities. The model outperforms previous studies using the same dataset, while also addressing the limitations.

物联网的网络结构容易受到网络攻击，容易受到攻击者的攻击。在物联网网络中，确保组织和个人的隐私是一个关键问题，在物联网网络中，敏感数据被传输，各种类型的攻击很普遍。入侵检测系统（IDS）在检测对物联网网络的攻击和渗透企图方面的重要性与日俱增。通过这种方式，它将有助于抵抗攻击者和这种现代技术的传播。在本研究中，提出了一种能够检测和分类物联网网络攻击的IDS系统预测树流量分析器（PT-TAnalyzer）。PT-TAnalyzer具有集成模型结构，其中权重由机器学习模型的验证分数决定，以及由在CIC-IoT-2023数据集上训练的八个集成模型组成的预测树。该模型检测34种攻击类型（包括33种恶意攻击和1种良性攻击），由于其独特的攻击检测方法，成功率很高，并且效率高，成本低。与传统研究不同的是，它通过使用八个训练模型来实现这一目标，而不是在树结构中使用单个模型和单个预测结构对所有攻击进行分类。在进行的测试中，PT-TAnalyzer在二元分类实验（良性vs.恶意）中准确率达到99.76%，在34类实验中准确率达到98.70%，获得相似的F1分数。每个样品的测试时间小于0.1 ms。与以前使用相同数据集的框架相比，PT-TAnalyzer显示总体精度提高了2%，处理时间更短。在实践中，所提出的模型可以部署在物联网网关或边缘设备上，以提供实时、低成本和可扩展的入侵检测功能。该模型优于使用相同数据集的先前研究，同时也解决了局限性。

{"title":"PT-TrafficAnalyzer: A weighted ensemble prediction tree for IoT attack detection","authors":"Recep Sinan Arslan","doi":"10.1016/j.iot.2026.101874","DOIUrl":"10.1016/j.iot.2026.101874","url":null,"abstract":"<div><div>The Internet of Things has a network structure that is vulnerable to cyberattacks and susceptible to attackers. Ensuring the privacy of organizations and individuals is a crucial issue in IoT networks, where sensitive data is transmitted and various types of attacks are prevalent. The importance of Intrusion Detection Systems (IDS) in detecting attacks and infiltration attempts on IoT networks is increasing daily. In this way, it will contribute to the resistance against attackers and the spread of this modern technology. In this study, Prediction Tree Traffic Analyzer (PT-TAnalyzer), an IDS system capable of detecting and classifying attacks on IoT networks, is proposed. PT-TAnalyzer features an ensemble model structure, where weighting is determined by the validation scores of machine learning models, and a prediction tree comprising eight ensemble models trained on the CIC-IoT-2023 dataset. This proposed model detects 34 attack types (including 33 malicious and one benign) with high success rates, due to its unique attack-detection approach, and does so efficiently and cost-effectively. Unlike traditional studies, it achieves this by using eight trained models rather than classifying all attacks with a single model and a single prediction structure within the tree architecture. In the tests performed, PT-TAnalyzer achieved 99.76 % accuracy in the binary classification experiment (Benign vs. Malicious) and 98.70 % accuracy in the 34-class experiment, yielding a similar F1 Score. The test time per sample is less than 0.1 ms. Compared with previous frameworks using the same dataset, PT-TAnalyzer shows a 2 % improvement in overall accuracy and a lower processing time. In practice, the proposed model can be deployed on IoT gateways or edge devices to provide real-time, low-cost, and scalable intrusion detection capabilities. The model outperforms previous studies using the same dataset, while also addressing the limitations.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"36 ","pages":"Article 101874"},"PeriodicalIF":7.6,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146023230","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Multi-hypervisor-based authorization and DoS attack mitigation framework using LC-WTRNN technique 基于多管理程序的授权和使用LC-WTRNN技术的DoS攻击缓解框架

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things

Pub Date : 2026-03-01 Epub Date: 2025-12-03 DOI: 10.1016/j.iot.2025.101843

Kalyan Gattupalli , Poovendran Alagarsundaram , Harikumar Nagarajan , Venkata Surya Bhavana Harish Gollavilli , Surendar Rama Sitaraman , Pushpakumar R

Hypervisors allow the management of several Virtual Machines (VMs) on a single device but are highly susceptible to DoS attacks, which deprive resources and disrupt cloud services. Techniques currently in use fail to establish proper authorization between multi-hypervisors, thereby exposing VMs to security threats. To ameliorate this situation, we developed a LeCun Wave Tanh Recurrent Neural Network (LC-WTRNN)-based multi-hypervisor authorization framework integrated with Hamming Code Quantum Cryptography (HC-QC), Kullback-Leibler De-Swinging K-Anonymity (KLDS-KAnonymity), and the Hell Bhatt Tiger Hashing Algorithm (HB-THA). Thereby, the system efficiently detects DoS attacks, secures VM registration, and ensures data integrity. With experimental results on the CICDDoS2019 dataset, it is seen that its method achieves an accuracy of 98.62 %, a recall value of 98.45 %, and a specificity of 98.65 % on average, outperforming traditional RNN, DBN, RBM, and DNN methods by 5.3 %. Additionally, the newly proposed framework contributes to a 56.1 % reduction in the time needed for anonymization while providing 8.5 % better encryption security and 44.5 % less tree generation time against the traditional methods. These results thus validate LC-WTRNN as a scalable and secure solution to mitigating DoS attacks in cloud environments.

管理程序允许管理单个设备上的多个虚拟机（vm），但极易受到DoS攻击，这会剥夺资源并中断云服务。目前使用的技术无法在多个管理程序之间建立适当的授权，从而使虚拟机面临安全威胁。为了改善这种情况，我们开发了一个基于LeCun Wave Tanh递归神经网络（LC-WTRNN）的多管理程序授权框架，该框架集成了汉明码量子加密（HC-QC）， Kullback-Leibler de - swing K-Anonymity （KLDS-KAnonymity）和Hell Bhatt Tiger哈希算法（hbtha）。从而有效检测DoS攻击，保护虚拟机注册安全，保证数据完整性。在CICDDoS2019数据集上的实验结果表明，该方法的准确率为98.62%，召回率为98.45%，平均特异性为98.65%，比传统的RNN、DBN、RBM和DNN方法高5.3%。此外，新提出的框架有助于将匿名化所需的时间减少56.1%，同时提供8.5%的加密安全性和44.5%的树生成时间比传统方法少。因此，这些结果验证了LC-WTRNN作为一种可扩展和安全的解决方案，可以减轻云环境中的DoS攻击。

{"title":"Multi-hypervisor-based authorization and DoS attack mitigation framework using LC-WTRNN technique","authors":"Kalyan Gattupalli , Poovendran Alagarsundaram , Harikumar Nagarajan , Venkata Surya Bhavana Harish Gollavilli , Surendar Rama Sitaraman , Pushpakumar R","doi":"10.1016/j.iot.2025.101843","DOIUrl":"10.1016/j.iot.2025.101843","url":null,"abstract":"<div><div>Hypervisors allow the management of several Virtual Machines (VMs) on a single device but are highly susceptible to DoS attacks, which deprive resources and disrupt cloud services. Techniques currently in use fail to establish proper authorization between multi-hypervisors, thereby exposing VMs to security threats. To ameliorate this situation, we developed a LeCun Wave Tanh Recurrent Neural Network (LC-WTRNN)-based multi-hypervisor authorization framework integrated with Hamming Code Quantum Cryptography (HC-QC), Kullback-Leibler De-Swinging K-Anonymity (KLDS-KAnonymity), and the Hell Bhatt Tiger Hashing Algorithm (HB-THA). Thereby, the system efficiently detects DoS attacks, secures VM registration, and ensures data integrity. With experimental results on the CICDDoS2019 dataset, it is seen that its method achieves an accuracy of 98.62 %, a recall value of 98.45 %, and a specificity of 98.65 % on average, outperforming traditional RNN, DBN, RBM, and DNN methods by 5.3 %. Additionally, the newly proposed framework contributes to a 56.1 % reduction in the time needed for anonymization while providing 8.5 % better encryption security and 44.5 % less tree generation time against the traditional methods. These results thus validate LC-WTRNN as a scalable and secure solution to mitigating DoS attacks in cloud environments.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"36 ","pages":"Article 101843"},"PeriodicalIF":7.6,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145791863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ASEADOS-SDN-IoT: A novel SDN-IoT network intrusion detection dataset and framework SDN-IoT：一种新的SDN-IoT网络入侵检测数据集和框架

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things

Pub Date : 2026-03-01 Epub Date: 2026-02-10 DOI: 10.1016/j.iot.2026.101891

Tharindu Lakshan Yasarathna, Nhien-An Le-Khac

The convergence of Software-Defined Networking (SDN) and the Internet of Things (IoT) offers a transformative architecture for intelligent, programmable, and scalable network management. However, this integration also exposes new attack surfaces and security challenges that require robust Intrusion Detection Systems (IDS). Progress in IDS research for SDN-IoT environments has been limited by the absence of realistic datasets that capture both IoT traffic diversity and SDN control-plane dynamics. To address this gap, this paper presents ASEADOS-SDN-IoT, a novel, publicly available intrusion detection dataset supported by a fully documented hybrid testbed framework. The proposed framework integrates physical IoT devices and virtual IoT nodes within an ONOS-controlled OpenFlow infrastructure, enabling synchronised collection of packet-flow data and SDN controller telemetry under benign and adversarial conditions. The dataset covers four representative attack categories-Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Probe, and Botnet-and captures genuine control-data plane interactions observed during live network operation. ASEADOS-SDN-IoT comprises 457,044 labelled flow instances with 83 statistical features and is publicly released to support reproducible research. The experimental evaluation using machine learning (ML) and deep learning (DL) models demonstrates clear separability between benign and malicious traffic. It confirms the dataset’s suitability for training and benchmarking intrusion detection systems. By combining realistic traffic generation, cross-layer visibility, and reproducible design, ASEADOS-SDN-IoT provides a robust benchmark for advancing secure and adaptive SDN-IoT infrastructures.

软件定义网络（SDN）和物联网（IoT）的融合为智能、可编程和可扩展的网络管理提供了一个变革性的架构。然而，这种集成也暴露了新的攻击面和安全挑战，需要强大的入侵检测系统（IDS）。SDN-IoT环境下的IDS研究进展受到缺乏既能捕获物联网流量多样性又能捕获SDN控制平面动态的现实数据集的限制。为了解决这一差距，本文提出了ASEADOS-SDN-IoT，这是一种新颖的、公开可用的入侵检测数据集，由一个完整记录的混合测试平台框架支持。提出的框架将物理物联网设备和虚拟物联网节点集成在onos控制的OpenFlow基础设施中，能够在良性和敌对条件下同步收集数据包流数据和SDN控制器遥测。该数据集涵盖了四种典型的攻击类别——拒绝服务（DoS）、分布式拒绝服务（DDoS）、探测和僵尸网络，并捕获了在实时网络运行期间观察到的真正的控制数据平面交互。ASEADOS-SDN-IoT包括457,044个标记流实例，具有83个统计特征，并公开发布以支持可重复研究。使用机器学习（ML）和深度学习（DL）模型的实验评估表明，良性和恶意流量之间具有明显的可分离性。它确认了数据集对训练和入侵检测系统基准测试的适用性。通过结合现实的流量生成、跨层可见性和可复制设计，ASEADOS-SDN-IoT为推进安全和自适应SDN-IoT基础设施提供了强大的基准。

{"title":"ASEADOS-SDN-IoT: A novel SDN-IoT network intrusion detection dataset and framework","authors":"Tharindu Lakshan Yasarathna, Nhien-An Le-Khac","doi":"10.1016/j.iot.2026.101891","DOIUrl":"10.1016/j.iot.2026.101891","url":null,"abstract":"<div><div>The convergence of Software-Defined Networking (SDN) and the Internet of Things (IoT) offers a transformative architecture for intelligent, programmable, and scalable network management. However, this integration also exposes new attack surfaces and security challenges that require robust Intrusion Detection Systems (IDS). Progress in IDS research for SDN-IoT environments has been limited by the absence of realistic datasets that capture both IoT traffic diversity and SDN control-plane dynamics. To address this gap, this paper presents ASEADOS-SDN-IoT, a novel, publicly available intrusion detection dataset supported by a fully documented hybrid testbed framework. The proposed framework integrates physical IoT devices and virtual IoT nodes within an ONOS-controlled OpenFlow infrastructure, enabling synchronised collection of packet-flow data and SDN controller telemetry under benign and adversarial conditions. The dataset covers four representative attack categories-Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Probe, and Botnet-and captures genuine control-data plane interactions observed during live network operation. ASEADOS-SDN-IoT comprises 457,044 labelled flow instances with 83 statistical features and is publicly released to support reproducible research. The experimental evaluation using machine learning (ML) and deep learning (DL) models demonstrates clear separability between benign and malicious traffic. It confirms the dataset’s suitability for training and benchmarking intrusion detection systems. By combining realistic traffic generation, cross-layer visibility, and reproducible design, ASEADOS-SDN-IoT provides a robust benchmark for advancing secure and adaptive SDN-IoT infrastructures.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"36 ","pages":"Article 101891"},"PeriodicalIF":7.6,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146173162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

TrustEdge: A quantum-safe, self-healing framework for federated TinyML in critical ICU monitoring TrustEdge：一个量子安全的、自我修复的框架，用于重症监护监护中的联合TinyML

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things

Pub Date : 2026-03-01 Epub Date: 2025-12-17 DOI: 10.1016/j.iot.2025.101855

Umar Hayat Khan , Affaq Qamar , Rahim Khan , Mohamad A. Alawad , Fahad Alturise , Maqsood Hayat

As adversarial threats to AI-extended medicine increases, there is evidence to suggest that existing IoMT architectures lack autonomous cyber-resilience; the ability of a system to detect (observe and record) and then self-heal from attack events without any human effort. Against this backdrop, we develop TrustEdge: an end-to-end IoMT system which seamlessly integrates four critical functions at the edge namely (i) TinyML-driven IDS-on-device (ii) PQC driven secure federated learning using NIST standard ML-KEM-512 algorithm (iii) lightweight blockchain audit trail and (iv) smart contract based self-healing. To that end and specifically designed for resource-constrained ESP32-class low-resource devices, TrustEdge, adapted to the tailored requirements of non-IID clinical environments, enables secure sub-second detection of both sensor spoofing and model poisoning attacks with 98.2 % accuracy while incurring no more than 1 % false positives; under mistaken diagnosis indications it automatically responds by triggering vetted recovery actions (e.g., node isolation or model rollback) without having to depend on cloud back-ends. The framework was tested on clinician-verified synthetic ICU data spanned in 3 simulated hospitals and within a high-fidelity OMNeT++ network simulation with realistic ICU WiFi, at 54Mbps (bit error rate of

10^{- 5}

, co-channel interference). Experimental results show that TrustEdge is 99.4 %(accuracy) of the health anomaly detection with negligible overhead (0.09ms(PQC encryption) and 1.2ms(per transaction of blockchain)). Our co-simulation ensures ethical safety and eliminates adversarial testing in living clinical sites; we provide full reproducibility, sharing code, data and simulation scripts. TrustEdge raises the bar for self-defending, autonomous critical care systems impermeable to present and quantum-age threats without the presence of any false positives in normal operation and is fully consistent with quantum-safe edge native design principles.

随着对人工智能扩展医疗的对抗性威胁的增加，有证据表明，现有的IoMT架构缺乏自主的网络弹性；系统检测（观察和记录）攻击事件并在攻击事件中自愈的能力，无需人工干预。在此背景下，我们开发了TrustEdge：一个端到端IoMT系统，它在边缘无缝集成了四个关键功能，即(i) tinml驱动的设备上ids （ii）使用NIST标准ml - kom -512算法的PQC驱动的安全联邦学习（iii）轻量级区块链审计跟踪和（iv）基于智能合约的自修复。为此，专门为资源受限的esp32类低资源设备设计，TrustEdge适应非iid临床环境的定制要求，能够以98.2%的准确率安全检测传感器欺骗和模型中毒攻击，同时产生不超过1%的误报；在错误的诊断指示下，它通过触发经过审查的恢复操作（例如，节点隔离或模型回滚）自动响应，而不必依赖于云后端。该框架在3家模拟医院的临床验证的综合ICU数据上进行了测试，并在具有真实ICU WiFi的高保真omnet++网络模拟中进行了测试，速度为54Mbps（误码率为10−5，共信道干扰）。实验结果表明，TrustEdge的健康异常检测准确率为99.4%，开销可忽略不计（PQC加密为0.09ms，区块链每笔交易为1.2ms）。我们的联合模拟确保了伦理安全，并消除了活体临床现场的对抗性测试；我们提供完整的再现性，共享代码、数据和模拟脚本。TrustEdge提高了自我防御的标准，自主的重症监护系统在正常操作中不存在任何误报，无法渗透到当前和量子时代的威胁，并且完全符合量子安全边缘的本地设计原则。

{"title":"TrustEdge: A quantum-safe, self-healing framework for federated TinyML in critical ICU monitoring","authors":"Umar Hayat Khan , Affaq Qamar , Rahim Khan , Mohamad A. Alawad , Fahad Alturise , Maqsood Hayat","doi":"10.1016/j.iot.2025.101855","DOIUrl":"10.1016/j.iot.2025.101855","url":null,"abstract":"<div><div>As adversarial threats to AI-extended medicine increases, there is evidence to suggest that existing IoMT architectures lack autonomous cyber-resilience; the ability of a system to detect (observe and record) and then self-heal from attack events without any human effort. Against this backdrop, we develop TrustEdge: an end-to-end IoMT system which seamlessly integrates four critical functions at the edge namely (i) TinyML-driven IDS-on-device (ii) PQC driven secure federated learning using NIST standard ML-KEM-512 algorithm (iii) lightweight blockchain audit trail and (iv) smart contract based self-healing. To that end and specifically designed for resource-constrained ESP32-class low-resource devices, TrustEdge, adapted to the tailored requirements of non-IID clinical environments, enables secure sub-second detection of both sensor spoofing and model poisoning attacks with 98.2 % accuracy while incurring no more than 1 % false positives; under mistaken diagnosis indications it automatically responds by triggering vetted recovery actions (e.g., node isolation or model rollback) without having to depend on cloud back-ends. The framework was tested on clinician-verified synthetic ICU data spanned in 3 simulated hospitals and within a high-fidelity OMNeT++ network simulation with realistic ICU WiFi, at 54Mbps (bit error rate of <span><math><msup><mn>10</mn><mrow><mo>−</mo><mn>5</mn></mrow></msup></math></span>, co-channel interference). Experimental results show that TrustEdge is 99.4 %(accuracy) of the health anomaly detection with negligible overhead (0.09ms(PQC encryption) and 1.2ms(per transaction of blockchain)). Our co-simulation ensures ethical safety and eliminates adversarial testing in living clinical sites; we provide full reproducibility, sharing code, data and simulation scripts. TrustEdge raises the bar for self-defending, autonomous critical care systems impermeable to present and quantum-age threats without the presence of any false positives in normal operation and is fully consistent with quantum-safe edge native design principles.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"36 ","pages":"Article 101855"},"PeriodicalIF":7.6,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146173157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An enhanced group matching method with transformed fingerprints, similarity filtering, and adaptive selection for indoor localization 基于指纹变换、相似度滤波和自适应选择的分组匹配方法

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things

Pub Date : 2026-03-01 Epub Date: 2026-01-01 DOI: 10.1016/j.iot.2025.101866

Huang Lin , Shuo Li , Wei Peng , Arthur Peng

WiFi fingerprinting-based indoor localization faces persistent challenges from signal instability and environmental interference. To address these issues, this study introduces an enhanced Group Matching Method with Transformed Fingerprints, Similarity Filtering, and Adaptive Selection, (GMM-TSFA), that improves localization accuracy, interpretability, and robustness. GMM-TSFA integrates three core mechanisms: instance-wise transformation to normalize signal variations and strengthen similarity metrics; similarity filtering to dynamically refine the candidate pool based on signal relevance; and adaptive selection to flexibly determine the most informative reference points. Together, these components improve both pattern recognition and spatial precision. Experiments on four benchmark datasets demonstrate the effectiveness of the proposed method, with a mean localization error (MLE) of 7.30 m on UJIIndoorLoc and 77.86 % of errors under 10 m, consistently outperforming baseline methods including the original GMM. Unlike deep learning-based models, GMM-TSFA offers a transparent and adaptable framework that supports explainable decision-making. These advantages make it a practical and scalable solution for real-world indoor localization systems deployed in complex environments.

基于WiFi指纹的室内定位面临着信号不稳定和环境干扰的持续挑战。为了解决这些问题，本研究引入了一种基于转换指纹、相似度滤波和自适应选择的增强组匹配方法（GMM-TSFA），提高了定位精度、可解释性和鲁棒性。GMM-TSFA集成了三个核心机制：实例化转换以标准化信号变化并加强相似性度量；相似度滤波，基于信号相关性动态细化候选库；并自适应选择，灵活确定信息量最大的参考点。这些组件共同提高了模式识别和空间精度。在4个基准数据集上的实验证明了该方法的有效性，在UJIIndoorLoc上的平均定位误差（MLE）为7.30 m， 10 m以下的误差为77.86%，始终优于包括原始GMM在内的基准方法。与基于深度学习的模型不同，GMM-TSFA提供了一个透明和适应性强的框架，支持可解释的决策。这些优点使其成为在复杂环境中部署的真实室内定位系统的实用且可扩展的解决方案。

{"title":"An enhanced group matching method with transformed fingerprints, similarity filtering, and adaptive selection for indoor localization","authors":"Huang Lin , Shuo Li , Wei Peng , Arthur Peng","doi":"10.1016/j.iot.2025.101866","DOIUrl":"10.1016/j.iot.2025.101866","url":null,"abstract":"<div><div>WiFi fingerprinting-based indoor localization faces persistent challenges from signal instability and environmental interference. To address these issues, this study introduces an enhanced Group Matching Method with Transformed Fingerprints, Similarity Filtering, and Adaptive Selection, (GMM-TSFA), that improves localization accuracy, interpretability, and robustness. GMM-TSFA integrates three core mechanisms: instance-wise transformation to normalize signal variations and strengthen similarity metrics; similarity filtering to dynamically refine the candidate pool based on signal relevance; and adaptive selection to flexibly determine the most informative reference points. Together, these components improve both pattern recognition and spatial precision. Experiments on four benchmark datasets demonstrate the effectiveness of the proposed method, with a mean localization error (MLE) of 7.30 m on UJIIndoorLoc and 77.86 % of errors under 10 m, consistently outperforming baseline methods including the original GMM. Unlike deep learning-based models, GMM-TSFA offers a transparent and adaptable framework that supports explainable decision-making. These advantages make it a practical and scalable solution for real-world indoor localization systems deployed in complex environments.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"36 ","pages":"Article 101866"},"PeriodicalIF":7.6,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145978120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain-assisted attribute-based multi-keyword search for dynamic encrypted data in cloud-edge-IoT 云边缘物联网中基于属性的区块链辅助多关键字动态加密数据搜索

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things

Pub Date : 2026-03-01 Epub Date: 2025-12-06 DOI: 10.1016/j.iot.2025.101838

Hanlei Cheng , Sio-Long Lo , Jing Lu

Keyword search is a fundamental technique for retrieving data outsourced to the cloud. Although encryption preserves data confidentiality, existing searchable encryption schemes often fail to efficiently support dynamic authorization and flexible retrieval. To address these limitations, we propose

BAMKS

, a blockchain-assisted attribute-based multi-keyword search scheme that supports secure and efficient search over version-aware encrypted data. In

BAMKS

, multiple data owners collaboratively generate version-bound access tokens that grant authorized users decryption privileges over evolving data. The scheme further enables conjunctive keyword search with updatable indexes. To ensure the integrity of search results, users can verify their correctness using an aggregated Schnorr-based non-interactive zero-knowledge proof, which is validated by smart contracts. In addition,

BAMKS

provides efficient attribute and user revocation without re-encrypting the stored ciphertexts, and supports user traceability for identifying malicious users from leaked keys. We formally prove that

BAMKS

achieves security against chosen-plaintext attacks (IND-CPA) and chosen-keyword attacks (IND-CKA) under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. Performance evaluations show that the scheme achieves lightweight decryption and efficient multi-keyword search, thereby reducing client-side computation and making it suitable for resource-constrained IoT environments. These features demonstrate the practicality of

BAMKS

for distributed cloud-edge-IoT storage applications.

关键字搜索是检索外包给云的数据的基本技术。虽然加密保护了数据的机密性，但现有的可搜索加密方案往往不能有效地支持动态授权和灵活的检索。为了解决这些限制，我们提出了BAMKS，这是一种区块链辅助的基于属性的多关键字搜索方案，支持对版本感知加密数据的安全高效搜索。在BAMKS中，多个数据所有者协作生成版本绑定的访问令牌，授予授权用户对演进数据的解密权限。该方案进一步支持使用可更新索引的联合关键字搜索。为了确保搜索结果的完整性，用户可以使用基于聚合schnorr的非交互式零知识证明来验证其正确性，该证明由智能合约验证。此外，BAMKS提供了有效的属性和用户撤销，而无需重新加密存储的密文，并支持用户可追溯性，以便从泄露的密钥中识别恶意用户。我们正式证明了BAMKS在决策双线性Diffie-Hellman （DBDH）假设下实现了对选择明文攻击（IND-CPA）和选择关键字攻击（IND-CKA）的安全性。性能评估表明，该方案实现了轻量级解密和高效的多关键字搜索，减少了客户端计算量，适用于资源受限的物联网环境。这些特性证明了BAMKS在分布式云边缘物联网存储应用中的实用性。

{"title":"Blockchain-assisted attribute-based multi-keyword search for dynamic encrypted data in cloud-edge-IoT","authors":"Hanlei Cheng , Sio-Long Lo , Jing Lu","doi":"10.1016/j.iot.2025.101838","DOIUrl":"10.1016/j.iot.2025.101838","url":null,"abstract":"<div><div>Keyword search is a fundamental technique for retrieving data outsourced to the cloud. Although encryption preserves data confidentiality, existing searchable encryption schemes often fail to efficiently support dynamic authorization and flexible retrieval. To address these limitations, we propose <span><math><mi>BAMKS</mi></math></span>, a blockchain-assisted attribute-based multi-keyword search scheme that supports secure and efficient search over version-aware encrypted data. In <span><math><mi>BAMKS</mi></math></span>, multiple data owners collaboratively generate version-bound access tokens that grant authorized users decryption privileges over evolving data. The scheme further enables conjunctive keyword search with updatable indexes. To ensure the integrity of search results, users can verify their correctness using an aggregated Schnorr-based non-interactive zero-knowledge proof, which is validated by smart contracts. In addition, <span><math><mi>BAMKS</mi></math></span> provides efficient attribute and user revocation without re-encrypting the stored ciphertexts, and supports user traceability for identifying malicious users from leaked keys. We formally prove that <span><math><mi>BAMKS</mi></math></span> achieves security against chosen-plaintext attacks (IND-CPA) and chosen-keyword attacks (IND-CKA) under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. Performance evaluations show that the scheme achieves lightweight decryption and efficient multi-keyword search, thereby reducing client-side computation and making it suitable for resource-constrained IoT environments. These features demonstrate the practicality of <span><math><mi>BAMKS</mi></math></span> for distributed cloud-edge-IoT storage applications.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"36 ","pages":"Article 101838"},"PeriodicalIF":7.6,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145738840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

End-To-end response-time analysis of DDS-based real-time applications 基于dds的实时应用的端到端响应时间分析

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things

Pub Date : 2026-03-01 Epub Date: 2025-12-17 DOI: 10.1016/j.iot.2025.101853

Gerlando Sciangula , Daniel Casini , Alessandro Biondi , Claudio Scordino , Marco Di Natale

The Data Distribution Service (DDS) is established as a middleware communication standard based on a data-centric publish-subscribe protocol. This standard is pivotal for applications in autonomous driving, smart cities, and Industry 4.0, facilitating communication among diverse devices across the IoT-to-Edge-to-Cloud continuum. Particularly in the automotive industry, modern autonomous systems, built on top of frameworks like ROS 2 and Autoware, heavily rely on DDS for real-time data exchange across distributed software components. The DDS is however typically implemented with a multithreaded software structure and leverages middleware-specific policies for message dispatching, posing considerable challenges in guaranteeing timing constraints. This paper fills significant gaps in the current understanding of DDS’s real-time performance. We introduce a comprehensive DDS model that includes both synchronous and asynchronous communication under various dispatching policies. The model is then used to derive a holistic response-time analysis capable of bounding the end-to-end latency of DDS-enabled real-time applications. Furthermore, we integrate our analysis with a state-of-the-art executor-based analysis for ROS2-based systems. The effectiveness of our approach is validated through experiments on a real platform using FastDDS, a popular DDS implementation, and a modern automotive testbed taken from the WATERS 2019 Industrial Challenge by Bosch. Finally, our analysis method is evaluated with both a ROS2 case-study application and the Autoware reference system, a realistic testbed from the open-source Autoware.Auto framework for autonomous driving.

数据分发服务（DDS）是基于以数据为中心的发布-订阅协议建立的中间件通信标准。该标准对于自动驾驶、智慧城市和工业4.0的应用至关重要，促进了物联网到边缘到云连续体中各种设备之间的通信。特别是在汽车行业，建立在ROS 2和Autoware等框架之上的现代自主系统严重依赖DDS在分布式软件组件之间进行实时数据交换。然而，DDS通常使用多线程软件结构实现，并利用特定于中间件的策略进行消息调度，这在保证时间约束方面提出了相当大的挑战。本文填补了目前对DDS实时性能理解的重大空白。我们介绍了一个综合的DDS模型，包括各种调度策略下的同步和异步通信。然后使用该模型推导出一个整体的响应时间分析，该分析能够限定启用dds的实时应用程序的端到端延迟。此外，我们将我们的分析与基于ros2的系统的最先进的基于执行者的分析集成在一起。我们的方法的有效性通过使用FastDDS（一种流行的DDS实现）和博世2019年WATERS工业挑战赛的现代汽车测试平台在真实平台上的实验得到验证。最后，通过ROS2案例研究应用程序和Autoware参考系统（来自开源Autoware的现实测试平台）对我们的分析方法进行了评估。用于自动驾驶的汽车框架。

{"title":"End-To-end response-time analysis of DDS-based real-time applications","authors":"Gerlando Sciangula , Daniel Casini , Alessandro Biondi , Claudio Scordino , Marco Di Natale","doi":"10.1016/j.iot.2025.101853","DOIUrl":"10.1016/j.iot.2025.101853","url":null,"abstract":"<div><div>The Data Distribution Service (DDS) is established as a middleware communication standard based on a data-centric publish-subscribe protocol. This standard is pivotal for applications in autonomous driving, smart cities, and Industry 4.0, facilitating communication among diverse devices across the IoT-to-Edge-to-Cloud continuum. Particularly in the automotive industry, modern autonomous systems, built on top of frameworks like ROS 2 and Autoware, heavily rely on DDS for real-time data exchange across distributed software components. The DDS is however typically implemented with a multithreaded software structure and leverages middleware-specific policies for message dispatching, posing considerable challenges in guaranteeing timing constraints. This paper fills significant gaps in the current understanding of DDS’s real-time performance. We introduce a comprehensive DDS model that includes both synchronous and asynchronous communication under various dispatching policies. The model is then used to derive a holistic response-time analysis capable of bounding the end-to-end latency of DDS-enabled real-time applications. Furthermore, we integrate our analysis with a state-of-the-art executor-based analysis for ROS2-based systems. The effectiveness of our approach is validated through experiments on a real platform using FastDDS, a popular DDS implementation, and a modern automotive testbed taken from the WATERS 2019 Industrial Challenge by Bosch. Finally, our analysis method is evaluated with both a ROS2 case-study application and the Autoware reference system, a realistic testbed from the open-source Autoware.Auto framework for autonomous driving.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"36 ","pages":"Article 101853"},"PeriodicalIF":7.6,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145791862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Analyzing the influence of users, devices, and search engines on viral spread in the social internet of things 分析社交物联网中用户、设备、搜索引擎对病毒式传播的影响

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things

Pub Date : 2026-01-01 Epub Date: 2025-12-03 DOI: 10.1016/j.iot.2025.101842

Chenquan Gan, Hongming Chen, Yi Qian, Liang Tian, Qingyi Zhu, Deepak Kumar Jain, Vitomir Štruc

The Social Internet of Things (SIoT) seamlessly integrates the Internet of Things (IoT) with social networks, intensifying the interconnections among objects, humans, and their interactions. While SIoT facilitates rapid information access and sharing through search engines, it also increases the risk of computer virus propagation. It is, therefore, critical to understand how viruses propagate in SIoT networks and which factors contribute the most to viral spread. While such understanding is of paramount importance, comprehensive studies on this topic are still limited in the literature. To address this gap, we study in this paper the long-term behavior of viral spread in SIoT, examining the roles of users, devices, and search engines. Specifically, we propose a novel dynamical virus propagation model that accounts for key factors, such as user awareness, device security levels, search engines, and external storage media. In comparison to competing solutions, the proposed model offers a unique perspective on viral spread in SIoT by focusing on multiple influential factors, their interactions, while also considering the inherent characteristics of the SIoT framework. A comprehensive theoretical analysis of the model is conducted to identify patterns and the key aspects of virus propagation in SIoT. To further validate the findings, a virus propagation algorithm is also designed, and multiple simulations are conducted on two real network datasets (Facebook and P2P), demonstrating the validity of the theoretical findings.

社交物联网（Social Internet of Things, SIoT）将物联网（Internet of Things, IoT）与社交网络无缝融合，强化了物、人、物之间的相互联系。SIoT通过搜索引擎促进了信息的快速获取和共享，但也增加了计算机病毒传播的风险。因此，了解病毒如何在SIoT网络中传播以及哪些因素对病毒传播贡献最大是至关重要的。虽然这样的理解是至关重要的，但在文献中对这一主题的全面研究仍然有限。为了解决这一差距，我们在本文中研究了SIoT病毒传播的长期行为，检查了用户，设备和搜索引擎的角色。具体来说，我们提出了一个新的动态病毒传播模型，该模型考虑了关键因素，如用户意识、设备安全级别、搜索引擎和外部存储介质。与竞争性解决方案相比，该模型通过关注多种影响因素及其相互作用，同时考虑SIoT框架的固有特征，为SIoT中的病毒传播提供了独特的视角。对该模型进行了全面的理论分析，以确定SIoT病毒传播的模式和关键方面。为了进一步验证这一发现，我们还设计了一种病毒传播算法，并在两个真实网络数据集（Facebook和P2P）上进行了多次模拟，验证了理论发现的有效性。

{"title":"Analyzing the influence of users, devices, and search engines on viral spread in the social internet of things","authors":"Chenquan Gan, Hongming Chen, Yi Qian, Liang Tian, Qingyi Zhu, Deepak Kumar Jain, Vitomir Štruc","doi":"10.1016/j.iot.2025.101842","DOIUrl":"10.1016/j.iot.2025.101842","url":null,"abstract":"<div><div>The Social Internet of Things (SIoT) seamlessly integrates the Internet of Things (IoT) with social networks, intensifying the interconnections among objects, humans, and their interactions. While SIoT facilitates rapid information access and sharing through search engines, it also increases the risk of computer virus propagation. It is, therefore, critical to understand how viruses propagate in SIoT networks and which factors contribute the most to viral spread. While such understanding is of paramount importance, comprehensive studies on this topic are still limited in the literature. To address this gap, we study in this paper the long-term behavior of viral spread in SIoT, examining the roles of users, devices, and search engines. Specifically, we propose a novel dynamical virus propagation model that accounts for key factors, such as user awareness, device security levels, search engines, and external storage media. In comparison to competing solutions, the proposed model offers a unique perspective on viral spread in SIoT by focusing on multiple influential factors, their interactions, while also considering the inherent characteristics of the SIoT framework. A comprehensive theoretical analysis of the model is conducted to identify patterns and the key aspects of virus propagation in SIoT. To further validate the findings, a virus propagation algorithm is also designed, and multiple simulations are conducted on two real network datasets (Facebook and P2P), demonstrating the validity of the theoretical findings.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"35 ","pages":"Article 101842"},"PeriodicalIF":7.6,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145681811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Proactive context aware task offloading in digital twin driven federated IoT systems with large language models 具有大型语言模型的数字孪生驱动的联邦物联网系统中的主动上下文感知任务卸载

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things

Pub Date : 2026-01-01 Epub Date: 2025-11-17 DOI: 10.1016/j.iot.2025.101826

Klea Elmazi , Donald Elmazi , Jonatan Lerga

This study considers the combination of Digital Twins (DT), Federated Learning (FL), and computation offloading to establish a context-aware framework for effective resource management in IoT networks. Although DT models can predict battery levels, CPU usage, and network delays to aid reinforcement learning (RL) agents, earlier RL-based controllers require significant training and are slow to adapt to changes. To overcome this issue, we propose a Large Language Model (LLM)-assisted offloading method that transforms real-time DT predictions and selected historical Explainable DT with Federated Multi-Agent RL (MARL) examples into structured natural-language prompts. Through in-context learning, LLM deduces offloading tactics without retraining, while FL aligns global convergence metrics to optimize the balance between inference accuracy and energy efficiency. Simulation studies conducted for baseline and unstable wireless network scenarios reveal that the LLM controller persistently maintains near-optimal latency and reduces energy use. In a baseline scenario with

N = 36

devices, the LLM achieves an average latency of 252 ms, which is only 5 % higher than edge offloading, while cutting energy consumption by around 20 %. Under unstable wireless conditions, it achieves an average latency of 276 ms with energy use of 0.122 J, as opposed to 0.154 J for edge offloading. These findings validate that LLM-based decision making facilitates scalable, adaptive, and energy-efficient task scheduling, presenting a viable alternative to RL controllers in DT-enabled federated IoT systems.

本研究考虑了数字孪生（DT）、联邦学习（FL）和计算卸载的结合，为物联网网络中有效的资源管理建立了一个上下文感知框架。虽然DT模型可以预测电池电量、CPU使用率和网络延迟，以帮助强化学习（RL）代理，但早期基于强化学习的控制器需要大量的训练，并且适应变化的速度很慢。为了克服这个问题，我们提出了一种大型语言模型（LLM）辅助卸载方法，该方法将实时DT预测和具有联邦多代理RL （MARL）示例的选定历史可解释DT转换为结构化的自然语言提示。通过上下文学习，LLM推导卸载策略而无需再训练，而FL对齐全局收敛指标以优化推理精度和能源效率之间的平衡。对基线和不稳定无线网络场景进行的仿真研究表明，LLM控制器持续保持接近最佳的延迟，并减少了能源消耗。在N=36个设备的基线场景中，LLM实现了252毫秒的平均延迟，仅比边缘卸载高5%，同时降低了大约20%的能耗。在不稳定的无线条件下，它的平均延迟为276毫秒，能耗为0.122 J，而边缘卸载的能耗为0.154 J。这些发现验证了基于llm的决策有助于可扩展、自适应和节能的任务调度，在支持dt的联邦物联网系统中提供了RL控制器的可行替代方案。

{"title":"Proactive context aware task offloading in digital twin driven federated IoT systems with large language models","authors":"Klea Elmazi , Donald Elmazi , Jonatan Lerga","doi":"10.1016/j.iot.2025.101826","DOIUrl":"10.1016/j.iot.2025.101826","url":null,"abstract":"<div><div>This study considers the combination of Digital Twins (DT), Federated Learning (FL), and computation offloading to establish a context-aware framework for effective resource management in IoT networks. Although DT models can predict battery levels, CPU usage, and network delays to aid reinforcement learning (RL) agents, earlier RL-based controllers require significant training and are slow to adapt to changes. To overcome this issue, we propose a Large Language Model (LLM)-assisted offloading method that transforms real-time DT predictions and selected historical Explainable DT with Federated Multi-Agent RL (MARL) examples into structured natural-language prompts. Through in-context learning, LLM deduces offloading tactics without retraining, while FL aligns global convergence metrics to optimize the balance between inference accuracy and energy efficiency. Simulation studies conducted for baseline and unstable wireless network scenarios reveal that the LLM controller persistently maintains near-optimal latency and reduces energy use. In a baseline scenario with <span><math><mrow><mi>N</mi><mo>=</mo><mn>36</mn></mrow></math></span> devices, the LLM achieves an average latency of 252 ms, which is only 5 % higher than edge offloading, while cutting energy consumption by around 20 %. Under unstable wireless conditions, it achieves an average latency of 276 ms with energy use of 0.122 J, as opposed to 0.154 J for edge offloading. These findings validate that LLM-based decision making facilitates scalable, adaptive, and energy-efficient task scheduling, presenting a viable alternative to RL controllers in DT-enabled federated IoT systems.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"35 ","pages":"Article 101826"},"PeriodicalIF":7.6,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145570538","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Energy-efficient cryptographic optimization for narrowband IoT security: Integrating blockchain and EP-CuMAC with ECM-SHA256 窄带物联网安全节能加密优化：区块链和EP-CuMAC与ECM-SHA256集成

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things

Pub Date : 2026-01-01 Epub Date: 2025-11-18 DOI: 10.1016/j.iot.2025.101828

Hafizullah Kakar , Vamshi S. Mohan , Swapnoneel Roy , Ayan Dutta , O. Patrick Kreidl , Ladislau Bölöni , Sriram Sankaran

Narrowband Internet of Things (NB-IoT) continues to expand but faces challenges of cryptographic overhead and energy consumption. Security frameworks such as blockchain and Energy-Performance Cumulative Message Authentication Codes (EP-CuMAC) rely heavily on SHA-256, which is not optimized for energy-limited devices. This work unifies two complementary approaches-a hybrid blockchain-based NB-IoT framework and an EP-CuMAC-based framework-by engineering their cryptographic core with an Energy Complexity Model-optimized SHA-256 (ECM-SHA256). ECM applies parallel memory-bank mapping and block-level access optimization to reduce redundant power usage while preserving algorithmic integrity. Experimental evaluation on identical Intel DDR3 systems using pyRAPL shows energy savings of 2–13 % across blockchain (Unique ID Generation, Device Join, Transactions) and EP-CuMAC modules (Feedback, Prediction, Verification, Retransmission). The optimization leverages the Energy Complexity Model’s parallel memory-bank mapping of SHA-256, implemented on identical Intel DDR3 systems using pyRAPL for repeatable measurements. The results position ECM-SHA256 as a generalizable cryptographic optimization strategy for secure and sustainable NB-IoT deployments.

窄带物联网（NB-IoT）在不断扩展的同时，也面临着加密开销和能耗的挑战。区块链和能源性能累积消息认证码（EP-CuMAC）等安全框架严重依赖SHA-256，而SHA-256并未针对能源限制设备进行优化。这项工作结合了两种互补的方法-基于混合区块链的NB-IoT框架和基于ep - cumac的框架-通过使用优化的能量复杂性模型SHA-256 （ECM-SHA256）来设计其加密核心。ECM采用并行内存库映射和块级访问优化来减少冗余功耗，同时保持算法的完整性。在使用pyRAPL的相同英特尔DDR3系统上的实验评估显示，在区块链（唯一ID生成，设备连接，事务）和EP-CuMAC模块（反馈，预测，验证，重发）中节能2 - 13%。优化利用了能量复杂性模型的SHA-256并行内存库映射，在相同的英特尔DDR3系统上实现，使用pyRAPL进行可重复测量。研究结果将ECM-SHA256定位为安全、可持续的NB-IoT部署的通用加密优化策略。

{"title":"Energy-efficient cryptographic optimization for narrowband IoT security: Integrating blockchain and EP-CuMAC with ECM-SHA256","authors":"Hafizullah Kakar , Vamshi S. Mohan , Swapnoneel Roy , Ayan Dutta , O. Patrick Kreidl , Ladislau Bölöni , Sriram Sankaran","doi":"10.1016/j.iot.2025.101828","DOIUrl":"10.1016/j.iot.2025.101828","url":null,"abstract":"<div><div>Narrowband Internet of Things (NB-IoT) continues to expand but faces challenges of cryptographic overhead and energy consumption. Security frameworks such as blockchain and Energy-Performance Cumulative Message Authentication Codes (EP-CuMAC) rely heavily on SHA-256, which is not optimized for energy-limited devices. This work unifies two complementary approaches-a hybrid blockchain-based NB-IoT framework and an EP-CuMAC-based framework-by engineering their cryptographic core with an Energy Complexity Model-optimized SHA-256 (ECM-SHA256). ECM applies parallel memory-bank mapping and block-level access optimization to reduce redundant power usage while preserving algorithmic integrity. Experimental evaluation on identical Intel DDR3 systems using pyRAPL shows energy savings of 2–13 % across blockchain (Unique ID Generation, Device Join, Transactions) and EP-CuMAC modules (Feedback, Prediction, Verification, Retransmission). The optimization leverages the Energy Complexity Model’s parallel memory-bank mapping of SHA-256, implemented on identical Intel DDR3 systems using pyRAPL for repeatable measurements. The results position ECM-SHA256 as a generalizable cryptographic optimization strategy for secure and sustainable NB-IoT deployments.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"35 ","pages":"Article 101828"},"PeriodicalIF":7.6,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145570536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0