Pub Date : 2025-08-16DOI: 10.1016/j.csi.2025.104052
Samson O. Oruma , Mary Sánchez-Gordón , Vasileios Gkioulos
The field of social robotics is witnessing a transformative shift in public interaction and service provision with the advent of Social Robots in Public Spaces (SRPS). However, this progress brings forth significant software security challenges. Developers and stakeholders struggle with designing secure SRPS software without specific standards and frameworks. Existing Secure Software Development Life Cycles fall short in addressing the intricate security needs of SRPS, often prioritizing functionality over security. Integrating various technologies within SRPS and the dynamic nature of public spaces compounds the challenge of ensuring security and user acceptance. To bridge this gap, this study proposes SecuRoPS, a framework designed specifically to address the unique security, safety, and usability requirements of SRPS throughout the software development lifecycle by emphasizing stakeholder engagement, regulatory compliance, and continuous iterative improvements. Built on a robust technology transfer model, the framework is validated through expert interviews, real-world use cases, and laboratory testing, ensuring practical applicability and adaptability to evolving threats. This iterative framework aims to guide various stakeholders, including software developers, organizations, researchers, and end-users, fostering wider acceptance and facilitating the safe integration of social robots into everyday life.
{"title":"Enhancing security, privacy, and usability in social robots: A software development framework","authors":"Samson O. Oruma , Mary Sánchez-Gordón , Vasileios Gkioulos","doi":"10.1016/j.csi.2025.104052","DOIUrl":"10.1016/j.csi.2025.104052","url":null,"abstract":"<div><div>The field of social robotics is witnessing a transformative shift in public interaction and service provision with the advent of Social Robots in Public Spaces (SRPS). However, this progress brings forth significant software security challenges. Developers and stakeholders struggle with designing secure SRPS software without specific standards and frameworks. Existing Secure Software Development Life Cycles fall short in addressing the intricate security needs of SRPS, often prioritizing functionality over security. Integrating various technologies within SRPS and the dynamic nature of public spaces compounds the challenge of ensuring security and user acceptance. To bridge this gap, this study proposes SecuRoPS, a framework designed specifically to address the unique security, safety, and usability requirements of SRPS throughout the software development lifecycle by emphasizing stakeholder engagement, regulatory compliance, and continuous iterative improvements. Built on a robust technology transfer model, the framework is validated through expert interviews, real-world use cases, and laboratory testing, ensuring practical applicability and adaptability to evolving threats. This iterative framework aims to guide various stakeholders, including software developers, organizations, researchers, and end-users, fostering wider acceptance and facilitating the safe integration of social robots into everyday life.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104052"},"PeriodicalIF":3.1,"publicationDate":"2025-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144886894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The rapid development of Smart Home IoT (SH-IoT) technologies presents considerable challenges in information security and privacy protection, including recurrent data breaches and privacy violations. Addressing these issues, this study introduces a multi-image encryption algorithm utilizing a novel 3D discrete hyperchaotic map to strengthen SH-IoT security. The solution simultaneously encrypts multiple images by integrating compressive sensing, while novel encryption units disrupt pixel correlations through cross-plane permutation and ring chain diffusion. Demonstrating remarkable adaptability, the algorithm dynamically adjusts compression ratios according to device capabilities and application demands, optimizing the security-efficiency-quality balance. Experimental validation confirms exceptional performance: achieving 99.6095% NPCR and 33.4597% UACI, along with a 2481 kb/s encryption speed at 0.5 compression ratio—substantially outperforming non-compressed scenarios.
{"title":"A new multi-image encryption scheme for Smart Home IoT integrating hyperchaos and compressive sensing","authors":"Yuanmao Zhong, Qiang Lai, Chongkun Zhu, Minghong Qin","doi":"10.1016/j.csi.2025.104051","DOIUrl":"10.1016/j.csi.2025.104051","url":null,"abstract":"<div><div>The rapid development of Smart Home IoT (SH-IoT) technologies presents considerable challenges in information security and privacy protection, including recurrent data breaches and privacy violations. Addressing these issues, this study introduces a multi-image encryption algorithm utilizing a novel 3D discrete hyperchaotic map to strengthen SH-IoT security. The solution simultaneously encrypts multiple images by integrating compressive sensing, while novel encryption units disrupt pixel correlations through cross-plane permutation and ring chain diffusion. Demonstrating remarkable adaptability, the algorithm dynamically adjusts compression ratios according to device capabilities and application demands, optimizing the security-efficiency-quality balance. Experimental validation confirms exceptional performance: achieving 99.6095% NPCR and 33.4597% UACI, along with a 2481 kb/s encryption speed at 0.5 compression ratio—substantially outperforming non-compressed scenarios.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104051"},"PeriodicalIF":3.1,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144829124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-08-08DOI: 10.1016/j.csi.2025.104054
Ercüment Güvenç , Mevlüt Ersoy , Gürcan Çetin
Early detection of a brain tumor significantly increases the likelihood that treatment will begin in a timely manner. Because it is difficult to detect tumor tissue with visual inspection, the magnetic resonance (MR) imaging method was developed. The analysis of MR images largely dependent on the radiologist's experience and visual interpretation. The primary reason for this is that brain tumors can vary in form and size. Deep learning (DL)-based techniques have accelerated medical image segmentation research thanks to their self-learning capabilities. When large amounts of training data are presented, these methods can achieve high success rates. ImageNet, CIFAR10/100, PASCAL VOC, MS COCO, and BRaTS benchmark datasets are extensively used for brain tumor segmentation. However, the limited amount of data in these datasets restricts the performance of DL models. The outstanding performance of Generative Adversarial Networks (GAN) in the field of medical image generation has attracted the interest of academics in recent years. In the study, we present a deep learning model that creates synthetic brain MR images using a Deep Convolutional GAN (DCGAN). The BRaTS2018 dataset's FLAIR sequence training data has been utilized as input. After a certain number of epochs, the learning model generated realistic and high-quality brain MR images. The FID score was used to evaluate the performance of the GAN model. Tumor regions on the generated MR images have been segmented automatically using the K-means algorithm and produced a high-dimensional dataset of 782 images. The study examined to what extent synthetic MR images enhanced the tumor region segmentation performance of the UNet, ResUNet, ResNet50, VGG16, and VGG19 models. According to the findings of the study, the ResNet50 model outperformed the other DL models. In terms of model performance, accuracy improved from 98.99% to 99.26%, the dice coefficient score moved from 57.33% to 81.32%, and the IoU increased from 40.89% to 66.86%.
{"title":"Deep learning-based automated segmentation of brain tumors using synthetic MR images generated with DCGAN","authors":"Ercüment Güvenç , Mevlüt Ersoy , Gürcan Çetin","doi":"10.1016/j.csi.2025.104054","DOIUrl":"10.1016/j.csi.2025.104054","url":null,"abstract":"<div><div>Early detection of a brain tumor significantly increases the likelihood that treatment will begin in a timely manner. Because it is difficult to detect tumor tissue with visual inspection, the magnetic resonance (MR) imaging method was developed. The analysis of MR images largely dependent on the radiologist's experience and visual interpretation. The primary reason for this is that brain tumors can vary in form and size. Deep learning (DL)-based techniques have accelerated medical image segmentation research thanks to their self-learning capabilities. When large amounts of training data are presented, these methods can achieve high success rates. ImageNet, CIFAR10/100, PASCAL VOC, MS COCO, and BRaTS benchmark datasets are extensively used for brain tumor segmentation. However, the limited amount of data in these datasets restricts the performance of DL models. The outstanding performance of Generative Adversarial Networks (GAN) in the field of medical image generation has attracted the interest of academics in recent years. In the study, we present a deep learning model that creates synthetic brain MR images using a Deep Convolutional GAN (DCGAN). The BRaTS2018 dataset's FLAIR sequence training data has been utilized as input. After a certain number of epochs, the learning model generated realistic and high-quality brain MR images. The FID score was used to evaluate the performance of the GAN model. Tumor regions on the generated MR images have been segmented automatically using the K-means algorithm and produced a high-dimensional dataset of 782 images. The study examined to what extent synthetic MR images enhanced the tumor region segmentation performance of the UNet, ResUNet, ResNet50, VGG16, and VGG19 models. According to the findings of the study, the ResNet50 model outperformed the other DL models. In terms of model performance, accuracy improved from 98.99% to 99.26%, the dice coefficient score moved from 57.33% to 81.32%, and the IoU increased from 40.89% to 66.86%.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104054"},"PeriodicalIF":3.1,"publicationDate":"2025-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144902953","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-08-07DOI: 10.1016/j.csi.2025.104053
Gobalakrishnan N , Muthu Pandeeswari R
Ensuring the security of healthcare systems is crucial for protecting sensitive patient data from breaches and unauthorized access, thereby preserving confidentiality and maintaining trust in medical institutions. Robust security measures are also vital in preventing medical identity theft, which can result in fraudulent treatments and financial losses for patients. However, existing security frameworks often suffer from critical shortcomings, including weak encryption methods, inadequate access controls, and ineffective incident response mechanisms, leaving systems vulnerable to cyber threats. Additionally, many traditional security solutions lack adaptability to emerging technologies such as telemedicine and the Internet of Things (IoT), which introduce new attack vectors if not properly managed. To address these challenges, we introduce SMART-DEFENSE (Secure Medical Architecture for Resilient Trust and Dynamic Encryption in Federated Edge Networks with Security Enhancements), a novel defense model specifically designed for smart healthcare environments. The proposed framework consists of key components, including medical IoT devices, a Detective Gateway (DG), Edge Servers with Honeypot (HES), a Blockchain-assisted Cloud Server (BCS), and a Trust Integrity Authority (TIA). To enhance scalability, a 3D hexagonal-based network architecture (3D-Hexa) is implemented as the foundation of the system. Security is reinforced through Decentralized Identity Management and Dynamic Trust Scoring, incorporating Shuffled Pass Points (SPP) for authentication and Optimizer-based Trust Evaluation (OTE) via the DG. To improve threat detection accuracy, Stratified Federated Learning (SFL) is employed within the HES, enabling a collaborative defense mechanism against cyberattacks. Finally, Chaotic Encryption Blockchain (CEB) ensures secure data management by strengthening both privacy and integrity. By integrating these cutting-edge technologies, SMART-DEFENSE provides a comprehensive, resilient, and scalable security framework for smart healthcare achieving a 28.5 % reduction in False Acceptance Rate, a 16.9 % increase in authentication success rate, and a 4.15 % improvement in trust evaluation accuracy over existing models effectively mitigating cyber threats while ensuring the privacy and reliability of healthcare data.
{"title":"SMART-DEFENSE: 3D hexagonal federated network for systematic attack detection in blockchain-integrated healthcare environment","authors":"Gobalakrishnan N , Muthu Pandeeswari R","doi":"10.1016/j.csi.2025.104053","DOIUrl":"10.1016/j.csi.2025.104053","url":null,"abstract":"<div><div>Ensuring the security of healthcare systems is crucial for protecting sensitive patient data from breaches and unauthorized access, thereby preserving confidentiality and maintaining trust in medical institutions. Robust security measures are also vital in preventing medical identity theft, which can result in fraudulent treatments and financial losses for patients. However, existing security frameworks often suffer from critical shortcomings, including weak encryption methods, inadequate access controls, and ineffective incident response mechanisms, leaving systems vulnerable to cyber threats. Additionally, many traditional security solutions lack adaptability to emerging technologies such as telemedicine and the Internet of Things (IoT), which introduce new attack vectors if not properly managed. To address these challenges, we introduce <strong>SMART-DEFENSE</strong> (Secure Medical Architecture for Resilient Trust and Dynamic Encryption in Federated Edge Networks with Security Enhancements), a novel defense model specifically designed for smart healthcare environments. The proposed framework consists of key components, including medical IoT devices, a Detective Gateway (DG), Edge Servers with Honeypot (HES), a Blockchain-assisted Cloud Server (BCS), and a Trust Integrity Authority (TIA). To enhance scalability, a 3D hexagonal-based network architecture (3D-Hexa) is implemented as the foundation of the system. Security is reinforced through Decentralized Identity Management and Dynamic Trust Scoring, incorporating Shuffled Pass Points (SPP) for authentication and Optimizer-based Trust Evaluation (OTE) via the DG. To improve threat detection accuracy<strong>,</strong> Stratified Federated Learning (SFL) is employed within the HES, enabling a collaborative defense mechanism against cyberattacks. Finally, Chaotic Encryption Blockchain (CEB) ensures secure data management by strengthening both privacy and integrity. By integrating these cutting-edge technologies, SMART-DEFENSE provides a comprehensive, resilient, and scalable security framework for smart healthcare achieving a 28.5 % reduction in False Acceptance Rate, a 16.9 % increase in authentication success rate, and a 4.15 % improvement in trust evaluation accuracy over existing models effectively mitigating cyber threats while ensuring the privacy and reliability of healthcare data.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104053"},"PeriodicalIF":3.1,"publicationDate":"2025-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144879080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-08-05DOI: 10.1016/j.csi.2025.104049
James Sharp , Mike Standish , Jaspal Sagoo , Edwin van de Sluis
Multi-Core Processors (MCPs) are ubiquitous in modern electronic devices. However, their exploitation within the high criticality domains, specifically that of aerospace, introduces challenges. The European Union Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) recently released harmonised guidance in the form of Acceptable Means of Compliance (AMC) 20-193, which details what is required, from a certification perspective, to enable the use of MCPs for satisfying airworthiness requirements. Although regulatory authorities have withdrawn Job Aids for standards such as DO-178 and DO-254, they are an effective method of showing compliance to standards and widely used by assessors. Understanding MCPs is, however, non-trivial and requires significant expertise not only of the device itself, but also how software will be architected and executed, along with how system level safety considerations are to be employed, all to ensure safe application of this technology. Thus, within this paper the authors, through the provision of an assessment of the what detailed in AMC 20-193, give an in-depth analysis into the intent behind the 10 objectives set out in this new AMC. The aim of the paper is to provide a foundation upon which Subject Matter Experts (SMEs) might construct their own Job Aid. Through its discussions, it is the authors intention that this paper enables a common understanding against which an applicant, assessor, and authority can interpret the how when looking to achieve the what set out in AMC 20-193.
{"title":"Towards a multi-core certification Job-Aid for AMC 20-193","authors":"James Sharp , Mike Standish , Jaspal Sagoo , Edwin van de Sluis","doi":"10.1016/j.csi.2025.104049","DOIUrl":"10.1016/j.csi.2025.104049","url":null,"abstract":"<div><div>Multi-Core Processors (MCPs) are ubiquitous in modern electronic devices. However, their exploitation within the high criticality domains, specifically that of aerospace, introduces challenges. The European Union Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) recently released harmonised guidance in the form of Acceptable Means of Compliance (AMC) 20-193, which details <em>what</em> is required, from a certification perspective, to enable the use of MCPs for satisfying airworthiness requirements. Although regulatory authorities have withdrawn Job Aids for standards such as DO-178 and DO-254, they are an effective method of showing compliance to standards and widely used by assessors. Understanding MCPs is, however, non-trivial and requires significant expertise not only of the device itself, but also how software will be architected and executed, along with how system level safety considerations are to be employed, all to ensure safe application of this technology. Thus, within this paper the authors, through the provision of an assessment of the <em>what</em> detailed in AMC 20-193, give an in-depth analysis into the intent behind the 10 objectives set out in this new AMC. The aim of the paper is to provide a foundation upon which Subject Matter Experts (SMEs) might construct their own Job Aid. Through its discussions, it is the authors intention that this paper enables a common understanding against which an applicant, assessor, and authority can interpret the <em>how</em> when looking to achieve the <em>what</em> set out in AMC 20-193.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104049"},"PeriodicalIF":3.1,"publicationDate":"2025-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145007730","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-07-24DOI: 10.1016/j.csi.2025.104048
Morgan E. Edwards, Jeremiah D. Still
Phishing attacks exploit psychological vulnerabilities to steal valuable information. While extensive research has improved defenses against email phishing, less is known about how non-technical users, particularly young adults, respond to SMiShing (SMS phishing) attacks. This research addresses this empirical gap by investigating user behavior and decision-making processes related to SMiShing among undergraduate students, a demographic identified as particularly susceptible to these attacks. Study 1 surveyed college students' SMiShing knowledge, experience, and hygiene practices, examining the influence of traditional phishing susceptibility factors. Contrary to expectations, these factors were not predictive of SMiShing behavior. Furthermore, the Cyber Hygiene Inventory (CHI) proved ineffective in predicting secure SMiShing practices. Study 2 combined eye-tracking and self-reported data to analyze how users evaluate text message legitimacy. While participants accurately reported using message content, they over-reported their reliance on sender phone numbers. These findings provide crucial insights into the SMiShing attack vector from the end-user perspective, specifically within a vulnerable demographic. This work highlights the need for human-centered security solutions tailored to the unique challenges of SMiShing, ultimately improving user resilience against these attacks.
{"title":"Cyber hygiene of SMiShing: What they know and where they look","authors":"Morgan E. Edwards, Jeremiah D. Still","doi":"10.1016/j.csi.2025.104048","DOIUrl":"10.1016/j.csi.2025.104048","url":null,"abstract":"<div><div>Phishing attacks exploit psychological vulnerabilities to steal valuable information. While extensive research has improved defenses against email phishing, less is known about how non-technical users, particularly young adults, respond to SMiShing (SMS phishing) attacks. This research addresses this empirical gap by investigating user behavior and decision-making processes related to SMiShing among undergraduate students, a demographic identified as particularly susceptible to these attacks. Study 1 surveyed college students' SMiShing knowledge, experience, and hygiene practices, examining the influence of traditional phishing susceptibility factors. Contrary to expectations, these factors were not predictive of SMiShing behavior. Furthermore, the Cyber Hygiene Inventory (CHI) proved ineffective in predicting secure SMiShing practices. Study 2 combined eye-tracking and self-reported data to analyze how users evaluate text message legitimacy. While participants accurately reported using message content, they over-reported their reliance on sender phone numbers. These findings provide crucial insights into the SMiShing attack vector from the end-user perspective, specifically within a vulnerable demographic. This work highlights the need for human-centered security solutions tailored to the unique challenges of SMiShing, ultimately improving user resilience against these attacks.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104048"},"PeriodicalIF":3.1,"publicationDate":"2025-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144749843","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-07-21DOI: 10.1016/j.csi.2025.104045
Guangjin Zhang, Yanwei Zhou, Xianxiang Liu, Bo Yang
The Industrial Internet of Things (IIoT) needs adaptive trust management solutions to emphasize secure delegation and revocation in dynamic settings. Current proxy signature schemes often have centralized architectures or mechanisms that either damage historical data integrity or cause unsustainable storage costs, failing to solve key revocation efficiency problems. This paper presents a novel revocable certificate-based proxy signature (CBPS) scheme with a new revocation framework for IIoT constraints. By introducing timestamp-based polynomial delegation, our CBPS scheme enables indirect revocation, meaning the revocation list only needs to store prematurely terminated delegate tokens. This approach ensures immediate invalidation of revoked permissions without affecting the validity of pre-revocation signatures, achieving storage efficiency while preserving historical transaction auditability. The framework seamlessly integrates with certificate-based cryptography, eliminating key escrow risks. Security analysis shows resistance to collusion attacks and adaptive adversaries, and performance evaluations confirm the scheme’s practicality in resource-constrained environments. The work progresses IIoT trust management by combining real-time revocation with minimal overhead, ensuring security and scalability in industrial deployments.
{"title":"Certificate-based proxy signature scheme with revocation for Industrial Internet of Things","authors":"Guangjin Zhang, Yanwei Zhou, Xianxiang Liu, Bo Yang","doi":"10.1016/j.csi.2025.104045","DOIUrl":"10.1016/j.csi.2025.104045","url":null,"abstract":"<div><div>The Industrial Internet of Things (IIoT) needs adaptive trust management solutions to emphasize secure delegation and revocation in dynamic settings. Current proxy signature schemes often have centralized architectures or mechanisms that either damage historical data integrity or cause unsustainable storage costs, failing to solve key revocation efficiency problems. This paper presents a novel revocable certificate-based proxy signature (CBPS) scheme with a new revocation framework for IIoT constraints. By introducing timestamp-based polynomial delegation, our CBPS scheme enables indirect revocation, meaning the revocation list only needs to store prematurely terminated delegate tokens. This approach ensures immediate invalidation of revoked permissions without affecting the validity of pre-revocation signatures, achieving storage efficiency while preserving historical transaction auditability. The framework seamlessly integrates with certificate-based cryptography, eliminating key escrow risks. Security analysis shows resistance to collusion attacks and adaptive adversaries, and performance evaluations confirm the scheme’s practicality in resource-constrained environments. The work progresses IIoT trust management by combining real-time revocation with minimal overhead, ensuring security and scalability in industrial deployments.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104045"},"PeriodicalIF":4.1,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144686880","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-07-12DOI: 10.1016/j.csi.2025.104037
Francisco Lopez-Gomez , Rafael Marin-Lopez , Gabriel Lopez-Millan , Dan Garcia-Carrillo , John Preuß Mattsson , Göran Selander
The Extensible Authentication Protocol (EAP) has been a cornerstone of secure authentication in both wired and wireless networks, as well as enterprise systems, enabling integration with a wide range of authentication mechanisms. Recently, the IETF EAP Method Update (EMU) Working Group has adopted EAP-EDHOC, a method that combines EAP’s extensibility with the recent standard Ephemeral Diffie–Hellman Over COSE (EDHOC). EDHOC is a lightweight authentication and key exchange protocol designed to be supported in resource-constrained environments. This enhances EAP-EDHOC as a high-performance authentication method for EAP-based networks. This paper presents a comprehensive analysis of the standardization efforts surrounding EAP-EDHOC, including a first proof-of-concept implementation and performance evaluation conducted over Wi-Fi networks. Additionally, a new design that optimizes the existing protocol by reversing the roles of the communication parties is proposed. The original and optimized versions are evaluated and compared with each other, as well as with EAP-TLS 1.3 and EAP-PSK. The results demonstrate that EAP-EDHOC achieves more efficient authentication than EAP-TLS 1.3 in terms of execution time, number of messages, and data transmitted. Meanwhile, EAP-PSK, which is based on symmetric cryptography, serves as a performance baseline.
{"title":"Towards a new standard for network access authentication: EAP-EDHOC","authors":"Francisco Lopez-Gomez , Rafael Marin-Lopez , Gabriel Lopez-Millan , Dan Garcia-Carrillo , John Preuß Mattsson , Göran Selander","doi":"10.1016/j.csi.2025.104037","DOIUrl":"10.1016/j.csi.2025.104037","url":null,"abstract":"<div><div>The Extensible Authentication Protocol (EAP) has been a cornerstone of secure authentication in both wired and wireless networks, as well as enterprise systems, enabling integration with a wide range of authentication mechanisms. Recently, the IETF EAP Method Update (EMU) Working Group has adopted EAP-EDHOC, a method that combines EAP’s extensibility with the recent standard Ephemeral Diffie–Hellman Over COSE (EDHOC). EDHOC is a lightweight authentication and key exchange protocol designed to be supported in resource-constrained environments. This enhances EAP-EDHOC as a high-performance authentication method for EAP-based networks. This paper presents a comprehensive analysis of the standardization efforts surrounding EAP-EDHOC, including a first proof-of-concept implementation and performance evaluation conducted over Wi-Fi networks. Additionally, a new design that optimizes the existing protocol by reversing the roles of the communication parties is proposed. The original and optimized versions are evaluated and compared with each other, as well as with EAP-TLS 1.3 and EAP-PSK. The results demonstrate that EAP-EDHOC achieves more efficient authentication than EAP-TLS 1.3 in terms of execution time, number of messages, and data transmitted. Meanwhile, EAP-PSK, which is based on symmetric cryptography, serves as a performance baseline.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104037"},"PeriodicalIF":4.1,"publicationDate":"2025-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144632280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-07-12DOI: 10.1016/j.csi.2025.104044
Huimin Zhang , Wenmin Li , Yanjin Cheng , Sujuan Qin , Fei Gao , Tengfei Tu
Structure-aware PSI protocol (Sa-PSI) allows both parties to identify pairs of points within a predefined distance threshold across their respective datasets. However, in previous work, the cost of computation scales linearly with the number of prefixes in the structure, which may become excessively large, and additionally, this protocol risks disclosing sensitive elements. In this work, we present a lightweight and efficient Sa-PSI protocol (LESa-PSI), which aims at achieving the computational cost independent of the number of prefixes in the structure while simultaneously minimizing information leakage. We formally define an FSS based on the two-sided intervals function — compact DIF. This compact DIF is instantiated for a single-dimensional two-sided interval function and then extended to -dimensional, which may be of independent interest. By combining compact DIF with a novel variant of DPF, we achieve key size compression for the set. Meanwhile, a structural decomposition strategy is proposed to divide the structure set, thereby enabling efficient function evaluation and computing the intersection. We prove that the LESa-PSI is secure in the semi-honest model. Furthermore, a comprehensive analysis of compact DIF and LESa-PSI is conducted through theory and experiments, with a comparison against some state-of-the-art works. The experimental results show that our compact DIF has a smaller key size, while the LESa-PSI has better performance in the intersection search and Bob’s elements evaluation.
{"title":"Efficient structure-aware private set intersection with distributed interval function","authors":"Huimin Zhang , Wenmin Li , Yanjin Cheng , Sujuan Qin , Fei Gao , Tengfei Tu","doi":"10.1016/j.csi.2025.104044","DOIUrl":"10.1016/j.csi.2025.104044","url":null,"abstract":"<div><div>Structure-aware PSI protocol (Sa-PSI) allows both parties to identify pairs of points within a predefined distance threshold across their respective datasets. However, in previous work, the cost of computation scales linearly with the number of prefixes in the structure, which may become excessively large, and additionally, this protocol risks disclosing sensitive elements. In this work, we present a lightweight and efficient Sa-PSI protocol (LESa-PSI), which aims at achieving the computational cost independent of the number of prefixes in the structure while simultaneously minimizing information leakage. We formally define an FSS based on the two-sided intervals function — compact DIF. This compact DIF is instantiated for a single-dimensional two-sided interval function and then extended to <span><math><mi>d</mi></math></span>-dimensional, which may be of independent interest. By combining compact DIF with a novel variant of DPF, we achieve key size compression for the set. Meanwhile, a structural decomposition strategy is proposed to divide the structure set, thereby enabling efficient function evaluation and computing the intersection. We prove that the LESa-PSI is secure in the semi-honest model. Furthermore, a comprehensive analysis of compact DIF and LESa-PSI is conducted through theory and experiments, with a comparison against some state-of-the-art works. The experimental results show that our compact DIF has a smaller key size, while the LESa-PSI has better performance in the intersection search and Bob’s elements evaluation.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104044"},"PeriodicalIF":4.1,"publicationDate":"2025-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144634018","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-07-11DOI: 10.1016/j.csi.2025.104047
Isabel Herrera Montano , Juan Ramos Diaz , Sergio Molina-Cardín , Juan José Guerrero López , José Javier García Aranda , Isabel de la Torre Díez
The insider threat to sensitive information posed by employees or partners of an organisation remains a major cybersecurity challenge. In this regard, the measures taken by organisations and companies to protect information are often insufficient. Primarily, due to the legitimate access and knowledge of security holes that these individuals possess.
This study proposes SecureMD5, an encryption algorithm designed specifically for secure file systems (SFS). The algorithm is based on custom one-way functions integrated into an encryption scheme that operates at the byte level. It uses 11 dynamic variables generated from contextual parameters such as file position, access time, random values, and user-specific keys. This approach ensures that SecureMD5 does not inherit the known vulnerabilities of MD5 as a standard cryptographic algorithm. Consequently, SecureMD5 is presented as an adaptive and robust solution that addresses the challenges posed by insider threats in SFS.
In parallel, a modular contextual key generation scheme is proposed, which can incorporate various challenges such as user identity, access time and device location. Biometric key generation based on Artificial Intelligence (AI) methods is evaluated independently from the validation of the encryption algorithm. In the evaluated biometric key generation scheme, the AI models MediaPipe Hand Landmark and LBPHFaceRecognizer from OpenCV have been used. These methods are part of a sub-key generation scheme based on contextual challenges. This scheme eliminates the need for key storage for dynamic and secure access to sensitive information.
SecureMD5 was validated by diffusion, confusion, entropy and performance analysis. It achieved 31 % higher entropy than comparable algorithms. Performance improved by 0.32 % compared to RC4. It also passed 87 % of NIST 800–22 tests, demonstrating its robustness against cryptographic vulnerabilities. In addition, SecureMD5 balances security and performance, with encryption times 25 % faster than a modified AES algorithm for 10 MB files. Biometric key generation methods were evaluated using metrics such as precision, accuracy, false acceptance rate and specificity, achieving satisfactory values above 80 % on all metrics. This work addresses critical gaps in information security, providing significant advances in protecting SFS against insider threats. The design and adaptability of SecureMD5 make it particularly suitable for sectors with strict security requirements, such as healthcare, finance, and corporate data management. Its ability to enable dynamic and secure access control addresses the real challenges posed by protecting confidential information from internal threats.
企业员工或合作伙伴对敏感信息构成的内部威胁仍然是一个重大的网络安全挑战。在这方面,组织和公司为保护信息所采取的措施往往是不够的。主要是因为这些人拥有合法的访问权限和对安全漏洞的了解。本研究提出SecureMD5,一种专为安全文件系统(SFS)设计的加密算法。该算法基于集成到在字节级操作的加密方案中的自定义单向函数。它使用从上下文参数(如文件位置、访问时间、随机值和用户特定键)生成的11个动态变量。这种方法确保SecureMD5不会继承MD5作为标准加密算法的已知漏洞。因此,SecureMD5是一种自适应且强大的解决方案,可解决SFS内部威胁带来的挑战。同时,提出了一种模块化上下文密钥生成方案,该方案可以结合用户身份、访问时间和设备位置等各种挑战。基于人工智能(AI)方法的生物识别密钥生成的评估独立于加密算法的验证。在评估的生物识别密钥生成方案中,使用了OpenCV的人工智能模型MediaPipe Hand Landmark和LBPHFaceRecognizer。这些方法是基于上下文挑战的子键生成方案的一部分。该方案消除了对密钥存储的需求,以便对敏感信息进行动态和安全访问。通过扩散、混淆、熵和性能分析对SecureMD5进行验证。它的熵比同类算法高31%。性能比RC4提高了0.32%。它还通过了87%的NIST 800-22测试,证明了它对加密漏洞的稳健性。此外,SecureMD5平衡了安全性和性能,对于10mb文件,加密时间比修改后的AES算法快25%。使用精密度、准确度、错误接受率和特异性等指标对生物识别密钥生成方法进行评估,所有指标均达到80%以上的满意值。这项工作解决了信息安全方面的关键漏洞,在保护SFS免受内部威胁方面取得了重大进展。SecureMD5的设计和适应性使其特别适合具有严格安全要求的行业,例如医疗保健、金融和企业数据管理。它能够实现动态和安全的访问控制,解决了保护机密信息免受内部威胁所带来的真正挑战。
{"title":"SecureMD5: A new stream cipher for secure file systems and encryption key generation with artificial intelligence","authors":"Isabel Herrera Montano , Juan Ramos Diaz , Sergio Molina-Cardín , Juan José Guerrero López , José Javier García Aranda , Isabel de la Torre Díez","doi":"10.1016/j.csi.2025.104047","DOIUrl":"10.1016/j.csi.2025.104047","url":null,"abstract":"<div><div>The insider threat to sensitive information posed by employees or partners of an organisation remains a major cybersecurity challenge. In this regard, the measures taken by organisations and companies to protect information are often insufficient. Primarily, due to the legitimate access and knowledge of security holes that these individuals possess.</div><div>This study proposes SecureMD5, an encryption algorithm designed specifically for secure file systems (SFS). The algorithm is based on custom one-way functions integrated into an encryption scheme that operates at the byte level. It uses 11 dynamic variables generated from contextual parameters such as file position, access time, random values, and user-specific keys. This approach ensures that SecureMD5 does not inherit the known vulnerabilities of MD5 as a standard cryptographic algorithm. Consequently, SecureMD5 is presented as an adaptive and robust solution that addresses the challenges posed by insider threats in SFS.</div><div>In parallel, a modular contextual key generation scheme is proposed, which can incorporate various challenges such as user identity, access time and device location. Biometric key generation based on Artificial Intelligence (AI) methods is evaluated independently from the validation of the encryption algorithm. In the evaluated biometric key generation scheme, the AI models MediaPipe Hand Landmark and LBPHFaceRecognizer from OpenCV have been used. These methods are part of a sub-key generation scheme based on contextual challenges. This scheme eliminates the need for key storage for dynamic and secure access to sensitive information.</div><div>SecureMD5 was validated by diffusion, confusion, entropy and performance analysis. It achieved 31 % higher entropy than comparable algorithms. Performance improved by 0.32 % compared to RC4. It also passed 87 % of NIST 800–22 tests, demonstrating its robustness against cryptographic vulnerabilities. In addition, SecureMD5 balances security and performance, with encryption times 25 % faster than a modified AES algorithm for 10 MB files. Biometric key generation methods were evaluated using metrics such as precision, accuracy, false acceptance rate and specificity, achieving satisfactory values above 80 % on all metrics. This work addresses critical gaps in information security, providing significant advances in protecting SFS against insider threats. The design and adaptability of SecureMD5 make it particularly suitable for sectors with strict security requirements, such as healthcare, finance, and corporate data management. Its ability to enable dynamic and secure access control addresses the real challenges posed by protecting confidential information from internal threats.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104047"},"PeriodicalIF":4.1,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144655383","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号