Federated Learning (FL) allows healthcare organizations to train models using diverse datasets while maintaining patient confidentiality collaboratively. While promising, FL faces challenges in optimizing model accuracy and communication efficiency. To address these, we propose an algorithm that combines feature selection with synthetic data generation, specifically targeting medical datasets. Our method eliminates irrelevant local features, identifies globally relevant ones, and uses synthetic data to initialize model parameters, improving convergence. It also employs a zero-trust model, ensuring that data remain on local devices and only learned weights are shared with the central server, enhancing security. The algorithm improves accuracy and computational efficiency, achieving communication efficiency gains of 4 to 14 through backward elimination and threshold variation techniques. Tested on a federated diabetic dataset, the approach demonstrates significant improvements in the performance and trustworthiness of FL systems for medical applications.
{"title":"Enhancing Federated Feature Selection Through Synthetic Data and Zero Trust Integration","authors":"Nisha Thorakkattu Madathil;Saed Alrabaee;Abdelkader Nasreddine Belkacem","doi":"10.1109/JSAC.2025.3560037","DOIUrl":"10.1109/JSAC.2025.3560037","url":null,"abstract":"Federated Learning (FL) allows healthcare organizations to train models using diverse datasets while maintaining patient confidentiality collaboratively. While promising, FL faces challenges in optimizing model accuracy and communication efficiency. To address these, we propose an algorithm that combines feature selection with synthetic data generation, specifically targeting medical datasets. Our method eliminates irrelevant local features, identifies globally relevant ones, and uses synthetic data to initialize model parameters, improving convergence. It also employs a zero-trust model, ensuring that data remain on local devices and only learned weights are shared with the central server, enhancing security. The algorithm improves accuracy and computational efficiency, achieving communication efficiency gains of 4 to 14 through backward elimination and threshold variation techniques. Tested on a federated diabetic dataset, the approach demonstrates significant improvements in the performance and trustworthiness of FL systems for medical applications.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2126-2140"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822737","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-11DOI: 10.1109/JSAC.2025.3560001
Bin Cao;Xianrui Zhao;Zhihan Lyu
In today’s increasingly complex and dynamic cyber threat environment, Zero Trust Architecture (ZTA) has emerged as a promising solution to address the limitations of traditional intrusion detection methods. While Intrusion Detection Systems (IDS) are essential for safeguarding organizational information assets, traditional methods have the risk of exposing security policies by collecting and utilizing alarm data, potentially revealing attack paths to adversaries. To overcome this challenge, we propose a novel intrusion detection strategy based on ZTA, emphasizing the protection of alarm data privacy. Additionally, we introduce an adaptive sparse connective evolutionary neural architecture search (ASCE-NAS) framework, which enables the automatic evolution of intrusion detection model structures to enhance adaptability and performance in dynamic environments. Notably, ASCE-NAS can also be beneficial for integrated sensing and computing chips and systems, contributing to a more secure and efficient cybersecurity framework to effectively combat evolving threats and attack methods.
{"title":"Evolutionary Intrusion Detection Strategy Under Zero Trust Architecture","authors":"Bin Cao;Xianrui Zhao;Zhihan Lyu","doi":"10.1109/JSAC.2025.3560001","DOIUrl":"10.1109/JSAC.2025.3560001","url":null,"abstract":"In today’s increasingly complex and dynamic cyber threat environment, Zero Trust Architecture (ZTA) has emerged as a promising solution to address the limitations of traditional intrusion detection methods. While Intrusion Detection Systems (IDS) are essential for safeguarding organizational information assets, traditional methods have the risk of exposing security policies by collecting and utilizing alarm data, potentially revealing attack paths to adversaries. To overcome this challenge, we propose a novel intrusion detection strategy based on ZTA, emphasizing the protection of alarm data privacy. Additionally, we introduce an adaptive sparse connective evolutionary neural architecture search (ASCE-NAS) framework, which enables the automatic evolution of intrusion detection model structures to enhance adaptability and performance in dynamic environments. Notably, ASCE-NAS can also be beneficial for integrated sensing and computing chips and systems, contributing to a more secure and efficient cybersecurity framework to effectively combat evolving threats and attack methods.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2100-2112"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zero-trust has emerged as a promising security paradigm for next-generation networks (NGN). However, conventional cryptographic schemes struggle with continuous and dynamic authentication due to their coarse granularity and cumbersome processes. Radio frequency fingerprint identification (RFFI), as a prospective solution, enables physical-layer user-transparent identity authentication. Whereas, facing the dynamic topology and device mobility of NGN, such as Internet of Vehicles (IoV), Drone networks, etc., there exists a current deficiency in addressing the significant performance degradation across different receivers. In this paper, we propose a novel RFFI scheme for zero-trust continuous authentication in dynamic NGN environments, enabling unified high-performance cross-receiver identification. A two-stage unsupervised domain adaptation model is designed to extract receiver-independent transmitter-specific features. The receiver-side impact on RFFI, modeled as domain shift, is addressed through adversarial training for global alignment and local maximum mean discrepancy (LMMD)-based subdomain adaptation for eliminating subdomain confusion. Moreover, we further optimize RFFI through data augmentation to enhance robustness, multi-sample fusion inference to handle dynamic uncertainties, and an adaptive few-sample selection strategy for efficient fine-tuning. Extensive experiments on public datasets demonstrate the excellent performance of our proposed scheme in cross-receiver zero-trust wireless networks.
{"title":"Receiver-Agnostic Radio Frequency Fingerprint Identification for Zero-Trust Wireless Networks","authors":"Kunling Li;Jiazhong Bao;Xin Xie;Jianan Hong;Cunqing Hua","doi":"10.1109/JSAC.2025.3560002","DOIUrl":"10.1109/JSAC.2025.3560002","url":null,"abstract":"Zero-trust has emerged as a promising security paradigm for next-generation networks (NGN). However, conventional cryptographic schemes struggle with continuous and dynamic authentication due to their coarse granularity and cumbersome processes. Radio frequency fingerprint identification (RFFI), as a prospective solution, enables physical-layer user-transparent identity authentication. Whereas, facing the dynamic topology and device mobility of NGN, such as Internet of Vehicles (IoV), Drone networks, etc., there exists a current deficiency in addressing the significant performance degradation across different receivers. In this paper, we propose a novel RFFI scheme for zero-trust continuous authentication in dynamic NGN environments, enabling unified high-performance cross-receiver identification. A two-stage unsupervised domain adaptation model is designed to extract receiver-independent transmitter-specific features. The receiver-side impact on RFFI, modeled as domain shift, is addressed through adversarial training for global alignment and local maximum mean discrepancy (LMMD)-based subdomain adaptation for eliminating subdomain confusion. Moreover, we further optimize RFFI through data augmentation to enhance robustness, multi-sample fusion inference to handle dynamic uncertainties, and an adaptive few-sample selection strategy for efficient fine-tuning. Extensive experiments on public datasets demonstrate the excellent performance of our proposed scheme in cross-receiver zero-trust wireless networks.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"1981-1997"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822676","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In edge computing, the Zero-Trust Security Model (ZTSM), as a key enabling technology for next-generation networks, plays a crucial role in providing authentication for addressing data sharing concerns, such as frequent data breaches, data misuse, and cyberattacks. However, due to the complexity and diversity of edge environments, ZTSM struggles to meet the security requirements of data sharing frameworks solely through enhanced authentication. Consequently, such frameworks with ZTSM still face challenges in ensuring data integrity, evaluating various node behaviors, and coping with the increasing complexity of node attributes. To address these issues, we propose a blockchain-enabled secure, fair and scalable data sharing framework in a zero-trust edge-end environment in this paper. Specifically, we first propose a Merkle forest-based data storage model for the classified storage of loosely coupled data, consequently enhancing the scalability of the model. Then, we design a node behavior-based reputation assessment mechanism to ensure fairness during data sharing. Moreover, a data sharing protocol supervised by smart contract is proposed, working with the aforementioned storage and assessment schemes, to ensure the security of data sharing. Finally, comprehensive security analysis validates the security, fairness and scalability of the proposed framework. Extensive experimental results show that, as transaction volume grows, the time cost of data traversal in the storage model becomes progressively more efficient. Additionally, when the size of the smart contract is increased tenfold, the maximum time cost of the data sharing protocol rises by only 4.98 times.
{"title":"Blockchain-Enabled Secure, Fair, and Scalable Data Sharing in Zero-Trust Edge-End Environment","authors":"Xiaolong Xu;Ke Meng;Haolong Xiang;Guangming Cui;Xiaoyu Xia;Wanchun Dou","doi":"10.1109/JSAC.2025.3560007","DOIUrl":"10.1109/JSAC.2025.3560007","url":null,"abstract":"In edge computing, the Zero-Trust Security Model (ZTSM), as a key enabling technology for next-generation networks, plays a crucial role in providing authentication for addressing data sharing concerns, such as frequent data breaches, data misuse, and cyberattacks. However, due to the complexity and diversity of edge environments, ZTSM struggles to meet the security requirements of data sharing frameworks solely through enhanced authentication. Consequently, such frameworks with ZTSM still face challenges in ensuring data integrity, evaluating various node behaviors, and coping with the increasing complexity of node attributes. To address these issues, we propose a blockchain-enabled secure, fair and scalable data sharing framework in a zero-trust edge-end environment in this paper. Specifically, we first propose a Merkle forest-based data storage model for the classified storage of loosely coupled data, consequently enhancing the scalability of the model. Then, we design a node behavior-based reputation assessment mechanism to ensure fairness during data sharing. Moreover, a data sharing protocol supervised by smart contract is proposed, working with the aforementioned storage and assessment schemes, to ensure the security of data sharing. Finally, comprehensive security analysis validates the security, fairness and scalability of the proposed framework. Extensive experimental results show that, as transaction volume grows, the time cost of data traversal in the storage model becomes progressively more efficient. Additionally, when the size of the smart contract is increased tenfold, the maximum time cost of the data sharing protocol rises by only 4.98 times.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2056-2069"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-11DOI: 10.1109/JSAC.2025.3560011
Tingting Wang;Kai Fang;Jijing Cai;Lina Wang;Jinyu Tian;Hailin Feng;Jianqing Li;Mohsen Guizani;Wei Wang
Traditional traffic anomaly-based attack detection methods in Zero-trust Networks (ZTN) suffer from inherent security vulnerabilities, as they neglect considerations regarding their security defenses. Compromising the attack detection model itself can result in the breakdown of normal attack detection capabilities. Ensuring the security of the attack detection model during runtime presents a novel challenge. To address these shortcomings, we propose a novel attack detection model, termed Security within Security: Attack Detection Model with Defenses Against Attacks Capability for Zero-Trust Networks (SWS), aimed at enhancing the security of ZTN. SWS focuses on achieving attack detection in non-secure detection environments, to maintain its detection capability even when under attack. By employing a soft thresholding method, SWS adapts to the dynamic changes in network traffic, thus reducing the interference of attack signals. The incorporation of an attention mechanism enables SWS to concentrate on analyzing the most indicative traffic features of attack behavior. Additionally, we integrate Residual Networks (ResNet) and Bidirectional Long Short-Term Memory (BiLSTM) to enhance the robustness of identifying complex network attack behaviors. The effectiveness of the SWS is validated through ablation studies, model comparisons, experiments conducted over different training epochs, and experiments conducted on various components of the dataset. Experimental results demonstrate that compared to existing attack detection models, SWS achieves improvements in detection accuracy and recall rate by 13.4% and 10.6%, respectively, while reducing the False Positive Rate (FPR) by 16.9%.
{"title":"Security Within Security: Attack Detection Model With Defenses Against Attacks Capability for Zero-Trust Networks","authors":"Tingting Wang;Kai Fang;Jijing Cai;Lina Wang;Jinyu Tian;Hailin Feng;Jianqing Li;Mohsen Guizani;Wei Wang","doi":"10.1109/JSAC.2025.3560011","DOIUrl":"10.1109/JSAC.2025.3560011","url":null,"abstract":"Traditional traffic anomaly-based attack detection methods in Zero-trust Networks (ZTN) suffer from inherent security vulnerabilities, as they neglect considerations regarding their security defenses. Compromising the attack detection model itself can result in the breakdown of normal attack detection capabilities. Ensuring the security of the attack detection model during runtime presents a novel challenge. To address these shortcomings, we propose a novel attack detection model, termed Security within Security: Attack Detection Model with Defenses Against Attacks Capability for Zero-Trust Networks (SWS), aimed at enhancing the security of ZTN. SWS focuses on achieving attack detection in non-secure detection environments, to maintain its detection capability even when under attack. By employing a soft thresholding method, SWS adapts to the dynamic changes in network traffic, thus reducing the interference of attack signals. The incorporation of an attention mechanism enables SWS to concentrate on analyzing the most indicative traffic features of attack behavior. Additionally, we integrate Residual Networks (ResNet) and Bidirectional Long Short-Term Memory (BiLSTM) to enhance the robustness of identifying complex network attack behaviors. The effectiveness of the SWS is validated through ablation studies, model comparisons, experiments conducted over different training epochs, and experiments conducted on various components of the dataset. Experimental results demonstrate that compared to existing attack detection models, SWS achieves improvements in detection accuracy and recall rate by 13.4% and 10.6%, respectively, while reducing the False Positive Rate (FPR) by 16.9%.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2312-2327"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143898247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-11DOI: 10.1109/JSAC.2025.3560041
Le Sun;Shunqi Liu;Zhiguo Qu;Yanchun Zhang
In next-generation networks, the increasing diversity of devices and connections, explosive data growth, and complex network threats render traditional security measures inadequate. This calls for robust, adaptive security frameworks. Zero-trust security offers robust protection through continuous verification and strict access control, while federated learning enhances data privacy and resource efficiency. Integrating these two approaches creates a resilient, adaptive, and secure network environment, meeting the intricate demands of future communication systems. In this paper, we propose FedKCSS—a Federated Learning-based zero-trust model combining Knowledge Distillation (KD) and Client Selection Strategy (CSS). FedKCSS comprises three components: Optimized Client Selection Strategy (OptCSS), Auxiliary Generator Training (AGT), and Data-free Federated Distillation (DfFD). In OptCSS, we design a dynamic trust evaluation method that continuously evaluates and adjusts client selection to enhance defense against untrusted clients. AGT involves designing a generator by using local model logits for data synthesis. DfFD is a data-free KD method that facilitates global-local model knowledge transfer, and lowering client information leakage risk without local data reliance. Experiments show that FedKCSS effectively minimizes malicious client participation in global training through dynamic trust evaluation, and improves the convergence rate by $mathbf {8.85%}$ and the accuracy by $mathbf {7.09%}$ compared with existing methods.
{"title":"A Federated Learning-Based Zero-Trust Model With Secure Dynamic Trust Evaluation and Knowledge Transfer","authors":"Le Sun;Shunqi Liu;Zhiguo Qu;Yanchun Zhang","doi":"10.1109/JSAC.2025.3560041","DOIUrl":"10.1109/JSAC.2025.3560041","url":null,"abstract":"In next-generation networks, the increasing diversity of devices and connections, explosive data growth, and complex network threats render traditional security measures inadequate. This calls for robust, adaptive security frameworks. Zero-trust security offers robust protection through continuous verification and strict access control, while federated learning enhances data privacy and resource efficiency. Integrating these two approaches creates a resilient, adaptive, and secure network environment, meeting the intricate demands of future communication systems. In this paper, we propose FedKCSS—a Federated Learning-based zero-trust model combining Knowledge Distillation (KD) and Client Selection Strategy (CSS). FedKCSS comprises three components: Optimized Client Selection Strategy (OptCSS), Auxiliary Generator Training (AGT), and Data-free Federated Distillation (DfFD). In OptCSS, we design a dynamic trust evaluation method that continuously evaluates and adjusts client selection to enhance defense against untrusted clients. AGT involves designing a generator by using local model logits for data synthesis. DfFD is a data-free KD method that facilitates global-local model knowledge transfer, and lowering client information leakage risk without local data reliance. Experiments show that FedKCSS effectively minimizes malicious client participation in global training through dynamic trust evaluation, and improves the convergence rate by <inline-formula> <tex-math>$mathbf {8.85%}$ </tex-math></inline-formula> and the accuracy by <inline-formula> <tex-math>$mathbf {7.09%}$ </tex-math></inline-formula> compared with existing methods.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2087-2099"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The development of 6G enable users in remote and harsh areas to enjoy computation-intensive services including metaverse entertainment, intelligent transportation, and immersive communications. Low Earth Orbit (LEO) satellite constellations widely constructed in recent years have been recognized as an efficient solution to complement the terrestrial infrastructure with seamless coverage and decreasing expenses for both communication and computation services. However, the widely studied Federated Reinforcement Learning (FRL) based task offloading strategies neglect the potential trust concerns like malicious satellites and buffer pollution, while 6G service providers may rent the LEO satellites belonging to different companies to minimize the expense. To address these issues, blockchain has been considered in the Zero Trust (ZT) scenario, with the group consensus mechanism through the smart contract. Moreover, we propose a Constrained Correction Voting Mechanism (CCVM) to give punishing correction to the aggregation weight of malicious voting satellites. Furthermore, a Cold Start Reputation Aggregation (CSRA) scheme is adopted to first severely degrade and then gradually recover the weight of Federated Learning (FL) sub-models trained by malicious satellites. Thus, the Blockchain-enabled Cold Start Aggregation FRL (BCSA-FRL) scheme is proposed to make effective and secure offloading decisions in the ZT LEO satellite Networks. The numerical results illustrate the advantages of our proposal.
{"title":"A Blockchain-Enabled Cold Start Aggregation Scheme for Federated Reinforcement Learning-Based Task Offloading in Zero Trust LEO Satellite Networks","authors":"Bomin Mao;Yangbo Liu;Zixiang Wei;Hongzhi Guo;Yijie Xun;Jiadai Wang;Jiajia Liu;Nei Kato","doi":"10.1109/JSAC.2025.3560003","DOIUrl":"10.1109/JSAC.2025.3560003","url":null,"abstract":"The development of 6G enable users in remote and harsh areas to enjoy computation-intensive services including metaverse entertainment, intelligent transportation, and immersive communications. Low Earth Orbit (LEO) satellite constellations widely constructed in recent years have been recognized as an efficient solution to complement the terrestrial infrastructure with seamless coverage and decreasing expenses for both communication and computation services. However, the widely studied Federated Reinforcement Learning (FRL) based task offloading strategies neglect the potential trust concerns like malicious satellites and buffer pollution, while 6G service providers may rent the LEO satellites belonging to different companies to minimize the expense. To address these issues, blockchain has been considered in the Zero Trust (ZT) scenario, with the group consensus mechanism through the smart contract. Moreover, we propose a Constrained Correction Voting Mechanism (CCVM) to give punishing correction to the aggregation weight of malicious voting satellites. Furthermore, a Cold Start Reputation Aggregation (CSRA) scheme is adopted to first severely degrade and then gradually recover the weight of Federated Learning (FL) sub-models trained by malicious satellites. Thus, the Blockchain-enabled Cold Start Aggregation FRL (BCSA-FRL) scheme is proposed to make effective and secure offloading decisions in the ZT LEO satellite Networks. The numerical results illustrate the advantages of our proposal.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2172-2182"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-11DOI: 10.1109/JSAC.2025.3560038
Jianheng Tang;Kejia Fan;Shihao Yang;Anfeng Liu;Neal N. Xiong;Houbing Herbert Song;Victor C. M. Leung
Next-Generation Crowdsensing Networks (NGCNs) have become increasingly critical for smart cities, where data privacy and quality are pivotal concerns. Traditional trust mechanisms in crowdsensing mainly rely on static trust models, which are insufficient for dynamic security requirements. Zero-Trust security represents a promising opportunity, yet coming with notable challenges in NGCNs, including Unknown Workers Online Recruitment (UWOR), Information Elicitation Without Verification (IEWV), Privacy Preserving Data Evaluation (PPDE), and Dynamic Trust Abrupt Shift (DTAS). To address these challenges, we propose a Credibility-aware and Privacy-preserving Data collection scheme with Zero-trust (CPDZ) for secure and quality data collection in NGCNs. First, our CPDZ scheme encompasses a quality worker recruitment strategy with combinatorial multi-armed bandit models, utilizing Thompson Sampling for the secure and efficient resolution of the UWOR. Second, an active dispatching scheme for uncrewed aerial vehicles is crafted to collect data as a gold standard to assist in overcoming the IEWV challenge. Third, as for the PPDE challenge, we propose a lightweight privacy-preserving scheme for dependable truth discovery and secure trust verification. Fourth, the DTAS challenge is managed by a dual verification scheme that integrates short-term and long-term trust assessments, ensuring stability and adaptability of the zero-trust security in our CPDZ scheme. Experiments confirm the superiority of our CPDZ scheme, showing a 12.5% increase in recruitment revenue and a 57.8% reduction in relative error compared to existing approaches
{"title":"CPDZ: A Credibility-Aware and Privacy-Preserving Data Collection Scheme With Zero-Trust in Next-Generation Crowdsensing Networks","authors":"Jianheng Tang;Kejia Fan;Shihao Yang;Anfeng Liu;Neal N. Xiong;Houbing Herbert Song;Victor C. M. Leung","doi":"10.1109/JSAC.2025.3560038","DOIUrl":"10.1109/JSAC.2025.3560038","url":null,"abstract":"Next-Generation Crowdsensing Networks (NGCNs) have become increasingly critical for smart cities, where data privacy and quality are pivotal concerns. Traditional trust mechanisms in crowdsensing mainly rely on static trust models, which are insufficient for dynamic security requirements. Zero-Trust security represents a promising opportunity, yet coming with notable challenges in NGCNs, including Unknown Workers Online Recruitment (UWOR), Information Elicitation Without Verification (IEWV), Privacy Preserving Data Evaluation (PPDE), and Dynamic Trust Abrupt Shift (DTAS). To address these challenges, we propose a Credibility-aware and Privacy-preserving Data collection scheme with Zero-trust (CPDZ) for secure and quality data collection in NGCNs. First, our CPDZ scheme encompasses a quality worker recruitment strategy with combinatorial multi-armed bandit models, utilizing Thompson Sampling for the secure and efficient resolution of the UWOR. Second, an active dispatching scheme for uncrewed aerial vehicles is crafted to collect data as a gold standard to assist in overcoming the IEWV challenge. Third, as for the PPDE challenge, we propose a lightweight privacy-preserving scheme for dependable truth discovery and secure trust verification. Fourth, the DTAS challenge is managed by a dual verification scheme that integrates short-term and long-term trust assessments, ensuring stability and adaptability of the zero-trust security in our CPDZ scheme. Experiments confirm the superiority of our CPDZ scheme, showing a 12.5% increase in recruitment revenue and a 57.8% reduction in relative error compared to existing approaches","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2183-2199"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822736","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-11DOI: 10.1109/JSAC.2025.3560009
Muhammad Asad;Safa Otoum;Bassem Ouni
The transition towards intelligent transportation systems is increasingly dependent on advancements in vehicular communications to support data-intensive tasks like Federated Learning (FL). This paper delves into the capabilities of sixth-generation (6G) Ultra-Reliable Low-Latency Communication (URLLC) in elevating the performance of FL within vehicular networks, with a focus on integrating Zero-Trust security principles. By employing real-world vehicular trajectory data from the HighD dataset within an NS-3 simulated network environment, our study rigorously evaluates the combined impact of 6G URLLC and Zero-Trust mechanisms on FL. The findings highlight not only substantial improvements in latency, achieving reductions of up to 81%-83% compared to existing FL models, but also enhancements in throughput, reliability, and model accuracy, alongside a significant increase in security compliance rate. These improvements are pivotal for FL models, promising to optimize the data exchange process, enhance overall learning efficiency, and ensure robust security against evolving cyber threats. Our research indicates that the synergistic integration of 6G URLLC with FL, fortified by Zero-Trust security, could be instrumental in the advancement of intelligent transportation systems, ensuring enhanced vehicular safety, operational efficacy, and data security.
{"title":"Zero-Trust Federated Learning via 6G URLLC for Vehicular Communications","authors":"Muhammad Asad;Safa Otoum;Bassem Ouni","doi":"10.1109/JSAC.2025.3560009","DOIUrl":"10.1109/JSAC.2025.3560009","url":null,"abstract":"The transition towards intelligent transportation systems is increasingly dependent on advancements in vehicular communications to support data-intensive tasks like Federated Learning (FL). This paper delves into the capabilities of sixth-generation (6G) Ultra-Reliable Low-Latency Communication (URLLC) in elevating the performance of FL within vehicular networks, with a focus on integrating Zero-Trust security principles. By employing real-world vehicular trajectory data from the HighD dataset within an NS-3 simulated network environment, our study rigorously evaluates the combined impact of 6G URLLC and Zero-Trust mechanisms on FL. The findings highlight not only substantial improvements in latency, achieving reductions of up to 81%-83% compared to existing FL models, but also enhancements in throughput, reliability, and model accuracy, alongside a significant increase in security compliance rate. These improvements are pivotal for FL models, promising to optimize the data exchange process, enhance overall learning efficiency, and ensure robust security against evolving cyber threats. Our research indicates that the synergistic integration of 6G URLLC with FL, fortified by Zero-Trust security, could be instrumental in the advancement of intelligent transportation systems, ensuring enhanced vehicular safety, operational efficacy, and data security.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"1970-1980"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822776","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-11DOI: 10.1109/JSAC.2025.3560015
Muhammad Asim;Noshina Tariq;Ali Ismail Awad;Fahad Waheed;Ubaid Ullah;Ghulam Murtaza
Next-generation industrial networks are designed to integrate a wide range of devices, services, and applications spanning multiple technologies, such as cloud platforms, edge computing, and the Internet of Things. With the growing adoption of applications such as “Industry 4.0,” high security and low latency are becoming unavoidable requirements for these networks. Traditional virtual private networks (VPNs) generally experience performance, latency, and security issues, especially when supporting secure remote access for Industry 4.0 and e-health applications. To address these issues, this study introduces a novel zero-trust network-access framework for next-generation industrial networks called Secure Transmission (SecT). SecT is a User Datagram Protocol (UDP)-based solution, ensuring speed and effectiveness, with role-based access control. It uses a centralized management interface that can adapt to various network environments, providing secure access to mission-critical applications and increasing operational agility. SecT aims to meet the emerging demands of modern industrial networks, offering secure access with improved performance. The results of a comparative analysis show that SecT outperforms traditional VPNs in both capability and flexibility, adapting well to new network conditions.
{"title":"SecT: A Zero-Trust Framework for Secure Remote Access in Next-Generation Industrial Networks","authors":"Muhammad Asim;Noshina Tariq;Ali Ismail Awad;Fahad Waheed;Ubaid Ullah;Ghulam Murtaza","doi":"10.1109/JSAC.2025.3560015","DOIUrl":"10.1109/JSAC.2025.3560015","url":null,"abstract":"Next-generation industrial networks are designed to integrate a wide range of devices, services, and applications spanning multiple technologies, such as cloud platforms, edge computing, and the Internet of Things. With the growing adoption of applications such as “Industry 4.0,” high security and low latency are becoming unavoidable requirements for these networks. Traditional virtual private networks (VPNs) generally experience performance, latency, and security issues, especially when supporting secure remote access for Industry 4.0 and e-health applications. To address these issues, this study introduces a novel zero-trust network-access framework for next-generation industrial networks called Secure Transmission (SecT). SecT is a User Datagram Protocol (UDP)-based solution, ensuring speed and effectiveness, with role-based access control. It uses a centralized management interface that can adapt to various network environments, providing secure access to mission-critical applications and increasing operational agility. SecT aims to meet the emerging demands of modern industrial networks, offering secure access with improved performance. The results of a comparative analysis show that SecT outperforms traditional VPNs in both capability and flexibility, adapting well to new network conditions.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2293-2311"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: