Search Results (129)

In smart grids, power monitoring equipment produces large volumes of data that are exchanged between microgrids and the main grid. This data exchange can potentially expose users’ private information, including their living habits and economic status. Therefore, implementing secure and effective data access control mechanisms is crucial. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a widely used encryption scheme in distributed systems, offering fine-grained access control. However, in CP-ABE systems, malicious users might leak decryption keys to third parties, creating a significant security threat. Thus, there is an urgent need for tracing mechanisms to identify and track these malicious users. Moreover, tracing and user revocation are complementary processes. Although using a binary tree for user revocation is efficient, it limits the number of users. This paper suggests an access control scheme that combines CP-ABE with blockchain to overcome these limitations, leveraging blockchain’s tamper-resistant features. This scheme enables user revocation, tracing, partial policy hiding, and ciphertext searchability, and it has been proven secure. Simulation results show that our approach reduces time overhead by 24% to 68%, compared to other solutions. While some solutions are similar in efficiency to ours, our approach offers more comprehensive functionality and better meets the security requirements of smart grids. Full article

The medical industry has made significant advancements in recent years. However, the lack of accountability in medical management has resulted in systemic deficiencies, which have adversely affected patient trust and contributed to an increase in medical disputes. As a result, there is a growing emphasis on managing the quality of medical services, particularly in enhancing patient experience. To address these challenges, we propose a new system for evaluating health services. This system will allow patients to anonymously rate the services they receive while also providing doctors the opportunity to appeal specific reviews. The hospital handles the evaluations and appeals through the management of the cloud platform. We propose a new scheme to assist the work of the platform, which is a lattice-based group signature with verifier-local revocation (VLR-GS). Most of the work on VLR-GS has focused on the random oracle model (ROM) or using non-interactive zero-knowledge proofs (NIZKs). Our construction is anonymous and traceable in the standard model under the hardness of the learning with errors problem and short integer solution problem. Furthermore, theoretically analyzing it has practical significance in both security and efficiency. In conclusion, the proposed scheme establishes a secure and privacy-oriented platform for an anonymous medical service evaluation system, with the goal of fostering patient trust and improving hospital service quality within the healthcare sector. Full article

A group signature scheme allows a user to sign a message anonymously on behalf of a group and provides accountability by using an opening authority who can “open” a signature and reveal the signer’s identity. Group signature schemes have been widely used in privacy-preserving applications, including anonymous attestation and anonymous authentication. Fully dynamic group signature schemes allow new members to join the group and existing members to be revoked if needed. Symmetric-key based group signature schemes are post-quantum group signatures whose security rely on the security of symmetric-key primitives, and cryptographic hash functions. In this paper, we design a symmetric-key based fully dynamic group signature scheme, called DGMT, that redesigns DGM (Buser et al. ESORICS 2019) and removes its two important shortcomings that limit its application in practice: (i) interaction with the group manager for signature verification, and (ii) the need for storing and managing an unacceptably large amount of data by the group manager. We prove security of DGMT (unforgeability, anonymity, and traceability) and give a full implementation of the system. Compared to all known post-quantum group signature schemes with the same security level, DGMT has the shortest signature size. We also analyze DGM signature revocation approach and show that despite its conceptual novelty, it has significant hidden costs that makes it much more costly than using the traditional revocation list approach. Full article

With the advent of cloud computing, outsourced computing has emerged as an increasingly popular strategy to reduce the burden of local computation. Optimal location query (OLQ) is a computationally intensive task in the domain of big data outsourcing, which is designed to determine the optimal placement of a new facility from a set of candidate locations. However, location data are sensitive and cannot be shared with other enterprises, so privacy-preserving optimal location query becomes particularly important. Although some privacy-preserving works have been proposed, they still suffer from other challenges, such as irrevocable query permissions and high communication overhead. To overcome these challenges, we propose a revocable and privacy-preserving optimal location query scheme based on TEE (Trusted Execution Environment). We employ a basic hash structure within the TEE to compute the intersection data of both parties. We use the concept of reverse nearest neighbor (RNN) to assess the impact of candidates, and then select the optimal facility location. In addition, to implement the revocation of query permissions, we introduce a key refresh strategy that adopts identity and timestamp. We evaluate the performance of the proposed scheme using real datasets, and the experimental results indicate strong practicality. Full article

With the development and application of the Internet of Things (IoT), the volume of data generated daily by IoT devices is growing exponentially. These IoT devices, such as smart wearable devices, produce data containing sensitive personal information. However, since IoT devices and users often operate in untrusted external environments, their encrypted data remain vulnerable to potential privacy leaks and security threats from malicious coercion. Additionally, access control and management of these data remain critical issues. To address these challenges, this paper proposes a novel coercion-resistant ciphertext-policy attribute-based encryption scheme. The scheme leverages chameleon hashing to enhance deniable encryption, achieving coercion resistance, thereby enabling IoT data to resist coercion attacks. Moreover, the scheme employs attribute-based encryption to secure IoT data, enabling fine-grained access control and dynamic user access management, providing a secure and flexible solution for vast IoT data. We construct the scheme on a composite order bilinear group and provide formal proofs for its coercion resistance, correctness, and security. Finally, through experimental comparisons, we demonstrate the efficiency and feasibility of the proposed scheme. Full article

Reputation evaluation systems are vital for online platforms, helping users make informed choices based on the trustworthiness of products, services, or individuals. Ensuring privacy and trust in these systems is critical to allow users to provide feedback without fear of retribution or identity exposure. The ring signature (RS), enabling anonymous group-based signing, has garnered attention for building secure and private reputation systems. However, RS-based systems face significant challenges, including the inability to identify malicious users who repeatedly sign the same message, the lack of mechanisms to reveal identities involved in unlawful activities, and a linear growth in signature size with the number of ring members, which poses storage challenges for certain applications. Addressing these limitations, we propose a compressed revocable one-time ring signature (CRORS) scheme leveraging compressible proofs under the Diffie–Hellman Decision and Discrete Logarithm assumptions in the random oracle model. CRORS ensures anonymity, unforgeability, one-time linkability, non-slanderability, and revocability. The one-time linkability feature prevents double-signing, while revocability enables identity disclosure for regulatory enforcement. Additionally, the signature size is reduced to O(logn), significantly enhancing storage efficiency. These improvements make CRORS particularly suitable for blockchain-based reputation systems with ever-growing storage demands. Theoretical analysis validates its effectiveness and practicality. Full article

Background: Drugged driving is associated with an increased risk of road accidents worldwide. In Italy, driving under the influence (DUI) of alcohol and drugs is a reason for driving disqualification or revocation of the driving license. Drivers charged with driving under the influence of alcohol and drugs must attend a Local Medical Commission (LMC) to undergo mandatory examinations to regain the suspended license. Our study mainly aims to report on the analysis performed on hair samples collected from 7560 drivers who had their licenses suspended for drugged or drunk driving between January 2019 and June 2024. Methods: A rapid, sensitive, and selective method for the determination of ethyl glucuronide in hair by UPLC/MS-MS was developed and fully validated. Results: The most frequently detected substances were cocaine (ecgonine methyl ester, norcocaine, and benzoylecgonine) and cannabinoids (Δ9-tetrahydrocannabinol, cannabidiol, and cannabinol), followed by opiates (codeine, morphine, and 6-MAM), methadone (EDDP), and amphetamines (amphetamine, methamphetamine, MDA, MDMA, and MDEA). To perform a more in-depth analysis, we also compared hair color with the drug classes that tested positive. The results showed a significant prevalence of dark hair that tested positive for one or more substances, followed by gray/white hair and light hair. Conclusions: Our study provides an interesting and alarming insight into drug exposure in the general population with serious public health threats, discussing the main aspects of hair matrix analysis and focusing on its advantages and reliability in the interpretation of results. Full article

The increasing connectivity and complexity of automotive systems require enhanced mechanisms for firmware updates to ensure security and integrity. Traditional methods are insufficient for modern vehicles that require seamless over-the-air (OTA) updates. Current OTA mechanisms often lack robust security measures, leaving vehicles vulnerable to attacks. This paper proposes an innovative approach based on the use of decentralized identifiers (DIDs) and distributed ledger technology (DLT) for secure OTA firmware updates of on-vehicle software. By utilizing DIDs for unique vehicle identification, as well as verifiable credentials (VCs) and verifiable presentations (VPs) for secure information exchange and verification, the solution ensures the integrity and authenticity of software updates. It also allows for the revocation of specific updates, if necessary, thereby improving overall security. The security analysis applied the STRIDE methodology, which enabled the identification of potential threats, including spoofing, tampering, and privilege escalation. The results showed that our solution effectively mitigates these threats, while a performance evaluation indicated low latency during operations. Full article

Traditional identity recognition methods are facing significant security challenges due to their vulnerability to leakage and forgery. Brainprint recognition, a novel biometric identification technology leveraging EEG signals, has emerged as a promising alternative owing to its advantages such as resistance to coercion, non-forgeability, and revocability. Nevertheless, the scarcity of high-quality electroencephalogram (EEG) data limits the performance of brainprint recognition systems, necessitating the use of shallow models that may not perform optimally in real-world scenarios. Data augmentation has been demonstrated as an effective solution to address this issue. However, EEG data encompass diverse features, including temporal, frequency, and spatial components, posing a crucial challenge in preserving these features during augmentation. This paper proposes an end-to-end EEG data augmentation method based on a spatial–temporal generative adversarial network (STGAN) framework. Within the discriminator, a temporal feature encoder and a spatial feature encoder were parallelly devised. These encoders effectively captured global dependencies across channels and time of EEG data, respectively, leveraging a self-attention mechanism. This approach enhances the data generation capabilities of the GAN, thereby improving the quality and diversity of the augmented EEG data. The identity recognition experiments were conducted on the BCI-IV2A dataset, and Fréchet inception distance (FID) was employed to evaluate data quality. The proposed method was validated across three deep learning models: EEGNET, ShallowConvNet, and DeepConvNet. Experimental results indicated that data generated by STGAN outperform DCGAN and RGAN in terms of data quality, and the identity recognition accuracies on the three networks were improved by 2.49%, 2.59% and 1.14%, respectively. Full article

As technology advances rapidly, a diverse array of Internet of Things (IoT) devices finds widespread application across numerous fields. The intelligent nature of these devices not only gives people more convenience, but also introduces new challenges especially in security when transmitting data in fog-based cloud environments. In fog computing environments, data need to be transmitted across multiple devices, increasing the risk of data being intercepted or tampered with during transmission. To securely share cloud ciphertexts, an alleged proxy re-encryption approach is a commonly adopted solution. Without decrypting the original ciphertext, such a mechanism permits a ciphertext intended for user A to be easily converted into the one intended for user B. However, to revoke the decryption privilege of data users usually relies on the system authority to maintain a user revocation list which inevitably increases the storage space. In this research, the authors come up with a fog-based proxy re-encryption system with revocable identity. Without maintaining the traditional user revocation list, the proposed scheme introduces a time-updated key mechanism. The time-update key could be viewed as a partial private key and should be renewed with different time periods. A revoked user is unable to obtain the renewed time-update key and hence cannot share or decrypt cloud ciphertexts. We formally demonstrate that the introduced scheme satisfies the security of indistinguishability against adaptively chosen identity and chosen plaintext attacks (IND-PrID-CPA) assuming the hardness of the Decisional Bilinear Diffie–Hellman (DBDH) problem in the random oracle model. Furthermore, compared with similar systems, the proposed one also has lower computational complexity as a whole. Full article

Current authentication schemes based on zero-knowledge proof (ZKP) still face issues such as high computation costs, low efficiency, and security assurance difficulty. Therefore, we propose a secure and efficient authentication scheme (SEAS) for large-scale IoT devices based on ZKP. In the initialization phase, the trusted authority creates prerequisites for device traceability and system security. Then, we propose a new registration method to ensure device anonymity. In the identity tracing and revocation phase, we revoke the real identity of abnormal devices by decrypting and updating group public keys, avoiding their access and reducing revocation costs. In the authentication phase, we check the arithmetic relationship between blind certificates, proofs, and other random data. We propose a new anonymous batch authentication method to effectively reduce computation costs, enhance authentication efficiency, and guarantee device authentication security. Security analysis and experimental results show that an SEAS can ensure security and effectively reduce verification time and energy costs. Its security and performance exceed existing schemes. Full article

In the current 5G vehicle network system, there are security issues such as wireless intrusion, privacy leakage, and remote control. To address these challenges, an improved lightweight anonymous authentication key negotiation scheme based on certificate-less aggregate signatures is proposed and its security and efficiency are analyzed. The result shows that the scheme can offer security attributes including anonymity, traceability, and revocability, as well as effective identity authentication, and it can resist forgery attacks, man-in-the-middle attacks, tampering attacks, and smart card loss attacks. Moreover, compared with similar schemes, it possesses superior security and more efficient computational efficiency and less communication overhead, thereby being more appropriate for high-speed, large-capacity, low-latency, and resource-constrained 5G vehicle network application scenarios. Full article

Vehicular ad-hoc networks (VANETs) can significantly improve the level of urban traffic management. However, the sender unlinkability has become an intricate issue in the field of VANETs’ encryption. As the sender signcrypts a message, the receiver has to use the sender’s identity or public key to decrypt it. Consequently, the sender can be traced using the same identity or public key, which poses some security risks to the sender. To address this issue, we present an unlinkable and revocable signcryption scheme (URSCS), where an efficient and powerful signcryption mechanism is adopted for communication. The sender constructs a polynomial to generate a unique session key for each communication, which is then transmitted to a group of receivers, enabling the same secret message to be sent to multiple receivers. Each time a secret message is sent, a new key pair is generated, and an anonymization mechanism is introduced to conceal the true identity of the vehicle, thus preventing malicious attackers from tracing the sender through the public key or the real identity. With the introduction of the identification public key, this scheme supports either multiple receivers or a single receiver, where the receiver can be either road side units (RSUs) or vehicles. Additionally, a complete revocation mechanism is constructed with extremely low communication overhead, utilizing the Chinese remainder theorem (CRT). Formal and informal security analyses demonstrate that our URSCS scheme meets the expected security and privacy requirements of VANETs. The performance analysis shows that our URSCS scheme outperforms other represented schemes. Full article

Authentication is a crucial security service on the Internet. In real-world applications, multiple independent trust domains often exist, with each recognizing only certain identities within their own systems. During cross-domain access, users cannot directly use their original certificates, which presents a cross-domain authentication problem. Traditional centralized schemes typically employ a trusted third party (TTP) to facilitate the transfer of identity trust across domains. These schemes inevitably inherit the vulnerabilities associated with single points of failure. In contrast, blockchain-based decentralized schemes effectively eliminate the potential threats posed by TTPs. However, the openness and transparency of the blockchain also bring new security issues, such as privacy leakage. In this paper, we propose a zk-SNARK-based anonymous scheme on the blockchain for cross-domain authentication. Specifically, our scheme adopts an authorization-then-proof structure, which strikes a delicate balance between anonymity and revocability. We provide theoretical proofs for the security of our scheme and explain how it achieves proactive revocability. Experimental evaluation results demonstrated that our scheme is both secure and efficient, and the revocation could be accomplished by introducing only 64 bytes of on-chain storage with one hash comparison. Full article

Distributed grid-connected photovoltaic (PV) generation explores several methods that produce energy at or near the point of consumption, with the aim of reducing electricity losses among transmission networks. Consequently, home on-grid PV applications have garnered increased interest from both scientific researchers and industry professionals over the last decade. Nevertheless, the growing installation of intermittent nature residential PV systems (R-PV) in low-voltage distribution networks is leading to more cautious considerations of technology limitations and PV design challenges. This conservative perspective arises from the standpoint of grid quality and security, ultimately resulting in the revocation of PV connection authorization. Hence, the design of R-PV systems should consider not only the specifications of the PV panels and load profiles but also the characteristics and requirements of the connected power grid. This project therefore seeks to enhance the design considerations of grid-connected PV systems, in order to help the end-users meet the grid codes set out by the Saudi Electricity Regulatory Authority (SERA). Since the maximum amount of generated power is essential for PV system optimization, the ratio of grid strength to maximum transmitted power was employed to ascertain the suitable capacity of the PV system, while the assessment of PV power output was utilized to specify the system size. Furthermore, a battery energy storage system (BESS) with a small size (~10% of the PV capacity) is employed to enhance the PV power quality for a dependable grid interconnection. The BESS is equipped with a versatile power controller in order to achieve the designed objectives. The obtained results show an essential advancement in terms of power quality and reliability at the customer’s connection point. Moreover, with the design assessment process, the low-voltage ride-through (LVRT) and power factor requirements can be met, in addition to the total harmonic distortion (THD) and frequency transient limitations. The proposed solution assists end-users in efficiently designing their own R-PV systems while ensuring quality and sustainability for authorized grid interconnection. Full article