ABSTRACT. False base stations, also known as rogue or fake base stations, pose significant security risks in 5G networks by intercepting communications, performing man-in-the-middle attacks, tracking user locations, and disrupting network services. These threats enable attackers to eavesdrop on sensitive information, steal credentials, and compromise user privacy and network integrity. This paper introduces a method for detecting these false base stations using Long Short-Term Memory (LSTM) neural networks. The LSTM model can distinguish between legitimate and illegitimate base stations by analyzing time-based patterns in measurement reports. Experimental results demonstrate that our approach effectively identifies suspicious activities indicating the presence of a false base station, archiving accuracy of 95.33%, recall of 98.26%, and F1-Score of 95.39% while keeping the FPR as low as 7.50%. Detailed K-fold cross-validation further confirmed the robustness and reliability of the model, with accuracy ranging from 94.61% to 95.06%, precision from 92.43% to 92.67%, recall from 97.17% to 97.87%, and F1-Scores consistently above 94.74%, showing minimal variation across folds. These findings suggest that this method can enhance the security of 5G environments by mitigating the threats posed by false base stations.

ABSTRACT. In recent years, network communication technology has advanced rapidly in different applications to fulfill our everyday needs and color our everyday lives. Even this, there are still substantial rooms for improvement of 5G related technologies and services, like the quality of instant messaging delivery, resource scheduling efficiency, the management of network-slices data packets, etc. Therefore, in this study, we propose a novel Scheduling and Resource Allocation (SRA) assistant, named Resource Priorities Allocation (RPA), which, allocating RBs to UEs for transmitting data of different priorities in a 5G frame establishes six priority queues to temporarily hold packets of three network slices, i.e., enhanced Mobile Broadband (eMBB), massive Machine Type Communications (mMTC) and ultra-Reliable Low-Latency Communications (uRLLC). All undelivered packets will be moved to a special priority queue, in which packets will be sent with the highest priority, i.e., prioritized method, in the next frame.

ABSTRACT. Distributed Denial of Service(DDoS) attacks occurring at mobile network base stations can lead to network performance degradation and increased latency, making detection essential for maintaining network stability. To address this issue, this study proposes an LSTM Autoencoder-based anomaly detection model that effectively detects DDoS attacks by utilizing KPI metrics. The LSTM Autoencoder learns normal patterns from the KPI data of mobile base stations and identifies abnormal patterns in new data. By leveraging the temporal learning capabilities of LSTM, the model is particularly well-suited to detect abnormal changes in signal quality over specific periods. Experimental results demonstrate that the proposed LSTM Autoencoder outperforms the traditional Autoencoder, achieving a 12.76% improvement in F1 score and a 20.22% improvement in accuracy.

ABSTRACT. As 5G network technology, designed for high reliability, extremely low latency, and high capacity, particularly develops into private 5G networks for specific industries, universities, and designated users, the demand for more advanced and intelligent network security becomes essential. To ensure network security within private 5G environments, this paper presents the design of a 5G test network intended to enhance trusted integration with existing corporate networks and to provide a secure environment for utilizing private 5G network services. Additionally, this paper explains the approach to collecting and processing data within the private 5G test network environment, which is configured and designed for the practical execution of cyber threat.

ABSTRACT. The increasing complexity and scale of cyber threats, driven by advances in AI, IoT, and cloud computing, have created a need for highly skilled cybersecurity professionals. Current cybersecurity training solutions face limitations in addressing the dynamic nature of threats, lacking real-time adaptability and personalized learning experiences. This paper introduces CENTAURI(Cybersecurity Exercise and Training Automation Using Realtime Interaction), a conceptual platform that leverages multiple generative AI models to create dynamic, cloud-based cybersecurity training environments. CENTAURI aims to provide personalized learning experiences by adapting difficulty levels and content in real-time, utilizing generative AI-driven behavioral analysis. The proposed architecture integrates infrastructure management, user analysis, and feedback generation modules, each operating as a Multi-Agent System (MAS) following the MAPE-K (Monitor, Analyze, Plan, Execute, and Knowledge) process. By automating the generation and management of training infrastructure, CENTAURI conceptually addresses the resource-intensive nature of cybersecurity training while enhancing the potential effectiveness of the learning process. This paper presents the theoretical framework of CENTAURI, discussing its potential benefits and challenges in revolutionizing cybersecurity education.

ABSTRACT. In this paper, we present PhiShield which is a system designed to offer real-time email collection and analysis at the end node. Before our work, most existing spam detection systems focused more on detection accuracy rather than a personalized user experience. PhiShield is introduced to enhance the user experience by precisely choosing the deployment location where it achieves personalization. First, PhiShield is a system designed to allow proactive phishing prevention for users. The PhiShield is located where before a user clicks an email but after it is delivered completely without any encryption. Moreover, we adopt AI model-based detection rules, which are suitable enough for practical phishing email detection. Moreover, it provides a personalized solution as the AI model that PhiShield uses does not rely on the given rule sets and can be trained from the personalized data. This enables Phishield to check the status of the user's security posture by providing a detailed personalized report at the end node. Therefore, it gives users transparency and helps them to mitigate phishing risks in practice. In this paper, we implement PhiShield as a Chrome extension and show the scalability and practicality of our solution.

ABSTRACT. With the advancement of technology, location tracking systems such as the Global Positioning System (GPS), part of the Global Navigation Satellite System (GNSS), have become widely used. However, these technologies suffer from reduced accuracy in environments with signal blockages, delays, or complex driving conditions, such as urban areas with tall buildings, tunnels, or indoor parking lots. To address these challenges, this study proposes the ARGUS system, which utilizes the built-in Inertial Measurement Unit (IMU) sensors in smartphones and the in-vehicle network, Controller Area Network (CAN). The ARGUS leverages a Transformer-based deep learning model to reconstruct and track vehicle trajectories with high accuracy, even without relying on GNSS, by using accelerometer, gyroscope, magnetometer, and orientation data from the smartphone's IMU, along with speed data from CAN. Experimental results show that the ARGUS achieved a minimum trajectory reconstruction error of 97 meters for up to 2 hours and a minimum destination inference error of 142 meters. We validated the ARGUS through experiments involving multiple drivers, different vehicle models, and various driving environments. This research overcomes the limitations of existing location tracking systems and contributes to improved vehicle operation and safety management, especially in areas prone to signal blockages or delays.

ABSTRACT. This research presents a comprehensive study of machine learning techniques for detecting malicious URLs in the realm of cybersecurity. Malicious URLs pose significant threats to internet security, often used to steal personal information or distribute malware. Although machine learning and deep learning methods have been increasingly utilized for detecting these URLs, there is limited research on the effectiveness of stacking models that combine various algorithms. This study aims to fill this gap by comparing the performance of three prominent machine learning models—Random Forest, XGBoost, and LightGBM—with three deep learning models—LSTM, BiL-STM, and GRU. The findings reveal that machine learning models outperformed deep learning models, achieving accuracy scores of 91%, 92%, and 92% for Random Forest, XGBoost, and LightGBM, respectively, while LSTM, BiLSTM, and GRU achieved accuracy scores of 89%, 91%, and 92%. Additionally, the study introduces a stacked model approach that integrates the strengths of these individual models, resulting in an improved accuracy score of 93%. These results highlight the superior performance of machine learning models in identifying malicious URLs and demonstrate the potential of stacked models to further enhance detection precision. The implications of this study are significant for businesses and individuals seeking to mitigate online security threats, offering an advanced tool for protecting against malicious URLs.

ABSTRACT. The emergence of adversarial patches represents a significant challenge to the robustness of AI models, particularly in the domain of computer vision tasks such as object detection. In contrast to traditional adversarial examples, these patches target specific regions of an image, resulting in malfunction of AI models. This paper proposes Incremental Patch Generation (IPG), a method that generates adversarial patches up to 11.1 times more efficiently than existing approaches while maintaining comparable attack performance. The efficacy of IPG is demonstrated by experiments and ablation studies including YOLO's feature distribution visualization, which show that it produces well-generalized patches that effectively cover a broader range of model vulnerabilities. Our findings indicate that IPG has considerable potential for future utilization in adversarial patch defenses.

ABSTRACT. Mobile users can easily set their geographic locations virtually to specified locations using location simulation technology, which is widely used in the commercial promotion of location-based services and is also heavily used in user location privacy theft and network fraud. For this reason, researchers have proposed a series of location simulation detection methods to accurately identify false location information generated by location-based simulation technologies and tools. In order to better protect the location privacy of mobile application users, this paper summarizes the location simulation and detection technologies in location-based service (LBS) applications. We introduce four types of location simulation technologies, including those based on virtual location software, system-level location modification, developer tools, and the generation and forgery of GPS signals, analyze the advantages and disadvantages of each type of simulation technology, and conduct a comparative analysis of the performance of mainstream location simulation software. On this basis, we classify the location simulation detection technologies into four categories, namely, based on multisource verification, behavioral analysis, operating environment, and location proof, and provide a brief introduction to the principles, respectively, analyze the detection capabilities, advantages, and disadvantages of different location simulation detection technologies, and point out that location simulation behaviors based on different technologies can be effectively identified by specific detection methods. Further, the paper points out the problems for further research.

ABSTRACT. The traditional Flying Ad hoc Network (FANETs) relying solely on ad hoc routing protocols suffers from a high packet loss rate when the topology changes frequently. To tackle this issue, this paper presents a networking scheme called SINET-OLSR. In this scheme, access network users and core network ARs are connected through static routes with single hops, while core network nodes are routed via traditional wireless Ad hoc networking protocols. This paper improves the traditional SINET protocol flow to enable mobile switching between users and ARs. The SINET-OLSR scheme is implemented in the NS3 environment and is compared with the traditional OLSR scheme in terms of mobility switching delay and packet loss rate. Experimental results indicate that the SINET-OLSR scheme significantly reduces the packet loss rate.

ABSTRACT. With the increasing importance of satellite communications in B5G/6G networks, satellite network security has become a critical issue. In this paper, distinct from existing literature that primarily focuses on Distributed Denial of Service (DDoS) attack detection schemes for the uplink between ground nodes and satellite nodes, we propose a detection method specifically targeting low-rate DDoS attacks between satellite nodes in multilayer satellite networks. By combining the AlexNet convolutional neural network and the Random Forest (RF) model to construct an ensemble of small models, the proposed method effectively identifies and classifies low-rate DDoS attack traffic originating from satellite nodes. To adapt to the special characteristics of satellite networks, we designed tunnels based on the Delay-Tolerant Networking (DTN) architecture to enable the conversion between the IP stack and the Bundle Protocol (BP) stack. Experimental results demonstrate that the proposed method outperforms existing models regarding precision and F1 score for attack detection. It provides effective security protection for key nodes of multilayer satellite networks and has good potential for practical application.

ABSTRACT. The rise of cooperative vehicles presents new solutions for tackling traffic challenges, particularly in route optimization for travelers. This paper introduces two innovative modules: Secure Hybrid Authentication and Fusion Algorithm (SHAFA), which form a secure, localized route recommendation system. This work utilizes traffic data—such as vehicle speed and density—gathered from a centralized hub to inform real-time routing through Fusion Algorithm (FA). By combining genetic and heuristic methods, FA evaluates factors to deliver optimal routes to cooperative vehicles. Secure communication is ensured through the SHA framework, maintaining privacy and data integrity. Simulation results demonstrate that SHAFA consistently identifies better routes compared to traditional greedy algorithms, highlighting its potential to enhance traffic flow and improve user experience.

ABSTRACT. Zero Trust Architecture (ZTA) is a modern security framework based on the principle of "never trust, always verify," requiring continuous validation of all access requests to protect organizational resources. This approach enhances security by rigorously verifying every access attempt from both internal and external sources. However, constant reauthentication can disrupt workflows and reduce productivity, particularly for roles that require frequent access to various resources. To address this, we propose a model utilizing Policy Information Points (PIPs) that collect user behavior, device status, and network activity information. This model enhances security measures in real-time by gathering and scrutinizing real-time information, improving user work efficiency. The proposed model enables seamless transitions between resources with minimal reauthentication, adhering to ZTA principles while providing a smooth working environment. This paper explains the components of ZTA and Software Defined Perimeter (SDP), discusses the proposed model utilizing PIPs, and presents a model that enhances work efficiency while maintaining security.

ABSTRACT. As the development of large-scale quantum computing continues to progress, it is widely recognized that the security of current cryptographic systems, such as RSA and elliptic curve cryptography, is seriously threatened. These systems depend on the hardness of integer factorization problems or discrete logarithms problems on elliptic curves, both of which are vulnerable to quantum attacks. In response, lattice-based cryptography has emerged as a promising next-generation solution based on the hardness of the Shortest Vector Problem (SVP) and its approximate variants on lattices. However, the deployment of lattice-based cryptography necessitates careful parameter optimization and insights from research into attack algorithms and large-scale computational challenges.

Sieve algorithm is one of the most practical lattice attack algorithms. In this work, we propose a parallelized version of the Tuple Sieve algorithm, an approximate SVP-solving algorithm that offers reduced memory usage compared to the Parallel Gauss Sieve algorithm introduced by Ishiguro et al. at PKC 2014. Our algorithm was implemented and tested on a multi-core CPU. Evaluations on low-dimensional lattices, such as a 42-dimensional lattice using 16 cores, demonstrated a speedup of approximately 31x over the conventional Tuple Sieve algorithm, alongside a 43\% reduction in memory usage compared to the original Tuple Sieve; and a 67\% reduction in spacial cost derives compared to the Parallel Gauss Sieve.

ABSTRACT. With the rapid development of the Internet, the use of APIs(Application Programming Interface) has become increasingly prevalent, highlighting the growing importance of API security. According to the OWASP(Open Worldwide Application Security Project) API Security Top 10 and Traceable’s API security risk reports, the current state of API security threats is evident. In response to these challenges, this paper proposes a signature-based web API intrusion detection algorithm utilizing Regular Expressions(Regex). Intrusion detection can be categorized into two approaches: signature-based and specification-based. The signature-based approach defines attack patterns in advance and identifies attacks by matching incoming API calls with these predefined patterns. To effectively capture these patterns, this study employs Regular Expressions to establish a set of rules for string matching. The proposed algorithm converts API calls into structured JSON(JavaScript Object Notation) format and uses Regular Expression rules to identify potential malicious patterns within the data. The algorithm is evaluated using the F1 score to validate its performance. The paper concludes with an evaluation of the proposed method and suggests future research directions focusing on specification-based intrusion detection algorithms.

ABSTRACT. Bluetooth technology has become essential element of wireless communications, en-abling short-range data transfer between a variety of devices, making it critical to ensuresecurity and privacy. The paper “BLUFFS: Bluetooth Forward and Future Secure Attacksand Defenses” presented at the CCS conference in 2023 discovered vulnerabilities in stan-dard Bluetooth protocols, indicating that they could be exposed to BLUFFS attacks, apotential attack that could compromise both past and future communication sessions. Thepaper proposed an enhanced protocol resolving these vulnerabilities by introducing addi-tional procedures into the standard protocol to improve secrecy and integrity, but thesemodifications can increase the complexity of the protocol and reduce its efficiency. Thispaper aims to optimize the communication packets required during the session establish-ment process while maintaining the high security level proposed in the BLUFFS paper,thus increasing compatibility with the standard protocol while increasing efficiency. Tothis end, we designed a new protocol based on counter and efficient use of message authen-tication codes. We analyzed the safety of the proposed protocol against BLUFFS attackand showed that forward security is provided. We also showed that efficiency is improvedthrough comparison with existing protocols.

ABSTRACT. Static Application Security Testing (SAST) tools play a critical role in detecting vulnerabilities in mobile apps by analyzing the source code without executing the app. These tools are essential in modern development workflows, particularly in Continuous Integration/Continuous Deployment (CI/CD) pipelines. However, SAST tools face significant limitations due to their dependence on predefined rules and patterns. As a result, many vulnerabilities, particularly complex ones, such as cryptographic flaws or multi-component interactions, go undetected.

Despite the introduction of unified frameworks such as the OWASP Mobile Application Security Verification Standard (MASVS) and the Mobile Application Security Testing Guide (MASTG), which standardize mobile application security assessments, the data sets used to train and evaluate SAST tools of Android Apps cover only specific categories of vulnerabilities. In addition, most of the available datasets do not contain recent vulnerability patterns.

This paper introduces a novel and comprehensive vulnerable app data set for Android Apps (i.e., the OWApp Benchmark) that maps the OWASP MASVS, to fill this gap. This benchmark improves the evaluation of Android SAST tools by providing broader coverage of security controls, thus improving the detection of a more comprehensive range of vulnerabilities. Each dataset entry includes source code, APK, vulnerability details, and relevant artifacts to support accurate evaluations.

ABSTRACT. The security level of specification-based misbehavior detection (SMD) technique for cyber-physical system security is anchored on from the formulation of the security requirements, identification of threats, and derivation of behavior-rules, all of which are highly dependent with the expert domain. Unfortunately, finding such an expert is quite challenging in reality, not to mention those with cross-domain experience and with hacking mindset. Motivated by it, this paper retunes large language model that as serve the artificial expert, offering assistance for the derivation of security materials of the SMD framework. The artificial expert has potential to completely and correctly derive the materials regardless of the domain application, thereby, ensuring its effectiveness in capturing misbehaviors.

ABSTRACT. With the widespread of Android mobile devices, the Android system has been a prime target of malware. Although neural network-based Android malware detection approaches have shown significant effectiveness, they often encounter challenges in providing explainability due to their complexity. With explainability, users can understand the model, anticipate the biases, and perform further improvement. Moreover, given the fast evaluation of Android malware, explainability provides an opportunity to adopt the model for future malware. Therefore, explainability is a highly desired property for a neural network model to be reliable, predictable, and robust. Given this, this research proposed a graph attention network-based Android malware detection framework with explainability. The framework determines whether malicious behavior appears by analyzing the data flow of the Android App. Furthermore, it provides explainability by leveraging the attention mechanism of graph attention networks. Researchers can obtain information on the involved Android application programming interface, such as the names and execution orders. Hence, further validation or inspection is possible. The experiment shows that the proposed framework achieves 97.4 % precision. Also, this research includes an illustration showing what insight researchers can get by utilizing the explanation.

ABSTRACT. In the current cybersecurity landscape is characterized by complex attack patterns and rapidly evolving threats, making log sequence analysis a critical tool. Traditional methods struggle with processing large-scale log data and performing cross-source correlation analysis, limiting their ability to detect new threats. This study proposes a log sequence-based threat detection and anomaly analysis methodology that learns behavior patterns and detects abnormal behaviors. The approach integrates logs from various sources and utilizes advanced deep learning techniques, particularly a fine- tuned BERT model, to identify causal and sequential relationships within log data without extensive labeled datasets. By employing unsupervised learning for normal behavior modeling and classification methods for anomaly detection, the methodology demonstrates potential in distinguishing between normal and malicious behaviors, overcoming limitations of existing approaches.

ABSTRACT. In 1998, Blaze, Bleumer and Strauss presented a cryptographic approach known as Proxy Re-Encryption (PRE) at Eurocrypt. This innovative scheme allows a delegator to generate a re-encryption key, which is handed to a partially trusted proxy. The proxy can then use this key to convert a ciphertext, originally encrypted with Alice’s public key, into one encrypted with Bob’s public key, all while maintaining the confidentiality of the original plaintext. In 2013, Wang et. al introduced a novel concept called PRE+, which serves as a dual to traditional Proxy Re-Encryption (PRE). Rather than the delegator, the encryptor generates the re-encryption key in PRE+. The encryptor uses an ephemeral random number and the public key of the delegator and delegatee to generate the re-encryption key, which is used to re-encrypt the encrypted message. This approach is especially useful in situations that require fine-grained and non-transferable delegation of access rights, ensuring more precise control over who can access encrypted data. Threshold Proxy Re-Encryption (TPRE) schemes distribute the re-encryption task among multiple proxies by employing techniques like Shamir’s secret sharing scheme to address these concerns. This method enhances security by eliminating the dependency on a single proxy, thereby reducing the risk of collusion. To the best of our knowledge, there does not exist a threshold proxy re-encryption+ (TPRE+). In this paper, our work is divided into two-fold: 1) We have designed a Semantically Secure TPRE+ scheme, and 2) We have also designed an IND-CCA Secure TPRE+ scheme.

ABSTRACT. A sequential aggregate signature scheme (SAS) allows multiple potential signers to se- quentially aggregate their respective signatures into a single compact signature. Typically, verification of a SAS signatures requires access to all messages and public key pairs utilized in the aggregate generation. However, efficiency is crucial for cryptographic protocols to facilitate their practical implementation. To this end, we propose a sequential aggregate signature scheme with very lazy verification for a set of user-message pairs, allowing the verification algorithm to operate without requiring access to all messages and public key pairs in the sequence. This construction is based on the RSA assumption in the random oracle model and is particularly beneficial in resource constrained applications that involve forwarding of authenticated information between parties, such as certificate chains. As an extension of this work, we introduce the notion of sequentially aggregatable proxy re-signatures that enables third parties or proxies to transform aggregatable signatures under one public key to another, useful in applications such as sharing web certificates and authentication of network paths. We also present a construction of a sequential aggregate proxy re-signature scheme, secure in the random oracle model based on the RSA assumption, which may be of independent interest

ABSTRACT. This study presents a novel approach to user identification, utilizing surface electromyography (sEMG) and accelerometer sensors combined with deep learning methods. The increasing need for secure and efficient user authentication has driven interest in biometric solutions. This research examines the potential of integrating sEMG and accelerometer data to create a dependable, non-invasive user identification system. The Ninapro DB5 dataset, a comprehensive public resource containing sEMG and accelerometer data from 10 individuals performing various hand movements and gestures, was used in this study. This dataset provided a consistent and diverse foundation for training and testing our deep learning models. We developed and evaluated multiple deep learning architectures for processing and classifying multimodal sensor data, including Convolutional Neural Networks (CNNs), Long Short-Term Memory (LSTM), Bidirectional LSTM (BiLSTM), Gated Recurrent Unit (GRU), and Bidirectional GRU (BiGRU). Among these models, the BiGRU achieved the highest accuracy in user identification, with a score of 96.97% and an F1-score of 96.95%, significantly outperforming the other architectures. In contrast, the CNN model had the lowest performance, with an accuracy of 68.46\%, while the LSTM, BiLSTM, and GRU models achieved accuracies of 75.19%, 95.18%, and 88.40%, respectively. The superior performance of the BiGRU model is attributed to its ability to capture complex bidirectional temporal relationships in multimodal sensor data.

ABSTRACT. This research paper presents the experience of the authors in implementing protocols for authentication and authorization, along with secure key exchange mechanisms for accessing remote resources within a computing continuum scenario. The implementation encompasses a comprehensive security framework designed to facilitate secure access control and cryptographic key management across resource-constrained iot devices, edge nodes, and cloud platforms, addressing the unique challenges of distributed computing environments. In particular, this implementation integrates the ace framework, edhoc protocol, and oscore protocol. The proposed model combines ace for authentication and authorization, edhoc for secure key exchange, and oscorefor message security. By facilitating the delegation of authorization management to less constrained trusted hosts, the work optimizes resource utilization while maintaining robust security across the entire continuum.

ABSTRACT. This paper addresses the security challenges in Federated Learning (FL) by proposing FLARE (Federated Learning with Autonomous Robust Enhancements), a blockchain-based solution. While FL enables collaborative model training without sharing raw data, existing systems often rely on a centralized server for aggregation, creating vulnerabilities and a single point of failure. FLARE integrates blockchain to decentralize trust, ensuring that model updates are securely validated, recorded, and tamper-resistant. By leveraging a hierarchical network structure, FLARE enhances scalability, robustness, and client security. The proposed method mitigates risks like model poisoning and malicious clients in real-world federated learning systems.

ABSTRACT. In the distributed cloud-edge continuum (CEC), high unpredictability and variability of workloads is a major challenge for an edge service provider (ESP), who wants to achieve an optimal trade-off between the quality of experience (QoE) it offers to its heterogeneous edge users (EUs) and the cost for renting edge resources. In this paper, we propose QoE-aware spot pricing schemes that align edge user’s incentives with ESP’s system-level objectives. In particular, the proposed personalized spot pricing scheme (PSP) deals with the “tragedy of the commons” phenomenon by applying personalized discounts to elastic EUs according to each one’s individual contribution to overall system’s cost reduction. Simulation results show that PSP affects EUs’ behavior much more efficiently than the state-of-the-art spot pricing scheme by: i) ensuring fair allocation of financial benefits among EUs so that inelastic users do not benefit from the actions of elastic users, ii) considerably reducing system’s cost (from 15% in low elasticity up to 35% in high elasticity scenarios), and iii) negligibly deteriorating aggregated EUs’ welfare up to 2.5%.

ABSTRACT. CSIDH (Commutative Supersingular Isogeny Diffie-Hellman) is a post-quantum cryptographic protocol that uses supersingular elliptic curves and isogenies for secure key exchange. However, this protocol is not side-channel resistant. Various algorithms with side-channel attack resistance have been proposed for CSIDH. In 2018, Meyer et al. proposed a constant-time CSIDH algorithm based on dummy isogeny calculations. In 2019, Onuki et al. proposed a more efficient method by keeping two torsion points on an elliptic curve. In the same year, Cervantes-Vázquez et al. proposed improvements to the versions by Meyer et al. (CCCDRS-MCR algorithm) and Onuki et al. (CCCDRS-OAYT algorithm), as well as a dummy-free proposal for security against fault-injection attacks (CCCDRS-dummy-free algorithm). However, the CCCDRS-dummy-free method is more expensive computationally. In our work, we use the concept of a relation lattice introduced in CSI-FiSh (Constant-Time Supersingular Isogeny FHE Scheme), a signature scheme based on the group action of CSIDH. Note that CSI-FISH can work in constant-time and is secure against side-channel attacks. Our work results in an algorithm that is constant-time, secure against fault-injection attacks, and faster than the CCCDRS-dummy-free algorithm.

ABSTRACT. This study focuses on developing evaluation items and indicators to enhance cyber resilience. As cyberattacks become increasingly sophisticated and frequent, ensuring system resilience beyond traditional security measures is essential for organizations. The study analyzes the fundamental components of cyber resilience, along with global examples and frameworks, to propose step-by-step evaluation items for policy formulation, priority identification, threat anticipation, system resistance, rapid recovery, and continuous learning and evolving. This approach provides a foundation for organizations to ensure business continuity and effectively respond to cyber threats.

ABSTRACT. ChaCha is a widely employed stream cipher in hardware and software applications, including its use in TLS 1.3. It generates a 512-bit keystream using modular addition, constant rotation, and an exclusive OR operation. The security of ChaCha primarily depends on modular addition, which serves as the central nonlinear operation in its structure. ChaCha's resistance to conventional differential cryptanalysis increases significantly after 3.5 rounds, making searching for long differential characteristics with a high probability of occurrence more challenging. Consequently, we focused on identifying short differential characteristics with higher probabilities and launched an attack on ChaCha using amplified boomerang cryptanalysis. In this work, we introduced distinguishers for ChaCha 7, ChaCha 6, and ChaCha 4, with complexities of $2^{35.99}$, $2^{36}$, and $2^{34}$, respectively. This represents the first amplified boomerang attack and the most effective distinguisher attack on the reduced rounds of ChaCha.

ABSTRACT. Image steganography is one of the prominent technologies in data hiding standards. Its goal is to embed confidential data into images without causing perceptible changes in the original image. Higher embedding capacity is one of the important requirements today, but increasing the hiding capacity distorts the stego's visual quality making the system easily detectable to the eavesdropper. An appropriate embedding technique along with efficient system may achieve a fair balance between embedding capacity and stego image imperceptibility, but it is challenging. In this article, we present a randomized embedding approach that improves the security and robustness of the system by hiding secrets in RGB images. Instead of using the original cover image, a 5-LSBs modified cover image is subjected to a hybrid edge detection technique by using the Fuzzy, Canny, and Prewitt filters in order to maximize the payload capacity. The suggested approach embeds data using edge pixels only to reduce visually detectable distortion. The message is randomly incorporated into the edge pixels of blue channel's LSBs. The experiments showed that the method is sufficiently resilient against statistical attacks and provides an increased hiding capacity for concealing secrets in cover images without compromising the quality of the stego image. Furthermore, the outcomes demonstrated that the suggested algorithm outperformed other comparable strategies in every evaluation criterion.

ABSTRACT. Image steganography is one of the prominent technologies in data hiding standards. Its goal is to embed confidential data into images without causing perceptible changes in the original image. The increasing number of embedding bits make distortions in the stego's visual quality making the system easily detectable to the eavesdropper. An appropriate embedding technique along with an efficient system may achieve a fair balance between embedding capacity and stego image imperceptibility, but it is challenging. In this article, we present a randomized embedding approach based on the hybridization of multiple edge detectors that improve the security and robustness of the system by hiding secrets in RGB images. The cover image is subjected to a hybrid edge detection technique using the Fuzzy, Canny, and Prewitt filters to fine-tune the appropriate edges. The suggested approach embeds secret data using edge pixels only to reduce visually detectable distortion and resist the stego from visual attack. The message is randomly incorporated into the edge pixels of the blue channel's LSBs. The experiments show that the method conceals secrets in cover images without compromising the quality of the stego image and is sufficiently resilient against statistical attacks. Furthermore, the outcomes demonstrated that the suggested algorithm outperforms comparable strategies in every evaluation criterion.

ABSTRACT. In recent years, surveillance cameras have been introduced in various locations, and surveillance videos are being used to detect troubles early and preserve evidence. In these cases, supervisors are tasked with concentrating for long time, either by continuously monitoring live video or by identifying problematic scenes from recorded video. In this paper, we introduce a method that supports quick scene recognition by generating average images from surveillance videos to reduce these workloads.

ABSTRACT. The road to realize network automation has promoted the use of the so-called network intents to define the high-level goals that network services must accomplish. Thus, the process that resolves network intents into network services becomes a central point of study, as there is no canonical procedure to translate intents to network services, resulting in many ways of interpreting input intents and many different output network service definitions for the same interpretation. This aspect is particularly important for resolving intents that involve orchestrating security services. Within so many possibilities, some results could not include the security services. In this paper, we investigate those paths in a state-of-the-art network intent resolution process and propose to implement it using a distributed artificial intelligence (AI)-based reasoning mechanism that ensures the security services are orchestrated on-demand alongside other elements of network services.

ABSTRACT. Modern smart environments foresee the adoption of the ubiquitous computing concept. Everyday, users interact with a multitude of computing devices thanks to disparate interfaces. The proliferation of cyber attacks on security and privacy has led to a general acknowledgment of the need to better protect hardware and software products from cyber threats. Unfortunately, current product development often prioritizes fast deployment over the adoption of appropriate security measures. To cover this gap, the European Union (EU) proposed the Cyber Resilience Act (CRA) with the aim of improving cybersecurity and cyber resilience for products with digital components. The Horizon EU project CERTIFY proposes an approach and a framework to manage the cybersecurity of connected devices throughout their lifecycle. This paper provides an overview of the CERTIFY project and some preliminary observations on how it can support the CRA by means of a prototypical use case.

ABSTRACT. In this paper, we present the key concepts, principles and architecture approach of the EU Project PAROMA-MED. The project works on a novel hybrid cloud approach, with an elevated role of the edge, that introduces and utilizes advanced privacy preserving solutions. The overall objective is to accelerate the adoption of personal data federation on top of which Federated ML scenarios can be easily executed. The approach focuses on the establishment of high degree of trust between data owner and data management infrastructure so that consent in data processing is given by means of functional and enforceable options applicable at all levels of workloads and processes.

ABSTRACT. The growing importance of cross-domain collaboration to meet high demand and diverse requirements in service deployments has highlighted the need for robust Continuum Computing solutions. This approach seamlessly integrates computing resources across Cloud and Edge Computing, and beyond, to optimize resource usage and service delivery, even for organizations with limited resources. However, retrieving, sharing, and properly managing metrics about resources acquired across the continuum poses significant challenges. In this regard, telemetry, involving the automated collection and transmission of data, can be enhanced to become a pivotal technology for monitoring in distributed computing. This paper presents the design and implementation of a telemetry-based solution for multi-domain and cross-domain environments, applicable to existing distributed continuum frameworks. The solution facilitates the gathering, analysis, storage, and export of telemetry data across the continuum, while also considering security and privacy to ensure that data metrics are only available to service owners, regardless of the deployment location across the continuum. The solution is being integrated within the FLUIDOS framework as the Telemetry Service component. In the near future, it is expected that implementation results will be validated.

ABSTRACT. As artificial intelligence technology rapidly evolves, data security and privacy protection have become paramount concerns. Federated Learning, a privacy-preserving distributed machine learning approach, facilitates model training without the need for data to leave local devices, significantly reducing the risk of data breaches. Nevertheless, the variability in network conditions and the heterogeneity of data across devices can lead to performance disparities, introducing biases in the model transmission process and potentially compromising the effectiveness of privacy preservation. To mitigate this issue, we propose CAFL, a novel method for node feature extraction that combines node clustering based on Contrastive Learning with a Self-Attention mechanism. CAFL is designed to optimize task allocation and model aggregation by carefully assessing node characteristics. We select nodes with high performance and stability (termed ``strong node'') to construct a robust Federated Learning system. Experimental results demonstrate that CAFL outperforms its stochastic static counterparts in terms of network communication efficiency.

ABSTRACT. The big data era has created a plethora of platforms providing access to large amounts of image data on the Internet, which may contain private information. Private images are a hot target for attackers, who train deep learning models to automatically predict which images among the sea of data on the Internet contain privacy-sensitive information. One effective method for dealing with these privacy prediction attacks is misleading the deep learning models through data poisoning at training time to cause the model to make mistakes during inference. In this paper, we propose a novel color-based data poisoning backdoor approach for misleading adversarial privacy prediction models, which causes insignificant visual difference to human sight. We have performed experiments with the publicly available Privacy Alert dataset with classic image classification models including AlexNet, VGG16, Resnet18, and GoogleNet to evaluate the effectiveness of the method. Experiment results show that our algorithm can preserve the functionality of the model on clean data and sets triggers into images successfully. By setting the labels of affected data items to the opposite one, the average privacy prediction accuracy drops from 75.9% to 64.2% when the affected data ratio reaches 0.3 on the test set, demonstrating the effectiveness of the proposed approach in misleading adversarial privacy prediction.

ABSTRACT. Machine learning based access control (MLBAC) models are emerging as efficient access control systems today that can make accurate access control decisions while reducing the administrative load on the human administrators. With emergence of MLBAC models, there is an administration problem that need to be addressed to update and revise access control states in system, such as revoke access for a user on an object. In this paper, we focus on the administration problem of an instance of MLBAC model, i.e., environment aware deep learning based access control (DLBAC-Env). DLBAC-Env is a ResNet model makes access control decisions based on user, resource, and environment metadata in a system and provides the output that either allow or deny an access control request. For addressing administration problem in this model, we utilize a non-symbolic approach to incorporate changes in the access control states. Non-symbolic approaches perform better to symbolic approaches as shown by researchers. Our experimental results for DLBAC-Env administration problem demonstrate comparable results to prior work, thus implying its feasibility and applicability in real-world scenarios.

ABSTRACT. The sixth-generation (6G) wireless network is set to replace 5G, bringing significantly higher bandwidth and lower latency due to its ability to operate at higher frequencies. One of the principle objective of 6G is to achieve communication with a latency of one microsecond, which is 1000 times faster than current networks. This technology aims to create a seamless integration of the physical and digital worlds, offering a wide range of services such as enhanced Mobile Broadband (eMBB), massive Machine Type Communications (mMTC), Ultra-Reliable Low-Latency Communications (URLLC), immersive communication, AI-driven services, and enhanced precision-based services. However, offering respective services efficiently to end users presents a significant challenge. In this paper, we propose a machine learning-based model for efficient, secure and reliable network slicing in 6G networks. We have proposed a novel theoretical framework, NetSMoM, for network slicing monitoring and management. Initially, we use the Boruta feature selection algorithm to identify the most pertinent features from the dataset. These selected features are then fed into various machine-learning models to classify the appropriate network slice. Simulation results demonstrate that the combination of Boruta with the XGBoost classifier outperforms other existing machine learning models, providing the most accurate slice prediction.

ABSTRACT. Modern vehicles offer a wide range of features, such as audio, hands-free calling, contact management, and navigation, through advanced infotainment systems connected to mobile phones. However, these infotainment systems expose wireless attack surfaces, making them vulnerable to security threats. In particular, attacks that exploit the Bluetooth protocol can lead to unauthorized access to sensitive vehicle data or remote vehicle control, raising serious security concerns. This paper evaluates security threats at the Bluetooth protocol level targeting vehicle infotainment systems, analyzing vulnerabilities against attacks such as Denial of Service (DoS), Spoofed DoS, and Malware Injection. This study reveals that all devices tested are susceptible to these attacks, and there is a lack of research addressing these vulnerabilities within the automotive domain. To mitigate these threats, we propose a Bluetooth Intrusion Detection System (BIDS), an anomaly detection-based Intrusion Detection System specifically designed for vehicle Bluetooth networks. Using a machine learning-based approach, the system characterizes the normal and abnormal behaviors of the Bluetooth protocol, constructing a high-accuracy behavioral model.

ABSTRACT. In this paper, we implemented prototypes of various BERT Variants to improve the performance of anomaly detection systems, which are becoming increasingly important in the cybersecurity field and evaluated the system performance. The study's main objectives are to understand the impact of each model's unique architecture and training method on the anomaly detection task and to find the optimal trade-off between model performance and computational efficiency. The experimental results show that BERT-based models, especially the lightweight model, are effective in anomaly detection, and static padding outperforms dynamic padding. DistilBERT-base-uncased model was found to be the most balanced choice in terms of resource efficiency and performance. In contrast, RoBERTa-base and XLNet-base-cased models showed high performance when applying static padding after transfer learning, suggesting that pre-training and post-transfer learning performance should be considered when selecting a model. The results of this study are expected to provide important guidance for model selection in the design of future commercial anomaly detection systems. In future work, we plan to focus on further exploration of multi-task learning, semi-supervised learning, and transfer learning, as well as model lightweighting and improving inference speed.

ABSTRACT. The current smart key system enhances vehicle security and user convenience by allowing the vehicle to be unlocked and started without the need for a physical key. These systems perform interactions between the vehicle and the key via wireless communication and have become a standard feature in most modern vehicles. Initially, smart key systems operated by sending a unique signal from the key to the vehicle, unlocking the vehicle if the signals matched. However, this method was vulnerable to 'replay' attacks, where an attacker intercepted the signal sent from the smart key to the vehicle and retransmitted the same signal to unlock the vehicle. To address this vulnerability, the 'rolling code mechanism' was developed, which generates and uses a unique, encrypted one-time code for each communication between the smart key and the vehicle. This mechanism effectively protected against replay attacks. However, new threats such as 'roll-jam' attacks, which can bypass the security of rolling codes, and 'jamming' attacks, which disrupt the communication between the smart key and the vehicle, emerged. These attacks rendered traditional defense mechanisms insufficient. In response, this study proposes a defense mechanism that utilizes blockchain technology to protect communication between the smart key and the vehicle, ensuring the secure management of key fob signals. The proposed defense mechanism enhances security by assigning a unique timestamp and signature to each communication signal, preventing the retransmission of signals or disruption caused by jamming. Additionally, to prevent 'Sybil' attacks, where a malicious actor creates numerous fake nodes to overwhelm and take control of the blockchain network, the PoS (Proof of Stake) consensus algorithm is employed. PoS ensures that only participants who hold a certain amount of stake can become validators, thereby effectively mitigating the risk of Sybil attacks. Thus, the proposed defense mechanism provides a robust solution to address roll-jam, jamming, and Sybil attacks, offering an advanced level of security.

ABSTRACT. Recent advancements in deep learning and computing technologies have led to the widespread adoption of large models across various industries for applications such as natural language processing, image recognition, and speech recognition. Conventionally, large models require substantial computing resources and extensive datasets; however, cloud-based machine learning as a service (MLaaS) allows for prebuilt models that mitigate these requirements. Despite its convenience and efficiency, MLaaS is vulnerable to model extraction attacks, where attackers query the model to learn its outputs and replicate it. Furthermore, existing watermarking methods often degrade data learning performance. This paper proposes a watermarking technique that separates the training model from the watermark verification model to effectively defend against model extraction attacks while minimizing performance degradation. The proposed technique separates the watermark extraction model from the protected model and operates both in parallel. The experimental results demonstrate that the proposed technique improves watermark attack robustness by approximately 8.5% and enhances the watermark extraction success rate by 31.59% compared to conventional methods.

ABSTRACT. With the widespread use of mobile devices in modern life, security is becoming increasingly important as they handle sensitive corporate and personal information. Among them, the firmware of mobile devices is an important part that directly affects the security of the whole system. However, the existing firmware update method uses a single core to update the firmware, which has low-speed efficiency and security. In addition, it not only reanalyzes the whole previously verified firmware file, but the firmware analysis technology is not layered, which is inefficient in detecting vulnerabilities. Therefore, we propose a hierarchical partial network firmware update technique based on wireless networks using dual cores in this work. The proposed method improves the speed, reliability of firmware updates, and effectively detects vulnerabilities. Experimental results show that the proposed fuzzing technique finds 10.54, 7.905, and 7.905 more unique crashes than the conventional, conventional (partial), and conventional (hierarchical) at 300 seconds, respectively. Moreover, the proposed technique reduces memory usage by 75. 6 KiB, 36.5425 KiB, and 17.695 KiB than conventional, conventional (partial), and conventional (hierarchical) in 300 seconds, respectively. We also see that the proposed method found 2213.46, 1106.73, and 1106.73 more total crashes than conventional, conventional (partial), and conventional (hierarchical) in 300 seconds, respectively.

ABSTRACT. Quantum threats on traditional cryptography algorithms are influencing the various security protocols to consider the PQC(Post Quantum Cryptography) migration. With the need for forward secrecy increases, 5G primary authentication protocols 5G-AKA and EAP-AKA' are also under such influence. With this reason, forward secrecy supporting EAP-AKA' and it's PQC migrated version is actively discussed in IETF(Internet Engineering Task Force) community in a from of ietf-Draft. In this paper, while following these protocols latest draft, to discuss the feasibility of the PQC migrated protocol, we have implemented the latest standardized PQC algorithm ml-KEM(Key Encapsulation Mechanism) and suggested hybrid-PQC algorithm X-Wing. And with transplanting them to the 5G core open-source open5GS, we have conducted the computational analysis of PQC migration on EAP based 5G primary authentication.

ABSTRACT. The Log4Shell vulnerability, first identified in 2021, has significantly impacted global cybersecurity, ranking among the most critical vulnerabilities ever documented. In response to this threat, patches were swiftly developed and deployed. However, in environments where the implementation of firmware patches presents challenges—such as within the Internet of Things (IoT) and Industrial Control Systems (ICS)—systems remain susceptible to Log4Shell. Consequently, in addition to addressing the root cause of the issue through patches, there is an urgent need for methodologies that can detect and proactively respond to such attacks in their early stages. This study proposes a methodology for the collection of artifacts derived from heterogeneous logs generated by firewalls, web servers, and host devices, and delineates a strategy for the detection of Log4Shell attacks utilizing these artifacts throughout the progression of such attacks. Future research will include an experimental demonstration of the proposed detection schemes, categorizing the artifacts that can be collected according to the various stages of the attack.

ABSTRACT. Ransomware is a growing threat in the cybersecurity landscape, often encrypting user data at high speeds, bypassing traditional detection methods. Existing software-based entropy detection methods, while effective, face limitations such as high computational overhead and delayed response times, hindering real-time performance. This paper introduces a novel hardware-based approach to ransomware detection by measuring entropy in real time within memory controllers. The Capacitor in Memory for Entropy (CiME) system is proposed, consisting of two components: CiME-Q and CiME-R. CiME-Q measures entropy in the memory controller's Read/Write queues by monitoring the charge levels of capacitors that store binary data. CiME-R analyzes the uniformity of charge in DRAM cells to detect high-entropy operations, such as ransomware encryption. By directly analyzing data randomness at the hardware level, CiME offers a faster and more efficient detection method that overcomes the limitations of software-based approaches. This hardware-based method significantly reduces computational resource overhead, allowing for more efficient and timely detection of ransomware activity.

ABSTRACT. The digital transformation in all industries is increasing the importance of device management and security. Companies assign digital IDs to each node to efficiently manage various Internet of Things (IoT) nodes. Currently, digital IDs are divided into a distributed method defined by the World Wide Web Consortium (W3C) and a centralized method developed by the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC), and the standardization of mobile driver licenses is in progress. Since the digital IDs defined in the two standards require communication with a trust registry or issuing authority in the verification step for forgery and falsification, verification of mobile driver's licenses cannot be performed in specific environments, such as offline, which poses a problem regarding service availability. In this study, we propose a security threat scenario based on distributed mobile driver's license standard technology vulnerabilities and centralized mobile driver's license standard technology. In addition, to ensure the availability of digital IDs even in offline environments, we propose an One Time Password (OTP)-based Peer-to-Peer (P2P) authentication method that verifies the identity of the counterpart node based on the public key set of the issuing authority and allows the counterpart to confirm their identity.