View: session overviewtalk overview
| 09:00 | A Formal Security Analysis of SUCI-Stage Reused Key Binding in the 5G-AKA Family ABSTRACT. The 5G Authentication and Key Agreement (5G-AKA) family protects subscriber privacy in the initial identification stage through the Subscription Concealed Identifier (SUCI). However, the cryptographic relationship between the SUCI stage and the subsequent AKA stage remains relatively loose in many designs, leaving open questions regarding the security benefits of tighter cross-phase binding. This paper investigates the security implications of reusing SUCI-stage key materials to bind later AKA computations in the 5G-AKA family. Rather than focusing on a single protocol instance, we study this binding strategy as a general design principle and analyze its impact on representative 5G-AKA-style constructions. Our analysis focuses on two main questions: whether reused key binding introduces explicit cross-phase consistency between the SUCI and AKA stages, and whether it mitigates replay-driven failure-message-based linkability. To support this comparison, we also check basic SUCI-stage consistency using correspondence queries. We develop formal models in ProVerif and compare a baseline 5G-AKA-style setting with a bound setting that incorporates SUCI-stage reused key binding. In particular, we use correspondence queries to analyze basic SUCI-stage consistency and explicit cross-phase binding, and we employ choice-based observational equivalence to evaluate replay-driven linkability between same-subscriber and different-subscriber replay cases. The results show that both models preserve basic SUCI-stage consistency, but only the bound model satisfies the explicit cross-phase binding query. In addition, the bound model yields observational equivalence in the replay-driven linkability experiment, whereas the baseline model does not. These findings indicate that SUCI-stage reused key binding is not merely an implementation optimization, but a meaningful security design principle that can transform a weakly coupled SUCI-to-AKA relation into an explicitly bound one and can eliminate replay-driven distinguishability in the modeled setting. |
| 09:20 | EAP-EDHOC-PQC: Quantum-Safe Onboarding for IoT E-Business Based on Extensible Authentication Protocol PRESENTER: Adi Panca Saputra Iskandar ABSTRACT. The Internet of Things (IoT) underpins a growing range of e-business operations: networked vending machines, smart point-of-sale and self-checkout terminals, electronic shelf labels, smart-retail beacons, electric-vehicle (EV) chargers, smart parking meters, fleet and cold-chain trackers, and industrial sensor gateways. All of these onboard onto Wi-Fi or other non-3GPP networks via the Extensible Authentication Protocol (EAP) and must remain secure against a future quantum adversary. Ephemeral Diffie–Hellman over COSE (EDHOC, RFC 9528) is a lightweight authenticated key exchange for constrained devices, and the Internet-Draft draft-papon-lake-pq-edhoc defines five post-quantum (PQ) authentication variants over ML-KEM and ML-DSA. The combined impact of PQ key enlargement, EAP fragmentation, and RADIUS transport on a real AAA deployment, however, has not yet been quantified, and formal analyses of the PQ-EDHOC variants integrated with EAP are scarce. We close these gaps by proposing EAP-EDHOC-PQ, a unified EAP method that embeds all five PQ-EDHOC variants. We verify mutual authentication, session-key secrecy, forward secrecy, and replay resistance under a Dolev–Yao adversary in ProVerif, and we empirically evaluate the design on a heterogeneous IoT testbed (Raspberry Pi 5 Initiator, MacBook Air M3 Authenticator/Responder) across three deployments: Non-EAP, EAP-Standalone, and full EAP/RADIUS with FreeRADIUS. At a conservative 256-byte fragment size, total wire bytes range from 7,031 to 11,614 (29 to 48 fragments) and AAA-path handshake time from 56 ms to 440 ms across variants. A first-order energy model derived from the same measurements shows that fragment-induced I/O wait not cryptography—dominates the per-handshake energy of an IoT-class endpoint. The results quantify the trade-off between authentication strength, round-trip count, and fragmentation, and give concrete deployment guidance for PQ network-access authentication in e-business IoT settings. |
| 09:40 | Ubiquitous Intelligence for 6G Security: Hierarchical Federated Small Language Models for Resilient False Base Station Detection ABSTRACT. As the industry transitions toward 6G and Beyond 5G (B5G) systems, the paradigm is shifting from simple connectivity to ubiquitous intelligence. However, this evolution introduces significant security vulnerabilities, specifically the persistent threat of False Base Stations (FBS) that execute identity catching, Man-in-the-Middle (MitM) attacks, and service rejections. Traditional centralized AI solutions often fail to meet the strict privacy mandates and resource constraints of edge devices. This paper proposes a decentralized framework for on-device FBS detection that integrates Federated Learning (FL) with a Small Language Model (SLM) classifier built on a hierarchical packet-encoder bridge: a learned residual MLP maps each Radio Resource Control (RRC) and Non-Access Stratum (NAS) packet to a virtual token, which is concatenated with a short text instruction prefix and fed to a frozen 4-bit NormalFloat (NF4) quantized 270-million parameter Gemma-3 base with trainable Low-Rank Adaptation (LoRA) adapters. To enable federation under realistic edge constraints, we introduce Hierarchical Federated Adaptation (HFA), in which the packet encoder is personalized per client to absorb device-level feature variation while LoRA adapters are aggregated across clients via FedAvg, yielding a privacy-by-design layer that never transmits raw signaling logs. We evaluate the framework on the MODI cellular signaling corpus across a naturally non-IID per-file partition of $110$ training clients with $5.5\%$ per-round participation. Preliminary results show that initializing the federated phase from a converged centralized checkpoint recovers all three regimes (FedAvg-full, FedAvg-LoRA, HFA) to within $1\%$ of the centralized accuracy ceiling at round~$4$ ($0.802$--$0.816$ vs.\ centralized $0.818$) at a per-round communication cost approximately $4.7\times$ smaller than federating the full bf16 base. At round~$8$, HFA additionally beats the centralized baseline on the operational false-positive metric, reducing FPR by $35\%$ relative ($0.234$ vs.\ $0.356$) at comparable accuracy ($0.825$ vs.\ $0.818$); the mean per-client local accuracy under HFA reaches $\bar{a} = 0.958$ with standard deviation $\sigma = 0.148$, confirming that personalized encoders absorb device-level distribution variation. |
| 10:00 | An Energy-Efficient Synchronization Scheme Using Exponential Moving Average-Based Drift Compensation and Adaptive Reception Window for Wireless Sensor Networks ABSTRACT. Wireless sensor networks (WSNs) use long sleep intervals for low-power operation. However, accumulated clock drift during these periods leads to beacon reception failures and additional resynchronization overhead, thereby degrading both energy efficiency and reliability. Existing methods rely on fixed symmetric reception windows, which fail to capture the actual distribution characteristics of clock drift. Consequently, reception windows are typically configured based on the maximum drift rate, resulting in unnecessary listening overhead. To address these limitations, this paper proposes a synchronization scheme that combines Exponential Moving Average (EMA)-based drift pre-compensation with a residual statistics-based adaptive reception window. The proposed scheme predicts the drift accumulated during sleep intervals from historical observations and compensates for it at the wake-up time. It then dynamically determines the center and size of the reception window by continuously tracking the mean and variance of the residual error after compensation. Simulation results based on real measurement data collected using Raspberry Pi 5 show that the proposed scheme achieves an average reduction of over 90% in reception window size and approximately 83% in daily energy consumption compared to Time Slotted Channel Hopping (TSCH). In addition, it maintains a stable synchronization success rate of around 91%, demonstrating a clear improvement in reliability compared to TSCH, which achieves only about 50%. |
| 09:00 | Optimizing Multi-Hop Reasoning in E-Business Information Systems through Agentic Graph RAG with Efficient Reranking ABSTRACT. Traditional Retrieval Augmented Generation (RAG) systems often struggle with multi-hop reasoning and efficiency, limiting their ability to deliver accurate and context-rich responses in E-Business Information Systems. Although Graph RAG improves retrieval by leveraging structured knowledge, it still faces challenges of relevance, scalability, and latency. We propose an Agentic Graph RAG framework, where reasoning-model-based agents (o4-mini, Gemini-2.5-Flash) decompose queries and prune irrelevant paths, and rerankers (bge-reranker-base, ms-marco-MiniLM-L6-v2) enhance the quality of retrieved contexts. By addressing noise, computational overhead, and irrelevant retrieval, our framework effectively overcomes the limitations of traditional RAG and Graph RAG for knowledge-intensive digital business activities. Evaluations on subsets of LegalBench-RAG-mini and HotpotQA show that Agentic Graph RAG outperforms Graph RAG baselines in retrieval efficacy and correctness while maintaining real-time efficiency, demonstrating its potential as an adaptable and interpretable solution for multi-hop reasoning. This work further highlights the applicability of the framework to digital business environments where precision, effectiveness, and trustworthy decision-making are crucial, as evidenced by its evaluation on a legal-domain dataset. |
| 09:20 | Plan-First Parallelism for Hard Mathematical Reasoning: A Search-Space Failure Analysis ABSTRACT. Recent advances in large language model (LLM) research have prompted growing interest in improving reasoning capabilities, yet hard reasoning problems remain stubbornly difficult to solve. Evidence suggests that simply increasing test-time compute yields diminishing returns on the hardest problem regimes, and that the structure of the search space itself is the more critical factor. In this work, we propose Plan-First Parallelism (PF), a strategy-level branching approach that generates multiple distinct solution plans before execution, as opposed to answer-level parallel sampling. To analyze failure systematically, we introduce a three-way error taxonomy distinguishing search-space failure (E1), selection failure (E2), and plan-execution divergence (E3). Experiments on AIME and BeyondAIME benchmarks show that PF consistently outperforms Answer-First Parallelism (AF) for o3-mini, improving accuracy by +11.5\%p on AIME and +14.5\%p on BeyondAIME. However, PF fails to generalize across all models, and our analysis reveals that its effectiveness depends on the combination of reasoning quality and instruction-following capability. |
| 09:40 | IT Ticket Classification for Application Management Services using Classical Machine Learning Techniques PRESENTER: Tanapat Anusas-Amornkul ABSTRACT. IT outsourcing company is widely used for many organizations to support applications used in the organizations without interrupting business processes. The challenging problem for IT outsourcing company is that a helpdesk officer must specify the reported problem for which supported applications, and the officer must forward the ticket to a correct expert to solve that problem. If many errors occur, the company could breach the Service Level Agreement (SLA). This paper proposed a framework to handle imbalanced dataset with Thai and English languages and to use 8 machine learning models, i.e. Support Vector Machine (SVM), Stochastic Gradient Descent (SGD), Logistic Regression (LR), Multinomial Naïve Bayes (MNB), Decision Tree (DT), Bernoulli Naïve Bayes (BNB), Light Gradient-Boosting Machine (LightGBM), and Extreme Gradient Boosting (XGB) to classify IT tickets since the models required less computational resources when comparing to deep learning models. The dataset is from ServiceNow application in an IT outsourcing company with 20,586 records to be classified into 142 applications, which is highly imbalanced dataset. The performance metrics are accuracy, precision, recall, and F1-score. From two experiments using a class weight with lemmatization, and 6 input features, SVM model gives the best F1-score at 85.71% and the features are short description, description, business unit, sub business unit, and company code. |
| 11:00 | A Multi-Criteria Decision-Making Framework for Optimal Supplier Selection in E-Commerce ABSTRACT. The strategic supplier selection is one of the most important success factors in E- commerce operations, as it affects cost efficiency, product quality, delivery performance, and consequently customer satisfaction. This is a complex multi-criteria decision-making (MCDM) problem that demands highly sophisticated analytical tools that can address quantitative as well as qualitative criteria. This paper carries out an extensive comparative analysis of four prominent MCDM techniques: Analytic Hierarchy Process (AHP), Analytic Network Process (ANP), Fuzzy Analytic Hierarchy Process (FAHP), and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS). This comparative analysis is carried out on a unified numerical example for selecting the most appropriate supplier in E-commerce operations. Our comparative analysis shows that all the methodologies have similar ranking results. However, the proposed FAHP-TOPSIS method is the most comprehensive framework for supplier selection in E-commerce operations. This is because it successfully handles the uncertainty of judgment in supplier selection while still being precise in ranking supplier performance. |
| 11:20 | Multi-Criteria Decision Analysis for Strategic Supplier Selection: A Comparative Study of AHP, ANP, and TOPSIS in the Electronics Industry ABSTRACT. Electronics industry is a complex industry, and the system of supplier selection is linked with multiple contradictory conditions, qualitative selection and uncertainty. Even the more conservative practices are not even inclined towards these complications. In this work we use three Multi-Criteria Decision-Making (MCDM) methods (AHP, ANP, and TOPSIS) to classify the suppliers in a structured manner based on some criteria, such as Cost, Quality, Delivery, Technology, and Financial Stability. The comparative analysis indicates the strong points, the weaknesses and usability of the two approaches and is a good structure in the well-crafted and clear strategic sourcing. |
| 11:40 | Multi-Criteria Decision-Making for AI Company Investment: A Comparative Analysis ABSTRACT. In today’s competitive artificial intelligence (AI) landscape, investors face increas- ing challenges in selecting companies with the highest potential for growth, innovation, and long-term sustainability. This study applies multiple multi-criteria decision-making (MCDM) techniques—namely the Technique for Order Preference by Similarity to Ideal Solution (TOPSIS), Analytic Scoring Process (ASP), Analytic Hierarchy Process (AHP), and Fuzzy Analytic Hierarchy Process (FAHP)—to evaluate four leading AI companies from an investor’s perspective. The evaluation considers diverse criteria in two dimen- sions: business perspective (innovation, market adoption, revenue growth, scalability, eth- ical AI practices, team expertise, and funding history) and technical perspective (model performance benchmarks, API reliability, model capabilities, cost efficiency, developer ex- perience, and safety alignment). A comparative analysis of the four methods is conducted to highlight similarities and differences in ranking outcomes. Results demonstrate that while all methods provide structured decision support, variations in prioritization of crite- ria and handling of uncertainty lead to different investment recommendations. Company A emerges as the most attractive investment across all methods, followed by Company B, Company C, and Company D. This comparative approach offers practical insights for in- vestors, emphasizing the importance of combining decision-making frameworks to achieve robust and reliable outcomes in high-stakes technology investments. |
| 12:00 | A Decision Support System for Startup Viability Based on Market Trends, Saturation, and Business Dynamics PRESENTER: Godwin Monserate ABSTRACT. Startup businesses in the Philippines often struggle to identify viable ventures due to reliance on guesswork, peer advice, and trends, leading to poor product–market fit, oversaturation, and high failure rates. The lack of accessible, data-driven tools further limits informed decision-making. This study presents the design of a localized business viability assessment system integrating business directories, online reviews, social media engagement, and geospatial data. It evaluates three dimensions: popularity, volatility, and competition. Popularity reflects customer feedback, volatility captures business openings and closures, and competition measures business density. Results show the Volatility Model (Logistic Regression) achieved the highest performance (85.23% ROC-AUC), with has_recent_renewal as the strongest predictor. Model optimization improved performance to 85.12% accuracy and 91.18% ROC-AUC. Although the 90% accuracy target was not met due to dataset and prediction constraints, results align with literature benchmarks. Restaurants exhibit the highest risk, while Hotels/Resorts show the strongest viability. |