ABSTRACT. Mobile network technology not only provides cloud-side technical support for 6G networks, but also brings a large number of complex and changeable tasks. In the face of frequent node switching and task updates, it is necessary to relieve the pressure of computing, storage and communication through task offloading and cache enablement. However, due to the untrustworthiness of mobile access nodes, the task data privacy and geographic location privacy at the edge are in danger. How to achieve high-performance offloading while protecting edge privacy has become an urgent need to find a solution. To this end, this paper proposes a task and geographic privacy protection offloading algorithm (TGPOA) for 6G network scenarios. By classifying tasks and selecting the offloaded server location, TGPOA calculates the privacy entropy of location and task respectively. The experimental results of constrained Markov decision process (CMDP) show that TGPOA has significant advantages in resource utilization, time overhead and privacy regardless of how the task volume and cache hit rate change.

ABSTRACT. Most modern vehicles rely on the Controller Area Network (CAN) to exchange signals within the in-vehicle network (IVN). While CAN enables lightweight, real-time communication, the protocol lacks native security features, and recent work has therefore emphasizedintrusion detection systems (IDS) and secure CAN frameworks. Beyond detection and access control, however, predicting and reconstructing IVN sensor signals is critical for fail-safe and fail-operational behavior under sensor faults or attacks. We propose ProxyCAN, a sensor data reconstruction framework that fuses multi-resolution features derived from Sensor Rolling Statistics (SRS) and Discrete Wavelet Transform Statistics (DWTS). We quantify the dependency between raw signals and candidate features via mutual information (MI) and select the top-k informative features (k=10) per signal. These features drive a long short-term memory–deep neural network (LSTM–DNN) model that predicts/recovers sensor values. Evaluated on the X-CANIDS Vehicle Signal Dataset across 24 key dynamics-related sensors, Proxy-CAN attains a maximum R^2 of 1.00, an average R^2of 0.9259, and R^2 ≥ 0.95 for 19/24 signals. Ablation studies show that the proposed SRS–DWTS fusion improves prediction stability and generalization compared with using SRS-only or DWTS-only features. These results indicate that feature-informed, multiresolution modeling can provide accurate proxies for compromised or missing IVN measurements, complementing IDS and secure-CAN mechanisms to enhance overall automotive safety.

ABSTRACT. The proliferation of Internet of Things (IoT) and the adoption of edge cloud are establishing cloud-native environments as the global standard. However, as cloud-native systems grow in scale and complexity, misconfigurations due to human error, lack of expertise, or inappropriate policies arise. To address this, Policy-as-Code (PaC) has emerged as a promising approach, automating policy management through code. It supports scalable and consistent cloud operations via structured rules. Nevertheless, translating abstract policy requirements into actionable rules remains a challenging task. Therefore, this study focuses on developing accurate and reliable policy generation methods for Gatekeeper and Kyverno, two leading Kubernetes policy engines, using large language models (LLMs). Using a three-step prompting method, we analyze errors in policies generated by LLMs and derive resolution strategies for each error type. Furthermore, we apply the proposed strategies to prompts and evaluate them from various perspectives, contributing to improving the reliability of PaC generation and reducing error rates. Our evaluation demonstrates that the proposed strategy reduces error rates by 9.3% for Gatekeeper and 6.8% for Kyverno, highlighting its practical effectiveness across different PaC engines.

ABSTRACT. In this work, we developed and evaluated a system that aims to standardize disaster response work and support the decision-making of local government employees. This system registers, visualizes, and accumulates disaster response tasks that local government employees should perform when a disaster occurs, categorized by time, type, and importance. The study aims to prevent experience from becoming individualized and to promote organizational response by making past disaster response records available as knowledge for future disasters. The system can register occurrence information on a disaster basis and confirm, edit, and manage the response tasks associated with that disaster. Each task has attributes such as disaster phase (e.g., prevention, reconstruction), disaster category (e.g., evacuation center operation, infrastructure response), and importance (e.g., high, medium, and low). A chronological view (timeline) based on these attributes enables local government employees to see a visualized overview of the disaster response. In addition, the system can automatically generate and output disaster response reports using OpenAI application programming interfaces, based on the task records entered by local government employees.

ABSTRACT. Autonomous vehicles are becoming a new trend in transportation these days. They enable self-driving with the assistance of multiple types of electronic sensors to make every driving decision. Not surprisingly, these vehicles are potentially more vulnerable to cyber-attacks compared to traditional human-driven ones. Cybersecurity for autonomous vehicles will be crucial in the near future. However, intrusion detection systems (IDSes) for vehicles are still in the early stages. Many IDS models that claim to work for vehicles are actually built with traditional Internet datasets rather than those with real vehicle data, which is impractical in reality. In this paper, we develop IDS models with Federated Learning (FL) with datasets obtained from real vehicles, achieving high performance in attack detection. Furthermore, our IDS models are robust against poisoning attacks to local clients, which is tested in different scenarios.

ABSTRACT. As artificial intelligence systems become increasingly deployed across critical social and industrial domains, ensuring model security and reliability has emerged as a fundamental challenge. Among various threats, adversarial techniques such as data poisoning pose severe risks by corrupting the training process itself. While existing red-teaming frameworks enable automated attack simulations, they often lack sufficient explainability and in-depth analytical capabilities during the detection process. To address these limitations, this study proposes an agent-based LLM-driven security evaluation framework. The proposed system leverages the reasoning and tool-usage capabilities of large language models to integrate end-to-end processes, including program execution and log analysis, literature-informed attack detection, evidence generation, multi-turn memory management, and response quality assessment. This holistic design enables not only the detection of adversarial behavior but also ensures transparency in the reasoning process and facilitates knowledge-grounded, fine-grained analysis. Our findings demonstrate that, unlike conventional tools, the proposed framework enables automated security experiments with enhanced explainability and adaptability. Furthermore, it highlights the potential to improve the trustworthiness of adversarial attack detection and to extend toward diverse security scenarios.

ABSTRACT. Large Language Models (LLMs) are generally equipped with guardrails to block the generation of harmful responses. However, existing defenses always assume that an external attacker crafts the harmful query, and the possibility of a model's own output becoming a new attack vector has not been sufficiently explored. In this study, we propose the Self-HarmLLM scenario, which uses a Mitigated Harmful Query (MHQ) generated by the same model as a new input. An MHQ is an ambiguous query whose original intent is preserved while its harmful nature is not directly exposed. We verified whether a jailbreak occurs when this MHQ is re-entered into a separate session of the same model. We conducted experiments on GPT-3.5-turbo, LLaMA3-8B-instruct, and DeepSeek-R1-Distill-Qwen-7B under Base, Zero-shot, and Few-shot conditions. The results showed up to 52% transformation success rate and up to 33% jailbreak success rate in the Zero-shot condition, and up to 65% transformation success rate and up to 41% jailbreak success rate in the Few-shot condition. By performing both prefix-based automated evaluation and human evaluation, we found that the automated evaluation consistently overestimated jailbreak success, with an average difference of 52%. This indicates that automated evaluation alone is not accurate for determining harmfulness. While this study is a toy-level study based on a limited query set and evaluators, it proves that our method can still be a valid attack scenario. These results suggest the need for a fundamental reconsideration of guardrail design and the establishment of a more robust evaluation methodology.

ABSTRACT. As the use of large language models (LLMs) continues to expand, ensuring their safety and robustness has become a critical challenge. In particular, jailbreak attacks that bypass built-in safety mechanisms are increasingly recognized as a tangible threat across industries, driving the need for diverse templates to support red-teaming efforts and strengthen defensive techniques. However, current approaches predominantly rely on two limited strategies: (i) substituting harmful queries into fixed templates, and (ii) having the LLM generate entire templates, which often compromises intent clarity and reproducibility. To address this gap, this paper introduces the Embedded Jailbreak Template, which preserves the structure of existing templates while naturally embedding harmful queries within their context. We further propose a progressive prompt-engineering methodology to ensure template quality and consistency, alongside standardized protocols for generation and evaluation. Together, these contributions provide a benchmark that more accurately reflects real-world usage scenarios and harmful intent, facilitating its application in red-teaming and policy regression testing.

ABSTRACT. Large Language Models (LLMs) show significant promise in automating software vulnerability analysis, a critical task given the impact of security failure of modern software systems. However, current approaches in using LLMs to automate vulnerability analysis mostly rely on using online API-based LLM services, requiring the user to disclose the source code in development. Moreover, they predominantly frame the task as a binary classification (vulnerable or not vulnerable), limiting potential practical utility. This paper addresses these limitations by reformulating the problem as Software Vulnerability Identification (SVI), where LLMs are asked to output the type of weakness in Common Weakness Enumeration (CWE) IDs rather than simply indicating the presence or absence of a vulnerability. We also tackle the reliance on large, API-based LLMs by demonstrating that instruction-tuning smaller, locally deployable LLMs can achieve superior identification performance. In our analysis, instruct-tuning a local LLM showed better overall performance and cost trade-off than online API-based LLMs. Our findings indicate that instruct-tuned local models represent a more effective, secure, and practical approach for leveraging LLMs in real-world vulnerability management workflows.

ABSTRACT. We propose a framework that rapidly classifies the type of artificial intelligence (AI) technology used in an AI-driven cyber threat when it occurs and derives appropriate policy response measures using the U.S. Defense Information Systems Agency’s Control Correlation Identifier (CCI), a standardized identifier for mapping cybersecurity controls. This enables the rapid establishment of a consistent response pathway from the low-level categories of AI-driven cyber threat to the high-level policies. To achieve this, it researches existing AI threat classification systems, describes the structure and function of the CCI, and proposes a ‘low-level Subcategory – CCI – high-level Category – CCI – high-level Policy’ mapping model. The validity of this framework is examined through the cases ‘Hong Kong CFO Deepfake (2024)’ and ‘Claude AI Chatbot Ransomware’.

ABSTRACT. The rapid advancement of neural speech synthesis and voice cloning technologies has raised severe concerns about the misuse of speech data, leading to threats such as voice phishing, identity theft, and authentication bypass. Existing defenses—including post-hoc detection, watermarking, and noise injection—struggle to balance real-time protection with preservation of machine recognition accuracy. To address this gap, we propose VoiceShield, a real-time speech protection framework that safeguards user voices while maintaining practical usability in speech-to-text (STT)-based applications. VoiceShield integrates three modules: BandMaskNet, a spectrum masking network that applies perceptually natural yet adversarial perturbations; Selective Distortion, which targets formant-related frequency bands critical for speaker recognition; and Prosody Modification, which perturbs speech rhythm while preserving timbre. Experimental results demonstrate that VoiceShield significantly reduces the effectiveness of voice cloning attacks, achieving full protection in Korean and over 92\% robustness in English, while keeping STT accuracy within usable bounds. These findings highlight VoiceShield as a practical and efficient solution for securing speech data in real-time communication and service environments without sacrificing usability.

ABSTRACT. In this paper, we visualized videos captured outdoors using principal component analysis (PCA). In the visualization, frames from videos depicting daytime airplane takeoffs and landings, nighttime airplane landings, small birds flying, and small birds resting on an elevated bridge were arranged on a two-dimensional plane according to their principal component scores. Our results show that the proposed visualization method positions frames in the two-dimensional space based on inter-frame correlations and is influenced by factors such as the size of moving subjects and changes in sunlight on the ground.

ABSTRACT. Web applications increasingly demand robust authentication systems that balance security, scalability, and user experience. This article explores the design and implementation of authentication solutions using cookies, Passport.js, and JSON Web Tokens (JWTs). We first compare cookie-based authentication with cookie storage against JWT-based token authentication. We then describe our system design using access tokens and refresh tokens, which enhances both security and usability. Experimental evaluation demonstrates that JWT simplifies distributed deployment and improves user session management compared to traditional cookie-based approaches. Our findings provide practical insights for developers choosing authentication mechanisms in modern web environments.

ABSTRACT. Cyberattacks against nuclear facilities pose serious risks, as they can disrupt both information integrity and essential protective functions, leading to severe national security consequences. International standards emphasize continuous, practice-based training; however, earlier study contributed by developing a survey to assess course usefulness and satisfaction, it did not extend to an in-depth analysis of curriculum design. To address this gap, this study applies Stufflebeam’s Context, Input, Process, Product (CIPP) framework to an international training course and designs a longitudinal survey covering four stages: pre-course, post-eLearning, post-training, and a 3-month post-training. The approach combines structured curriculum analysis with participant-focused evaluation to examine course organization, difficulty levels, and training outcomes. Results show that practical exercises account for a larger share of the program (55.1%) than lectures (44.9%), the training integrates both attack and defense perspectives, and it is most suitable for practitioners with 2–5 years of experience, offering an advantage over general awareness programs. The proposed survey further captures long-term effects such as knowledge retention and workplace applicability, establishing a foundation for continuous improvement of nuclear cybersecurity education.

ABSTRACT. As cyberattacks become more sophisticated and intelligent, research on anomaly detection systems that support strong privacy protection is being actively conducted. A conventional privacy-preserving anomaly-detection system receives encrypted data as input and detects anomalies with homomorphic encryption. However, there are limitations in that the latency increases significantly during the detection process, and the detection accuracy decreases. To solve this problem, we propose an adaptive privacy-preserving anomaly detection (APPAD) model that adaptively performs homomorphic operations. The APPAD model processes incoming traffic as plaintext or ciphertext depending on the sensitivity of the traffic and performs anomaly detection through homomorphic encryption only on encrypted traffic. Experimental results in various network environments show that the proposed model improved accuracy by up to 73%, reduced latency by 8.6 times, and showed negligible information leakage compared to conventional privacy-preserving anomaly detection models.

ABSTRACT. With the quick development of 5G networks, network slicing and Open Radio Access Network (O-RAN) have become key technologies for improving their network resource-allocation efficiency and flexibility. However, network slicing also faces challenges on intrusion detection, particularly for detecting DDoS attacks, which are difficult to detect due to traffic being silently transmitted across multiple sub-slices. To address this, this paper proposes a 5G network slicing intrusion detection scheme, called DDoS Detection and Defense on 5G network for O-RAN (3D5G-O) which integrates machine learning (ML) and real-time traffic monitoring techniques to detect and mitigate DDoS attacks within the Open RAN (O-RAN). The 3D5G-O’s architecture consists of a Random Forest (RF) classification model, which is deployed within the Service Management and Orchestrator (SMO) of O-RAN to classify the slices to which packets transmitted from UE to the RAN belong, and a hybrid detection approach comprising the CuSum algorithm and entropy detection mechanism. Basically, the CuSum monitors the total traffic within each slice in real time. Once traffic is abnormal, it triggers entropy analysis on packets issued by some source IP addresses, aiming to identify the sources of DDoS attacks. Our experimental results show that the classification accuracy of RF classification model achieves 99.98% and the 3D5G-O can effectively mitigate and block DDoS attacks.

ABSTRACT. In recent years, sudden heavy rain has caused serious problems in cities and rural areas, leading to flooding, damaging crops, and even threatening human lives. Because of this, micrometeorological forecasting technology is getting more attention for its potential to predict localized weather phenomena. However, effective countermeasures against heavy rain disasters require a comprehensive approach that considers not only atmospheric changes but also geographical changes such as terrain and built environments. Therefore, this study proposes the Early Warning System for heavy rainfall that considers both atmospheric factors from cloud-based micrometeorological prediction services and geographical factors collected by numerous IoT sensors. Especially, this paper reports on the deployment of IoT sensors, including 3-axis accelerometers, flood sensors, and soil moisture sensors, to monitor water flow. Also, anomaly detection approach with the Kalman Filter is proposed for the proposed system, and ongoing field experimental results are discussed for future works aimed at refining and expanding the system.

ABSTRACT. Anomaly detection performance in sensor data is highly sensitive to model hyperparameters, which is central to reliable monitoring in mobile Internet security and industrial IoT (IIoT) scenarios. We propose an IWOA-LightGBM based anomaly detection method for sensor data. For machine learning-based anomaly detection methods, hyperparameter selection often determines model performance, so we propose an Improved Whale Optimization Algorithm (IWOA) and further use it to optimize the hyperparameters of the LightGBM algorithm. To avoid falling into local optima and accelerate algorithm convergence, the WOA is improved by integrating nonlinear convergence factor, adaptive inertia weight factor and stochastic differential mutation strategy. Experimental results show that during hyperparameter optimization for LightGBM model training, the IWOA achieves faster convergence and higher computational efficiency compared to the Whale Optimization Algorithm (WOA), with anomaly detection accuracy exceeding 90%.

ABSTRACT. This paper explores the impact of feature dimensionality on the performance of machine learning (ML) models in detecting malicious traffic within Internet of Medical Things (IoMT) Wi-Fi networks. Using the CICIoMT2024 dataset, we compare two feature extraction techniques—DPKT, which yields 39 packet-level features, and CICFlowMeter, which produces 79 flow-level features across six models: XGBoost, AdaBoost, Random Forest, Multilayer Perceptron (MLP), Logistic Regression, and Decision Tree. Models were evaluated under binary and multi-class classification tasks. Our results show that Logistic Regression and MLP significantly benefit from higher-dimensional feature sets, with MLP’s F1 score increasing from 0.109 to 0.498 in multi-class classification. In contrast, ensemble models such as XGBoost and Random Forest achieve high baseline performance even with low-dimensional inputs, with marginal gains, and sometimes losses, from additional features. However, richer features also introduce substantial computational overhead. For instance, AdaBoost required over 25,000 minutes (~17 days) to train on high-dimensional data, making it unsuitable for real-time scenarios.

ABSTRACT. Currently, cloud storage services offer great convenience for personal and business data. To enable dynamic access control for cloud storage users regarding the secure and flexible sharing of sensitive data, revocable attribute-based encryption (RABE) serves as an effective solution. To minimize substantial computational workload associated with attribute revocation, most RABE schemes have cloud servers to perform revocation operations. Such an operation brings convenience to users and also brings data integrity issues -how to ensure the plaintext for the revoked ciphertext remains identical to the original plaintext. However, to verify the integrity of the data the existing RABE schemes supporting data integrity are almost all based on the double attribute-based encryption form, which has high computational overheads in encryption and decryption and is not practical. To this end, we propose an efficient RABE scheme supporting data integrity (RABE-DI), and under the decision linear assumption and the discrete logarithm assumption, prove that our scheme achieves semantic security and data integrity. Performance evaluation shows that our scheme outperforms existing ones in efficiency, particularly during the decryption phase.

ABSTRACT. The concept of deniable encryption solves the situation that when a user is coerced to provide their secret key to decrypt the ciphertext, the user can mislead the outsider with forged data by providing fake proofs. However, the security of most of the deniable encryptions is based on integer factorization and discrete logarithm problems, which are considered to be insecure in the near future due to the rapid advance of quantum computing. In this work, we construct a deniable encryption scheme by modifying Kyber's key encapsulate mechanism (KEM), which won the NIST competition for the first post-quantum cryptography standard. We first construct two sets of Kyber's KEM under different modulo, merge the ciphertexts into one, and use chameleon hash instead of normal hash to the verification part in order to fulfill the deniability.

ABSTRACT. The rapid advancement of science and technology has led to the emergence of quantum computers, posing a significant threat to traditional encryption schemes. As a result, there is a pressing need to develop encryption methods that can withstand quantum attacks. This thesis proposes an IBE scheme with a time-invalidation mechanism to revoke expired ciphertext. What sets this scheme apart is its support for multi-keyword search, AND/OR operations and proxy encryption to delegate encryption workload to a proxy server, reducing the computing load on the user side. This IBE scheme eliminates the need for certificates, reducing computation and transmission costs. The proposed scheme's security is based on the D-RLWE assumption. We also validate the proposed scheme through implementation.

ABSTRACT. As quantum computing advances, many traditional encryption mechanisms will be vulnerable, making cryptosystems resistant to quantum attacks increasingly important. Among these, lattice-based cryptography is recognized as an efficient and practical alternative. In communication systems, Attribute-Based Encryption (ABE) schemes are more suitable for environments with a large number of users. Ciphertext-Policy ABE (CP-ABE) allows senders to specify which users with particular attributes can decrypt the ciphertext, making it ideal for real-world applications. Additionally, searchable encryption enables users to search encrypted data without revealing keywords to the cloud server. To enhance user management, dynamic membership management is incorporated, making the system more flexible and adaptable. Moreover, Multi-Authority (MA) approaches reduce the risk of a single authority being compromised by an attacker. Building on these properties, this paper proposes a lattice-based MA-CP-ABE scheme that supports multi-keyword searches and dynamic membership. The scheme is proven to be secure under the Decision Learning-With-Errors (D-LWE) assumption, providing both strong security and flexibility. The proposed scheme outperforms many existing schemes in computation costs and provides robust functionality, ensuring secure and efficient data sharing and searching in post-quantum cryptography environments.

ABSTRACT. In recent years, machine learning and deep learning methods have been extensively applied in network behavior analysis tasks. These methods typically create specific neural network models tailored to specific tasks and exhibit limited generalizability for unknown sample types. Drawing inspiration from the recent successful implementation of large language models (LLMs) across various disciplines, this paper investigates the application of LLMs in the domain of network behavior analysis. The objective is to utilize LLMs to capture the relationships between network flows and augment the model’s detection capabilities and generalization ability. To this end, this paper proposes a model architecture capable of analyzing multiple network behavior analysis tasks and constructs a flow sequence structure to fully leverage the advantages of LLMs in modeling contextual relationships. DDoS attack detection and malicious encrypted flow identification are regarded as the typical application scenarios in this paper. To evaluate the proposed model, self-built laboratory DDoS attacks data, the public CICDDoS2019 dataset, and encrypted flow generated by malicious software are employed. The experimental results demonstrate that the proposed model exhibits significant advantages in the analysis of DDoS attacks and provides preliminary validation of the feasibility of encrypted flow detection. The model’s superior detection capabilities are evident when compared to traditional neural network methods.

ABSTRACT. 5G networks implemented with network slicing support diverse performance and service requirements, but the resulting complexity introduces new security threats that cannot be effectively addressed by static defense mechanisms. This paper proposes an integrated security framework for 5G slicing environments that combines slice and label-based sampling, domain-based feature grouping, lightweight Autoencoder-based feature compression, and an SVM classifier. The proposed B3 (multiAE_SVM) model achieves an F1-score of 1.0 for benign, TCP SYN, and TCP XMAS traffic, and significantly improves detection performance over single Autoencoder-based models even for challenging classes such as TCP PUSH and TCP URG. Furthermore, it demonstrates resource efficiency by maintaining a low GPU utilization of 1.1%. These results demonstrate that B3 is an optimal security solution that balances detection performance and efficiency in real-time 5G slicing environments.

ABSTRACT. The increasing encryption of network traffic has exposed the limitations of traditional payload based security analysis methods, thereby drew attention to machine learning-based security analysis methods. However, such methods typically required large amounts of labeled data for effective performance, which posed a significant challenge. To address this issue, semi-supervised learning techniques, particularly pseudo-labeling, were proposed. While previous studies have focused on comparing algorithm performance, analysis of how data extraction methods affected pseudo-label quality remains insufficient. This study quantitatively evaluated pseudo-label quality across six feature extraction methods: Packet, Flow, encryption, Packet+Encryption, Flow+Encryption, and Total(Packet+Flow+Encryption). Experimental results demonstrated that the Total and Flow+Encryption strategies achieved up to approximately 18% higher pseudo-label quality compared to other extraction methods, confirming their effectiveness. Notably, the Flow+Encryption extraction method achieved accuracy and F1-scores comparable to the Total approachgus, while attaining the highest coverage, thereby showing that efficient pseudo-label generation could be accomplished with fewer features.

ABSTRACT. Industrial control systems (ICS) face sophisticated APTs that evade conventional detection techniques. Current provenance-based solutions are also limited, adopting a single-modality approach that analyzes temporal or structural patterns independently, thus compromising detection effectiveness. This paper presents a novel cross-modal deep learning architecture that jointly learns temporal progression and structural interaction patterns from provenance data via cross-modal attention and adaptive fusion. Evaluated on ICS data, the proposed architecture achieves over 93% accuracy and 95% precision, while cutting false positive rates by 72% relative to state-of-the-art techniques. This substantial reduction in false alarms mitigates a key deployment barrier, enabling practical adoption of automated threat detection in production ICS environments.

ABSTRACT. The advent of quantum computing threatens the cryptographic foundations of mobile authentication, particularly the 5G Authentication and Key Agreement (AKA) protocol defined in 3GPP TS 33.501. This paper presents a hybrid 5G-AKA framework that integrates lattice-based Post-Quantum Cryptography (Kyber for key encapsulation and Dilithium for digital signatures) with Quantum Key Distribution (QKD)-derived entropy for adaptive session rekeying. The design ensures quantum-safe forward secrecy, mutual authentication, and non-linkability while maintaining full compatibility with standardized 5G signaling. Formal verification using ProVerif and Tamarin confirms all secrecy and authentication properties with no detected violations. Reproducible Google Colab simulations show near-baseline performance (latency ≈ 0.014 ms, throughput ≈ 70,000 ops/s) with minimal QKD overhead (< 0.01 ms/session). By uniting formal assurance, quantitative validation, and interoperability, this work establishes a deployable pathway toward quantum-secure 5G authentication and a foundational model for 6G-era networks, while opening avenues for future AI-assisted adaptive rekeying and entropy optimization.

ABSTRACT. Panama is a cryptographic module that functions both as a cryptographic hash and a stream cipher. It is specifically designed for high efficiency in software implementations on 32-bit architectures. In this paper, we analyzed the Panama stream cipher in relation to Grover’s search algorithm. We constructed reversible quantum circuits for the Panama stream cipher and developed a simplified version of Quantum Panama using Qiskit programming. We then applied Grover's algorithm to this version to extract the secret key under a known IV attack model. In this model, the adversary knows some pairs of initialization vectors (IV) and keystreams to discover the secret key.

ABSTRACT. We present a detailed study of two isogeny-based cryptosystems, PEGASIS and POKÉ, focusing on their implementation at NIST security levels 1, 3, and 5, their transformation into key encapsulation mechanisms (KEMs), and integration into the TLS protocol. PEGASIS builds on class group actions (CSIDH lineage) and achieves a practical effective group action via 4-dimensional isogenies. POKÉ is a recent public-key encryption (PKE) scheme using higher-dimensional isogenies of unknown degree to avoid prior attacks on SIDH-like structures. We describe how each is KEM-ized, applying the Fujisaki-Okamoto (FO) transform for IND-CCA security, and provide pseudocode for KeyGen/Encaps/Decaps. Benchmarks (key/ciphertext sizes, encapsulation/decapsulation timings) are reported for each scheme at NIST L1/L3/L5 and compared against Kyber as a baseline. We then outline integration paths for TLS, replacing ECDHE with a PQ KEM while preserving transcript hashing and finished message verification. Finally, we discuss security assumptions and proofs in the (quantum) random oracle models and compare the trade-offs of isogeny- vs.lattice-based KEMs.

ABSTRACT. The security of mobile networks faces significant challenges from adversarial strategies used to compromise current infrastructures, including rogue base stations, jamming, timing spoofing, and vulnerabilities in random access procedures. Such a situation has been exacerbated by the rise of 5G and 6G networks, which introduce unprecedented challenges for securing mobile infrastructures against these sophisticated adversaries. Traditional methods based on classic AI solutions have proven ineffective in correctly detecting these attacks. This paper presents the theoretical foundations and methodological framework for applying Variational Quantum Simulation (VQS) to mobile network security, enabling advanced detection methods for the attacks as mentioned earlier. We present a prototype and discuss possible improvements on synthetic data to analyze the exploitability of VQS in dealing with advanced attacks in mobile networks.

ABSTRACT. Classical digital signature schemes such as RSA and ECDSA are threatened by the development of quantum computers, prompting the need for post-quantum cryptography (PQC). Among the various PQC candidates, multivariate quadratic (MQ) signature schemes continue to attract attention due to their small signature size and efficient signing and verification. This paper presents a comprehensive comparative study of four MQ-based signature schemes — UOV, MAYO, QR-UOV, and SNOVA — which are candidates in the second round of the NIST additional digital signature standardization process. We review their key generation, signing, and verification procedures, and summarize their proposed parameter sets, analyzing the impact on key size, signature size, and performance. Furthermore, we investigate each scheme's resistance to known attacks (e.g., MinRank, Kipnis-Shamir, and intersection attacks). This work aims to provide a clear and systematic overview of MQ-based signature schemes, supporting ongoing efforts toward the development and standardization of secure and efficient post-quantum digital signature schemes.

ABSTRACT. Existing key management mechanisms stored the user's biometric information used for key generation or the generated private keys in external storage or within the device, leading to issues such as private key manipulation and extraction. To address these issues, this paper proposes a secure and reliable integrated key management framework. The proposed framework does not store the user's biometric information or the generated keys. Furthermore, to prevent unauthorized users form attempting attacks to recover key, the framework is designed to perform key recovery only after a smart contract-based user authentication process is completed. Finally, unlike previous studies that individually researched protocols for specific stages, the paper designs an integrated key management mechanism that encompasses protocols for the main stages of the key lifecycle, including key generation, regeneration, backup, and recovery.

ABSTRACT. Unmanned Aerial Vehicles (UAVs) are increasingly deployed in surveillance, logistics, and disaster response, yet swarm-based operations remain vulnerable to cyberattacks such as denial-of-service, spoofing, replay, and man-in-the-middle intrusions. This paper proposes an integrated framework combining a Lightweight Time-Indexed Secure Communication Protocol (LTISCP) with a dual-layer defense system. LTISCP leverages time-indexed session keys and Ascon-based lightweight cryptography to ensure efficient and secure communication, while the defense layer employs a deep neural network–based Intrusion Detection System (IDS) for real-time anomaly detection in swarm traffic. To enable deployment on UAV edge devices, model pruning is applied to optimize the IDS for reduced computational cost. Experiments show that the framework reduces latency by up to 35%, lowers energy consumption by 28%, and achieves over 92% detection accuracy with less than 4% false positives, making it well-suited for real-time UAV swarm deployments.

ABSTRACT. Zero Trust Network Access (ZTNA) represents a significant advancement in network security by adopting a "never trust, always verify" approach. In ZTNA, users request access to the system, while verifiers determine whether access should be granted. Determining whether a user is authorized to access the system while preserving their privacy remains a challenging task. There are methods to protect the privacy of communication networks using Fully Homomorphic Encryption and Attribute-Based Encryption. However, their approach does not include a method for verifiers to detect tampering, making it insufficient to achieve ZTNA. To address this issue, we propose a practical privacy-preserving ZTNA system by simultaneously applying Chameleon Hash Functions and Homomorphic Encryption. Our system operates under a security model with certain assumptions and adversary capabilities expanded further in the paper. Our approach compares between two types of homomorphic encryption: Partial Homomorphic Encryption (PHE), which allows only addition or multiplication, and Fully Homomorphic Encryption (FHE), which imposes no restrictions on homomorphic addition and multiplication. We implement our system using Fully Homomorphic Encryption (FHE) with the Krawczyk-Rabin chameleon hash scheme, wherein the system is modeled using the Role-Operation-Target (ROT) framework and by employing a chameleon hash function for access control data, we realize a method to prevent tampering by verifiers, thereby achieving ZTNA. To validate our approach, we provide formal security analysis including theoretical security proofs and comprehensive threat resistance evaluation against various attack scenarios. We also conduct numerical evaluation of the proposed ZTNA system with twenty policy combinations to measure its real-time performance and implementation accuracy. The results are used to discuss the feasibility of the proposed approach and its potential for practical implementation in real-world scenarios.

ABSTRACT. Securing the radio access network (RAN) requires timely deployment of patches, yet patch cycles for virtualized RAN (vRAN) components remain slow and tied to vendor-controlled processes, leaving many vulnerabilities unaddressed for extended periods. We present a lightweight scripting language that leverages the programmability of Open RAN (O-RAN) systems to let network operators express and apply vulnerability patches in a simple, declarative, and vendor-agnostic manner. The language introduces human-readable constructs for defining rules that alter protocol message handling and system behavior, enabling patches to be authored and deployed without modifying underlying RAN source code. This approach lowers the barrier to rapid patch creation, facilitates the sharing and reuse of patch specifications, and ensures compatibility across heterogeneous O-RAN deployments. We demonstrate the practicality of our design by implementing representative vulnerability patches and show that they can be deployed with minimal runtime overhead. Our work highlights the value of domain-specific scripting in making cellular patching more agile, transparent, and operator-driven.

ABSTRACT. Industrial Control Systems (ICS) are responsible for the secure operation of national critical infrastructures, but the growing threat of cyberattacks has highlighted the urgent need for stronger security. Anomaly detection in ICS is a key security measure to ensure system integrity and safety, and has traditionally relied on single-modal approaches using either sensor data or network data. However, sensor-based detection faces inherent limitations in distinguishing between attacks and simple malfunctions, while network-based detection lacks a direct connection to actual physical impacts. This paper proposes a multimodal anomaly detection model that simultaneously analyzes sensor time-series data and network packet data. A 3-layer LSTM is applied to the sensor modality, while a Transformer-based architecture is applied to the network modality to extract latent representations, which are then fused through a fully connected layer to detect anomalies. Experimental evaluation using the SWaT (Secure Water Treatment) dataset from the iTrust research center demonstrates that the proposed model achieves an F1-score of 0.89, showing significant improvements over single-modal models and existing approaches. These results provide experimental evidence that multimodal fusion effectively addresses the limitations of single-modal approaches and enhances ICS anomaly detection performance.

ABSTRACT. Consider a group of unconscious, unidentified travelers admitted to a hospital after a severe accident. Doctors urgently need their medical histories to provide appropriate treatment. To address this challenge, we propose a secure, decentralized, and privacy-preserving framework for emergency medical data retrieval. The system employs a retina scan to identify the patient’s content identifier (CID) stored on the blockchain, while a fingerprint scan derives encryption keys for securing IoMT (Internet of Medical Things) data in IPFS (Inter-Planetary File System). A fuzzy extractor with minor output adjustments ensures reliable and consistent key generation from inherently noisy biometric inputs. Furthermore, hospital authentication is enforced using the Schnorr Identification Protocol, ensuring that only authorized institutions can access patient data. The proposed framework achieves a balanced integration of accessibility, security, and privacy, thereby filling a critical gap in real-time emergency healthcare scenarios.

ABSTRACT. The scalability limitations of blockchains such as Bitcoin and Ethereum have led to the development of off-chain solutions known as Rollups where transactions are processed in batches off-chain while relying on the underlying blockchain only for storage or for final verification. This created two families of rollups: Optimistic rollups, which offer low costs but require several days to confirm the transactions and Zero Knowledge (ZK) rollups, which are confirmed within minutes at the expense of higher costs. In this work, we propose a Zero Knowledge prover for rollups that leverages Trusted Execution Environments (TEEs) to implement a dual-proof mechanism that allows for a flexible trade-off between cost and confirmation time. ZK-proofs ensure correctness and transaction validity, while TEE remote attestation proofs provide a lightweight and cost-effective alternative for validation of the batches. By adjusting the frequency at which each type of proof is verified, our system is able to reduce operational costs up to 65% compared to conventional ZK-rollups, while maintaining finality of transactions within a few minutes. We implemented our system using Winterfell, a high-performance STARK prover, and Intel TDX Trusted Execution Environment. The result of this work is a practical rollup prover proof-of-concept that balances efficiency, cost, and security, laying the groundwork for new blockchain solutions.

ABSTRACT. Zero-Knowledge Proof (ZKP) is a cryptographic technique that enables a prover to convince a verifier that a computation was executed correctly to obtain the result, without disclosing any data or intermediate results. This work explores the applications of ZKP in verifying decision tree evaluation. We implement the circuit logic using Circom and develop automated scripts to normalize multi-variable expressions into single-variable forms. As circuit constraints are represented using a Rank-1 Constraint System (R1CS), reducing the number of constraints directly improves efficiency in computation in general. Finally, we investigate whether applying normalization on a circuit that heavily performs comparisons can effectively reduce constraints in decision tree circuits (trivially hardcoding the model in the proof, a.k.a trivial ZKP for decision tree evaluation). The normalized circuits are compiled and verified using the Groth16 protocol via SnarkJS, enabling efficient proof generation and validation.

ABSTRACT. Privacy forwarding is crucial for protecting the privacy of the Internet. However, existing methods such as Tor, which rely on message encapsulation and relay forwarding, often incur high overhead and lengthy forwarding paths. The recently emerging Homomorphic Routing (HR) offers a potential solution by enabling privacy-preserving forwarding operations within the ciphertext domain, while its implementations encounter challenges such as inflexible forwarding path determination and significant overhead from packet encapsulation processes. To address these issues, this paper proposes a homomorphic encryption-based privacy forwarding scheme (HEPFS) which introduces the Homomorphic Tree (HTree) structure to facilitate route lookup, allowing routers to perform privacy forwarding in the ciphertext domain without accessing the plaintext IP. The HTree structure enables routers to execute route matching in the encrypted domain, thereby preventing malicious routers from performing traffic analysis and ensuring the privacy of user packet forwarding. Additionally, HEPFS does not interfere with path selection and minimizes packet structure overhead. The analytical results show that HEPFS surpasses HR in routing matching and exhibits substantial advantages over Tor and Crowds in path selection and packet encapsulation.