Towards Blockchain-Based Secure BGP Routing,Challenges and Future Research Directions

Border Gateway Protocol(BGP)is a standard inter-domain routing protocol for the Internet that conveys network layer reachability information and establishes routes to different destinations.The BGP protocol exhibits security design defects,such as an unconditional trust mechanism and the default acceptance of BGP route announcements from peers by BGP neighboring nodes,easily triggering prefix hijacking,path forgery,route leakage,and other BGP security threats.Meanwhile,the traditional BGP security mechanism,relying on a public key infrastructure,faces issues like a single point of failure and a single point of trust.The decentralization,anti-tampering,and traceability advantages of blockchain offer new solution ideas for constructing secure and trusted inter-domain routing mechanisms.In this paper,we summarize the characteristics of BGP protocol in detail,sort out the BGP security threats and their causes.Additionally,we analyze the shortcomings of the traditional BGP security mechanism and comprehensively evaluate existing blockchain-based solutions to address the above problems and validate the reliability and effectiveness of blockchain-based BGP security methods in mitigating BGP security threats.Finally,we discuss the challenges posed by BGP security problems and outline prospects for future research.

Secure Tracking Control via Fixed-Time Convergent Reinforcement Learning for a UAV CPS

Dear Editor,This letter is concerned with the secure tracking control problem in the unmanned aerial vehicle(UAV) system by fixed-time convergent reinforcement learning(RL). By virtue of the zero-sum game,the false data injection(FDI) attacker and secure controller are viewed as game players.

A Holistic Secure Communication Mechanism Using a Multilayered Cryptographic Protocol to Enhanced Security

In an era characterized by digital pervasiveness and rapidly expanding datasets,ensuring the integrity and reliability of information is paramount.As cyber threats evolve in complexity,traditional cryptographic methods face increasingly sophisticated challenges.This article initiates an exploration into these challenges,focusing on key exchanges(encompassing their variety and subtleties),scalability,and the time metrics associated with various cryptographic processes.We propose a novel cryptographic approach underpinned by theoretical frameworks and practical engineering.Central to this approach is a thorough analysis of the interplay between Confidentiality and Integrity,foundational pillars of information security.Our method employs a phased strategy,beginning with a detailed examination of traditional cryptographic processes,including Elliptic Curve Diffie-Hellman(ECDH)key exchanges.We also delve into encrypt/decrypt paradigms,signature generation modes,and the hashes used for Message Authentication Codes(MACs).Each process is rigorously evaluated for performance and reliability.To gain a comprehensive understanding,a meticulously designed simulation was conducted,revealing the strengths and potential improvement areas of various techniques.Notably,our cryptographic protocol achieved a confidentiality metric of 9.13 in comprehensive simulation runs,marking a significant advancement over existing methods.Furthermore,with integrity metrics at 9.35,the protocol’s resilience is further affirmed.These metrics,derived from stringent testing,underscore the protocol’s efficacy in enhancing data security.

Adaptation of Federated Explainable Artificial Intelligence for Efficient and Secure E-Healthcare Systems

Explainable Artificial Intelligence(XAI)has an advanced feature to enhance the decision-making feature and improve the rule-based technique by using more advanced Machine Learning(ML)and Deep Learning(DL)based algorithms.In this paper,we chose e-healthcare systems for efficient decision-making and data classification,especially in data security,data handling,diagnostics,laboratories,and decision-making.Federated Machine Learning(FML)is a new and advanced technology that helps to maintain privacy for Personal Health Records(PHR)and handle a large amount of medical data effectively.In this context,XAI,along with FML,increases efficiency and improves the security of e-healthcare systems.The experiments show efficient system performance by implementing a federated averaging algorithm on an open-source Federated Learning(FL)platform.The experimental evaluation demonstrates the accuracy rate by taking epochs size 5,batch size 16,and the number of clients 5,which shows a higher accuracy rate(19,104).We conclude the paper by discussing the existing gaps and future work in an e-healthcare system.

Deep Learning-Based Secure Transmission Strategy with Sensor-Transmission-Computing Linkage for Power Internet of Things

The automatic collection of power grid situation information, along with real-time multimedia interaction between the front and back ends during the accident handling process, has generated a massive amount of power grid data. While wireless communication offers a convenient channel for grid terminal access and data transmission, it is important to note that the bandwidth of wireless communication is limited. Additionally, the broadcast nature of wireless transmission raises concerns about the potential for unauthorized eavesdropping during data transmission. To address these challenges and achieve reliable, secure, and real-time transmission of power grid data, an intelligent security transmission strategy with sensor-transmission-computing linkage is proposed in this paper. The primary objective of this strategy is to maximize the confidentiality capacity of the system. To tackle this, an optimization problem is formulated, taking into consideration interruption probability and interception probability as constraints. To efficiently solve this optimization problem, a low-complexity algorithm rooted in deep reinforcement learning is designed, which aims to derive a suboptimal solution for the problem at hand. Ultimately, through simulation results, the validity of the proposed strategy in guaranteed communication security, stability, and timeliness is substantiated. The results confirm that the proposed intelligent security transmission strategy significantly contributes to the safeguarding of communication integrity, system stability, and timely data delivery.

Sher: A Secure Broker for DevSecOps and CI/CD Workflows

GitHub Actions, a popular CI/CD platform, introduces significant security challenges due to its integration with GitHub’s open ecosystem and its use of flexible workflow configurations. This paper presents Sher, a Python-based tool that enhances the security of GitHub Actions by automating the detection and remediation of security issues in workflows. Self-Hosted Ephemeral Runner, or Sher, acts as a broker between GitHub’s APIs and a customizable, isolated environment, analyzing workflows through a static rules engine and automatically fixing identified issues. By providing a secure, ephemeral runner environment and a dynamic analysis tool, Sher addresses common misconfigurations and vulnerabilities, contributing to the resilience and integrity of DevSecOps practices within software development pipelines.

Hadoop-based secure storage solution for big data in cloud computing environment

In order to address the problems of the single encryption algorithm,such as low encryption efficiency and unreliable metadata for static data storage of big data platforms in the cloud computing environment,we propose a Hadoop based big data secure storage scheme.Firstly,in order to disperse the NameNode service from a single server to multiple servers,we combine HDFS federation and HDFS high-availability mechanisms,and use the Zookeeper distributed coordination mechanism to coordinate each node to achieve dual-channel storage.Then,we improve the ECC encryption algorithm for the encryption of ordinary data,and adopt a homomorphic encryption algorithm to encrypt data that needs to be calculated.To accelerate the encryption,we adopt the dualthread encryption mode.Finally,the HDFS control module is designed to combine the encryption algorithm with the storage model.Experimental results show that the proposed solution solves the problem of a single point of failure of metadata,performs well in terms of metadata reliability,and can realize the fault tolerance of the server.The improved encryption algorithm integrates the dual-channel storage mode,and the encryption storage efficiency improves by 27.6% on average.

EG-STC: An Efficient Secure Two-Party Computation Scheme Based on Embedded GPU for Artificial Intelligence Systems

This paper presents a comprehensive exploration into the integration of Internet of Things(IoT),big data analysis,cloud computing,and Artificial Intelligence(AI),which has led to an unprecedented era of connectivity.We delve into the emerging trend of machine learning on embedded devices,enabling tasks in resource-limited environ-ments.However,the widespread adoption of machine learning raises significant privacy concerns,necessitating the development of privacy-preserving techniques.One such technique,secure multi-party computation(MPC),allows collaborative computations without exposing private inputs.Despite its potential,complex protocols and communication interactions hinder performance,especially on resource-constrained devices.Efforts to enhance efficiency have been made,but scalability remains a challenge.Given the success of GPUs in deep learning,lever-aging embedded GPUs,such as those offered by NVIDIA,emerges as a promising solution.Therefore,we propose an Embedded GPU-based Secure Two-party Computation(EG-STC)framework for Artificial Intelligence(AI)systems.To the best of our knowledge,this work represents the first endeavor to fully implement machine learning model training based on secure two-party computing on the Embedded GPU platform.Our experimental results demonstrate the effectiveness of EG-STC.On an embedded GPU with a power draw of 5 W,our implementation achieved a secure two-party matrix multiplication throughput of 5881.5 kilo-operations per millisecond(kops/ms),with an energy efficiency ratio of 1176.3 kops/ms/W.Furthermore,leveraging our EG-STC framework,we achieved an overall time acceleration ratio of 5–6 times compared to solutions running on server-grade CPUs.Our solution also exhibited a reduced runtime,requiring only 60%to 70%of the runtime of previously best-known methods on the same platform.In summary,our research contributes to the advancement of secure and efficient machine learning implementations on resource-constrained embedded devices,paving the way for broader adoption of AI technologies in various applications.

Analysis of Secured Cloud Data Storage Model for Information

This paper was motivated by the existing problems of Cloud Data storage in Imo State University, Nigeria such as outsourced data causing the loss of data and misuse of customer information by unauthorized users or hackers, thereby making customer/client data visible and unprotected. Also, this led to enormous risk of the clients/customers due to defective equipment, bugs, faulty servers, and specious actions. The aim if this paper therefore is to analyze a secure model using Unicode Transformation Format (UTF) base 64 algorithms for storage of data in cloud securely. The methodology used was Object Orientated Hypermedia Analysis and Design Methodology (OOHADM) was adopted. Python was used to develop the security model;the role-based access control (RBAC) and multi-factor authentication (MFA) to enhance security Algorithm were integrated into the Information System developed with HTML 5, JavaScript, Cascading Style Sheet (CSS) version 3 and PHP7. This paper also discussed some of the following concepts;Development of Computing in Cloud, Characteristics of computing, Cloud deployment Model, Cloud Service Models, etc. The results showed that the proposed enhanced security model for information systems of cooperate platform handled multiple authorization and authentication menace, that only one login page will direct all login requests of the different modules to one Single Sign On Server (SSOS). This will in turn redirect users to their requested resources/module when authenticated, leveraging on the Geo-location integration for physical location validation. The emergence of this newly developed system will solve the shortcomings of the existing systems and reduce time and resources incurred while using the existing system.

Research on intelligent search-and-secure technology in accelerator hazardous areas based on machine vision

Prompt radiation emitted during accelerator operation poses a significant health risk,necessitating a thorough search and securing of hazardous areas prior to initiation.Currently,manual sweep methods are employed.However,the limitations of manual sweeps have become increasingly evident with the implementation of large-scale accelerators.By leveraging advancements in machine vision technology,the automatic identification of stranded personnel in controlled areas through camera imagery presents a viable solution for efficient search and security.Given the criticality of personal safety for stranded individuals,search and security processes must be sufficiently reliable.To ensure comprehensive coverage,180°camera groups were strategically positioned on both sides of the accelerator tunnel to eliminate blind spots within the monitoring range.The YOLOV8 network model was modified to enable the detection of small targets,such as hands and feet,as well as larger targets formed by individuals near the cameras.Furthermore,the system incorporates a pedestrian recognition model that detects human body parts,and an information fusion strategy is used to integrate the detected head,hands,and feet with the identified pedestrians as a cohesive unit.This strategy enhanced the capability of the model to identify pedestrians obstructed by equipment,resulting in a notable improvement in the recall rate.Specifically,recall rates of 0.915 and 0.82were obtained for Datasets 1 and 2,respectively.Although there was a slight decrease in accuracy,it aligned with the intended purpose of the search-and-secure software design.Experimental tests conducted within an accelerator tunnel demonstrated the effectiveness of this approach in achieving reliable recognition outcomes.

Trusted Certified Auditor Using Cryptography for Secure Data Outsourcing and Privacy Preservation in Fog-Enabled VANETs

With the recent technological developments,massive vehicular ad hoc networks(VANETs)have been established,enabling numerous vehicles and their respective Road Side Unit(RSU)components to communicate with oneanother.The best way to enhance traffic flow for vehicles and traffic management departments is to share thedata they receive.There needs to be more protection for the VANET systems.An effective and safe methodof outsourcing is suggested,which reduces computation costs by achieving data security using a homomorphicmapping based on the conjugate operation of matrices.This research proposes a VANET-based data outsourcingsystem to fix the issues.To keep data outsourcing secure,the suggested model takes cryptography models intoaccount.Fog will keep the generated keys for the purpose of vehicle authentication.For controlling and overseeingthe outsourced data while preserving privacy,the suggested approach considers the Trusted Certified Auditor(TCA).Using the secret key,TCA can identify the genuine identity of VANETs when harmful messages aredetected.The proposed model develops a TCA-based unique static vehicle labeling system using cryptography(TCA-USVLC)for secure data outsourcing and privacy preservation in VANETs.The proposed model calculatesthe trust of vehicles in 16 ms for an average of 180 vehicles and achieves 98.6%accuracy for data encryption toprovide security.The proposedmodel achieved 98.5%accuracy in data outsourcing and 98.6%accuracy in privacypreservation in fog-enabled VANETs.Elliptical curve cryptography models can be applied in the future for betterencryption and decryption rates with lightweight cryptography operations.

An Efficient and Provably Secure SM2 Key-Insulated Signature Scheme for Industrial Internet of Things

With the continuous expansion of the Industrial Internet of Things(IIoT),more andmore organisations are placing large amounts of data in the cloud to reduce overheads.However,the channel between cloud servers and smart equipment is not trustworthy,so the issue of data authenticity needs to be addressed.The SM2 digital signature algorithm can provide an authentication mechanism for data to solve such problems.Unfortunately,it still suffers from the problem of key exposure.In order to address this concern,this study first introduces a key-insulated scheme,SM2-KI-SIGN,based on the SM2 algorithm.This scheme boasts strong key insulation and secure keyupdates.Our scheme uses the elliptic curve algorithm,which is not only more efficient but also more suitable for IIoT-cloud environments.Finally,the security proof of SM2-KI-SIGN is given under the Elliptic Curve Discrete Logarithm(ECDL)assumption in the random oracle.

Energy-efficient joint UAV secure communication and 3D trajectory optimization assisted by reconfigurable intelligent surfaces in the presence of eavesdroppers

We consider a scenario where an unmanned aerial vehicle(UAV),a typical unmanned aerial system(UAS),transmits confidential data to a moving ground target in the presence of multiple eavesdroppers.Multiple friendly reconfigurable intelligent surfaces(RISs) help to secure the UAV-target communication and improve the energy efficiency of the UAV.We formulate an optimization problem to minimize the energy consumption of the UAV,subject to the mobility constraint of the UAV and that the achievable secrecy rate at the target is over a given threshold.We present an online planning method following the framework of model predictive control(MPC) to jointly optimize the motion of the UAV and the configurations of the RISs.The effectiveness of the proposed method is validated via computer simulations.

A Secure Energy Internet Scheme for IoV Based on Post-Quantum Blockchain

With the increasing use of distributed electric vehicles(EV),energy management in the Internet of vehicles(IoV)has attracted more attention,especially demand response(DR)management to achieve efficient energy management in IoV.Therefore,it is a tendency to introduce distributed energy such as renewable energy into the existing supply system.For optimizing the energy internet(EI)for IoV,in this paper,we introduce blockchain into energy internet and propose a secure EI scheme for IoV based on post-quantum blockchain,which provides the new information services and an incentive cooperation mechanism for the current energy IoV system.Firstly,based on the principles of constructing a short lattice basis and preimage sampling,a lattice signature scheme is proposed and used in blockchain for authentication,which provides anti-quantum security.Secondly,we design the EI based on the post-quantum blockchain model.Lastly,based on this model,we design a secure EI scheme for IoV based on post-quantum blockchain.Through our analysis and experiment,this new scheme can increase the efficiency of energy utilization and enrich EI’s application in IoV.In particular,we further illustrate and analyze its performance.It is shown that EI based on post-quantum blockchain is more secure and efficient in information communications and energy trading.

Blockchain-Based Secure and Fair IoT Data Trading System with Bilateral Authorization

These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairness because the seller and the buyer may not fully trust each other.Therefore,in this paper,a blockchain-based secure and fair data trading system is proposed by taking advantage of the smart contract and matchmaking encryption.The proposed system enables bilateral authorization,where data trading between a seller and a buyer is accomplished only if their policies,required by each other,are satisfied simultaneously.This can be achieved by exploiting the security features of the matchmaking encryption.To guarantee non-repudiation and fairness between trading parties,the proposed system leverages a smart contract to ensure that the parties honestly carry out the data trading protocol.However,the smart contract in the proposed system does not include complex cryptographic operations for the efficiency of onchain processes.Instead,these operations are carried out by off-chain parties and their results are used as input for the on-chain procedure.The system also uses an arbitration protocol to resolve disputes based on the trading proof recorded on the blockchain.The performance of the protocol is evaluated in terms of off-chain computation overhead and on-chain gas consumption.The results of the experiments demonstrate that the proposed protocols can enable the implementation of a cost-effective data trading system.

Jamming-Aided Secure Communication in Ultra-Dense LEO Integrated Satellite-Terrestrial Networks

The ultra-dense low earth orbit(LEO)integrated satellite-terrestrial networks(UDLEO-ISTN)can bring lots of benefits in terms of wide coverage,high capacity,and strong robustness.Meanwhile,the broadcasting and open natures of satellite links also reveal many challenges for transmission security protection,especially for eavesdropping defence.How to efficiently take advantage of the LEO satellite’s density and ensure the secure communication by leveraging physical layer security with the cooperation of jammers deserves further investigation.To our knowledge,using satellites as jammers in UDLEO-ISTN is still a new problem since existing works mainly focused on this issue only from the aspect of terrestrial networks.To this end,we study in this paper the cooperative secrecy communication problem in UDLEOISTN by utilizing several satellites to send jamming signal to the eavesdroppers.An iterative scheme is proposed as our solution to maximize the system secrecy energy efficiency(SEE)via jointly optimizing transmit power allocation and user association.Extensive experiment results verify that our designed optimization scheme can significantly enhance the system SEE and achieve the optimal power allocation and user association strategies.

Malicious Traffic Compression and Classification Technique for Secure Internet of Things

With the introduction of 5G technology,the application of Internet of Things(IoT)devices is expanding to various industrial fields.However,introducing a robust,lightweight,low-cost,and low-power security solution to the IoT environment is challenging.Therefore,this study proposes two methods using a data compression technique to detect malicious traffic efficiently and accurately for a secure IoT environment.The first method,compressed sensing and learning(CSL),compresses an event log in a bitmap format to quickly detect attacks.Then,the attack log is detected using a machine-learning classification model.The second method,precise re-learning after CSL(Ra-CSL),comprises a two-step training.It uses CSL as the 1st step analyzer,and the 2nd step analyzer is applied using the original dataset for a log that is detected as an attack in the 1st step analyzer.In the experiment,the bitmap rule was set based on the boundary value,which was 99.6%true positive on average for the attack and benign data found by analyzing the training data.Experimental results showed that the CSL was effective in reducing the training and detection time,and Ra-CSL was effective in increasing the detection rate.According to the experimental results,the data compression technique reduced the memory size by up to 20%and the training and detection times by 67%when compared with the conventional technique.In addition,the proposed technique improves the detection accuracy;the Naive Bayes model with the highest performance showed a detection rate of approximately 99%.

RIS Assisted Dual-Function Radar and Secure Communications Based on Frequency-Shifted Chirp Spread Spectrum Index Modulation

Reconfigurable intelligent surface(RIS)assisted dual-function radar communications(DFRC)system is a promising integrated sensing and communication(ISAC)technology for future 6G.In this paper,we propose a scheme of RIS-assisted DFRC system based on frequency shifted chirp spread spectrum index modulation(RDFI)for secure communications.The proposed RDFI achieves the sensing and transmission of target location information in its radar and communication modes,respectively.In both modes,the frequency-shifted chirp spread spectrum index modulation(FSCSS-IM)signal is used as the baseband signal for radar and communications,so that the signal sent by the radar also carries information.This scheme implements the RIS-assisted beamforming in the communication mode through the azimuth information of the target acquired in the radar mode,so that the signal received from the eavesdropper is distorted in amplitude and phase.In addition,this paper analyzes the radar measurement accuracy and communication security of the FSCSS-IM signal using ambiguity function and secrecy rate(SR)analysis,respectively.Simulation results show that RDFI achieves both excellent bit error rate(BER)performance and physical layer security of communications.

Secure Short-Packet Transmission in Uplink Massive MU-MIMO Assisted URLLC Under Imperfect CSI

Ultra-reliable and low-latency communication(URLLC)is still in the early stage of research due to its two strict and conflicting requirements,i.e.,ultra-low latency and ultra-high reliability,and its impact on security performance is still unclear.Specifically,short-packet communication is expected to meet the delay requirement of URLLC,while the degradation of reliability caused by it makes traditional physical-layer security metrics not applicable.In this paper,we investigate the secure short-packet transmission in uplink massive multiuser multiple-inputmultiple-output(MU-MIMO)system under imperfect channel state information(CSI).We propose an artificial noise scheme to improve the security performance of the system and use the system average secrecy throughput(AST)as the analysis metric.We derive the approximate closed-form expression of the system AST and further analyze the system asymptotic performance in two regimes.Furthermore,a one-dimensional search method is used to optimize the maximum system AST for a given pilot length.Numerical results verify the correctness of theoretical analysis,and show that there are some parameters that affect the tradeoff between security and latency.Moreover,appropriately increasing the number of antennas at the base station(BS)and transmission power at user devices(UDs)can increase the system AST to achieve the required threshold.

Deep Learning Based Autonomous Transport System for Secure Vehicle and Cargo Matching

The latest 6G improvements secured autonomous driving's realism in Intelligent Autonomous Transport Systems(IATS).Despite the IATS's benefits,security remains a significant challenge.Blockchain technology has grown in popularity as a means of implementing safe,dependable,and decentralised independent IATS systems,allowing for more utilisation of legacy IATS infrastructures and resources,which is especially advantageous for crowdsourcing technologies.Blockchain technology can be used to address security concerns in the IATS and to aid in logistics development.In light of the inadequacy of reliance and inattention to rights created by centralised and conventional logistics systems,this paper discusses the creation of a blockchain-based IATS powered by deep learning for secure cargo and vehicle matching(BDL-IATS).The BDL-IATS approach utilises Ethereum as the primary blockchain for storing private data such as order and shipment details.Additionally,the deep belief network(DBN)model is used to select suitable vehicles and goods for transportation.Additionally,the chaotic krill herd technique is used to tune the DBN model’s hyper-parameters.The performance of the BDL-IATS technique is validated,and the findings are inspected under a variety of conditions.The simulationfindings indicated that the BDL-IATS strategy outperformed recent state-of-the-art approaches.