Search Results (931)

Federated Learning (FL) is a distributed machine-learning paradigm that enables models to be trained across multiple decentralized devices or servers holding local data without transferring the raw data to a central location. However, applying FL to heterogeneous IoT scenarios comes with several challenges due to the diverse nature of these devices in terms of hardware capabilities, communications, and data heterogeneity. Furthermore, the conventional parameter server-based FL paradigm aggregates the trained parameters of devices directly, which incurs high communication overhead. To this end, this paper designs a hierarchical federated-learning framework for heterogeneous IoT systems, focusing on enhancing communication efficiency and ensuring data security through lightweight encryption. By leveraging hierarchical aggregation, lightweight stream encryption, and adaptive device participation, the proposed framework provides an efficient and robust solution for federated learning in dynamic and resource-constrained IoT environments. The extensive experimental results show that the proposed FL paradigm significantly reduces round time by 20%. Full article

Nowadays, the use of Unmanned Aerial Vehicles (UAVs), or drones in agriculture for crop assessment and monitoring is a timely and important issue that concerns both researchers and farmers. Mapping agricultural land is imperative for making appropriate management decisions. As a result, the necessity of this technology is increasing, given its numerous benefits. However, as with any modern and automated technology, security concerns arise from various aspects. In this paper, we discuss cyberthreats to drones, as this technology is vulnerable to attackers during data collection, storage, and usage. Although various techniques and methods have been developed to address attacks on drones, this field remains in its infancy in many respects. This paper provides a comprehensive review of the security challenges associated with the use of agricultural drones. The security issues were thoroughly analyzed, with a particular focus on cybersecurity, categorized into four distinct levels: emerging threats, sensor vulnerabilities, hardware and software attacks, and communication-related threats. Additionally, we examined the limitations and challenges posed by cyberthreats to drone systems. Full article

Background: Large Language Models (LLMs) are emerging as promising tools in hardware design and verification, with recent advancements suggesting they could fundamentally reshape conventional practices. Objective: This study examines the significance of LLMs in shaping the future of hardware design and verification. It offers an extensive literature review, addresses key challenges, and highlights open research questions in this field. Design: in this scoping review, we survey over 360 papers most of the published between 2022 and 2024, including 71 directly relevant ones to the topic, to evaluate the current role of LLMs in advancing automation, optimization, and innovation in hardware design and verification workflows. Results: Our review highlights LLM applications across synthesis, simulation, and formal verification, emphasizing their potential to streamline development processes while upholding high standards of accuracy and performance. We identify critical challenges, such as scalability, model interpretability, and the alignment of LLMs with domain-specific languages and methodologies. Furthermore, we discuss open issues, including the necessity for tailored model fine-tuning, integration with existing Electronic Design Automation (EDA) tools, and effective handling of complex data structures typical of hardware projects. Conclusions: this survey not only consolidates existing knowledge but also outlines prospective research directions, underscoring the transformative role LLMs could play in the future of hardware design and verification. Full article

Physically unclonable functions (PUFs) represent emerging cryptographic primitives that exploit the uncertainty of the CMOS manufacturing process as an entropy source for generating unique, random and stable keys. These devices can be potentially used in a wide variety of applications ranging from secret key generation, anti-counterfeiting, and low-cost authentications to advanced protocols such as oblivious transfer and key exchange. Unfortunately, guaranteeing adequate PUF stability is still challenging, thus often requiring post-silicon stability enhancement techniques. The latter help to contrast the raw sensitivity to on-chip noise and variations in the environmental conditions (i.e., voltage and temperature variations), but their area and energy costs are not always feasible for IoT devices that operate with constrained budgets. This pushes the demand for ever more stable, area- and energy-efficient solutions at design time. This review aims to provide an overview of several weak PUF solutions implemented in CMOS technology, discussing their performance and suitability for being employed in security applications. Full article

In an attempt to address the growing shortage of cybersecurity specialists in the country, the School of Electrical Engineering, University of Belgrade, started the course entitled Advanced Network and System Security (ANS) in the 2019/2020 school year. The ANS course covers the topics of computer system and network security, intrusion detection and prevention, and ethical hacking methodologies. This paper presents the course organization and associated laboratory environment and exercises and aims to prove that providing such a multidisciplinary laboratory leads to successful learning outcomes and directly improves gained knowledge in cybersecurity. The ANS course differs from all other related courses by covering various cybersecurity topics ranging from hardware through to network to web security. The analysis showed that 13 out of 19 Cyber Security Body of Knowledge classification Knowledge Areas are covered in the ANS course, unlike other related courses which cover up to 8 Knowledge Areas. Ultimately, the students’ practical skills improvement evaluation was performed through quantitative and qualitative analysis in order to prove that improving practical skills in the ANS laboratory resulted in the overall improvement of the gained knowledge. Full article

Blockchain has several unique features: data integrity, security, privacy, and immutability. For this reason, it is considered one of the most promising new technologies for a wide range of applications. Initially prominent in cryptocurrencies such as Bitcoin, its applications have expanded into areas such as the Internet of Things. However, integrating blockchain into IoT systems is challenging due to the limited computing and storage capabilities of IoT devices. Efficient blockchain mining requires lightweight hash functions that balance computational complexity with resource constraints. In this study, we employed a structured methodology to evaluate hash functions for blockchain–IoT systems. Initially, a survey is conducted to identify the most commonly used hash functions in such environments. Also, this study identifies and evaluates a lightweight hash function, designated as HashLEA, for integration within blockchain-based IoT systems. Subsequently, these functions are implemented and evaluated using software coded in C and Node.js, thereby ensuring compatibility and practical applicability. Performance metrics, including software efficiency, hardware implementation, energy consumption, and security assessments, were conducted and analyzed. Ultimately, the most suitable hash functions, including HashLEA for blockchain–IoT applications, are discussed, striking a balance between computational efficiency and robust cryptographic properties. Also, the HashLEA hash function is implemented on a Raspberry Pi 4 with an ARM processor to assess its performance in a real-world blockchain–IoT environment. HashLEA successfully passes security tests, achieving a near-ideal avalanche effect, uniform hash distribution, and low standard deviation. It has been shown to demonstrate superior execution time performance, processing 100 KB messages in 0.157 ms and 10 MB messages in 15.48 ms, which represents a significant improvement in execution time over other alternatives such as Scrypt, X11, and Skein. Full article

The extremely destructive nature of malware has become a major threat to Internet security. The research on malware detection techniques has been evolving. Deep learning-based malware detection methods have achieved good results by using large-scale, pre-trained models. However, these models are complex, have large parameters, and require a large amount of hardware resources and have a high inference time cost when applied. To address this challenge, this paper proposes DistillMal, a new method for lightweight malware detection based on knowledge distillation, which improves performance by using a student network to learn valuable cueing knowledge from a teacher network to achieve a lightweight model. We conducted extensive experiments on two new datasets and showed that the student network model’s performance is very close to that of the original model and the outperforms it on some metrics. Our approach helps address the resource constraints and computational challenges faced by traditional deep learning large models. Our research highlights the potential of using knowledge distillation to develop lightweight malware detection models. Full article

This study presents a novel driver authentication system utilizing electrocardiogram (ECG) signals collected through dry electrodes embedded in the steering wheel. Traditional biometric authentication methods are sensitive to environmental changes and vulnerable to replication, but this study addresses these issues by leveraging the unique characteristics and forgery resistance of ECG signals. The proposed system is designed using autocorrelation profiles (ACPs) and a convolutional neural network and is optimized for real-time processing even in constrained hardware environments. Additionally, advanced signal processing algorithms were applied to refine the ECG data and minimize noise in driving environments. The system’s performance was evaluated using a public dataset of 154 participants and a real-world dataset of 10 participants, achieving F1-Scores of 96.8% and 96.02%, respectively. Furthermore, an ablation study was conducted to analyze the importance of components such as ACPs, normalization, and filtering. When all components were removed, the F1-Score decreased to 60.1%, demonstrating the critical role of each component. These findings highlight the potential of the proposed system to deliver high accuracy and efficiency not only in vehicle environments but also in various security applications. Full article

The widespread reliance on paper-based currency poses significant drawbacks, such as counterfeiting, lack of transparency, and environmental impacts. While Central Bank Digital Currencies (CBDCs) address many of these issues, their dependence on continuous internet connectivity limits their usability in scenarios with poor or no network access. To overcome such limitations, this paper introduces ElasticPay, a novel Peer-to-Peer (P2P) Offline Digital Payment System that leverages advanced hardware security measures realised through Trusted Platform Modules (TPMs), Trusted Execution Environments (TEEs), and Secure Elements (SEs). ElasticPay ensures transaction privacy, unforgeability, and immediate settlement while preventing double spending. Our approach integrates robust recovery mechanisms and provides a scalable solution for diverse environments. Extensive experimentation validates the system’s reliability and practicality, highlighting its potential to advance secure and inclusive CBDC ecosystems. We demonstrate the proposed solution implementation on the iPhone mobilephone because it has an inbuilt Secure Enclave, which is an integrated implementation of the necessary TPM, TEE, and SE functionalities. Full article

OT (operational technology) protocols such as DNP3/TCP, commonly used in the electrical utility sector, have become a focal point for security researchers. We assess the applicability of attacks previously published from theoretical and practical points of view. From the theoretical point of view, previous work strongly focuses on transcribing protocol details (e.g., list fields at the link, transport, and application layer) without providing the rationale behind protocol features or how the features are used. This has led to confusion about the impact of many theoretical DNP3 attacks. After a detailed analysis around which protocol features are used and how, a review of the configuration capabilities for several IEDs (Intelligent Electrical Devices), and some testing with real devices, we conclude that similar results to several complex theoretical attacks can be achieved with considerably less effort. From a more practical point of view, there is existing work on DNP3 man-in-the-middle attacks; however, research still needs to discuss how to overcome a primary hardening effect: IEDs can be configured to allow for communication with specific IP addresses (allow list). For purely scientific purposes, we implemented a DNP3 man-in-the-middle attack capable of overcoming the IP allow-list restriction. We tested the attack using real IEDs and network equipment ruggedized for electrical environments. Even though the man-in-the-middle attack can be successful in a lab environment, we also explain the defense-in-depth mechanisms provided by industry in real life that mitigate the attack. These mechanisms are based on standard specifications, capabilities of the OT hardware, and regulations applicable to some electrical utilities. Full article

The rapid growth of Internet of Things (IoT) devices has significantly increased reliance on sensor-generated data, which are essential to a wide range of systems and services. Wireless sensor networks (WSNs), crucial to this ecosystem, are often deployed in diverse and challenging environments, making them susceptible to faults such as software bugs, communication breakdowns, and hardware malfunctions. These issues can compromise data accuracy, stability, and reliability, ultimately jeopardizing system security. While advanced sensor fault detection methods in WSNs leverage a machine learning approach to achieve high accuracy, they typically rely on centralized learning, and face scalability and privacy challenges, especially when transferring large volumes of data. In our experimental setup, we employ a decentralized approach using federated learning with long short-term memory (FedLSTM) for sensor fault detection in WSNs, thereby preserving client privacy. This study utilizes temperature data enhanced with synthetic sensor data to simulate various common sensor faults: bias, drift, spike, erratic, stuck, and data-loss. We evaluate the performance of FedLSTM against the centralized approach based on accuracy, precision, sensitivity, and F1-score. Additionally, we analyze the impacts of varying the client participation rates and the number of local training epochs. In federated learning environments, comparative analysis with established models like the one-dimensional convolutional neural network and multilayer perceptron demonstrate the promising results of FedLSTM in maintaining client privacy while reducing communication overheads and the server load. Full article

The vast interconnection of resource-constrained devices and the immense amount of data exchange in the Internet of Things (IoT) environment resulted in the resurgence of various security threats. This resource-constrained environment of IoT makes data security a very challenging task. Recent trends in integrating lightweight cryptographic algorithms have significantly improved data security in the IoT without affecting performance. The PRESENT block cipher, a standard and lightweight benchmark algorithm, is a widely accepted and implemented algorithm with a simple design, low-cost implementation, and optimum performance. However, this simple design utilizing lightweight linear and non-linear functions led to slow confusion and diffusion properties. The static bits in the permutation layer are the leading cause of slow diffusion, showcasing dependencies between plaintext and ciphertext bits. This research addresses and seeks to overcome this shortcoming of slow confusion and diffusion using the Deoxyribonucleic Acid (DNA) replication process and shift-aided operations, leading to the DNA-PRESENT block cipher. Security, cost, and performance analyses were performed to verify the improvements. The results demonstrated that with only 33.5% additional cost, DNA-PRESENT increased key sensitivity to 73.57%, plaintext sensitivity to 33%, and consistently ensured an average bit error rate (BER) of 50.2%. An evident increase of 176.47 kb/s in throughput and reduced latency to 17 cycles/block kept the good hardware efficiency of 43.41 kbps/KGE, and the reduction in execution time by 0.2333 s led to better performance. Considering the security advances achieved, this cost increase is a trade-off between security and performance. Full article

This paper examines the intellectual property (IP) challenges introduced by 3D printing, a transformative technology enabling widespread innovation, but also raising critical legal questions. It focuses on three main areas: (1) IP issues associated with 3D printing hardware, (2) copyright and licensing complexities related to downloadable 3D files, and (3) IP concerns for commercialized 3D printed items. Through a comprehensive review, the paper highlights how existing IP frameworks struggle to keep pace with the flexibility and accessibility inherent in 3D printing. Proposed solutions, such as blockchain for secure design tracking and enhanced digital rights management (DRM), point towards a more controlled future for digital design protection. Additionally, the study underscores the need for international cooperation to harmonize IP laws, facilitating more effective cross-border enforcement. This work aims to contribute to the ongoing dialogue on IP rights in 3D printing, proposing adaptive strategies to support legal clarity while fostering technological advancement. Full article

The rapid expansion in unmanned aerial vehicles (UAVs) across various sectors, such as surveillance, agriculture, disaster management, and infrastructure inspection, highlights the growing need for robust navigation systems. However, this growth also exposes critical vulnerabilities, particularly in UAV package delivery operations, where intentional electromagnetic interference (IEMI) poses significant security and safety threats. This paper addresses IEMI attacks targeting inertial measurement units (IMUs) in UAVs, focusing on their susceptibility to medium-power electromagnetic interference. Our approach combines a comprehensive literature review and QuickField simulation with experimental validation using a commercially available 6-degree-of-freedom (DOF) IMU sensor. We propose a hardware-based electromagnetic shielding solution using mu-metal to mitigate IEMI’s impact on sensor performance. The study combines experimental testing with simulations to evaluate the shielding effectiveness under controlled conditions. The results of the measurements showed that medium-power IEMI significantly distorted IMU sensor readings, but our proposed shielding method effectively reduces the impact, improving sensor reliability. We demonstrate the mechanisms by which medium-power IEMI disrupts sensor operation, offering insights for future research directions. These findings also highlight the importance of integrating hardware-based shielding solutions to safeguard UAV systems against electromagnetic threats. Full article

Numerous encryption methods have been published to secure IoT devices in the last decade. Existing encryption methods still have disadvantages when it comes to securing IoT devices. On the other hand, a new encryption method using brain signals in IoT devices is gaining attention as a new solution. The encryption method based on brain signals essentially involves a hypothesis called imposed recall based on ironic process theory. The imposed recall was created with the expectation that imposing a specific choice on the subjects during the acquisition of brain signals would allow for better separation of EEG data. This paper presents experiments and approaches to prove the validity of the imposed recall hypothesis. With the experiments, the effects of ironic process theory on brain signal-based encryption can be observed. While performing the tests, varying approaches, including Granger causality, were applied to analyze the results. The results show that the imposed recall hypothesis can successfully reconstruct EEG data. The structured signals were determined to be effective in capturing matches of brain signals on subjects at different time intervals. Thus, the imposed recall hypothesis can be used in various fields, such as authentication, questioning, and identification, by reserving brain signals to be obtained from individuals. In addition, it was reported that it is possible to acquire the ability to provide security in both devices with limited hardware, such as IoT devices or complex systems. Full article