In today’s digital era, secure data transmission between a data owner and users is critical. This paper presents a novel framework that combines One-Time Password (OTP) generation with an RSA-based key exchange mechanism to ensure robust data protection. Each time the data owner initiates data sharing; a unique OTP is dynamically generated and encrypted using the RSA algorithm. This OTP acts as a secure access key, ensuring that only authorized users can decrypt and retrieve the shared information. The RSA encryption not only secures the OTP but also establishes a secure communication channel between the data owner and the user, preventing unauthorized access or interception during transmission. By integrating dynamic OTPs with asymmetric encryption, this scheme enhances the confidentiality and integrity of data in environments where security.

With the rapid growth of technologies , vast volumes of data are being generated and stored in the cloud. To reduce storage costs, data deduplication has emerged as a crucial technique. However, most existing blockchain-based deduplication schemes treat the blockchain as a passive storage medium and rely heavily on edge-level security protocols, making the system susceptible to data leakage and unauthorized access during the deduplication process. Furthermore, these schemes often lack integrated mechanisms for real-time data integrity verification and database authentication. This paper proposes a novel deduplication framework that ensures both verifiable and secure data deduplication with real-time data integrity checking in a cloud environment. The proposed system leverages blockchain technology not just for storage, but as an active trust layer by incorporating smart contracts and cryptographic proofs. These components enable real-time verification of data integrity and authentication of data before deduplication occurs. By addressing the limitations of existing methods, our framework significantly enhances data security, reduces redundancy, and ensures trustworthiness in cloud-based IoT data management.

The rise of mobile edge computing (MEC) within distributed systems has brought greater focus to managing data at the network edge. A significant challenge exists due to the limited storage capacity of edge servers contrasted with the ever-increasing demand for data storage, making cost reduction a key priority. Although edge data deduplication has been widely explored as a method for reducing data redundancy, current approaches face various obstacles in MEC settings. These difficulties arise from differences between edge servers and traditional cloud data centers, as well as unpredictable factors like user mobility, which undermine the reliability of deduplication strategies. To address these issues, this paper introduces a robust optimization-based framework for edge data deduplication. By incorporating uncertainties such as fluctuating data demands and potential edge server failures, we develop two solution algorithms: uEDDE-C, a two-stage method leveraging column-and-constraint generation, and uEDDE-A, an approximation technique designed to reduce the computational complexity of uEDDE-C. Our approach enables effective data deduplication in dynamic edge environments while maintaining resilience under various uncertain conditions. We substantiate the efficacy and stability of both algorithms through rigorous theoretical analysis and comprehensive experiments. The results confirm that our method substantially lowers data storage expenses and decreases data retrieval latency, ensuring dependable performance in practical MEC deployments.

This project presents PTA-HE, an enhanced Property-Based Token Attestation mechanism that integrates Homomorphic Encryption (HE) to provide robust security in mobile cloud computing environments. Traditional Property-Based Token Attestation (PTA) methods, while foundational, do not offer adequate protection for sensitive data during real-time processing, leaving it vulnerable to confidentiality breaches and unauthorized tampering. The proposed PTA-HE framework addresses these limitations by enabling computations directly on encrypted data, ensuring data remains protected even during processing. A key feature of our design is the integration of Trusted Third Parties (TTPs) to manage attestation securely, ensuring only authorized tokens are validated without exposing any raw data. By using Homomorphic Encryption, our system maintains complete data privacy throughout the entire attestation process. To evaluate its performance, we conducted a series of experiments measuring computational overhead, communication cost, latency, and scalability, highlighting the practical trade-offs between enhanced security and system performance. Overall, PTA-HE demonstrates a practical and secure solution for mobile cloud applications requiring high levels of data confidentiality and trust in dynamic computing environments.

Cloud computing provides high performance, accessibility and low cost for data storing and sharing, provides a better consumption of resources. In cloud computing, cloud service providers compromise an abstraction of infinite storage space for clients to mass data. It can help clients diminish their financial overhead of data managements by drifting the local managements system into cloud servers. However, security concerns develop the main constraint as we now outsource the storage of data, which is possibly sensitive, to cloud providers. To preserve data privacy, a mutual approach is to encrypt data files before the clients upload the encrypted data into the cloud. Cloud storage services can help clients reduce their monetary and maintenance overhead of data managements. It is complex to design a secure data sharing scheme, especially for dynamic groups in the cloud. To overcome the problem, here propose a secure data sharing scheme for frequently changed groups. In this work, an AES based encryption scheme is proposed which incorporates the cryptographic approaches with Group Data Sharing and also an anonymous control scheme to address the privacy in data as well as the user identity privacy in current access control schemes. If the group member can be revoked means, automatically change public keys of existing group and no need encrypt again the original data. Any user in the group can access data source in the cloud and revoked users does not allowed accessing the cloud again after they are revoked. Finally implement this secure distribution scheme into group data sharing environments.

With its advantages in ensuring low data retrieval latency and reducing backhaul network traffic, edge computing is becoming a backbone solution for many latency-sensitive appli cations. An increasingly large number of data is being generated at the edge, stretching the limited capacity of edge storage systems. Improving resource utilization for edge storage systems has become a significant challenge in recent years. Existing solutions attempt to achieve this goal through data placement optimization, data partitioning, data sharing, etc. These approaches overlook the data redundancy in edge storage systems, which produces substantial storage resource wastage. This motivates the need for an approach for data deduplication at the edge. However, existing data deduplication methods rely on centralized control, which is not always feasible in practical edge computing environments. Ripple is a novel framework that enables edge servers to perform data deduplication in a fully decentralized manner. Unlike traditional approaches relying on centralized coordination, Ripple establishes a local data index on each edge server, empowering them to independently identify and eliminate redundant data. This decentralized design allows Ripple to: 1. efficiently detect and remove duplicate data, 2. uphold low-latency data retrieval requirements, and(removing Unwanted Data) 3. ensure data availability after deduplication. Extensive trace-driven experiments on a real-world testbed validate the effectiveness of Ripple. Compared to existing state-of-the-art techniques, Ripple achieves a 60.42% reduction in data retrieval latency and enhances the deduplication ratio by up to 16.79%, demonstrating its practical advantages in edge computing environments.

With the increasing reliance on cloud storage services for handling large volumes of user data, websites have begun enabling direct file uploads from users to cloud platforms. While this approach offers greater convenience and scalability, it also introduces new security challenges due to the involvement of multiple entities, including web users, web servers, and cloud storage providers. In this study, we present the first comprehensive security evaluation of this direct upload model. Through an in-depth investigation, we identify six distinct categories of vulnerabilities and perform large-scale testing across the top 500 websites ranked by Alexa. Our findings reveal that 182 websites (36.4%) utilize cloud storage services, and a focused analysis of 28 popular websites with upload functionality shows that all exhibit at least one of the identified vulnerabilities. In total, we uncover 79 previously unreported vulnerabilities, which we responsibly disclosed to the respective platforms, including major services like Google, Reddit, and CSDN. The positive responses highlight the practical impact of our findings. We further examine the root causes of these issues and suggest effective mitigation strategies. This work contributes valuable insights into the security implications of cloud-based file uploads and aims to guide both developers and researchers in building more secure web applications.

A cloud server may safely conduct a keyword search over data encrypted with different public keys on behalf of assigned users thanks to a key-aggregate keyword retrieval primitive. The best approach for the above issue is to encrypt distinct files using various public keys, but just send each user a single or constant-size secret key that is used to produce the trapdoor when searching for keywords over the encrypted files. However, existing key-aggregate searchable encryption schemes are insecure against keyword guessing attacks, which result in the privacy leakage of keyword ciphertext and trapdoor. In this paper, we for the first time formulate a secure and efficient key-aggregate searchable encryption for cloud-assisted IoT applications, which not only enables a data owner to securely share the selected documents to multiple users, but also supports data users in delegating the capability of keyword search to a cloud server for searching the desired documents without leaking any privacy of keyword ciphertext and trapdoor. Following that, the suggested scheme's security is properly specified and shown to be safe from indistinguishable selective-file chosen keyword attacks. Our developed scheme's security specification is codified using the standard model. We also prove it to be secure with a strict security proof. The flexibility and practicability of the formulated scheme is also demonstrated by theoretical evaluations and experimental simulations.

With the rapid adoption of cloud computing in healthcare, securing medical data stored and accessed through cloud platforms has become a critical priority. Unauthorized access to sensitive health records can lead to severe privacy violations and misuse of patient information. Therefore, robust user authentication mechanisms are essential to ensure that only legitimate users can access or modify medical data in cloud environments. This paper presents a secure and efficient user authentication scheme tailored for cloud-based medical systems, focusing on protecting data integrity and ensuring user privacy. The proposed scheme employs a multifactor authentication model that integrates otp verification, cryptographic credentials, and device-based factors to authenticate users accessing electronic health records (EHRs). To counter emerging threats, especially from quantum-capable adversaries, the protocol incorporates post-quantum cryptographic techniques, ensuring long-term security resilience. The protocol is formally verified using the ProVerif tool and evaluated against standard security criteria, demonstrating resistance to attacks such as replay, man-in-the-middle, insider threats, and stolen-verifier attacks. Furthermore, performance analysis confirms the protocol's low computational and communication overhead, making it suitable for real-time medical applications. The results highlight the protocol's ability to maintain a secure and scalable framework for confidential medical data access in cloud environments, balancing security, usability, and efficiency.

The rapid and expansive integration of Internet of Things (IoT) environments across various industrial sectors has led to an unprecedented surge in data generation and management. This exponential growth in data underscores the critical necessity for robust data security methodologies that can effectively safeguard the confidentiality and integrity of information without imposing undue computational burdens. In response to this challenge, numerous studies have sought to leverage Attribute-Based Encryption (ABE) as a means to enable fine-grained access control. Among the ABE variants, Ciphertext Policy ABE (CP-ABE) and bilinear pairings have emerged as popular choices to construct security schemes that strike a balance between robust protection and computational efficiency. Despite the progress made through Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and bilinear pairings, the use of Linear Secret Sharing Scheme (LSSS) access policies continues to pose challenges. Although LSSS policies offer flexible and expressive access control, they often lead to increased encryption execution times, impacting overall system performance. This study addresses this issue by investigating the potential of Key-Policy Attribute-Based Encryption (KP-ABE) as an alternative approach. The primary goal is to reduce the computational burden during encryption, thereby improving the efficiency of data protection mechanisms within IoT environments. In addition, this research explores the integration of Elliptic Curve Cryptography (ECC) for key generation. Known for its strong security guarantees and computational efficiency, ECC presents a promising method to enhance data security while minimizing computational costs. By combining KP-ABE with ECC, the study aims to develop a holistic solution that delivers robust security alongside optimized performance tailored for the complexities of IoT systems. Through comprehensive analysis and empirical evaluation, this work seeks to contribute meaningful advancements to the ongoing efforts in securing IoT data, balancing the critical demands of both security and computational efficiency.

When using an insecure communication channel, the initial step involves authenticating the user (verifying the other party) to ensure the legitimacy of the communication partner, followed by encrypted communication. With the advancement of quantum computers, many conventional cryptographic techniques are at risk of being deciphered. While post-quantum cryptographic approaches are under development, they often demand substantial computational resources, making them difficult to implement in resource-constrained environments such as the Internet of Things (IoT).This study proposes a user authentication and secure communication system that guarantees information-theoretic security by leveraging secure computation based on a computationally lightweight (k, n)-threshold secret sharing scheme. The proposed authentication approach utilizes constantly changing information to prevent replay attacks and enhance security. It is further demonstrated that secure communication with information-theoretic guarantees can be achieved without the need to distribute a large volume of true random numbers, relying instead on secret sharing-based secure computation. The proposed methods are particularly suitable for IoT applications due to their minimal processing overhead and efficient performance.

Outsourcing computations is essential for Internet of Things (IoT) devices due to their limited computational capabilities. However, existing privacy-preserving solutions such as Secret Sharing-based Secure Multi-Party Computation (SMPC) present significant overhead. These methods require each IoT device to divide its private data into multiple shares and transmit them over n confidential channels to different computation parties, making the process communication-intensive and impractical for low-power devices. Fully Homomorphic Encryption (FHE)-based alternatives offer strong privacy guarantees but are computationally expensive and typically inflexible in dynamic environments. To address these limitations, we propose a lightweight and dynamic privacy-preserving system tailored for IoT settings. Instead of broadcasting encrypted data or sending multiple shares, the IoT device encrypts its private data once and securely distributes decryption keys (or fragments) to a selected group of computation holders. Using threshold cryptography or distributed key techniques, the original data can be reconstructed collaboratively without exposing it to any single party. This approach eliminates the need for multiple confidential channels or heavy FHE operations, ensuring efficient, secure, and scalable data sharing. It supports dynamic participant management and leverages lightweight encryption (e.g., NTRU or ECC), making it highly suitable for real-world IoT applications where both privacy and performance are critical.

Simultaneous enhancement of Quality of Service (QoS) characteristics is difficult in the Cloud Computing (CC) environment if the overall QoS offered is inadequate for end users. In this research, the Smart Message Passing Interface Approach (SMPIA) is integrated with the Genetic Algorithm (GA) and the Particle Swarm Optimization (PSO) techniques for CC applications. The PSO-SMPIA and GA-SMPIA algorithms are described for task scheduling and resource allocation, with the goal of lowering makespan and overall execution time while enhancing resource utilization in CC. The primary contribution of this study is to compute the maximum cost for each transaction flow, which has not been addressed in prior research. This new multipurpose function covers the flow load, makespan load, virtual machine (VM) capacity, and execution speed parameters. Telecommunication deals and bids are classified according to the type of flow. The transaction flow allocation matrix to the VMs is calculated using appropriate values. The transaction flow is routed to the appropriate VMs based on the selected matrix. Furthermore, we investigate the impact of makespan and overall execution time on resource utilization. The findings indicate that PSO-SMPIA outperforms Optimized-SMPIA (O-SMPIA), Fuzzy SMPIA (FSMPIA), SMPIA, and GA-SMPIA in terms of average resource consumption. However, FSMPIA and O-SMPIA outperform other algorithms in terms of improving makespan and overall execution time, respectively. The entire execution time and makespan are greatly lowered when compared to other methods, which improves the QoS offered to end users. Thus, GA-SMPIA outperforms other algorithms by simultaneously improving total execution time and resource consumption while also improving (minimizing) the makespan.

The necessity for sophisticated security measures to safeguard private information on distant servers is highlighted by the cloud computing industry's explosive growth. To protect these data, authentication is essential. Vulnerabilities continue despite the different approaches that have been suggested. Using data mining approaches based on an intrusion-detection system, this research presents a revolutionary multi-factor authentication system coupled with a hybrid cryptographic framework that dynamically changes encryption algorithms. The proposed system employs passwords, conditional attributes, and fingerprint authentication to derive the encryption key from fingerprint data. It uses a dual-encryption strategy that combines five algorithm pairs: AES + HMAC (SHA-256), ECC + HMAC (SHA-512), HMAC-MD5 + PBKDF2, Twofish + Argon2, and Blowfish + HMAC SHA3-256. In order to secure the data, a hybrid model dynamically modifies an encryption algorithm to anticipate and categorize threats. Strong resistance to brute force, spoofing, phishing, guessing, and impersonation attacks was demonstrated by the framework. By putting this paradigm into practice in a cloud authentication environment, data confidentiality is greatly improved and unwanted access is prevented. This study demonstrates how multi-factor authentication and adaptive cryptography may be combined to create strong cloud security solutions.

Decentralized and collaborative learning approach that ensures the data privacy of each participant. However, recent studies have shown that the private data of each participant can be obtained from shared parameters of local models through reversal model and membership inference attacks leading to privacy leakage. Privacy-preserving federated learning strategies based on Homomorphic Encryption (PPFL-HE) have been developed to solve this issue. PPFL-HE methods require high communication and computational overheads, which are impractical for resource-limited devices. This work proposes an efficient PPFL-HE method to reduce communication and computational overheads. The suggested approach is predicated on a novel quantization procedure that encodes the weights of the local models into long-signed integers by introducing a dynamic range evaluation layer-for-layer (DREL). The suggested method lowers the quantization mistakes and communication overhead in comparison to conventional quantization techniques. Additionally, it makes it possible to encrypt local weights using the Brakerski/Fan-Vercauteren Homomorphic Encryption method (BFV-HE), which is very effective on integers and reduces ciphertext size, encryption, aggregation, and decryption time. Compared to other PPFL-HE techniques, the suggested approach has lower computing overheads and communication costs. In particular, the suggested approach reduces encryption on average when compared to PPFL-HE approaches based on Paillier and CKKS schemes, respectively, and necessitates global model convergence.

With the rapid advancement of smart grid technology, data sharing between grid devices and between the grid and users has become increasingly frequent, playing a crucial role in enhancing power system stability, optimizing energy distribution, and improving energy efficiency. However, the incomplete concealment of access policies during smart grid data sharing poses significant privacy risks. To address these concerns, we propose an efficient fine-grained access control scheme for secure information processing with enhanced policy protection. By integrating the Cuckoo Filter, the proposed system achieves complete attribute hiding, thereby significantly improving data privacy and security. An efficient attribute localization algorithm is introduced to reduce the complexity associated with attribute localization and recovery, enhancing overall system performance. Furthermore, blockchain technology is employed to support secure and verifiable data revocation through digital signature verification. The security analysis of the proposed system demonstrates its effectiveness in ensuring confidentiality through hidden access policies, maintaining integrity via blockchain’s immutability, and enforcing strict access control where only authorized users with valid attributes can access data. The system also supports secure revocation mechanisms, ensuring that outdated or compromised credentials are invalidated, and is resistant to collusion attacks, preventing unauthorized access even when multiple malicious entities attempt to combine their attributes. Overall, performance evaluations indicate that the scheme achieves strong privacy protection and robust security guarantees while incurring minimal computational overhead, making it highly suitable for real-time smart grid environments.

With the increasing adoption of cloud services, organizations are progressively outsourcing system log management to cloud service providers (CSPs). While this approach offers notable benefits in terms of cost efficiency and scalability, it also introduces critical challenges concerning the confidentiality, searchability, and integrity of sensitive log data. Existing solutions often fall short in addressing essential requirements such as fine-grained Boolean keyword search, dynamic access control, and verifiable result integrity over encrypted log records. To overcome these limitations, we propose designed specifically for cloud-hosted encrypted logs. It supports fine-grained multi-keyword Boolean search, privacy-preserving dynamic access control, and per-file integrity verification with minimal performance overhead. At its core, It indexing model that combines a Bloom filters thereby reducing the search space and significantly accelerating query execution. Access control is enforced via blockchain-based smart contracts, which securely validate encrypted user tokens without revealing sensitive information. For data integrity, It integrates an off-chain distributed hash table (DHT) with an on-chain Merkle root to provide robust detection of tampering at the individual log file level. Experimental evaluation demonstrates that It outperforms existing approaches in terms of search efficiency under increasing keyword and file loads, as well as in the accuracy and performance of integrity verification. These results substantiate the practical viability of It as a scalable and secure solution for searchable encryption and access control in large-scale cloud-based log management systems.

Quantum Secret Sharing (QSS) is an essential cryptographic primitive that distributes a secret among multiple parties using quantum information, ensuring that only authorized subsets of participants can reconstruct the secret. Existing QSS approaches predominantly rely on conventional network topologies and maximally entangled states such as the often requiring full participation of all key aspects such as redundancy, authentication, and privacy. In this work, we propose a novel QSS framework built on a generic distributed quantum network that incorporates a threshold-based scheme, allowing any t out of n players to collaboratively reconstruct the secret. Our protocol introduces a custom weighting system and a quantum variant of Dijkstra’s algorithm to dynamically select the optimal subset of players, enhancing flexibility and performance. Furthermore, we integrate CRYSTAL-Kyber post-quantum cryptographic primitives to provide robust user authentication and identity obfuscation, thereby bolstering security and privacy. Through comprehensive security analysis and simulations, we demonstrate that our protocol outperforms traditional QSS models, offering improved resilience against both classical and quantum adversarial threats.

Cloud computing has transformed medical data storage by allowing healthcare institutions to outsource data management to external service providers. While this shift offers enhanced scalability and reduced infrastructure costs, it also introduces significant security and privacy concerns due to the storage of sensitive patient information on untrusted third-party servers. Traditional cryptographic techniques, such as searchable encryption, provide partial solutions but suffer from notable limitations, including vulnerability to leakage-based attacks, high computational overhead, and poor scalability in large-scale environments. To address these challenges, we propose EBMD, a novel outsourcing protocol that integrates an ordered additive secret sharing algorithm with a unique index permutation technique. ECMD ensures efficient and secure outsourcing of medical data while concealing both the data content and access patterns from potential adversaries. Our experimental evaluation demonstrates ECMD superior performance and scalability, with a single storage.

Blockchain technologies offer a new approach to security through decentralized networks and consensus mechanisms. However, they require all data to be public, which can be a problem for applications involving sensitive information, such as private data. To address this, confidentiality has become a key requirement in blockchain systems. This work introduces a practical and cost-effective solution for performing confidential computations on the blockchain. It uses secure multi-party computation (MPC) and zero-knowledge proofs (ZKPs) to protect data while ensuring that the results can be publicly verified. The system supports complex computations enforced by smart contracts, while using staking, incentives, and cheat detection to build trust among participants. We also describe a method to integrate secure computations into smart contracts using the Promise programming pattern. A cost analysis is included to show that the proposed solution is more efficient compared to other existing approaches.

Blind rotation in FHEW-like bootstrapping is based on the CMUX Gate (a controlled selector gate that uses a control input to choose between two data inputs for the output). Blind rotation based on automorphism (a bijective transformation that maps a mathematical structure onto itself while maintaining its original structure) uses smaller keys, supports arbitrary key distributions, and has less noise growth than blind rotation based on the CMUX gate without taking key distribution into account. Notably, it can be used with multi-key homomorphic encryption schemes due to its ability to support arbitrary key distributions. Multi-key homomorphic encryption (MKHE) enables calculations to be carried out on ciphertexts that have been encrypted using various keys. thereby extending the fields in which homomorphic encryption can be used. Using the hybrid product, we enhanced the automorphism-based blind rotation, making it appropriate for multi-key schemes. Nevertheless, prior multi-key schemes could only perform gate bootstrapping following a single NAND gate calculation. Our plan uses a multi-key circuit bootstrapping technique based on blind rotation based on automorphism. The ciphertext must pass through computational circuits that incorporate leveled operations when using leveled homomorphic encryption mode.

Given the sensitivity of personal health information and the rising prevalence of data breaches, healthcare analytics faces a significant challenge in ensuring the privacy of sensitive data while simultaneously providing valuable insights. By incorporating privacy-preserving parameters, zero-knowledge proofs (zk-SNARKs), blockchain technology, and a multi-tenant cloud environment, the secure framework presented in this paper addresses these issues. The framework ensures that healthcare records remain protected during analytics computations without exposing raw data by employing cutting-edge cryptographic methods, particularly zk-SNARKs. In order to validate computations, the privacy-preserving analytics engine makes use of anonymized healthcare records and generates zk-SNARKs. When these proofs are incorporated into a blockchain network, they produce a transparent, tamper-proof ledger that guarantees safe healthcare transactions. This strategy is absolutely necessary in circumstances like telemedicine, where secure data sharing and computation are of the utmost importance. By demonstrating its application in a telemedicine app, the framework provides a scalable and secure solution to a pressing issue, demonstrating its practical significance in healthcare analytics.

Data about user-service interactions is frequently kept across several dispersed platforms in the context of the Internet of Things (IoT). In order to make a thorough recommendation decision in this scenario, recommender systems must integrate the dispersed user-service interaction data from several platforms, which likely exposes user privacy. Furthermore, the efficiency of recommendations is greatly diminished as user-service interaction records mount up over time. We suggest a lightweight, privacy-preserving service recommendation method called SerRecL2H to address these problems. To efficiently identify customers with similar preferences for precise suggestions, SerRecL2H uses Learning to Hash (L2H) to encapsulate sensitive user-service interaction data into less-sensitive user indices.

The increasing proliferation of cloud Application Programming Interfaces (APIs) has created a critical need for intelligent recommendation systems that can assist developers in selecting appropriate APIs for mashup development. This research presents a novel personalized cloud API recommendation method that leverages multiple attribute features and mashup requirement attention mechanisms to address the challenges of API selection in cloud computing environments. The proposed system constructs a comprehensive cloud API ecosystem graph and employs advanced graph neural network techniques combined with translational distance models to capture API similarities and complementarities. Unlike traditional approaches that treat all API attributes equally, our method introduces a mashup requirement-specific attention mechanism that dynamically adjusts feature importance based on individual project needs. Extensive experimental validation demonstrates significant improvements in recommendation accuracy, with recall improvements of at least 5% and NDCG increases of up to 10% compared to existing methods.

Maintaining the privacy of image data in cloud environments has become more important as cloud-based services have developed quickly. Additionally, traditional cryptosystems, including those found in cloud systems, are seriously threatened by developments in quantum computing since they may become susceptible to attacks based on quantum mechanics. In order to achieve high security, this paper proposes a strong image encryption method that combines dynamic DNA operations, a 4-D hyperchaotic system, and quantum walks. Our encryption algorithm creates chaotic sequences that are used to replace the plain image after initializing the hyperchaotic system with key parameters to increase sensitivity to the plain image. The binary message that governs the operation of quantum walks is then updated by extracting information from the initially substituted image, which also updates the hyperchaotic system's initial parameters. The hyperchaotic system and the quantum walks are both controlled by these modified parameters. In order to increase complexity and improve security, the quantum walks' probability distribution is combined with the hyperchaotic system's chaotic sequences to permute the DNA-encoded image sequence, carry out dynamic DNA operations, and carry out dynamic DNA decoding. The final cipher image is created by applying the pixel permutation and substitution procedures after decoding. The suggested method produces strong resistance to cryptographic attacks and high encryption quality, as shown by experimental analysis, making it appropriate for secure cloud-based services.

Searchable encryption, often referred to as secure search, is a cryptographic technique that allows users to perform search operations over encrypted data without revealing its contents. This ensures data confidentiality even during search queries. While substantial research has explored searchable encryption using both public-key and symmetric encryption methods, these approaches often suffer from high computational overhead—particularly in large-scale cloud environments. To address these limitations, recent studies have turned to secret sharing-based searchable encryption, which offers significantly lower computational complexity. Secret sharing works by dividing sensitive data into multiple parts, or "shares," which are distributed across different entities. A notable contribution by Kamal et al. (2021) introduced a basic searchable encryption approach based on secret sharing schemes; however, their method lacked support for user access control, which is critical in real-world multi-user systems. In this work, we propose a secure keyword search approach that integrates user access control within a cloud-based environment. The system ensures that each data file stored in the cloud is managed by a designated owner who controls which users are authorized to search the data. Our solution adopts a secure computation model that operates between the data owner, the querying user, and multiple cloud servers. We conduct a comprehensive security analysis of the system's data distribution, query generation, and search execution processes, demonstrating its robustness against semi-honest adversaries that may attempt to compromise privacy through limited server collusion. Additionally, we introduce an optimized version of the approach using an enhanced secret sharing technique that increases efficiency when all participating servers are involved in the computation. The proposed methods are evaluated and compared based on their computational performance and communication efficiency, highlighting their suitability for privacy-preserving data outsourcing scenarios.

Election is the key process typically utilized for maintaining democracy in a given society. Recent technological advancements, such as Blockchain (BC), have been already deployed in previous works to realize non-conventional e-Voting systems. The main goal for such proposals is to provide the necessary level of security and reliability, while maintaining transparency, trust, and remote elections. However, the distributed and publicity nature of BC brought new challenges related to privacy and performance trade-off. This paper aims to address existing privacy and performance issues in e-voting by integrating smart contracts for reliability and transparency, Differential Privacy to enhance vote anonymity, and Self-Sovereign Identities (SSI) for managing decentralized identity and verifiable credentials. Specifically, a novel (k, ε)-differential privacy mechanism is developed, in which a randomly selected candidate is used as a pivot to redistribute retrievable votes to other candidates, preserving anonymity while enabling statistical vote approximation. To enhance user interaction, the system also includes a real-time notification mechanism that sends a confirmation message—such as "Vote successfully cast"—to the user's registered mobile device upon completing the voting process. The proposed methods are evaluated under various conditions, including different transaction arrival rates (10–80 TX/s), total cast votes (10k–50k), and numbers of elected candidates (2–8). To validate its practical deployment, the smart contract is implemented on a cloud-hosted, permissioned blockchain network using Hyperledger Besu, with geographically distributed nodes in Google’s EU and USA data centers. Experimental results indicate that BP-Vot achieves a 24% improvement in latency over existing solutions (≈ 1 s/TX vs. 1.24 s/TX). Moreover, through a standardized Min-Max regression method, the system consistently delivers over 98% accuracy in approximated vote results, with accuracy improving linearly with vote volume. The proposed differential privacy model is also formally verified to be resilient against reconstruction attacks.

PKE-ET, or public key encryption with equality test, makes it easier for authorized entities to determine whether two ciphertexts contain the same underlying message. Its adoption has been fueled by this feature in a number of applications, including encrypted spam filtering, keyword searches in encrypted databases, and secure data management in cloud environments. However, the generic PKE-ET constructions that are currently in use frequently rely on cryptographic primitives that necessitate additional complex functionalities or strong security assumptions, which results in inefficiencies. An enhanced generic construction for PKE-ET using the random oracle model is suggested in this paper. The suggested approach solely uses a standard public key encryption (PKE) scheme and basic cryptographic building blocks without the need for extra complicated primitives, in addition to cryptographic hash functions. More specifically, unlike previous generic frameworks that require stronger security guarantees, the proposed construction makes use of a PKE scheme that guarantees one-wayness against chosen plaintext attacks (OW-CPA). Assuming that the exploited PKE scheme achieves OW-CPA security, we show that the suggested construction satisfies one-wayness against adaptively chosen ciphertext attacks (OW-CCA2) for a Type-1 adversary, who has equality test trapdoors, and indistinguishability against adaptively chosen ciphertext attacks (IND-CCA2) for a Type-2 adversary, who does not. Additionally, we use proven PKE schemes to present three specific implementations of our generic framework: The RSA encryption and the hashed ElGamal encryption

The rapid adoption of the Industrial Internet of Things (IIoT) has greatly improved efficiency and productivity in industries. However, existing security systems are unable to handle the increasing number and diversity of connected devices. These systems rely on centralized network management, which is not suitable for ensuring data integrity across widely distributed IIoT devices. As a result, they face challenges in scalability, data security, and reliability, leaving IIoT environments vulnerable to cyberattacks. To address these limitations, the proposed research introduces a blockchain-based end-to-end security model specifically designed to meet the evolving demands of IIoT systems. This project presents a decentralized security solution for the Industrial Internet of Things (IIoT) by leveraging blockchain technology, smart contracts, and SHA-256 encryption. Traditional centralized security frameworks fail to scale with the increasing diversity of IIoT devices and often struggle to ensure data integrity. Our proposed system overcomes these limitations by integrating a blockchain framework that enables secure authentication, authorization, and data integrity without the need for a central authority. Smart contracts enforce adaptable access rules, reacting instantly to suspicious activity, while SHA-256 ensures robust data encryption. Additionally, IoT devices are used to manage encryption keys and data access, providing a lightweight and scalable security model tailored for the dynamic needs of industrial environments. This hybrid approach combines the advantages of public and private blockchains, ensuring both performance and confidentiality.

The rapid advancement and integration of Internet of Medical Things (IoMT) devices are reshaping modern healthcare by enabling real-time patient monitoring, early diagnosis, and intelligent clinical decision-making. Despite these advancements, a key challenge persists: the fragmentation of sensitive patient data across various healthcare institutions and platforms. This lack of interoperability undermines seamless data exchange, limits the effectiveness of data-driven treatment, and poses risks to both patient privacy and system efficiency. To overcome these limitations, this project proposes a novel blockchain-enabled framework for secure, interoperable, and privacy-preserving IoMT data validation and storage. Our solution leverages Hyperledger Fabric, a permissioned blockchain architecture, to ensure robust access control, tamper-resistant data storage, and transparent auditability tailored to the needs of healthcare ecosystems. In addition, we integrate edge computing capabilities to perform data processing closer to the data source, significantly reducing latency and network congestion while preserving privacy and security at the device level. This decentralized and scalable architecture ensures secure, real-time sharing of IoMT data among authorized entities while maintaining strict data integrity and confidentiality. The proposed framework supports critical healthcare functions such as remote patient monitoring and preventative care, all while fostering trust among stakeholders. Experimental evaluations highlight the system’s potential to improve healthcare workflow efficiency, support faster clinical decisions, and enable a patient-centric approach through unified and reliable health data management. This work marks a meaningful step toward establishing an interoperable, secure, and efficient digital healthcare infrastructure for the future.

The adoption of symmetric searchable encryption (SSE) has grown significantly, but many existing SSE schemes assume an honest-but-curious cloud service provider (CSP) or incur substantial overhead to guard against malicious behavior. Moreover, most are designed for static database and lack support for dynamic updates or strong verification. In this paper, we propose an efficient SSE framework that addresses these challenges through two novel approaches: Hexie and Jianding. To the best of our knowledge, this is the first SSE scheme that simultaneously supports dynamic database with forward and backward privacy, integrity verification of both non-empty and empty search results, efficient non-interactive search, lightweight clients, and both forward and inverted index structures. Hexie utilizes secret sharing to obscure index entries, allowing dynamic updates and secure, non-interactive search suitable for constrained clients. To enhance reliability and ensure result completeness and correctness, we introduce Jianding, which extends Hexie by combining a chained MAC structure with secret sharing. This enables clients to efficiently verify the integrity of search results. Additionally, we propose a graph-based dictionary sharding method to improve search efficiency. Comprehensive experiments demonstrate the practicality and performance benefits of our proposed schemes.

It is known that in certain quantum secret sharing schemes, participants may receive some shares before the dealer receives a secret. In the ramp quantum secret sharing schemes with the highest coding rate, it is unclear if some shares can be distributed prior to a secret being revealed. This article suggests methods for allocating some shares prior to disclosing a secret in those schemes. Since some participants may not be available when the dealer obtains the quantum secret, the new procedures expand the applicability of secret sharing schemes to broader scenarios. The correspondences between quantum secrets and quantum shares in the original schemes are then demonstrated to be preserved by our new encoding techniques, guaranteeing the retention of the original schemes' highest coding rates.

In modern computing environments, sensitive information such as medical and financial data is often shared across public platforms for analysis and decision-making. However, such data may contain private user details, and sharing them without sufficient protection can compromise individual privacy. Traditional anonymization techniques struggle to maintain an effective balance between privacy, utility, and truthfulness—especially when working with unbalanced or incomplete data. To overcome these challenges, we propose a servlet-based web application that implements a data balancing and correlation-aware differential privacy method. This system detects quality-related issues in data and enhances it by generating minimal high-quality synthetic records to achieve better balance. It also applies a partitioning approach that groups correlated attributes, allowing for a more efficient noise application process that preserves privacy while maintaining data truthfulness. Categorical attributes are protected using an exponential mechanism, while numerical data is processed through the Laplace mechanism with carefully controlled privacy parameters. By combining these mechanisms within correlated blocks, the system effectively addresses the privacy–truthfulness tradeoff, ensuring secure and practical data sharing in privacy-sensitive applications.

Managing posthumous data is becoming increasingly difficult in the digital age, and existing technological solutions frequently fall short in terms of usefulness. Most of the tools that are currently available are closed-source, opaque, do not support multiple platforms, and have restricted access control. In order to safely handle and distribute digital assets after death, this paper presents "Beyond Life," a cross-platform digital will management solution. A customized Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme known as PD-CP-ABE, which provides effective, fine-grained control over access to will content at scale, is the foundation of this solution. Beyond Life gives users more control and transparency over the creation, storage, and execution of their wills than current systems because it functions independently of service providers. Additionally, the system is portable, enabling users to switch service providers at any time. The suggested system has been thoroughly developed and tested to guarantee functionality and viability in the real world. The public is given access to the system implementation.

In healthcare, real-time decision making is crucial for patient care, but traditional computing infrastructures suffer from inherent latency. This paper proposes a novel framework that utilizes Deep Reinforcement Learning (DRL) to advance task scheduling in fog computing for crucial healthcare. The fog architecture addresses the limitations of cloud systems by reducing transmission latency, achieved by placing processing nodes close to the source of data generation, such as IoT-enabled healthcare devices. The foundation of this approach is a DRL model, which is designed to dynamically optimize the partition of computational tasks across fog nodes to improve both data throughput and operational response times. The proposed DRL model reduces the makespan by up to 30% compared to traditional scheduling approaches. Comparative analysis indicates a 40% reduction in operational latency and a 25% improvement in fault tolerance.

The growing importance of data in healthcare has heightened the need for privacy-preserving data sharing, particularly in systems where health records are distributed across a databases. Despite widespread recognition of the benefits of data sharing for both research and patient care, concerns about privacy and security remain a major barrier. This study explores current attitudes toward data sharing healthcare professionals across clinical and non-clinical roles. By combining descriptive statistics and data mining techniques, we assessed trust in existing privacy-preserving tools—such as data anonymization, encryption, and access control mechanisms—and evaluated openness to adopting proposed advanced solutions, including differential privacy, and secure multi-party. Findings reveal a cautious with many professionals showing readiness, primarily motivated by the potential to improve patient outcomes rather than purely research interests. These insights contribute to the development of targeted policies and innovative frameworks aimed at enabling secure, privacy-conscious data sharing in the healthcare sector.

The Internet of Things (IoT) ecosystem necessitates secure, scalable, and trustless identity management and data exchange among billions of interconnected devices. Traditional authentication methods based on Public Key Infrastructure (PKI) rely heavily on centralized Certificate Authorities (CAs), leading to challenges in scalability, single points of failure, and resource inefficiency—factors that limit their applicability in dynamic and large-scale IoT environments. To overcome these limitations, this paper proposes ISIF (IOTA-Assisted Self-Sovereign Identity Framework), a decentralized authentication and data-sharing protocol tailored for IoT. ISIF is built on Self-Sovereign Identity (SSI) principles and leverages Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to enable devices to autonomously manage their identities and perform mutual authentication without centralized intermediaries. The IOTA Tangle, a scalable and feeless distributed ledger, is used to securely register and verify DIDs and VCs, ensuring tamper-resistant identity and credential management. Additionally, ISIF facilitates secure and context-aware data sharing by verifying the receiver's identity using their DIDs and associated VCs before transmission. This ensures that data is exchanged only with authenticated and authorized entities, enhancing end-to-end security. Experimental results confirm ISIF’s efficiency, showing low latency and high scalability even as network size increases. The proposed framework not only eliminates the bottlenecks of traditional PKI systems but also establishes a robust foundation for decentralized, real-time, and secure data exchange in large-scale IoT deployments.

In today’s globally connected digital environment, secure and trustworthy cross-border data sharing is essential for economic growth, collaborative research, and technological progress. However, current systems lack a universally applicable framework that ensures traceability, accountability, and multi-party compliance—critical elements for establishing trust in international data exchanges. To overcome this gap, we propose the Trans-border Trusted Data Spaces (TTDS) framework, built on the International Data Spaces (IDS) information model to support interoperability and identity verification. TTDS enhances data trustworthiness through advanced security mechanisms such as IP-layer traffic monitoring, zero-trust identity management, and smart contracts, ensuring transparent and secure data flows. It also integrates an NLP-based rule interpretation engine to support dynamic compliance with multiple jurisdictions. Designed as a flexible and general-purpose infrastructure, TTDS particularly addresses the unique requirements of cross-border data ecosystems. Our implementation, optimized over IPv6, demonstrates strong traceability and accountability, offering empirical evidence of the framework’s effectiveness in real-world scenarios. It ensures data integrity, secure access control, and real-time operations, making it highly suitable for sensitive healthcare environments. The architecture supports efficient authentication using JWT tokens, with response times optimized for user interactions such as registration and login. It also demonstrates scalability and low computational overhead, aligning with healthcare regulations and care-collaboration needs. Overall, MBHA offers a transformative solution that addresses current limitations in centralized healthcare data systems by enhancing security, resilience, and regulatory readiness.

Quantum cryptography has emerged as a powerful solution to address the growing vulnerabilities of classical encryption in the face of quantum computing. Among existing Quantum Key Distribution (QKD) methods, the BB84 protocol uses quantum bits (qubits) encoded in two measurement bases, offering theoretical security but facing practical limitations when restricted to a small number of qubits. This makes it easier for attackers to exploit the protocol through brute force or intercept-resend techniques. Meanwhile, the E91 protocol utilizes quantum entanglement and Bell’s inequality to ensure secure key exchange, yet it often fails to consider real-world noise and quantum decoherence, which degrade its ability to detect eavesdroppers reliably. To overcome these issues, a modified system is proposed that extends BB84 by increasing the qubit count to 9, 12, and 16, and incorporating additional bases to strengthen randomness and security. After key distribution, the system derives binary keys which are used in XOR operations for encrypting and decrypting plaintext data, enabling secure communication. In addition, the enhanced E91 protocol generates public and private keys from entangled qubit pairs, supporting an asymmetric encryption approach suitable for key exchange in noisy quantum environments. Error mitigation techniques are applied during the final measurement phase to reduce the effects of noise and ensure accurate, tamper-resistant communication. This dual-protocol enhancement provides a comprehensive framework for secure and reliable quantum data exchange in the presence of both technological and environmental challenges.

Industrial Control Systems (ICSs) are critical to the operation of infrastructure and manufacturing processes but remain vulnerable to cyber threats due to their reliance on legacy communication protocols and minimal in-built security features. Traditional security approaches often depend on perimeter-based defenses such as firewalls, air-gapped networks, and external protection devices. These methods, while partially effective, fail to provide robust internal data protection and are generally costly, difficult to integrate, and resistant to adoption within operational environments. Furthermore, they typically lack support for secure key management and real-time encryption, leaving process data exposed to potential interception and manipulation. To address these limitations, this paper proposes an improved security framework based on the Symmetric Analog Licence Transfer (SALT) method. The enhanced SALT approach leverages the inherent security of analog signal channels, already common in ICSs, to securely exchange symmetric encryption keys. These keys are then used to protect digital communication with strong, periodic encryption, eliminating the need for major protocol changes or additional hardware. The system includes automated key rotation, compatibility with existing ICS software tools, and a centralized dashboard for real-time monitoring and logging. Designed to be cost-effective, backward-compatible, and easy to deploy, the proposed SALT-based system offers a practical and efficient cybersecurity solution for modern ICS environments, bridging the gap between operational reliability and digital resilience.

With the advancement of modern healthcare systems, patients now produce health data that is transmitted to healthcare providers for further analysis and diagnosis. Given the sensitive nature of this information, it is essential to ensure its privacy, security, and confidentiality. An additional challenge in healthcare systems is the secure and efficient revocation of malicious or unauthorized users. Revocable encryption schemes, particularly those utilizing ciphertext evolution, provide a promising solution to this challenge. However, existing approaches often rely on computationally expensive cryptographic operations such as bilinear pairings, map-to-point hash functions, and modular exponentiation. These complexities can limit their practical deployment. To address this issue, we propose a novel pairing-free, revocable certificateless encryption scheme that supports ciphertext evolution. Furthermore, we demonstrate that the proposed scheme is secure against adaptive chosen ciphertext attacks, making it both practical and robust for privacy-preserving healthcare data management.

To investigate the impact of cross-grained sentiments on user feature representation and address the issue of data sparsity, this paper proposes a Personalized Recommendation Algorithm Integrating Cross-Grained Sentiment and Rating Interaction Features (ICSR). The algorithm begins by employing a pre-trained BERT (Bidirectional Encoder Representations from Transformers) model and a Bi-GRU (Bidirectional Gated Recurrent Units) network to derive feature vectors from user and item reviews. Sentiment dictionaries and attention mechanisms are then applied to assign appropriate weights to the review features of users and items, respectively. To capture a richer set of sentiment features, a cross-grained sentiment feature fusion module is introduced. This module leverages an LDA (Latent Dirichlet Allocation) model and dependency syntactic analysis techniques to extract fine-grained sentiment features, while a word2vec pre-trained model and sentiment dictionaries are used to capture coarse-grained sentiment features. These features are then fused to form comprehensive cross-grained sentiment representations. Finally, rating interaction features are extracted using matrix factorization techniques, and all features are integrated and fed into a DeepFM model for rating prediction. Experimental results on Amazon datasets demonstrate that the proposed ICSR algorithm significantly outperforms baseline algorithms in terms of recommendation performance.

In traditional user authentication systems, identity verification is commonly based on textual inputs like usernames, passwords, or personal IDs, which are often vulnerable to misuse, forgetfulness, or theft. Existing systems that attempt face-based recognition either store static images or depend on manual matching, lacking automation and real-time detection capabilities. These approaches do not support live face capturing and fail to fetch dynamic user-related information from a database, resulting in inefficient or insecure identification mechanisms. The proposed system addresses these limitations by introducing a live face capturing and identification framework integrated with OpenCV. When a user registers, their face is captured in real-time using the system's web interface connected to the webcam through OpenCV. The captured image is then stored securely in the server’s file system or database. During login or verification, the system again uses OpenCV to capture a fresh face image and compares it with stored images using face similarity techniques. Upon successful matching, all relevant user information is dynamically fetched from the database and displayed securely on the interface. This system ensures that only the rightful user gains access to sensitive data, enhancing both security and user experience. The modular architecture seamlessly integrates live camera input via OpenCV, secure data storage, and efficient face comparison logic, offering an intelligent and real-time authentication mechanism suitable for modern web applications.

Through edge nodes, the enormous terminals connect to the Internet of Things (IoT), creating additional privacy and security issues with data sharing and ciphertext search. Current ciphertext search techniques, on the other hand, frequently ignore lightweight computing paradigms and give scant consideration to the search needs of various data owners (DOs) and data users (DUs). To address these issues, we propose a secure fine-grained multi-keyword ciphertext search scheme with cloud-edge-end collaboration computing (SFMS-CC). This SFMS-CC scheme focuses on the efficiency of end users and employs a cloud-edge-end collaborative computing paradigm, effectively offloading the incremental overhead from terminals and achieving low-cost constant overhead for the first time on the DO/DU side. Additionally, a methodical ciphertext search framework that supports multiple keywords is described, which is based on public-key cryptography. To improve the user experience, each user is given a unique search Tok. A multi-DOs/multi-DUs model is also created by using attribute-based encryption, which smoothly incorporates entity private keys and public keys into encryption, search, decryption, and other processes, guaranteeing the scheme's high level of privacy and security. According to security study, the SFMS-CC system protects user information and outsourced data from plaintext attacks using encryption. According to simulation results, the SFMS-CC method is practical and effective.

Traditional inter-domain routing protocols' decentralized architecture can cause a number of problems, such as misconfiguration and convergence problems. Alternative strategies that use the Software Defined Networking (SDN) paradigm to give more control over routing operations have been put forth recently in response to these issues. In this scenario, an SDN controller is assigned to handle routing duties in a multi-domain network made up of Autonomous Systems (ASs). Each controller must learn how to connect to any node outside of its domain in order to carry out inter-domain routing. Because the controllers must access sensitive, business-critical data (such link charges) across all domains, serious privacy issues arise. In order to preserve privacy, protocols for determining the shortest path between a source and a destination a typical policy in routing tasks have recently been presented. These protocols rely on Multi-Party Computation (MPC) techniques, which limit scalability by ensuring anonymity at the expense of high computational and communication complexity. In this study, we use Data Mining (DM) approaches to eliminate nodes that have a low probability of being reached by the shortest path, thus pruning the network graph. On the pruned graph, privacy-preserving shortest path methods are then conducted at a significantly reduced complexity.

Through operational plane differentiations, Software Defined Networks (SDNs) support the data and control operations of various applications. These distinctions are dependent on the processing power and user density of the service providers. A Controlled Service Scheduling Scheme (CS3) is described in this article to guarantee prompt user service support. To prevent immobile request stalemates, this plan makes use of the operation plane differentiation provided by the SDN. The selection of the SDN plane is made by the routed regression learning model. This learning is an improved version of linear learning in which the plane differentiator is the scheduling rate. Until the combination of device processing capacity and the number of devices is less than the observed service population, the procedure is uniterated. The maximum routed threshold is used to determine the operation to data plane migrations during the scheduling process. The threshold is computed for the operation and data plane from which the rate of service response or capacity of service admittance is decided. The routed regression looks at how the threshold factor changes to make sure that even with a lot of IoT requests, flexible scheduling can be done. Under controlled delay, this plan achieves a high scheduling rate for maximizing service distributions.

Cloud computing technology was first introduced by Amazon in 2006 and has provided customers with high-quality services through the Internet. However, the growing number of IoT and mobile devices has led to challenges such as latency, power consumption, and network strain. To address these issues, Cisco developed fog computing, which enhances cloud capabilities by processing data closer to the network edge. Despite its advantages, security concerns remain a critical challenge within the fog computing paradigm. The issue with secure authentication in fog often involves balancing the need for robust security measures with the constraints of limited resources and varying trust levels among distributed devices. Moreover, the security protocols are weak against unknown threats, leaving the system vulnerable to potential attacks. To address these issues, the study proposes an online sequential random vector functional link (OS-RVFL) neural network-based authentication approach. This method adapts to security threats in real time, improves authentication resilience, and efficiently uses available resources. This intrusion detection model is integrated into the proposed lightweight authentication protocol to enhance the overall security framework in the fog environment. This ensures a dynamic response to emerging threats while maintaining a low resource footprint across the fog computing environment. The proposed system can also learn and update in real-time without depending on the previous training data batch. The security of the proposed scheme has been rigorously analyzed using the real-or-random model, which provides formal proof of its robustness. Furthermore, the scheme has been verified using the widely accepted AVISPA tool. In addition, compared to other related works, the proposed scheme stands out with its lower communication and storage costs, making it more efficient and reliable.

In recent years, blockchain technology, which enables transactions to be distributed across multiple computers and managed in an immutable and secure manner, has garnered significant attention. Within blockchain networks, consensus mechanisms ensure the consistent sharing of ledger information when new blocks are added. The system implements a hybrid, permissioned blockchain in which a fixed set of nodes maintain an immutable ledger via the Practical Byzantine Fault Tolerance (PBFT) protocol: a primary node proposes each new block and all participants exchange pre‑prepare, prepare, and commit messages, ensuring safety and liveness as long as at least two‑thirds of nodes behave correctly, but offering no way to identify or isolate nodes whose behaviour verges on the one‑third Byzantine threshold. In contrast, the proposed system augments this architecture with a dynamic clustering layer that continuously monitors each node’s consistency, voting patterns, and response times during consensus rounds, computes a behaviour score, and groups nodes into “trustworthy,” “neutral,” or “suspicious” clusters; administrators can then review a consolidated report of scores and cluster assignments, and the enhanced PBFT mechanism uses these clusters to weight or limit the influence of unreliable nodes, thereby increasing resilience against Byzantine faults even when malicious nodes approach the traditional one‑third limit.

Non-fungible tokens (NFTs) are unique digital assets stored on blockchains. NFTs are ideally suited for tokenizing genomic data, as they empower individuals with complete control over their data. Meanwhile, Next-Generation Sequencing (NGS) technology generates large volumes of raw genomic data, which is then processed and stored in data repositories. However, the current systems handling genomic data face several challenges, including unclear ownership, lack of secure and user-controlled management, and difficulties in safely sharing sensitive genetic information. These challenges limit individuals’ ability to control, monetize, or securely distribute their own genomic data. To address the challenges of data ownership, management, and secure sharing in genomic data handling, we propose a blockchain and NFT-based solution. In this system, NFTs are used to represent ownership of both Raw Genomic Data (RGD) and Sequenced Genomic Data (SGD), giving individuals complete control over their data. Instead of relying on a private blockchain, our approach uses a basic account-based system where each user creates an NFT account to represent their ownership and access rights. Users can mint NFTs for their genomic data, with Raw Genomic Data (RGD) and Sequenced Genomic Data (SGD) each linked to a unique NFT. To maintain traceability, we introduce composable NFTs, ensuring that every SGD-NFT is always linked to its parent RGD-NFT. We develop smart contracts to facilitate data management, access sharing, and monetization of genomic NFTs. These contracts allow users to control access to their data, grant permissions, and receive payments or royalties when their data is shared or reused. Our system is tested and validated, confirming that the smart contracts function as intended. The design is more accessible and practical for broader adoption, providing a transparent and privacy-aware framework for genomic data management. The source code for the smart contracts is publicly available to promote transparency and encourage further development.

In the Mobile Edge Computing (MEC) paradigm, caching frequently accessed data at edge servers plays a critical role in minimizing data retrieval latency and reducing cloud-edge transmission costs for application vendors. However, existing edge data caching (EDC) strategies typically assume static or predictable data popularity distributions, making them ineffective in dynamic environments with fluctuating user demands and mobility patterns. Additionally, edge servers are inherently more vulnerable to failures and network outages compared to robust cloud infrastructures, leading to potential unavailability of cached data and increased latency. To address these limitations, we propose an Uncertainty-aware Edge Data Caching (uEDC) framework that models the caching problem as a robust optimization task. We introduce two algorithms—uEDC-B, an optimal solution, and uEDC-L, an efficient approximation based on linear decision rules—to dynamically adapt caching strategies under uncertain popularity patterns and server reliability issues. Furthermore, the proposed system integrates lightweight server-side data encryption and integrity validation mechanisms to enhance security and ensure that cached data remains protected and tamper-resistant even during edge node failures or unauthorized access attempts. Experimental results on real-world datasets demonstrate that our solution outperforms existing state-of-the-art methods, achieving up to 59.27% reduction in retrieval latency and 55.07% decrease in caching cost, while also strengthening the security and reliability of edge data services in MEC environments.

This paper introduces an innovative access control architecture based on a dual-blockchain framework that distinctly separates access management from data storage to enhance system security, scalability, and privacy. The architecture employs a primary blockchain to manage user authentication and enforce dynamic, fine-grained permissions through smart contracts. In parallel, a secondary, isolated blockchain is used exclusively for storing sensitive data, which can only be accessed following successful authorization on the primary chain. To ensure data integrity and tamper resistance, the system utilizes the SHA-256 cryptographic hash function for securing access logs and verifying data authenticity across both blockchains. The two chains are securely interconnected using Hyperledger YUI, which facilitates reliable inter-chain communication while maintaining a decentralized structure. A proof-of-concept implementation using Ethereum-based blockchains demonstrates the system's capability to enforce secure, dynamic access controls across chains. Overall, the proposed architecture overcomes key limitations of conventional blockchain systems by enhancing modularity, strengthening governance, and providing a robust, adaptable framework suitable for data-sensitive applications requiring strict regulatory compliance.

This paper presents an ElGamal-based asymmetric updatable encryption scheme designed to tackle the challenges associated with secure key rotation in cryptographic systems. The proposed method allows ciphertexts encrypted under a previous key to be securely and efficiently transitioned to a new key without the need for decryption, thereby preserving data confidentiality and integrity. By exploiting the mathematical characteristics inherent in ElGamal encryption, the scheme supports unlimited key update iterations, asymmetric encryption functionality, and is independent of specific ciphertext formats. Lightweight pseudorandom generators (PRGs) are employed to ensure secure and efficient handling of the random values necessary during encryption and re-encryption operations. The approach guarantees strong forward and backward security, protecting against data leakage even if keys are compromised. Extensive performance assessments demonstrate its efficiency, showing minimal computational and communication overhead, making it well-suited for both large-scale infrastructures and environments with limited resources. Additionally, comparative studies confirm its advantages over existing methods in terms of encryption speed, ciphertext update duration, and scalability. Overall, this work offers a practical and secure solution for frequent key management across various applications, including cloud storage, Internet of Things (IoT) devices, and secure communication networks.

In edge computing environments, distributing popular data from the cloud to edge servers efficiently is critical for providing low-latency access. Existing distribution schemes divide a file into multiple data blocks and transmit them in parallel to target edge servers, which then reconstruct the file upon receiving all blocks. Although this approach accelerates data delivery, it is vulnerable to transmission delays and failures caused by network fluctuations or server outages, as the successful reconstruction depends on receiving every data block. To address these limitations, this paper proposes EdgeHydra, a fault-tolerant data distribution scheme based on erasure coding. EdgeHydra encodes a file into both data and parity blocks, allowing edge servers to reconstruct the original file from any sufficient subset of these blocks without waiting for all transmissions to complete. Furthermore, it employs a leaderless block supplement mechanism, enabling distributed coordination among edge servers to recover missing blocks without relying on a centralized controller. Experimental results demonstrate that EdgeHydra significantly improves robustness against delays and failures, achieving up to 50.54% faster distribution times compared to state-of-the-art methods.

To address the pressing security and privacy concerns in modern crowd sensing systems, this paper introduces a novel crowd sensing network approach based on the Multi-Functional Homomorphic Encryption (MFHE) architecture. the proposed method ensures end-to-end data confidentiality by eliminating the need for plaintext exposure throughout the entire sensing and transmission process—thus significantly enhancing security compared to conventional encryption techniques. The framework begins with the construction of a sensing model grounded in the classical crowd sensing architecture. To achieve secure, plaintext-free data communication, homomorphic encryption is applied. Built upon the MFHE architecture, the proposed encryption scheme incorporates advanced cryptographic techniques, including indistinguishability obfuscation and puncturable pseudorandom functions. These enhancements reduce ciphertext size and computational complexity, optimizing the system for practical deployment in crowd sensing environments. Experimental evaluations using real-world datasets confirm that the proposed solution not only provides robust privacy protection but also maintains high efficiency in terms of processing time.

The primary objective of network security is to safeguard data sharing's security. The commitment of traditional wireless network security technology is to guarantee the security of data transmission from beginning to end. Communication-computing integration and cloud-network integration, on the other hand, have been significant technical routes as mobile networks, cloud computing, and the Internet of Things have advanced. As a result, the main application requirements of wireless networks have changed from data transmission to cloud-based information services. Traditional data transmission security technology cannot overcome the security requirements of cloud-network-end collaborative services in the new era, and secure semantic communication has become an important model. To address this issue, we propose a cloud-network-end collaborative security architecture. To begin, we define the security mechanisms that are used to protect cloud services, network connections, and end systems, respectively. Next, we elaborate on the meaning of cloud-network-end collaborative security based on the three preceding aspects. We demonstrate the universality of the proposed architecture by providing examples of applications, such as the space-air-ground integrated network security framework, the unmanned system collaborative operations security framework, and heterogeneous network secure convergence framework. Finally, we review the current research on end system security, network connection security, and cloud services security, respectively.

Clients can securely share gradients computed on their local data with the server using Federated Learning (FL), removing the need for them to directly expose their sensitive local datasets. During the process of model aggregation in traditional FL, the server might make use of its dominant position to infer sensitive information from the shared gradients of the clients. During model training, malicious clients may also submit forged and malicious gradients. Such behavior not only compromises the integrity of the global model, but also diminishes the usability and reliability of trained models. To effectively address such privacy and security attack issues, this work proposes a Blockchain-based Privacy-preserving and Secure Federated Learning (BPS-FL) scheme, which employs the threshold homomorphic encryption to protect the local gradients of clients. We develop a Byzantine-robust aggregation protocol for BPS-FL to implement cipher-text level secure model aggregation in order to ward off malicious gradient attacks. Furthermore, the immutability and traceability of the data are guaranteed by our use of a blockchain as the fundamental distributed architecture for recording all learning processes. Our extensive security analysis and numerical evaluation demonstrate that BPS-FL satisfies the privacy requirements and can effectively defend against poisoning attacks.

Quantum cryptography has emerged as a powerful solution to address the growing vulnerabilities of classical encryption in the face of quantum computing. Among existing Quantum Key Distribution (QKD) methods, the BB84 protocol uses quantum bits (qubits) encoded in two measurement bases, offering theoretical security but facing practical limitations when restricted to a small number of qubits. This makes it easier for attackers to exploit the protocol through brute force or intercept-resend techniques. Meanwhile, the E91 protocol utilizes quantum entanglement and Bell’s inequality to ensure secure key exchange, yet it often fails to consider real-world noise and quantum decoherence, which degrade its ability to detect eavesdroppers reliably. To overcome these issues, a modified system is proposed that extends BB84 by increasing the qubit count to 9, 12, and 16, and incorporating additional bases to strengthen randomness and security. After key distribution, the system derives binary keys which are used in XOR operations for encrypting and decrypting plaintext data, enabling secure communication. In addition, the enhanced E91 protocol generates public and private keys from entangled qubit pairs, supporting an asymmetric encryption approach suitable for key exchange in noisy quantum environments. Error mitigation techniques are applied during the final measurement phase to reduce the effects of noise and ensure accurate, tamper-resistant communication. This dual-protocol enhancement provides a comprehensive framework for secure and reliable quantum data exchange in the presence of both technological and environmental challenges.

The widespread forgery of educational credentials undermines the integrity of both academic institutions and job markets, threatening the principle of meritocracy. Traditional certificate verification methods are often fragmented, insecure, and inefficient, making it difficult to prevent and detect fraud. Blockchain technology, with its inherent features such as immutability, decentralization, and tamper resistance, presents a promising solution to these challenges. However, existing blockchain-based systems are limited in scope, typically addressing only specific institutions or educational levels, and lacking comprehensive functionality. This paper introduces ElimuChain, a unified blockchain-based framework designed to manage and verify academic certificates across all educational tiers and institutions within a country. The system provides a centralized verification portal for stakeholders, including employers and academic institutions, enabling them to authenticate all certificates held by an individual from a single platform. Built as a decentralized application (DApp) on the Binance Smart Chain (BSC), ElimuChain leverages smart contracts for automated certificate issuance and IPFS for secure document storage. The implementation demonstrates that the proposed system is scalable, cost-effective, and capable of streamlining the certification and verification process. Performance evaluations reveal superior efficiency in terms of transaction throughput and latency compared to existing solutions. This study affirms the potential of blockchain in building a robust, transparent, and reliable educational credentialing ecosystem, with a specific focus on its applicability in the Tanzanian context.

The rapid expansion of the Industrial Internet of Things (IIoT) has introduced significant improvements in industrial efficiency, productivity, and overall performance. However, existing security frameworks, which primarily rely on static and centralized management, are insufficient to meet the challenges posed by the increasing scale and diversity of IIoT networks. These traditional approaches struggle with scalability, data integrity, and adaptability, leaving IIoT environments vulnerable to cyberattacks. This research proposes an innovative end-to-end security solution based on blockchain technology that addresses these limitations. By leveraging a decentralized architecture, the framework eliminates the need for a central authority, enabling robust authentication, authorization, and data integrity across highly distributed IIoT systems. The integration of smart contracts allows for dynamic enforcement of security policies that can be updated instantly to respond to emerging threats. Moreover, lightweight cryptographic schemes are employed to minimize computational overhead, ensuring efficiency even in resource-constrained environments. The proposed hybrid blockchain model combines the advantages of both public and private blockchains, optimizing data management by storing only necessary information within each block. This approach enhances security, scalability, and data efficiency, providing a resilient and adaptive framework well-suited to the evolving demands of IIoT ecosystems.

In blockchain-based Decentralised Finance (DeFi) protocols, signatures play a vital role in ensuring the security and integrity of transactions and smart contracts. However, weaknesses in existing signature schemes make them vulnerable to malleability attacks (MA), where an attacker can alter the transaction ID (TxId) without changing the transaction’s content or validity. To address this, we propose an advanced multi-signature scheme (MSS) that integrates unmalleable transaction implementations as a supplementary signature mechanism. In MSS, both owners and block producers collaboratively generate joint signatures, enhancing efficiency while ensuring stronger protection against malleability. Although the method is complex and time-intensive, it has been adapted to blockchain environments with additional optimisations, such as hash-based execution of intermediate transactions, to guarantee complete resistance to malleability attacks. Experimental results from testbed simulations highlight that MSS offers improved scalability and achieves a 15% higher resistance rate against attack success compared to baseline approaches.

As the field of quantum computing continues to evolve, traditional cryptographic methods face increasing threats due to the potential of quantum algorithms to break widely used encryption schemes. In response, Quantum Key Distribution (QKD) has emerged as a groundbreaking approach to secure communication, leveraging the principles of quantum mechanics to enable theoretically unbreakable encryption. This paper explores the development and implementation of network security protocols designed specifically for the integration of QKD and quantum-resilient cryptographic data distribution within classical and hybrid network infrastructures. Furthermore, we propose a layered security framework that incorporates quantum-safe algorithms, authentication mechanisms to support QKD-based key exchanges. The study also addresses the interoperability between quantum and classical systems, scalability concerns, and the potential role of post-quantum cryptography as a complementary solution. Our findings demonstrate that while QKD presents a powerful tool for secure key generation, its integration with robust network protocols and infrastructure is critical for achieving end-to-end security in the quantum era. This work contributes to the advancement of secure communication systems and lays the groundwork for resilient cryptographic.

Election is the key process typically utilized for maintaining democracy in a given society. Recent technological advancements, such as Blockchain (BC), have been already deployed in previous works to realize non-conventional e-Voting systems. The main goal for such proposals is to provide the necessary level of security and reliability, while maintaining transparency, trust, and remote elections. However, the distributed and publicity nature of BC brought new challenges related to privacy and performance trade-off. This paper aims to address existing privacy and performance issues in e-voting by integrating smart contracts for reliability and transparency, Differential Privacy to enhance vote anonymity, and Self-Sovereign Identities (SSI) for managing decentralized identity and verifiable credentials. Specifically, a novel (k, ε)-differential privacy mechanism is developed, in which a randomly selected candidate is used as a pivot to redistribute retrievable votes to other candidates, preserving anonymity while enabling statistical vote approximation. To enhance user interaction, the system also includes a real-time notification mechanism that sends a confirmation message—such as "Vote successfully cast"—to the user's registered mobile device upon completing the voting process. The proposed methods are evaluated under various conditions, including different transaction arrival rates (10–80 TX/s), total cast votes (10k–50k), and numbers of elected candidates (2–8). To validate its practical deployment, the smart contract is implemented on a cloud-hosted, permissioned blockchain network using Hyperledger Besu, with geographically distributed nodes in Google’s EU and USA data centers. Experimental results indicate that BP-Vot achieves a 24% improvement in latency over existing solutions (≈ 1 s/TX vs. 1.24 s/TX). Moreover, through a standardized Min-Max regression method, the system consistently delivers over 98% accuracy in approximated vote results, with accuracy improving linearly with vote volume. The proposed differential privacy model is also formally verified to be resilient against reconstruction attacks.

This research introduces a novel Unified Quantum-Resilient Blockchain-Zero Knowledge Proofs Privacy Authentication Framework (QBC-ZKPAF) aimed at enhancing security in IoT environments. The framework integrates blockchain technology, Zero Trust Architecture (ZTA), and post-quantum cryptography to enable privacy-preserving authentication, access control, and secure communication. It leverages a hybrid Reinforcement-Lattice Blockchain Key Generation for quantum-resilient key creation, a Deep Q-Network Multi-Factor Secure Key (DQN-MFSK) for dynamic key selection, and Zero-Knowledge Proofs for privacy-preserving signatures, ensuring a secure IoT setting. This architecture guarantees data privacy, confidentiality, auditability, traceability, and resilience against evolving threats, including quantum attacks. Since the blockchain ledger is immutable, all access attempts, data exchanges, and device interactions are recorded in a tamper-proof manner, supporting transparency and comprehensive post-event audit trails. In cases of suspicious activities or breaches, the framework enables precise source tracing through a tracing key maintained on the audit server within the Zero Trust Architecture. By decentralizing identity management and implementing multi-factor authentication, QBC-ZKPAF offers robust security and privacy solutions for IoT networks. Experimental results validate the framework’s effectiveness, demonstrating 98% privacy preservation, 700 TPS throughput, 0.98 quantum resilience, and 96% access control effectiveness, making it highly suitable for modern IoT and blockchain applications.

The modern labour market increasingly depends on extracting meaningful insights from unstructured job advertisements to map job roles to required skill sets. Existing solutions, such as Context-match, leverage contrastive learning with token-level attention to tackle the extreme multi-label classification task of skill extraction. While these methods deliver strong performance and state-of-the-art accuracy, they often rely heavily on large language models (LLMs), making them computationally expensive and less practical for real-time applications. To address these challenges and enhance the practical applicability of labour market analysis, we propose a comprehensive AI-enabled Job Portal System designed with a lightweight, scalable architecture and integrated employer-employee interaction modules. Our system builds on the conceptual foundation of ConTeXT-match and Skill-XL by offering a smart recruitment platform where employees register with detailed educational and skill data, which is then analysed and processed to match relevant job opportunities. A unique enhancement in our approach is the integration of Gmail-based notification services, where applicants receive immediate email updates indicating whether their profile is under process or rejected. This ensures real-time feedback and keeps applicants informed throughout the recruitment cycle without requiring constant portal access.

By providing a decentralized, transparent, and secure method for recording transactions, blockchain technology has revolutionized data management. These blockchain-based tracking and tracing system features are critical for enhancing supply chain visibility, security, authenticity, and reliability. As industries increasingly adopt these systems, selecting the optimal architecture and configuration becomes a complex decision-making challenge. Moreover, the diverse range of criteria such as scalability, security, and cost affect in making decisions. This study uses the fuzzy framework to evaluate various blockchain-based tracking systems. Within the Picture Fuzzy (PF) framework, the COCOSO model was presented in the paper. This decision-making tool evaluates the real-world scenario of a blockchain-based tracking and tracing system by taking into account a number of competing criteria. In addition, the significance of decision-making in blockchain-based systems, as well as their effects on society, risk mitigation, ethics, and the environment, have been defined. Moreover, to verify the validity and reliability of the proposed approach, a comparison analysis was performed to show the efficacy of the proposed model. The discussion is brought to a close with a discussion of the concluding remarks, which define the discussion's benefits, drawbacks, and direction for the future.

One interesting approach to network management is Software Defined Networking, or SDN. However, the centralized control architecture of SDN poses challenges for energy-efficient task scheduling and security. In this paper, a novel approach to blockchain-based safe resource allocation with controller selection in SDN is proposed using the Entropy Oppositional Based Learning-Interpolation Blue Monkey Optimization Algorithm (EOBL-IBMOA). By creating controller selection as a blockchain-centric secure resource allocation, the suggested approach tackles SDN challenges. This one includes phases like resource allocation, load balancing, attack detection, controller selection, and user registration. The Mid Square-based KECCAK 512 (MS-KECCAK 512) technique is used to generate hash codes, and IP traceback protects user information using XOR Left Shift (XORLS). For effective traffic balancing, the load balancer uses the Minshev-KMeans algorithm. The Quantile Transformer Scaling based SoftmaxGELU Gated Recurrent Units (QTS-SGGRU) technique is used to classify attacks. For the best Virtual Machine (VM) selection, controller selection and resource allocation use EOBL-IBMOA. The superiority of the suggested approach is described through experimental comparisons. The suggested method outperforms the existing works by achieving efficient resource allocation with low response time and high throughput.

File upload is a convenient feature offered by a plethora of applications and communication services in various innovative contexts, such as IoT devices, smart home systems, and smart city infrastructures. This feature significantly enhances the efficiency of data exchange across communication networks and enables seamless sharing and management of content between users and systems. However, despite its utility, file upload functionality can introduce serious security threats, commonly known as unrestricted file upload (UFU) vulnerabilities. These vulnerabilities pose substantial risks to the integrity and safety of communication systems. This study presents a comprehensive analysis of the security concerns associated with file uploads by exploring the nature, causes, and implications of UFU vulnerabilities. It is observed that many such vulnerabilities are relatively simple to exploit, often requiring neither user interaction nor elevated privileges. Yet, they can have a profound impact on system confidentiality, integrity, and availability. Our findings emphasize the urgent need for enhanced security measures to address these threats and safeguard communication systems. By shedding light on the wide-ranging consequences of UFU vulnerabilities-spanning from disrupted network operations to degraded service delivery and user experience-this study underscores the importance of continued research and development. Motivated by these insights, we outline key areas for future work aimed at strengthening the security of file upload mechanisms.

Interest in hierarchical Software-Defined Networking (SDN) controllers is growing recently due to their ability to address the challenges associated with the SDN paradigm, such as responsiveness and scalability. This design enables efficient domain control separation, which uses different child instances to manage large-scale networks. Parent controller computational resources can be dedicated to cross-domain decision making, exploiting network views provided by its children. In this context, the correctness of the process fully relies on the network view synchronization mechanism, which should be fast and resilient. This paper presents a hybrid synchronization model combining a hierarchical design with established resilient cluster mechanisms. In this way, high-level control over large-scale networks can be guaranteed even with failures affecting every level of the management plane. Specifically, two applications are developed for the ONOS controller to share topology events using low-latency channels from child clusters to parent clusters. The performance of both applications is measured under different cluster configurations, topology sizes and number of generated topology updates. The results show that the proposed approach offers high performance while being fully compliant with the platform for which it is designed. This makes the solution easily extendable to heterogeneous child controllers. In fact, events are propagated from children to parents using gRPC, achieving end-to-end latency of less than 10ms under normal conditions and 40-60ms under high-rate event conditions. Consistency of network views is also guaranteed by strong event ordering and delivery mechanisms.

Due to the rising demand for a wide range of user services, cloud data centers have grown at an alarming rate, resulting in an increase in operational costs, increased greenhouse gas emissions, and increased energy consumption. Addressing these challenges requires innovative solutions for optimizing resource allocation without compromising service quality. The Enhanced Multi-Objective Optimization Algorithm for Task Scheduling (EMO-TS) is described in this paper. An energy-efficient, adaptive, and dynamic scheduling framework is created by combining Enhanced Electric Fish Optimization (EEFO) and Deep Reinforcement Learning (DRL) in this novel approach. EMO-TS's primary objective is to maintain high resource utilization, time efficiency, and service quality while significantly lowering the amount of energy consumed by cloud data centers. EMO-TS dynamically adjusts task scheduling based on real-time workloads and operational conditions using a hybrid approach of DRL and EEFO. This effectively reduces power consumption without compromising system performance. In addition, EMO-TS introduces enhancements to task execution and makespan, ensuring prompt completion and optimal resource utilization. The practical implications of EMO-TS's findings are demonstrated by a comprehensive collection of simulations and experiments. Energy consumption is reduced as a result of EMO-TS outperforming conventional scheduling methods. These results underscore the algorithm’s potential to address cloud service providers’ economic and environmental concerns, offering a practical solution for green cloud computing initiatives. Furthermore, the integration of renewable energy sources within the EMO-TS framework shows potential for further reducing the carbon footprint of cloud operations, aligning with global sustainability goals.

In the evolving landscape of the Internet of Things (IoT), ensuring data integrity and traceability remains a critical challenge due to the vulnerability of low-power, resource-constrained devices and the use of wireless communication technologies like LoRaWAN. Traditional blockchain solutions, while promising for enhancing security, are typically unsuitable for IoT environments because of their high computational and communication requirements. To address this limitation, we propose a lightweight blockchain-based framework specifically tailored for IoT networks using the LoRaWAN protocol. Our system introduces a modified distributed ledger approach that eliminates the need for complex consensus mechanisms and resource-intensive cryptographic operations, enabling practical deployment on constrained devices. Despite LoRaWAN’s inherent star topology, our design simulates a logical peer-to-peer (P2P) communication model by linking IoT nodes through local blockchain chains. Each device maintains its own local chain of data uploads, allowing for decentralized validation and improved data traceability. Furthermore, we develop a logical P2P communication topology over LoRaWAN that supports secure and reliable interactions between nodes. Experimental evaluation demonstrates the feasibility and performance of our system in maintaining data integrity and traceability with minimal network overhead, offering an effective and scalable security solution for IoT networks.

This paper introduces MBHA (MySQL-Blockchain Healthcare Architecture), a novel and efficient solution to the challenges of modern healthcare data management by integrating the structured querying capabilities of MySQL with the security and immutability of blockchain technology. The architecture ensures secure, scalable, and tamper-proof storage and access to sensitive medical data, addressing concerns around integrity, privacy, and real-time collaboration. Performance evaluations demonstrate the system’s effectiveness, with an average user registration response time of 1.54 seconds, login time of 841 milliseconds, database query latency under 1 millisecond, and JWT-based authentication token generation in under 50 milliseconds. The model not only supports reliable and secure operations but also aligns with regulatory compliance and scalability requirements, offering a practical framework for future-ready, secure healthcare systems. Additionally, MBHA enhances data accessibility for authorized healthcare professionals while ensuring auditability through blockchain’s immutable ledger. The combination of MySQL and blockchain allows for efficient data indexing, fast retrieval, and traceable updates without compromising security. This architecture positions itself as a scalable and compliant foundation for next-generation healthcare data ecosystems.

Performance appraisal plays a critical role in human resource management by enabling organizations to assess and improve employee performance. However, traditional performance appraisal systems—especially those involving upward feedback—suffer from significant limitations such as lack of anonymity, potential bias, fear of retaliation, and vulnerability to manipulation. These systems are typically centralized, requiring employees to trust administrators with sensitive information, and often lack cryptographic safeguards to ensure the integrity, authenticity, and uniqueness of each review. As a result, employees may hesitate to provide honest feedback, undermining the fairness and effectiveness of the appraisal process. To address these challenges, we propose the Anonymous Reputation System for Performance Appraisal (ARSPA), a secure and decentralized solution built using blockchain. ARSPA leverages cryptographic techniques such as public key encryption, non-interactive zero-knowledge proofs (NIZKs). Feedback is submitted anonymously and securely to a smart contract deployed on a public permissionless blockchain, where it is stored immutably and can be verified without revealing the identity of the reviewer. The system also prevents Sybil attacks by ensuring each registered employee can submit only one review. A proof-of-concept implementation demonstrates the feasibility and effectiveness of ARSPA, offering a transparent, secure, and trustworthy framework to enhance the reliability and fairness of performance appraisals.

This paper presents a Blockchain-based Secure Data Sharing Framework (BSDSF) for edge-cloud computing environments, addressing key limitations of traditional edge data-sharing models, including data vulnerability, high latency, and unreliable consensus mechanisms. The proposed framework integrates blockchain technology with a Byzantine Fault Tolerant (BFT) consensus protocol and smart contract-based validation to ensure secure, efficient, and tamper-resistant data exchange. BSDSF employs a two-tiered consensus architecture tailored for edge scenarios, where low-latency decision-making is critical. The first tier enables fast local consensus among edge nodes, while the second tier provides global consistency using BFT, tolerating up to one-third of faulty or malicious nodes. Smart contracts autonomously manage data validation and access control, thereby reducing reliance on centralized authorities. The framework also incorporates real-time node validation and fault detection mechanisms to monitor node reliability and maintain network integrity. Data processing occurs near the data source, enabling rapid threat detection and mitigation. Communication between nodes is secured using encrypted protocols to prevent unauthorized access and tampering. Experimental evaluation demonstrates that BSDSF achieves up to a 30% reduction in transaction latency and a 25% increase in throughput compared to conventional edge computing models. These results indicate that BSDSF significantly enhances data integrity, trust, and operational efficiency in distributed edge-cloud environments.

Remote Attestation (RA) is a vital process for verifying the trustworthiness of a device’s Trusted Computing Base (TCB) and its sensing data. In the context of the Internet of Things (IoT), RA plays a critical role in enabling verifiers to make security-sensitive decisions. However, the massive scale and heterogeneity of IoT devices lead to significant challenges in managing and verifying TCB measurements. Traditional systems often rely on centralized or loosely structured approaches, which are difficult to scale and vulnerable to tampering or single points of failure. These limitations hinder effective trust management across large IoT ecosystems. To overcome these challenges, we propose TM-Chain (TCB Measurement-Chain), a cloud blockchain-based architecture designed to manage TCB measurements in a scalable and secure manner. TM-Chain introduces a specialized set of transactions, protocols, and commands for handling TCB data efficiently across distributed environments. To enhance security further, the system now supports encrypted data transfer and enables users to select specific devices or identities for securely storing their TCB information. This identity-linked storage approach ensures that TCB measurements are traceable, verifiable, and access-controlled. Verifiers can launch remote attestation using blockchain-verified and identity-bound TCB data, improving trust in device integrity. A proof-of-concept implementation demonstrates the feasibility and performance of TM-Chain on IoT devices and public cloud infrastructure.

The field of is now being duly recognized as a revolutionary area in industrial automation. With the budding interest of knowledge discovery that on a large scale, researchers are now faced with several major security concerns. Blockchain integration is one of the suggested applications of technology that could help secure data during transmission, storage, and knowledge discovery. Moreover, by integrating smart contracts, a secure architecture could also assimilate accountability during data exchange. Thus, we propose a four-layer security architecture that isolates industrial devices from user-oriented layers and maintains a record of all registered devices within the organization to prevent malicious devices from corrupting the database and the discovery process. Further, by choosing Proof of Authority (PoA), we ensure the fair functioning of the Blockchain nodes. Through PoA consensus for Blockchain nodes and whitelist-based access control for registered devices, we ensure the legitimacy of all participating nodes. We also implement a prototype using a private The network with Proof of Authority consensus and present the time taken for consumed per exchange by the contracts. Additionally, we implemented secure knowledge discovery to understand the significance of the developed scheme. The results show that the exchange can be implemented in an industrial environment and operate with a reasonable amount of resource consumption.

Edge devices such as smartphones, tablets, and IoT systems are increasingly prevalent and capable of generating vast amounts of valuable data. This data can be utilized for various purposes including predictive maintenance, user experience enhancement, and operational efficiency. To facilitate secure and transparent data transactions, a blockchain-based data relay and trading model is proposed. This model involves three key roles: data producers, relay nodes, and data consumers, with interactions governed by smart contract logic to ensure data integrity and trustworthiness. A novel consensus mechanism, termed Proof-of-Data-Trading (PoDT), is introduced by combining features of both Proof-of-Work and Proof-of-Stake to achieve consensus with reduced computational overhead. Additionally, an approximation algorithm is developed to enable cost-effective storage of encrypted data copies on relay nodes. The system ensures reliable, tamper-proof data sharing while optimizing performance and resource efficiency in edge computing environments.

Blockchain is having an impact on social media platforms because it promises to address today's most pressing problems, including content moderation and privacy issues, and it can offer a decentralized system for social media platform management using distributed structures and cryptographic techniques. Since there are more risks, such as identity theft and fake news spreading throughout these systems, social media systems are typically built on central architectures that may help address platform accountability and data privacy issues in an indirect manner. Blockchain has emerged as an anti-centralized platform that enables numerous users to conduct authentic and safe P2P transactions without the need for an intermediary. In this survey, we give a systematic analysis of the related field and provide a quick summary of the most recent developments in blockchain protocols and their interactions with social media platforms. We specifically examine and expound upon the use case of blockchain's application to a variety of social media services, including content moderation platforms based on smart contracts, token economics-based user incentives, social media governance through decentralized autonomous organizations, and cross-chain relationships. We then go one step further and provide an extensive literature assessment of blockchain that includes the primary social media applications that cut across them, such as self-governance, tokenization, and identity. We outline the current problems in the sector, such as scalability and adherence to current regulations, and recommend potential research directions in this constantly changing topic as we wrap up this survey.

Verifying the authenticity of educational degree certificates is critical, especially during recruitment, where forged documents can cause significant disruptions and productivity losses. Traditional verification methods rely heavily on manual processes and centralized databases, making them vulnerable to delays, errors, and data tampering. These systems lack a unified, secure platform for seamless interaction between issuers, holders, and verifiers. To address these limitations, this paper proposes a decentralized, blockchain-based certificate verification and issuer validation system. Utilizing Ethereum, the solution stores certificate hashes on the blockchain, ensuring data immutability and tamper resistance. Each participant—issuer, holder, validator, and verifier—is represented as a peer node in the network. A hash-based search mechanism significantly reduces certificate lookup time, even when the certificate is not found. Experimental evaluation shows the system is cost-effective in terms of gas consumption and offers fast, reliable verification. This integrated approach ensures secure, transparent, and efficient certificate management and validation.

The rapid adoption of smart environments such as smart homes, cities, healthcare, and transportation has created new opportunities to improve quality of life and enable sustainable living. However, these advancements also bring significant challenges, including device authentication, secure key management for resource-limited devices, data confidentiality, and secure storage. Without strong protection mechanisms, smart systems remain vulnerable to attacks, data breaches, and misuse of sensitive information. To address these challenges, this work presents a blockchain-enabled security framework for smart homes that combines authentication, key management, data confidentiality, data integrity, and secure storage. The framework operates in two phases: first, it ensures authentication and access control of devices within the home, and second, it secures external service environments through controlled access and immutable storage. Blockchain is leveraged to maintain tamper-proof logs of device activity, transactions, and data access events, where each block is cryptographically linked using SHA-256. Additionally, OpenCV-based video monitoring and face authentication are integrated to enhance trust at the device level, while encryption safeguards video streams and sensitive user data. A prototype of the system has been developed with interactive visualization of the smart home environment. Performance evaluation shows that the framework provides strong protection against attacks while improving latency and throughput compared to existing methods. Overall, the proposed solution demonstrates how blockchain, combined with lightweight cryptographic techniques monitoring, can significantly strengthen end-to-end security in smart home systems.

In today’s digital era, ensuring data security is paramount—especially within the Internet of Things (IoT), where vast amounts of sensitive information are transmitted across distributed networks. Traditional encryption techniques such as RSA and AES, while foundational, face limitations in balancing robust security with performance, particularly in resource-constrained IoT environments. These shortcomings increase vulnerability to advanced cyber threats. To overcome these challenges, this study introduces a novel end-to-end security architecture that integrates blockchain technology with Attribute-Based Encryption (ABE). The approach leverages blockchain for decentralized and tamper-proof key management, enhancing trust, transparency, and resilience. ABE is employed to enforce fine-grained access control by binding decryption capabilities to user attributes, allowing flexible and efficient authorization mechanisms. To evaluate practical deployment, the proposed system was simulated using Network Simulator 3 (NS3) within an emulated IoT network. The results demonstrate a lightweight and scalable solution well-suited for constrained environments. Consensus times were observed to be as low as 0.25 seconds for key agreement and 0.7 seconds for message consensus in low-resource scenarios. Even in large-scale networks, consensus times remained efficient at around 0.75 seconds. Additionally, the system achieved an average throughput of 0.3 transactions per second under constrained conditions. These findings highlight the architecture’s potential to provide secure, efficient, and scalable data communication for IoT and other decentralized systems.

Traditional audit trail systems are essential for tracking system activities and ensuring data integrity, yet they often suffer from inefficiencies, high operational costs, and vulnerabilities to tampering and unauthorized access. While blockchain technology offers a decentralized and immutable solution to enhance the security, transparency, and reliability of audit trails, it struggles with scalability—particularly when verifying specific transactions within large datasets. To address this gap, we propose BEATS (Blockchain-based Efficient Audit Trail System), an optimized audit solution that incorporates a Cryptographic Accumulator to securely and efficiently verify transaction authenticity without full ledger scans or external databases. Implemented on the Hyperledger Sawtooth platform and evaluated against conventional search methods, BEATS achieves constant-time (O(1)) performance in both time and space complexity using an RSA-based accumulator. The results demonstrate significant improvements in verification speed and scalability, making BEATS a practical and robust framework for secure audit trail management in high-volume blockchain environments.

As the number of Internet of Things (IoT) devices increases, so does the significance of safe data sharing in fog computing. In the context of IoT fog computing, this article discusses the privacy and security concerns raised by data sharing. The proposed "BlocFogSec" system uses smart contracts and blockchain consensus to secure data sharing and key management. In contrast to other solutions, BlocFogSec uses two different kinds of smart contracts for safe data sharing and key exchange. It also uses a consensus system to verify transactions and preserve the integrity of the blockchain. The framework uses fog computing to efficiently process and store data at the network edge, which significantly lowers latency and increases throughput. By limiting transactions to approved nodes, BlocFogSec effectively prevents illegal access and data breaches. Furthermore, the system ensures data accuracy and immutability by validating and adding transactions to the blockchain via a consensus protocol. Several simulations are run to evaluate BlocFogSec's performance against other models. According to the simulation results, BlocFogSec continuously performs better in terms of throughput than other models, including Security Services for Fog Computing (SSFC) and Blockchain-based Key Management Scheme (BKMS).

With the rapid advancement of informatization, the security of sensitive data within information systems has become a critical global concern. The widespread adoption of big data, cloud computing, and related technologies has intensified risks of data leakage and privacy breaches. Traditional data protection mechanisms are increasingly inadequate in addressing complex cyber threats and safeguarding data integrity. Blockchain technology, characterized by its decentralization, immutability, and traceability, presents a robust solution for enhancing data security. This paper proposes a system that leverages blockchain to secure sensitive customer data in a financial institution’s information system. The proposed system employs the SHA-256 encryption algorithm to ensure data confidentiality and integrity. Additionally, smart contracts are implemented to facilitate secure and transparent sharing of encrypted data among different authorized users, enabling controlled access and real-time auditability. Through encryption, decentralized storage, and programmable access control, the system effectively mitigates risks of data tampering and unauthorized access, thereby significantly improving the overall security and trustworthiness of sensitive information management.

In recent years, redactable blockchain has emerged as a promising technology, offering decentralization, traceability, and transparency while allowing authorized modifications to on-chain data. Despite its advantages, current redactable blockchain systems face challenges such as data privacy breaches and excessive communication overhead, limiting their practical application. To address these issues, this paper introduces PriChain, a privacy-preserving and fine-grained redactable blockchain framework designed for decentralized environments. PriChain empowers data owners with the ability to control who can access and modify their on-chain data, ensuring that only authorized users can perform redaction while preserving data confidentiality. By leveraging multi-authority attribute-based encryption, PriChain enables precise access control and ensures resistance to unauthorized collaboration or collusion. The framework significantly reduces communication and storage overhead compared to conventional methods. Security analysis confirms that PriChain is resilient against chosen-plaintext attacks, making it a robust and practical solution for privacy-focused blockchain applications.

Traditional blockchain systems rely on Merkle trees built from classical hash functions like SHA-256, which face growing challenges from quantum computing threats and scalability limitations in large-scale data verification. To address these issues, we propose a parameter-hopping Merkle tree framework that integrates a pseudorandom number generator (PRNG) with lattice-based cryptography. Our design introduces dynamically generated lattice parameters to enhance post-quantum security and improve flexibility for distributed data storage and verification. The system constructs a provably secure hash chain using extended-domain lattice-based hash functions (LBHFs), supporting arbitrary-length inputs and enabling adaptive, efficient verification in peer-to-peer environments. Experimental validation in a cloud storage scenario demonstrates that the proposed approach achieves stronger quantum resilience while maintaining high efficiency and reduced proof sizes compared to traditional blockchain infrastructures.

This paper presents Fort2BCK, a robust security framework aimed at addressing key vulnerabilities in healthcare block chain systems, particularly those related to data tampering, unauthorized access, and consensus protocol limitations. Fort2BCK introduces a dual-layer verification mechanism that enhances native consensus algorithms with advanced cryptographic techniques, including RSA, ECDSA, and Zero-Knowledge Proofs (ZKPs), thereby adding an extra layer of authentication, auditability, and resistance to malicious activities. Unlike traditional block chain models, Fort2BCK independently verifies the integrity of each block before its inclusion in the chain, significantly minimizing the risks of fraud and forgery. Its interoperability with diverse consensus protocols—Proof of Work (PoW), Proof of Stake (PoS), and Delegated Proof of Stake (DPoS)—enables it to counteract common attacks such as 51% attacks and the nothing-at-stake problem through an integrated external validation process. Experimental evaluation on a simulated hybrid block chain network comprising 100 nodes and 50,000 transactions demonstrated that Fort2BCK improved resistance to block rewrite attacks by 35% and reduced fraudulent transactions by 42%, all while incurring less than 8% computational overhead. Moreover, the framework ensures regulatory compliance with data protection laws like HIPAA and GDPR, reinforcing the legal and ethical use of block chain in medical contexts. Overall, Fort2BCK enhances the security, scalability, and privacy of healthcare block chain’s, supporting the trustworthy digital transformation of clinical data systems.

Users can take charge of their digital identities and data with Self-Sovereign Identity (SSI), a decentralized, user-centric approach to Identity Management (IdM). It lessens the drawbacks of conventional, centralized IdM systems and offers numerous benefits. Notwithstanding its advantages, SSI primarily emphasizes direct communication between two separate entities. When the identity holders are the verified bearers of their credentials, it permits direct identification, authentication, authorization, and access to resources and services. However, it mainly ignores indirect identity control, like delegation, which is a necessary component of everyday life and interpersonal relationships. In organizational settings, delegation is especially prevalent. It typically results from the need for increased productivity, relief, or distribution of work, as well as from the incapacity to carry out tasks, responsibilities, and duties for a variety of reasons. It needs more research and the creation of fresh strategies, though, as it is comparatively understudied within the SSI framework.Therefore, our study sought to close the previously mentioned gap and provide a thorough analysis of delegation in the SSI ecosystem.

Blockchain-based query systems with traceability and data provenance are increasingly vital across various applications. However, existing index-based query approaches perform efficiently only under static workloads, where query attributes or types are fixed, and struggle with dynamic workloads due to long construction times and high storage requirements. To address these limitations, this paper proposes FlexIM, an efficient and verifiable index management system for dynamic blockchain queries. FlexIM leverages the inherent characteristics of blockchain, such as data distribution and block access frequency, and uses reinforcement learning to optimally select indexes under varying workloads. Additionally, verifiability is enhanced with minimal storage overhead through the integration of Root Merkle Tree (RMT) and Bloom Filter Merkle Tree (BMT). Experimental evaluations demonstrate that FlexIM significantly outperforms existing mechanisms like vChain+, achieving a 26.5% speedup while reducing storage consumption by 94.2% on average across real-world Bitcoin datasets.

In response to growing concerns over the security and privacy of mobile healthcare (mHealth) systems, this study introduces a blockchain-based framework designed to enhance the secure management of health-critical data. Existing mHealth solutions largely depend on centralized cloud infrastructure, which incurs high maintenance costs, scalability issues, and significant privacy risks, particularly in ad hoc network environments. To address these limitations, this research integrates mobile computing for processing health data with blockchain technology for secure storage and access. The proposed system follows an incremental methodology that involves: (i) designing a robust framework as a blueprint for blockchain-enabled mHealth systems, (ii) developing a suite of automated algorithms to realize the framework, and (iii) conducting experimental evaluations to assess scalability, performance, and energy efficiency. The solution leverages a mobile application frontend, interfacing with a backend powered by the InterPlanetary File System (IPFS) and Ethereum blockchain to ensure decentralized and tamper-proof management of healthcare data. Through a case-study-driven approach, the framework enables secure and transparent data sharing among patients, healthcare professionals, and medical institutions. To validate the system, a smart contract prototype was deployed on the Ethereum TESTNET in a Windows environment. Evaluation results demonstrate strong performance, with query response times between 10–41 ms, minimal CPU usage (1.5%–2.5%), and efficient energy consumption (approximately 40,000 gas units per 1000 bytes). Overall, the proposed framework represents a significant advancement in designing and implementing secure, scalable, and privacy-preserving mHealth systems using blockchain technology.

Blockchain technology has the potential to revolutionize e-business by enabling smart contracts. However, the development of blockchain applications is still challenging due to a gap between the analysis and design phases, made worse by the lack of standardized methods for modeling blockchain requirements. This study presents a set of nine data-driven business process modeling patterns that address blockchain-specific concerns such as token management and smart contract security. The patterns were identified through trend analysis of real-world blockchain applications and validated against existing research and a proof-of-concept. Key findings show that transfer patterns are prevalent in marketplace and game applications, lifecycle patterns dominate in games, and accessibility patterns are common across marketplace, finance, IT, and games. The proposed framework offers a standardized way to model blockchain application requirements, improving communication among stakeholders and guiding the development of more effective blockchain solutions.

Traditional cross-domain authentication schemes in the Industrial Internet of Things (IIoT) face challenges such as limited decentralization and inefficient session key management, leading to high overhead from repeated authentication and key negotiations. To address these issues, this paper proposes a blockchain-assisted cross-domain authentication and key negotiation scheme that enables secure communication across different IIoT domains. The scheme introduces a session token mechanism to restrict the validity period of session keys and facilitate efficient key updates. Blockchain is leveraged to manage the session key validity dynamically, significantly reducing repeated authentication overhead. Security and performance analyses demonstrate that the scheme effectively verifies data integrity while supporting key updates, dynamic user management, and semi-trusted third-party updates. Experimental results indicate that the proposed approach reduces computation overhead by 69.4%, 78.9%, 88.8%, and 38.3% and communication overhead by 63.5%, 18.8%, 15.1%, and 52.9% compared to existing schemes, highlighting its efficiency and low operational cost.

This project investigates a highly deceptive blockchain scam known as approval phishing, where users are tricked into unknowingly granting access to their wallet funds. The fraud is executed via a malicious smart contract architecture (SCA) in which the user unknowingly approves a contract controlled by an attacker. This contract is then triggered by a malicious external owned account (EOA), allowing the unauthorized transfer of tokens. The attack is exacerbated by wallet UI weaknesses, which often fail to adequately present risks associated with approval requests. The scam infrastructure includes a comprehensive management system hosted on a secured web server, often hidden behind CDN layers to avoid blocklisting. This system not only handles the fake investment interface shown to victims but also manages scammer operations including statistics, fund withdrawals, and dynamic content manipulation. This project aims to simulate and analyze these attacks through a Servlet-JSP-based web application, evaluate wallet vulnerabilities, detect scam contract behavior, and propose smart wallet enhancements inspired by EIP-4337-based account abstraction. A comparative study and approval analysis system is also implemented to educate users and recommend secure wallet choices.