Abstract: Secure large-scale data processing (Big Data) in distributed environments such as Hadoop MapReduce poses a constant challenge of balancing performance and security. While recent approaches (MR-LWT) have demonstrated the effectiveness of lightweight cryptography (LWC) in reducing computational overhead, they generally rely on a static selection of algorithms. This paper proposes Adaptive-Crypto-RL, a dynamic selection system based on a Deep Q-Network (DQN). By integrating directly into the existing MR-LWT architecture, our reinforcement learning agent evaluates the cluster state (CPU, RAM, network load) and data characteristics in real-time to select the optimal algorithm (Chacha20, Rabbit, NOEKEON, or AES-CTR). Experiments demonstrate that this adaptive selection improves overall performance by up to 75% compared to AES(CBC) and 50% compared to HC-128, with a negligible inference overhead of 2 to 4 seconds.

Abstract: Autonomous AI agents operating in high-stakes domains—financial trading, medical diagnostics, autonomous code execution—lack formal safety guarantees for their core operational loops, including memory management, tool invocations, and human interactions. Current verification approaches either fail to scale to neural components or ignore the structured control flow of agentic systems entirely. We introduce AgentVerify (Compositional Formal Verification of AI Agent Safety Properties via LTL Model Checking), a model checking framework that specifies and verifies safety properties for agent architectures using temporal logic. AgentVerify defines compositional specifications for memory integrity, tool call pro tocols, MCP/skill invocations, and human-in-the-loop boundaries, enabling rigorous runtime monitoring and post-hoc behavioral analysis. In an empirical evaluation across 15 diverse agent scenarios (low- and high-difficulty), our post-hoc behavioral analysis component achieved a verification accuracy of 86.67% (mean over 3 seeds, σ=0.00), outperforming a monolithic contract verification baseline (80.00%) and a runtime monitoring baseline without temporal logic (46.67%). A monolithic neural verifier, which attempts to verify the LLM outputs directly, performed poorly at 13.33%, confirming that end-to-end neural verification is currently intractable for production-scale agents. These results demonstrate that formal methods applied to the agent’s observable control flow provide a tractable and effective path to safety assurance, complementing rather than replacing neural-centric efforts to align large language models.

Abstract: Microsoft Windows remains the dominant desktop operating system and, therefore a frequent focus of digital forensic and incident response investigations. Windows Registry analysis is particularly valuable because it captures persistence mechanisms, execution traces, user activity, device usage, and system configuration changes that are often central to incident reconstruction. Nevertheless, modern investigations are challenged by the scale of Registry data, the fragmentation of evidence across hives and complementary sources, and the need to prioritise investigative actions under time pressure. This paper presents WinRegRL, a hybrid framework that combines Reinforcement Learning (RL) with Rule-based Artificial Intelligence (RB-AI) for automated Windows Registry and timeline-centred forensic analysis. The framework models the investigation process as a Markov Decision Process (MDP) with explicitly defined states, actions, transition dynamics, and reward design, and incorporates expert-derived policy graphs to initialise and refine the search strategy. We evaluate the framework on four heterogeneous forensic datasets spanning multiple Windows versions and incident scenarios, and we compare it against analyst-assisted baselines and controlled examiner-led workflows. Under the evaluation protocol adopted in this study, WinRegRL reduced investigation time by up to 68%, increased the number of adjudicated relevant artefacts identified by up to 35%, and achieved high artefact-level precision on the evaluated datasets. Rather than claiming universal superiority, we show that the proposed framework provides a reproducible and explainable decision-support mechanism that improves investigation efficiency while maintaining strong evidential coverage in the tested scenarios. These findings position WinRegRL as a promising decision-support framework for large-scale and time-critical Windows incident response.

Abstract: This paper studies the probability of a double-spend attack in an Ouroboros-like Proof-of-Stake (PoS) setting when confirmation decisions must be made for a finite number of blocks. Existing security analyses of Ouroboros-family protocols are mainly asymptotic and therefore do not directly provide the attack probability for a fixed confirmation depth. We consider an analytically tractable model that allows empty slots and multiple slot leaders, and assumes fixed stake distribution within an epoch, one-block growth of the public longest chain in any slot containing at least one honest leader, and next-slot block visibility. These assumptions hold when the time slot length is much greater than the network delay, and are applicable to practical deployment scenarios such as Cardano. Under these assumptions, for the first time, an exact closed-form solution for the success probability of a double-spend attack considering a realistic model with multiple leaders and empty time slots. Numerical examples illustrate how the required confirmation depth depends on the adversarial stake ratio and the active slot coefficient. The results apply to the stated analytical model and do not yet cover delayed fork resolution or the full protocol-level fork-choice and finality mechanisms of Ouroboros Praos.

Abstract: TLS 1.3 zero-round-trip-time (0-RTT) resumption reduces reconnection latency by allowing clients to transmit early application data using pre-shared keys (PSK) derived from previously established session tickets. This mechanism is pivotal for latency-sensitive web services, API gateways, and IoT applications. However, the cryptographic foundations of current session tickets—symmetric keys derived from classical X25519 key exchange—are fundamentally vulnerable to Harvest-Now-Decrypt-Later (HNDL) quantum attacks: an adversary capturing session ticket exchanges today can retroactively decrypt PSKs and all 0-RTT early data once a cryptographically relevant quantum computer (CRQC) becomes available. This paper introduces HQRT (Hybrid Quantum-Resistant Resumption for TLS 1.3), a protocol-level framework that embeds a hybrid X25519 + ML-KEM-768 key encapsulation into the TLS 1.3 NewSessionTicket lifecycle, producing quantum-safe session tickets without additional handshake round trips. HQRT defines a Hybrid Resumption Master Secret (HRMS) derived from both classical and post-quantum shared secrets and integrates it into the TLS 1.3 key schedule as a drop-in extension of the Resumption Master Secret. We provide: (i) a formal security model for quantum-safe 0-RTT resumption with game-based HNDL-resistance proofs; (ii) an extended replay protection analysis under quantum adversaries; (iii) a proof-of-concept implementation on OpenSSL 3.x with the OQS provider; and (iv) comprehensive benchmarks across server, desktop, and IoT platforms demonstrating only 4–9% latency overhead and 6.5% throughput reduction relative to classical 0-RTT, versus the 81–89% overhead of full post-quantum handshakes. A cumulative cost-benefit analysis over multi-session workloads demonstrates 34–97% amortised overhead reduction compared to per-reconnection PQC handshakes, with latency distributions exhibiting sub-millisecond tail divergence from classical baselines. HQRT provides a practical, incrementally deployable pathway for quantum-safe TLS resumption compatible with existing certificate infrastructure.

Abstract: Ultrasonic cyberattacks represent an emerging threat vector capable of exfiltrating information even from high-security systems. Modern computing devices equipped with integrated speakers and microphones can generate ultrasonic emissions that may be exploited for covert communication. Previous studies have demonstrated that malicious software can utilize ultrasonic audio channels to establish communication links between otherwise isolated systems, enabling data leakage from air-gapped environments by relaying information through acoustic signals. Experimental results have shown that data can be transmitted at rates of up to 20 bits per second over distances of approximately 18 meters (60 feet), facilitating the covert transfer of sensitive information. Moreover, networks of compromised devices can be chained together to bridge air-gapped systems and transmit data to external receivers. The work presents a real-time system that detects and disrupts covert ultrasonic communication used for hidden data transmission. The authors demonstrate the threat by building an ultrasonic Morse-code channel capable of transmitting data up to 20 meters. To counter this, they develop a mitigation framework using external acoustic hardware that detects ultrasonic signals and jams them with high-power interference. The system effectively prevents data exfiltration, showing strong performance at distances of 5, 10, and 15 meters across different environments.

Abstract: Cyberattacks have grown in sophistication with the emergence of advanced ransomware, zero-day payloads, and complex network intrusions. Existing security systems often focus only on detection, lacking comprehensive real-time response mechanisms. This survey explores the state of the art in AI-powered network monitoring, intrusion detection and prevention, ransomware detection, automated backup and recovery, and autonomous AI-driven ransom negotiation. By analyzing recent IEEE research on ransomware recovery [1], ML-based intrusion detection [2], proactive defense [3], network traffic analysis [4], anti-ransomware vulnerabilities [5], targeted ransomware mitigation [6], and Windows forensic investigations [7], this paper presents a unified framework that integrates machine learning, local large language models (LLMs) via Ollama, and automated self-healing processes. The proposed architecture offers a scalable, privacy-preserving, and intelligent approach to modern cybersecurity challenges.

Abstract: As IoT systems complexity grows, transparent and trustworthy machine-learning Intrusion Detection Systems are crucial. Post hoc explainable AI methods, such as SHAP and LIME, are the most widely used ways to explain how models work, but the degree to which these methods are robust to adversarial conditioning is understudied. In this paper, we propose to create a unified system of evaluating explanation fidelity by using three metrics : sparsity, completeness and robustness based on minimally distorting DeepFool input perturbations. Our study benchmarks SHAP and LIME across three datasets (BoT-IoT, Edge-IIoT, N-BaIoT) using four classifiers: CNN, DNN, LSTM, and RF. Our results demonstrate a consistent trade-off: SHAP achieves stronger causal alignment and higher completeness under attack, whereas LIME exhibits greater rank-stability in terms of top-k feature overlap. However, LIME also produces more spurious attributions and offers less explanatory power than SHAP, especially in the presence of synthetic or non-causal features. Our findings reveal that high model accuracy does not guarantee that the provided explanation is also high-fidelity. This investigation highlights the necessity for robustness-aware XAI in cybersecurity and provides reproducible parameters to guide the adoption of XAI in adversarial environments.

Abstract: Cryptocurrencies are increasingly gaining traction in the digital realm, promising a decentralized future free from the grip of centralized authorities. This magnetic appeal has led to a surge in the integration of cryptocurrencies within various games and applications based on the robust security provided by blockchain technology. As the world embraces this digital revolution, everyday users are navigating a landscape filled with questions and concerns about the safety, privacy, and reliability of these innovative currencies. Some nations have chosen to ban or heavily regulate cryptocurrencies, further fanning the flames of uncertainty among regular users. While extensive research has been done on the technical dimensions of enhancing cryptocurrency security, there is a lack of appropriate work on critical aspects of parameters influencing users’ perspectives on security, privacy, and trust (SPT) offered by cryptocurrencies. This paper explores the existing gap by investigating the complex relationship between users’ perceptions of SPT in cryptocurrencies and the potential advantages presented by decentralized blockchains in current literature. PRISMA methodology has been followed to systematically review the existing literature targeting SPT parameters of cryptocurrencies with a detailed discussion of the methodologies followed by the researchers on the subject. After the careful selection of a search query, 64 papers have been reviewed in detail from a list of 350 papers obtained from Scopus, WoS, IEEE Explore, and ACM. Dominant use of surveys, the Technology Acceptance Model, and Structural Equation Modelling for analysis is observed in the reviewed literature which may not cover the complete domain of parameters affecting SPT concerns of users about cryptocurrencies. By exploring the existing literature, we highlighted the obstacles that may impede the widespread adoption of cryptocurrencies and the limitations that may be in research methodologies being adopted to measure these parameters.

Abstract: This work investigates multi-scalar multiplication (MSM) over a fixed base for small input sizes, where classical large-scale optimizations are less effective. We propose a novel variant of the Pippenger-based bucket method that enhance performance by using additional precomputation. In particular, our approach extends the BGMW method by introducing structured precomputations of point combinations, enabling the replacement of multiple point additions with table lookups. We further generalize this idea through chunk-based precomputation, allowing flexible trade-offs between memory usage and runtime performance. Experimental results demonstrate that the proposed variants significantly outperform the Fixed Window method for small MSM instances, achieving up to 3× speedup under practical memory constraints. These results challenge the common assumption that bucket-based methods are inefficient for small MSMs.

Abstract: Hardware random number generators (HRNGs) underpin the security of cryptographic systems, yet their physical entropy sources are susceptible to degradation, environmental perturbation, and adversarial manipulation. Continuous health testing during operation is therefore mandated by all major certification frameworks, including NIST SP 800-90B and BSI AIS 31. This survey examines the feasibility and efficiency of employing three classical statistical measures—mean, median, and standard deviation—as lightweight online health indicators for HRNG output streams. We ground our analysis in the Hotelling–Solomons inequality |μ − m| ≤ σ, which establishes a distribution-free bound linking these three statistics. We survey efficient streaming algorithms—including Welford’s online variance computation, two-heap sliding-window median structures, and approximate quantile sketches—that enable their computation under the strict throughput and memory constraints of embedded cryptographic modules. We further address numerical stability considerations for long-running deployments processing billions of samples. Our analysis demonstrates that the mean–median–standard deviation triplet, combined with the Hotelling–Solomons bound, provides a complementary health test layer that fills the gap between the minimal repetition count and adaptive proportion tests of SP 800-90B and the comprehensive but offline NIST SP 800-22 statistical test suite.

Abstract: The Fifth Industrial Revolution (Industry 5.0) foregrounds human–machine collaboration, sustainability, and resilience as organizing principles for next-generation cyber-physical systems. Yet the identity and access management (IAM) architectures inherited from Industry 4.0 remain perimeter-centric, policy-static, and blind to the behavioral dynamics of human–AI teaming. This paper introduces the Human-Centric Zero Trust Identity Architecture (HC-ZTIA), a novel framework that repositions identity as the adaptive control plane for Industry 5.0 environments. HC-ZTIA integrates three mutually reinforcing innovations: (1) a Joint Embedding Predictive Architecture (JEPA)-driven Behavioral Identity Assurance Engine (BIAE) that learns abstract world models of operator and machine-agent behavior to perform continuous, context-aware identity verification without relying on raw biometric surveillance; (2) a Privacy-Preserving Adaptive Authorization Protocol (PP-AAP) employing zero-knowledge proofs and federated policy evaluation to enforce least-privilege access across human, non-human, and hybrid identity classes while satisfying data-minimization mandates; and (3) a Resilience-Oriented Trust Degradation Model (RO-TDM) that guarantees fail-safe identity governance under adversarial, degraded, or disconnected operating conditions characteristic of operational technology (OT) and critical infrastructure. The framework is grounded in the Agile-Infused Design Science Research Methodology (A-DSRM) and formally extends NIST SP 800-207 and the CISA Zero Trust Maturity Model by addressing five identified gaps in human-centric identity governance. We present the formal system model, threat model, architectural specification, and a multi-scenario evaluation spanning energy-sector OT, smart manufacturing, and vehicle-to-everything (V2X) environments. Simulation results, validated through Monte Carlo trials with 95% confidence intervals, demonstrate that HC-ZTIA reduces identity-related breach exposure by 73.2% (±4.1%) while maintaining sub-200 ms authorization latency, offering a principled bridge between Zero Trust rigor and Industry 5.0 human-centricity.

Abstract: The rapid proliferation of Internet of Things (IoT) devices has significantly expanded the attack surface of modern networks, leading to a surge in IoT-based botnet attacks. Detecting such attacks remains challenging due to the high dimensionality and heterogeneity of IoT network traffic. This study proposes and evaluates three hybrid deep learning architectures for IoT botnet detection that combine representation learning with supervised classification: VAE-encoder-MLP, VAE-encoder-GAT, and VAE-encoder-MoTE. A variational autoencoder (VAE) is first trained to learn a compact latent representation of high-dimensional traffic features, after which the pretrained encoder projects the data into a low-dimensional embedding space. These embeddings are then used to train three different downstream classifiers: a multilayer perceptron (MLP), a graph attention network (GAT), and a mixture of tiny experts (MoTE) model. To further enhance representation discriminability, supervised contrastive learning is incorporated to encourage intra-class compactness and inter-class separability in the latent space. The proposed architectures are evaluated on two widely used benchmark datasets, CICIoT2022 and N-BaIoT, under both binary and multiclass classification settings. Experimental results demonstrate that all three models achieve near-perfect performance in binary attack detection, with accuracy exceeding 99.8%. In the more challenging multiclass scenario, the VAE-encoder-MLP model achieves the best overall performance, reaching accuracies of 98.55% on CICIoT2022 and 99.75% on N-BaIoT. These findings provide insights into the design of efficient and scalable deep learning architectures for IoT intrusion detection.

Abstract: This research paper address why it is that disabled people often have extra problems with authentication (i.e. logging in to online services). While the focus is on authenti-cation, we also explore its relevance to electronic identification and consider the post-authentication stage of authorization (allowing continued use of the service once logged in). While ‘normal’ people regularly log into websites and applications without too much thought for the process with an end-goal or task in mind to be achieved with the service that they are accessing. We discover how there is a societal gap in terms of ease-of-use, as previous studies show that disabled people can find this step difficult, frustrating, or virtually impossible. For people who have a disability, complications will arise in this process, and we examine the nature of these problems identified by this group. identifying patterns in the A series of interviews (n=15) are analyzed with Constructivist Grounded Theory methods to discover patterns in the participant’s answers and build a theory about why Accessible Authentication is a problem. By way of inductive theorem building, this paper categorizes common traits that participants have revealed during interviews. The key findings reveal that most disabled users say that their capability to authenticate effectively is effectively reduced by accessibility barriers, in other words, participants felt hindered when logging in because of their disability. This leads us to conclude with some degree of confidence that there is a lack of accessibility for those using traditional authentication techniques. A further area of concern for the participants suggests that maintaining security alongside ease-of-use was found to be important to them, so future work on improving accessibility should find ways to ensure that disabled users’ information is not left vulnerable.

Abstract: Telecommunication networks operate as highly distributed, multi-vendor, and mis-sion-critical infrastructures, making them prime targets for sophisticated cyber threats. As networks evolve toward cloud-native, virtualized, and software-defined architec-tures, traditional perimeter-based security models have become insufficient. Zero-Trust Architecture (ZTA) has therefore emerged as a key security paradigm in telecommu-nications, enabling continuous verification, fine-grained access control, and improved protection of network and information assets. While ZTA strengthens technical security and operational resilience, its large-scale deployment introduces significant so-cio-technical and governance challenges that extend beyond network engineering. This study examines the implementation of ZTA in a multinational telecommunications in-frastructure organization using a four-wave longitudinal design (2020 - 2023). Drawing on an extended Technology Acceptance Model incorporating Perceived Trust, we ana-lyze employee perceptions of productivity, ease of use, usefulness, and trust before and after ZTA deployment, and following a structured governance intervention. Results reveal a substantial decline in the composite TAM index following ZTA enforcement (−25%, Cohen’s d = 1.12), with no meaningful spontaneous recovery over time (d = 0.08). A Communication Campaign emphasizing transparency and stakeholder engagement produced a partial but incomplete recovery (d ~ 0.52), indicating that trust erosion under Zero-Trust conditions is measurable and contingent upon governance design rather than technological determinism. The findings demonstrate that ZTA functions not merely as a technical safeguard but as a socio-technical governance mechanism that restructures organizational trust. The study advances a Proactive Trust Management framework tailored to telecommunications environments, integrating security en-forcement with transparency, participatory oversight, and ethical calibration to sustain operational resilience in cloud-native infrastructures.

Abstract: With the rapid advancement of deep learning, differential privacy has become a key technique for protecting sensitive data with a formal guarantee of privacy. By injecting noise and enforcing privacy budgets, differentially private deep learning (DP-DL) systems are able to protect individual data points yet still maintain a model’s utility. However, recent studies reveal that DP-DL systems can be vulnerable to different types of attacks throughout their lifecycle. Naturally, this has attracted the attention of both academia and industry. Critically, these risks are not the same as those associated with traditional deep learning. This is because the differential privacy mechanism itself introduces new attack surfaces that adversaries can exploit. Our work focuses on the distinct vulnerabilities that can arise at the data, algorithm, and architecture levels. By analyzing representative attacks and corresponding defenses, this survey highlights emerging challenges and outlines promising research directions. Overall, our aim is to make differential privacy more robust and deployable in real-world deep learning systems.

Abstract: Large Language Model (LLM) agents are increasingly deployed to interact with untrusted external data, exposing them to Indirect Prompt Injection (IPI) attacks. While current black-box defenses (i.e., model-agnostic methods) such as “Sandwich Defense” and “Spotlighting” provide baseline protection, they remain brittle against adaptive attacks like Actor-Critic (where injections evolve to better evade LLM’s internal defense). In this paper, we introduce Real User Instruction (RUI), a lightweight, black-box middleware that enforces strict instruction-data separation without model fine-tuning. RUI operates on three novel mechanisms: (1) a Privileged Channel that encapsulates user instructions within a cryptographic-style schema; (2) Explicit Adversarial Identification, a cognitive forcing strategy that compels the model to detect and list potential injections before response generation; and (3) Dynamic Key Rotation, a moving target defense that re-encrypts the conversation state at every turn, rendering historical injection attempts obsolete. We evaluate RUI against a suite of adaptive attacks, including Context-Aware Injection, Token Obfuscation, and Delimitation Spoofing. Our experiments demonstrate that RUI reduces the Attack Success Rate (ASR) from 100% (undefended baseline) to less than 8.1% against cutting-edge adaptive attacks, while maintaining a Benign Performance Preservation (BPP) rate of over 88.8%. These findings suggest that RUI is an effective and practical solution for securing agentic workflows against sophisticated, context-aware adversaries.

Abstract: Human-centered cryptographic key management is constrained by a persistent tension between security and usability. While modern cryptographic primitives offer strong theoretical guarantees, practical failures often arise from the difficulty users face in generating, memorizing, and securely storing high-entropy secrets. Existing mnemonic approaches suffer from severe entropy collapse due to predictable human choice, while machine-generated mnemonics such as BIP–39 impose significant cognitive burden. This paper introduces GeoVault, a spatially anchored key derivation framework that leverages human spatial memory as a cryptographic input. GeoVault derives keys from user-selected geographic locations, encoded deterministically and hardened using memory-hard key derivation functions. We develop a formal entropy model that captures semantic and clustering biases in human location choice and distinguishes nominal from effective spatial entropy under attacker-prioritized dictionaries. Through information-theoretic analysis and CPU–GPU benchmarking, we show that spatially anchored secrets provide a substantially higher effective entropy floor than human-chosen passwords under realistic attacker models. When combined with Argon2id, spatial mnemonics benefit from a hardware-enforced asymmetry that strongly constrains attacker throughput as memory costs approach GPU VRAM limits. Our results indicate that modest multi-point spatial selection combined with memory-hard derivation can achieve attacker-adjusted work factors comparable to those of 12-word BIP–39 mnemonics, while single-point configurations provide meaningful offline resistance with reduced cognitive burden.

Abstract: The rapid evolution of Large Language Models (LLMs) from static text generators to autonomous agents has revolutionized their ability to perceive, reason, and act within complex environments. However, this transition from single-model inference to System Engineering Security introduces unique structural vulnerabilities—specifically instruction-data conflation, persistent cognitive states, and untrusted coordination—that extend beyond traditional adversarial robustness. To address the fragmented nature of the existing literature, this article presents a comprehensive and systematic survey of the security landscape for LLM-based agents. We propose a novel, structure-aware taxonomy that categorizes threats into three distinct paradigms: (1) External Interaction Attacks, which exploit vulnerabilities in perception interfaces and tool usage; (2) Internal Cognitive Attacks, which compromise the integrity of reasoning chains and memory mechanisms; and (3) Multi-Agent Collaboration Attacks, which manipulate communication protocols and collective decision-making. Adapting to this threat landscape, we systematize existing mitigation strategies into a unified defense framework that includes input sanitization, cognitive fortification, and collaborative consensus. In addition, we provide the first in-depth comparative analysis of agent-specific security evaluation benchmarks. The survey concludes by outlining critical open problems and future research directions, aiming to foster the development of next-generation agents that are not only autonomous but also provably secure and trustworthy.

Abstract: The digitalization of healthcare systems increases their exposure to security incidents. Security analysts use standard CVE (Common Vulnerabilities and Exposures) records to identify and mitigate vulnerabilities. However, CVEs are often incomplete or overly generic, requiring the addition of structured, actionable information to support effective decision-making. Manually performing this augmentation is unfeasible due to the rapidly growing number of published CVEs. In this paper we evaluate the capabilities of LLMs (Large Language Models) to classify and analyze CVEs within the medical IT systems domain. We propose a framework where LLMs parse structured JSON context and answer a set of specific natural language questions, enabling the categorization of vulnerabilities by their position in the medical chain, affected component types, and mapping to the MITRE ATT&CK framework. While recent studies show that general LLMs can achieve high accuracy in objective CVSS elements and learn CNA-oriented patterns, they often struggle with subjective impact metrics. Our results demonstrate that domain-specific classification through natural language prompting provides the necessary granularity for medical risk prioritization. We conclude that this augmentation effectively bridges the gap in standard CVE records, allowing for a better understanding of how vulnerabilities impact critical healthcare infrastructure and patient safety.