Explore the vast range of titles available.

Internet-of-Things (IoT) and sensor technologies have enabled the collection of data in a distributed fashion for analysis and evidence-based decision making. However, security concerns regarding the source, confidentiality and integrity of the data arise. The most common method of protecting data transmission in sensor systems is Transport Layer Security (TLS) or its datagram counterpart (DTLS) today, but exist an alternative option based on Distributed Ledger Technology (DLT) that promise strong security, ease of use and potential for large scale integration of heterogeneous sensor systems. A DLT such as the IOTA Tangle offers great potential to improve sensor data exchange. This paper presents L2Sec, a cryptographic protocol which is able to secure data exchanged over the IOTA Tangle. This protocol is suitable for implementation on constrained devices, such as common IoT devices, leading to greater scalability. The first experimental results evidence the effectiveness of the approach and advocate for the integration of an hardware secure element to improve the overall security of the protocol. The L2Sec source code is released as open source repository on GitHub.

Modern cryptographic systems increasingly depend on certified hardware modules to guarantee trustworthy key management, tamper resistance, and secure execution across Internet of Things (IoT), embedded, and cloud infrastructures. Although numerous FIPS 140-certified platforms exist, prior studies typically evaluate these solutions in isolation, offering limited insight into their cross-domain suitability and practical deployment trade-offs. This work addresses this gap by proposing a unified, multi-criteria evaluation framework aligned with the FIPS 140 standard family (including both FIPS 140-2 and FIPS 140-3), replacing the earlier formulation that assumed an exclusive FIPS 140-3 evaluation model. The framework systematically compares secure elements (SEs), Trusted Platform Modules (TPMs), embedded Systems-on-Chip (SoCs) with dedicated security coprocessors, enterprise-grade Hardware Security Modules (HSMs), and cloud-based trusted execution environments. It integrates certification analysis, performance normalization, physical-security assessment, integration complexity, and total cost of ownership. Validation is performed using verified CMVP certification records and harmonized performance benchmarks derived from publicly available FIPS datasets. The results reveal pronounced architectural trade-offs: lightweight SEs offer cost-efficient protection for large-scale IoT deployments, while enterprise HSMs and cloud enclaves provide high throughput and Level 3 assurance at the expense of increased operational and integration complexity. Quantitative comparison further shows that secure elements reduce active power consumption by approximately 80–85% compared to TPM 2.0 modules (<20 mW vs. 100–150 mW) but typically require 2–3× higher firmware-integration effort due to middleware dependencies. Likewise, SE050-based architectures deliver roughly 5× higher cryptographic throughput than TPMs (∼500 ops/s vs. ∼100 ops/s), whereas enterprise HSMs outperform all embedded platforms by two orders of magnitude (>10 000 ops/s). Because the evaluated platforms span both FIPS 140-2 and FIPS 140-3 certifications, the comparative analysis interprets their security guarantees in terms of requirements shared across the FIPS 140 standard family, rather than attributing all properties to FIPS 140-3 alone. No single architecture emerges as universally optimal; rather, platform suitability depends on the desired balance between assurance level, scalability, performance, and deployment constraints. The findings offer actionable guidance for engineers and system architects selecting FIPS-validated hardware for secure and compliant digital infrastructures.

Continued growth and development in the consumer electronic market have greatly increased in the realm of home automation. With this swelling in smart, Internet‐connected consumer electronics, there is a need to ensure the safe and secure use of these products. So how does one authenticate each product in a large connected environment? How can the authors minimise counterfeiting, cloning, and the presence of Trojans in customer electronics? In this study, they explore their method of using various physically unclonable functions (PUFs) as a potential seed for a pseudorandom number generators (PRNGs) element. These can then be used to authenticate consumer electronic devices or protect communication over a large interconnected network. The advantage of this work is that their method increases the difficulty of attackers to learn patterns of the seed of each PRNG while optimising PUF‐based constraints in different consumer electronic domains. Through this work they enhance the function of PRNGs, increasing the difficulty of attackers’ ability to model security systems, as well as present a lightweight and efficient solution to the growing security concerns. By making the PRNG more difficult to model, malicious actors are less able to overcome their proposed security enhancement leading to a safe and secure environment.

Internet protocol security (IPSec), secure sockets layer (SSL)/transport layer security (TLS) and other security protocols necessitate high throughput hardware implementation of cryptographic functions. In recent literature, cryptographic functions implemented in software, application specific integrated circuit (ASIC) and field programmable gate array (FPGA). They are not necessarily optimized for throughput. Due to the various side‐channel based attacks on cache and memory, and various malware based exfiltration of security keys and other sensitive information, cryptographic enclave processors are implemented which isolates the cryptographically sensitive information like keys. We propose a partitioned enclave architecture targeting IPSec, TLS and SSL where the partitioned area ensures that the processor data‐path is completely isolated from the secret‐key memory. The security processor consists of a Trivium random number generator, Rivest–Shamir–Adleman (RSA), advanced encryption standard (AES) and KECCAK cryptos. We implement three different optimized KECCAK architectures. The processing element (PE) handles all communication interfaces, data paths, and control hazards of network security processor. The memory of KECCAK and AES communication is done via a direct memory access controller to reduce the PE overhead. The whole system is demonstrated by FPGA implementation using Vivado 2015.2 on Artix‐7 (XC7A100T, CSG324). The performances of the implemented KECCAKs are better in terms of security, throughput and resource than the existing literature.

While integrated circuit technologies keep scaling aggressively, analog, mixed-signal, and radio-frequency (RF) circuits encounter challenges by creating robust designs in advanced complementary metal–oxide–semiconductor (CMOS) processes with the diminishing voltage headroom. The increasing random mismatch of smaller feature sizes in leading-edge technology nodes severely limit the benefits of scaling for (RF)/analog circuits. This paper describes the details of the combinatorial randomness by statistically selecting device elements that relies on the significant growth in subsets number of combinations. The randomness can be utilized to provide post-manufacturing reconfiguration of the selectable circuit elements to achieve required specifications for ultra-low-power systems. The calibration methodology is demonstrated with an ultra-low-voltage chaos-based true random number generator (TRNG) for energy-constrained Internet of things (IoT) devices in the secure communications.

Purpose – The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever. Design/methodology/approach – A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. Findings – To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time. Originality/value – By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

To comprehend the basic differences in wallet technologies, first to be discussed is secure element (SE) tokenization. Host‐card emulation (HCE) is the core basis for most wallets outside of the Apple ecosystem. The onboarding process with issuers may be similar to what is done with SE wallets, but the overall security and NFC functionality behaves differently in the background. HCE was created to remove the dependency on SE hardware mainly due to the politics of mobile network operator fragmentation. HCE requires downloading of tokens, which could be very problematic when in low Internet connectivity areas or travelling abroad. While the differences between HCE and SE tokenization seem finite, there are some viewpoints to consider from a payment perspective. Wallets always need to be accessible when users need them most, and while network tokenization has offered a strong security aspect, there are more improvements needed in wallet infrastructure to transition into a stronger adoption growth phase.