Tootfinder

Addressing Weak Authentication like RFID, NFC in EVs and EVCs using AI-powered Adaptive Authentication
Onyinye Okoye
https://arxiv.org/abs/2508.19465 https://

Addressing Weak Authentication like RFID, NFC in EVs and EVCs using AI-powered Adaptive Authentication
The rapid expansion of the Electric Vehicles (EVs) and Electric Vehicle Charging Systems (EVCs) has introduced new cybersecurity challenges, specifically in authentication protocols that protect vehicles, users, and energy infrastructure. Although widely adopted for convenience, traditional authentication mechanisms like Radio Frequency Identification (RFID) and Near Field Communication (NFC) rely on static identifiers and weak encryption, making them highly vulnerable to attack vectors such as…

Practical Physical Layer Authentication for Mobile Scenarios Using a Synthetic Dataset Enhanced Deep Learning Approach
Yijia Guo, Junqing Zhang, Y. -W. Peter Hong
https://arxiv.org/abs/2508.20861

Practical Physical Layer Authentication for Mobile Scenarios Using a Synthetic Dataset Enhanced Deep Learning Approach
The Internet of Things (IoT) is ubiquitous thanks to the rapid development of wireless technologies. However, the broadcast nature of wireless transmissions results in great vulnerability to device authentication. Physical layer authentication emerges as a promising approach by exploiting the unique channel characteristics. However, a practical scheme applicable to dynamic channel variations is still missing. In this paper, we proposed a deep learning-based physical layer channel state informat…

Cell-Free Massive MIMO-Based Physical-Layer Authentication
Isabella W. G. da Silva, Zahra Mobini, Hien Quoc Ngo, Michail Matthaiou
https://arxiv.org/abs/2508.19931 https://

Cell-Free Massive MIMO-Based Physical-Layer Authentication
In this paper, we exploit the cell-free massive multiple-input multiple-output (CF-mMIMO) architecture to design a physical-layer authentication (PLA) framework that can simultaneously authenticate multiple distributed users across the coverage area. Our proposed scheme remains effective even in the presence of active adversaries attempting impersonation attacks to disrupt the authentication process. Specifically, we introduce a tag-based PLA CFmMIMO system, wherein the access points (APs) firs…

Really grateful for two factor authentication via email. Nothing better than being unable to sign in to your account because your mail provider is having downtime.

Microsoft now has invented the 10 Factor authentication before you get to a teams. Next: You need to photograph your underwear and send it to them.

from my link log —
Cracking the Vault: flaws in authentication, identity, and authorization in HashiCorp Vault.
https://cyata.ai/blog/cracking-the-vault-how-we-found-zero-day-flaws-in-authe…

Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault - Cyata | The Control Plane for Agentic Identity
Introduction: when the trust model can’t be trusted Secrets vaults are the backbone of digital infrastructure. They store the credentials, tokens, and certificates that govern access to systems, services, APIs, and data. They’re not just a part of the trust model, they are the trust model. In other words, if your vault is compromised, your […]

First-Place Solution to NeurIPS 2024 Invisible Watermark Removal Challenge
Fahad Shamshad, Tameem Bakr, Yahia Shaaban, Noor Hussein, Karthik Nandakumar, Nils Lukas
https://arxiv.org/abs/2508.21072

First-Place Solution to NeurIPS 2024 Invisible Watermark Removal Challenge
Content watermarking is an important tool for the authentication and copyright protection of digital media. However, it is unclear whether existing watermarks are robust against adversarial attacks. We present the winning solution to the NeurIPS 2024 Erasing the Invisible challenge, which stress-tests watermark robustness under varying degrees of adversary knowledge. The challenge consisted of two tracks: a black-box and beige-box track, depending on whether the adversary knows which watermarki…

Addressing Deepfake Issue in Selfie banking through camera based authentication
Subhrojyoti Mukherjee, Manoranjan Mohanty
https://arxiv.org/abs/2508.19714 https://

Addressing Deepfake Issue in Selfie banking through camera based authentication
Fake images in selfie banking are increasingly becoming a threat. Previously, it was just Photoshop, but now deep learning technologies enable us to create highly realistic fake identities, which fraudsters exploit to bypass biometric systems such as facial recognition in online banking. This paper explores the use of an already established forensic recognition system, previously used for picture camera localization, in deepfake detection.

huh, i just found this. it is clearly llm generated, and thus riddled with inaccuracies and hallucinations. but on first glance, i am very much impressed by the stuff that doesn't immediately jump at me as wrong: https://deepwiki.com/stef/libopaque and

1Kosmos, which provides identity verification and passwordless authentication software, raised a $57M Series B, including a $10M line of credit (Duncan Riley/SiliconANGLE)
https://siliconangle.com/2025/08/12/1kosm…

1Kosmos raises $57M to advance passwordless authentication and global identity security expansion - SiliconANGLE
1Kosmos raises $57M to advance passwordless authentication and global identity security expansion - SiliconANGLE

Privacy-Preserving Federated Learning Framework for Risk-Based Adaptive Authentication
Yaser Baseri, Abdelhakim Senhaji Hafid, Dimitrios Makrakis, Hamidreza Fereidouni
https://arxiv.org/abs/2508.18453 …

Privacy-Preserving Federated Learning Framework for Risk-Based Adaptive Authentication
Balancing robust security with strong privacy guarantees is critical for Risk-Based Adaptive Authentication (RBA), particularly in decentralized settings. Federated Learning (FL) offers a promising solution by enabling collaborative risk assessment without centralizing user data. However, existing FL approaches struggle with Non-Independent and Identically Distributed (Non-IID) user features, resulting in biased, unstable, and poorly generalized global models. This paper introduces FL-RBA2, a n…

Haptic-Based User Authentication for Tele-robotic System
Rongyu Yu, Kan Chen, Zeyu Deng, Chen Wang, Burak Kizilkaya, Liying Emma Li
https://arxiv.org/abs/2506.14116

Haptic-Based User Authentication for Tele-robotic System
Tele-operated robots rely on real-time user behavior mapping for remote tasks, but ensuring secure authentication remains a challenge. Traditional methods, such as passwords and static biometrics, are vulnerable to spoofing and replay attacks, particularly in high-stakes, continuous interactions. This paper presents a novel anti-spoofing and anti-replay authentication approach that leverages distinctive user behavioral features extracted from haptic feedback during human-robot interactions. To …

A Survey of Threats Against Voice Authentication and Anti-Spoofing Systems
Kamel Kamel, Keshav Sood, Hridoy Sankar Dutta, Sunil Aryal
https://arxiv.org/abs/2508.16843 https://…

A Survey of Threats Against Voice Authentication and Anti-Spoofing Systems
Voice authentication has undergone significant changes from traditional systems that relied on handcrafted acoustic features to deep learning models that can extract robust speaker embeddings. This advancement has expanded its applications across finance, smart devices, law enforcement, and beyond. However, as adoption has grown, so have the threats. This survey presents a comprehensive review of the modern threat landscape targeting Voice Authentication Systems (VAS) and Anti-Spoofing Counterm…

Israeli cyber and computer science experts phished by Iran-linked APT42 https://therecord.media/israel-cyber-experts-computer-scientists-phished-iran

NRXR-ID: Two-Factor Authentication (2FA) in VR Using Near-Range Extended Reality and Smartphones
Aiur Nanzatov, Lourdes Pe\~na-Castillo, Oscar Meruvia-Pastor
https://arxiv.org/abs/2507.05447

NRXR-ID: Two-Factor Authentication (2FA) in VR Using Near-Range Extended Reality and Smartphones
Two-factor authentication (2FA) has become widely adopted as an efficient and secure way to validate someone's identity online. Two-factor authentication is difficult in virtual reality (VR) because users are usually wearing a head-mounted display (HMD) which does not allow them to see their real-world surroundings. We present NRXR-ID, a technique to implement two-factor authentication while using extended reality systems and smartphones. The proposed method allows users to complete an authenti…

zkPHIRE: A Programmable Accelerator for ZKPs over HIgh-degRee, Expressive Gates
Alhad Daftardar, Jianqiao Mo, Joey Ah-kiow, Benedikt B\"unz, Siddharth Garg, Brandon Reagen
https://arxiv.org/abs/2508.16738

zkPHIRE: A Programmable Accelerator for ZKPs over HIgh-degRee, Expressive Gates
Zero-Knowledge Proofs (ZKPs) have emerged as powerful tools for secure and privacy-preserving computation. ZKPs enable one party to convince another of a statement's validity without revealing anything else. This capability has profound implications in many domains, including: machine learning, blockchain, image authentication, and electronic voting. Despite their potential, ZKPs have seen limited deployment because of their exceptionally high computational overhead, which manifests primarily d…

"In the grim darkness of the far future, there is only two factor authentication..."

ZK-SERIES: Privacy-Preserving Authentication using Temporal Biometric Data
Daniel Reijsbergen, Eyasu Getahun Chekole, Howard Halim, Jianying Zhou
https://arxiv.org/abs/2506.19393 …

ZK-SERIES: Privacy-Preserving Authentication using Temporal Biometric Data
Biometric authentication relies on physiological or behavioral traits that are inherent to a user, making them difficult to lose, forge or forget. Biometric data with a temporal component enable the following authentication protocol: recent readings of the underlying biometrics are encoded as time series and compared to a set of base readings. If the distance between the new readings and the base readings falls within an acceptable threshold, then the user is successfully authenticated. Various…

I was wondering why my SMTP configuration wouldn't work. DNS zone looked fine, SSL/TLS settings correct, authentication enabled, yet it wouldn't budge.
Then I had a moment of enlightenment about the mail subdomain having one lone A record instead of two NS records as it should have been.
It's. ALWAYS. DNS. Dammit.

SOMEONE'S GONNA GET HAAAACKED still unpatched after 6 months...
Original post: #cybersecurity

PRZK-Bind: A Physically Rooted Zero-Knowledge Authentication Protocol for Secure Digital Twin Binding in Smart Cities
Yagmur Yigit, Mehmet Ali Erturk, Kerem Gursu, Berk Canberk
https://arxiv.org/abs/2508.17913

PRZK-Bind: A Physically Rooted Zero-Knowledge Authentication Protocol for Secure Digital Twin Binding in Smart Cities
Digital twin (DT) technology is rapidly becoming essential for smart city ecosystems, enabling real-time synchronisation and autonomous decision-making across physical and digital domains. However, as DTs take active roles in control loops, securely binding them to their physical counterparts in dynamic and adversarial environments remains a significant challenge. Existing authentication solutions either rely on static trust models, require centralised authorities, or fail to provide live and v…

Capitalism − Big Tech − single points of failure https://mas.to/@nemo/114676003248609889

Design and analysis of a set of discrete variable protocols for secure quantum communication
Arindam Dutta
https://arxiv.org/abs/2508.06380 https://arxiv.o…

Design and analysis of a set of discrete variable protocols for secure quantum communication
The advent of quantum key distribution (QKD) has revolutionized secure communication by providing unconditional security, unlike classical cryptographic methods. However, its effectiveness relies on robust identity authentication, as vulnerabilities in the authentication process can cause a compromise with the security of the entire communication system. Over the past three decades, numerous quantum identity authentication (QIA) protocols have been proposed. This thesis first presents a chronol…

Making REST APIs Agent-Ready: From OpenAPI to Model Context Protocol Servers for Tool-Augmented LLMs
Meriem Mastouri, Emna Ksontini, Wael Kessentini
https://arxiv.org/abs/2507.16044

Making REST APIs Agent-Ready: From OpenAPI to Model Context Protocol Servers for Tool-Augmented LLMs
Large Language Models (LLMs) are evolving from passive text generators into active agents that invoke external tools. To support this shift, scalable protocols for tool integration are essential. The Model Context Protocol (MCP), introduced by Anthropic in 2024, offers a schema-driven standard for dynamic tool discovery and invocation. Yet, building MCP servers remains manual and repetitive, requiring developers to write glue code, handle authentication, and configure schemas by hand-replicatin…

Active Attack Resilience in 5G: A New Take on Authentication and Key Agreement
Nazatul H. Sultan, Xinlong Guan, Josef Pieprzyk, Wei Ni, Sharif Abuadbba, Hajime Suzuki
https://arxiv.org/abs/2507.17491

Active Attack Resilience in 5G: A New Take on Authentication and Key Agreement
As 5G networks expand into critical infrastructure, secure and efficient user authentication is more important than ever. The 5G-AKA protocol, standardized by 3GPP in TS 33.501, is central to authentication in current 5G deployments. It provides mutual authentication, user privacy, and key secrecy. However, despite its adoption, 5G-AKA has known limitations in both security and performance. While it focuses on protecting privacy against passive attackers, recent studies show its vulnerabilities…

Today’s Sesame Street episode is brought to you by the letter X, the platform that cannot be trusted…
…and is also brought to you by the number 2, for 2-factor-authentication and the word “cybersecurity!”
Remember kids, never give an elongated muskrat access to your brand identity!

MSN

😎 Edible microlasers made from food-safe materials can serve as barcodes and biosensors
#optics

Edible microlasers made from food-safe materials can serve as barcodes and biosensors
If you've ever consumed food made with olive oil, there's a good chance you've unknowingly ingested materials capable of producing lasers. Researchers have recently demonstrated edible microlasers—tiny lasers made entirely from food-safe materials—that can be used for food monitoring, product authentication and tagging. These edible microlasers are composed of droplets of oil or water–glycerol mixtures doped with natural optical gain substances, such as chlorophyll (the green pigment in l…

Formal Verification of Physical Layer Security Protocols for Next-Generation Communication Networks
Kangfeng Ye, Roberto Metere, Jim Woodcock, Poonam Yadav
https://arxiv.org/abs/2508.19430

Formal Verification of Physical Layer Security Protocols for Next-Generation Communication Networks
Formal verification is crucial for ensuring the robustness of security protocols against adversarial attacks. The Needham-Schroeder protocol, a foundational authentication mechanism, has been extensively studied, including its integration with Physical Layer Security (PLS) techniques such as watermarking and jamming. Recent research has used ProVerif to verify these mechanisms in terms of secrecy. However, the ProVerif-based approach limits the ability to improve understanding of security beyon…

GMail:
"Be careful with this message.
This message appears to be sent from your account but Gmail couldn't verify this. Someone might be impersonating your account. If you're not sure the message is from you, use caution when clicking links, downloading attachments, or replying with personal information."
I sent it while logged in to GMail using multiple authentication steps from my home network using a secure laptop. What are they talking about? Serious question: how could they not verify it? It's either an idiotic engineering problem on their end or I'm terrified that security is meaningless. Probably both.

I am very happy to announce that our big architecture paper for the Digidow project on distributed digital identity systems with biometric authentication for physical interaction is now online on arXiv: https://arxiv.org/abs/2508.10185.
While it can't have all the details, it summarizes the main de…

An Architecture for Distributed Digital Identities in the Physical World
Digital identities are increasingly important for mediating not only digital but also physical service transactions. Managing such identities through centralized providers can cause both availability and privacy concerns: single points of failure and control are ideal targets for global attacks on technical, organizational, or legal fronts. We design, analyze, and build a distributed digital identity architecture for physical world transactions in common scenarios like unlocking doors, public t…

Do I know anyone using /e/OS? I'm interested in knowing if you can do:
* Two factors authentication with Gmail (the usual "a notification has been sent to your mobile, tap Yes bla, bla, bla").
* Paying using contactless methods?
Also, I would like to know about any other possible problems I might have switching from #android to /e/OS.

@…
"2FA Liberapay does not yet support two-factor authentication."
When!? 🤦
#LiberaPay #Privacy

Meta is adding support for passkeys on Facebook's iOS and Android apps "soon", and will begin rolling out passkeys to Messenger "in the coming months" (Emma Roth/The Verge)
https://www.theverge.com/news/689410/facebook-passkey…

Facebook rolls out passkey support to fight phishing attacks
Facebook is adding support for passkeys, allowing you to sign into your account using your device’s authentication methods, such as a fingerprint, face scan, or PIN.

Because FIDO-based authentication (Passkeys, YubiKeys, etc.) is so good the only way around it is to trick someone into not using it. That's essentially what a downgrade attack is. As a Microsoft #EntraID administrator you can prevent successful downgrade attack from affecting your users. Here's a few ways to mitigate the risk of downgrade attacks:
1) Have your users delete all MF…

Turns out #synology 's home folders are set to chmod 777 by default!
https://blog.aaronlenoir.com/2018/05/06/ssh-into-synology-nas-with-ssh-key/

Beyond DNS: Unlocking the Internet of AI Agents via the NANDA Index and Verified AgentFacts
Ramesh Raskar, Pradyumna Chari, John Zinky, Mahesh Lambe, Jared James Grogan, Sichao Wang, Rajesh Ranjan, Rekha Singhal, Shailja Gupta, Robert Lincourt, Raghu Bala, Aditi Joshi, Abhishek Singh, Ayush Chopra, Dimitris Stripelis, Bhuwan B, Sumit Kumar, Maria Gorskikh

Beyond DNS: Unlocking the Internet of AI Agents via the NANDA Index and Verified AgentFacts
The Internet is poised to host billions to trillions of autonomous AI agents that negotiate, delegate, and migrate in milliseconds and workloads that will strain DNS-centred identity and discovery. In this paper, we describe the NANDA index architecture, which we envision as a means for discoverability, identifiability and authentication in the internet of AI agents. We present an architecture where a minimal lean index resolves to dynamic, cryptographically verifiable AgentFacts that supports …

from my link log —
How attackers are still phishing "phishing-resistant" passkey authentication.
https://www.bleepingcomputer.com/news/security/how-attackers-are-still-phishing-phishing-resistant-au…

Finnish bank fails to send #email to me, finally succeeds to a different address but
Authentication-Results: mx.mail.ovh.net;
arc=fail (as.1.microsoft.com=pass, ams.1.microsoft.com=fail (body has been altered)) smtp.remote-ip=a.b.c.d;
Now this inspires confidence. /s
#Microsoft

ZAPS: A Zero-Knowledge Proof Protocol for Secure UAV Authentication with Flight Path Privacy
Shayesta Naziri, Xu Wang, Guangsheng Yu, Christy Jie Liang, Wei Ni
https://arxiv.org/abs/2508.17043

ZAPS: A Zero-Knowledge Proof Protocol for Secure UAV Authentication with Flight Path Privacy
The increasing deployment of Unmanned Aerial Vehicles (UAVs) for military, commercial, and logistics applications has raised significant concerns regarding flight path privacy. Conventional UAV communication systems often expose flight path data to third parties, making them vulnerable to tracking, surveillance, and location inference attacks. Existing encryption techniques provide security but fail to ensure complete privacy, as adversaries can still infer movement patterns through metadata an…

Currently working on implementing Matrix's new 'Matrix Authentication Service' for our NZ-based instance... non-trivial. But it's such an impressive system (it's doing far more than competitors like Salesforce Slack and Microsoft Teams).

lT security 101: Don't leave your company laptop with authentication smart card inserted, applications open and without screensaver at your seat when using the lavatories on a train. Unbelivable...

A Comprehensive Re-Evaluation of Biometric Modality Properties in the Modern Era
Rouqaiah Al-Refai, Pankaja Priya Ramasamy, Ragini Ramesh, Patricia Arias-Cabarcos, Philipp Terh\"orst
https://arxiv.org/abs/2508.13874

A Comprehensive Re-Evaluation of Biometric Modality Properties in the Modern Era
The rapid advancement of authentication systems and their increasing reliance on biometrics for faster and more accurate user verification experience, highlight the critical need for a reliable framework to evaluate the suitability of biometric modalities for specific applications. Currently, the most widely known evaluation framework is a comparative table from 1998, which no longer adequately captures recent technological developments or emerging vulnerabilities in biometric systems. To addre…

@… I can think of ways you might do it by getting people to set a DNS CNAME, for example, so they own the domain *but* authentication is controlled by a service. In theory, this allows ownership because you can replace it with a competitor.
AP is probably harder, but I don't think it's impossible, based on my cursory reading of the …

Physical Layer Challenge-Response Authentication between Ambient Backscatter Devices
Yifan Zhang, Yongchao Dang, Masoud Kaveh, Zheng Yan, Riku J\"antti, Zhu Han
https://arxiv.org/abs/2506.18767

Physical Layer Challenge-Response Authentication between Ambient Backscatter Devices
Ambient backscatter communication (AmBC) has become an integral part of ubiquitous Internet of Things (IoT) applications due to its energy-harvesting capabilities and ultra-low-power consumption. However, the open wireless environment exposes AmBC systems to various attacks, and existing authentication methods cannot be implemented between resource-constrained backscatter devices (BDs) due to their high computational demands.To this end, this paper proposes PLCRA-BD, a novel physical layer chal…

A whistleblower provides nonpublic data revealing that 1M 2FA SMS messages from June 2023 passed via Fink Telecom, a small Swiss company linked to spy agencies (Bloomberg)

Ja, krunchyfoods.in, dir vertraue ich ganz bestimmt meine Kreditkarteninformation zur Aktivierung der 2-Factor-Authentication auf einem Zahlungsdienst an, den ich nicht verwende.

Anomaly Detection for Sensing Security
Stefan Roth, Aydin Sezgin
https://arxiv.org/abs/2506.10718 https://arxiv.org/pdf/2506.10718

Anomaly Detection for Sensing Security
Various approaches in the field of physical layer security involve anomaly detection, such as physical layer authentication, sensing attacks, and anti-tampering solutions. Depending on the context in which these approaches are applied, anomaly detection needs to be computationally lightweight, resilient to changes in temperature and environment, and robust against phase noise. We adapt moving average filters, autoregression filters and Kalman filters to provide predictions of feature vectors th…

It sounds like that Tea app vulnerability (not the one where they had data just open to the world on Firebase, but a second problem) is what I describe in the first paragraph of this post.
You *can’t* rely on user-controlled devices to safely hold credentials that work for more than that one user—especially if the credentials live outside of something like a hardware security module, which they almost certainly do if your app is storing them.

Vendor Security
A few weeks ago I had to have a conversation with a vendor about credentials. Despite some push back from our side, they insisted that their Bearer Token style authentication key for HTTP requests was

The Passwordless Authentication with Passkey Technology from an Implementation Perspective
Lien Tran, Boyuan Zhang, Ratchanon Pawanja, Rashid Hussain Khokhar
https://arxiv.org/abs/2508.11928

The Passwordless Authentication with Passkey Technology from an Implementation Perspective
With the rise of sophisticated authentication bypass techniques, passwords are no longer considered a reliable method for securing authentication systems. In recent years, new authentication technologies have shifted from traditional password-based logins to passwordless security. Among these, Time-Based One-Time Passwords (TOTP) remain one of the most widely used mechanisms, while Passkeys are emerging as a promising alternative with growing adoption. This paper highlights the key techniques u…

Physical-Layer Signal Injection Attacks on EV Charging Ports: Bypassing Authentication via Electrical-Level Exploits
Hetian Shi, Yi He, Shangru Song, Jianwei Zhuge, Jian Mao
https://arxiv.org/abs/2506.16400

Physical-Layer Signal Injection Attacks on EV Charging Ports: Bypassing Authentication via Electrical-Level Exploits
The proliferation of electric vehicles in recent years has significantly expanded the charging infrastructure while introducing new security risks to both vehicles and chargers. In this paper, we investigate the security of major charging protocols such as SAE J1772, CCS, IEC 61851, GB/T 20234, and NACS, uncovering new physical signal spoofing attacks in their authentication mechanisms. By inserting a compact malicious device into the charger connector, attackers can inject fraudulent signals t…

remember when you could do this and just have free #WiFi

A Federated Learning-based Lightweight Network with Zero Trust for UAV Authentication
Hao Zhang, Fuhui Zhou, Wei Wang, Qihui Wu, Chau Yuen
https://arxiv.org/abs/2507.05111

A Federated Learning-based Lightweight Network with Zero Trust for UAV Authentication
Unmanned aerial vehicles (UAVs) are increasingly being integrated into next-generation networks to enhance communication coverage and network capacity. However, the dynamic and mobile nature of UAVs poses significant security challenges, including jamming, eavesdropping, and cyber-attacks. To address these security challenges, this paper proposes a federated learning-based lightweight network with zero trust for enhancing the security of UAV networks. A novel lightweight spectrogram network is …

Deep Learning Models for Robust Facial Liveness Detection
Oleksandr Kuznetsov, Emanuele Frontoni, Luca Romeo, Riccardo Rosati, Andrea Maranesi, Alessandro Muscatello
https://arxiv.org/abs/2508.09094

Deep Learning Models for Robust Facial Liveness Detection
In the rapidly evolving landscape of digital security, biometric authentication systems, particularly facial recognition, have emerged as integral components of various security protocols. However, the reliability of these systems is compromised by sophisticated spoofing attacks, where imposters gain unauthorized access by falsifying biometric traits. Current literature reveals a concerning gap: existing liveness detection methodologies - designed to counteract these breaches - fall short again…

Know Me by My Pulse: Toward Practical Continuous Authentication on Wearable Devices via Wrist-Worn PPG
Wei Shao, Zequan Liang, Ruoyu Zhang, Ruijie Fang, Ning Miao, Ehsan Kourkchi, Setareh Rafatirad, Houman Homayoun, Chongzhou Fang
https://arxiv.org/abs/2508.13690

Know Me by My Pulse: Toward Practical Continuous Authentication on Wearable Devices via Wrist-Worn PPG
Biometric authentication using physiological signals offers a promising path toward secure and user-friendly access control in wearable devices. While electrocardiogram (ECG) signals have shown high discriminability, their intrusive sensing requirements and discontinuous acquisition limit practicality. Photoplethysmography (PPG), on the other hand, enables continuous, non-intrusive authentication with seamless integration into wrist-worn wearable devices. However, most prior work relies on high…

Day 16
Just published a deep dive into building a secure login page with Next.js, NestJS, JWT, and PostgreSQL.
- Email verification
- Role-based access control
- Subscription enforcement
- Token decoding in frontend
- SQL-level inserts for system roles
Includes full code snippets and explanation of the entire flow.
Perfect if you're working on full-stack apps with JavaScript, TypeScript, and SQL.

DynoStore: A wide-area distribution system for the management of data over heterogeneous storage
Dante D. Sanchez-Gallegos, J. L. Gonzalez-Compean, Maxime Gonthier, Valerie Hayot-Sasson, J. Gregory Pauloski, Haochen Pan, Kyle Chard, Jesus Carretero, Ian Foster
https://arxiv.org/abs/2507.00576

DynoStore: A wide-area distribution system for the management of data over heterogeneous storage
Data distribution across different facilities offers benefits such as enhanced resource utilization, increased resilience through replication, and improved performance by processing data near its source. However, managing such data is challenging due to heterogeneous access protocols, disparate authentication models, and the lack of a unified coordination framework. This paper presents DynoStore, a system that manages data across heterogeneous storage systems. At the core of DynoStore are data …

AirSignatureDB: Exploring In-Air Signature Biometrics in the Wild and its Privacy Concerns
Marta Robledo-Moreno, Ruben Vera-Rodriguez, Ruben Tolosana, Javier Ortega-Garcia, Andres Huergo, Julian Fierrez
https://arxiv.org/abs/2508.08502

AirSignatureDB: Exploring In-Air Signature Biometrics in the Wild and its Privacy Concerns
Behavioral biometrics based on smartphone motion sensors are growing in popularity for authentication purposes. In this study, AirSignatureDB is presented: a new publicly accessible dataset of in-air signatures collected from 108 participants under real-world conditions, using 83 different smartphone models across four sessions. This dataset includes genuine samples and skilled forgeries, enabling a comprehensive evaluation of system robustness against realistic attack scenarios. Traditional an…

Quantum-Inspired Audio Unlearning: Towards Privacy-Preserving Voice Biometrics
Shreyansh Pathak, Sonu Shreshtha, Richa Singh, Mayank Vatsa
https://arxiv.org/abs/2507.22208 https…

Quantum-Inspired Audio Unlearning: Towards Privacy-Preserving Voice Biometrics
The widespread adoption of voice-enabled authentication and audio biometric systems have significantly increased privacy vulnerabilities associated with sensitive speech data. Compliance with privacy regulations such as GDPR's right to be forgotten and India's DPDP Act necessitates targeted and efficient erasure of individual-specific voice signatures from already-trained biometric models. Existing unlearning methods designed for visual data inadequately handle the sequential, temporal, and hig…

Bidirectional Biometric Authentication Using Transciphering and (T)FHE
Joon Soo Yoo, Tae Min Ahn, Ji Won Yoon
https://arxiv.org/abs/2506.12802 https://

Bidirectional Biometric Authentication Using Transciphering and (T)FHE
Biometric authentication systems pose privacy risks, as leaked templates such as iris or fingerprints can lead to security breaches. Fully Homomorphic Encryption (FHE) enables secure encrypted evaluation, but its deployment is hindered by large ciphertexts, high key overhead, and limited trust models. We propose the Bidirectional Transciphering Framework (BTF), combining FHE, transciphering, and a non-colluding trusted party to enable efficient and privacy-preserving biometric authentication. T…

Secure Hybrid Key Growing via Coherence Witnessing and Bipartite Encoding
Pol Juli\`a Farr\'e, Chris Aaron Schneider, Christian Deppe
https://arxiv.org/abs/2508.06294 https:…

Secure Hybrid Key Growing via Coherence Witnessing and Bipartite Encoding
We propose a novel Hybrid Key Growing (HKG) protocol based on quantum principles and a classical physical-layer assumption. We simultaneously exploit the quantum photon-number and photon-time-bin Degrees of Freedom (DoFs), effectively doubling the bit-per-pulse rate compared to conventional Quantum Key Growing (QKG) schemes. Our protocol integrates entity authentication, and is designed for practical implementation by avoiding reliance on single-photon sources or detectors. By incorporating pri…

Bidirectional Biometric Authentication Using Transciphering and (T)FHE
Joon Soo Yoo, Tae Min Ahn, Ji Won Yoon
https://arxiv.org/abs/2506.12802 https://

Bidirectional Biometric Authentication Using Transciphering and (T)FHE
Biometric authentication systems pose privacy risks, as leaked templates such as iris or fingerprints can lead to security breaches. Fully Homomorphic Encryption (FHE) enables secure encrypted evaluation, but its deployment is hindered by large ciphertexts, high key overhead, and limited trust models. We propose the Bidirectional Transciphering Framework (BTF), combining FHE, transciphering, and a non-colluding trusted party to enable efficient and privacy-preserving biometric authentication. T…

Nutzt du Client Authentication mit TLS-Zertifikaten?
#TLS #letsencrypt #EKU #X509

Exposing #OTelCollector in #Kubernetes with #GatewayAPI & #mTLS

Advancing Offline Handwritten Text Recognition: A Systematic Review of Data Augmentation and Generation Techniques
Yassin Hussein Rassul, Aram M. Ahmed, Polla Fattah, Bryar A. Hassan, Arwaa W. Abdulkareem, Tarik A. Rashid, Joan Lu
https://arxiv.org/abs/2507.06275

Advancing Offline Handwritten Text Recognition: A Systematic Review of Data Augmentation and Generation Techniques
Offline Handwritten Text Recognition (HTR) systems play a crucial role in applications such as historical document digitization, automatic form processing, and biometric authentication. However, their performance is often hindered by the limited availability of annotated training data, particularly for low-resource languages and complex scripts. This paper presents a comprehensive survey of offline handwritten data augmentation and generation techniques designed to improve the accuracy and robu…

VeriPHY: Physical Layer Signal Authentication for Wireless Communication in 5G Environments
Clifton Paul Robinson, Salvatore D'Oro, Tommaso Melodia
https://arxiv.org/abs/2508.09213

VeriPHY: Physical Layer Signal Authentication for Wireless Communication in 5G Environments
Physical layer authentication (PLA) uses inherent characteristics of the communication medium to provide secure and efficient authentication in wireless networks, bypassing the need for traditional cryptographic methods. With advancements in deep learning, PLA has become a widely adopted technique for its accuracy and reliability. In this paper, we introduce VeriPHY, a novel deep learning-based PLA solution for 5G networks, which enables unique device identification by embedding signatures with…

An LLM Agent for Functional Bug Detection in Network Protocols
Mingwei Zheng, Chengpeng Wang, Xuwei Liu, Jinyao Guo, Shiwei Feng, Xiangyu Zhang
https://arxiv.org/abs/2506.00714

An LLM Agent for Functional Bug Detection in Network Protocols
Functional correctness is critical for ensuring the reliability and security of network protocol implementations. Functional bugs, instances where implementations diverge from behaviors specified in RFC documents, can lead to severe consequences, including faulty routing, authentication bypasses, and service disruptions. Detecting these bugs requires deep semantic analysis across specification documents and source code, a task beyond the capabilities of traditional static analysis tools. This p…

Perfect message authentication codes are robust to small deviations from uniform key distributions
Boris Ryabko
https://arxiv.org/abs/2508.09783 https://ar…

Perfect message authentication codes are robust to small deviations from uniform key distributions
We investigate the impact of (possible) deviations of the probability distribution of key values from a uniform distribution for the information-theoretic strong, or perfect, message authentication code. We found a simple expression for the decrease in security as a function of the statistical distance between the real key probability distribution and the uniform one. In a sense, a perfect message authentication code is robust to small deviations from a uniform key distribution.

Challenges in GenAI and Authentication: a scoping review
Wesley dos Reis Bezerra, Lais Machado Bezerra, Carlos Becker Westphall
https://arxiv.org/abs/2507.11775

Challenges in GenAI and Authentication: a scoping review
Authentication and authenticity have been a security challenge since the beginning of information sharing, especially in the context of digital information. With the advancement of generative artificial intelligence, these challenges have evolved, demanding a more up-to-date analysis of their impacts on society and system security. This work presents a scoping review that analyzed 88 documents from the IEEExplorer, Scopus, and ACM databases, promoting an analysis of the resulting portfolio thro…

Replaced article(s) found for cs.CR. https://arxiv.org/list/cs.CR/new
[1/1]:
- Quantum-Safe Hybrid Key Exchanges with KEM-Based Authentication
Christopher Battarbee, Christoph Striecks, Ludovic Perret, Sebastian Ramacher, Kevin Verhaeghe

Wireless Home Automation Using Social Networking Websites
Divya Alok Gupta, Dwith Chenna, B. Aditya Vighnesh Ramakanth
https://arxiv.org/abs/2506.22482 htt…

Wireless Home Automation Using Social Networking Websites
With the advent of Internet of Things, Wireless Home Automation Systems WHAS are gradually gaining popularity. These systems are faced with multiple challenges such as security; controlling a variety of home appliances with a single interface and user friendliness. In this paper we propose a system that uses secure authentication systems of social networking websites such as Twitter, tracks the end-users activities on the social network and then control his or her domestic appliances. At the en…

Day 4
TL;DR: Full Swagger docs JWT auth with registration and login are live.
Today’s work focused on two key improvements.
1. Swagger documentation was extended across all API layers. DTOs, entities, and controllers were enriched with `@ApiTags`, `@ApiOperation`, `@ApiResponse`, and detailed `@ApiBody` annotations — including real-life examples for request bodies.
2. JWT-based authentication was implemented. A secure registration flow was added, with password hashi…

Noise-Driven AI Sensors: Secure Healthcare Monitoring with PUFs
Christiana Chamon, Abhijit Sarkar, A. Lynn Abbott
https://arxiv.org/abs/2506.05135 https://…

Noise-Driven AI Sensors: Secure Healthcare Monitoring with PUFs
Wearable and implantable healthcare sensors are pivotal for real-time patient monitoring but face critical challenges in power efficiency, data security, and signal noise. This paper introduces a novel platform that leverages hardware noise as a dual-purpose resource to enhance machine learning (ML) robustness and secure data via Physical Unclonable Functions (PUFs). By integrating noise-driven signal processing, PUFbased authentication, and ML-based anomaly detection, our system achieves secur…

Building a robust OAuth token based API Security: A High level Overview
Senthilkumar Gopal
https://arxiv.org/abs/2507.16870 https://arxiv.org/pdf/2507.1687…

Building a robust OAuth token based API Security: A High level Overview
APIs (Application Programming Interfaces) or Web Services are the foundational building blocks that enable interconnected systems. However this proliferation of APIs has also introduced security challenges that require systematic and scalable solutions for secure authentication and authorization. This paper presents the fundamentals necessary for building a such a token-based API security system. It discusses the components necessary, the integration of OAuth 2.0, extensibility of the token arc…

#4 👥 Leverage built-in authentication with #Breeze, #Fortify or #Jetstream
🗝️ Store passwords securely using

DTHA: A Digital Twin-Assisted Handover Authentication Scheme for 5G and Beyond
Guanjie Li, Tom H. Luan, Chengzhe Lai, Jinkai Zheng, Rongxing Lu
https://arxiv.org/abs/2506.11669

DTHA: A Digital Twin-Assisted Handover Authentication Scheme for 5G and Beyond
With the rapid development and extensive deployment of the fifth-generation wireless system (5G), it has achieved ubiquitous high-speed connectivity and improved overall communication performance. Additionally, as one of the promising technologies for integration beyond 5G, digital twin in cyberspace can interact with the core network, transmit essential information, and further enhance the wireless communication quality of the corresponding mobile device (MD). However, the utilization of milli…

Next Generation Authentication for Data Spaces: An Authentication Flow Based On Grant Negotiation And Authorization Protocol For Verifiable Presentations (GNAP4VP)
Rodrigo Men\'endez, Andres Munoz-Arcentales, Joaqu\'in Salvach\'ua, Carlos Aparicio, Irene Plaza, Gabriel Huecas
https://arxiv.org/abs/2505.24698

Next Generation Authentication for Data Spaces: An Authentication Flow Based On Grant Negotiation And Authorization Protocol For Verifiable Presentations (GNAP4VP)
Identity verification in Data Spaces is a fundamental aspect of ensuring security and privacy in digital environments. This paper presents an identity verification protocol tailored for shared data environments within Data Spaces. This protocol extends the Grant Negotiation and Authorization Protocol (GNAP) and integrates OpenID Connect for Verifiable Presentations (OIDC4VP) along with support for Linked Verifiable Presentations (LVP), providing a robust foundation for secure and privacy-preser…

Social-Sensor Identity Cloning Detection Using Weakly Supervised Deep Forest and Cryptographic Authentication
Ahmed Alharbi, Hai Dong, Xun Yi
https://arxiv.org/abs/2508.09665 ht…

Social-Sensor Identity Cloning Detection Using Weakly Supervised Deep Forest and Cryptographic Authentication
Recent years have witnessed a rising trend in social-sensor cloud identity cloning incidents. However, existing approaches suffer from unsatisfactory performance, a lack of solutions for detecting duplicated accounts, and a lack of large-scale evaluations on real-world datasets. We introduce a novel method for detecting identity cloning in social-sensor cloud service providers. Our proposed technique consists of two primary components: 1) a similar identity detection method and 2) a cryptograph…

Authentication and authorization in Data Spaces: A relationship-based access control approach for policy specification based on ODRL
Irene Plaza-Ortiz, Andres Munoz-Arcentales, Joaqu\'in Salvach\'ua, Carlos Aparicio, Gabriel Huecas, Enrique Barra
https://arxiv.org/abs/2505.24742 …

Authentication and authorization in Data Spaces: A relationship-based access control approach for policy specification based on ODRL
Data has become a crucial resource in the digital economy, fostering initiatives for secure and sovereign data sharing frameworks such as Data Spaces. However, these distributed environments require fine-grained access control mechanisms that balance openness with sovereignty and security. This paper proposes an extension of the Open Digital Rights Language (ODRL) standard, the ODRL Data Spaces (ODS) profile, aimed at supporting authorization and complementing existing authentication mechanisms…

Physical Layer-Based Device Fingerprinting for Wireless Security: From Theory to Practice
Junqing Zhang, Francesco Ardizzon, Mattia Piana, Guanxiong Shen, Stefano Tomasin
https://arxiv.org/abs/2506.09807

Physical Layer-Based Device Fingerprinting for Wireless Security: From Theory to Practice
The identification of the devices from which a message is received is part of security mechanisms to ensure authentication in wireless communications. Conventional authentication approaches are cryptography-based, which, however, are usually computationally expensive and not adequate in the Internet of Things (IoT), where devices tend to be low-cost and with limited resources. This paper provides a comprehensive survey of physical layer-based device fingerprinting, which is an emerging device a…

AuthenTree: A Scalable MPC-Based Distributed Trust Architecture for Chiplet-based Heterogeneous Systems
Ishraq Tashdid, Tasnuva Farheen, Sazadur Rahman
https://arxiv.org/abs/2508.13033

AuthenTree: A Scalable MPC-Based Distributed Trust Architecture for Chiplet-based Heterogeneous Systems
The rapid adoption of chiplet-based heterogeneous integration is reshaping semiconductor design by enabling modular, scalable, and faster time-to-market solutions for AI and high-performance computing. However, multi-vendor assembly in post-fabrication environments fragments the supply chain and exposes SiP systems to serious security threats, including cloning, overproduction, and chiplet substitution. Existing authentication solutions depend on trusted integrators or centralized security anch…

SoftPUF: a Software-Based Blockchain Framework using PUF and Machine Learning
S M Mostaq Hossain, Sheikh Ghafoor, Kumar Yelamarthi, Venkata Prasanth Yanambaka
https://arxiv.org/abs/2508.02438

SoftPUF: a Software-Based Blockchain Framework using PUF and Machine Learning
Physically Unclonable Function (PUF) offers a secure and lightweight alternative to traditional cryptography for authentication due to their unique device fingerprint. However, their dependence on specialized hardware hinders their adoption in diverse applications. This paper proposes a novel blockchain framework that leverages SoftPUF, a software-based approach mimicking PUF. SoftPUF addresses the hardware limitations of traditional PUF, enabling secure and efficient authentication for a broad…

MEraser: An Effective Fingerprint Erasure Approach for Large Language Models
Jingxuan Zhang, Zhenhua Xu, Rui Hu, Wenpeng Xing, Xuhong Zhang, Meng Han
https://arxiv.org/abs/2506.12551

MEraser: An Effective Fingerprint Erasure Approach for Large Language Models
Large Language Models (LLMs) have become increasingly prevalent across various sectors, raising critical concerns about model ownership and intellectual property protection. Although backdoor-based fingerprinting has emerged as a promising solution for model authentication, effective attacks for removing these fingerprints remain largely unexplored. Therefore, we present Mismatched Eraser (MEraser), a novel method for effectively removing backdoor-based fingerprints from LLMs while maintaining …

This https://arxiv.org/abs/2405.12042 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csCR_…

Attribute-Based Authentication in Secure Group Messaging for Distributed Environments
Messaging Layer security (MLS) and its underlying Continuous Group Key Agreement (CGKA) protocol allows a group of users to share a cryptographic secret in a dynamic manner, such that the secret is modified in member insertions and deletions. Although this flexibility makes MLS ideal for implementations in distributed environments, a number of issues need to be overcome. Particularly, the use of digital certificates for authentication in a group goes against the group members' privacy. In this …

Identity and Access Management for the Computing Continuum
Chalima Dimitra Nassar Kyriakidou, Athanasia Maria Papathanasiou, Vasilios A. Siris, Nikos Fotiou, George C. Polyzos, Eduardo C\'anovas Mart\'inez, Antonio Skarmeta
https://arxiv.org/abs/2506.09559

Identity and Access Management for the Computing Continuum
The computing continuum introduces new challenges for access control due to its dynamic, distributed, and heterogeneous nature. In this paper, we propose a Zero-Trust (ZT) access control solution that leverages decentralized identification and authentication mechanisms based on Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). Additionally, we employ Relationship-Based Access Control (ReBAC) to define policies that capture the evolving trust relationships inherent in the contin…

README: Robust Error-Aware Digital Signature Framework via Deep Watermarking Model
Hyunwook Choi, Sangyun Won, Daeyeon Hwang, Junhyeok Choi
https://arxiv.org/abs/2507.04495

README: Robust Error-Aware Digital Signature Framework via Deep Watermarking Model
Deep learning-based watermarking has emerged as a promising solution for robust image authentication and protection. However, existing models are limited by low embedding capacity and vulnerability to bit-level errors, making them unsuitable for cryptographic applications such as digital signatures, which require over 2048 bits of error-free data. In this paper, we propose README (Robust Error-Aware Digital Signature via Deep WaterMarking ModEl), a novel framework that enables robust, verifiabl…

A Comparative Study and Implementation of Key Derivation Functions Standardized by NIST and IEEE
Abel C. H. Chen
https://arxiv.org/abs/2507.06244 https://

A Comparative Study and Implementation of Key Derivation Functions Standardized by NIST and IEEE
Since many applications and services require pseudorandom numbers (PRNs), it is feasible to generate specific PRNs under given key values and input messages using Key Derivation Functions (KDFs). These KDFs are primarily constructed based on Message Authentication Codes (MACs), where the MAC serves as a core component in the generation of pseudorandom numbers. In light of this, the study first examines three MAC algorithms defined by the National Institute of Standards and Technology (NIST): th…

Replaced article(s) found for cs.CR. https://arxiv.org/list/cs.CR/new
[1/2]:
- Privacy-Enhanced Adaptive Authentication: User Profiling with Privacy Guarantees
Yaser Baseri, Abdelhakim Senhaji Hafid, Dimitrios Makrakis

This https://arxiv.org/abs/2505.19301 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csCR_…

A Novel Zero-Trust Identity Framework for Agentic AI: Decentralized Authentication and Fine-Grained Access Control
Traditional Identity and Access Management (IAM) systems, primarily designed for human users or static machine identities via protocols such as OAuth, OpenID Connect (OIDC), and SAML, prove fundamentally inadequate for the dynamic, interdependent, and often ephemeral nature of AI agents operating at scale within Multi Agent Systems (MAS), a computational system composed of multiple interacting intelligent agents that work collectively. This paper posits the imperative for a novel Agentic AI I…

Cyber Attacks Detection, Prevention, and Source Localization in Digital Substation Communication using Hybrid Statistical-Deep Learning
Nicola Cibin, Bas Mulder, Herman Carstens, Peter Palensky, Alexandru \c{S}tefanov
https://arxiv.org/abs/2507.00522

Cyber Attacks Detection, Prevention, and Source Localization in Digital Substation Communication using Hybrid Statistical-Deep Learning
The digital transformation of power systems is accelerating the adoption of IEC 61850 standard. However, its communication protocols, including Sampled Values (SV), lack built-in security features such as authentication and encryption, making them vulnerable to malicious packet injection. Such cyber attacks can delay fault clearance or trigger unintended circuit breaker operations. While most existing research focuses on detecting cyber attacks in digital substations, intrusion prevention syste…

GUARD-CAN: Graph-Understanding and Recurrent Architecture for CAN Anomaly Detection
Hyeong Seon Kim, Huy Kang Kim
https://arxiv.org/abs/2507.21640 https://…

GUARD-CAN: Graph-Understanding and Recurrent Architecture for CAN Anomaly Detection
Modern in-vehicle networks face various cyber threats due to the lack of encryption and authentication in the Controller Area Network (CAN). To address this security issue, this paper presents GUARD-CAN, an anomaly detection framework that combines graph-based representation learning with time-series modeling. GUARD-CAN splits CAN messages into fixed-length windows and converts each window into a graph that preserves message order. To detect anomalies in the timeaware and structure-aware contex…

Digital identity management system with blockchain:An implementation with Ethereum and Ganache
Andr\'e Davi Lopes, Tais Mello, Wesley dos Reis Bezerra
https://arxiv.org/abs/2507.21398

Digital identity management system with blockchain:An implementation with Ethereum and Ganache
This paper presents the development of a distributed digital identity system utilizing modern technologies, including FastAPI, MongoDB, gRPC, Docker, and blockchain simulation with Ganache and Ethereum. The objective is to demonstrate the benefits of distributed systems and blockchain for the security, traceability, and decentralization of digital identities. The methodology included the development of a microservices architecture with JWT authentication, data persistence in MongoDB, simulation…