Shahid Raza

Abbas Arghavani, Alessandro V. Papadopoulos, Vahid Azimi Mousolou et al.

Covert quantum communication is usually analyzed under idealized assumptions that channel parameters, such as transmissivity and background noise, are perfectly known and constant. In realistic optical links, including satellite, fiber, and free-space systems, these parameters vary because of environmental fluctuations, calibration noise, and estimation errors. We study covert quantum communication over compound quantum optical channels with bounded uncertainty in both transmissivity and thermal noise, and derive guarantees that hold for all admissible channel realizations. We develop a robust framework for certifying both covertness and reliability under uncertainty. A central finding is that robustness cannot be obtained by simply inserting worst-case parameter values into known-channel bounds: the channel realizations that are most adverse for covertness and reliability generally occur at different corners of the uncertainty set. This creates a fundamental trade-off in secure system design. We derive a closed-form lower bound on the worst-case guaranteed number of covert qubits that can be transmitted reliably, identify a sharp feasibility boundary beyond which the guaranteed payload drops to zero, and quantify the security penalty caused by uncertainty. We validate the covertness term with QuTiP simulations of a four-mode bosonic model and combine it with an analytical reliability bound to evaluate the robust payload. Our results move covert quantum communication from nominal perfect-knowledge analysis to certified worst-case operation under uncertainty.

Abbas Arghavani, Shahid Raza, Maryam Amiri et al.

Covert quantum communication (CQC) seeks to hide not only message content but also the existence of communication. Existing CQC models usually assume deterministic or worst-case channel conditions, which are difficult to justify in realistic free-space optical and quantum links affected by turbulence, fluctuating background radiance, and stochastic detector noise. We propose a stochastic risk-aware optimization framework for CQC under uncertain physical-layer conditions. By modeling transmissivity and background noise as random variables, we express covertness and reliability guarantees through chance constraints with explicit outage budgets $ε_{\text{cov}}$ and $ε_{\text{rel}}$. This recasts CQC design as a risk-calibrated resource-allocation problem balancing throughput, covertness, reliability, and communication privacy. We derive quantile-based reformulations of the outage constraints, characterize feasible operating regions under stochastic uncertainty, and introduce a complementary risk-adjusted utility formulation to expose throughput-risk trade-offs. The analysis reveals that modest relaxations in acceptable covertness-outage risk can yield large throughput gains, while aggressive optimization may break covertness outside sparse-transmission regimes. Monte Carlo results under log-normal fading and stochastic thermal noise show that the framework expands feasible operating regions, improves covert throughput by more than an order of magnitude, and identifies degradation boundaries beyond which covert operation becomes unreliable. These results move CQC closer to realistic secure quantum networking for free-space, satellite, and low-probability-of-detection applications.

Santiago Aragon, Marco Tiloca, Max Maass et al.

The Authentication and Authorization for Constrained Environments (ACE) framework provides fine-grained access control in the Internet of Things, where devices are resource-constrained and with limited connectivity. The ACE framework defines separate profiles to specify how exactly entities interact and what security and communication protocols to use. This paper presents the novel ACE IPsec profile, which specifies how a client establishes a secure IPsec channel with a resource server, contextually using the ACE framework to enforce authorized access to remote resources. The profile makes it possible to establish IPsec Security Associations, either through their direct provisioning or through the standard IKEv2 protocol. We provide the first Open Source implementation of the ACE IPsec profile for the Contiki OS and test it on the resource-constrained Zolertia Firefly platform. Our experimental performance evaluation confirms that the IPsec profile and its operating modes are affordable and deployable also on constrained IoT platforms.

Jan Lauinger, Mudassar Aslam, Mohammad Hamad et al.

The Internet of Vehicles (IoV) equips vehicles with connectivity to the Internet and the Internet of Things (IoT) to support modern applications such as autonomous driving. However, the consolidation of complex computing domains of vehicles, the Internet, and the IoT limits the applicability of tailored security solutions. In this paper, we propose a new methodology to quantitatively verify the security of single or system-level assets of the IoV infrastructure. In detail, our methodology decomposes assets of the IoV infrastructure with the help of reference sub-architectures and the 4+1 view model analysis to map identified assets into data, software, networking, and hardware categories. This analysis includes a custom threat modeling concept to perform parameterization of Common Vulnerability Scoring System (CVSS) scores per view model domain. As a result, our methodology is able to allocate assets from attack paths to view model domains. This equips assets of attack paths with our IoV-driven CVSS scores. Our CVSS scores assess the attack likelihood which we use for Markov Chain transition probabilities. This way, we quantitatively verify system-level security among a set of IoV assets. Our results show that our methodology applies to arbitrary IoV attack paths. Based on our parameterization of CVSS scores and our selection of use cases, remote attacks are less likely to compromise location data compared to attacks from close proximity for authorized and unauthorized attackers respectively.