Attila A. Yavuz

Elisa Bertino, Ramana Kompella, Ashish Kundu et al.

Large-scale quantum computers threaten the public-key cryptographic foundations underpinning today's network security infrastructures. While significant progress has been made in standardizing post-quantum cryptographic (PQC) primitives and adapting individual protocols such as TLS and SSH, far less attention has been paid to the broader architectural consequences of the post-quantum transition for networked systems. In particular, many real-world deployments such as mobile networks, industrial control systems, IoT environments, and regulated infrastructures cannot assume the universal availability, deployability, or desirability of PQ public-key infrastructures. This paper presents the first comprehensive systematization of PQ-resistant network architectures, focusing on key distribution and management as a system-level design problem rather than a protocol-local substitution. We introduce a unified taxonomy spanning cryptographic foundations (symmetric-only, PQ-PKI, hybrid, and information-theoretic multi-path), key-distribution architectures (centralized, hierarchical, replicated, threshold, MPC-backed, and serverless), trust and threat models, key-management lifecycle, and deployment environments. Using this framework, we analyze the security, scalability, and operational trade-offs of a wide range of architectures under realistic PQ adversary assumptions, including harvest-now, decrypt-later attacks and partial infrastructure compromise. Our study highlights fundamental gaps in existing approaches, clarifies when PQ-PKI is necessary or avoidable, and identifies promising research directions for building cryptographically agile, quantum-resilient network infrastructures.

Saif E. Nouma, Gokhan Mumcu, Attila A. Yavuz

Resource-constrained Internet of Things (IoT) devices, from medical implants to small drones, must transmit sensitive telemetry under adversarial wireless channels while operating under stringent computing and energy budgets. Authenticated Encryption (AE) is essential to ensure confidentiality, integrity, and authenticity. However, existing lightweight AE standards lack forward-security guarantees, compact tag aggregation, and offline-online (OO) optimizations required for modern high-throughput IoT pipelines. We introduce Diamond , the first provably secure Forward-secure and Aggregate Authenticated Encryption (FAAE) framework that extends and generalizes prior FAAE constructions through a lightweight key evolution mechanism, an OOoptimized computation pipeline, and a set of performance-tier instantiations. Diamond substantially reduces amortized offline preprocessing (up to 47%) and achieves up to an order-of-magnitude reduction in end-toend latency for large telemetry batches. Our comprehensive evaluation on 64-bit ARM Cortex-A72, 32-bit ARM Cortex-M4 and 8-bit AVR architectures confirms that Diamond outperforms baseline FAAE variants in authenticated encryption throughput and end-to-end verification latency while maintaining compact tag aggregation and strong breach resilience. Diamond outperforms NIST lightweight AE candidates for medium and large payloads, while remaining competitive for small messages when amortized across batches. We formally prove the security of Diamond and provide two concrete instantiations optimized for compliance and high efficiency. Our open-source release enables reproducibility and seamless integration into IoT platforms.

Rouzbeh Behnia, Attila A. Yavuz, Muslum Ozgur Ozmen et al.

Certificates ensure the authenticity of users' public keys, however their overhead (e.g., certificate chains) might be too costly for some IoT systems like aerial drones. Certificate-free cryptosystems, like identity-based and certificateless systems, lift the burden of certificates and could be a suitable alternative for such IoTs. However, despite their merits, there is a research gap in achieving compatible identity-based and certificateless systems to allow users from different domains (identity-based or certificateless) to communicate seamlessly. Moreover, more efficient constructions can enable their adoption in resource-limited IoTs. In this work, we propose new identity-based and certificateless cryptosystems that provide such compatibility and efficiency. This feature is beneficial for heterogeneous IoT settings (e.g., commercial aerial drones), where different levels of trust/control is assumed on the trusted third party. Our schemes are more communication efficient than their public key based counterparts, as they do not need certificate processing. Our experimental analysis on both commodity and embedded IoT devices show that, only with the cost of having a larger system public key, our cryptosystems are more computation and communication efficient than their certificate-free counterparts. We prove the security of our schemes (in the random oracle model) and open-source our cryptographic framework for public testing/adoption.

Attila A. Yavuz, Muslum Ozgur Ozmen

Digital signatures are basic cryptographic tools to provide authentication and integrity in the emerging ubiquitous systems in which resource-constrained devices are expected to operate securely and efficiently. However, existing digital signatures might not be fully practical for such resource-constrained devices (e.g., medical implants) that have energy limitations. Some other computationally efficient alternatives (e.g., one-time/multiple-time signatures) may introduce high memory and/or communication overhead due to large private key and signature sizes. In this paper, our contributions are two-fold: First, we develop a new lightweight multiple-time digital signature scheme called Signer Efficient Multiple-time Elliptic Curve Signature (SEMECS), which is suitable for resource-constrained embedded devices. SEMECS achieves optimal signature and private key sizes for an EC-based signature without requiring any EC operation (e.g., EC scalar multiplication or addition) at the signer. We prove SEMECS is secure (in random oracle model) with a tight security reduction. Second, we fully implemented SEMECS on 8-bit AVR microprocessor with a comprehensive energy consumption analysis and comparison. Our experiments confirm up to 19x less battery-consumption for SEMECS as compared to its fastest (full-time) counterpart, SchnorrQ, while offering significant performance advantages over its multiple-time counterparts in various fronts. We open-source our implementation for public testing and adoption.

Muslum Ozgur Ozmen, Rouzbeh Behnia, Attila A. Yavuz

Internet of Drones (IoD) is expected to play a central role in many civilian and military applications, that require sensitive and mission-critical information to be processed. It is therefore vital to ensure the security and privacy of IoD. However, unlike traditional networks, IoD has a broader attack surface and is highly energy-constrained, which hinder the direct adoption of standard cryptographic protocols for IoD. We propose an energy-efficient cryptographic framework (namely IoD-Crypt), which can potentially meet the requirements of battery-limited IoD. Specifically, IoD-Crypt utilizes special precomputation techniques and self-certified primitives to gain significant computation and communication efficiency over the standard public key cryptography (PKC) suites. Our integrations and optimizations are broadly applicable to key exchange, digital signature and public key encryption schemes that encompass generic applications of PKC in IoD. We prove that IoD-Crypt is secure in the random oracle model. We fully implemented IoD-Crypt on two common drone processors, namely 8-bit AVR and 32-bit ARM, and conducted an in-depth energy analysis. Our experiments (on both platforms) showed that IoD-Crypt offers up to 48x less energy consumption compared to standard techniques. We have open-sourced our implementations for wide adoption and public testing purposes.

Muslum Ozgur Ozmen, Attila A. Yavuz, Rouzbeh Behnia

Authentication is vital for the Internet of Things (IoT) applications involving sensitive data (e.g., medical and financial systems). Digital signatures offer scalable authentication with non-repudiation and public verifiability, which are necessary for auditing and dispute resolution in such IoT applications. However, digital signatures have been shown to be highly costly for low-end IoT devices, especially when embedded devices (e.g., medical implants) must operate without a battery replacement for a long time. We propose an Energy-aware Signature for Embedded Medical devices (ESEM) that achieves near-optimal signer efficiency. ESEM signature generation does not require any costly operations (e.g., elliptic curve (EC) scalar multiplication/addition), but only a small constant-number of pseudo-random function calls, additions, and a single modular multiplication. ESEM has the smallest signature size among its EC-based counterparts with an identical private key size. We achieve this by eliminating the use of the ephemeral public key (i.e, commitment) in Schnorr-type signatures from the signing via a distributed construction at the verifier without interaction with the signer while permitting a constant-size public key. We proved that ESEM is secure (in random oracle model), and fully implemented it on an 8-bit AVR microcontroller that is commonly used in medical devices. Our experiments showed that ESEM achieves 8.4x higher energy efficiency over its closest counterpart while offering a smaller signature and code size. Hence, ESEM can be suitable for deployment on resource limited embedded devices in IoT. We open-sourced our software for public testing and wide-adoption.

Rouzbeh Behnia, Muslum Ozgur Ozmen, Attila A. Yavuz

Efficient authentication is vital for IoT applications with stringent minimum-delay requirements (e.g., energy delivery systems). This requirement becomes even more crucial when the IoT devices are battery-powered, like small aerial drones, and the efficiency of authentication directly translates to more operation time. Although some fast authentication techniques have been proposed, some of them might not fully meet the needs of the emerging delay-aware IoT. In this paper, we propose a new signature scheme called ARIS that pushes the limits of the existing digital signatures, wherein commodity hardware can verify 83,333 signatures per second. ARIS also enables the fastest signature generation along with the lowest energy consumption and end-to-end delay among its counterparts. These significant computational advantages come with a larger storage requirement, which is a highly favorable trade-off for some critical delay-aware applications. These desirable features are achieved by harnessing message encoding with cover-free families and special elliptic curve based one-way function. We prove the security of ARIS under the hardness of the elliptic curve discrete logarithm problem in the random oracle model. We provide an open-sourced implementation of ARIS on commodity hardware and 8-bit AVR microcontroller for public testing and verification.

Yiwei Zhang, Rouzbeh Behnia, Attila A. Yavuz et al.

Federated learning enables the collaborative learning of a global model on diverse data, preserving data locality and eliminating the need to transfer user data to a central server. However, data privacy remains vulnerable, as attacks can target user training data by exploiting the updates sent by users during each learning iteration. Secure aggregation protocols are designed to mask/encrypt user updates and enable a central server to aggregate the masked information. MicroSecAgg (PoPETS 2024) proposes a single server secure aggregation protocol that aims to mitigate the high communication complexity of the existing approaches by enabling a one-time setup of the secret to be re-used in multiple training iterations. In this paper, we identify a security flaw in the MicroSecAgg that undermines its privacy guarantees. We detail the security flaw and our attack, demonstrating how an adversary can exploit predictable masking values to compromise user privacy. Our findings highlight the critical need for enhanced security measures in secure aggregation protocols, particularly the implementation of dynamic and unpredictable masking strategies. We propose potential countermeasures to mitigate these vulnerabilities and ensure robust privacy protection in the secure aggregation frameworks.

Mohamed Grissa, Attila A. Yavuz, Bechir Hamdaoui

As part of its ongoing efforts to meet the increased spectrum demand, the Federal Communications Commission (FCC) has recently opened up 150 MHz in the 3.5 GHz band for shared wireless broadband use. Access and operations in this band, aka Citizens Broadband Radio Service (CBRS), will be managed by a dynamic spectrum access system (SAS) to enable seamless spectrum sharing between secondary users (SUs) and incumbent users. Despite its benefits, SAS's design requirements, as set by FCC, present privacy risks to SUs, merely because SUs are required to share sensitive operational information (e.g., location, identity, spectrum usage) with SAS to be able to learn about spectrum availability in their vicinity. In this paper, we propose TrustSAS , a trustworthy framework for SAS that synergizes state-of-the-art cryptographic techniques with blockchain technology in an innovative way to address these privacy issues while complying with FCC's regulatory design requirements. We analyze the security of our framework and evaluate its performance through analysis, simulation and experimentation. We show that TrustSAS can offer high security guarantees with reasonable overhead, making it an ideal solution for addressing SUs' privacy issues in an operational SAS environment.

Mohamed Grissa, Attila A. Yavuz, Bechir Hamdaoui

Spectrum database-based cognitive radio networks (CRNs) have become the de facto approach for enabling unlicensed secondary users (SUs) to identify spectrum vacancies in channels owned by licensed primary users (PUs). Despite its merits, the use of spectrum databases incurs privacy concerns for both SUs and PUs. Single-server private information retrieval (PIR) has been used as the main tool to address this problem. However, such techniques incur extremely large communication and computation overheads while offering only computational privacy. Besides, some of these PIR protocols have been broken. In this paper, we show that it is possible to achieve high efficiency and (information-theoretic) privacy for both PUs and SUs in database-driven CRN with multi-server PIR. Our key observation is that, by design, database-driven CRNs comprise multiple databases that are required, by the Federal Communications Commission, to synchronize their records. To the best of our knowledge, we are the first to exploit this observation to harness multi-server PIR technology to guarantee an optimal privacy for both SUs and PUs, thanks to the unique properties of database-driven CRN . We showed, analytically and empirically with deployments on actual cloud systems, that multi-server PIR is an ideal tool to provide efficient location privacy in database-driven CRN.

Muslum Ozgur Ozmen, Attila A. Yavuz

Aerial drones are becoming an integral part of application domains including but not limited to, military operations, package delivery, construction, monitoring and search/rescue operations. It is critical to ensure the cyber security of networked aerial drone systems in these applications. Standard cryptographic services can be deployed to provide basic security services; however, they have been shown to be inefficient in terms of energy and time consumption, especially for small aerial drones with resource-limited processors. Therefore, there is a significant need for an efficient cryptographic framework that can meet the requirements of small aerial drones. We propose an improved cryptographic framework for small aerial drones, which offers significant energy efficiency and speed advantages over standard cryptographic techniques. (i) We create (to the best of our knowledge) the first optimized public key infrastructure (PKI) based framework for small aerial drones, which provides energy efficient techniques by harnessing special precomputation methods and optimized elliptic curves. (ii) We also integrate recent light-weight symmetric primitives into our PKI techniques to provide a full-fledged cryptographic framework. (iii) We implemented standard counterparts and our proposed techniques on an actual small aerial drone (Crazyflie 2.0), and provided an in-depth energy analysis. Our experiments showed that our improved cryptographic framework achieves up to 35x lower energy consumption than its standard counterpart.

Mohamed Grissa, Attila A. Yavuz, Bechir Hamdaoui

Cooperative spectrum sensing, despite its effectiveness in enabling dynamic spectrum access, suffers from location privacy threats, merely because secondary users (SUs)' sensing reports that need to be shared with a fusion center to make spectrum availability decisions are highly correlated to the users' locations. It is therefore important that cooperative spectrum sensing schemes be empowered with privacy preserving capabilities so as to provide SUs with incentives for participating in the sensing task. In this paper, we propose privacy preserving protocols that make use of various cryptographic mechanisms to preserve the location privacy of SUs while performing reliable and efficient spectrum sensing. We also present cost-performance tradeoffs. The first consists on using an additional architectural entity at the benefit of incurring lower computation overhead by relying only on symmetric cryptography. The second consists on using an additional secure comparison protocol at the benefit of incurring lesser architectural cost by not requiring extra entities. Our schemes can also adapt to the case of a malicious fusion center as we discuss in this paper. We also show that not only are our proposed schemes secure and more efficient than existing alternatives, but also achieve fault tolerance and are robust against sporadic network topological changes.

Mohamed Grissa, Bechir Hamdaoui, Attila A. Yavuz

Cognitive radio networks (CRNs) have emerged as an essential technology to enable dynamic and opportunistic spectrum access which aims to exploit underutilized licensed channels to solve the spectrum scarcity problem. Despite the great benefits that CRNs offer in terms of their ability to improve spectrum utilization efficiency, they suffer from user location privacy issues. Knowing that their whereabouts may be exposed can discourage users from joining and participating in the CRNs, thereby potentially hindering the adoption and deployment of this technology in future generation networks. The location information leakage issue in the CRN context has recently started to gain attention from the research community due to its importance, and several research efforts have been made to tackle it. However, to the best of our knowledge, none of these works have tried to identify the vulnerabilities that are behind this issue or discuss the approaches that could be deployed to prevent it. In this paper, we try to fill this gap by providing a comprehensive survey that investigates the various location privacy risks and threats that may arise from the different components of this CRN technology, and explores the different privacy attacks and countermeasure solutions that have been proposed in the literature to cope with this location privacy issue. We also discuss some open research problems, related to this issue, that need to be overcome by the research community to take advantage of the benefits of this key CRN technology without having to sacrifice the users' privacy.

Mohamed Grissa, Attila A. Yavuz, Bechir Hamdaoui

We show that it is possible to achieve information theoretic location privacy for secondary users (SUs) in database-driven cognitive radio networks (CRNs) with an end-to-end delay less than a second, which is significantly better than that of the existing alternatives offering only a computational privacy. This is achieved based on a keen observation that, by the requirement of Federal Communications Commission (FCC), all certified spectrum databases synchronize their records. Hence, the same copy of spectrum database is available through multiple (distinct) providers. We harness the synergy between multi-server private information retrieval (PIR) and database- driven CRN architecture to offer an optimal level of privacy with high efficiency by exploiting this observation. We demonstrated, analytically and experimentally with deployments on actual cloud systems that, our adaptations of multi-server PIR outperform that of the (currently) fastest single-server PIR by a magnitude of times with information theoretic security, collusion resiliency, and fault-tolerance features. Our analysis indicates that multi-server PIR is an ideal cryptographic tool to provide location privacy in database-driven CRNs, in which the requirement of replicated databases is a natural part of the system architecture, and therefore SUs can enjoy all advantages of multi-server PIR without any additional architectural and deployment costs.