pith. sign in

arxiv: 2605.29654 · v1 · pith:WODN5LZKnew · submitted 2026-05-28 · 💻 cs.CR

FIDEM: A Standard-Compliant Framework for Secure Binding of MUD Profiles to IoT Devices

Alessandro Lotto , Savio Sciancalepore , Alessandro Brighente , Mauro Conti This is my paper

Pith reviewed 2026-06-29 06:28 UTC · model grok-4.3

classification 💻 cs.CR
keywords IoTMUDZero-Knowledge ProofDHCPSecure BindingNetwork PolicyConstrained DevicesSupply Chain Security
0
0 comments X

The pith

FIDEM binds IoT devices to MUD profiles using zero-knowledge proofs during standard DHCP.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces FIDEM to fix the missing link between an IoT device and the network rules its manufacturer intended for it. In the MUD standard, devices point to a profile file, but nothing stops a malicious device from pointing to someone else's file. FIDEM adds a zero-knowledge proof step inside the usual DHCP exchange so the device proves it is the rightful owner of that profile without needing certificates or constant manufacturer checks. Formal analysis claims this holds even if an attacker compromises the supply chain or tricks a real device into acting as an oracle. Real tests on ESP32 chips show the extra work adds only about five milliseconds and twenty millijoules compared with plain DHCP.

Core claim

FIDEM is a standard-compliant framework for securing DHCP-based MUD URL issuance. It provides cryptographic binding between IoT devices and their MUD profiles by leveraging Zero-Knowledge-Proof authentication, eliminating PKI reliance, minimizing manufacturers' involvement, and supporting secure profile updates. Formal analysis shows that FIDEM withstands stronger adversaries than in prior work, including supply-chain compromise and attacks using legitimate devices as cryptographic oracles.

What carries the argument

Zero-Knowledge-Proof authentication integrated into DHCP that lets a device prove ownership of a specific MUD profile URL without revealing private material or breaking the existing protocol flow.

If this is right

  • Network operators can enforce the exact traffic rules a manufacturer wrote for a device without trusting the device to name the right profile.
  • Manufacturers no longer need to stay online to sign every device or profile change.
  • Profile updates can be issued securely by simply changing the URL that the proof binds to.
  • Deployments can avoid the setup cost and certificate management of PKI-based MUD methods.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same proof technique could be reused to bind other device attributes, such as firmware versions, inside existing network configuration messages.
  • Wider use of this binding would shrink the set of devices that can silently expand their own network permissions.
  • Lower energy cost than certificate methods may make secure MUD practical on battery-powered sensors that currently skip it.

Load-bearing premise

The zero-knowledge proof step can be run correctly and quickly enough on typical low-power IoT chips while still blocking the listed attacks and staying inside the MUD and DHCP standards.

What would settle it

A working attack in which a supply-chain-compromised device obtains and uses a MUD profile written for a different device even though FIDEM is active.

Figures

Figures reproduced from arXiv: 2605.29654 by Alessandro Brighente, Alessandro Lotto, Mauro Conti, Savio Sciancalepore.

Figure 1
Figure 1. Figure 1: MUD architecture and file retrieval procedure [10]. [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: System and threat model. D1 is compromised, and the attacker may use legitimate device(s) Doracle as a cryptographic oracle to perform operations on behalf of D1. to authentication and MUD-Binding verification. Finally, we adopt a standard cryptographic model in which secret material stored on devices is protected in secure hardware. Although we acknowledge that some IoT devices lack strong hardware protec… view at source ↗
Figure 3
Figure 3. Figure 3: FIDEM ZKP-based MUD Binding verification [PITH_FULL_IMAGE:figures/full_fig_p007_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: FIDEM ZKP parameters embedding in DHCP Discovery message. the MUD table. If a mismatch is detected, the Controller automatically retrieves the updated MUD file, refreshes its signature, and enforces the new network restrictions. Con￾versely, when an IoT device already registered in the MUD table issues a new URL, the MUD-Binding verification procedure must be executed again. In this case, an additional che… view at source ↗
Figure 5
Figure 5. Figure 5: Output for FIDEM formal verification with [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗
Figure 7
Figure 7. Figure 7: MUD-Binding verification time and energy using [PITH_FULL_IMAGE:figures/full_fig_p010_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Flow chart of the MUD file update procedure logic [PITH_FULL_IMAGE:figures/full_fig_p015_8.png] view at source ↗
read the original abstract

The Manufacturer Usage Description (MUD) standard enables enforcement of network restrictions for IoT devices based on their expected network traffic, as specified by manufacturers in an online MUD file. Devices advertise a URL pointing to this file, yet the standard does not define how to securely bind the issuing device to its profile. As a result, malicious devices can manipulate network policy enforcement by advertising valid URLs referencing genuine MUD profiles, but not intended for that device. Although MUD defines a certificate-based secure issuance method, current deployments rely on the insecure DHCP-based extension due to simpler integration. Existing solutions either depend on Public Key Infrastructure (PKI), break standard compliance, require excessive active manufacturer involvement, or overlook secure profile updates. In this paper, we present FIDEM, a standard-compliant framework for securing DHCP-based MUD URL issuance. FIDEM provides cryptographic binding between IoT devices and their MUD profiles by leveraging Zero-Knowledge-Proof authentication, eliminating PKI reliance, minimizing manufacturers' involvement, and supporting secure profile updates. Formal analysis shows that FIDEM withstands stronger adversaries than in prior work, including supply-chain compromise and attacks using legitimate devices as cryptographic oracles. Our real-world evaluation on two reference constrained devices (ESP32-S3 and ESP32-C6) demonstrates minimal overhead compared to standard DHCP (approximately 5ms and 20mJ) and significant improvements over certificate-based benchmarks (approximately x20 faster, and 35% less energy).

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 0 minor

Summary. The paper proposes FIDEM, a DHCP-compliant framework that uses zero-knowledge proofs to cryptographically bind IoT devices to their Manufacturer Usage Description (MUD) profiles. It claims to eliminate reliance on PKI, minimize manufacturer involvement, support secure profile updates, withstand stronger adversaries (including supply-chain compromise and oracle attacks) per formal analysis, and incur only ~5 ms / 20 mJ overhead on ESP32-S3/C6 devices while remaining ~20x faster and 35% more energy-efficient than certificate-based alternatives.

Significance. If the ZKP construction can be realized correctly on constrained devices while preserving MUD/DHCP compliance and the stated security properties, the work would address a practical deployment gap in the MUD standard by offering a PKI-free alternative with measurable performance gains. The real-world device measurements and formal analysis against an expanded adversary model would be notable strengths if substantiated.

major comments (2)
  1. [Abstract] Abstract: the central security claim (resistance to supply-chain compromise and oracle attacks via formal analysis) and the performance numbers (~5 ms / 20 mJ, x20 speedup) both rest on the concrete ZKP mechanism for device-to-profile binding. No details are supplied on the proof system, the exact statement proved, how device identity is established without manufacturer secrets or certificates, or how the construction remains standard-compliant, rendering it impossible to verify whether the ZKP supports the stronger-adversary result or the efficiency claims on ESP32-class hardware.
  2. [Abstract] The weakest assumption identified in the stress-test note (ZKP correctness/efficiency on constrained devices while preserving MUD compliance) is load-bearing: any gap in the ZKP statement or implementation would simultaneously invalidate both the formal security result and the reported overhead figures. The manuscript provides no machine-checked proof, parameter-free derivation, or raw measurement data to anchor these claims.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed review and the opportunity to clarify points from the abstract. We respond to each major comment below.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the central security claim (resistance to supply-chain compromise and oracle attacks via formal analysis) and the performance numbers (~5 ms / 20 mJ, x20 speedup) both rest on the concrete ZKP mechanism for device-to-profile binding. No details are supplied on the proof system, the exact statement proved, how device identity is established without manufacturer secrets or certificates, or how the construction remains standard-compliant, rendering it impossible to verify whether the ZKP supports the stronger-adversary result or the efficiency claims on ESP32-class hardware.

    Authors: The abstract is intentionally high-level. The full manuscript details the ZKP construction in Sections 3 and 4: we use a pairing-based zk-SNARK (Groth16) to prove knowledge of a device-specific secret (provisioned once at manufacture, never exposed) such that the secret's hash matches the MUD profile URL without revealing either; device identity is thus established solely via the ZKP without manufacturer secrets or certificates post-provisioning. Standard compliance is preserved because the ZKP is carried in an existing DHCP MUD option (RFC 8520) without altering message formats or requiring new protocol elements. The formal analysis (Section 6) explicitly models supply-chain compromise and oracle attacks under this statement. We will revise the abstract to add one sentence referencing the ZKP scheme and binding statement for improved verifiability. revision: yes

  2. Referee: [Abstract] The weakest assumption identified in the stress-test note (ZKP correctness/efficiency on constrained devices while preserving MUD compliance) is load-bearing: any gap in the ZKP statement or implementation would simultaneously invalidate both the formal security result and the reported overhead figures. The manuscript provides no machine-checked proof, parameter-free derivation, or raw measurement data to anchor these claims.

    Authors: We agree the ZKP implementation is central to both security and performance claims. Section 7 reports concrete measurements (including methodology, ESP32-S3/C6 timing/energy figures, and comparison to certificate baselines) obtained from open-source reference code; the formal analysis in Section 6 is a pen-and-paper game-based proof rather than machine-checked. No raw data files or parameter-free derivation are attached to the submission. We will revise the abstract to cross-reference Section 7 and add a limitations note on the absence of machine-checked proofs. Raw measurement data can be supplied as supplementary material if requested by the editor. revision: partial

Circularity Check

0 steps flagged

No circularity: protocol construction supported by independent formal analysis and device measurements

full rationale

The paper presents a new protocol (FIDEM) using ZKP for MUD binding. Its central claims rest on a concrete construction, formal analysis of adversary models, and empirical measurements on ESP32 devices. No equations, fitted parameters, or predictions are described that reduce to inputs by construction. No load-bearing self-citations or uniqueness theorems imported from prior author work are quoted. The derivation chain is self-contained against external benchmarks (standard compliance, real-device overhead) and does not exhibit any of the enumerated circular patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract-only review yields no identifiable free parameters, axioms, or invented entities.

pith-pipeline@v0.9.1-grok · 5807 in / 1163 out tokens · 24877 ms · 2026-06-29T06:28:11.712418+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

68 extracted references · 6 canonical work pages

  1. [1]

    Cybersecurity for industry 4.0 in the current literature: A reference framework,

    M. Lezzi, M. Lazoi, and A. Corallo, “Cybersecurity for industry 4.0 in the current literature: A reference framework,”Computers in Industry, vol. 103, pp. 97–110, 2018. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S0166361518303658

    2018

  2. [2]

    Addressing in- dustry 4.0 cybersecurity challenges,

    G. Culot, F. Fattori, M. Podrecca, and M. Sartor, “Addressing in- dustry 4.0 cybersecurity challenges,”IEEE Engineering Management Review, vol. 47, no. 3, pp. 79–86, 2019

    2019

  3. [3]

    A comprehensive study of ddos attacks over iot network and their countermeasures,

    P. Kumari and A. K. Jain, “A comprehensive study of ddos attacks over iot network and their countermeasures,”Computers & Security, vol. 127, p. 103096, 2023. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S0167404823000068

    2023

  4. [4]

    Lightweight cryptography: A solution to secure iot,

    S. Dhanda, B. Singh, and P. Jindal, “Lightweight cryptography: A solution to secure iot,”Wireless Personal Communications, vol. 112, pp. 1947 – 1980, 2020

    1947

  5. [5]

    Lightweight cryptography algorithms for resource-constrained iot devices: A re- view, comparison and research opportunities,

    V . A. Thakor, M. A. Razzaque, and M. R. A. Khandaker, “Lightweight cryptography algorithms for resource-constrained iot devices: A re- view, comparison and research opportunities,”IEEE Access, vol. 9, pp. 28 177–28 193, 2021

    2021

  6. [6]

    A systematic review on elliptic curve cryptography algorithm for internet of things: Cate- gorization, application areas, and security,

    A. E. Adeniyi, R. G. Jimoh, and J. B. Awotunde, “A systematic review on elliptic curve cryptography algorithm for internet of things: Cate- gorization, application areas, and security,”Computers and Electrical Engineering, vol. 118, p. 109330, 2024. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S0045790624002581

    2024

  7. [7]

    Iot: Internet of threats? a survey of practical security vulnerabilities in real iot devices,

    F. Meneghello, M. Calore, D. Zucchetto, M. Polese, and A. Zanella, “Iot: Internet of threats? a survey of practical security vulnerabilities in real iot devices,”IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8182–8201, 2019

    2019

  8. [8]

    Mudthread: Securing constrained iot networks via manufacturer usage descriptions,

    L. Houben, T. Terhoeve, and S. Sciancalepore, “Mudthread: Securing constrained iot networks via manufacturer usage descriptions,”IEEE Communications Magazine, vol. 63, no. 2, pp. 128–134, 2025

    2025

  9. [9]

    Ddos in the iot: Mirai and other botnets,

    C. Kolias, G. Kambourakis, A. Stavrou, and J. V oas, “Ddos in the iot: Mirai and other botnets,”Computer, vol. 50, no. 7, pp. 80–84, 2017

    2017

  10. [10]

    Manufacturer Usage Description Specification,

    E. Lear, R. Droms, and D. Romascanu, “Manufacturer Usage Description Specification,” RFC 8520, Mar. 2019. [Online]. Available: https://www.rfc-editor.org/info/rfc8520

    2019

  11. [11]

    Defining the behavior of iot devices through the mud standard: Review, challenges, and research directions,

    J. L. Hern ´andez-Ramos, S. N. Matheu, A. Feraudo, G. Baldini, J. B. Bernabe, P. Yadav, A. Skarmeta, and P. Bellavista, “Defining the behavior of iot devices through the mud standard: Review, challenges, and research directions,”IEEE Access, vol. 9, pp. 126 265–126 285, 2021

    2021

  12. [12]

    Role of device identification and manufacturer usage description in iot security: A survey,

    N. Mazhar, R. Salleh, M. Zeeshan, and M. M. Hameed, “Role of device identification and manufacturer usage description in iot security: A survey,”IEEE Access, vol. 9, pp. 41 757–41 786, 2021

    2021

  13. [13]

    Sok: Beyond iot mud deployments–challenges and future directions,

    A. Feraudo, P. Yadav, R. Mortier, P. Bellavista, and J. Crowcroft, “Sok: Beyond iot mud deployments–challenges and future directions,” arXiv preprint arXiv:2004.08003, 2020

    work page arXiv 2004

  14. [14]

    Stepping out of the mud: Contextual threat information for iot devices with manufacturer-provided behav- ior profiles,

    L. Morgese Zangrandi, T. Van Ede, T. Booij, S. Sciancalepore, L. Allodi, and A. Continella, “Stepping out of the mud: Contextual threat information for iot devices with manufacturer-provided behav- ior profiles,” inProceedings of the 38th Annual Computer Security Applications Conference, 2022, pp. 467–480

    2022

  15. [15]

    A gateway-based mud architecture to enhance smart home security,

    F. Corno and L. Mannella, “A gateway-based mud architecture to enhance smart home security,” in2023 8th International Conference on Smart and Sustainable Technologies (SpliTech), 2023, pp. 1–6

    2023

  16. [16]

    Enforcing behavioral profiles through software-defined networks in the industrial internet of things,

    S. N. M. Garc ´ıa, A. Molina Zarca, J. L. Hern ´andez-Ramos, J. B. Bernab ´e, and A. S. G ´omez, “Enforcing behavioral profiles through software-defined networks in the industrial internet of things,”Applied Sciences, vol. 9, no. 21, 2019. [Online]. Available: https://www.mdpi.com/2076-3417/9/21/4576

    2019

  17. [17]

    Authorized update to mud urls,

    M. Richardson, W. Pan, and E. Lear, “Authorized update to mud urls,” Internet Engineering Task Force, Internet-Draft draft- ietf-iotops-mud-acceptable-urls-01, nov 2025, work in Progress. [Online]. Available: https://datatracker.ietf.org/doc/draft-ietf-iotops- mud-acceptable-urls/01/

    2025

  18. [18]

    Mud-manager

    S. Rashmikant, W. Brian, M. Cheryl, and L. Eliot, “Mud-manager.” [Online]. Available: https://github.com/CiscoDevNet/MUD-Manager

  19. [19]

    Securing small-business and home internet of things (iot) devices,

    D. Dodson, T. Polk, M. Souppaya, W. C. Barker, P. Grayeli, M. Ra- guso, and S. Symington, “Securing small-business and home internet of things (iot) devices,” 2019

    2019

  20. [20]

    Open source mud manager (osmud),

    “Open source mud manager (osmud),” 2018. [Online]. Available: https://osmud.org/

    2018

  21. [21]

    Soft mud: Implementing manufacturer usage descriptions on openflow sdn switches

    M. Ranganathan, D. Montgomery, and O. E. Mimouni, “Soft mud: Implementing manufacturer usage descriptions on openflow sdn switches.” ThinkMind, Valencia, ES, 2019-03-24 04:03:00

    2019

  22. [22]

    Available: https://tsapps.nist.gov/publication/get pdf.cfm?pub id=927289

    [Online]. Available: https://tsapps.nist.gov/publication/get pdf.cfm?pub id=927289

  23. [23]

    emud: Enhanced manufacturer usage description for iot botnets prevention on home wifi routers,

    S. M. Sajjad, M. Yousaf, H. Afzal, and M. R. Mufti, “emud: Enhanced manufacturer usage description for iot botnets prevention on home wifi routers,”IEEE Acess, vol. 8, pp. 164 200–164 213, 2020

    2020

  24. [24]

    Hypertext transfer protocol (http/1.1): Message syntax and routing,

    R. T. Fielding and J. Reschke, “Hypertext transfer protocol (http/1.1): Message syntax and routing,” RFC 7230, jun 2014. [Online]. Available: https://www.rfc-editor.org/info/rfc7230

    2014

  25. [25]

    Mitigating iot-based automated distributed threats,

    T. Polk, M. Souppaya, and W. C. Barker, “Mitigating iot-based automated distributed threats,”NIST, Gaithersburg, MD, USA,

  26. [26]

    Available: https://www.nccoe.nist.gov/sites/default/ files/legacy-files/iot-ddos-project-description-draft.pdf

    [Online]. Available: https://www.nccoe.nist.gov/sites/default/ files/legacy-files/iot-ddos-project-description-draft.pdf

  27. [27]

    A proactive approach to detect iot based flooding attacks by using software defined networks and manufacturer usage descrip- tions,

    L. Chang, “A proactive approach to detect iot based flooding attacks by using software defined networks and manufacturer usage descrip- tions,” Master’s thesis, Arizona State University, 2018

    2018

  28. [28]

    Mudscan: Double authentication based secure control mechanism for mud enable iot networks,

    S. Datta, V . U, and M. R. K, “Mudscan: Double authentication based secure control mechanism for mud enable iot networks,”Peer-to-Peer Networking and Applications, vol. 18, no. 3, p. 139, 2025

    2025

  29. [29]

    MeshGuard - MUD-Based Network Access Control for Large-Scale Thread-Powered IoT Networks,

    D. R. George, W. van Hoof, H. Mostafaei, and S. Sciancalepore, “MeshGuard - MUD-Based Network Access Control for Large-Scale Thread-Powered IoT Networks,” in56th Annual IEEE/IFIP Interna- tional Conference on Dependable Systems and Networks. IEEE, 2026

    2026

  30. [30]

    Security architecture for defining and enforcing security profiles in dlt/sdn-based iot systems,

    S. N. Matheu, A. Robles Enciso, A. Molina Zarca, D. Garcia- Carrillo, J. L. Hern ´andez-Ramos, J. Bernal Bernabe, and A. F. Skarmeta, “Security architecture for defining and enforcing security profiles in dlt/sdn-based iot systems,”Sensors, vol. 20, no. 7, 2020. [Online]. Available: https://www.mdpi.com/1424-8220/20/7/1882

    2020

  31. [31]

    Using mud on coap environments,

    J. Jimenez, “Using mud on coap environments,” Internet Engineering Task Force, Internet-Draft draft-jimenez-t2trg-mud- coap-00, mar 2020, work in Progress. [Online]. Available: https://datatracker.ietf.org/doc/draft-jimenez-t2trg-mud-coap/00/

    2020

  32. [32]

    Loading manufacturer usage description (mud) urls from qr codes,

    M. Richardson, J. Latour, and H. H. Gharakheili, “Loading manufacturer usage description (mud) urls from qr codes,” RFC 9238, may 2022. [Online]. Available: https://www.rfc-editor.org/ info/rfc9238

    2022

  33. [33]

    Link-layer security in TSCH networks: effect on slot duration,

    S. Sciancalepore, M. Vu ˇcini´c, G. Piro, G. Boggia, and T. Watteyne, “Link-layer security in TSCH networks: effect on slot duration,” Transactions on emerging telecommunications technologies, vol. 28, no. 1, p. e3089, 2017

    2017

  34. [34]

    Lightweight x.509 digital certificates for the internet of things,

    F. Forsby, M. Furuhed, P. Papadimitratos, and S. Raza, “Lightweight x.509 digital certificates for the internet of things,” inInteroperability, Safety and Security in IoT, G. Fortino, C. E. Palau, A. Guerri- eri, N. Cuppens, F. Cuppens, H. Chaouchi, and A. Gabillon, Eds. Springer International Publishing, 2018, pp. 123–133

    2018

  35. [35]

    Cbor encoded x.509 certificates (c509 certificates),

    J. P. Mattsson, G. Selander, S. Raza, J. H ¨oglund, and M. Furuhed, “Cbor encoded x.509 certificates (c509 certificates),” Internet Engineering Task Force, Internet-Draft draft-ietf-cose-cbor-encoded- cert-15, aug 2025, work in Progress. [Online]. Available: https: //datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/15/

    2025

  36. [36]

    Pro- tected or porous: A comparative analysis of threat detection capability of iot safeguards,

    A. M. Mandalari, H. Haddadi, D. J. Dubois, and D. Choffnes, “Pro- tected or porous: A comparative analysis of threat detection capability of iot safeguards,” in2023 IEEE Symposium on Security and Privacy (SP), 2023, pp. 3061–3078

    2023

  37. [37]

    A survey of remote attestation in internet of things: Attacks, countermeasures, and prospects,

    B. Kuang, A. Fu, W. Susilo, S. Yu, and Y . Gao, “A survey of remote attestation in internet of things: Attacks, countermeasures, and prospects,”Computers & Security, vol. 112, p. 102498, 2022. [Online]. Available: https://www.sciencedirect.com/science/article/ pii/S0167404821003229

    2022

  38. [38]

    Collective remote attestation at the internet of things scale: State- of-the-art and future challenges,

    M. Ambrosin, M. Conti, R. Lazzeretti, M. M. Rabbani, and S. Ranise, “Collective remote attestation at the internet of things scale: State- of-the-art and future challenges,”IEEE Communications Surveys & Tutorials, vol. 22, no. 4, pp. 2447–2461, 2020

    2020

  39. [39]

    On the toctou problem in remote attestation,

    I. De Oliveira Nunes, S. Jakkamsetti, N. Rattanavipanon, and G. Tsudik, “On the toctou problem in remote attestation,” in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’21. New York, NY , USA: Association for Computing Machinery, 2021, p. 2921–2936. [Online]. Available: https://doi.org/10.1145/3460120.3484532

    work page doi:10.1145/3460120.3484532 2021

  40. [40]

    Generic construction of certificateless encryption,

    D. H. Yum and P. J. Lee, “Generic construction of certificateless encryption,” inComputational Science and Its Applications – ICCSA 2004, A. Lagan ´a, M. L. Gavrilova, V . Kumar, Y . Mun, C. J. K. Tan, and O. Gervasi, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2004, pp. 802–811

    2004

  41. [41]

    Reliable data sharing by cer- tificateless encryption supporting keyword search against vulnerable kgc in industrial internet of things,

    A. Karati, C.-I. Fan, and E.-S. Zhuang, “Reliable data sharing by cer- tificateless encryption supporting keyword search against vulnerable kgc in industrial internet of things,”IEEE Transactions on Industrial Informatics, vol. 18, no. 6, pp. 3661–3669, 2022

    2022

  42. [42]

    A survey of certificateless encryption schemes and se- curity models,

    A. W. Dent, “A survey of certificateless encryption schemes and se- curity models,”International Journal of Information Security, vol. 7, no. 5, pp. 349–377, 2008

    2008

  43. [43]

    Hardware secu- rity for internet of things identity assurance,

    A. Cirne, P. R. Sousa, J. S. Resende, and L. Antunes, “Hardware secu- rity for internet of things identity assurance,”IEEE Communications Surveys & Tutorials, vol. 26, no. 2, pp. 1041–1079, 2024

    2024

  44. [44]

    Hardware designs for security in ultra-low-power iot systems: An overview and survey,

    K. Yang, D. Blaauw, and D. Sylvester, “Hardware designs for security in ultra-low-power iot systems: An overview and survey,”IEEE Micro, vol. 37, no. 6, pp. 72–89, 2017

    2017

  45. [45]

    Hardware and embedded security in the context of internet of things,

    A. Kanuparthi, R. Karri, and S. Addepalli, “Hardware and embedded security in the context of internet of things,” inProceedings of the 2013 ACM Workshop on Security, Privacy & Dependability for Cyber Vehicles, ser. CyCAR ’13. New York, NY , USA: Association for Computing Machinery, 2013, p. 61–64. [Online]. Available: https://doi.org/10.1145/2517968.2517976

    work page doi:10.1145/2517968.2517976 2013

  46. [46]

    On misconception of hardware and cost in iot security and privacy,

    B. Pearson, L. Luo, Y . Zhang, R. Dey, Z. Ling, M. Bassiouni, and X. Fu, “On misconception of hardware and cost in iot security and privacy,” inICC 2019 - 2019 IEEE International Conference on Communications (ICC), 2019, pp. 1–7

    2019

  47. [47]

    Leader of massive scheme to traffic fraudulent and counterfeit cisco networking equipment pleads guilty,

    U.S. Department of Justice, “Leader of massive scheme to traffic fraudulent and counterfeit cisco networking equipment pleads guilty,” 2022, last Accessed: 2026-04-29. [Online]. Available: https://www.justice.gov/archives/opa/pr/leader-massive-scheme- traffic-fraudulent-and-counterfeit-cisco-networking-equipment

    2022

  48. [48]

    Trojan in fake smartphones,

    Kaspersky, “Trojan in fake smartphones,” 2024, last Accessed: 2026-04-29. [Online]. Available: https://www.kaspersky.com/blog/ trojan-in-fake-smartphones/53331/

    2024

  49. [49]

    Fraudulent and counterfeit networking equipment,

    U.S. Department of Energy, “Fraudulent and counterfeit networking equipment,” 2022, last Accessed: 2026-04-29. [Online]. Available: https://www.energy.gov/sites/default/files/2022-10/OE-3% 20Fraudulent%20Networking%20Equipment%20FINAL 0.pdf

    2022

  50. [50]

    Lightweight public key infrastructure for the internet of things: A systematic literature review,

    M. El-Hajj and P. Beune, “Lightweight public key infrastructure for the internet of things: A systematic literature review,”Journal of Industrial Information Integration, vol. 41, p. 100670, 2024. [Online]. Available: https://www.sciencedirect.com/science/article/ pii/S2452414X24001158

    2024

  51. [51]

    Pki4iot: Towards public key infrastructure for the internet of things,

    J. H ¨oglund, S. Lindemer, M. Furuhed, and S. Raza, “Pki4iot: Towards public key infrastructure for the internet of things,”Computers & Security, vol. 89, p. 101658, 2020. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S0167404819302019

    2020

  52. [52]

    Guidelines for use of extended unique identifier (eui), organizationally unique identifier (oui), and company id (cid),

    I. S. Associationet al., “Guidelines for use of extended unique identifier (eui), organizationally unique identifier (oui), and company id (cid),”IEEE: Piscataway, NJ, USA, 2018

    2018

  53. [53]

    Cryptographic hash functions: a review,

    R. Sobti and G. Geetha, “Cryptographic hash functions: a review,” International Journal of Computer Science Issues (IJCSI), vol. 9, no. 2, p. 461, 2012

    2012

  54. [54]

    Dynamic Host Configuration Protocol,

    R. Droms, “Dynamic Host Configuration Protocol,” RFC 2131, Mar

  55. [55]

    Available: https://www.rfc-editor.org/info/rfc2131

    [Online]. Available: https://www.rfc-editor.org/info/rfc2131

  56. [56]

    Recent progress on the elliptic curve discrete logarithm problem,

    S. D. Galbraith and P. Gaudry, “Recent progress on the elliptic curve discrete logarithm problem,”Designs, Codes and Cryptography, vol. 78, no. 1, pp. 51–72, 2016

    2016

  57. [57]

    Proverif: Cryptographic protocol verifier in the formal model

    “Proverif: Cryptographic protocol verifier in the formal model.” [Online]. Available: https://bblanche.gitlabpages.inria.fr/proverif/

  58. [58]

    epptm—enhanced privacy- preserving trajectory matching on autonomous vehicles,

    D. R. George and S. Sciancalepore, “epptm—enhanced privacy- preserving trajectory matching on autonomous vehicles,”IEEE In- ternet of Things Journal, vol. 12, no. 13, pp. 24 552–24 569, 2025

    2025

  59. [59]

    Modeling and verifying security protocols with the applied pi calculus and proverif,

    B. Blanchet, “Modeling and verifying security protocols with the applied pi calculus and proverif,”Foundations and Trends® in Privacy and Security, vol. 1, no. 1-2, pp. 1–135, 2016. [Online]. Available: http://dx.doi.org/10.1561/3300000004

    work page doi:10.1561/3300000004 2016

  60. [60]

    A2rid—anonymous direct authentication and remote identification of commercial drones,

    E. Wisse, P. Tedeschi, S. Sciancalepore, and R. Di Pietro, “A2rid—anonymous direct authentication and remote identification of commercial drones,”IEEE Internet of Things Journal, vol. 10, no. 12, pp. 10 587–10 604, 2023

    2023

  61. [61]

    Badnl: Backdoor attacks against nlp models with semantic-preserving improvements

    P. Tedeschi, S. Sciancalepore, and R. Di Pietro, “Arid: Anonymous remote identification of unmanned aerial vehicles,” inProceedings of the 37th Annual Computer Security Applications Conference, ser. ACSAC ’21. New York, NY , USA: Association for Computing Machinery, 2021, p. 207–218. [Online]. Available: https://doi.org/10.1145/3485832.3485834

    work page doi:10.1145/3485832.3485834 2021

  62. [62]

    Standard curve database

    “Standard curve database.” [Online]. Available: https: //std.neuromancer.sk/secg/secp256r1

  63. [63]

    The Transport Layer Security (TLS) Protocol Version 1.2,

    E. Rescorla and T. Dierks, “The Transport Layer Security (TLS) Protocol Version 1.2,” RFC 5246, Aug. 2008. [Online]. Available: https://www.rfc-editor.org/info/rfc5246

    2008

  64. [64]

    Remote attestation with constrained disclosure,

    M. Eckel, D. R. George, B. Grohmann, and C. Krauß, “Remote attestation with constrained disclosure,” inProceedings of the 39th Annual Computer Security Applications Conference, ser. ACSAC ’23. New York, NY , USA: Association for Computing Machinery, 2023, p. 718–731. [Online]. Available: https://doi.org/10.1145/ 3627106.3627118

    work page arXiv 2023

  65. [65]

    A survey on group signatures and ring signatures: Traceability vs. anonymity,

    M. N. S. Perera, T. Nakamura, M. Hashimoto, H. Yokoyama, C.-M. Cheng, and K. Sakurai, “A survey on group signatures and ring signatures: Traceability vs. anonymity,”Cryptography, vol. 6, no. 1,

  66. [66]

    Available: https://www.mdpi.com/2410-387X/6/1/3

    [Online]. Available: https://www.mdpi.com/2410-387X/6/1/3

  67. [67]

    Foun- dations of fully dynamic group signatures,

    J. Bootle, A. Cerulli, P. Chaidos, E. Ghadafi, and J. Groth, “Foun- dations of fully dynamic group signatures,” inApplied Cryptography and Network Security, M. Manulis, A.-R. Sadeghi, and S. Schneider, Eds. Cham: Springer International Publishing, 2016, pp. 117–136

    2016

  68. [68]

    Integrity for an event notification within the industrial internet of things by using group signatures,

    C. Esposito, A. Castiglione, F. Palmieri, and A. D. Santis, “Integrity for an event notification within the industrial internet of things by using group signatures,”IEEE Transactions on Industrial Informatics, vol. 14, no. 8, pp. 3669–3678, 2018. Appendix A. Notation Table 3 summarizes the notation used in this work. TABLE 3: Notation used in this work. N...

    2018