The temporal assumptions underpinning conventional Identity and Access Management collapse under agentic execution regimes. A sixty-second revocation window permits on the order of $6 \times 10^3$ unauthorized API calls at 100 ops/tick; at AWS Lambda scale, the figure approaches $6 \times 10^5$. This is a coherence problem, not merely a latency problem. We define a Capability Coherence System (CCS) and construct a state-mapping $\varphi : Σ_{\rm MESI} \to Σ_{\rm auth}$ preserving transition structure under bounded-staleness semantics. A safety theorem bounds unauthorized operations for the execution-count Release Consistency-directed Coherence (RCC) strategy at $D_{\rm rcc} \leq n$, independent of agent velocity $v$ -- a qualitative departure from the $O(v \cdot \mathrm{TTL})$ scaling of time-bounded strategies. Tick-based discrete event simulation across three business-contextualised scenarios (four strategies, ten deterministic seeds each) confirms: RCC achieves a $120\times$ reduction versus TTL-based lease in the high-velocity scenario (50 vs. 6,000 unauthorized operations), and $184\times$ under anomaly-triggered revocation. Zero bound violations across all 120 runs confirm th
Receiving calls is one of the most universal functions of smartphones, involving sensitive information and critical operations. Unfortunately, to prioritize convenience, the current call receiving process bypasses smartphone authentication mechanisms (e.g., passwords, fingerprint recognition, and face recognition), leaving a significant security gap. To address this issue, we propose SCR-Auth, a secure call receiver authentication scheme for smartphones that leverages outer ear echoes. It sends inaudible acoustic signals through the earpiece speaker to actively sense the call receiver's outer ear structure and records the resulting echoes using the top microphone. These echoes are then analyzed to extract unique outer ear biometric information for authentication. It operates implicitly, without requiring extra hardware or imposing additional burden. Comprehensive experiments conducted under diverse conditions demonstrate SCR-Auth's effectiveness and security, showing an average balanced accuracy of 96.95% and resilience against potential attacks.
Open-source software OSS is widely adopted in enterprise settings, but standalone tools often lack native support for protocols like SAML or OIDC, creating a critical security integration gap. This paper introduces and formalizes the Auth Shim, a lightweight architectural pattern designed to solve this problem. The Auth Shim is a minimal, external proxy service that acts as a compatibility layer, translating requests from an enterprise Identity Provider IdP into the native session management mechanism of a target application. A key prerequisite for this pattern is that the target application must expose a programmatic, secure administrative API. We present a case study of the pattern's implementation at Adobe to integrate a popular OSS BI tool with Okta SAML, which enabled automated Role-Based Access Control RBAC via IAM group mapping and eliminated manual user provisioning. By defining its components, interactions, and production deployment considerations, this paper provides a reusable, secure, and cost-effective blueprint for integrating any standalone OSS tool into an enterprise SSO ecosystem, thereby enabling organizations to embrace open-source innovation without compromising
This paper presents a decentralised autonomous organisation (DAO) model that uses non-fungible tokens (NFTs) for identity management and privacy-preserving interactions within a Punishment not Reward (PnR) blockchain mechanism. The proposed model introduces a dual NFT architecture deployed on Layer 2 networks: Membership NFTs (\(NFT_{auth}\)) for authentication and access control and interaction NFTs (\(NFT_{priv}\)) for private interactions among participants. Our Layer 2 implementation achieves 97\% gas cost reduction while maintaining security through cross-chain mechanisms. The identity management system incorporates decentralised KYC processes and Sybil attack resistance using soulbound token characteristics. Governance operates through smart contracts that manage reputation and administer punitive measures, including conditional identity disclosure for forensic purposes. Governance operates through smart contracts that manage reputation and administer punitive measures, including conditional identity disclosure when misconduct is detected.
Self-supervised learning (SSL), a paradigm harnessing unlabeled datasets to train robust encoders, has recently witnessed substantial success. These encoders serve as pivotal feature extractors for downstream tasks, demanding significant computational resources. Nevertheless, recent studies have shed light on vulnerabilities in pre-trained encoders, including backdoor and adversarial threats. Safeguarding the intellectual property of encoder trainers and ensuring the trustworthiness of deployed encoders pose notable challenges in SSL. To bridge these gaps, we introduce SSL-Auth, the first authentication framework designed explicitly for pre-trained encoders. SSL-Auth leverages selected key samples and employs a well-trained generative network to reconstruct watermark information, thus affirming the integrity of the encoder without compromising its performance. By comparing the reconstruction outcomes of the key samples, we can identify any malicious alterations. Comprehensive evaluations conducted on a range of encoders and diverse downstream tasks demonstrate the effectiveness of our proposed SSL-Auth.
While the embedded security research community aims to protect systems by reducing analog sensor side channels, our work argues that sensor side channels can be beneficial to defenders. This work introduces the general problem of synthesizing virtual sensors from existing circuits to authenticate physical sensors' measurands. We investigate how to apply this approach and present a preliminary analytical framework and definitions for sensor side channels. To illustrate the general concept, we provide a proof-of-concept case study to synthesize a virtual inertial measurement unit from a camera motion side channel. Our work also provides an example of applying this technique to protect facial recognition against silicon mask spoofing attacks. Finally, we discuss downstream problems of how to ensure that side channels benefit the defender, but not the adversary, during authentication.
Message Authentication Code (MAC) is a keyed function $f_K$ such that when Alice, who shares the secret $K$ with Bob, sends $f_K(M)$ to the latter, Bob will be assured of the integrity and authenticity of $M$. Traditionally, it is assumed that the channel is noiseless. However, Maurer showed that in this case an attacker can succeed with probability $2^{-\frac{H(K)}{\ell+1}}$ after authenticating $\ell$ messages. In this paper, we consider the setting where the channel is noisy. Specifically, Alice and Bob are connected by a discrete memoryless channel (DMC) $W_1$ and a noiseless but insecure channel. In addition, an attacker Oscar is connected with Alice through DMC $W_2$ and with Bob through a noiseless channel. In this setting, we study the framework that sends $M$ over the noiseless channel and the traditional MAC $f_K(M)$ over channel $(W_1, W_2)$. We regard the noisy channel as an expensive resource and define the authentication rate $ρ_{auth}$ as the ratio of message length to the number $n$ of channel $W_1$ uses. The security of this framework depends on the channel coding scheme for $f_K(M)$. A natural coding scheme is to use the secrecy capacity achieving code of Csiszár
Traditional user authentication involves entering a username and password into a system. Strong authentication security demands, among other requirements, long, frequently hard-to-remember passwords. Two-factor authentication aids in the security, even though, as a side effect, might worsen user experience. We depict a mobile sign-on scheme that benefits from the dynamic relationship between a user's attributes, the service the user wishes to utilize, and location (where the user is, and what services are available there) as an authentication factor. We demonstrate our scheme employing Bluetooth Low Energy beacons for location awareness and the expressiveness of Attribute-Based Encryption to capture and leverage the described relationship. Bluetooth Low Energy beacons broadcast encrypted messages with encoded access policies. Within range of the beacons, a user with appropriate attributes is able to decrypt the broadcast message and obtain parameters that allow the user to perform a short or simplified login.
Permission control vulnerabilities in Non-fungible token (NFT) contracts can result in significant financial losses, as attackers may exploit these weaknesses to gain unauthorized access or circumvent critical permission checks. In this paper, we propose NFTDELTA, a framework that leverages static analysis and multi-view learning to detect permission control vulnerabilities in NFT contracts. Specifically, we extract comprehensive function Control Flow Graph (CFG) information via two views: sequence features (representing execution paths) and graph features (capturing structural control flow). These two views are then integrated to create a unified code representation. We also define three specific categories of permission control vulnerabilities and employ a custom detector to identify defects through multi-view feature similarity analysis. Our evaluation of 795 popular NFT collections identified 241 confirmed permission control vulnerabilities, comprising 214 cases of Bypass Auth Reentrancy, 15 of Weak Auth Validation, and 12 of Loose Permission Management. Manual verification demonstrates the detector's high reliability, achieving an average precision of 97.92% and an F1-score of
AI agents increasingly call tools via the Model Context Protocol (MCP) and delegate to other agents via Agent-to-Agent (A2A), yet neither protocol verifies agent identity. A scan of approximately 2,000 MCP servers found all lacked authentication. In our survey, we did not identify a prior implemented protocol that jointly combines public-key verifiable delegation, holder-side attenuation, expressive chained policy, transport bindings across MCP/A2A/HTTP, and provenance-oriented completion records. We introduce Invocation-Bound Capability Tokens (IBCTs), a primitive that fuses identity, attenuated authorization, and provenance binding into a single append-only token chain. IBCTs operate in two wire formats: compact mode (a signed JWT for single-hop cases) and chained mode (a Biscuit token with Datalog policies for multi-hop delegation). We provide reference implementations in Python and Rust with full cross-language interoperability. Compact mode verification takes 0.049ms (Rust) and 0.189ms (Python), with 0.22ms overhead over no-auth in real MCP-over-HTTP deployment. In a real multi-agent deployment with Gemini 2.5 Flash, AIP adds 2.35ms of overhead (0.086% of total end-to-end late
We present the Federated Inference Resource Scheduling Toolkit (FIRST), a framework enabling Inference-as-a-Service across distributed High-Performance Computing (HPC) clusters. FIRST provides cloud-like access to diverse AI models, like Large Language Models (LLMs), on existing HPC infrastructure. Leveraging Globus Auth and Globus Compute, the system allows researchers to run parallel inference workloads via an OpenAI-compliant API on private, secure environments. This cluster-agnostic API allows requests to be distributed across federated clusters, targeting numerous hosted models. FIRST supports multiple inference backends (e.g., vLLM), auto-scales resources, maintains "hot" nodes for low-latency execution, and offers both high-throughput batch and interactive modes. The framework addresses the growing demand for private, secure, and scalable AI inference in scientific workflows, allowing researchers to generate billions of tokens daily on-premises without relying on commercial cloud infrastructure.
Nanoscale semiconductors with isolated spin impurities have been touted as promising materials for their potential use at the intersection of quantum, spin, and information technologies. Electron paramagnetic resonance (EPR) studies of spins in semiconducting carbon nanotubes have overwhelmingly focused on spins more strongly localized by $\rm sp^3$-type lattice defects. However, the creation of such impurities is irreversible and requires specific reactions to generate them. Shallow charge impurities, on the other hand, are more readily and widely produced by simple redox chemistry, but have not yet been investigated for their spin properties. Here we use EPR to study p-doped (6,5) semiconducting single-wall carbon nanotubes (s-SWNTs) and elucidate the role of impurity-impurity interactions in conjunction with exchange and correlation effects for the spin behavior of this material. A quantitative comparison of the EPR signals with phenomenological modeling combined with configuration interaction electronic structure calculations of impurity pairs shows that orbital overlap, combined with exchange and correlation effects, causes the EPR signal to disappear due to spin entanglement
Self-propelled particles that are subject to noise are a well-established generic model system for active matter. A homogeneous alignment field can be used to orient the direction of the self-propulsion velocity and to model systems like phoretic Janus particles with a magnetic dipole moment or magnetotactic bacteria in an external magnetic field. Computer simulations are used to predict the phase behavior and dynamics of self-propelled Brownian particles in a homogeneous alignment field in two dimensions. Phase boundaries of the gas-liquid coexistence region are calculated for various Péclet numbers, particle densities, and alignment field strengths. Critical points and exponents are calculated and, in agreement with previous simulations, do not seem to belong to the universality class of the 2D Ising model. Finally, the dynamics of spinodal decomposition for quenching the system from the one-phase to the two-phase coexistence region by increasing Péclet number is characterized. Our results may help to identify parameters for optimal transport of active matter in complex environments.
This study addresses ductile fracture of single grains in metals by modeling of the formation and propagation of transgranular cracks. A proposed model integrates gradient extended hardening, phase-field modeling for fracture, and crystal plasticity. It is presented in a thermodynamical framework in large deformation kinematics and accounts for damage irreversibility. A micromorphic approach for variationally and thermodynamically consistent damage irreversibility is adopted. The main objective of this work is to analyze the capability of the proposed model to predict transgranular crack propagation. Further, the micromorphic approach for damage irreversibility is evaluated in the context of the presented ductile phase-field model. This is done by analyzing the impact of gradient-enhanced hardening considering micro-free and micro-hard boundary conditions, studying the effect of the micromorphic regularization parameter, evaluating the performance of the model in ratcheting loading and and testing its capability to predict three-dimensional crack propagation. In order to solve the fully coupled global and local equation systems, a staggered solution scheme that extends to the local
Activity and autonomous motion are fundamental aspects of many living and engineering systems. Here, the scale of biological agents covers a wide range, from nanomotors, cytoskeleton, and cells, to insects, fish, birds, and people. Inspired by biological active systems, various types of autonomous synthetic nano- and micromachines have been designed, which provide the basis for multifunctional, highly responsive, intelligent active materials. A major challenge for understanding and designing active matter is their inherent non-equilibrium nature due to persistent energy consumption, which invalidates equilibrium concepts such as free energy, detailed balance, and time-reversal symmetry. Furthermore, interactions in ensembles of active agents are often non-additive and non-reciprocal. An important aspect of biological agents is their ability to sense the environment, process this information, and adjust their motion accordingly. It is an important goal for the engineering of micro-robotic systems to achieve similar functionality. With many fundamental properties of motile active matter now reasonably well understood and under control, the ground is prepared for the study of physical
In this study, we address damage initiation and micro-crack formation in ductile failure of polycrystalline metals. We show how our recently published thermodynamic framework for ductile phase-field fracture of single crystals can be extended to polycyrstalline structures. A key feature of this framework is that is accounts for size effects by adopting gradient-enhanced (crystal) plasticity. Gradient-enhanced plasticity requires the definition of boundary conditions representing the plastic slip transmission resistance of the boundaries. In this work, we propose a novel type of micro-flexible boundary condition for gradient-plasticity, which couples the slip transmission resistance with the phase-field damage such that the resistance locally changes during the fracturing process. The formulation permits to maintain the effect of grain boundaries as obstacles for plastic slip during plastification, while also accounting for weakening of their resistance during the softening phase. In numerical experiments, the new damage-dependent boundary condition is compared to classical micro-free and micro-hard boundary conditions in polycrystals and it is demonstrated that it indeed produces a
The present report summarizes the main theory and implementation steps associated with SELENA (SEmi-anaLytical intEgrator for a luNar Artificial satellite), i.e. the semi-analytical propagator for lunar satellite orbits developed in the framework of the the R&T R-S20/BS-0005-062 CNES research activity in collaboration between the University of Padova (UniPd), and the Aristotle University of Thessaloniki (AUTH), both acting as contractors with CNES. A detailed account of the method, algorithms and symbolic manipulations employed in the derivation of the final theory are described in detail in this report: they invoke the use of canonical perturbation theory in the form of Lie series computed in `closed form', i.e., without expansions in the satellite's orbital eccentricity. These algorithms are provided in the form of a symbolic package accompanying the present report. The package contains symbolic algebra programs, as well as explicit data files containing the final Hamiltonian, equations of motion and transformations (i.e. the coefficients and exponents of each variable in each term) leading to the averaging of the short-periodic terms in the satellite's equations of motion.
Robot vision is greatly affected by occlusions, which poses challenges to autonomous systems. The robot itself may hide targets of interest from the camera, while it moves within the field of view, leading to failures in task execution. For example, if a target of interest is partially occluded by the robot, detecting and grasping it correctly, becomes very challenging. To solve this problem, we propose a computationally lightweight method to determine the areas that the robot occludes. For this purpose, we use the Unified Robot Description Format (URDF) to generate a virtual depth image of the 3D robot model. Using the virtual depth image, we can effectively determine the partially occluded areas to improve the robustness of the information given by the perception system. Due to the real-time capabilities of the method, it can successfully detect occlusions of moving targets by the moving robot. We validate the effectiveness of the method in an experimental setup using a 6-DoF robot arm and an RGB-D camera by detecting and handling occlusions for two tasks: Pose estimation of a moving object for pickup and human tracking for robot handover. The code is available in \url{https://gi