{"id":"https://openalex.org/W4414432333","doi":"https://doi.org/10.1109/jiot.2025.3613486","title":"TRACE: Trusted Return-Path Authentication via Context and Lightweight Encryption for IoT Devices","display_name":"TRACE: Trusted Return-Path Authentication via Context and Lightweight Encryption for IoT Devices","publication_year":2025,"publication_date":"2025-09-23","ids":{"openalex":"https://openalex.org/W4414432333","doi":"https://doi.org/10.1109/jiot.2025.3613486"},"language":"en","primary_location":{"id":"doi:10.1109/jiot.2025.3613486","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2025.3613486","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Hailin Wang","orcid":"https://orcid.org/0009-0005-2681-826X"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Hailin Wang","raw_affiliation_strings":["Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China"],"affiliations":[{"raw_affiliation_string":"Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056524306","display_name":"Rongkuan Ma","orcid":"https://orcid.org/0000-0002-4791-6847"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Rongkuan Ma","raw_affiliation_strings":["Information Engineering University, Zhengzhou, China"],"affiliations":[{"raw_affiliation_string":"Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101797452","display_name":"Yong Yu","orcid":"https://orcid.org/0000-0003-0667-077X"},"institutions":[{"id":"https://openalex.org/I88830068","display_name":"Shaanxi Normal University","ror":"https://ror.org/0170z8493","country_code":"CN","type":"education","lineage":["https://openalex.org/I88830068"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yong Yu","raw_affiliation_strings":["School of Computer Science, Shaanxi Normal University, Xi&#x2019;an, Shaanxi, China","School of Computer Science, Shaanxi Normal University, Shaanxi, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Shaanxi Normal University, Xi&#x2019;an, Shaanxi, China","institution_ids":["https://openalex.org/I88830068"]},{"raw_affiliation_string":"School of Computer Science, Shaanxi Normal University, Shaanxi, China","institution_ids":["https://openalex.org/I88830068"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101301807","display_name":"Yang Gao","orcid":"https://orcid.org/0000-0002-7755-4189"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yang Gao","raw_affiliation_strings":["Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China"],"affiliations":[{"raw_affiliation_string":"Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100979171","display_name":"Runze Zhao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Runze Zhao","raw_affiliation_strings":["Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China"],"affiliations":[{"raw_affiliation_string":"Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Bing Gao","orcid":"https://orcid.org/0009-0001-2884-6433"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bing Gao","raw_affiliation_strings":["Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China"],"affiliations":[{"raw_affiliation_string":"Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043313305","display_name":"Siqi Lu","orcid":"https://orcid.org/0000-0002-8593-9636"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Siqi Lu","raw_affiliation_strings":["Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China"],"affiliations":[{"raw_affiliation_string":"Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5079565555","display_name":"Yongjuan Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yongjuan Wang","raw_affiliation_strings":["Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China"],"affiliations":[{"raw_affiliation_string":"Henan Key Laboratory of Network Cryptography Technology, Information Engineering University, Zhengzhou, China","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.31665772,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"12","issue":"24","first_page":"52561","last_page":"52574"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9882000088691711,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9882000088691711,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9621000289916992,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9553999900817871,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.48500001430511475},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.48100000619888306},{"id":"https://openalex.org/keywords/trace","display_name":"TRACE (psycholinguistics)","score":0.4510999917984009},{"id":"https://openalex.org/keywords/message-authentication-code","display_name":"Message authentication code","score":0.4447000026702881},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.42320001125335693},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.3813999891281128},{"id":"https://openalex.org/keywords/call-stack","display_name":"Call stack","score":0.37709999084472656},{"id":"https://openalex.org/keywords/reflection-attack","display_name":"Reflection attack","score":0.36059999465942383},{"id":"https://openalex.org/keywords/replay-attack","display_name":"Replay attack","score":0.35199999809265137}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9071000218391418},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.48500001430511475},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.48100000619888306},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4706999957561493},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.4510999917984009},{"id":"https://openalex.org/C141492731","wikidata":"https://www.wikidata.org/wiki/Q1052621","display_name":"Message authentication code","level":3,"score":0.4447000026702881},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.42320001125335693},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4009999930858612},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.3813999891281128},{"id":"https://openalex.org/C119024030","wikidata":"https://www.wikidata.org/wiki/Q759899","display_name":"Call stack","level":3,"score":0.37709999084472656},{"id":"https://openalex.org/C91069110","wikidata":"https://www.wikidata.org/wiki/Q1919060","display_name":"Reflection attack","level":5,"score":0.36059999465942383},{"id":"https://openalex.org/C11560541","wikidata":"https://www.wikidata.org/wiki/Q1756025","display_name":"Replay attack","level":3,"score":0.35199999809265137},{"id":"https://openalex.org/C136643341","wikidata":"https://www.wikidata.org/wiki/Q1361526","display_name":"Reachability","level":2,"score":0.3499000072479248},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3422999978065491},{"id":"https://openalex.org/C168970074","wikidata":"https://www.wikidata.org/wiki/Q5227146","display_name":"Data Authentication Algorithm","level":4,"score":0.33709999918937683},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.3262999951839447},{"id":"https://openalex.org/C131129157","wikidata":"https://www.wikidata.org/wiki/Q1059963","display_name":"Challenge\u2013response authentication","level":4,"score":0.31299999356269836},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.30140000581741333},{"id":"https://openalex.org/C100485629","wikidata":"https://www.wikidata.org/wiki/Q1669397","display_name":"Hash-based message authentication code","level":4,"score":0.3012999892234802},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.29319998621940613},{"id":"https://openalex.org/C38601921","wikidata":"https://www.wikidata.org/wiki/Q1757693","display_name":"Protocol stack","level":3,"score":0.28029999136924744},{"id":"https://openalex.org/C147346212","wikidata":"https://www.wikidata.org/wiki/Q5492632","display_name":"Trusted computing base","level":4,"score":0.26809999346733093},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.2671999931335449},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.26489999890327454},{"id":"https://openalex.org/C167169670","wikidata":"https://www.wikidata.org/wiki/Q1824705","display_name":"Lightweight Extensible Authentication Protocol","level":4,"score":0.2621000111103058},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.25540000200271606},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.2522999942302704},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.2522999942302704}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jiot.2025.3613486","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2025.3613486","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6859718134","display_name":null,"funder_award_id":"2023YFB2705000","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"}],"funders":[{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W1591211019","https://openalex.org/W1894646615","https://openalex.org/W1969338270","https://openalex.org/W2001978806","https://openalex.org/W2020208333","https://openalex.org/W2042856445","https://openalex.org/W2109219878","https://openalex.org/W2346595863","https://openalex.org/W2368550879","https://openalex.org/W2626499139","https://openalex.org/W2784642434","https://openalex.org/W2901207456","https://openalex.org/W2969920946","https://openalex.org/W3207168370","https://openalex.org/W4206022526","https://openalex.org/W4206238988","https://openalex.org/W4213301059","https://openalex.org/W4220653854","https://openalex.org/W4226086536","https://openalex.org/W4285111364","https://openalex.org/W4285493829","https://openalex.org/W4296959787","https://openalex.org/W4313270109","https://openalex.org/W4320712861","https://openalex.org/W4378191980","https://openalex.org/W4388089753","https://openalex.org/W4401163800","https://openalex.org/W4401360424","https://openalex.org/W4406807425"],"related_works":[],"abstract_inverted_index":{"Return-Oriented":[0],"Programming":[1],"(ROP)":[2],"attacks":[3,76],"pose":[4],"a":[5,90,127,178,191,196,230],"significant":[6],"threat":[7],"to":[8,67,74,125,145],"the":[9,68,105,119,138,143,162,183],"control-flow":[10,149],"integrity":[11],"of":[12,14],"Internet":[13],"Things":[15],"(IoT)":[16],"devices,":[17,57],"which":[18,114],"operate":[19],"in":[20,45,55,154,182,195,204],"resource-constrained":[21,242],"environments":[22],"with":[23,95,118,237],"limited":[24],"memory":[25],"isolation":[26],"and":[27,36,122,141,157,200,227],"runtime":[28,148,232],"protection.":[29],"Existing":[30],"defenses,":[31],"such":[32,206],"as":[33],"shadow":[34,47],"stacks":[35,48],"message":[37,59],"authentication":[38,60,93,130],"code":[39,61],"(MAC)-based":[40],"schemes,":[41],"face":[42],"key":[43],"limitations":[44],"IoT:":[46],"depend":[49],"on":[50],"trusted":[51],"hardware":[52],"often":[53],"absent":[54],"lightweight":[56,91,238],"while":[58],"(MAC)":[62],"schemes":[63],"lack":[64],"semantic":[65],"binding":[66],"call":[69,107],"path,":[70],"making":[71],"them":[72],"vulnerable":[73],"replay":[75],"during":[77],"recursion":[78],"or":[79,224],"stack":[80,179,225],"reuse.":[81],"To":[82],"address":[83,121],"these":[84],"challenges,":[85],"this":[86],"paper":[87],"proposes":[88],"TRACE,":[89],"return-path":[92,215],"mechanism":[94],"path-semantic":[96],"awareness,":[97],"designed":[98],"for":[99,241],"IoT":[100,198,243],"devices.":[101],"TRACE":[102,136,153,212],"dynamically":[103],"encodes":[104],"function":[106,134],"context":[108],"into":[109],"an":[110],"evolving":[111],"path-state":[112],"vector,":[113],"is":[115],"then":[116],"combined":[117],"return":[120],"cryptographically":[123],"processed":[124],"generate":[126],"semantically":[128],"unique":[129],"tag.":[131],"At":[132],"each":[133],"return,":[135],"reconstructs":[137],"path":[139],"state":[140],"verifies":[142],"tag":[144],"enforce":[146],"precise":[147],"integrity.":[150],"We":[151],"evaluate":[152],"both":[155],"synthetic":[156],"real-world":[158],"attack":[159,173,193],"scenarios.":[160],"With":[161],"RIPE":[163],"test":[164],"suite,":[165],"we":[166,176],"demonstrate":[167],"its":[168],"robustness":[169],"across":[170],"five":[171],"representative":[172],"dimensions.":[174],"Additionally,":[175],"identify":[177],"overflow":[180],"vulnerability":[181],"widely":[184],"used":[185],"libmodbus":[186],"v2.9.3":[187],"protocol":[188],"stack,":[189],"construct":[190],"complete":[192],"chain":[194],"realistic":[197],"context,":[199],"validate":[201],"TRACE\u2019s":[202],"effectiveness":[203],"mitigating":[205],"attacks.":[207],"Experimental":[208],"results":[209],"show":[210],"that":[211],"reliably":[213],"detects":[214],"tampering":[216],"even":[217],"without":[218],"Address":[219],"Space":[220],"Layout":[221],"Randomization":[222],"(ASLR)":[223],"protections":[226],"incurs":[228],"only":[229],"5.3%":[231],"overhead,":[233],"offering":[234],"strong":[235],"security":[236],"performance":[239],"suitable":[240],"deployments.":[244]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}