Scientific and practical cyber security journal | ISSN 2587-4667

ZERO-TRUST SECURITY FOR SMART-CAMPUS DIGITAL TWINS WITH ADAPTIVE CRYPTOGRAPHY AND ANOMALY DETECTION VALIDATED ON A CYBER-RANGE

Authors: Galia Marinova, Erilda Muka
Affiliation: Technical University of Sofia, Canadian Institute of Technology

Category:

Cryptography, Information security
Keywords: Digital Twin Security, Smart Campus Infrastructure, Cyber-Physical Systems, Zero-Trust Architecture, Adaptive Cryptography, Anomaly Detection
ABSTRACT. University campuses now operate as complex cyber–physical infrastructures integrating building automation networks, IoT sensor grids, energy management systems, and cloud-based analytical platforms. Digital twins (DTs) have emerged as a unifying technology to orchestrate these heterogeneous systems by maintaining synchronized virtual representations of physical assets and enabling predictive control workflows. However, the tight integration between digital analytics and physical actuation introduces a new class of cybersecurity risks: compromises affecting telemetry integrity, cryptographic transport layers, or analytic models can propagate directly into unsafe physical operations. Traditional perimeter-based security approaches and static encryption policies are ill-suited to such environments, particularly given the energy and computational constraints of IoT hardware deployed at scale. This paper presents a unified Zero-Trust security framework for smart-campus digital twins, experimentally validated through a live cyber-range deployment. The architecture combines continuous device identity verification, machine-learning driven adaptive cryptographic governance, and multivariate digital-twin anomaly detection into an end-to-end trust enforcement loop. Cryptographic protections are continuously tailored to device energy availability, computational load, telemetry sensitivity, and control latency requirements. Concurrently, a hybrid Isolation Forest and DBSCAN analytics pipeline verifies the semantic integrity of cyber–physical telemetry streams, detecting spoofing, replay, and desynchronization attacks. The framework is implemented and evaluated on a lecture-hall HVAC digital twin using embedded ESP8266 controllers, encrypted MQTT telemetry, and a Unity-based DT visualization platform operating as a cyber-range testbed. Results demonstrate that adaptive encryption reduces energy overhead by over 60% relative to static AES enforcement while maintaining real-time control stability. Behavioral anomaly detection achieves detection rates exceeding 94% across representative attack scenarios without introducing operational disruptions. The study establishes campus digital twins not only as operational optimization tools, but as active Zero-Trust enforcement platforms and experimentally viable cyber-ranges for advancing cyber–physical infrastructure security.
 Read full paper

References:

Grieves, M. (2014). Digital Twin: Manufacturing excellence through virtual factory replication. White paper, Florida Institute of Technology.
Fuller, A., Fan, Z., Day, C., & Barlow, C. (2020). Digital twin: Enabling technologies, challenges and open research. IEEE Access, 8, 108952–108971. https://doi.org/10.1109/ACCESS.2020.2998358
Wang, Y., Zhang, L., Chen, X., & Li, D. (2023). Security and privacy of digital twins: A comprehensive review. ACM Computing Surveys, 55(9), 1–36. https://doi.org/10.1145/3564810
Homaei, S., Abdollahi, A., & Ranjbar, M. (2024). Digital twins for smart buildings: Architectures, challenges, and case studies. Sustainable Cities and Society, 102, 105056. https://doi.org/10.1016/j.scs.2023.105056
Savaglio, C., Ganzha, M., Paprzycki, M., & Bădică, C. (2025). Digital twins: A systematic survey on cyber–physical system integration. Future Generation Computer Systems, 143, 145–165.
Wang, Y., & Wang, S. (2020). Digital-twin-based energy management and optimization in smart buildings. Energy and Buildings, 224, 110265. https://doi.org/10.1016/j.enbuild.2020.110265
Zheng, Y., Yang, S., & Cheng, H. (2022). An application framework of digital twin for smart buildings. Automation in Construction, 135, 104101. https://doi.org/10.1016/j.autcon.2022.104101
Zemskov, S., Shalyto, A., & Vasilev, A. (2024). Cyber-physical attacks on digital twin systems: Threat models and security architectures. IEEE Transactions on Industrial Informatics
Empl, P., & Pernul, G. (2023). Digital twins as semantic mediators for cyber-physical attacks and defenses. Computers & Security, 126, 102983. https://doi.org/10.1016/j.cose.2022.102983
Cohn, R., Greenberg, I., & Romano, J. (2019). Statistical change detection for sensor data streams. IEEE Sensors Journal, 19(22), 10459–10468
Liu, F. T., Ting, K. M., & Zhou, Z.-H. (2008). Isolation Forest. In Proceedings of the IEEE International Conference on Data Mining (ICDM), 413–422
Ester, M., Kriegel, H.-P., Sander, J., & Xu, X. (1996). A density-based algorithm for discovering clusters in large spatial databases with noise. In Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining (KDD), 226–231
Ruff, L., Vandermeulen, R., Görnitz, N., et al. (2020). Deep one-class classification for anomaly detection. In Proceedings of the International Conference on Machine Learning (ICML).
Xu, X., Lu, Y., Vogel-Heuser, B., & Wang, L. (2023). Knowledge distillation-assisted anomaly detection for digital twins in cyber–physical production systems. IEEE Transactions on Industrial Informatics, 19(4), 4297–4308
Wieser, V., Leitner-Fischer, M., & Kastner, W. (2024). Large-scale anomaly detection architectures for photovoltaic digital twins. Applied Energy, 349, 121632
Aslan, B. (2025). Lightweight cryptographic systems for constrained IoT deployments. ACM Computing Surveys (forthcoming).
Soto-Cruz, J., Martínez-Díaz, M., & López-Pérez, S. (2024). Performance evaluation of lightweight block ciphers for IoT environments. Journal of Information Security and Applications, 71, 103401
Mustafa, E., Alharbi, K., & Saleem, M. (2025). Adaptive encryption policies for energy-constrained IoT networks using machine learning. IEEE Internet of Things Journal
Al-Garadi, M., Khan, Z., & Guizani, M. (2020). A machine-learning-based approach for cryptographic optimization in heterogeneous IoT networks. IEEE Network, 34(4), 60–66
E. Muka, E. Mankolli and G. Marinova, "Anomaly Detection in Digital Twins: Leveraging AI for Real-Time Insight," 2025 32nd International Conference on Systems, Signals and Image Processing (IWSSIP), Skopje, North Macedonia, 2025, pp. 1-4, doi: 10.1109/IWSSIP66997.2025.11151958
E. Muka and G. Marinova, "Digital Twins to Monitor IoT Devices for Green Transformation of University Campus," 2024 International Conference on Broadband Communications for Next Generation Networks and Multimedia Applications (CoBCom), Graz, Austria, 2024, pp. 1-6, doi: 10.1109/CoBCom62281.2024.10631264