University Lecturer (Faculty Member) at the Department of Software Engineering, Faculty of Computer Science & Engineering, Ho Chi Minh City University of Technology (HCMUT), VNU-HCM. I am also a researcher affiliated with URA lab (Led by Assoc. Prof. Tho Quan) and RAISE lab (Led by Dr. Xuan-Bach Le) . Before focusing on my academic career, I gained valuable experience as a software engineer and tech lead on several projects related to AI-powered and big data management systems.
Recent highlights and updates
[JNCA] Paper on POP2TIC accepted to Journal of Network and Computer Applications (SCIE, Q1, IF: 8.0)
[CAEAI] Paper on Single-Token Logit Prompting for LLM-based MCQ published in Computers & Education: AI (ESCI, Q1, Top 1 Journal in Education)
[ICSA] Paper accepted at IEEE ICSA 2026 in Amsterdam, Netherlands (CORE Rank A)
[LM4UC@AAAI] Workshop paper accepted at AAAI 2026, Singapore — Bahnaric-Vietnamese Lexical Mapping
[EAAI] Paper on LiteFormer for financial time series published in Engineering Applications of Artificial Intelligence (SCIE, Q1, IF: 8.0)
[COMNET] Paper on PrivacyGuard for IoT-Fog-Cloud published in Computer Networks (SCIE, Q1, IF: 4.6)
🏆 Received the National "Creative Youth" Award from Central Committee of the Vietnamese Youth Union
[AIED] Paper on LLM Summer School for high-school students accepted at AIED 2025, Palermo (CORE Rank A)
Ho Chi Minh City University of Technology, Vietnam National University
2021 – 2023 (9.05/10 ~4.0/4.0 — Excellence)
Ho Chi Minh City University of Technology, Vietnam National University
2016 – 2020 (Very good)
HCM City University of Industry & Trade — Institute of Digital Transformation
Viettel High Technology Industries Corporation, Viettel Group
[JNCA'26] POP2TIC: Performance Optimization for Privacy-Preserving Fog Computing using TEE and Intelligent Caching
Journal of Network and Computer Applications
Fog computing enables low-latency services by positioning computational resources at the network edge but processing sensitive data on distributed and potentially untrusted nodes raises significant privacy concerns. While Trusted Execution Environments (TEEs) provide hardware-enforced security, they introduce substantial performance overhead (18-68ms cold start latency). Conversely, intelligent caching strategies optimize performance but assume trusted infrastructure, creating a fundamental gap between security and performance requirements. This paper presents a systematic investigation of privacy-preserving fog computing that integrates TEE-based security with intelligent caching. We synthesize recent advances across TEE privacy solutions, intelligent caching approaches, and integrated frameworks, analyzing trade-offs between security guarantees and performance metrics. Our analysis reveals that existing solutions address either security or performance in isolation, with limited work on joint optimization. We introduce POP2TIC, a four-tier framework combining hash-based caching (98% hit rate, 2128 keyspace) with optimized TEE pooling (8.5 ms warm start). Experimental evaluation demonstrates 3.16 ms average latency (75.3% reduction vs. existing fog solutions) and 91.7% attack detection rate while consuming 135% CPU and 299MB memory.
@article{tran2026pop2tic,
title={POP2TIC: Performance optimization for privacy-preserving fog computing using TEE and intelligent caching},
author={Tran-Truong, Phat T and Mai, Trung D and Son, Ha X and Nguyen-Ngoc, Phien and Le, Bang K and Vo, Khanh H and Kim, Ngan NT and Nguyen, Triet M and Nguyen, Anh T},
journal={Journal of Network and Computer Applications},
pages={104478},
year={2026},
publisher={Elsevier}
}[CAEAI'26] Enhancing Large Language Model Performance for Automatic Zero-Shot MCQ Answering via Single-Token Logit Prompting
Computers & Education: Artificial Intelligence
While Large Language Models (LLMs) offer significant potential for educational applications, they exhibit distinct limitations when answering multiple-choice questions (MCQs). Because LLMs are optimized for autoregressive token prediction, their performance degrades substantially when answer choices are simply shuffled—a phenomenon known as the Multiple-Choice Symbol Binding (MCSB) limitation. To mitigate this, we introduce a novel prompting technique called Single-Token Logit (STL). Instead of evaluating the output logits of all answer labels, STL extracts and normalizes the logit value of a single token type (specifically “yes”) to independently verify each option. We comprehensively evaluate STL against established baselines, including Labels Token Logits (LTL) and Chain-of-Thought (CoT), across the ARC, OpenBookQA, and SciQ datasets. In almost all configurations, STL matches or outperforms the standard baseline (LTL)—yielding gains of up to 11 percentage points—at a moderate computational overhead (1.58× latency and 3.72× GPU memory relative to LTL). Furthermore, sample-by-sample McNemar’s testing (α = 0.05) confirms STL is statistically superior to LTL and highly competitive against the computationally expensive CoT method. Finally, we demonstrate STL’s robustness in knowledge-intensive environments by integrating it with Retrieval-Augmented Generation (RAG), where it achieves up to 81.06% accuracy on the combined ARC dataset with Mistral 7B—a 9.36 percentage point gain over the original no-context baseline (LTL) of 71.7%.
@article{dang2026enhancing,
title={Enhancing large language model performance for automatic zero-shot multiple-choice question answering via single-token logit prompting},
author={Dang, Quoc Phu and Tran-Truong, Phat T and Vu, Duc-Ly and Nguyen, Long ST and Vo, Quynh TN and Quan, Tho},
journal={Computers and Education: Artificial Intelligence},
pages={100578},
year={2026},
publisher={Elsevier}
}[COMNET'26] PrivacyGuard: A Hierarchical Privacy-Preserving Framework for IoT-Fog-Cloud Architectures
Computer Networks, vol. 278
Fog computing enables low-latency IoT applications but introduces critical privacy risks when fog nodes are untrusted. Existing privacy frameworks address cloud security or basic fog encryption, yet none provide comprehensive user-centric privacy enforcement with fine-grained preference composition for distributed IoT-fog-cloud architectures. This paper presents PrivacyGuard, a novel four-tier privacy-preserving framework for personal IoT data protection with untrusted fog infrastructure. Key innovations include: an edge layer for hierarchical privacy preferences with exceptions; GDPR-compliant data and purpose taxonomies supporting fine-grained control; automated privacy preference composition for multi-source data fusion; TEE-based privacy validation enabling secure computation on encrypted data at fog nodes; and hash-based result caching optimized for high-latency rural networks. Empirical results demonstrate sub-100ms P99 latency (97.03ms) for single requests, graceful degradation to 2,059ms under 100 concurrent users, 91.7% MITM resistance, and 6.37× cache speedup.
@article{tran2026pop2tic,
title={POP2TIC: Performance optimization for privacy-preserving fog computing using TEE and intelligent caching},
author={Tran-Truong, Phat T and Mai, Trung D and Son, Ha X and Nguyen-Ngoc, Phien and Le, Bang K and Vo, Khanh H and Kim, Ngan NT and Nguyen, Triet M and Nguyen, Anh T},
journal={Journal of Network and Computer Applications},
pages={104478},
year={2026},
publisher={Elsevier}
}[EAAI'26] LiteFormer: A Lightweight Encoder-Only Transformer for Efficient Financial Time Series Forecasting
Engineering Applications of Artificial Intelligence, vol. 167
Financial time-series forecasting is challenged by non-linear, non-stationary dynamics driven by macroeconomic factors, market sentiment, and stochastic events. Traditional statistical models assume stationarity and linear dependencies, failing to capture complex temporal patterns, while deep learning approaches struggle with vanishing gradients and long-term dependencies. Standard Transformers incur high computational costs (quadratic complexity, O(n^2*d), per layer) due to attention mechanisms and large parameter counts, where n is the sequence length and d is the model dimension. This study proposes LiteFormer, a lightweight, encoder-only Transformer for univariate stock price forecasting, leveraging N=4 encoder layers with h=8 multi-head self-attention and feed-forward networks (d_ff=512). Operating on sequences of closing prices (T=14, d_model=128), LiteFormer employs sinusoidal positional encodings, a causal mask, dropout (p=0.1 ), and layer normalization to model temporal dependencies and enhance generalization. With only 750,000+ parameters, LiteFormer reduces per layer complexity via compact design, thereby enabling low-latency inference (38 millisecond) and energy efficiency (96.894 Watt), which promises to offers scalable real-time inference for industrial fintech systems. Experiments across 30 stocks from the S&P 500, FTSE 100, and Nikkei 225 indices demonstrate Mean Absolute Error and Root Mean Square Error reductions of 3.45%–9.09% over vanilla Transformers and up to 48% over recurrence neural models for high-volatility stocks. LiteFormer’s efficient, interpretable architecture, driven by attention weights, offers a scalable solution with potential for multivariate extensions and real-world multi-modal applications in predictive domain.
@article{anh2026liteformer,
title={LiteFormer: A lightweight encoder-only Transformer for efficient financial time series forecasting across global stock indices},
author={Anh, Nguyen Quoc and Phat, Tran Truong Tuan and Son, Ha Xuan and Nhan, Thai Thi Thanh and Phien, Nguyen Ngoc and Tuan, Trung Phan Hoang and Kim, Ngan Nguyen Thi},
journal={Engineering Applications of Artificial Intelligence},
volume={167},
pages={113681},
year={2026},
publisher={Elsevier}
}[PMC'25] SecureWearTrade: A Comprehensive Blockchain-Enabled IoT Framework for Secure Personal Data Trading from Wearable Devices
Pervasive and Mobile Computing, vol. 115
This article introduces SecureWearTrade, a comprehensive blockchain-enabled IoT framework designed to advance secure personal data trading from wearable devices in healthcare. Addressing critical challenges related to security, privacy, and efficiency in resource-constrained environments, our work makes three key contributions: (1) an enhanced hierarchical identity-based encryption (HIBE) scheme with wildcard support, enabling fine-grained and flexible access control tailored to the dynamic needs of healthcare data management; (2) a novel integration of blockchain with IPFS, providing immutable transaction records and efficient key management; and (3) an optimized batch processing mechanism for effectively handling multiple data streams. By comprehensive evaluation with real-world settings with devices and dataset, SecureWearTrade demonstrates superior performance in encryption and decryption efficiency, resource utilization, and scalability compared to existing solutions. Additionally, the framework maintains robust security under the Bilinear Diffie–Hellman Exponent (BDHE) assumption. By ensuring privacy-preserving data trading, SecureWearTrade offers a scalable and trustworthy solution for the IoT-Cloud continuum.
@article{tran2025secureweartrade,
title={SecureWearTrade: A comprehensive blockchain-enabled IoT framework for secure personal data trading from wearable devices},
author={Tran-Truong, Phat T and Mai, Trung D and Son, Ha X and Nguyen, Phien N and Le, Tuan T and Nguyen, Triet M and Vo, Khanh H and Le, Bang K and Nguyen, Ngan TK and Nguyen, Minh N and others},
journal={Pervasive and Mobile Computing},
pages={102130},
year={2025},
publisher={Elsevier}
}[HCCOM'25] TACKLE: Time-based Access Control and Key Delegation for Letter of Credit Ecosystems
High-Confidence Computing
Letters of Credit (L/Cs) are essential for international trade, but traditional systems struggle with security, efficiency, and access control. To address these challenges, we propose TACKLE, a new framework that combines identity-based encryption (IBE) with blockchain technology. TACKLE offers advanced features like time-based access control and hierarchical key delegation, making it ideal for complex international trade workflows. Our framework significantly improves document verification and access management while maintaining strong security. We tested TACKLE’s performance and found it to be efficient, with quick key generation times (68–74 ms) and fast encryption (3.933 to 8.333 s). Network latency was stable at 2–8 ms across different data sizes. Compared to RSA, TACKLE generated keys 34.2% faster while using similar system resources. Our results show that TACKLE effectively balances security with efficiency, making it suitable for typical L/C documents up to 10MB. With its strong security features and performance, TACKLE is a promising solution for modernizing international trade finance.
@article{tran2025tackle,
title={TACKLE: Time-based access control and key delegation for letter of credit ecosystems},
author={Tran-Truong, Phat T and Son, Ha X and Khanh, Vo H and Triet, Nguyen M and Anh, Nguyen T and Bang, Le K and Ngan, Nguyen TK},
journal={High-Confidence Computing},
pages={100369},
year={2025},
publisher={Elsevier}
}[IJIS'25] CI2P-MedHFDroid: A Context-Aware Individual Privacy Preferences Model for Medical, Health & Fitness Android Apps
International Journal of Information Security, vol. 26
The widespread adoption of medical, health, and fitness applications (MedHF apps) has revolutionized health monitoring but also raised critical privacy concerns. Studies revealed that 79% of popular health apps share sensitive user data (e.g., medical records, location) with third parties without transparent consent (bmj 364, 2019), while overly complex privacy policies further obscure data practices. To address these challenges, this article introduces CI2P-MedHFDroid, a context-aware privacy protection model for Android MedHF apps that captures individual privacy preferences across various contexts, including app categories, data types (e.g., location, health metrics), sharing recipients (e.g., third parties), and usage purposes (e.g., advertising). Our research involves analyzing 1,756 medical and 1,646 health & fitness apps through static source code and NLP-based privacy policy analysis, resulting in a comprehensive app database. Leveraging semi-supervised learning with AdaBoost, EM, and TSVM, our model achieves up to 92.7% accuracy, with 77% of 100 diverse participants expressing high satisfaction with TSVM predictions. Additionally, we provide insights into app privacy behaviors, empowering developers to design transparent, user-centric privacy mechanisms. By balancing functionality and privacy, CI2P-MedHFDroid offers a scalable, adaptive solution to enhance trust in healthcare apps.
@article{phien2025ci2p,
title={CI2P-MedHFDroid: a context-aware individual privacy preferences model for medical, health \& fitness android apps: NN Phien et al.},
author={Phien, Nguyen Ngoc and Tran-Truong, Phat T and Son, Ha Xuan and Khanh, Vo H and Nguyen, Triet M and Huong, Luong H and Le, Bang K and K, Ngan Nguyen T},
journal={International Journal of Information Security},
volume={24},
number={4},
pages={176},
year={2025},
publisher={Springer}
}[JSA'25] A Systematic Review of Multi-Factor Authentication in Digital Payment Systems: NIST Standards Alignment and Industry Implementation Analysis
Journal of Systems Architecture, vol. 162
This survey presents a systematic evaluation of Multi-Factor Authentication (MFA) practices in digital payment systems, analyzing their alignment with NIST Special Publications 800-63 guidelines. Through a comprehensive review of 70 academic papers published between 2017–2024 and 13 industry-based authentication tools, we examine how current implementations measure against Identity Assurance Level (IAL) and Authentication Assurance Level (AAL) standards. Our analysis reveals a significant gap between theoretical capabilities proposed in academic research and actual industry implementations, with 33% of tools relying primarily on OTP-based authentication despite more advanced methods being available. The survey identifies emerging trends like biometric authentication adoption (60% of analyzed papers) and varying regulatory compliance across sectors, with payment systems demonstrating 77% alignment with standards while IoT and E-Service domains show fragmented approaches. We propose a framework for developing adaptive authentication systems that balance security requirements with user experience through context-aware risk assessment. This work provides valuable insights for researchers, practitioners, and policymakers working to enhance the security and usability of digital payment authentication systems.
@@article{tran2025systematic,
title={A systematic review of multi-factor authentication in digital payment systems: NIST standards alignment and industry implementation analysis},
author={Tran-Truong, Phat T and Pham, Minh Q and Son, Ha X and Nguyen, Dat LT and Nguyen, Minh B and Tran, Khiem L and Van, Loc CP and Le, Kiet T and Vo, Khanh H and Kim, Ngan NT and others},
journal={Journal of Systems Architecture},
volume={162},
pages={103402},
year={2025},
publisher={Elsevier}
}[SNCS'24] A Pragmatic Privacy-Preserving Deep Learning Framework Satisfying Differential Privacy
SN Computer Science, vol. 5
With the increasing use of technology in our daily lives, data privacy has become a critical issue. It is essential to carefully design technologies to ensure the protection of people’s personal information. In fact, what we need are privacy-enhancing technologies (PETs) rather than solely focusing on technologies themselves. Artificial intelligence (AI) and deep learning technologies, which are considered societal locomotives, are no exception. However, AI practitioners usually design and develop without considering privacy concerns. To address this gap, we propose a pragmatic privacy-preserving deep learning framework that is suitable for AI practitioners. Our proposed framework is designed to satisfy differential privacy, a rigorous standard for preserving privacy. It is based on a setting called Private Aggregation of Teacher Ensembles (PATE), in which we have made several improvements to achieve a better level of accuracy and privacy protection. Specifically, we use a differential private aggregation mechanism called sparse vector technique and combine it with several other improvements such as human-in-the-loop and pre-trained models. Our proposed solution demonstrates the possibility of producing privacy-preserving models that approximate ground-truth models with a fixed privacy budget. These models are capable of handling a large number of training requests, making them suitable for deep learning training processes. Furthermore, our framework can be deployed in both centralized and distributed training settings. We hope that our work will encourage AI practitioners to adopt PETs and build technologies with privacy in mind.
@article{dang2023pragmatic,
title={A pragmatic privacy-preserving deep learning framework satisfying differential privacy},
author={Dang, Tran Khanh and Tran-Truong, Phat T},
journal={SN Computer Science},
volume={5},
number={1},
pages={130},
year={2023},
publisher={Springer}
}[ICSA'26] Exploring the Reasoning Depth of Small Language Models in Software Architecture
IEEE ICSA 2026, Amsterdam
In the era of ”Software Engineering 2.0” (SE 2.0), where intelligent agents collaborate with human engineers, Generative AI is advancing beyond code generation into Software Architecture (SA). While Large Language Models (LLMs) demonstrate superior capabilities, computational costs and data privacy concerns drive interest in Small Language Models (SLMs) with fewer than 7 billion parameters. However, the reasoning limits of these resource-constrained models remain unexplored. This study benchmarks 10 state-of-the-art SLMs on Architectural Decision Records generation, introducing a multi-dimensional framework evaluating Technical Compliance and Semantic Diversity. Our empirical results reveal a significant reasoning gap: models above the 3B-parameter threshold demonstrate robust zero-shot capabilities, while sub-2B models show the strongest BERTScore gains from Fine-Tuning, though compliance improvements are not guaranteed. Contrary to assumptions regarding context saturation, Few-Shot prompting serves as a highly effective calibration mechanism for select mid-sized models with short context windows. Furthermore, high semantic diversity in offthe-shelf small models often correlates with hallucination rather than productive exploration. These findings establish a rigorous baseline for deploying sustainable, locally hosted architectural assistants.
@article{vo2026exploring,
title={Exploring the Reasoning Depth of Small Language Models in Software Architecture: A Multidimensional Evaluation Framework Towards Software Engineering 2.0},
author={Vo, Ha and Tran, Nhut and Vo, Khang and Tran-Truong, Phat T and Ha, Son},
journal={arXiv preprint arXiv:2603.07091},
year={2026}
}[LM4UC@AAAI] Sentence-Aware Bahnaric-Vietnamese Lexical Mapping with Contrastive Contextual Representations
LM4UC Workshop, AAAI 2026, Singapore
Underserved and extremely low-resource languages challenge current language technologies, especially when lexical borrowing and synonymy undermine exact-match assumptions. We study Bahnaric-Vietnamese lexical mapping as a step toward meaning-preserving sentence translation. Unlike prior work based on static embeddings and Mean Squared Error (MSE) alignment, we learn sentence-aware word representations with a small multilingual transformer pretrained on Vietnamese, adapt it with Low-rank adaptation (LoRA) for parameter efficiency, and align Bahnaric-Vietnamese pairs using a two-layer projection trained with InfoNCE contrastive loss. We exploit a new community-sourced lexicon of approximately 10,000 Bahnaric-Vietnamese pairs collected with local partners, capturing one-to-one, one-to-many, and many-to-one anchor relations as well as extensive lexical borrowing. Experiments evaluate retrieval-style alignment with Precision at K (P@K) and Mean Reciprocal Rank (MRR), as well as sentence translation using top-1 accuracy, Bilingual Evaluation Understudy (BLEU), Character n-gram F-score (ChrF), and embedding-based BERTScore. We also qualitatively analyze cases where n-gram metrics under-credit semantically adequate outputs in synonym-rich settings, and our ablation analysis shows that InfoNCE contrastive training dramatically outperforms MSE regression. On the 1k lexicon, our best model attains P@1 and MRR , substantially improving over a static-embedding MSE baseline, while on the richer 10k community lexicon it reaches comparable sentence-level top-1 accuracy and BERTScore F1 despite slightly lower BLEU and chrF, highlighting both the benefits of the expanded resource and the remaining challenges of synonym-rich, low-frequency vocabulary.
@inproceedings{nguyen2026sentence,
title={Sentence-Aware Bahnaric-Vietnamese Lexical Mapping with Contrastive Contextual Representations},
author={Nguyen, Thi Ty and Tran-Truong, Phat T and Nguyen, Long and Nguyen, Tan Sang and Quan, Tho},
booktitle={Second Workshop on Language Models for Underserved Communities (LM4UC)},
year={2026}
}[ICSOC'25] SLIE: A Secure and Lightweight Cryptosystem for Data Sharing in IoT Healthcare Services
ICSOC 2025, Shenzhen
The Internet of Medical Things (IoMT) has revolutionized healthcare by transforming medical operations into standardized, interoperable services. However, this service-oriented model introduces significant security vulnerabilities in device management and communication, which are especially critical given the sensitivity of medical data. To address these risks, this paper proposes SLIE (Secure and Lightweight Identity Encryption), a novel cryptosystem based on Wildcard Key Derivation Identity-Based Encryption (WKD-IBE). SLIE ensures scalable trust and secure omnidirectional communication through end-to-end encryption, hierarchical access control, and a lightweight key management system designed for resource-constrained devices. It incorporates constanttime operations, memory obfuscation, and expiry-based key revocation to counter side-channel, man-in-the-middle, and unauthorized access attacks, thereby ensuring compliance with standards like HIPAA and GDPR. Evaluations show that SLIE significantly outperforms RSA, with encryption and decryption times of 0.936ms and 0.217ms for 1KB of data, an 84.54% improvement in encryption speed, a 99.70% improvement in decryption speed, and an energy efficiency of 0.014 J/KB.
@inproceedings{son2025slie,
title={SLIE: A Secure and Lightweight Cryptosystem for Data Sharing in IoT Healthcare Services},
author={Son, Ha Xuan and Anh, Nguyen Quoc and Tran-Truong, Phat T and Tuan, Le Thanh and Nghiem, Pham Thanh},
booktitle={International Conference on Service-Oriented Computing},
pages={225--233},
year={2025},
organization={Springer}
}[AIED'25] Riding on The Back of A Whale: A Hackathon Framework for Introducing High School Students to LLMs
AIED 2025, Palermo
As large language models (LLMs) become more integrated into daily life, it is crucial to foster AI literacy among high school students. However, most AI courses target college-level learners and assume prior knowledge, while high schools often lack the foundational curriculum and infrastructure for traditional LLM education. To bridge this gap, we present a hackathon-based framework that makes LLM learning accessible, engaging, and hands-on. The program combines interactive lectures on core LLM concepts with a guided competition where students fine-tune models and build real-world applications, such as healthcare chatbots. This approach boosts motivation, programming skills, and practical understanding. Post-hackathon survey results show students gained both functional LLM experience and foundational knowledge. Furthermore, our framework can be extended to broader audiences, including learners without prior AI/NLP experience, offering a rapid, application-driven introduction to LLMs.
@inproceedings{nguyen2025riding,
title={Riding on the Back of a Whale: A Hackathon Framework for Introducing High School Students to Large Language Models},
author={Nguyen, Duc and Le, Dong and Nguyen, Long and Vu, Quyen and Le, Tran and Nguyen, Dung and Huynh, Nga and Nguyen, Huong and Tran, Phat and Le, Dang and others},
booktitle={International Conference on Artificial Intelligence in Education},
pages={201--209},
year={2025},
organization={Springer}
}[IJCCI'25] GADA: An Adaptive Genetic Algorithm-Based Framework for Dynamic University Course Timetabling
IJCCI 2025, Marbella
The University Course Timetabling Problem (UCTP) is a well-known NP-hard multi-objective optimization problem influenced by variety of factors ranging from institutional policies and facilities, institutional facilities, course characteristics to instructor availability, instructor preferences and the diversity and variability of student registration behaviors. This paper introduces GADA, a novel approach to automate course timetabling. Unlike traditional models that mostly assume static, centralized scheduling, GADA is an adaptive geneticalgorithm-based approach tailored for decentralized, credit-based systems where students independently register for courses and instructors have diverse time preferences. GADA focuses on optimizing course-to-timeslot allocation while satisfying both hard institutional constraints and soft instructor preferences. By automating critical steps in the scheduling workflow, GADA significantly reduces manual effort, increases scheduling flexibility, and adapts efficiently to late-stage registration changes. It has been implemented and evaluated extensively in the real-world environment at the Faculty of Computer Science and Engineering at Ho Chi Minh City University of Technology (CSE@HCMUT). The experimental results demonstrate GADA’s effectiveness and practical applicability in generating conflict-free and operationally feasible schedules while addressing the complex constraints inherent in decentralized academic timetabling.
@inproceedings{nguyen2025gada,
title={GADA: An Adaptive Genetic Algorithm-Based Framework for Dynamic University Course Timetabling},
author={Nguyen, Minh Tam and Tran-Truong, Phat T and Truong, Anh Tuan},
booktitle={International Joint Conference on Computational Intelligence},
pages={164--180},
year={2025},
organization={Springer}
}[ICSOCW'24] Decoding the Privacy Policy Implications of Personal Data Processing: A Framework for GDPR Compliance
ICSOC Workshops 2024, Tunis
The proliferation of business and social mobile apps has led to an unprecedented surge in personal data processing, raising significant privacy concerns. While the General Data Protection Regulation (GDPR) provides a legal framework for data protection, many app developers struggle to create clear and concise privacy policies that effectively communicate their data practices to users. Existing privacy policy analysis methods, primarily focused on legal compliance, often overlook the qualitative aspects that are crucial for user trust and understanding. To address this gap, this paper introduces GenAI, a novel generative AI model designed to delve deeper into privacy policies and assess their quality against the principles outlined in GDPR Article 5 - “Principles relating to processing of personal data”. GenAI transcends traditional compliance checks by categorizing privacy policies based on “Good" and “Bad" standards, aligning with the GDPR’s core principles. This comprehensive evaluation encompasses both legal compliance and qualitative factors, providing a more nuanced understanding of privacy practices. To validate our approach, we conducted a rigorous analysis of 100 business and 100 social apps, revealing valuable insights into the current state of privacy policy quality. By doing this, our research aims to contribute to a future where privacy policies are not merely legal necessities but fundamental pillars of trust between app developers and users.
@inproceedings{tran2024decoding,
title={Decoding the Privacy Policy Implications of Personal Data Processing: A Framework for GDPR Compliance in Business and Social Apps},
author={Tran-Truong, Phat Tuan and Pham, Nghiem Thanh and Tuan, Trung Phan Hoang and Quoc, Bao Tran and Ba, Nam Tran and Kim, Ngan Nguyen Thi and Minh, Hieu Doan and Gia, Khiem Huynh},
booktitle={International Conference on Service-Oriented Computing},
pages={194--205},
year={2024},
organization={Springer}
}[PDCAT'24] Decentralizing Energy Trading for Electric Vehicles using Blockchain Technology
PDCAT 2024, Hong Kong
The increasing adoption of electric vehicles (EVs) and integration of renewable energy sources present challenges in energy management and trading that require innovative approaches beyond traditional centralized models. This paper examines the efficacy of employing blockchain technology, the InterPlanetary File System (IPFS), and RSA-encrypted Non-Fungible Tokens (NFTs) to create a decentralized energy trading management system for EVs. By leveraging these technologies, the proposed system addresses the lack of transparency and inefficiencies in traditional models by ensuring secure, transparent, and efficient interactions among energy producers, consumers, and grid operators. The financial viability of implementing this system is evaluated by analyzing transaction fees across various Ethereum Virtual Machine (EVM)-compatible platforms including BNB chain, Fantom, Polygon and Celo for stimulating and identifying cost-effective solutions for the integration of these advanced technologies.
@inproceedings{tran2024decentralizing,
title={Decentralizing Energy Trading for Electric Vehicles Using Blockchain Technology},
author={Tran-Truong, Phat T and Trung, Phan Hoang Tuan and Bang, Le K},
booktitle={International Conference on Parallel and Distributed Computing: Applications and Technologies},
pages={541--552},
year={2024},
organization={Springer}
}[IMCOM'24] Money Laundering Detection using A Transaction-based Graph Learning Approach
IMCOM 2024, Kuala Lumpur
Money laundering poses a pervasive threat to the stability and integrity of global financial systems. Since traditional anti-money laundering (AML) methods predominantly rely on rule-based systems and statistical approaches, it has limitations to capture the intricate and interconnected relationships that is inherent in money laundering networks. In response to this challenge, this paper proposes an innovative approach to enhance money laundering detection through transactions. We begin by constructing network graphs from a large dataset of bank transactions. Drawing insights from language modeling and supervised learning, we transform these graphs into directed node representations that effectively encode these intricate relationships and community structures within the transaction network. Subsequently, we utilize Random Forest (RF) to predict suspicious behavior associated with money laundering. Additionally, we address the specific challenges posed by highly imbalanced classes in the context of money laundering detection through both oversampling and undersampling experiments to overcome these challenges. The predictive performance of the RF model with oversampling yielded an accuracy of 86%, whereas when undersampling was applied, the accuracy increased to 92%.
@inproceedings{huong2024money,
title={Money laundering detection using a transaction-based graph learning approach},
author={Huong, Huu and Nguyen, Xuan and Dang, Tran Khanh and Tran-Truong, Phat T},
booktitle={2024 18th International Conference on Ubiquitous Information Management and Communication (IMCOM)},
pages={1--8},
year={2024},
organization={IEEE}
}[FDSE'23] An Enhanced Incentive Mechanism for Crowdsourced Federated Learning Based on Contract Theory and Shapley Value
FDSE 2023, Da Nang
Federated learning is a recently dominant learning method for crowdsourced learning systems with diverse scales. It plays a pivotal role in smart city operation technologies, such as cross-organization (e.g., hospitals, banks, etc.), Mobile Ad hoc networks (MANETs), Mobile Edge Computing (MEC), Vehicle Ad hoc Networks (VANETs), and Internet of Things (IoTs). Specifically, this method aggregates a global model from local models trained on the private data of clients. To achieve high accuracy and collaborate effectively, federated learning-based crowdsourced systems need to attract sufficient quality clients. Therefore, a proper incentive mechanism is essential to motivate clients to join and contribute to the best of their ability. However, it is challenging to design such a mechanism due to the fact that each client has different system resources, data size, and effort. This implies that if the incentive mechanism is not well-designed, it will lead to a moral hazard situation, where clients may free-ride and the overall accuracy of the global model will undergo a downward spiral. Furthermore, the clients who contribute most to the accuracy of the global model are not necessarily those with the most decorated power and dedicated work. To address these challenges, we propose a joint optimization mechanism that leverages contract theory and Shapley value. This mechanism helps to reveal private information about clients and quantify their contribution to the global model, so that a suitable and equitable incentive can be constituted for each client.
@inproceedings{dang2023enhanced,
title={An enhanced incentive mechanism for crowdsourced federated learning based on contract theory and shapley value},
author={Dang, Tran Khanh and Tran-Truong, Phat T and Trang, Nguyen Thi Huyen},
booktitle={International Conference on Future Data and Security Engineering},
pages={18--33},
year={2023},
organization={Springer}
}[FDSE'22] pPATE: A Pragmatic Private Aggregation of Teacher Ensembles Framework by SVT-Based Differential Privacy, Paillier Cryptosystem and Human-in-the-loop
FDSE 2022, HCMC
Abstract content for this publication. (Toggle to read more)
@inproceedings{tran2022ppate,
title={pPATE: a pragmatic private aggregation of teacher ensembles framework by sparse vector technique based differential privacy, paillier cryptosystem and human-in-the-loop},
author={Tran-Truong, Phat T and Dang, Tran Khanh},
booktitle={International Conference on Future Data and Security Engineering},
pages={332--346},
year={2022},
organization={Springer}
}[ACOMP'20] Data Poisoning Attack on Deep Neural Network and Some Defense Methods
ACOMP 2020, Quy Nhon
Abstract content for this publication. (Toggle to read more)
@inproceedings{dang2020data,
title={Data poisoning attack on deep neural network and some defense methods},
author={Dang, Tran Khanh and Truong, Phat T Tran and Tran, Pi To},
booktitle={2020 International Conference on Advanced Computing and Applications (ACOMP)},
pages={15--22},
year={2020},
organization={IEEE}
}[EuroS&P] Taint-Based Code Slicing for LLMs-based Malicious NPM Package Detection
Under submission: EuroS&P 2026
Software supply chain attacks targeting the npm ecosystem have become increasingly sophisticated, leveraging obfuscation and complex logic to evade traditional detection mechanisms. Recently, large language models (LLMs) have attracted significant attention for malicious code detection due to their strong capabilities in semantic code understanding. However, the practical deployment of LLMs in this domain is severely constrained by limited context windows and high computational costs. Naive approaches, such as token-based code splitting, often fragment semantic context, leading to degraded detection performance. To overcome these challenges, this paper introduces a novel LLM-based framework for malicious npm package detection that leverages code slicing techniques. A specialized taint-based slicing method tailored to the JavaScript ecosystem is proposed to recover malicious data flows. By isolating security-relevant logic from benign boilerplate code, the approach reduces the input code volume by over 99\% while preserving critical malicious behaviors. The framework is evaluated on a curated dataset comprising over \num{7000} malicious and benign npm packages. Experimental results using the DeepSeek-Coder-6.7B model demonstrate that the proposed approach achieves a detection accuracy of \num{87.04}\%, significantly outperforming a full-package baseline based on naive token splitting (\num{75.41}\%). These results indicate that semantically optimized input representations via code slicing not only mitigate the LLM context window bottleneck but also enhance reasoning precision for security analysis, providing an effective defense against evolving open-source software supply chain threats.
@article{nguyen2025taint,
title={Taint-Based Code Slicing for LLMs-based Malicious NPM Package Detection},
author={Nguyen, Dang-Khoa and Ho, Gia-Thang and Pham, Quang-Minh and Dang-Thi, Tuyet A and Vu, Minh-Khanh and Nguyen, Thanh-Cong and Tran-Truong, Phat T and Vu, Duc-Ly},
journal={arXiv preprint arXiv:2512.12313},
year={2025}
}Candlestick Is All You Need for Temporal Recognition in Finance
Recognizing temporal patterns in financial time series remains a global bottleneck, particularly in cryptocurrency ecosystems where price dynamics exhibit highly non-stationary and volatile behavior across continuous timestamps. Although deep neural networks have been widely applied to analyze directional trends, studying the intricate dependencies among multifaceted influencing factors often leads to overfitting on historical noise, limiting efficient out-of-sample generalization and explainability. This paper introduces a novel approach that transforms sequential cryptocurrency price time series into candlestick chart images and leverages pre-trained vision backbones to perform trend classification in a manner analogous to standard image classification tasks. This method substantially reduces the need for specialized time-series architecture design while providing a broadly applicable learned representation for sequence modeling. Extensive benchmarking under extreme conditions of diverse training regimes, labeling schemes, trading horizons, degrees of missing data, and price sparsity demonstrates strong robustness, with lightweight models attaining near-maximal F1 scores.
@article{anh2026candlestick,
title={Candlestick Is All You Need for Temporal Recognition in Finance},
author={Nguyen, Quoc Anh and Tran-Truong, Phat T and Ha, Son and Nguyen, Phien and Phan, Trung and Nguyen, Thuan and Chan, Nguyen and Le, Khoa},
journal={SSRN Electronic Journal},
year={2026},
url={https://papers.ssrn.com/sol3/papers.cfm?abstract_id=6431502}
}SegMaFormer: A Hybrid State-Space and Transformer Model for Efficient Segmentation
arXiv:2603.22002
The advent of Transformer and Mamba-based architectures has significantly advanced 3D medical image segmentation by enabling global contextual modeling, a capability traditionally limited in Convolutional Neural Networks (CNNs). However, state-of-the-art Transformer models often entail substantial computational complexity and parameter counts, which is particularly prohibitive for volumetric data and further exacerbated by the limited availability of annotated medical imaging datasets. To address these limitations, this work introduces SegMaFormer, a lightweight hybrid architecture that synergizes Mamba and Transformer modules within a hierarchical volumetric encoder for efficient long-range dependency modeling. The model strategically employs Mamba-based layers in early, high-resolution stages to reduce computational overhead while capturing essential spatial context, and reserves self-attention mechanisms for later, lower-resolution stages to refine feature representation. This design is augmented with generalized rotary position embeddings to enhance spatial awareness. Despite its compact structure, SegMaFormer achieves competitive performance on three public benchmarks (Synapse, BraTS, and ACDC), matching the Dice coefficient of significantly larger models. Empirically, our approach reduces parameters by up to 75 × and substantially decreases FLOPs compared to current state-of-the-art models, establishing an efficient and high-performing solution for 3D medical image segmentation.
@article{nguyen2026segmaformer,
title={SegMaFormer: A Hybrid State-Space and Transformer Model for Efficient Segmentation},
author={Nguyen, Duy D and Tran-Truong, Phat T},
journal={arXiv preprint arXiv:2603.22002},
year={2026}
}[AdHoc] Systematic Survey on Privacy-Preserving Architectures for IoT and Vehicular Data Sharing: Techniques, Challenges, and Future Directions
Under submission: Elsevier's Ad Hoc Networks
The proliferation of IoT and V2X systems generates unprecedented sensitive data at the network edge, demanding privacy-preserving architectures that enable secure sharing without exposing raw information. Contemporary solutions face a fundamental privacy-efficiency-trust trilemma: achieving strong privacy guarantees, computational efficiency for resource-constrained devices, and decentralized trust simultaneously remains intractable with single-paradigm approaches. This survey systematically analyzes 75 technical papers (2007--2025) through a novel three-dimensional taxonomy classifying architectures into Decentralized Computation, Cryptography-based, and Distributed Ledger approaches. Temporal analysis reveals dramatic acceleration during 2024--2025, with 48% of all papers published in this period -- Decentralized Computation dominates at 44% of contributions and 59% of 2025 publications. Comprehensive Security Threat Mapping and Technology Maturity Assessment demonstrate that mature solutions occupy narrow design regions excelling in one or two dimensions while compromising others, conclusively validating the trilemma hypothesis. We identify emerging hybrid architectures combining complementary paradigms as the essential path forward. Critical challenges including security guarantee composition across layers, multi-layer coordination overhead minimization, and post-quantum security integration must be addressed for practical deployment in next-generation intelligent transportation systems and IoT ecosystems.
@article{tran2026systematic,
title={Systematic Survey on Privacy-Preserving Architectures for IoT and Vehicular Data Sharing: Techniques, Challenges, and Future Directions},
author={Tran-Truong, Phat T and Nguyen, Vinh XQ and Son, Ha X and Nguyen-Ngoc, Phien and Vo, Khanh H and Nguyen, Triet M},
journal={arXiv preprint arXiv:2603.01876},
year={2026}
}[InfoSci] PA-EWD: Privacy-Preserving Federated Analytics on Encrypted Wearable Data
Under submission: Elsevier's Information Sciences
The rapid response required during health crises like the COVID-19 pandemic underscores the critical need for real-time collaboration on data from wearable devices. However, aggregating such sensitive information across institutional boundaries faces a fundamental conflict: ensuring robust statistical utility while strictly maintaining patient privacy and data sovereignty. Existing solutions often struggle to balance these needs, either sacrificing privacy for speed or incurring prohibitive computational costs. This paper presents PA-EWD, a novel system that resolves this tension by integrating: (1) Edge-optimized Hierarchical Identity-Based Encryption (HIBE) for fine-grained access control; (2) Secure Multi-Party Computation (MPC) for aggregating statistics without decrypting raw data; (3) Adaptive Differential Privacy (DP) to guarantee output indistinguishability; and (4) An immutable blockchain ledger for query provenance. Evaluation on the LifeSnaps dataset demonstrates that PA-EWD achieves a query latency of approximately 1.5 milliseconds—a 55$\times$ speedup over homomorphic encryption baselines—while maintaining 99.7\% utility ($\varepsilon=1.0$). These findings demonstrate that rigorous privacy and institutional autonomy can coexist with the high-throughput analytics required for modern healthcare.
@inproceedings{tran-truong2026data,
title={PA-EWD: Privacy-Preserving Federated Analytics on Encrypted Wearable Data},
author={Phat T. Tran-Truong and S Ha and PN Nguyen and DTP Dang and VH Khanh and PT Lam and MT Nguyen and AN Le},
booktitle={Phat T. Tran-Truong*},
year={2026}
}[ComNet] Urban Sentinel: Hierarchical Time-Bound Cryptographic Access Control for Smart City Defense Systems
Under submission: Elsevier's Computer Networks
Smart cities demand rapid, secure data sharing during emergencies, yet traditional access controls struggle to balance rigorous security with real-time agility. We present Urban Sentinel, a breakthrough cryptographic framework that solves this paradox by embedding time-bound expiration directly into Hierarchical Identity-Based Encryption (HIBE) credentials. Unlike systems that rely on bypassable application checks, Urban Sentinel enforces access limits mathematically—ensuring that when time runs out, access simply ceases. Our hybrid architecture anchors trust on the Ethereum blockchain while delivering sub-millisecond validation speeds that are essential for emergency response. Tested on city-scale IoT networks, Urban Sentinel slashes latency by 3.8x compared to standard methods and handles about 400 operations per second, proving that robust security no longer requires sacrificing speed. Urban Sentinel introduces a cryptographically enforced, instantly revocable, and hierarchy-aware security layer for modern smart cities.
@article{tran2025urban,
title={Urban Sentinel: Hierarchical Time-Bound Cryptographic Access Control for Smart City Defense Systems},
author={Tran-Truong, Phat T and Ha, S and Nguyen, PN and Le, KH and Phan, THT and Le, AN and Nguyen, T},
journal={SSRN Electronic Journal},
year={2025},
url={https://papers.ssrn.com/sol3/papers.cfm?abstract_id=6328396}
}[IPM] Generative AI for User Experience: A Holistic Taxonomy of Tools across the Design Thinking Framework
Under submission: Information Processing & Management
The rapid integration of Generative AI (GenAI) into UX design heralds a new era of creative possibility, yet its promise is fractured by a critical gap: a \textit{fragment, tool-centric discourse} that fails to explain how AI fundamentally reshapes the \textit{holistic design process}. To bridge this gap, this study introduces a novel, \textit{process-oriented taxonomy} that rigorously maps GenAI capabilities across the five-stage Design Thinking framework (Empathize, Define, Ideate, Prototype, Test). Through a Systematic Literature Review (PRISMA) of 68 key works (2020–2025), this study systematically identifies the distribution of GenAI tools across design stages to reveal current research emphases and gaps. Our core contribution is the identification of a \textit{professional metamorphosis}—the designer's role is evolving from a hands-on \textit{Maker} to a strategic \textit{Orchestrator} and \textit{Ethical Steward}. This shift precipitates the ``Designer's Effort Paradox'' where automation of manual execution is counterbalanced by escalating cognitive demands for output validation, bias mitigation, and ethical oversight. Consequently, we propose a forward-looking agenda centered on human-centric Explainable AI (XAI) and sustainable ``Green AI'' practices to restore designer agency, ensure transparency, and foster a resilient, symbiotic future for human-AI collaboration in design.
@inproceedings{tran-truong2025framework,
title={Generative AI for User Experience: A Holistic Taxonomy of Tools across the Design
Thinking Framework},
author={P. T. Tran-Truong and Kiet Le and Son Ha and Phien Nguyen and Chan Nguyen and Vo
Khanh and Phat Lam and Minh Nguyen and Khoa Le},
booktitle={P. T. Tran-Truong*},
year={2025}
}[MONET] SPM-HealSer: Hierarchical Identity-Based Encryption for Scalable Privacy-Preserving Mobile Health Services
Under submission: Mobile Networks and Applications
Mobile health (mHealth) services offer transformative potential for healthcare delivery in underserved communities, yet face critical challenges in ensuring privacy and access control under resource constraints and intermittent connectivity. This paper presents SPM-HealSer, a system architecture leveraging Hierarchical Identity-Based Encryption (HIBE) to enable scalable, privacy-preserving mobile health services. Our design integrates the Boneh-Boyen HIBE construction with an offline-first synchronization mechanism, enabling continued operation during network unavailability while enforcing hierarchical access control aligned with health-care organizational structures. We provide a comprehensive threat model addressing network adversaries, malicious users, device compromise, and backend attacks, demonstrating that the system achieves confidentiality, hierarchical access control, and key isolation under standard cryptographic assumptions. Empirical evaluation shows practical performance on resource-constrained devices: encryption completes in 205.7ms, decryption in 167.7ms for typical health records, with constant-time key generation (367–460ms) across five hierarchy levels validating the scheme’s scala-bility. The architecture satisfies HIPAA and GDPR requirements through end-to-end encryption, audit capabilities, and consent-based access control. SPM-HealSer demonstrates that HIBE-based access control is practically deployable for mHealth in challenging environments, providing a foundation for secure health data management in underserved communities.
@article{tran2025spmhealser,
title={SPM-HealSer: Hierarchical Identity-Based Encryption for Scalable Privacy-Preserving Mobile Health Services},
author={Tran-Truong, Phat T and Nguyen, PN and Phan, THT and Lam, PT and Nguyen, CG and Nguyen, TQ and Le, AN},
journal={Research Square preprint},
year={2025},
url={https://www.researchsquare.com/article/rs-8325166/v1}
}[JPDC] SHIELD-Traffic: A Comprehensive Fog-Assisted Architecture for Secure and Privacy-Preserving Traffic Data Sharing in Smart Cities
Under review: Journal of Parallel and Distributed Computing
Smart city infrastructure has transformed urban traffic data into a critical asset, yet its sharing introduces severe privacy risks that existing mechanisms fail to address. Current approaches—federated learning, zero-knowledge proofs, and blockchain systems—suffer from unresolved trade-offs: they restrict analytical flexibility, cannot compute on encrypted multi-source data, or fail to scale. We introduce \texttt{SHIELD-Traffic}, the novel fog-assisted architecture unifying four technologies into a production-ready framework: (1) \textbf{Paillier Homomorphic Encryption} for exact additive computations on ciphertexts; (2) \textbf{Hierarchical Identity-Based Encryption (HIBE)} for cryptographically enforced, hierarchy-aligned access control; (3) \textbf{InterPlanetary File System (IPFS)} for scalable off-chain storage; and (4) \textbf{Ethereum blockchain} for immutable audit logging. We provide formal security proofs establishing privacy, collusion resistance, access control, and auditability under standard assumptions. Experimentally, SHIELD-Traffic achieves a 1,024$\times$ batch processing speedup (99.9\% time saved), sustains $\sim$12,000 homomorphic ops/sec, and adds only $\sim$16\% HIBE overhead. With $\sim$73.5-second latency, the system is ideally suited for urban planning and policy analysis—demonstrating that robust, production-ready privacy is achievable without sacrificing analytical utility.
@article{tran2025shield,
title={SHIELD-Traffic: A Comprehensive Fog-Assisted Architecture for Secure and Privacy-Preserving Traffic Data Sharing in Smart Cities},
author={Tran-Truong, Phat T and Nguyen, Vinh and Ha, Son and Nguyen, Phien and Vo, Khanh and Nguyen, Minh and Nguyen, Tung},
journal={SSRN Electronic Journal},
year={2025},
url={https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5878342}
}[Cluster] CertiMed: Identity-Aware Access Framework for Electronic Health Records
Under review: Cluster Computing
The rapid adoption of artificial intelligence in healthcare has intensified demand for cross-institutional access to Electronic Health Records (EHRs), creating fundamental tensions between data utility and patient privacy. Existing cryptographic approaches---including Attribute-Based Encryption (ABE), Multi-Authority schemes, and blockchain-based solutions---suffer from high computational overhead, centralized vulnerabilities, inadequate temporal access controls, and limited scalability, making them ill-suited for privacy-sensitive healthcare data sharing. This article presents CertiMed, a four-layer hierarchical architecture integrating Identity-Based Encryption (IBE) with blockchain technology to provide a privacy-preserving infrastructure for secure EHR management. CertiMed introduces three architectural innovations: (1)~time-bound IBE delegation enabling automatic key expiration without re-encryption overhead, (2)~decentralized Know Your Customer (KYC) verification through smart contracts eliminating single points of failure, and (3)~immutable blockchain audit trails supporting HIPAA/GDPR-compliant regulatory reporting. By maintaining EHR data in persistently encrypted form accessible only to cryptographically authorized entities within defined time windows, CertiMed enables privacy-preserving cross-institutional data sharing without raw record exposure.
@inproceedings{son2025records,
title={CertiMed: Identity-Aware Access Framework for Electronic Health Records},
author={Ha X. Son and P. T. Tran-Truong and Hieu T Thai and Binh T Nguyen and Minh N
Nguyen and Phien N Nguyen and Khanh H Vo and Triet M Nguyen and Bang K Le and Ngan TK Nguyen},
booktitle={P. T. Tran-Truong*},
year={2025}
}[TOPS] Bpids: A Blockchain-Based Personal IoT Data Storage Framework with Time-Bounded Hierarchical Access Control
Under review: ACM Trans. on Pri. & Sec.
The proliferation of Internet of Things (IoT) devices raises critical concerns for personal data privacy and access control in multi-sensor environments. Existing solutions often fail to balance user control, security, and efficient data sharing. This paper presents \textbf{BPIDS}, a blockchain-based personal IoT data storage framework for secure multi-sensor data fusion with time-bound hierarchical access control. BPIDS uniquely integrates Wildcard-based Hierarchical Identity-Based Encryption (WC-HIBE) with blockchain, embedding temporal constraints directly into the encryption structure for flexible and efficient time-bound access. The framework ensures privacy via KYC-based verification and immutable audit trails on the blockchain. Implemented on cost-effective platforms (Polygon, BNB Chain, Fantom, Celo) with IPFS storage, BPIDS achieves access latency \( t_{access} \leq 100 \) ms and storage costs of \$20/month for 1TB. Comprehensive evaluation on Fitbit Versa 2 and iPhone 12 edge devices shows competitive performance: encryption in 0.75ms--0.94ms (100B--1KB), decryption from 0.17ms (100B) to 15.12ms (10MB), and minimal CPU usage (0.004\%--0.032\% for files \(\leq\)1MB). Security analysis confirms robust defenses against key compromise and identity-based threats, with 100\% detection for manipulation and false positive rates 0.002%. Wildcard pattern optimization yields a 50\% performance gain, while blockchain assessment shows 0.133--0.475 TPS and costs as low as \$0.000042 per transaction on Polygon. BPIDS effectively addresses personal IoT data management, offering a balanced solution for secure, user-centric data fusion in applications like remote health monitoring and smart homes.
@article{tran2025bpids,
title={Bpids: A Blockchain-Based Personal IoT Data Storage Framework with Time-Bounded Hierarchical Access Control},
author={Tran-Truong, P. T. and Mai, Trung and Ha, Son and Nguyen, Triet and Vo, Khanh and Le, Bang and Kim, Ngan and Nguyen, T Anh and Le, Anh and Lam, Phat and Vo, Tin and Nguyen, Chan and Le, Khoa},
journal={SSRN Electronic Journal},
year={2025},
url={https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5340365}
}[COSE] Acb: Authority Control Bluetooth Devices in Smarthome Environment System
1st revision under review: Computers & Security
Industry 4.0 has contributed many benefits to our life. One of the main reasons affecting the success of this trend is the ability to process and connect between Internet of Things (IoT) devices, where all devices are capable of receiving requests from, sharing, and collecting data with nodes at the edge layer. The smart home is a popular MQTT protocol application environment in which IoT devices are linked and receive requests directly from users through an Edge device. Although the processing capacity of IoT devices is increasingly enhanced, the connection between devices is dependent on data exchange protocols. On the other hand, the most popular protocol between IoT devices is MQTT which contains many risks and is difficult to scale in terms of quantity (e.g., number of devices, number of requests, amount of collected data) and quality (e.g., security, integrity, availability). This limitation can prevent the growth of IoT devices and directly affect applications running on IoT platforms, especially smart homes. Because of this drawback, many research directions have tried to upgrade the current MQTT protocol or even replace it with a more robust protocol. We focus on solving the confidentiality, integrity, and availability (CIA) related issues for the smart home environment to address these issues. This paper introduces the Edge platform ACB system, intending to support the CIA, presenting a centralized data management mechanism in the hands of users, where users have full rights to manage and share their data. The main contribution of this paper consists of five points (i) addressing the single-point failure of the MQTT protocol; (ii) improving the availability and boosting transmission rate based on the broker-less architecture; (iii) providing the smooth execution and maintenance by applying the micro-service architecture; (iv) reducing the user behaviors error based on the user-centric management (i.e., single sign-on and role-based access control model); and (v) preventing the denial-of-service (DoS) attacks by extending the hierarchy tree management.
@article{tran2024acb,
title={Acb: Authority Control Bluetooth Devices in Smarthome Environment System},
author={Nguyen, Phien N. and Tran-Truong, Phat T. and Nguyen, TT and Ha, Son and Vo, Khanh and Nguyen, Anh and Le, Bang and Nguyen, Triet},
journal={SSRN Electronic Journal},
year={2024},
url={https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5064588}
}Selective Teaching Courses
Teaching load: 15 lectures for >240 students/semester — almost every semester
Covered topics: Software Processes & Agile Foundations, Requirements Engineering, System Modelling,Software Architecture, UML, Software Design & Implementation, Quality Assurance, Deployment, DevOps & Monitoring.
Teaching load: 15 lectures for >240 students/semester — almost every bi-semester
Covered topics: Object-Oriented Programming, Functional Programming.
Teaching load: 15 lectures for ~120 students/semester — elective for SE specialization
Covered topics: SOLID Design Principles, Software Modularity, Component-Based Software Design, Architecture Characteristics, Architectural Styles & Patterns, SA Documentation, Architectural Decisions.
Teaching load: 15 lectures for ~60 students — elective, delivered when assigned
Covered topics: Dependable systems, Reliability engineering, Safety engineering, Security engineering, Resilience engineering, Software reuse, Component-based SE, Distributed SE, Service-oriented SE, Systems engineering, Systems of systems.
Teaching load: 15 lectures for ~60 students — elective, delivered when assigned
Covered topics: Maintenance Processes, Software Comprehension, Reverse Engineering, Static & Dynamic Analysis, Software Refactoring, Reengineering, Architecture Evolution, Software Metrics, Configuration & Release Management.
Teaching load: 15 lectures for ~60 students — elective, delivered when assigned
Covered topics: Security Fundamentals, Secure Software Development, Cryptography, Web Application Security, Memory Safety & Binary Exploitation, Authentication, SAST, DAST, IAST & SCA, Fuzzing, DevSecOps, Cloud Security, API Security, Emerging Topics.
Teaching load: 15 lectures for >240 students/semester — almost every semester
Covered topics: Search, Games, Knowledge Representation, Planning, Uncertainty Quantification, Reasoning, Supervised Learning, Reinforcement Learning.
Teaching load: 15 lectures for >240 students/semester — almost every semester
Covered topics: Concept Learning, Supervised Learning (Decision Trees, Linear/Logistic Regression, SVM, KNN, Naive Bayes, Ensemble Methods, PLA, Neural Networks), Unsupervised Learning (Clustering, EM Method, Dimensionality Reduction), Model Evaluation & Selection, Feature Engineering, Deep Learning.
Teaching load: 15 lectures for >240 students/semester — almost every semester
Covered topics: History of Computing, Introduction to Structural Programming, Computer Architecture, Computer Networks, Database Theory, AI, LLMs, IoT, Security & Privacy, Quantum Computing, Scientific Writing.
Teaching load: 15 lectures for >240 students/semester — almost every semester
Covered topics: Propositional Logic, Predicate Logic, Inference Rules & Proofs, Boolean Algebra, Set Theory, Functions, Sequences, Relations & Order, Counting, Permutations & Combinations, Graph Theory, Trees, Flows.
Teaching load: 15 lectures for >240 students/semester — almost every semester
Covered topics: Probability Basics, Conditional Probability, Discrete Random Variables, Continuous Random Variables, Joint Distributions & Central Limit Theorem, Descriptive Statistics, Sampling Methods, Point & Confidence Intervals Estimation, Hypothesis Testings, Regression.
Load: Mentor/instruct ~20 groups/semester; supervise >10 bachelor's theses
Instructor / Mentor / SupervisorI have supervised Graduation Theses & Capstone Projects for:
Students (Research students only) who have carried out their research theses under my supervision:
Central Committee of the Vietnamese Youth Union — for Vietnamese people under 35
2025
Merit certificate granted by the President of HCMUT for outstanding postgraduates
2023
Top 15 finalist in Bach Khoa Innovation contest
2020
Merit certificate for excellent academic achievements at HCMUT
2018 – 2019
Outstanding in ethics, learning, physical strength, volunteer, and integration
2018 – 2019
Awarded to top honors students at HCMUT
2017 – 2020
Direct admission to HCMUT and HCMUS, Vietnam National University — HCM
2016
High-school Math Olympic competition & summer camp, Southern Vietnam
2015 – 2016
High-school Math competition for Vinh Long city & province
2015 – 2016
CSE-HCMUT Large Language Model Summer School · Jul 2024
Certificate of merit for helping HCM City screen & allocate patients · Aug–Oct 2021
CSE-HCMUT Student Association Board · 2016–2020
CSE-HCMUT squad leader for the campaign · Jun 2018
CSE-HCMUT squad leader · Jun–Aug 2017