Biblio

The main limitation of acoustic particle separation for microfluidic application is its low sorting efficiency. This is due to the weak coupling of surface acoustic waves (SAWs) into the microchannel. In this work, we demonstrate bulk acoustic wave (BAW) particle sorting using capacitive micromachined ultrasonic transducers (CMUTs) for the first time. A collapsed mode CMUT was driven in air to generate acoustic pressure within the silicon substrate in the in-plane direction of the silicon die. This acoustic pressure was coupled into a water droplet, positioned at the side of the CMUT die, and measured with an optical hydrophone. By using a beam steering approach, the ultrasound generated from 32 CMUT elements were added in-phase to generate a maximum peak-to-peak pressure of 0.9 MPa. Using this pressure, 10 µm latex beads were sorted almost instantaneously.

Industrial Internet is widely used in the production field. As the openness of networks increases, industrial networks facing increasing security risks. Information and communication technologies are now available for most industrial manufacturing. This industry-oriented evolution has driven the emergence of cloud systems, the Internet of Things (IoT), Big Data, and Industry 4.0. However, new technologies are always accompanied by security vulnerabilities, which often expose unpredictable risks. Industrial safety has become one of the most essential and challenging requirements. In this article, we highlight the serious challenges facing Industry 4.0, introduce industrial security issues and present the current awareness of security within the industry. In this paper, we propose solutions for the anomaly detection and defense of the industrial Internet based on the demand characteristics of network security, the main types of intrusions and their vulnerability characteristics. The main work is as follows: This paper first analyzes the basic network security issues, including the network security needs, the security threats and the solutions. Secondly, the security requirements of the industrial Internet are analyzed with the characteristics of industrial sites. Then, the threats and attacks on the network are analyzed, i.e., system-related threats and process-related threats; finally, the current research status is introduced from the perspective of network protection, and the research angle of this paper, i.e., network anomaly detection and network defense, is proposed in conjunction with relevant standards. This paper proposes a software-defined network (SDN)-based industrial Internet security gateway for the security protection of the industrial Internet. Since there are some known types of attacks in the industrial network, in order to fully exploit the effective information, we combine the ExtratreesClassifier to enhance the detection rate of anomaly detection. In order to verify the effectiveness of the algorithm, this paper simulates an industrial network attack, using the acquired training data for testing. The test data are industrial network traffic datasets, and the experimental results show that the algorithm is suitable for anomaly detection in industrial networks.

Many applications are bandwidth consuming but may tolerate longer flow completion times. Multipath protocols, such as multipath TCP (MPTCP), can offer bandwidth aggregation and resilience to link failures for such applications, and low priority congestion control (LPCC) mechanisms can make these applications yield to other time-sensitive ones. Properly combining the above two can improve the overall user experience. However, the existing LPCC mechanisms are not adequate for MPTCP. They do not take into account the characteristics of multiple network paths, and cannot ensure fairness among the same priority flows. Therefore, we propose a multipath LPCC mechanism, i.e., Dynamic Coupled Low Extra Delay Background Transport, named DC-LEDBAT. Our scheme is designed based on a standardized LPCC mechanism LEDBAT. To avoid unfairness among the same priority flows, DC-LEDBAT trades little throughput for precisely measuring the minimum delay. Moreover, to be friendly to single-path LEDBAT, our scheme leverages the correlation of the queuing delay to detect whether multiple paths go through a shared bottleneck. Then, DC-LEDBAT couples the congestion window at shared bottlenecks to control the sending rate. We implement DC-LEDBAT in a Linux kernel and experimental results show that DC-LEDBAT can not only utilize the excess bandwidth of MPTCP but also ensure fairness among the same priority flows.

As a typical cyber-physical system, the power system utilizes advanced information and communication technologies to transmit crucial control signals in communication channels. However, many adversaries can construct false data injection attacks (FDIA) to circumvent traditional bad data detection and break the stability of the power grid. In this paper, we proposed a threat-maximizing FDIA model from the view of attackers. The proposed FDIA can not only circumvent bad data detection but can also cause a terrible fluctuation in the power system. Furthermore, in order to eliminate potential attack threats, the Spatio-temporal correlations of measurement matrices are considered. To extract the Spatio-temporal features, a data-driven detection method using a deep convolutional neural network was proposed. The effectiveness of the proposed FDIA model and detection are assessed by a simulation on the New England 39 bus system. The results show that the FDIA can cause a negative effect on the power system’s stable operation. Besides, the results reveal that the proposed FDIA detection method has an outstanding performance on Spatio-temporal features extraction and FDIA recognition.

In this paper, we proposed a path planning algorithm based on Q-learning model to simulate an environment model, which is suitable for the complex environment. A virtual simulation platform has been built to complete the experiments. The experimental results show that the algorithm proposed in this paper can be effectively applied to the solution of vehicle routing problems in the complex environment.

The transmission of medical image data in an open network environment is subject to privacy issues including patient privacy and data leakage. In the past, image encryption and information-hiding technology have been used to solve such security problems. But these methodologies, in general, suffered from difficulties in retrieving original images. We present in this paper an algorithm to protect key regions in medical images. First, coefficient of variation is used to locate the key regions, a.k.a. the lesion areas, of an image; other areas are then processed in blocks and analyzed for texture complexity. Next, our reversible data-hiding algorithm is used to embed the contents from the lesion areas into a high-texture area, and the Arnold transformation is performed to protect the original lesion information. In addition to this, we use the ciphertext of the basic information about the image and the decryption parameter to generate the Quick Response (QR) Code to replace the original key regions. Consequently, only authorized customers can obtain the encryption key to extract information from encrypted images. Experimental results show that our algorithm can not only restore the original image without information loss, but also safely transfer the medical image copyright and patient-sensitive information.

Protecting the customer's SSL private key is the paramount issue to persuade the website owners to migrate their contents onto the cloud infrastructure, besides the advantages of cloud infrastructure in terms of flexibility, efficiency, scalability and elasticity. The emerging Keyless SSL solution retains on-premise custody of customers' SSL private keys on their own servers. However, it suffers from significant performance degradation and limited scalability, caused by the long distance connection to Key Server for each new coming end-user request. The performance improvements using persistent session and key caching onto cloud will degrade the key invulnerability and discourage the website owners because of the cloud's security bugs. In this paper, the challenges of secured key protection and distribution are addressed in philosophy of "Storing the trusted DATA on untrusted platform and transmitting through untrusted channel". To this end, a three-phase hierarchical key management scheme, called STYX1 is proposed to provide the secured key protection together with hardware assisted service acceleration for cloud-based content delivery network (CCDN) applications. The STYX is implemented based on Intel Software Guard Extensions (SGX), Intel QuickAssist Technology (QAT) and SIGMA (SIGn-and-MAc) protocol. STYX can provide the tight key security guarantee by SGX based key distribution with a light overhead, and it can further significantly enhance the system performance with QAT based acceleration. The comprehensive evaluations show that the STYX not only guarantees the absolute security but also outperforms the direct HTTPS server deployed CDN without QAT by up to 5x throughput with significant latency reduction at the same time.