Biblio

This work establishes a game-theoretic framework to study cross-layer coordinated attacks on cyber-physical systems (CPSs). The attacker can interfere with the physical process and launch jamming attacks on the communication channels simultaneously. At the same time, the defender can dodge the jamming by dispensing with observations. The generic framework captures a wide variety of classic attack models on CPSs. Leveraging dynamic programming techniques, we fully characterize the Subgame Perfect Equilibrium (SPE) control strategies. We also derive the SPE observation and jamming strategies and provide efficient computational methods to compute them. The results demonstrate that the physical and cyber attacks are coordinated and depend on each other.On the one hand, the control strategies are linear in the state estimate, and the estimate error caused by jamming attacks will induce performance degradation. On the other hand, the interactions between the attacker and the defender in the physical layer significantly impact the observation and jamming strategies. Numerical examples illustrate the inter-actions between the defender and the attacker through their observation and jamming strategies.

Mathematical model of web server protection is being proposed based on filtering HTTP (Hypertext Transfer Protocol) packets that do not match the semantic parameters of the request standards of this protocol. The model is defined as a graph, and the relationship between the parameters - the sets of vulnerabilities of the corporate network, the methods of attacks and their consequences-is described by the Cartesian product, which provides the correct interpretation of a corporate network cyber attack. To represent the individual stages of simulated attacks, it is possible to separate graph models in order to model more complex attacks based on the existing simplest ones. The unity of the model proposed representation of cyber attack in three variants is shown, namely: graphic, text and formula.

Nowadays, cyber physical systems are playing an important role in human life in which they provide features that make interactions between human and machine easier. To design and analysis such systems, the main problem is their complexity. In this paper, we propose a description language for cyber physical systems based on stochastic processes. The proposed language is called SPDL (Stochastic Description Process Language). For designing SPDL, two main parts are considered for Cyber Physical Systems (CSP): embedded systems and physical environment. Then these parts are defined as stochastic processes and CPS is defined as a tuple. Syntax and semantics of SPDL are stated based on the proposed definition. Also, the semantics are defined as by set theory. For implementation of SPDL, dependencies between words of a requirements are extracted as a tree data structure. Based on the dependencies, SPDL is used for describing the CPS. Also, a lexical analyzer and a parser based on a defined BNF grammar for SPDL is designed and implemented. Finally, SPDL of CPS is transformed to NuSMV which is a symbolic model checker. The Experimental results show that SPDL is capable of describing cyber physical systems by natural language.

DDoS attacks have grown in popularity as a tactic for potential hackers, cyber blackmailers, and cyberpunks. These attacks have the potential to put a person unconscious in a matter of seconds, resulting in severe economic losses. Despite the vast range of conventional mitigation techniques available today, DDoS assaults are still happening to grow in frequency, volume, and intensity. A new network paradigm is necessary to meet the requirements of today's tough security issues. We examine the available detection and mitigation of DDoS attacks techniques in depth. We classify solutions based on detection of DDoS attacks methodologies and define the prerequisites for a feasible solution. We present a novel methodology named D3 for detecting and mitigating DDoS attacks using cuckoo filter.

As data being produced by IoT applications continues to explode, there is a growing need to bring computing power closer to the source of the data to meet the response-time, power dissipation and cost goals of performance-critical applications in various domains like Industrial Internet of Things (IIoT), Automated Driving, Medical Imaging or Surveillance among others. This paper proposes a data collection and utilization framework that allows runtime platform and application data to be sent to an edge and cloud system via data collection agents running close to the platform. Agents are connected to a cloud system able to train AI models to improve overall energy efficiency of an AI application executed on a edge platform. In the implementation part we show the benefits of FPGA-based platform for the task of object detection. Furthermore we show that it is feasible to collect relevant data from an FPGA platform, transmit the data to a cloud system for processing and receiving feedback actions to execute an edge AI application energy efficiently. As future work we foresee the possibility to train, deploy and continuously improve a base model able to efficiently adapt the execution of edge applications.

Data exfiltration is of increasing concern throughout the world. The number of incidents and capabilities of data exfiltration attacks are growing at an unprecedented rate. However, such attack vectors have not been deeply explored in the literature. This paper aims to address this gap by implementing a data exfiltration methodology, detailing some data exfiltration methods. Groups of exfiltration methods are incorporated into a program that can act as a testbed for owners of any network that stores sensitive data. The implemented methods are tested against the well-known network intrusion detection system Snort, where all of them have been successfully evaded detection by its community rule sets. Thus, in this paper, we have developed new countermeasures to prevent and detect data exfiltration attempts using these methods.

With almost every new vehicle being connected, the importance of vehicle data is growing rapidly. Many mobility applications rely on the fusion of data coming from heterogeneous data sources, like vehicle and "smart-city" data or process data generated by systems out of their control. This external data determines much about the behaviour of the relying applications: it impacts the reliability, security and overall quality of the application's input data and ultimately of the application itself. Hence, knowledge about the provenance of that data is a critical component in any data-driven system. The secure traceability of the data handling along the entire processing chain, which passes through various distinct systems, is critical for the detection and avoidance of misuse and manipulation. In this paper, we introduce a mechanism for establishing secure data provenance in real time, demonstrating an exemplary use-case based on a machine learning model that detects dangerous driving situations. We show with our approach based on W3C decentralized identity standards that data provenance in closed data systems can be effectively achieved using technical standards designed for an open data approach.

The recent technological advances and changes in the daily human activities increased the production and sharing of data. In the ecosystem of interconnected systems, data can be circulated among systems for various reasons. This could lead to exchange of private or sensitive information between entities. Data Sanitisation involves processes and practices that remove sensitive and private information from documents before sharing them with entities that should not have access to this information. This paper presents the design and development of a data sanitisation and redaction solution for a Cyber Threat Intelligence sharing platform. The Data Sanitisation and Redaction Plugin has been designed with the purpose of operating as a plugin for the ECHO Project’s Early Warning System platform and enhancing its operative capabilities during information sharing. This plugin aims to provide automated security and privacy-based controls to the concept of CTI sharing over a ticketing system. The plugin has been successfully tested and the results are presented in this paper.

The transmission of various facilities and services via the network is known as cloud computing. They involve data storage, data centers, networks, internet, and software applications, among other systems and features. Cryptography is a technique in which plain text is converted into cipher-text to preserve information security. It basically consists of encryption and decryption. The level of safety is determined by the category of encryption and decryption technique employed. The key plays an important part in the encryption method. If the key is leaked, anyone can intrude into the data and there is no use of this encryption. When the data is lost and the server fails to deliver it to the user, then it is to be recovered from any of the backup server using a recovery technique. The main objective is to develop an advanced method to increase the scope for data protection in cloud. Elliptic Curve Cryptography is a relatively new approach in the area of cryptography. The degree of security provides higher as compared to other Cryptographic techniques. The raw data and it’s accompanying as CII characters are combined and sent into the Elliptic Curve Cryptography as a source. This method eliminates the need for the transmitter and recipient to have a similar search database. Finally, a plain text is converted into cipher-text using Elliptic Curve Cryptography. The results are oat aimed by implementing a C program for Elliptic Curve Cryptography. Encryption, decryption and recovery using suitable algorithms are done.

Searchable symmetric encryption enables users with the secret key to conduct keyword search on encrypted data without decryption. Recently, dynamic searchable symmetric encryption (DSSE) which provides secure functionalities for adding or deleting documents has been studied extensively. Many DSSE schemes construct indexes in order to efficiently conduct keyword search. On the other hand, the indexes constructed in DSSE are complicated and independent to indexes supported by database management systems (DBMSs). Plug-in developments over DBMSs are often restricted, and therefore it is not easy to develop softwares which can deploy DSSE schemes to DBMSs. In this paper, we propose a DBMS-friendly searchable symmetric encryption scheme which can generate indexes suitable for DBMSs. Our index can narrow down encrypted data which should be conducted keyword search, and be combined with well-used indexes supported by many DBMSs. Our index consists of a small portion of an output value of a cryptographic deterministic function (e.g. pseudo-random function or hash function). We also show an experiment result of our scheme deployed to DBMSs.

Connecting anything to the Internet is one of the main objectives of the Internet of Things (IoT). It enabled to access any device from anywhere at any time without any human intervention. There are endless applications of IoT involving controlling home applications to industry. This rapid growth of this technology and innovations of its application results due to improved technology of developing these tiny devices with its back-end software. On the other side, internal resources such as memory, processing power, battery life are the significant constraints of these devices. Introducing lightweight cryptography helped secure data transmission across various devices while protecting these devices from getting attacked for DDoS attack is still a significant concern. This paper primarily focuses on elaborating on DDoS attack and the malware used to initiate a DDoS attack on IoT devices. Further, this paper mainly focuses on providing solutions that would help to prevent DDoS attack from IoT network.

CAPTCHA or Completely Automated Public Turing test to Tell Computers and Humans Apart is a technique to distinguish between humans and computers by generating and evaluating tests that can be passed by humans but not computer bots. However, captchas are not foolproof, and they can be bypassed which raises security concerns. Hence, sites over the internet remain open to such vulnerabilities. This research paper identifies the vulnerabilities found in some of the commonly used captcha schemes by cracking them using Deep Learning techniques. It also aims to provide solutions to safeguard against these vulnerabilities and provides recommendations for the generation of secure captchas.

One of the attacks in the RPL protocol is the Clone ID attack, that the attacker clones the node's ID in the network. In this research, a Clone ID detection system is designed for the Internet of Things (IoT), implemented in Contiki operating system, and evaluated using the Cooja emulator. Our evaluation shows that the proposed method has desirable performance in terms of energy consumption overhead, true positive rate, and detection speed. The overhead cost of the proposed method is low enough that it can be deployed in limited-resource nodes. The proposed method in each node has two phases, which are the steps of gathering information and attack detection. In the proposed scheme, each node detects this type of attack using control packets received from its neighbors and their information such as IP, rank, Path ETX, and RSSI, as well as the use of a routing table. The design of this system will contribute to the security of the IoT network.

Recently, Martínez-Peñas and Kschischang (IEEE Trans. Inf. Theory, 2019) showed that lifted linearized Reed-Solomon codes are suitable codes for error control in multishot network coding. We show how to construct and decode lifted interleaved linearized Reed-Solomon codes. Compared to the construction by Martínez-Peñas-Kschischang, interleaving allows to increase the decoding region significantly (especially w.r.t. the number of insertions) and decreases the overhead due to the lifting (i.e., increases the code rate), at the cost of an increased packet size. The proposed decoder is a list decoder that can also be interpreted as a probabilistic unique decoder. Although our best upper bound on the list size is exponential, we present a heuristic argument and simulation results that indicate that the list size is in fact one for most channel realizations up to the maximal decoding radius.

Magnetized Liner Inertial Fusion (MagLIF) is a magneto-inertial fusion (MIF) concept being studied on the Z-machine at Sandia National Laboratories. MagLIF relies on quasi-adiabatic heating of a gaseous deuterium (DD) fuel and flux compression of a background axially oriented magnetic field to achieve fusion relevant plasma conditions. The magnetic flux per fuel radial extent determines the confinement of charged fusion products and is thus of fundamental interest in understanding MagLIF performance. It was recently shown that secondary DT neutron spectra and yields are sensitive to the magnetic field conditions within the fuel, and thus provide a means by which to characterize the magnetic confinement properties of the fuel. 1 , 2 , 3 We utilize an artificial neural network to surrogate the physics model of Refs. [1] , [2] , enabling Bayesian inference of the magnetic confinement parameter for a series of MagLIF experiments that systematically vary the laser preheat energy deposited in the target. This constitutes the first ever systematic experimental study of the magnetic confinement properties as a function of fundamental inputs on any neutron-producing MIF platform. We demonstrate that the fuel magnetization decreases with deposited preheat energy in a fashion consistent with Nernst advection of the magnetic field out of the hot fuel and diffusion into the target liner.

Scene text detection methods have developed greatly in the past few years. However, due to the limitation of the diversity of the text background of natural scene, the previous methods often failed when detecting more complicated text instances (e.g., super-long text and arbitrarily shaped text). In this paper, a text detection method based on multi -channel bounding box fusion is designed to address the problem. Firstly, the convolutional neural network is used as the basic network for feature extraction, including shallow text feature map and deep semantic text feature map. Secondly, the whole convolutional network is used for upsampling of feature map and fusion of feature map at each layer, so as to obtain pixel-level text and non-text classification results. Then, two independent text detection boxes channels are designed: the boundary box regression channel and get the bounding box directly on the score map channel. Finally, the result is obtained by combining multi-channel boundary box fusion mechanism with the detection box of the two channels. Experiments on ICDAR2013 and ICDAR2015 demonstrate that the proposed method achieves competitive results in scene text detection.

Recently, there has been significant enthusiasms in exploiting physical (PHY-) layer characteristics for secure wireless communication. However, most existing PHY-layer security paradigms are information theoretical methodologies, which are infeasible to real and practical systems. In this paper, we propose a weighted fractional Fourier transform (WFRFT) pre-coding scheme to enhance the security of wireless transmissions against eavesdropping. By leveraging the concept of WFRFT, the proposed scheme can easily change the characteristics of the underlying radio signals to complement and secure upper-layer cryptographic protocols. We demonstrate a running prototype based on the LTE-framework. First, the compatibility between the WFRFT pre-coding scheme and the conversational LTE architecture is presented. Then, the security mechanism of the WFRFT pre-coding scheme is demonstrated. Experimental results validate the practicability and security performance superiority of the proposed scheme.

In view of the common edge computing-based cloud-side collaborative environment summary existing search key and authentication key sharing caused by data information leakage, this paper proposes a cryptographic search based on public key searchable encryption in an edge computing environment method, this article uses the public key to search for the characteristics of the encryption algorithm, and allows users to manage the corresponding private key. In the process of retrieval and execution, the security of the system can be effectively ensured through the secret trapdoor. Through the comparison of theoretical algorithms, the searchable encryption scheme in the edge computing environment proposed in this paper can effectively reduce the computing overhead on the user side, and complete the over-complex computing process on the edge server or the central server, which can improve the overall efficiency of encrypted search.

Network Centric Warfare (NCW) is a design that supports information excellence for the concept of military operations. Network Centric Warfare is currently being developed as the basis for the operating concept, namely multidimensional operations. TNI operations do not rely on conventional warfare. TNI operations must work closely with the TNI Puspen team, territorial intelligence, TNI cyber team, and support task force. Sending digital images sent online requires better techniques to maintain confidentiality. The purpose of this research is to design digital image security with AES cryptography and discrete wavelet transform method on interoperability and to utilize and study discrete wavelet transform method and AES algorithm on interoperability for digital image security. The AES cryptography technique in this study is used to protect and maintain the confidentiality of the message while the Discrete Wavelet Transform in this study is used to reduce noise by applying a discrete wavelet transform, which consists of three main steps, namely: image decomposition, thresholding process and image reconstruction. The result of this research is that Digital Image Security to support TNI interoperability has been produced using the C \# programming language framework. NET and Xampp to support application development. Users can send data in the form of images. Discrete Wavelet Transformation in this study is used to find the lowest value against the threshold so that the resulting level of security is high. Testing using the AESS algorithm to encrypt and decrypt image files using key size and block size.

Process injection techniques on Windows appli-cations are considered a serious threat to software security specialists. The attackers use these techniques to exploit the targeted program or process and take advantage of it by injecting a malicious process within the address space of the hosted process. Such attacks could be carried out using the so-called reverse engineering realm” the code caves”. For that reason, detecting these code caves in a particular application/program is deemed crucial to prevent the adversary from exploiting the programs through them. Code caves are simply a sequence of null bytes inside the executable program. They form due to the unuse of uninitialized variables. This paper presents a tool that can detect code caves in Windows programs by disassembling the program and looking for the code caves inside it; additionally, the tool will also eliminate those code caves without affecting the program’s functionality. The tool has proven reliable and accurate when tested on various types of programs under the Windows operating system.

Digital signatures are increasingly used today. It replaces wet signature with the development of technology. Elliptic curve digital signature algorithm (ECDSA) is used in many applications thanks to its security and efficiency. However, some mathematical operations such as inversion operation in modulation slow down the speed of this algorithm. In this study, we propose a more efficient and secure ECDSA. In the proposed method, the inversion operation in modulation of signature generation and signature verification phases is removed. Thus, the efficiency and speed of the ECDSA have been increased without reducing its security. The proposed method is implemented in Python programming language using P-521 elliptic curve and SHA-512 algorithm.

In order to solve the problem of data analysis and application caused by the inefficient integration of hardware and software compatibility of hardware in the Internet of things, this paper proposes and designs a C/S framework communication system based on task driven and multi-user authority. By redefining the relationship between users and hardware and adopting the matching framework for different modules, the system realizes the high concurrent and complex data efficient collaborative processing between software and hardware. Finally, by testing and verifying the functions of the system, the communication system effectively realizes the functions of data processing between software and hardware, and achieves the expected results.

Recently, vehicular communications have been the focus of industry, research and development fields. There are many benefits of vehicular communications. It improves traffic management and put derivers in better control of their vehicles. Privacy and security protection are collective accountability in which all parties need to actively engage and collaborate to afford safe and secure communication environments. The primary objective of this paper is to exploit the RSS characteristic of physical layer, in order to generate a secret key that can securely be exchanged between legitimated communication vehicles. In this paper, secret key extraction from wireless channel will be the main focus of the countermeasures against VANET security attacks. The technique produces a high rate of bits stream while drop less amount of information. Information reconciliation is then used to remove dissimilarity of two initially extracted keys, to increase the uncertainty associated to the extracted bits. Five values are defined as quantization thresholds for the captured probes. These values are derived statistically, adaptively and randomly according to the readings obtained from the received signal strength.

This paper presents a new micro linear actuator design. The North-South (NS) permanent magnet array configuration is assembled as the mobile part. The fixed part is designed to two-phase planar coils with no crossings avoiding interferences between overlapped conductors. The analytical calculation of the permanent magnet array verifies the feasibility of the finite element simulation. And then electromagnetic optimizations based on simulation to maximize the average thrust and minimize thrust ripple. In order to deal with millimeter level structure design, a microfabrication approach is adopted to process the new micro linear actuator in silicon material. The new micro linear actuator is able to perform millimeter level displacement strokes along a single axis in the horizontal plane. The experimental results demonstrate that the new micro linear actuator is capable of delivering variable strokes up to 5 mm with a precision error of 30 μm in position closed loop control and realizes the maximum velocity of 26.62mm/s with maximum error of 4.92%.

As we all know, network coding can significantly improve the throughput and reliability of wireless networks. However, in the high-speed mobile environment, the packet loss rate of different wireless links may vary greatly due to the time-varying network state, which makes the adjustment of network coding redundancy very important. Because the network coding redundancy is too large, it will lead to excessive overhead and reduce the effective throughput. If the network coding redundancy is too small, it will lead to insufficient decoding, which will also reduce the effective throughput. In the design of multi-path transmission scheduling scheme, we introduce adaptive redundancy network coding scheme. By using multiple links to aggregate network bandwidth, we choose appropriate different coding redundancy for different links to resist the performance loss caused by link packet loss. The simulation results show that when the link packet loss rate is greatly different, the mechanism can not only ensure the transmission reliability, but also greatly reduce the total network redundancy to improve the network throughput very effectively.