Biblio

The Internet of vehicles is emerging as an exciting application to improve safety and providing better services in the form of active road signs, pay-as-you-go insurance, electronic toll, and fleet management. Internet connected vehicles are exposed to new attack vectors in the form of cyber threats and with the increasing trend of cyber attacks, the success of autonomous vehicles depends on their security. Existing techniques for IoV security are based on the un-realistic assumption that all the vehicles are equipped with the same hardware (at least in terms of computational capabilities). However, the hardware platforms used by various vehicle manufacturers are highly heterogeneous. Therefore, a security protocol designed for IoVs should be able to detect the computational capabilities of the underlying platform and adjust the security primitives accordingly. To solve this issue, this paper presents a technique for algorithm-hardware separation for IoV security. The proposed technique uses an iterative routine and the corresponding execution time to detect the computational capabilities of a hardware platform using an artificial intelligence based inference engine. The results on three different commonly used micro-controllers show that the proposed technique can effectively detect the type of hardware platform with up to 100% accuracy.

Pedestrian dead reckoning (PDR) is a widely used approach to estimate locations and trajectories. Accessing location-based services with trajectory data can bring convenience to people, but may also raise privacy concerns that need to be addressed. In this paper, a privacy-preserving pedestrian dead reckoning framework is proposed to protect a user’s trajectory privacy based on differential privacy. We introduce two metrics to quantify trajectory privacy and data utility. Our proposed privacy-preserving trajectory extraction algorithm consists of three mechanisms for the initial locations, stride lengths and directions. In addition, we design an adversary model based on particle filtering to evaluate the performance and demonstrate the effectiveness of our proposed framework with our collected sensor reading dataset.

On-Load Tap Changing transformers are a widely used voltage regulation device. In the context of modern or smart grids, the control signals, i.e., the tap change commands are sent through SCADA channels. It is well known that the power system SCADA networks are prone to attacks involving injection of false data or commands. While false data injection is well explored in existing literature, attacks involving malicious control signals/commands are relatively unexplored. In this paper, an algorithm is developed to detect a stealthily introduced malicious tap change command through a compromised SCADA channel. This algorithm is based on the observation that a stealthily introduced false data or command masks the true estimation of only a few state variables. This leaves the rest of the state variables to show signs of a change in system state brought about by the attack. Using this observation, an index is formulated based on the ratios of injection or branch currents to voltages of the terminal nodes of the tap changers. This index shows a significant increase when there is a false tap command injection, resulting in easy classification from normal scenarios where there is no attack. The algorithm is computationally light, easy to implement and reliable when tested extensively on several tap changers placed in an IEEE 118-bus system.

This paper proposes a lightweight and privacy-preserving data aggregation scheme for dynamic electricity pricing based billing in smart grids using the concept of single-pass authenticated encryption (AE). Unlike existing literature that only considers static pricing, to the best of our knowledge, this is the first paper to address privacy under dynamic pricing.

Many IoT devices lack memory and computational complexities of modern computing devices, making them vulnerable to a wide range of cyber attacks. Among these, DDoS attacks are a growing concern in IoT. Such attacks are executed through the introduction of rogue devices and then using them and/or other compromised devices to facilitate DDoS attacks by generating relentless traffic. This paper aims to address DDoS security issues in IoT by proposing an integration of IoT devices with blockchain. This paper uses Ethereum, a blockchain variant, with smart contracts to replace the traditional centralized IoT infrastructure with a decentralized one. IoT devices are then required to access the network using smart contracts. The integration of IoT with Ethereum not only prevents rogue devices from gaining access to the server but also addresses DDoS attacks by using static resource allocation for devices.

The vision of smart environments, systems, and services is driven by the development of the Internet of Things (IoT). IoT devices produce large amounts of data and this data is used to make critical decisions in many systems. The data produced by these devices has to satisfy various security related requirements in order to be useful in practical scenarios. One of these requirements is data provenance which allows a user to trust the data regarding its origin and location. The low cost of many IoT devices and the fact that they may be deployed in unprotected spaces requires security protocols to be efficient and secure against physical attacks. This paper proposes a light-weight protocol for data provenance in the IoT. The proposed protocol uses physical unclonable functions (PUFs) to provide physical security and uniquely identify an IoT device. Moreover, wireless channel characteristics are used to uniquely identify a wireless link between an IoT device and a server/user. A brief security and performance analysis are presented to give a preliminary validation of the protocol.