Visible to the public Biblio

Filters: Author is Wang, Dong  [Clear All Filters]
2023-01-06
Yu, Xiao, Wang, Dong, Sun, Xiaojuan, Zheng, Bingbing, Du, Yankai.  2022.  Design and Implementation of a Software Disaster Recovery Service for Cloud Computing-Based Aerospace Ground Systems. 2022 11th International Conference on Communications, Circuits and Systems (ICCCAS). :220—225.
The data centers of cloud computing-based aerospace ground systems and the businesses running on them are extremely vulnerable to man-made disasters, emergencies, and other disasters, which means security is seriously threatened. Thus, cloud centers need to provide effective disaster recovery services for software and data. However, the disaster recovery methods for current cloud centers of aerospace ground systems have long been in arrears, and the disaster tolerance and anti-destruction capability are weak. Aiming at the above problems, in this paper we design a disaster recovery service for aerospace ground systems based on cloud computing. On account of the software warehouse, this service adopts the main standby mode to achieve the backup, local disaster recovery, and remote disaster recovery of software and data. As a result, this service can timely response to the disasters, ensure the continuous running of businesses, and improve the disaster tolerance and anti-destruction capability of aerospace ground systems. Extensive simulation experiments validate the effectiveness of the disaster recovery service proposed in this paper.
2022-06-09
Hu, Peng, Yang, Baihua, Wang, Dong, Wang, Qile, Meng, Kaifeng, Wang, Yinsheng, Chen, Zhen.  2021.  Research on Cybersecurity Strategy and Key Technology of the Wind Farms’ Industrial Control System. 2021 IEEE International Conference on Electrical Engineering and Mechatronics Technology (ICEEMT). :357–361.
Affected by the inherent ideas like "Focus on Function Realization, Despise Security Protection", there are lots of hidden threats in the industrial control system of wind farms (ICS-WF), such as unreasonable IP configuration, failure in virus detection and killing, which are prone to illegal invasion and attack from the cyberspace. Those unexpected unauthorized accesses are quite harmful for the stable operation of the wind farms and regional power grid. Therefore, by investigating the current security situation and needs of ICS-WF, analyzing the characteristics of ICS-WF’s architecture and internal communication, and integrating the ideas of the classified protection of cybersecurity, this paper proposes a new customized cybersecurity strategy for ICS-WF based on the barrel theory. We also introduce an new anomalous intrusion detection technology for ICS-WF, which is developed based on statistical models of wind farm network characteristics. Finally, combined all these work with the network security offense and defense drill in the industrial control safety simulation laboratory of wind farms, this research formulates a three-dimensional comprehensive protection solution for ICS-WF, which significantly improves the cybersecurity level of ICS-WF.
2018-12-10
Wang, Dong, Ming, Jiang, Chen, Ting, Zhang, Xiaosong, Wang, Chao.  2018.  Cracking IoT Device User Account via Brute-force Attack to SMS Authentication Code. Proceedings of the First Workshop on Radical and Experiential Security. :57–60.

IoT device usually has an associated application to facilitate customers' interactions with the device, and customers need to register an account to use this application as well. Due to the popularity of mobile phone, a customer is encouraged to register an account with his own mobile phone number. After binding the device to his account, the customer can control his device remotely with his smartphone. When a customer forgets his password, he can use his mobile phone to receive a verification code that is sent by the Short Message Service (SMS) to authenticate and reset his password. If an attacker gains this code, he can steal the victim's account (reset password or login directly) to control the IoT device. Although IoT device vendors have already deployed a set of security countermeasures to protect account such as setting expiration time for SMS authentication code, HTTP encryption, and application packing, this paper shows that existing IoT account password reset via SMS authentication code are still vulnerable to brute-force attacks. In particular, we present an automatic brute-force attack to bypass current protections and then crack IoT device user account. Our preliminary study on popular IoT devices such as smart lock, smart watch, smart router, and sharing car has discovered six account login zero-day vulnerabilities.