Visible to the public Biblio

Filters: Author is Peng, Chunyi  [Clear All Filters]
2018-04-11
Wang, J. K., Peng, Chunyi.  2017.  Analysis of Time Delay Attacks Against Power Grid Stability. Proceedings of the 2Nd Workshop on Cyber-Physical Security and Resilience in Smart Grids. :67–72.

The modern power grid, as a critical national infrastructure, is operated as a cyber-physical system. While the Wide-Area Monitoring, Protection and Control Systems (WAMPCS) in the power grid ensures stable dynamical responses by allowing real-time remote control and collecting measurement over across the power grid, they also expose the power grid to potential cyber-attacks. In this paper, we analyze the effects of Time Delay Attacks (TDAs), which disturb stability of the power grid by simply delaying the transfer of measurement and control demands over the grid's cyber infrastructure. Different from the existing work which simulates TDAs' impacts under specific scenarios, we come up with a generic analytical framework to derive the TDAs' effective conditions. In particular, we propose three concepts of TDA margins, TDA boundary, and TDA surface to define the insecure zones where TDAs are able to destabilize the grid. The proposed concepts and analytical results are exemplified in the context of Load Frequency Control (LFC), but can be generalized to other power control applications.

2017-09-05
Tu, Guan-Hua, Li, Chi-Yu, Peng, Chunyi, Li, Yuanjie, Lu, Songwu.  2016.  New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1118–1130.

SMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the underlying technology of SMS evolves from the legacy circuit-switched network to the IMS (IP Multimedia Subsystem) system over packet-switched network. In this work, we study the insecurity of the IMS-based SMS. We uncover its security vulnerabilities and exploit them to devise four SMS attacks: silent SMS abuse, SMS spoofing, SMS client DoS, and SMS spamming. We further discover that those SMS threats can propagate towards SMS-powered services, thereby leading to three malicious attacks: social network account hijacking, unauthorized donation, and unauthorized subscription. Our analysis reveals that the problems stem from the loose security regulations among mobile phones, carrier networks, and SMS-powered services. We finally propose remedies to the identified security issues.