Biblio

Despite the fact that the power grid is typically regarded as a relatively stable system, outages and electricity shortages are common occurrences. Grid security is mainly dependent on accurate vulnerability assessment. The vulnerability can be assessed in terms of topology-based metrics and flow-based metrics. In this work, power flow analysis is used to calculate the metrics under single line contingency (N-1) conditions. The effect of load uncertainty on system vulnerability is checked. The IEEE 30 bus power network has been used for the case study. It has been found that the variation in load demand affects the system vulnerability.

This paper proposes a novel approach for privacy preserving face recognition aimed to formally define a trade-off optimization criterion between data privacy and algorithm accuracy. In our methodology, real world face images are anonymized with Gaussian blurring for privacy preservation. The anonymized images are processed for face detection, face alignment, face representation, and face verification. The proposed methodology has been validated with a set of experiments on a well known dataset and three face recognition classifiers. The results demonstrate the effectiveness of our approach to correctly verify face images with different levels of privacy and results accuracy, and to maximize privacy with the least negative impact on face detection and face verification accuracy.

This paper introduces a new type of attack on isolated, air-gapped workstations. Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. The prevalence of the SATA interface makes this attack highly available to attackers in a wide range of computer systems and IT environments. We discuss related work on this topic and provide technical background. We show the design of the transmitter and receiver and present the implementation of these components. We also demonstrate the attack on different computers and provide the evaluation. The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver. Furthermore, we show that the attack can operate from user mode, is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background. Finally, we discuss defense and mitigation techniques for this new air-gap attack.

With the advent of the era of big data, information technology has been rapidly developed and the application of computers has been popularized. However, network technology is a double-edged sword. While providing convenience, it also faces many problems, among which there are many hidden dangers of network information security. Based on this, based on the era background of big data, the network information security analysis, explore the main network security problems, and elaborate computer information network security matters needing attention, to strengthen the network security management, and put forward countermeasures, so as to improve the level of network security.

Lateral movement attack performs malicious activities by infecting part of a network system first and then moving laterally to the left system in order to compromise more computers. It is widely used in various sophisticated attacks and plays a critical role. This paper aims to quantitatively analyze the transient security and dependability of a critical network system under lateral movement attacks, whose intruding capability increases with the increasing number of attacked computers. We propose a survivability model for capturing the system and adversary behaviors from the time instant of the first intrusion launched from any attacked computer to the other vulnerable computers until defense solution is developed and deployed. Stochastic Reward Nets (SRN) is applied to automatically build and solve the model. The formulas are also derived for calculating the metrics of interest. Simulation is carried out to validate the approximate accuracy of our model and formulas. The quantitative analysis can help network administrators make a trade-off between damage loss and defense cost.

In recent years, the “whole chain” development level of China's intellectual property creation, protection and application has been greatly improved. At the same time, cloud computing technology is booming, and intellectual property data distributed platforms based on cloud storage are emerging one after another. Firstly, this paper introduces the domestic intellectual property cloud platform services from the perspectives of government, state-owned enterprises and private enterprises; Secondly, four typical distributed platforms provided by commercial resources are selected to summarize the problems faced by the operation mode of domestic intellectual property services; Then, it compares and discusses the functions and service modes of domestic intellectual property distributed platform, and takes TSITE IP as an example, puts forward the design and construction strategies of intellectual property protection, intellectual property operation service distributed platform and operation service mode under the background of information age. Finally, according to the development of contemporary information technology, this paper puts forward challenges and development direction for the future development of intellectual property platform.

We use discrete-time adaptive control theory to design a novel false data injection (FDI) attack against automatic generation control (AGC), a critical system that maintains a power grid at its requisite frequency. FDI attacks can cause equipment damage or blackouts by falsifying measurements in the streaming sensor data used to monitor the grid's operation. Compared to prior work, the proposed attack (i) requires less knowledge on the part of the attacker, such as correctly forecasting the future demand for power; (ii) is stealthier in its ability to bypass standard methods for detecting bad sensor data and to keep the false sensor readings near historical norms until the attack is well underway; and (iii) can sustain the frequency excursion as long as needed to cause real-world damage, in spite of AGC countermeasures. We validate the performance of the proposed attack on realistic 37-bus and 118-bus setups in PowerWorld, an industry-strength power system simulator trusted by real-world operators. The results demonstrate the attack's improved stealthiness and effectiveness compared to prior work.

Current cryptographic solutions used in information technologies today like Transport Layer Security utilize algorithms with underlying computationally difficult problems to solve. With the ongoing research and development of quantum computers, these same computationally difficult problems become solvable within reasonable (polynomial) time. The emergence of large-scale quantum computers would put the integrity and confidentiality of today’s data in jeopardy. It then becomes urgent to develop, implement, and test a new suite of cybersecurity measures against attacks from a quantum computer. This paper explores, understands, and evaluates this new category of cryptosystems as well as the many tradeoffs among them. All the algorithms submitted to the National Institute of Standards and Technology (NIST) for standardization can be categorized into three major categories, each relating to the new underlying hard problem: namely error code correcting, algebraic lattices (including ring learning with errors), and supersingular isogenies. These new mathematical hard problems have shown to be resistant to the same type of quantum attack. Utilizing hardware clock cycle registers, the work sets up the benchmarks of the four Round 3 NIST algorithms in two environments: cloud computing and embedded system. As expected, there are many tradeoffs and advantages in each algorithm for applications. Saber and Kyber are exceedingly fast but have larger ciphertext size for transmission over a wire. McEliece key size and key generation are the largest drawbacks but having the smallest ciphertext size and only slightly decreased performance allow a use case where key reuse is prioritized. NTRU finds a middle ground in these tradeoffs, being better than McEliece performance wise and better than Kyber and Saber in ciphertext size allows for a use case of highly varied environments, which need to value speed and ciphertext size equally. Going forward, the benchmarking system developed could be applied to digital signature, another vital aspect to a cryptosystem.

Cyber security risk assessment is very important to quantify the security level of communication-based train control (CBTC) systems. In this paper, a methodology is proposed to assess the cyber security risk of CBTC systems that integrates complex network theory and attack graph method. On one hand, in order to determine the impact of malicious attacks on train control, we analyze the connectivity of movement authority (MA) paths based on the working state of nodes, the connectivity of edges. On the other hand, attack graph is introduced to quantify the probabilities of potential attacks that combine multiple vulnerabilities in the cyber world of CBTC. Experiments show that our methodology can assess the security risks of CBTC systems and improve the security level after implementing reinforcement schemes.

In this study, we prove strong stability for a typical time-varying nonlinear dynamic system in batch culture, which is hard to obtain analytical solutions and equilibrium points. To this end, firstly, we construct a linear variational system to the nonlinear dynamic system. Secondly, we give a proof that the fundamental matrix solution to this dynamic system is bounded. Combined with the above two points, the strong stability for the nonlinear dynamic system is proved.

Web server is an appealing target for attackers since it may be exploited to gain access to an organization’s internal network. After compromising a web server, the attacker can construct a webshell to maintain a long-term and stealthy access for further attacks. Among all webshell-based attacks, command injection is a powerful attack that can be launched to steal sensitive data from the web server or compromising other computers in the network. To monitor and analyze webshell-based command injection, we develop a hybrid webshell honeypot framework called HoneyBog, which intercepts and redirects malicious injected commands from the front-end honeypot to the high-fidelity back-end honeypot for execution. HoneyBog can achieve two advantages by using the client-server honeypot architecture. First, since the webshell-based injected commands are transferred from the compromised web server to a remote constrained execution environment, we can prevent the attacker from launching further attacks in the protected network. Second, it facilitates the centralized management of high-fidelity honeypots for remote honeypot service providers. Moreover, we increase the system fidelity of HoneyBog by synchronizing the website files between the front-end and back-end honeypots. We implement a prototype of HoneyBog using PHP and the Apache web server. Our experiments on 260 PHP webshells show that HoneyBog can effectively intercept and redirect injected commands with a low performance overhead.

An efficient quantum circuit (program) compiler aims to minimize the gate-count - through efficient instruction translation, routing, gate, and cancellation - to improve run-time and noise. Therefore, a high-efficiency compiler is paramount to enable the game-changing promises of quantum computers. To date, the quantum computing hardware providers are offering a software stack supporting their hardware. However, several third-party software toolchains, including compilers, are emerging. They support hardware from different vendors and potentially offer better efficiency. As the quantum computing ecosystem becomes more popular and practical, it is only prudent to assume that more companies will start offering software-as-a-service for quantum computers, including high-performance compilers. With the emergence of third-party compilers, the security and privacy issues of quantum intellectual properties (IPs) will follow. A quantum circuit can include sensitive information such as critical financial analysis and proprietary algorithms. Therefore, submitting quantum circuits to untrusted compilers creates opportunities for adversaries to steal IPs. In this paper, we present a split compilation methodology to secure IPs from untrusted compilers while taking advantage of their optimizations. In this methodology, a quantum circuit is split into multiple parts that are sent to a single compiler at different times or to multiple compilers. In this way, the adversary has access to partial information. With analysis of over 152 circuits on three IBM hardware architectures, we demonstrate the split compilation methodology can completely secure IPs (when multiple compilers are used) or can introduce factorial time reconstruction complexity while incurring a modest overhead ( 3% to 6% on average).

Nowadays, children, teens, and almost everyone around us tend to receive abundant and frequent advice regarding the usefulness of syllabification. Not only does it improve pronunciation, but it also makes it easier for us to read unfamiliar words in chunks of syllables rather than reading them all at once. Within this paper, we have designed, implemented, and presented a Turing machine-based syllable splitter. A Turing machine forms the theoretical basis for all modern computers and can be used to solve universal problems. On the other hand, a syllable splitter is used to hyphenate words into their corresponding syllables. We have proposed our work by illustrating the various states of the Turing machine, along with the rules it abides by, its machine specifications, and transition function. In addition to this, we have implemented a Graphical User Interface to stimulate our Turing machine to analyze our results better.

Nowadays, the increasing complexity of digital applications for social and business activities has required more and more advanced mechanisms to prove the identity of subjects like those based on the Two-Factor Authentication (2FA). Such an approach improves the typical authentication paradigm but it has still some weaknesses. Specifically, it has to deal with the disadvantages of a centralized architecture causing several security threats like denial of service (DoS) and man-in-the-middle (MITM). In fact, an attacker who succeeds in violating the central authentication server could be able to impersonate an authorized user or block the whole service. This work advances the state of art of 2FA solutions by proposing a decentralized Microservices and Blockchain Based One Time Password (MBB-OTP) protocol for security-enhanced authentication able to mitigate the aforementioned threats and to fit different application scenarios. Experiments prove the goodness of our MBB-OTP protocol considering both private and public Blockchain configurations.

With the continuous emergence of cloud computing technology, cloud infrastructure software will become the mainstream application model in the future. Among the databases, relational databases occupy the largest market share. Therefore, the relational cloud database will be the main product of the combination of database technology and cloud computing technology, and will become an important branch of the database industry. This article explores the establishment of an evaluation system framework for relational databases, helping enterprises to select relational cloud database products according to a clear goal and path. This article can help enterprises complete the landing of relational cloud database projects.

Distribution of keys in classical cryptography is one of the most significant affairs to deal with. The computational hardness is the fundamental basis of the security of these keys. However, in the era of quantum computing, quantum computers can break down these keys with their substantially more computation capability than normal computers. For instance, a quantum computer can easily break down RSA or ECC in polynomial time. In order to make the keys quantum resistant, Quantum Key Distribution (QKD) is developed to enforce security of the classical cryptographic keys from the attack of quantum computers. By using quantum mechanics, QKD can reinforce the durability of the keys of classical cryptography, which were practically unbreakable during the pre-quantum era. Thus, an extensive study is required to understand the importance of QKD to make the classical cryptographic key distributions secure against both classical and quantum computers. Therefore, in this paper, we discuss trends and limitations of key management protocols in classical cryptography, and demonstrates a relative study of different QKD protocols. In addition, we highlight the security implementation aspects of QKD, which lead to the solution of threats occurring in a quantum computing scenario, such that the cryptographic keys can be quantum resistant.

One of the most essential ways of communication is the wireless network. As a result, ensuring the security of information transmitted across wireless networks is a critical concern. For wireless networks, classical cryptography provides conditional security with several loopholes, but quantum cryptography claims to be unconditionally safe. People began to consider beyond classical cryptosystems for protecting future electronic communication when quantum computers became functional. With all of these flaws in classical cryptosystems in mind, people began to consider beyond it for protecting future electronic communication. Quantum cryptography addresses practically all flaws in traditional cryptography.

Recent advancements in quantum information theory and quantum computation intend the possibilities of breaking the existing classical cryptographic systems. To mitigate these kinds of threats with quantum computers we need some advanced quantum-based cryptographic systems. The research orientation towards this is tremendous in recent years, and many excellent approaches have been reported. In this article, we discuss the probable approaches of the quantum cryptographic systems from implementation point of views to handle the post-quantum cryptographic attacks.

Cloud computing has changed the paradigm of using computing resources. It has shifted from traditional storage and computing to Internet based computing leveraging economy of scale, cost saving, elimination of data redundancy, scalability, availability and regulatory compliance. With these, cloud also brings plenty of security issues. As security is not a one-time solution, there have been efforts to investigate and provide countermeasures. In the wake of emerging quantum computers, the aim of post-quantum cryptography is to develop cryptography schemes that are secure against both classical computers and quantum computers. Since cloud is widely used across the globe for outsourcing data, it is essential to strive at providing betterment of security schemes from time to time. This paper reviews recent development, methods of cloud data security in post-quantum perspectives. It provides useful insights pertaining to the security schemes used to safeguard data dynamics associated with cloud computing. The findings of this paper gives directions for further research in pursuit of more secure cloud data storage and retrieval.

With the development of quantum computers, classical cryptography for secure communication is in danger of becoming obsolete. Quantum cryptography, however, can exploit the laws of quantum mechanics to guarantee unconditional security independently of the computational power of a potential eavesdropper. An example is quantum key distribution (QKD), which allows two parties to encrypt a message through a random secret key encoded in the degrees of freedom of quantum particles, typically photons.

With the increase of computing power of quantum computers, classical cryptography schemes such as RSA and ECC are no longer secure in the era of quantum computers. The Cryptosystem based on coding has the advantage of resisting quantum computing and has a good application prospect in the future. McEliece Public Key Cryptography is a cryptosystem based on coding theory, whose security can be reduced to the decoding problem of general linear codes and can resist quantum attacks. Therefore, this paper proposes a cryptosystem based on the Polar-LDPC Concatenated Codes, which is an improvement on the original McEliece cipher scheme. The main idea is to take the generation matrix of Polar code and LDPC code as the private key, and the product of their hidden generation matrix as the public key. The plain text is encoded by Polar code and LDPC code in turn to obtain the encrypted ciphertext. The decryption process is the corresponding decoding process. Then, the experimental data presented in this paper prove that the proposed scheme can reduce key size and improve security compared with the original McEliece cryptosystem under the condition of selecting appropriate parameters. Moreover, compared with the improvement schemes based on McEliece proposed in recent years, the proposed scheme also has great security advantages.

Completely Automated Public Turing Tests (CAPTCHA) have been used to differentiate between computers and humans for quite some time now. There are many different varieties of CAPTCHAs - text-based, image-based, audio, video, arithmetic, etc. However, not all varieties are suitable for the visually impaired. As time goes by and Spambots and APIs grow more accurate, the CAPTCHA tests have been constantly updated to stay relevant, but that has not happened with the audio CAPTCHA. There exists an audio CAPTCHA intended for the blind/visually impaired but many blind/visually impaired find it difficult to solve. We propose an alternative to the existing system, which would make use of unique sound samples layered with music generated through GANs (Generative Adversarial Networks) along with noise and other layers of sounds to make it difficult to dissect. The user has to count the number of times the unique sound was heard in the sample and then input that number. Since there are no letters or numbers involved in the samples, speech-to-text bots/APIs cannot be used directly to decipher this system. Also, any user regardless of their native language can comfortably use this system.

CAPTCHA or Completely Automated Public Turing test to Tell Computers and Humans Apart is a technique to distinguish between humans and computers by generating and evaluating tests that can be passed by humans but not computer bots. However, captchas are not foolproof, and they can be bypassed which raises security concerns. Hence, sites over the internet remain open to such vulnerabilities. This research paper identifies the vulnerabilities found in some of the commonly used captcha schemes by cracking them using Deep Learning techniques. It also aims to provide solutions to safeguard against these vulnerabilities and provides recommendations for the generation of secure captchas.

CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) is a widely used challenge-measures to distinguish humans and computer automated programs apart. Several existing CAPTCHAs are reliable for normal users, whereas visually impaired users face a lot of problems with the CAPTCHA authentication process. CAPTCHAs such as Google reCAPTCHA alternatively provides audio CAPTCHA, but many users find it difficult to decipher due to noise, language barrier, and accent of the audio of the CAPTCHA. Existing CAPTCHA systems lack user satisfaction on smartphones thus limiting its use. Our proposed system potentially solves the problem faced by visually impaired users during the process of CAPTCHA authentication. Also, our system makes the authentication process generic across users as well as platforms.

A 'Completely Automated Public Turing test to tell Computers and Humans Apart' or better known as CAPTCHA is a image based test used to determine the authenticity of a user (ie. whether the user is human or not). In today's world, almost all the web services, such as online shopping sites, require users to solve CAPTCHAs that must be read and typed correctly. The challenge is that recognizing the CAPTCHAs is a relatively easy task for humans, but it is still hard to solve for computers. Ideally, a well-designed CAPTCHA should be solvable by humans at least 90% of the time, while programs using appropriate resources should succeed in less than 0.01% of the cases. In this paper, a deep neural network architecture is presented to extract text from CAPTCHA images on various platforms. The central theme of the paper is to develop an efficient & intelligent model that converts image-based CAPTCHA to text. We used convolutional neural network based architecture design instead of the traditional methods of CAPTCHA detection using image processing segmentation modules. The model consists of seven layers to efficiently correlate image features to the output character sequence. We tried a wide variety of configurations, including various loss and activation functions. We generated our own images database and the efficacy of our model was proven by the accuracy levels of 99.7%.