Biblio

Supply chain cyberattacks that exploit insecure third-party software are a growing concern for the security of the electric power grid. These attacks seek to deploy malicious software in grid control devices during the fabrication, shipment, installation, and maintenance stages, or as part of routine software updates. Malicious software on grid control devices may inject bad data or execute bad commands, which can cause blackouts and damage power equipment. This paper describes an experimental setup to simulate the software update process of a commercial power relay as part of a hardware-in-the-loop simulation for grid supply chain cyber-security assessment. The laboratory setup was successfully utilized to study three supply chain cyber-security use cases.

This demonstration presents an internet of things device (thermostat), whose security is enforced by a secure element (smartcard) running TLS server, and using Virtual Input/Ouput technology. The board comprises a Wi-Fi system on chip (SoC), a micro-controller managing sensor (temperature probe) and actuator (relay), and a javacard. All device messages are sent/received over TLS, and processed by the secure element. Some of them are exported to micro-controller in clear form, which returns a response, sent over TLS by the smartcard.

In this paper, physical layer security (PLS) analysis of a cooperative wireless communication system in which the source and destination nodes communicate via a relay employing decode-and-forward protocol is performed for double Rayleigh fading channel model. For the system where the source, relay and target have single antenna, an eavesdropper with multiantenna listens the source and relay together by using maximum-ratio-combining, secrecy outage and positive secrecy capacity possibilities are obtained in closed-form. The theoretical results are verified by Monte-Carlo simulations. From the results, it is observed that as the number of antennas of the eavesdropper is increased, the PLS performance of the system worsens.

In this paper, a novel strategy of relay selection and cooperative jammer beamforming is proposed. The proposed scheme selects one node from the intermediate nodes as relay and the rest nodes as friendly jammers. The relay operates in amplify-and-forward (AF) strategy. Jammer weights are derived to null the jamming signals at the destination and relay node and maximize the jamming signal at the eavesdropper. Furthermore, a closed-form optimal solution of power allocation between the selected relay and cooperative jammers is derived. Numerical simulation results show that the proposed scheme can outperform the conventional schemes at the same power consumption.

With the rapid advancement of the electrical grid, substation automation systems (SASs) have been developing continuously. However, with the introduction of advanced features, such as remote control, potential cyber security threats in SASs are also increased. Additionally, crucial components in SASs, such as protection relays, usually come from third-party vendors and may not be fully trusted. Untrusted devices may stealthily perform harmful or unauthorised behaviours which could compromise or damage SASs, and therefore, bring adverse impacts to the primary plant. Thus, it is necessary to detect abnormal behaviours from an untrusted device before it brings about catastrophic impacts. Anomaly detection techniques are suitable to detect anomalies in SASs as they only bring minimal side-effects to normal system operations. Many researchers have developed various machine learning algorithms and mathematical models to improve the accuracy of anomaly detection. However, without prudent feature selection, it is difficult to achieve high accuracy when detecting attacks launched from internal trusted networks, especially for stealthy message modification attacks which only modify message payloads slightly and imitate patterns of benign behaviours. Therefore, this paper presents choices of features which improve the accuracy of anomaly detection within SASs, especially for detecting “stealthy” attacks. By including two additional features, Boolean control data from message payloads and physical values from sensors, our method improved the accuracy of anomaly detection by decreasing the false-negative rate from 25% to 5% approximately.

The long-distance transmission of quantum secret key is a challenge for quantum communication. As far as the current relay technology is concerned, the trusted relay technology is a more practical scheme. However, the trusted relay technology requires every relay node to be trusted, but in practical applications, the security of some relay nodes cannot be guaranteed. How to overcome the security problem of trusted relay technology and realize the security key distribution of remote quantum network has become a new problem. Therefore, in this paper, a method of quantum key distribution in ring network is proposed under the condition of the coexistence of trusted and untrusted repeaters, and proposes a partially-trusted based routing algorithm (PT-RA). This scheme effectively solves the security problem of key distribution in ring backbone network. And simulation results show that PT-RA can significantly improve key distribution success rate compared with the original trusted relay technology.

In this research work, an advanced automatic multifunctional compact security system technology is developed using wireless networking system. The security system provides smart security and also alerts the user to avoid the critical circumstances in the daily security issues is held. This system provides a smart solution to the variety of different problems via remote control by the software name Cayenne. This software provides the user to control the system using smart mobile or computer from all over the world and needs to be connected via internet. The system provides general security for essential purposes as the Motion detecting system alerts for any kind of movement inside the area where it is installed, the gas detecting system alerts the user for any type of gas leakage inside the room and also clearing the leaking gas by exhaust fan automatically, the fire detection system detects instantly when a slight fire is emerged also warning the user with alarm, the LDR system is for electrical door lock and it can be controlled by Cayenne using mobile or computer and lastly a home light system which can be turned on/off by the user of Cayenne. Raspberry Pi has been used to connect and control all the necessary equipment. The system provides the most essential security for home and also for corporate world and it is very simple, easy to operate, and consumes small space.

With a massive amount of wireless sensor nodes in Internet of Things (IoT), it is difficult to establish key distribution and management mechanism for traditional encryption technology. Alternatively, the physical layer key generation technology is promising to implement in IoT, since it is based on the principle of information-theoretical security and has the advantage of low complexity. Most existing key generation schemes assume that eavesdropping channels are independent of legitimate channels, which may not be practical especially when eavesdropper nodes are near to legitimate nodes. However, this paper investigates key generation problems for a multi-relay wireless network in IoT, where the correlation between eavesdropping and legitimate channels are considered. Key generation schemes are proposed for both non-colluding and partially colluding eavesdroppers situations. The main idea is to divide the key agreement process into three phases: 1) we first generate a secret key by exploiting the difference between the random channels associated with each relay node and the eavesdropping channels; 2) another key is generated by integrating the residual common randomness associated with each relay pair; 3) the two keys generated in the first two phases are concatenated into the final key. The secrecy key performance of the proposed key generation schemes is also derived with closed-forms.

The necessity for peer-to-peer (p2p) communications is obvious; current centralized solutions are capturing and storing too much information from the individual people communicating with each other. Privacy concerns with a centralized solution in possession of all the users data are a difficult matter. HELIOS platform introduces a new social-media platform that is not in control of any central operator, but brings the power of possession of the data back to the users. It does not have centralized servers that store and handle receiving/sending of the messages. Instead, it relies on the current open-source solutions available in the p2p communities to propagate the messages to the wanted recipients of the data and/or messages. The p2p communications also introduce new problems in terms of privacy and tracking of the user, as the nodes part of a p2p network can see what data the other nodes provide and ask for. How the sharing of data in a p2p network can be achieved securely, taking into account the user's privacy is a question that has not been fully answered so far. We do not claim we answer this question fully in this paper either, but we propose a set of protocols to help answer one specific problem. Especially, this paper proposes how to privately share data (end-point address or other) of the user between other users, provided that they have previously connected with each other securely, either offline or online.

Directional Overcurrent Relays (DOCRs) play an essential role in the power system protection to guarantee the reliability, speed of relay operation and avoiding mal-trip in the primary and backup relays when unintentional fault conditions occur in the system. Moreover, the dual setting protection scheme is more efficient protection schemes for offering fast response protection and providing flexibility in the coordination of relay. In this paper, the Adaptive Modified Firefly Algorithm (AMFA) is used to determine the optimal coordination of dual setting DOCRs in the ring distribution system. The AMFA is completed by choosing the minimum value of pickup current (\textbackslashtextbackslashpmbI\textbackslashtextbackslashpmbP) and time dial setting (TDS). On the other hand, dual setting DOCRs protection scheme also proposed for operating in both forward and reverse directions that consisted of individual time current characteristics (TCC) curve for each direction. The previous method is applied to the ring distribution system network of PT. Pupuk Sriwidjaja by considering the fault on each bus. The result illustration that the AMFA within dual setting protection scheme is significantly reaching the optimized coordination and the relay coordination is certain for all simulation scenarios with the minimum operation. The AMFA has been successfully implemented in MATLAB software programming.

This article presents the design and development of a relay switch (RS) to handle electrical loads up to 20A using WiFi technology. The hardware design and the implementation methodology are explained, both for the power supply and for the wireless communication that are embedded in the same small printed circuit board. In the same way, the design of the implemented firmware to operate the developed RS is shown. An ESP-12E module is used to achieve wireless communication of the RS, which can be manipulated through a web page using an MQTT protocol or via and iOS or Arduino app. The developed RS presents at least three differentiators in relation to other similar devices on the market: it can handle a higher electrical load, has a design in accordance with national and international security standards and can use different cybersecurity strategies for wireless communication with the purpose of safe and reliable use. Experimental results using a lamp and a single-phase motor as electrical loads demonstrate an excellent performance and reliability of the developed relay switch.

Mobile data offloading using opportunistic network has recently gained its significance to increase mobile data needs. Such offloaders need to be properly incentivized to encourage more and more users to act as helpers in such networks. The extent of help offered by mobile data offloading alternatives using appropriate incentive mechanisms is significant in such scenarios. The limitation of existing incentive mechanisms is that they are partial in implementation while most of them use third party intervention based derivation. However, none of the papers considers trust as an essential factor for incentive distribution. Although few works contribute to the trust analysis, but the implementation is limited to offloading determination only while the incentive is independent of trust. We try to investigate if trust could be related to the Nash equilibrium based incentive evaluation. Our analysis results show that trust-based incentive distribution encourages more than 50% offloaders to act positively and contribute successfully towards efficient mobile data offloading. We compare the performance of our algorithm with literature based salary-bonus scheme implementation and get optimum incentive beyond 20% dependence over trust-based output.

Though the deep penetration of cyber systems across the smart grid sub-domains enrich the operation of the wide-area protection, control, and smart grid applications, the stochastic nature of cyber-attacks by adversaries inflict their performance and the system operation. Various hardware-in-the-loop (HIL) cyber-physical system (CPS) testbeds have attempted to evaluate the cyberattack dynamics and power system perturbations for robust wide-area protection algorithms. However, physical resource constraints and modular integration designs have been significant barriers while modeling large-scale grid models (scalability) and have limited many of the CPS testbeds to either small-scale HIL environment or complete simulation environments. This paper proposes a meticulous design and efficient modeling of IEC-61850 logical nodes in physical relays to simulate large-scale grid models in a HIL real-time digital simulator environment integrated with industry-grade hardware and software systems for wide-area power system applications. The proposed meticulous design includes multi-breaker emulation in the physical relays, which extends the capacity of a physical relay to accommodate more number of CPS interfaces in the HIL CPS security testbed environment. We have used our existing HIL CPS security testbed to demonstrate scalability by the real-time performance of ten simultaneous IEEE-39 CPS grid models. The experiments demonstrated significant results by 100% real-time performance with zero overruns, and low latency while receiving and executing control signals from physical SEL relays via IEC-61850 and DNP-3 protocols to real-time digital simulator, substation remote terminal unit (RTU) software and supervisory control and data acquisition (SCADA) software at control center.

In this paper, we propose a power allocation scheme in order to improve both secure and reliable performance in the wireless two-hop threshold-selection decode-and-forward (DF) relaying networks, which is so crucial to set a threshold value related the signal-to-noise ratio (SNR) of the source signal at relay nodes for perfect decoding. We adapt the maximal-ratio combining (MRC) receiving SNR from the direct and relaying paths both at the destination and at the eavesdropper. Particularly worth mentioning is that the closed expression form of outage probability and intercept probability is driven, which can quantify the security and reliability, respectively. We also make endeavors to utilize a metric to tradeoff the security and the reliability (SRT) and find out the relevance between them in the balanced case. But beyond that, in the pursuit of tradeoff performance, power allocation tends to depend on the threshold value. In other words, it provides a new method optimizing total power to the source and the relay by the threshold value. The results are obtained from analysis, confirmed by simulation, and predicted by artificial neural networks (ANNs), which is trained with back propagation (BP) algorithm, and thus the feasibility of the proposed method is verified.

After several years of research on onion routing, Camenisch and Lysyanskaya, in an attempt at rigorous analysis, defined an ideal functionality in the universal composability model, together with properties that protocols have to meet to achieve provable security. A whole family of systems based their security proofs on this work. However, analyzing HORNET and Sphinx, two instances from this family, we show that this proof strategy is broken. We discover a previously unknown vulnerability that breaks anonymity completely, and explain a known one. Both should not exist if privacy is proven correctly.In this work, we analyze and fix the proof strategy used for this family of systems. After proving the efficacy of the ideal functionality, we show how the original properties are flawed and suggest improved, effective properties in their place. Finally, we discover another common mistake in the proofs. We demonstrate how to avoid it by showing our improved properties for one protocol, thus partially fixing the family of provably secure onion routing protocols.

In this work, communication secrecy in cooperative and multi-hop wireless communications for various radio frequencies are examined. Attenuation lines and ranges of both detection and ultimate secrecy regions were calculated for cooperative communication channel and multi-hop channel with various number of hops. From results, frequency ranges with the highest potential to apply bandwidth saving method known as frequency reuse were determined and compared to point-to-point channel. Frequencies with the highest attenuation were derived and their ranges of both detection and ultimate secrecy are calculated. Point-to-point, cooperative and multi-hop channels were compared in terms of ultimate secrecy ranges. Multi-hop channel measurements were made with different number of hops and the relation between the number of hops and communication security is examined. Ultimate secrecy ranges were calculated up to 1 Terahertz and found to be less than 13 meters between 550-565 GHz frequency range. Therefore, for short-range wireless communication systems such as indoor and in-device communication systems (board-to-board or chip-to-chip communications), it is shown that various bands in the Terahertz band can be used to reuse the same frequency in different locations to obtain high security and high bandwidth.

Due to geographical locations of Indonesia, some technology such as hydro and solar photovoltaics are very attractive to be used and developed. Distribution Energy Resources (DER) is the appropriate schemes implemented to achieve optimal operation respecting the location and capacity of the plant. The Gorontalo sub-system network was chosen as a case study considering both of micro-hydro and PV as contributed to supply the grid. The needs of a smart electrical system are required to improve reliability, power quality, and adaptation to any circumstances during DER application. While the topology was changing over time, intermittent of DER output and bidirectional power flow can be overcome with smart grid systems. In this study, an automation algorithm has been conducted to aid the engineers in solving the protection problems caused by DER implementation. The Protection Security Assessment (PSA) method is used to evaluate the state of the protection system. Determine the relay settings using an adaptive rule-based method on expert systems. The application with a Graphical User Interface (GUI) has been developed to make user easier to get the specific relay settings and locations which are sensitive, fast, reliable, and selective.

This is an innovative practice full paper. In past projects, we have successfully used a private TOR (anonymity network) platform that enabled our students to explore the end-to-end inner workings of the TOR anonymity network through a number of controlled hands-on lab assignments. These have saisfied the needs of curriculum focusing on networking functions and algorithms. To be able to extend the use and application of the private TOR platform into cryptography courses, there is a desperate need to enhance the platform to allow the development of hands-on lab assignments on the cryptographic algorithms and methods utilized in the creation of TOR secure connections and end-to-end circuits for anonymity.In tackling this challenge, and since TOR is open source software, we identify the cryptographic functions called by the TOR algorithms in the process of establishing TLS connections and creating end-to-end TOR circuits as well tearing them down. We instrumented these functions with the appropriate code to log the cryptographic keys dynamically created at all nodes involved in the creation of the end to end circuit between the Client and the exit relay (connected to the target server).We implemented a set of pedagogical lab assignments on a private TOR platform and present them in this paper. Using these assignments, students are able to investigate and validate the cryptographic procedures applied in the establishment of the initial TLS connection, the creation of the first leg of a TOR circuit, as well as extending the circuit through additional relays (at least two relays). More advanced assignments are created to challenge the students to unwrap the traffic sent from the Client to the exit relay at all onion skin layers and compare it with the actual traffic delivered to the target server.

This paper studies the physical layer security (PLS) of a vehicular network employing a reconfigurable intelligent surface (RIS). RIS technologies are emerging as an important paradigm for the realisation of smart radio environments, where large numbers of small, low-cost and passive elements, reflect the incident signal with an adjustable phase shift without requiring a dedicated energy source. Inspired by the promising potential of RIS-based transmission, we investigate two vehicular network system models: One with vehicle-to-vehicle communication with the source employing a RIS-based access point, and the other model in the form of a vehicular adhoc network (VANET), with a RIS-based relay deployed on a building. Both models assume the presence of an eavesdropper to investigate the average secrecy capacity of the considered systems. Monte-Carlo simulations are provided throughout to validate the results. The results show that performance of the system in terms of the secrecy capacity is affected by the location of the RIS-relay and the number of RIS cells. The effect of other system parameters such as source power and eavesdropper distances are also studied.

In recent years, with the progress of data analysis methods utilizing artificial intelligence (AI) technology, concepts of smart cities collecting data from IoT devices and creating values by analyzing it have been proposed. However, making sure that the data is not tampered with is of the utmost importance. One way to do this is to utilize blockchain technology to record and trace the history of the data. Park and Kim proposed ensuring the trustworthiness of the data by utilizing an IoT device with a trusted execution environment (TEE). Also, Guan et al. proposed authenticating an IoT device and mediating data using a TEE. For the authentication, they use the physically unclonable function of the IoT device. Usually, IoT devices suffer from the lack of resources necessary for creating transactions for the blockchain ledger. In this paper, we present a secure protocol in which a TEE acts as a proxy to the IoT devices and creates the necessary transactions for the blockchain. We use an authenticated encryption method on the data transmission between the IoT device and TEE to authenticate the device and ensure the integrity and confidentiality of the data generated by the IoT devices.

Tor anonymous communication system's resource publishing is vulnerable to enumeration attacks. Zhao determines users who requested resources are unavailable as suspicious malicious users, and gradually reduce the scope of suspicious users through several stages to reduce the false positive rate. However, it takes several stages to distinguish users. Although this method successfully detects the malicious user, the malicious user has acquired many resources in the previous stages, which reduce the availability of the anonymous communication system. This paper proposes a detection method based on Integer Linear Program to detect malicious users who perform enumeration attacks on resources in the process of resource distribution. First, we need construct a bipartite graph between the unavailable resources and the users who requested for these resources in the anonymous communication system; next we use Integer Linear Program to find the minimum malicious user set. We simulate the resource distribution process through computer program, we perform an experimental analysis of the method in this paper is carried out. Experimental results show that the accuracy of the method in this paper is above 80%, when the unavailable resources in the system account for no more than 50%. It is about 10% higher than Zhao's method.

VANET is an emerging technology incorporating ad hoc network to accomplish intelligent communications between vehicles, improvement in road traffic efficiency and safety. In some situations movement of vehicles is in a certain range, over particular distance or just in a specific tendency. Such a network can be called as incompletely or partially predictable network. An efficient use of such network, position and motion of nodes as well as relative history in big data is an open issue in vehicular ad hoc network. A hybrid protocol which provides secure and trustworthiness evaluation based routing can be used in VANET. Here Secure Trustworthiness Evaluation Based Routing Protocol is implemented using NS2 software. Its performance is very good in terms of the Average End to End Delay, Packet Delivery Ratio and Normalized Routing Overhead.

In recent years, integration of Passive Optical Net-work(PON) and WiMAX (Worldwide Interoperability Microwave Access Network) network is attracting huge interest among many researchers. The continuous demand for large bandwidths with wider coverage area are the key drivers to this technology. This integration has led to high speed and cost efficient solution for internet accessibility. This paper investigates the issues related to traffic grooming, routing and resource allocation in the hybrid networks. The Elastic Optical Network forms Backbone and is integrated with WiMAX. In this novel approach, traffic grooming is carried out using light trail technique to minimize the bandwidth blocking ratio and also reduce the network resource consumption. The simulation is performed on different network topologies, where in the traffic is routed through three modes namely the pure Wireless Network, the Wireless-Optical/Optical-Wireless Network, the pure Optical Network keeping the network congestion in mind. The results confirm reduction in bandwidth blocking ratio in all the given networks coupled with minimum network resource utilization.

Cyber-event-triggered power grid blackout compels utility operators to intensify cyber-aware and physics-constrained recovery and restoration process. Recently, coordinated cyber attacks on the Ukrainian grid witnessed such a cyber-event-triggered power system blackout. Various cyber-physical system (CPS) testbeds have attempted with multitude designs to analyze such interdependent events and evaluate remedy measures. However, resource constraints and modular integration designs have been significant barriers while modeling large-scale grid models (scalability) and multi-grid isolated models (concurrency) under a single real-time execution environment for the hardware-in-the-loop (HIL) CPS security testbeds. This paper proposes a meticulous design and effective modeling for simulating large-scale grid models and multi-grid isolated models in a HIL realtime digital simulator environment integrated with industry-grade hardware and software systems. We have used our existing HIL CPS security testbed to demonstrate scalability by the realtime performance of a Texas-2000 bus US synthetic grid model and concurrency by the real-time performance of simultaneous ten IEEE-39 bus grid models and an IEEE-118 bus grid model. The experiments demonstrated significant results by 100% realtime performance with zero overruns, low latency while receiving and executing control signals from SEL Relays via IEC-61850 protocol and low latency while computing and transmitting grid data streams including stability measures via IEEE C37.118 synchrophasor data protocol to SEL Phasor Data Concentrators.

The application of line current differential relays (LCDRs) to protect transmission lines has recently proliferated. However, the reliance of LCDRs on digital communication channels has raised growing cyber-security concerns. This paper investigates the impacts of false data injection attacks (FDIAs) on the performance of LCDRs. It also develops coordinated attacks that involve multiple components, including LCDRs, and can cause false line tripping. Additionally, this paper proposes a technique for detecting FDIAs against LCDRs and differentiating them from actual faults in two-terminal lines. In this method, when an LCDR detects a fault, instead of immediately tripping the line, it calculates and measures the superimposed voltage at its local terminal, using the proposed positive-sequence (PS) and negative-sequence (NS) submodules. To calculate this voltage, the LCDR models the protected line in detail and replaces the rest of the system with a Thevenin equivalent that produces accurate responses at the line terminals. Afterwards, remote current measurement is utilized by the PS and NS submodules to compute each sequence's superimposed voltage. A difference between the calculated and the measured superimposed voltages in any sequence reveals that the remote current measurements are not authentic. Thus, the LCDR's trip command is blocked. The effectiveness of the proposed method is corroborated using simulation results for the IEEE 39-bus test system. The performance of the proposed method is also tested using an OPAL real-time simulator.