Alyami, Areej, Sammon, David, Neville, Karen, Mahony, Carolanne.
2022.
The Critical Success Factors for Security Education, Training and Awareness (SETA) Programmes. 2022 Cyber Research Conference - Ireland (Cyber-RCI). :1—12.
This study explores the Critical Success Factors (CSFs) for Security Education, Training and Awareness (SETA) programmes. Data is gathered from 20 key informants (using semi-structured interviews) from various geographic locations including the Gulf nations, Middle East, USA, UK, and Ireland. The analysis of these key informant interviews produces eleven CSFs for SETA programmes. These CSFs are mapped along the phases of a SETA programme lifecycle (design, development, implementation, and evaluation).
Yang, Jeong, Rae Kim, Young, Earwood, Brandon.
2022.
A Study of Effectiveness and Problem Solving on Security Concepts with Model-Eliciting Activities. 2022 IEEE Frontiers in Education Conference (FIE). :1—9.
Security is a critical aspect in the process of designing, developing, and testing software systems. Due to the increasing need for security-related skills within software systems, there is a growing demand for these skills to be taught in computer science. A series of security modules was developed not only to meet the demand but also to assess the impact of these modules on teaching critical cyber security topics in computer science courses. This full paper in the innovative practice category presents the outcomes of six security modules in a freshman-level course at two institutions. The study adopts a Model-Eliciting Activity (MEA) as a project for students to demonstrate an understanding of the security concepts. Two experimental studies were conducted: 1) Teaching effectiveness of implementing cyber security modules and MEA project, 2) Students’ experiences in conceptual modeling tasks in problem-solving. In measuring the effectiveness of teaching security concepts with the MEA project, students’ performance, attitudes, and interests as well as the instructor’s effectiveness were assessed. For the conceptual modeling tasks in problem-solving, the results of student outcomes were analyzed. After implementing the security modules with the MEA project, students showed a great understanding of cyber security concepts and an increased interest in broader computer science concepts. The instructor’s beliefs about teaching, learning, and assessment shifted from teacher-centered to student-centered during their experience with the security modules and MEA project. Although 64.29% of students’ solutions do not seem suitable for real-world implementation, 76.9% of the developed solutions showed a sufficient degree of creativity.
Kapila, Pooja, Sharma, Bhanu, Kumar, Sanjay, Sharma, Vishnu.
2022.
The importance of cyber security education in digitalization and Banking. 2022 4th International Conference on Advances in Computing, Communication Control and Networking (ICAC3N). :2444—2447.
Large volumes of private data are gathered, processed, and stored on computers by governments, the military, organizations, financial institutions, colleges, and other enterprises. This data is then sent through networks to other computers. Urgent measures are required to safeguard sensitive personal and company data as well as national security due to the exponential development in number and complexity of cyber- attacks. The essay discusses the characteristics of the Internet and demonstrates how private and financial data can be transmitted over it while still being safeguarded. We show that robbery has spread throughout India and the rest of the world, endangering the global economy and security and giving rise to a variety of cyber-attacks.
Low, Xuan, Yang, DeQuan, Yang, DengPan.
2022.
Design and Implementation of Industrial Control Cyber Range System. 2022 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :166—170.
In the 21st century, world-leading industries are under the accelerated development of digital transformation. Along with information and data resources becoming more transparent on the Internet, many new network technologies were introduced, but cyber-attack also became a severe problem in cyberspace. Over time, industrial control networks are also forced to join the nodes of the Internet. Therefore, cybersecurity is much more complicated than before, and suffering risk of browsing unknown websites also increases. To practice defenses against cyber-attack effectively, Cyber Range is the best platform to emulate all cyber-attacks and defenses. This article will use VMware virtual machine emulation technology, research cyber range systems under industrial control network architecture, and design and implement an industrial control cyber range system. Using the industrial cyber range to perform vulnerability analyses and exploits on web servers, web applications, and operating systems. The result demonstrates the consequences of the vulnerability attack and raises awareness of cyber security among government, enterprises, education, and other related fields, improving the practical ability to defend against cybersecurity threats.
Lang-Muhr, Christoph, Tjoa, Simon, Machherndl, Stefan, Haslinger, Daniel.
2022.
Business Continuity & Disaster Recovery A simulation game for holistic cyber security education. 2022 IEEE Global Engineering Education Conference (EDUCON). :1296—1302.
At the end of the IT Security degree program a simulation game is conducted to repeat and consolidate the core skills of a Bachelor’s graduate. The focus is not on teaching content, but on the application of already learned skills. The scenario shows the students the risks of a completely networked world, which has come to a complete standstill due to a catastrophe. The participants occupy in groups the predefined companies, which are assigned with the reconstruction of the communication infrastructure (the internet). This paper describes the preparation, technical and organizational implementation of the. Also, the most important conclusions drawn by the authors.
Lang, Michael, Dowling, Seamus, Lennon, Ruth G..
2022.
The Current State of Cyber Security in Ireland. 2022 Cyber Research Conference - Ireland (Cyber-RCI). :1—2.
There is a stark contrast between the state of cyber security of national infrastructure in Ireland and the efforts underway to support cyber security technologists to work in the country. Notable attacks have recently occurred against the national health service, universities, and various other state bodies, prompting an interest in changing the current situation. This paper presents an overview of the security projects, commercial establishments, and policy in Ireland.
Ali AL-Jumaili, Ahmed Hadi, Muniyandi, Ravie Chandren, Hasan, Mohammad Kamrul, Singh, Mandeep Jit, Siaw Paw, Johnny Koh.
2022.
Analytical Survey on the Security Framework of Cyber-Physical Systems for Smart Power System Networks. 2022 International Conference on Cyber Resilience (ICCR). :1—8.
Cyber-Physical Power System (CPPS) is one of the most critical infrastructure systems due to deep integration between power grids and communication networks. In the power system, cascading failure is spreading more readily in CPPS, even leading to blackouts as well as there are new difficulties with the power system security simulation and faults brought by physical harm or network intrusions. The current study summarized the cross- integration of several fields such as computer and cyberspace security in terms of the robustness of Cyber-Physical Systems, viewed as Interconnected and secure network systems. Therefore, the security events that significantly influenced the power system were evaluated in this study, besides the challenges and future directions of power system security simulation technologies were investigated for posing both challenges and opportunities for simulation techniques of power system security like building a new power system to accelerate the transformation of the existing energy system to a clean, low-carbon, safe, and efficient energy system which is used to assure power system stability through fusion systems that combine the cyber-physical to integrate the battery power station, power generation and renewable energy resources through the internet with the cyber system that contains Smart energy system control and attacks.
Haggi, Hamed, Sun, Wei.
2022.
Cyber-Physical Vulnerability Assessment of P2P Energy Exchanges in Active Distribution Networks. 2022 IEEE Kansas Power and Energy Conference (KPEC). :1—5.
Owing to the decreasing costs of distributed energy resources (DERs) as well as decarbonization policies, power systems are undergoing a modernization process. The large deployment of DERs together with internet of things (IoT) devices provide a platform for peer-to-peer (P2P) energy trading in active distribution networks. However, P2P energy trading with IoT devices have driven the grid more vulnerable to cyber-physical threats. To this end, in this paper, a resilience-oriented P2P energy exchange model is developed considering three phase unbalanced distribution systems. In addition, various scenarios for vulnerability assessment of P2P energy exchanges considering adverse prosumers and consumers, who provide false information regarding the price and quantity with the goal of maximum financial benefit and system operation disruption, are considered. Techno-economic survivability analysis against these attacks are investigated on a IEEE 13-node unbalanced distribution test system. Simulation results demonstrate that adverse peers can affect the physical operation of grid, maximize their benefits, and cause financial loss of other agents.
Rizwan, Kainat, Ahmad, Mudassar, Habib, Muhammad Asif.
2022.
Cyber Automated Network Resilience Defensive Approach against Malware Images. 2022 International Conference on Frontiers of Information Technology (FIT). :237—242.
Cyber threats have been a major issue in the cyber security domain. Every hacker follows a series of cyber-attack stages known as cyber kill chain stages. Each stage has its norms and limitations to be deployed. For a decade, researchers have focused on detecting these attacks. Merely watcher tools are not optimal solutions anymore. Everything is becoming autonomous in the computer science field. This leads to the idea of an Autonomous Cyber Resilience Defense algorithm design in this work. Resilience has two aspects: Response and Recovery. Response requires some actions to be performed to mitigate attacks. Recovery is patching the flawed code or back door vulnerability. Both aspects were performed by human assistance in the cybersecurity defense field. This work aims to develop an algorithm based on Reinforcement Learning (RL) with a Convoluted Neural Network (CNN), far nearer to the human learning process for malware images. RL learns through a reward mechanism against every performed attack. Every action has some kind of output that can be classified into positive or negative rewards. To enhance its thinking process Markov Decision Process (MDP) will be mitigated with this RL approach. RL impact and induction measures for malware images were measured and performed to get optimal results. Based on the Malimg Image malware, dataset successful automation actions are received. The proposed work has shown 98% accuracy in the classification, detection, and autonomous resilience actions deployment.
Hristozov, Anton, Matson, Eric, Dietz, Eric, Rogers, Marcus.
2022.
Sensor Data Protection in Cyber-Physical Systems. 2022 17th Conference on Computer Science and Intelligence Systems (FedCSIS). :855—859.
Cyber-Physical Systems (CPS) have a physical part that can interact with sensors and actuators. The data that is read from sensors and the one generated to drive actuators is crucial for the correct operation of this class of devices. Most implementations trust the data being read from sensors and the outputted data to actuators. Real-time validation of the input and output of data for any system is crucial for the safety of its operation. This paper proposes an architecture for handling this issue through smart data guards detached from sensors and controllers and acting solely on the data. This mitigates potential issues of malfunctioning sensors and intentional sensor and controller attacks. The data guards understand the expected data, can detect anomalies and can correct them in real-time. This approach adds more guarantees for fault-tolerant behavior in the presence of attacks and sensor failures.
Wang, Bo, Zhang, Zhixiong, Wang, Jingyi, Guo, Chuangxin, Hao, Jie.
2022.
Resistance Strategy of Power Cyber-Physical System under Large-Scale and Complex Faults. 2022 6th International Conference on Green Energy and Applications (ICGEA). :254—258.
In recent years, with the occurrence of climate change and various extreme events, the research on the resistance of physical information systems to large-scale complex faults is of great significance. Propose a power information system to deal with complex faults in extreme weather, establish an anti-interference framework, construct a regional anti-interference strategy based on regional load output matching and topological connectivity, and propose branch active power adjustment methods to reduce disasters. In order to resist the risk of system instability caused by overrun of branch power and phase disconnection, the improved IEEE33 node test system simulation shows that this strategy can effectively reduce the harm of large-scale and complex faults.
Lee, Hwiwon, Kim, Sosun, Kim, Huy Kang.
2022.
SoK: Demystifying Cyber Resilience Quantification in Cyber-Physical Systems. 2022 IEEE International Conference on Cyber Security and Resilience (CSR). :178—183.
Cyber-Physical System (CPS) is becoming increasingly complicated and integrated into our daily lives, laying the foundation for advanced infrastructures, commodities, and services. In this regard, operational continuity of the system is the most critical objective, and cyber resilience quantification to evaluate and enhance it has garnered attention. However, understanding of the increasingly critical cyber risks is weak, with the focus being solely on the damage that occurs in the physical domain. To address this gap, this work takes aim at shedding some light on the cyber resilience quantification of CPS. We review the numerous resilience quantification techniques presented to date through several metrics to provide systematization of knowledge (SoK). In addition, we discuss the challenges of current quantification methods and give ideas for future research that will lead to more precise cyber resilience measurements.
Rimawi, Diaeddin.
2022.
Green Resilience of Cyber-Physical Systems. 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). :105—109.
Cyber-Physical System (CPS) represents systems that join both hardware and software components to perform real-time services. Maintaining the system's reliability is critical to the continuous delivery of these services. However, the CPS running environment is full of uncertainties and can easily lead to performance degradation. As a result, the need for a recovery technique is highly needed to achieve resilience in the system, with keeping in mind that this technique should be as green as possible. This early doctorate proposal, suggests a game theory solution to achieve resilience and green in CPS. Game theory has been known for its fast performance in decision-making, helping the system to choose what maximizes its payoffs. The proposed game model is described over a real-life collaborative artificial intelligence system (CAIS), that involves robots with humans to achieve a common goal. It shows how the expected results of the system will achieve the resilience of CAIS with minimized CO2 footprint.
Vasisht, Soumya, Rahman, Aowabin, Ramachandran, Thiagarajan, Bhattacharya, Arnab, Adetola, Veronica.
2022.
Multi-fidelity Bayesian Optimization for Co-design of Resilient Cyber-Physical Systems. 2022 ACM/IEEE 13th International Conference on Cyber-Physical Systems (ICCPS). :298—299.
A simulation-based optimization framework is developed to con-currently design the system and control parameters to meet de-sired performance and operational resiliency objectives. Leveraging system information from both data and models of varying fideli-ties, a rigorous probabilistic approach is employed for co-design experimentation. Significant economic benefits and resilience im-provements are demonstrated using co-design compared to existing sequential designs for cyber-physical systems.
Kumar, Vivek, Hote, Yogesh V..
2022.
Analyzing and Mitigating of Time Delay Attack (TDA) by using Fractional Filter based IMC-PID with Smith Predictor. 2022 IEEE 61st Conference on Decision and Control (CDC). :3194—3199.
In this era, with a great extent of automation and connection, modern production processes are highly prone to cyber-attacks. The sensor-controller chain becomes an obvious target for attacks because sensors are commonly used to regulate production facilities. In this research, we introduce a new control configuration for the system, which is sensitive to time delay attacks (TDA), in which data transfer from the sensor to the controller is intentionally delayed. The attackers want to disrupt and damage the system by forcing controllers to use obsolete data about the system status. In order to improve the accuracy of delay identification and prediction, as well as erroneous limit and estimation for control, a new control structure is developed by an Internal Model Control (IMC) based Proportional-Integral-Derivative (PID) scheme with a fractional filter. An additional concept is included to mitigate the effect of time delay attack, i.e., the smith predictor. Simulation studies of the established control framework have been implemented with two numerical examples. The performance assessment of the proposed method has been done based on integral square error (ISE), integral absolute error (IAE) and total variation (TV).
Carvalho, Gonçalo, Medeiros, Nadia, Madeira, Henrique, Cabral, Bruno.
2022.
A Functional FMECA Approach for the Assessment of Critical Infrastructure Resilience. 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS). :672—681.
The damage or destruction of Critical Infrastructures (CIs) affect societies’ sustainable functioning. Therefore, it is crucial to have effective methods to assess the risk and resilience of CIs. Failure Mode and Effects Analysis (FMEA) and Failure Mode Effects and Criticality Analysis (FMECA) are two approaches to risk assessment and criticality analysis. However, these approaches are complex to apply to intricate CIs and associated Cyber-Physical Systems (CPS). We provide a top-down strategy, starting from a high abstraction level of the system and progressing to cover the functional elements of the infrastructures. This approach develops from FMECA but estimates risks and focuses on assessing resilience. We applied the proposed technique to a real-world CI, predicting how possible improvement scenarios may influence the overall system resilience. The results show the effectiveness of our approach in benchmarking the CI resilience, providing a cost-effective way to evaluate plausible alternatives concerning the improvement of preventive measures.
Keller, Joseph, Paul, Shuva, Grijalva, Santiago, Mooney, Vincent J..
2022.
Experimental Setup for Grid Control Device Software Updates in Supply Chain Cyber-Security. 2022 North American Power Symposium (NAPS). :1—6.
Supply chain cyberattacks that exploit insecure third-party software are a growing concern for the security of the electric power grid. These attacks seek to deploy malicious software in grid control devices during the fabrication, shipment, installation, and maintenance stages, or as part of routine software updates. Malicious software on grid control devices may inject bad data or execute bad commands, which can cause blackouts and damage power equipment. This paper describes an experimental setup to simulate the software update process of a commercial power relay as part of a hardware-in-the-loop simulation for grid supply chain cyber-security assessment. The laboratory setup was successfully utilized to study three supply chain cyber-security use cases.
Wang, Shuangbao Paul, Arafin, Md Tanvir, Osuagwu, Onyema, Wandji, Ketchiozo.
2022.
Cyber Threat Analysis and Trustworthy Artificial Intelligence. 2022 6th International Conference on Cryptography, Security and Privacy (CSP). :86—90.
Cyber threats can cause severe damage to computing infrastructure and systems as well as data breaches that make sensitive data vulnerable to attackers and adversaries. It is therefore imperative to discover those threats and stop them before bad actors penetrating into the information systems.Threats hunting algorithms based on machine learning have shown great advantage over classical methods. Reinforcement learning models are getting more accurate for identifying not only signature-based but also behavior-based threats. Quantum mechanics brings a new dimension in improving classification speed with exponential advantage. The accuracy of the AI/ML algorithms could be affected by many factors, from algorithm, data, to prejudicial, or even intentional. As a result, AI/ML applications need to be non-biased and trustworthy.In this research, we developed a machine learning-based cyber threat detection and assessment tool. It uses two-stage (both unsupervised and supervised learning) analyzing method on 822,226 log data recorded from a web server on AWS cloud. The results show the algorithm has the ability to identify the threats with high confidence.
L, Gururaj H, C, Soundarya B, V, Janhavi, H, Lakshmi, MJ, Prassan Kumar.
2022.
Analysis of Cyber Security Attacks using Kali Linux. 2022 IEEE International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE). :1—6.
In the prevailing situation, the sports like economic, industrial, cultural, social, and governmental activities are carried out in the online world. Today's international is particularly dependent on the wireless era and protective these statistics from cyber-assaults is a hard hassle. The reason for cyber-assaults is to damage thieve the credentials. In a few other cases, cyber-attacks ought to have a navy or political functions. The damages are PC viruses, facts break, DDS, and exceptional attack vectors. To this surrender, various companies use diverse answers to prevent harm because of cyberattacks. Cyber safety follows actual-time data at the modern-day-day IT data. So, far, numerous techniques have proposed with the resource of researchers around the area to prevent cyber-attacks or lessen the harm due to them. The cause of this has a look at is to survey and comprehensively evaluate the usual advances supplied around cyber safety and to analyse the traumatic situations, weaknesses, and strengths of the proposed techniques. Different sorts of attacks are taken into consideration in element. In addition, evaluation of various cyber-attacks had been finished through the platform called Kali Linux. It is predicted that the complete assessment has a have a study furnished for college students, teachers, IT, and cyber safety researchers might be beneficial.
Sundararajan, Vijay, Ghodousi, Arman, Dietz, J. Eric.
2022.
The Most Common Control Deficiencies in CMMC non-compliant DoD contractors. 2022 IEEE International Symposium on Technologies for Homeland Security (HST). :1—7.
As cyber threats become highly damaging and complex, a new cybersecurity compliance certification model has been developed by the Department of Defense (DoD) to secure its Defense Industrial Base (DIB), and communication with its private partners. These partners or contractors are obligated by the Defense Federal Acquisition Regulations (DFARS) to be compliant with the latest standards in computer and data security. The Cybersecurity Maturity Model Certification (CMMC), and it is built upon existing DFARS 252.204-7012 and the NIST SP 800–171 controls. As of 2020, the DoD has incorporated DFARS and the National Institute of Standards and Technology (NIST) recommended security practices into what is now the CMMC. This paper presents the most commonly identified Security-Control-Deficiencies (SCD) faced, the attacks mitigated by addressing these SCD, and remediations applied to 127 DoD contractors in order to bring them into compliance with the CMMC guidelines. An analysis is done on what vulnerabilities are most prominent in the companies, and remediations applied to ensure these vulnerabilities are better avoided and the DoD supply-chain is more secure from attacks.
Kumar, Rajesh.
2022.
Quantitative safety-security risk analysis of interconnected cyber-infrastructures. 2022 IEEE 10th Region 10 Humanitarian Technology Conference (R10-HTC). :100—106.
Modern day cyber-infrastructures are critically dependent on each other to provide essential services. Current frameworks typically focus on the risk analysis of an isolated infrastructure. Evaluation of potential disruptions taking the heterogeneous cyber-infrastructures is vital to note the cascading disruption vectors and determine the appropriate interventions to limit the damaging impact. This paper presents a cyber-security risk assessment framework for the interconnected cyber-infrastructures. Our methodology is designed to be comprehensive in terms of accommodating accidental incidents and malicious cyber threats. Technically, we model the functional dependencies between the different architectures using reliability block diagrams (RBDs). RBDs are convenient, yet powerful graphical diagrams, which succinctly describe the functional dependence between the system components. The analysis begins by selecting a service from the many services that are outputted by the synchronized operation of the architectures whose disruption is deemed critical. For this service, we design an attack fault tree (AFT). AFT is a recent graphical formalism that combines the two popular formalisms of attack trees and fault trees. We quantify the attack-fault tree and compute the risk metrics - the probability of a disruption and the damaging impact. For this purpose, we utilize the open source ADTool. We show the efficacy of our framework with an example outage incident.
Wintenberg, Andrew, Lafortune, Stéphane, Ozay, Necmiye.
2022.
Communication Obfuscation for Privacy and Utility against Obfuscation-Aware Eavesdroppers. 2022 American Control Conference (ACC). :3363—3363.
Networked cyber-physical systems must balance the utility of communication for monitoring and control with the risks of revealing private information. Many of these networks, such as wireless communication, are vulnerable to eavesdrop-ping by illegitimate recipients. Obfuscation can hide information from eaves-droppers by ensuring their observations are ambiguous or misleading. At the same time, coordination with recipients can enable them to interpret obfuscated data. In this way, we propose an obfuscation framework for dynamic systems that ensures privacy against eavesdroppers while maintaining utility for legitimate recipients. We consider eavesdroppers unaware of obfuscation by requiring that their observations are consistent with the original system, as well as eaves-droppers aware of the goals of obfuscation by assuming they learn of the specific obfuscation implementation used. We present a method for bounded synthesis of solutions based upon distributed reactive synthesis and the synthesis of publicly-known obfuscators.
ISSN: 2378-5861
Wang, Jinwen, Li, Ao, Li, Haoran, Lu, Chenyang, Zhang, Ning.
2022.
RT-TEE: Real-time System Availability for Cyber-physical Systems using ARM TrustZone. 2022 IEEE Symposium on Security and Privacy (SP). :352—369.
Embedded devices are becoming increasingly pervasive in safety-critical systems of the emerging cyber-physical world. While trusted execution environments (TEEs), such as ARM TrustZone, have been widely deployed in mobile platforms, little attention has been given to deployment on real-time cyber-physical systems, which present a different set of challenges compared to mobile applications. For safety-critical cyber-physical systems, such as autonomous drones or automobiles, the current TEE deployment paradigm, which focuses only on confidentiality and integrity, is insufficient. Computation in these systems also needs to be completed in a timely manner (e.g., before the car hits a pedestrian), putting a much stronger emphasis on availability.To bridge this gap, we present RT-TEE, a real-time trusted execution environment. There are three key research challenges. First, RT-TEE bootstraps the ability to ensure availability using a minimal set of hardware primitives on commodity embedded platforms. Second, to balance real-time performance and scheduler complexity, we designed a policy-based event-driven hierarchical scheduler. Third, to mitigate the risks of having device drivers in the secure environment, we designed an I/O reference monitor that leverages software sandboxing and driver debloating to provide fine-grained access control on peripherals while minimizing the trusted computing base (TCB).We implemented prototypes on both ARMv8-A and ARMv8-M platforms. The system is tested on both synthetic tasks and real-life CPS applications. We evaluated rover and plane in simulation and quadcopter both in simulation and with a real drone.
Lois, Robert S., Cole, Daniel G..
2022.
Designing Secure and Resilient Cyber-Physical Systems Using Formal Models. 2022 Resilience Week (RWS). :1—6.
This work-in-progress paper proposes a design methodology that addresses the complexity and heterogeneity of cyber-physical systems (CPS) while simultaneously proving resilient control logic and security properties. The design methodology involves a formal methods-based approach by translating the complex control logic and security properties of a water flow CPS into timed automata. Timed automata are a formal model that describes system behaviors and properties using mathematics-based logic languages with precision. Due to the semantics that are used in developing the formal models, verification techniques, such as theorem proving and model checking, are used to mathematically prove the specifications and security properties of the CPS. This work-in-progress paper aims to highlight the need for formalizing plant models by creating a timed automata of the physical portions of the water flow CPS. Extending the time automata with control logic, network security, and privacy control processes is investigated. The final model will be formally verified to prove the design specifications of the water flow CPS to ensure efficacy and security.
Sain, Mangal, Normurodov, Oloviddin, Hong, Chen, Hui, Kueh Lee.
2022.
A Survey on the Security in Cyber Physical System with Multi-Factor Authentication. 2022 24th International Conference on Advanced Communication Technology (ICACT). :1—8.
Cyber-physical Systems can be defined as a complex networked control system, which normally develop by combining several physical components with the cyber space. Cyber Physical System are already a part of our daily life. As its already being a part of everyone life, CPS also have great potential security threats and can be vulnerable to various cyber-attacks without showing any sign directly to component failure. To protect user security and privacy is a fundamental concern of any kind of system; either it’s a simple web application or supplicated professional system. Digital Multifactor authentication is one of the best ways to make secure authentication. It covers many different areas of a Cyber-connected world, including online payments, communications, access right management, etc. Most of the time, Multifactor authentication is little complex as it requires extra step from users. This paper will discuss the evolution from single authentication to Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). This paper seeks to analyze and evaluate the most prominent authentication techniques based on accuracy, cost, and feasibility of implementation. We also suggest several authentication schemes which incorporate with Multifactor authentication for CPS.