Biblio

Cyber-Physical Systems (CPS) are playing important roles in the critical infrastructure now. A prominent family of CPSs are networked control systems in which the control and feedback signals are carried over computer networks like the Internet. Communication over insecure networks make system vulnerable to cyber attacks. In this article, we design an intrusion detection and compensation framework based on system/plant identification to fight covert attacks. We collect error statistics of the output estimation during the learning phase of system operation and after that, monitor the system behavior to see if it significantly deviates from the expected outputs. A compensating controller is further designed to intervene and replace the classic controller once the attack is detected. The proposed model is tested on a DC motor as the plant and is put against a deception signal amplification attack over the forward link. Simulation results show that the detection algorithm well detects the intrusion and the compensator is also successful in alleviating the attack effects.

Secure naming systems, or more narrowly public key infrastructures (PKIs), form the basis of secure communications over insecure networks. All security guarantees against active attackers come from a trustworthy binding between user-facing names, such as domain names, to cryptographic identities, such as public keys. By offering a secure, distributed ledger with highly decentralized trust, blockchains such as Bitcoin show promise as the root of trust for naming systems with no central trusted parties. PKIs based upon blockchains, such as Namecoin and Blockstack, have greatly improved security and resilience compared to traditional centralized PKIs. Yet blockchain PKIs tend to significantly sacrifice scalability and flexibility in pursuit of decentralization, hindering large-scale deployability on the Internet. We propose Conifer, a novel PKI with an architecture based upon CONIKS, a centralized transparency-based PKI, and Catena, a blockchain-agnostic way of embedding a permissioned log, but with a different lookup strategy. In doing so, Conifer achieves decentralized trust with security at least as strong as existing blockchain-based naming systems, yet without sacrificing the flexibility and performance typically found in centralized PKIs. We also present our reference implementation of Conifer, demonstrating how it can easily be integrated into applications. Finally, we use experiments to evaluate the performance of Conifer compared with other naming systems, both centralized and blockchain-based, demonstrating that it incurs only a modest overhead compared to traditional centralized-trust systems while being far more scalable and performant than purely blockchain-based solutions.

Cryptography is a widespread technique that maintains information security over insecure networks. The symmetric encryption scheme provides a good security, but the key exchange is difficult on the other hand, in the asymmetric encryption scheme, key management is easier, but it does not offer the same degree of security compared to symmetric scheme. A hybrid cryptosystem merges the easiness of the asymmetric schemes key distribution and the high security of symmetric schemes. In the proposed hybrid cryptosystem, Serpent algorithm is used as a data encapsulation scheme and Elliptic Curve Cryptography (ECC) is used as a key encapsulation scheme to achieve key generation and distribution within an insecure channel. This modification is done to tackle the issue of key management for Serpent algorithm, so it can be securely used in multimedia protection.

To establish a secure connection between a mobile user and a remote server, this paper presents a session key agreement scheme through remote mutual authentication protocol by using mobile application software(MAS). We analyzed the security of our protocol informally, which confirms that the protocol is secure against all the relevant security attacks including off-line identity-password guessing attacks, user-server impersonation attacks, and insider attack. In addition, the widely accepted simulator tool AVISPA simulates the proposed protocol and confirms that the protocol is SAFE under the OFMC and CL-AtSe back-ends. Our protocol not only provide strong security against the relevant attacks, but it also achieves proper mutual authentication, user anonymity, known key secrecy and efficient password change operation. The performance comparison is also performed, which ensures that the protocol is efficient in terms of computation and communication costs.