Biblio

The globalized supply chain in the semiconductor industry raises several security concerns such as IC overproduction, intellectual property piracy and design tampering. Logic locking has emerged as a Design-for-Trust countermeasure to address these issues. Original logic locking proposals provide a high degree of output corruption – i.e., errors on circuit outputs – unless it is unlocked with the correct key. This is a prerequisite for making a manufactured circuit unusable without the designer’s intervention. Since the introduction of SAT-based attacks – highly efficient attacks for retrieving the correct key from an oracle and the corresponding locked design – resulting design-based countermeasures have compromised output corruption for the benefit of better resilience against such attacks. Our proposed logic locking scheme, referred to as SKG-Lock, aims to thwart SAT-based attacks while maintaining significant output corruption. The proposed provable SAT-resilience scheme is based on the novel concept of decoy key-inputs. Compared with recent related works, SKG-Lock provides higher output corruption, while having high resistance to evaluated attacks.

Controller area network is the serial communication protocol, which broadcasts the message on the CAN bus. The transmitted message is read by all the nodes which shares the CAN bus. The message can be eavesdropped and can be re-used by some other node by changing the information or send it by duplicate times. The message reused after some delay is replay attack. In this paper, the CAN network with three CAN nodes is implemented using the universal verification components and the replay attack is demonstrated by creating the faulty node. Two types of replay attack are implemented in this paper, one is to replay the entire message and the other one is to replay only the part of the frame. The faulty node uses the first replay attack method where it behaves like the other node in the network by duplicating the identifier. CAN frame except the identifier is reused in the second method which is hard to detect the attack as the faulty node uses its own identifier and duplicates only the data in the CAN frame.

Advanced persistent threat (APT) attackers usually conduct a large number of network reconnaissance before a formal attack to discover exploitable vulnerabilities in the target network and system. The static configuration in traditional network systems provides a great advantage for adversaries to find network targets and launch attacks. To reduce the effectiveness of adversaries' continuous reconnaissance attacks, this paper develops a moving target defense (MTD) enhanced cyber deception defense system based on software-defined networks (SDN). The system uses virtual network topology to confuse the target network and system information collected by adversaries. Also Besides, it uses IP address randomization to increase the dynamics of network deception to enhance its defense effectiveness. Finally, we implemented the system prototype and evaluated it. In a configuration where the virtual network topology scale is three network segments, and the address conversion cycle is 30 seconds, this system delayed the adversaries' discovery of vulnerable hosts by an average of seven times, reducing the probability of adversaries successfully attacking vulnerable hosts by 83%. At the same time, the increased system overhead is basically within 10%.

Many industrial control systems (ICS) are reliant upon programmable logic controllers (PLCs) for their operations. As ICS and PLCs are increasingly targeted by cyber-attacks, research facilitating the resiliency of their physical processes is imperative. This paper proposes an approach which leverages PLC containerization, input/output (I/O) multiplexing, and orchestration to respond to cyber incidents and ensure continuity of critical processes. A proofof-concept capability was developed and evaluated on live ICS testbed environments. The experimental results indicate the approach is viable for control applications with soft real-time requirements.

A good website quality is needed to meet user satisfaction. The value of the benefits of the web will be felt by many users if the web has very good quality. The ease of accessing the website is a reflection of the good quality of the website. The positive image of the web owner can be seen from the quality of the website. When doing research on the website of the Ministry of Agriculture, Directorate General of Food Crops, the researcher found several pages that did not meet the website category which were said to be of good quality. Based on these findings, the authors are interested in analyzing user satisfaction with the website to measure the quality of the website of the Ministry of Agriculture, Directorate General of Food Crops using the PIECES method (Performance, Information, Economy, Control/Security, Efficiency, Service). The results of the study indicate that the level of user satisfaction with the website has been indicated as SATISFIED on each indicator, however, in measuring the quality of the website using YSlow (the GTMetrix tools, Pingdom Website Speed Tools), and (Web of Trust) WOT found many deficiencies such as loading the website takes a long time, there are some pages that cannot be found (page not found) and so on. Therefore, the authors provide several recommendations for better website development.

Software Defined Networking (SDN) is an innovative technology, which can be applied in a plethora of applications and areas. Recently, SDN has been identified as one of the most promising solutions for industrial applications as well. The key features of SDN include the decoupling of the control plane from the data plane and the programmability of the network through application development. Researchers are looking at these features in order to enhance the Quality of Service (QoS) provisioning of modern network applications. To this end, the following work presents the development of an SDN application, capable of mitigating attacks and maximizing the network’s QoS, by implementing mixed integer linear programming but also using genetic algorithms. Furthermore, a low-cost, physical SDN testbed was developed in order to evaluate the aforementioned application in a more realistic environment other than only using simulation tools.

We propose an information-theoretical method of attribution of literary texts, developed within the framework of information theory and mathematical statistics. Using the proposed method, the following two problems of disputed authorship in Russian and Soviet literature were investigated: i) the problem of false attribution of some novels to Nekrasov and ii) the problem of dubious attribution of two novels to Bulgakov. The research has shown the high efficiency of the data-compression method for attribution of literary texts.

Modern Industrial Automation & Control Systems (IACS) are essential part of the critical infrastructures and services. They are used in health, power, water, and transportation systems, and the impact of cyberattacks on IACS could be severe, resulting, for example, in damage to the environment, public or employee safety or health. Thus, building IACS safe and secure against cyberattacks is extremely important. The attacker model is one of the key elements in risk assessment and other security related information system management tasks. The aim of the study is to specify the attacker's profile based on the analysis of network and system events. The paper presents an approach to the selection of attacker's profile attributes from raw network and system events of the Linux OS. To evaluate the approach the experiments were performed on data collected within the Global CPTC 2019 competition.

The traditional data storage method often adopts centralized architecture, which is prone to trust and security problems. This paper proposes a trusted data storage and access control scheme combining blockchain and attribute-based encryption, which allow cyber-physical system (CPS) nodes to realize the fine-grained access control strategy. At the same time, this paper combines the blockchain technology with distributed storage, and only store the access control policy and the data access address on the blockchain, which solves the storage bottleneck of blockchain system. Furthermore, this paper proposes a novel multi-authority attributed-based identification method, which realizes distributed attribute key generation and simplifies the pairwise authentication process of multi-authority. It can not only address the key escrow problem of one single authority, but also reduce the problem of high communication overhead and heavy burden of multi-authority. The analyzed results show that the proposed scheme has better comprehensive performance in trusted data storage and access control for power cyber-physical system.

The internal laboratory directed research and development (LDRD) project Infrastructure eXpression (IX) at the Idaho National Laboratory (INL), is based on codifying infrastructure to support automatic applicability to emerging cyber issues, enabling automated cyber responses, codifying attack surfaces, and analysis of cyber impacts to our nation's most critical infrastructure. IX uses the Structured Threat Information eXpression (STIX) open international standard version 2.1 which supports STIX Cyber Observable (SCO) to codify infrastructure characteristics and exposures. Using these codified infrastructures, STIX Relationship Objects (SRO) connect to STIX Domain Objects (SDO) used for modeling cyber threat used to create attack surfaces integrated with specific infrastructure. This IX model creates a shareable, actionable and implementable attack surface that is updateable with emerging threat or infrastructure modifications. Enrichment of cyber threat information includes attack patterns, indicators, courses of action, malware and threat actors. Codifying infrastructure in IX enables creation of software and hardware bill of materials (SBoM/HBoM) information, analysis of emerging cyber vulnerabilities including supply chain threat to infrastructure.

This paper analyzes the necessity of artificial intelligence and big data in the security application of regulatory places. The author studies the specific application of artificial intelligence and big data in ideological dynamics management, access control system, video surveillance system, emergency alarm system, perimeter control system, police inspection system, daily behavior management, and system implementation management. The author puts forward how to do technical integration, improve information sharing, strengthen the construction of talents, and increase management fund expenditure. The purpose of this paper is to enhance the security management level of regulatory places and optimize the management environment of regulatory places.

The data transmitted via the network may be vulnerable to cyber attacks in networked inverted pendulum system (NIPS), how to detect cyber attacks is a challenging issue. To solve this problem, this paper investigates a honeypot-based attack detection method for NIPS. Firstly, honeypot for NIPS attack detection (namely NipsPot) is constructed by deceptive environment module of a virtual closed-loop control system, and the stealthiness of typical covert attacks is analysed. Secondly, attack data is collected by NipsPot, which is used to train supported vector machine (SVM) model for attack detection. Finally, simulation results demonstrate that NipsPot-based attack detector can achieve the accuracy rate of 99.78%, the precision rate of 98.75%, and the recall rate of 100%.

Adhoc On-demand Distance Vector (AODV) is the well-known reactive routing protocol of Mobile Adhoc Network (MANET). Absence of security mechanism in AODV disturbs the routing because of misbehavior of attack and hence, degrades MANET's performance. Secure and efficient routing is a need of various commercial and non-commercial applications of MANET including military and war, disaster and earthquake, and riot control. This paper presents a design of important network layer attacks include black-hole (BH), gray-hole (GH) and worm-hole (WH) attacks. The performance analysis of AODV protocol is carried out under the influence of each designed attack by using the network simulator, NetSim. Simulation results show that, the network layer attacks affect packet delivery ability of AODV protocol with low energy consumption and in short time. Design of attacks helps to understand attack's behavior and hence, to develop security mechanism in AODV.

To deal with the increasingly serious threat of industrial information malicious code, the simulations and characteristics of the domestic security and controllable operating system and office software were implemented in the virtual sandbox environment based on virtualization technology in this study. Firstly, the serialization detection scheme based on the convolution neural network algorithm was improved. Then, the API sequence was modeled and analyzed by the improved convolution neural network algorithm to excavate more local related information of variant sequences. Finally the variant detection of malicious code was realized. Results showed that this improved method had higher efficiency and accuracy for a large number of malicious code detection, and could be applied to the malicious code detection in security and controllable operating system.

Cyber-physical systems, which are ubiquitous in modern critical infrastructure, oftentimes rely on sending actuation commands and sensor measurements over a network, subjecting this information to potential man-in-the-middle attacks. These attacks can take the form of denial of service attacks or integrity attacks. Previous approaches at ensuring the resiliency of the overall control system against these types of attacks have leveraged functional redundancy in the system, including resilient estimation and reconfigurable control. However, these approaches are only able to ensure resiliency up to a particular subset of the actuator commands and sensor measurements being compromised. In contrast, we introduce a resiliency mechanism in this paper that can ensure safety for the overall system when all the actuator commands and sensor measurements are compromised. In addition, this approach does not require the implementation of any detection algorithm. We leverage communication redundancy in the number of pathways across the network to guarantee safety when up to a certain percentage of those pathways are compromised. The conditions under which safety is guaranteed are presented along with the resiliency mechanism itself, and our results are illustrated via simulation.

We consider the problem of security for unmanned aerial vehicle flight control systems. To provide a concrete setting, we consider the security problem in the context of a helicopter which is compromised by a malicious agent that distorts elevation measurements to the control loop. This is a particular example of the problem of the security of stochastic control systems under erroneous observation measurements caused by malicious sensors within the system. In order to secure the control system, we consider dynamic watermarking, where a private random excitation signal is superimposed onto the control input of the flight control system. An attack detector at the actuator can then check if the reported sensor measurements are appropriately correlated with the private random excitation signal. This is done via two specific statistical tests whose violation signifies an attack. We apply dynamic watermarking technique to a 2-rotor-based 3-DOF helicopter control system test-bed. We demonstrate through both simulation and experimental results the performance of the attack detector on two attack models: a stealth attack, and a random bias injection attack.

Cyber-physical systems are vulnerable to attacks that can cause them to reach undesirable states. This paper provides a theoretical solution for increasing the resiliency of control systems through the use of a high-authority supervisor that monitors and regulates control signals sent to the actuator. The supervisor aims to determine the control signal limits that provide maximum freedom of operation while protecting the system. For this work, a cyber attack is assumed to overwrite the signal to the actuator with Gaussian noise. This assumption permits the propagation of a state covariance matrix through time. Projecting the state covariance matrix on the state space reveals a confidence ellipse that approximates the reachable set. The standard deviation is found so that the confidence ellipse is tangential to the danger area in the state space. The process is applied to ship dynamics where an ellipse in the state space is transformed to an arc in the plane of motion. The technique is validated through the simulation of a ship traveling through a narrow channel while under the influence of a cyber attack.

Looking at the Smart Grid as a Cyber - Physical system of great complexity, the paper synthesizes the main IT security issues that may arise. Security issues are seen from a hybrid point of view, combining theory of information with system theory. Smart Grid has changed dramatically over the past years. With modern technologies, such as Big Data or Internet of Things (IoT), the Smart Grid is evolving into a more interconnected and dynamic power network model.

In this century, the demand for energy is increasing daily, and the need for energy resources has become urgent and inevitable. New ways of generating energy, such as renewable resources that depend on many sources, including the sun and wind energy will contribute to the future of humankind largely and effectively. These renewable sources are facing major challenges that cannot be ignored which also require more researches on appropriate solutions . This has led to the emergence of a new type of network user called prosumer, which causes new challenges such as the intermittent nature of renewable. Smart grids have emerged as a solution to integrate these distributed energy sources. It also provides a mechanism to maintain safety and security for power supply networks. The main idea of smart grids is to facilitate local production and consumption By customers and consumers.Distributed ledger technology (DLT) or Block-chain technology has evolved dramatically since 2008 that coincided with the birth of its first application Bitcoin, which is the first cryptocurrency. This innovation led to sparked in the digital revolution, which provides decentralization, security, and democratization of information storage and transfer systems across numerous sectors/industries. Block-chain can be applied for the sake of the durability and safety of energy systems. In this paper, we will propose a new distributed framework that provides protection based on block-chain technology for energy systems to enhance self-defense capability against those cyber-attacks.

The whole Software-Defined Networking (SDN) system might be out of service when the control plane is overloaded by control plane saturation attacks. In this attack, a malicious host can manipulate massive table-miss packets to exhaust the control plane resources. Even though many studies have focused on this problem, systems still suffer from more influenced switches because of centralized mitigation policies, and long recovery delay because of the remaining attack flows. To solve these problems, we propose FSDM, a Fast recovery Saturation attack Detection and Mitigation framework. For detection, FSDM extracts the distribution of Control Channel Occupation Rate (CCOR) to detect the attack and locates the port that attackers come from. For mitigation, with the attacker's location and distributed Mitigation Agents, FSDM adopts different policies to migrate or block attack flows, which influences fewer switches and protects the control plane from resource exhaustion. Besides, to reduce the system recovery delay, FSDM equips a novel functional module called Force\_Checking, which enables the whole system to quickly clean up the remaining attack flows and recovery faster. Finally, we conducted extensive experiments, which show that, with the increasing of attack PPS (Packets Per Second), FSDM only suffers a minor recovery delay increase. Compared with traditional methods without cleaning up remaining flows, FSDM saves more than 81% of ping RTT under attack rate ranged from 1000 to 4000 PPS, and successfully reduced the delay of 87% of HTTP requests time under large attack rate ranged from 5000 to 30000 PPS.

The current network security situation of the electric power dispatching and control system is becoming more and more severe. On the basis of the original network security management platform, to increase the collection of network security data information and improve the network security analysis ability, this article proposes the electric power dispatching and control system network security situation awareness analysis module. The perception layer accesses multi-source heterogeneous data sources. Upwards through the top layer, data standardization will be introduced, who realizes data support for security situation analysis, and forms an association mapping with situation awareness elements such as health situation, attack situation, behavior situation, and operation situation. The overall effect is achieving the construction goals of "full control of equipment status, source of security attacks can be traced, operational risks are identifiable, and abnormal behaviors can be found.".

Wide-area protection and control (WAPAC) systems are widely applied in the energy management system (EMS) that rely on a wide-area communication network to maintain system stability, security, and reliability. As technology and grid infrastructure evolve to develop more advanced WAPAC applications, however, so do the attack surfaces in the grid infrastructure. This paper presents an attack-resilient system (ARS) for the WAPAC cybersecurity by seamlessly integrating the network intrusion detection system (NIDS) with intrusion mitigation and prevention system (IMPS). In particular, the proposed NIDS utilizes signature and behavior-based rules to detect attack reconnaissance, communication failure, and data integrity attacks. Further, the proposed IMPS applies state transition-based mitigation and prevention strategies to quickly restore the normal grid operation after cyberattacks. As a proof of concept, we validate the proposed generic architecture of ARS by performing experimental case study for wide-area protection scheme (WAPS), one of the critical WAPAC applications, and evaluate the proposed NIDS and IMPS components of ARS in a cyber-physical testbed environment. Our experimental results reveal a promising performance in detecting and mitigating different classes of cyberattacks while supporting an alert visualization dashboard to provide an accurate situational awareness in real-time.

The following topics are dealt with: security of data; distributed power generation; power engineering computing; power grids; power system security; computer network security; voltage control; risk management; power system measurement; critical infrastructures.

The development of control systems of increased reliability is highly relevant due to their widespread introduction in various sectors of human activity, including those where failure of the control system can lead to serious or catastrophic consequences. The increase of the reliability of control systems is directly related with the reliability of control computers (so called intellectual centers) since the computer technology is the basis of modern control systems. One of the possible solutions to the development of highly reliable control computers is the practical implementation of the provisions of the theory of structural stability, which involves the practical solution of two main tasks - this is the task of functional adaptation and the preceding task of functional diagnostics. This article deals with the issues on the assessment of computational complexity of the implementation of the adaptation process of structural and sustainable control computer. The criteria of computational complexity are the characteristics of additionally attracted resources, such as the temporal characteristics of the adaptation process and the characteristics of the involved amount of memory resources of the control computer involved in the implementation of the adaptation process algorithms.

A Distributed Denial of Service ( DDoS ) attack is usually instigated on a primary server that provides important services in a network. However such DDoS attacks can be identified and mitigated by the controller in a Software Defined Network (SDN). If the intruder further performs an attack on the controller along with the server, the attack becomes successful.In this paper, we show how such a combined DDoS attack can be instigated on a controller as well as a primary server. The DDoS attack on the primary server is instigated by compromising few hosts to send packets with spoofed IP addresses and the attack on the controller is instigated by compromising few switches to send flow table requests repeatedly to the controller. With the help of an emulator called mininet, we show the severity of this attack on the performance of the network. We further propose a common technique that can be used to mitigate this kind of attack by observing the variation of destination IP addresses and setting different priorities to switches and handling the flow table requests accordingly by the controller.