Biblio

The manufacturing process of electrical machines influences the geometric dimensions and material properties, e.g. the yoke thickness. These influences occur by statistical variation as manufacturing tolerances. The effect of these tolerances and their potential impact on the mechanical torque output is not fully studied up to now. This paper conducts a sensitivity analysis for geometric and material parameters. For the general approach these parameters are varied uniformly in a range of 10 %. Two dimensional finite element analysis is used to simulate the influences at three characteristic operating points. The studied object is an internal permanent magnet machine in the 100 kW range used for hybrid drive applications. The results show a significant dependency on the rotational speed. The general validity is studied by using boundary condition variations and two further machine designs. This procedure offers the comparison of matching qualitative results for small quantitative deviations. For detecting the impact of the manufacturing process realistic tolerance ranges are used. This investigation identifies the airgap and magnet remanence induction as the main parameters for potential torque fluctuation.

The inevitable temperature raise leads to the demagnetization of permanent magnet synchronous motor (PMSM), that is undesirable in the application of electrical vehicle. This paper presents a nonlinear demagnetization model taking into account temperature with the Wiener structure and neural network characteristics. The remanence and intrinsic coercivity are chosen as intermediate variables, thus the relationship between motor temperature and maximal permanent magnet flux is described by the proposed neural Wiener model. Simulation and experimental results demonstrate the precision of temperature dependent demagnetization model. This work makes the basis of temperature compensation for the output torque from PMSM.

Substituting neodymium with ferrite based magnets comes with the penalty of significant reduced magnetic field energy. Several possibilities to compensate for the negative effects of a lower remanence and coercivity provided by ferrite magnets are presented and finally combined into the development of a new kind of BLDC-machine design. The new design is compared to a conventional machine on the application example of an electric 800 W/48 V automotive coolant pump.

This paper presents the analysis and the design of a ferrite permanent magnet synchronous generator (FePMSG) with flux concentration. Despite the well-known advantages of rare earth permanent magnet synchronous generators (REPMSG), the high cost of the rare earth permanent magnets represents an important drawback, particularly in competitive markets like the wind power. To reduce the cost of permanent magnet machines it is possible to replace the expensive rare earth materials by ferrite. Once ferrite has low remanent magnetization, flux concentration techniques are used to design a cheaper generator. The designed FePMSG is compared with a reference rare earth (NdFeB) permanent magnet synchronous generator (REPMSG), both with 3 kW, 220 V and 350 rpm. The results, validated with finite element analysis, show that the FePMSG can replace the REPMSG reducing significantly the active material cost.

Many aspects of our daily lives now rely on computers, including communications, transportation, government, finance, medicine, and education. However, with increased dependence comes increased vulnerability. Therefore recognizing attacks quickly is critical. In this paper, we introduce a new anomaly detection algorithm based on persistent homology, a tool which computes summary statistics of a manifold. The idea is to represent a cyber network with a dynamic point cloud and compare the statistics over time. The robustness of persistent homology makes for a very strong comparison invariant.

Protecting Critical Infrastructures (CIs) against contemporary cyber attacks has become a crucial as well as complex task. Modern attack campaigns, such as Advanced Persistent Threats (APTs), leverage weaknesses in the organization's business processes and exploit vulnerabilities of several systems to hit their target. Although their life-cycle can last for months, these campaigns typically go undetected until they achieve their goal. They usually aim at performing data exfiltration, cause service disruptions and can also undermine the safety of humans. Novel detection techniques and incident handling approaches are therefore required, to effectively protect CI's networks and timely react to this type of threats. Correlating large amounts of data, collected from a multitude of relevant sources, is necessary and sometimes required by national authorities to establish cyber situational awareness, and allow to promptly adopt suitable countermeasures in case of an attack. In this paper we propose three novel methods for security information correlation designed to discover relevant insights and support the establishment of cyber situational awareness.

Software components, which are vulnerable to being exploited, need to be identified and patched. Employing any prevention techniques designed for the purpose of detecting vulnerable software components in early stages can reduce the expenses associated with the software testing process significantly and thus help building a more reliable and robust software system. Although previous studies have demonstrated the effectiveness of adapting prediction techniques in vulnerability detection, the feasibility of those techniques is limited mainly because of insufficient training data sets. This paper proposes a prediction technique targeting at early identification of potentially vulnerable software components. In the proposed scheme, the potentially vulnerable components are viewed as mislabeled data that may contain true but not yet observed vulnerabilities. The proposed hybrid technique combines the supports vector machine algorithm and ensemble learning strategy to better identify potential vulnerable components. The proposed vulnerability detection scheme is evaluated using some Java Android applications. The results demonstrated that the proposed hybrid technique could identify potentially vulnerable classes with high precision and relatively acceptable accuracy and recall.

As everyone knows vulnerability detection is a very difficult and time consuming work, so taking advantage of the unlabeled data sufficiently is needed and helpful. According the above reality, in this paper a method is proposed to predict buffer overflow based on semi-supervised learning. We first employ Antlr to extract AST from C/C++ source files, then according to the 22 buffer overflow attributes taxonomies, a 22-dimension vector is extracted from every function in AST, at last, the vector is leveraged to train a classifier to predict buffer overflow vulnerabilities. The experiment and evaluation indicate our method is correct and efficient.

Attacks against websites are increasing rapidly with the expansion of web services. An increasing number of diversified web services make it difficult to prevent such attacks due to many known vulnerabilities in websites. To overcome this problem, it is necessary to collect the most recent attacks using decoy web honeypots and to implement countermeasures against malicious threats. Web honeypots collect not only malicious accesses by attackers but also benign accesses such as those by web search crawlers. Thus, it is essential to develop a means of automatically identifying malicious accesses from mixed collected data including both malicious and benign accesses. Specifically, detecting vulnerability scanning, which is a preliminary process, is important for preventing attacks. In this study, we focused on classification of accesses for web crawling and vulnerability scanning since these accesses are too similar to be identified. We propose a feature vector including features of collective accesses, e.g., intervals of request arrivals and the dispersion of source port numbers, obtained with multiple honeypots deployed in different networks for classification. Through evaluation using data collected from 37 honeypots in a real network, we show that features of collective accesses are advantageous for vulnerability scanning and crawler classification.

In this work we put forward our novel approach using graph partitioning and Micro-Community detection techniques. We firstly use algebraic connectivity or Fiedler Eigenvector and spectral partitioning for community detection. We then used modularity maximization and micro level clustering for detecting micro-communities with concept of community energy. We run micro-community clustering algorithm recursively with modularity maximization which helps us identify dense, deeper and hidden community structures. We experimented our MicroCommunity Clustering (MCC) algorithm for various types of complex technological and social community networks such as directed weighted, directed unweighted, undirected weighted, undirected unweighted. A novel fact about this algorithm is that it is scalable in nature.

This paper presents the Scanning, Vulnerabilities, Exploits and Detection tool (SVED). SVED facilitates reliable and repeatable cyber security experiments by providing a means to design, execute and log malicious actions, such as software exploits, as well the alerts provided by intrusion detection systems. Due to its distributed architecture, it is able to support large experiments with thousands of attackers, sensors and targets. SVED is automatically updated with threat intelligence information from various services.

Vulnerability Detection Tools (VDTs) have been researched and developed to prevent problems with respect to security. Such tools identify vulnerabilities that exist on the server in advance. By using these tools, administrators must protect their servers from attacks. They have, however, different results since methods for detection of different tools are not the same. For this reason, it is recommended that results are gathered from many tools rather than from a single tool but the installation which all of the tools have requires a great overhead. In this paper, we propose a novel vulnerability detection mechanism using Open API and use OpenVAS for actual testing.

Integrating security testing into the workflow of software developers not only can save resources for separate security testing but also reduce the cost of fixing security vulnerabilities by detecting them early in the development cycle. We present an automatic testing approach to detect a common type of Cross Site Scripting (XSS) vulnerability caused by improper encoding of untrusted data. We automatically extract encoding functions used in a web application to sanitize untrusted inputs and then evaluate their effectiveness by automatically generating XSS attack strings. Our evaluations show that this technique can detect 0-day XSS vulnerabilities that cannot be found by static analysis tools. We will also show that our approach can efficiently cover a common type of XSS vulnerability. This approach can be generalized to test for input validation against other types injections such as command line injection.

We show how to securely obfuscate conjunctions, which are functions f(x1,...,xn) = ∧i∈I yi where I ⊆ [n] and each literal yi is either just xi or ¬ xi e.g., f(xi,...,x\_n) = xi ⊆ ¬ x3 ⊆ ¬ x7 ... ⊆ x\\textbackslashvphantom\n-1. Whereas prior work of Brakerski and Rothblum (CRYPTO 2013) showed how to achieve this using a non-standard object called cryptographic multilinear maps, our scheme is based on an "entropic" variant of the Ring Learning with Errors (Ring LWE) assumption. As our core tool, we prove that hardness assumptions on the recent multilinear map construction of Gentry, Gorbunov and Halevi (TCC 2015) can be established based on entropic Ring LWE. We view this as a first step towards proving the security of additional mutlilinear map based constructions, and in particular program obfuscators, under standard assumptions. Our scheme satisfies virtual black box (VBB) security, meaning that the obfuscated program reveals nothing more than black-box access to f as an oracle, at least as long as (essentially) the conjunction is chosen from a distribution having sufficient entropy.

Anonymous Identity-Based Broadcast Encryption (AIBBE) allows a sender to broadcast a ciphertext to multi-receivers, and keeps receivers' anonymity. The existing AIBBE schemes fail to achieve efficient decryption or strong security, like the constant decryption complexity, the security under the adaptive attack, or the security in the standard model. Hence, we propose two new AIBBE schemes to overcome the drawbacks of previous schemes in the state-of-art. The biggest contribution in our work is the proposed AIBBE scheme with constant decryption complexity and the provable security under the adaptive attack in the standard model. This scheme should be the first one to obtain advantages in all above mentioned aspects, and has sufficient contribution in theory due to its strong security. We also propose another AIBBE scheme in the Random Oracle (RO) model, which is of sufficient interest in practice due to our experiment.

In the emerging Internet of Things, lightweight public-key cryptography is an essential component for many cost-efficient security solutions. Since conventional public-key schemes, such as ECC and RSA, remain expensive and energy hungry even after aggressive optimization, this work investigates a possible alternative. In particular, we show the practical potential of replacing the Gaussian noise distribution in the Ring-LWE based encryption scheme by Lindner and Peikert/Lyubashevsky et al. with a binary distribution. When parameters are carefully chosen, our construction is resistant against any state-of-the-art cryptanalytic techniques (e.g., attacks on original Ring-LWE or NTRU) and suitable for low-cost scenarios. In the end, our scheme can enable public-key encryption even on very small and low-cost 8-bit (ATXmega128) and 32-bit (Cortex-M0) microcontrollers.

In this paper, we present the notion of recipient-revocable identity-based broadcast encryption scheme. In this notion, a content provider will produce encrypted content and send them to a third party (which is a broadcaster). This third party will be able to revoke some identities from the ciphertext. We present a security model to capture these requirements, as well as a concrete construction. The ciphertext consists of k+3 group elements, assuming that the maximum number of revocation identities is k. That is, the ciphertext size is linear in the maximal size of R, where R is the revocation identity set. However, we say that the additional elements compared to that from an IBBE scheme are only for the revocation but not for decryption. Therefore, the ciphertext sent to the users for decryption will be of constant size (i.e.,3 group elements). Finally, we present the proof of security of our construction.

In this paper, we propose a hierarchical identity-based encryption (HIBE) scheme in the random oracle (RO) model based on the learning with rounding (LWR) problem over small modulus \$q\$. Compared with the previous HIBE schemes based on the learning with errors (LWE) problem, the ciphertext expansion ratio of our scheme can be decreased to 1/2. Then, we utilize the HIBE scheme to construct a deterministic hierarchical identity-based encryption (D-HIBE) scheme based on the LWR problem over small modulus. Finally, with the technique of binary tree encryption (BTE) we can construct HIBE and D-HIBE schemes in the standard model based on the LWR problem over small modulus.

Proxy Re-Encryption (PRE) is a favorable primitive to realize a cryptographic cloud with secure and flexible data sharing mechanism. A number of PRE schemes with versatile capabilities have been proposed for different applications. The secure data sharing can be internally achieved in each PRE scheme. But no previous work can guarantee the secure data sharing among different PRE schemes in a general manner. Moreover, it is challenging to solve this problem due to huge differences among the existing PRE schemes in their algebraic systems and public-key types. To solve this problem more generally, this paper uniforms the definitions of the existing PRE and Public Key Encryption (PKE) schemes, and further uniforms their security definitions. Then taking any uniformly defined PRE scheme and any uniformly defined PKE scheme as two building blocks, this paper constructs a Generally Hybrid Proxy Re-Encryption (GHPRE) scheme with the idea of temporary public and private keys to achieve secure data sharing between these two underlying schemes. Since PKE is a more general definition than PRE, the proposed GHPRE scheme also is workable between any two PRE schemes. Moreover, the proposed GHPRE scheme can be transparently deployed even if the underlying PRE schemes are implementing.

With the emerging Science and Technology, network security has become a major concern. Researchers have proposed new theories and applications to eradicate the unethical access to the secret message. This paper presents a new algorithm on Symmetric Key Cryptography. The algorithm comprises of a bitwise shifting operation, folding logic along with simple mathematical operations. The fundamental security of the algorithm lies in the dual-layered encryption and decryption processes which divide the entire method into various phases. The algorithm implements a ciphered array key which itself hides the actual secret key to increase the integrity of the cryptosystem. The algorithm has been experimentally tested and the test results are promising.

Supervisory control and data acquisition (SCADA) systems that run our critical infrastructure are increasingly run with Internet-based protocols and devices for remote monitoring. The embedded nature of the components involved, and the legacy aspects makes adding new security mechanisms in an efficient manner far from trivial. In this paper we study an anomaly detection based approach that enables detecting zero-day malicious threats and benign malconfigurations and mishaps. The approach builds on an existing platform (Bro) that lends itself to modular addition of new protocol parsers and event handling mechanisms. As an example we have shown an application of the technique to the IEC-60870-5-104 protocol and tested the anomaly detector with mixed results. The detection accuracy and false positive rate, as well as real-time response was adequate for 3 of our 4 created attacks. We also discovered some additional work that needs to be done to an existing protocol parser to extend its reach.

Honeypots are a common tool to set intrusion alarms and to study attacks against computer systems. In order to be convincing, honeypots attempt to resemble actual systems that are in active use. Recently, researchers have begun to develop honeypots for programmable logic controllers (PLCs). The tools of which we are aware have limited functionality compared to genuine devices. Particularly, they do not support running actual PLC programs. In order to improve upon the interactive capabilities of PLC honeypots we set out to develop a simulator for Siemens S7-300 series PLCs. Our current prototype XPOT supports PLC program compilation and interpretation, the proprietary S7comm protocol and SNMP. While the supported feature set is not yet comprehensive, it is possible to program it using standard IDEs such as Siemens' TIA portal. Additionally, we emulate the characteristics of the network stack of our reference PLC in order to resist OS fingerprinting attempts using tools such as Nmap. Initial experiments with students whom we trained in PLC programming indicate that XPOT may resist cursory inspection but still fails against knowledgeable and suspicious adversaries. We conclude that high-interactive PLC honeypots need to support a fairly complete feature set of the genuine, simulated PLC.

Given the advent of cyber-physical systems (CPS), event-based control paradigms such as complex event processing (CEP) are vital enablers for adaptive analytical control mechanisms. CPS are becoming a high-profile research topic as they are key to disruptive digital innovations such as autonomous driving, industrial internet, smart grid and ambient assisted living. However, organizational and technological scalability of today's CEP approaches is limited by their monolithic architectures. This leads to the research idea for atomic CEP entities and the hypothesis that a network of small event-based control services is better suited for CPS development and operation than current centralised approaches. In addition, the paper summarizes preliminary results of the presented doctoral work and outlines questions for future research as well as an evaluation plan.

This paper describes the hardware acceleration of various feature calculation functions used in activity recognition. In this work we have used a large scale sensing matrix which recognizes and counts gym exercises. Human activity is played on pressure matrix and the sensor data is sent to computer using a wired protocol for further processing. The recorded data from matrix is huge making it impractical to process on a smart phone. We propose a FPGA (Field Programmable Gate Array) based processing methodology which not only accelerates sensing data processing but also reduces the size of 2D sensor data matrix to 10 features. The resultant feature set can be transferred using wireless medium to a smart phone or other processing unit where the classification can be done. Our system takes a matrix of arbitrary size and output a 'features' set for each matrix frame. We used HLS (High Level Synthesis), an approach to write algorithm for FPGA using SystemC/C/C++ instead of traditional VHDL/Verilog. Results show promising improvement in processing time as compared to Matlab. Since the size of data is reduced, wireless medium can be use to transmit data. Additionally, the development time for FPGA designs is greatly reduced due to the usage of an abstracted high level synthesis approach. This system is currently developed for pressure sensing system but this strategy can be applied to other sensing application like temperature sensor grid.

Several duty-cycling and energy-efficient communication protocols have been presented to solve power constraints of sensor nodes. The battery power of sensor nodes can be also supplied by surrounding energy resources using energy harvesting techniques. However, communication protocols only offer limited power for sensor nodes and energy harvesting may encounter a challenge that sensor nodes are unable to draw power from surrounding energy resources in certain environments. Thus, an emerging technology, wireless rechargeable sensor networks (WRSNs), is proposed to enhance the proposed communication protocols and energy harvesting techniques [1]. With a WRSN, a mobile vehicle is used to supply power to sensor nodes by wireless energy transfer. One of the most significant issue in WRSNs is path planning of the mobile vehicle. The mobile vehicle based on its movement trajectory visits each sensor nodes to recharge them so that the sensor nodes can obtain sufficient energy to execute continuous missions. However, all of the existing mobile vehicles charging methods [2, 3] for WRSNs require the locations of the sensor nodes based on the assumption that the location of each sensor node is known in advance by one of the sensor network localization mechanisms. Therefore, the proposed system integrates both the localization and wireless charging mechanisms for WRSNs to decrease the system initialization time and cost.