Biblio

One important aspect in protecting Cyber Physical System (CPS) is ensuring that the proper control and measurement signals are propagated within the control loop. The CPS research community has been developing a large set of check blocks that can be integrated within the control loop to check signals against various types of attacks (e.g., false data injection attacks). Unfortunately, it is not possible to integrate all these “checks” within the control loop as the overhead introduced when checking signals may violate the delay constraints of the control loop. Moreover, these blocks do not completely operate in isolation of each other as dependencies exist among them in terms of their effectiveness against detecting a subset of attacks. Thus, it becomes a challenging and complex problem to assign the proper checks, especially with the presence of a rational adversary who can observe the check blocks assigned and optimizes her own attack strategies accordingly. This paper tackles the inherent state-action space explosion that arises in securing CPS through developing DeepBLOC (DB)-a framework in which Deep Reinforcement Learning algorithms are utilized to provide optimal/sub-optimal assignments of check blocks to signals. The framework models stochastic games between the adversary and the CPS defender and derives mixed strategies for assigning check blocks to ensure the integrity of the propagated signals while abiding to the real-time constraints dictated by the control loop. Through extensive simulation experiments and a real implementation on a water purification system, we show that DB achieves assignment strategies that outperform other strategies and heuristics.

Information-Centric Networking (ICN) is attracting attention as a content distribution method against increasing network traffic. Content distribution in ICN adopts a pull-type communication method that returns data to Interest. However, in this case, the push-type communication method is advantageous. Therefore, the authors have proposed a method in which a server pushes content to reduce the node load in an environment where a large amount of Interest to specific content occurs in a short time. In this paper, we analyze the packet processing delay time with and without the proposed method in an environment where a router processes a large number of packets using a simulator. Simulation results show that the proposed method can reduce packet processing delay time and node load.

Information-centric networking (ICN) has played an increasingly important role in the next generation network design. However, to make better use of request-response communication mode in the ICN network, revoke user privileges more efficiently and protect user privacy more safely, an effective access control mechanism is needed. In this paper, we propose IBSS (identity-based secret sharing), which achieves efficient content distribution by using improved Shamir's secret sharing method. At the same time, collusion attacks are avoided by associating polynomials' degree with the number of users. When authenticating user identity and transmitting content, IBE and IBS are introduced to achieve more efficient and secure identity encryption. From the experimental results, the scheme only introduces an acceptable delay in file retrieval, and it can request follow-up content very efficiently.

Since remote ages, queues and delays have been a rather exasperating reality of human daily life. Today, they pursue us everywhere: in technical, social, socio-technical, and even control systems, dramatically deteriorating their performance. In this variety, it is the computer systems that are sure to cause the growing anxiety in our digital era. Although for our everyday Internet surfing, experiencing long-lasting and annoying delays is an unpleasant but not dangerous situation, for industrial control systems, especially those dealing with critical infrastructures, such behavior is unacceptable. The article presents a deterministic approach to solving some digital control system problems associated with delays and backlogs. Being based on Network calculus, in contrast to statistical methods of Queuing theory, it provides worst-case results, which are eminently desirable for critical infrastructures. The article covers the basics of a theory of deterministic queuing systems Network calculus, its evolution regarding the relationship between backlog bound and delay, and a technique for handling empirical data. The problems being solved by the deterministic approach: standard calculation of network performance measures, estimation of database maximum updating time, and cybersecurity assessment including such issues as the CIA triad representation, operational technology influence, and availability understanding focusing on its correlation with a delay are thoroughly discussed as well.

Cybersecurity is a major issue today. It is predicted that cybercrime will cost the world \$6 trillion annually by 2021. It is important to make logins secure as well as to make advances in security in order to catch cybercriminals. This paper will design and create a device that will use Fuzzy logic to identify a person by the rhythm and frequency of their typing. The device will take data from a user from a normal password entry session. This data will be used to make a Fuzzy system that will be able to identify the user by their typing speed. An application of this project could be used to make a more secure log-in system for a user. The log-in system would not only check that the correct password was entered but also that the rhythm of how the password was typed matched the user. Another application of this system could be used to help catch cybercriminals. A cybercriminal may have a certain rhythm at which they type at and this could be used like a fingerprint to help officials locate cybercriminals.

Blockchain has received tremendous attention in non-monetary applications including the Internet of Things (IoT) due to its salient features including decentralization, security, auditability, and anonymity. Most conventional blockchains rely on computationally expensive validator selection and consensus algorithms, have limited throughput, and high transaction delays. In this paper, we propose tree-chain a scalable fast blockchain instantiation that introduces two levels of randomization among the validators: i) transaction level where the validator of each transaction is selected randomly based on the most significant characters of the hash function output (known as consensus code), and ii) blockchain level where validator is randomly allocated to a particular consensus code based on the hash of their public key. Tree-chain introduces parallel chain branches where each validator commits the corresponding transactions in a unique ledger.

Wide integration of information and communication technology (ICT) in modern power grids has brought many benefits as well as the risk of cyber attacks. A critical step towards defending grid cyber security is to understand the cyber-physical causal chain, which describes the progression of intrusion in cyber-space leading to the formation of consequences on the physical power grid. In this paper, we develop an attack vector for a time delay attack at load frequency control in the power grid. Distinct from existing works, which are separately focused on cyber intrusion, grid response, or testbed validation, the proposed attack vector for the first time provides a full cyber-physical causal chain. It targets specific vulnerabilities in the protocols, performs a denial-of-service (DoS) attack, induces the delays in control loop, and destabilizes grid frequency. The proposed attack vector is proved in theory, presented as an attack tree, and validated in an experimental environment. The results will provide valuable insights to develop security measures and robust controls against time delay attacks.

A time-delay switch (TDS) cyber attack is a deliberate attempt by malicious adversaries aiming at destabilizing a power system by impeding the communication signals to/from the centralized controller from/to the network sensors and generating stations that participate in the load frequency control (LFC). A TDS cyber attack can be targeting the sensing loops (transmitting network measurements to the centralized controller) or the control signals dispatched from the centralized controller to the governor valves of the generating stations. A resilient TDS control strategy is proposed and developed in this work that thwarts network instabilities that are caused by delays in the sensing loops, and control commands, and guarantees normal operation of the LFC mechanism. This will be achieved by augmenting the telemetered control commands with locally generated feedback control laws (i.e., “decentralized” control commands) taking measurements that are available and accessible at the power generating stations (locally) independent from all the telemetered signals to/from the centralized controller. Our objective is to devise a controller that is capable of circumventing all types of TDS and DoS (Denial of Service) cyber attacks as well as a broad class of False Data Injection (FDI) cyber attacks.

This paper introduces an efficient reactive routing protocol considering the mobility and the reliability of a node in Cognitive Radio Sensor Networks (CRSNs). The proposed protocol accommodates the dynamic behavior of the spectrum availability and selects a stable transmission path from a source node to the destination. Outlined as a weighted graph problem, the proposed protocol measures the weight for an edge the measuring the mobility patterns of the nodes and channel availability. Furthermore, the mobility pattern of a node is defined in the proposed routing protocol from the viewpoint of distance, speed, direction, and node's reliability. Besides, the spectrum awareness in the proposed protocol is measured over the number of shared common channels and the channel quality. It is anticipated that the proposed protocol shows efficient routing performance by selecting stable and secured paths from source to destination. Simulation is carried out to assess the performance of the protocol where it is witnessed that the proposed routing protocol outperforms existing ones.

The mechanism of peers randomly choosing logical neighbors without any knowledge about underlying physical topology can cause a delay overhead in information propagation which makes the system vulnerable to double spend attacks. This paper introduces a proximity-aware extensions to the current Bitcoin protocol, named Master Node Based Clustering (MNBC). The ultimate purpose of the proposed protocol is to improve the information propagation delay in the Bitcoin network.

Wireless technology is rapidly proliferating. Devices such as Laptops, PDAs and cell-phones gained a lot of importance due to the use of wireless technology. Nowadays there is also a huge demand for spectrum allocation and there is a need to utilize the maximum available spectrum in efficient manner. Cognitive Radio (CR) Network is one such intelligent radio network, designed to utilize the maximum licensed bandwidth to un-licensed users. Cognitive Radio has the capability to understand unused spectrum at a given time at a specific location. This capability helps to minimize the interference to the licensed users and improves the performance of the network. Routing protocol selection is one of the main strategies to design any wireless or wired networks. In Cognitive radio networks the selected routing protocol should be best in terms of establishing an efficient route, addressing challenges in network topology and should be able to reduce bandwidth consumption. Performance analysis of the protocols helps to select the best protocol in the network. Objective of this study is to evaluate performance of various cognitive radio network routing protocols like Spectrum Aware On Demand Routing Protocol (SORP), Spectrum Aware Mesh Routing in Cognitive Radio Networks (SAMER) and Dynamic Source Routing (DSR) with and without black hole attack using various performance parameters like Throughput, E2E delay and Packet delivery ratio with the help of NS2 simulator.

Mobile Ad hoc Network (MANET) is one of the emerging technologies to communicate between nodes and its decentralized structure, self-configuring nature are the few properties of this Ad hoc network. Due to its undefined structure, it has found its usage in the desired and temporary communication network. MANET has many routing protocols governing it and due to its changing topology, there can be many issues arise in recent times. Problems like no central node, limited energy, and the quality of service, performance, design issues, and security challenges have been bugging the researchers. The black hole attacks are the kind that cause ad hoc network to be at loss of information and make the source to believe that it has the actual least distance path to the destination, but in real scenario the packets do not get forwarded to neighbouring nodes. In this paper, we have discussed different solutions over the past years to deal with such attacks. A summary of the schemes with their results and drawbacks in terms of performance metrics is also given.

Mobile Ad hoc Network is a very important key technology for device to device communication without any support of extra infrastructure. As it is being used as a mode of communication in various fields, protecting the network from various attacks becomes more important. In this research paper, we have created a real network scenario using random mobility of nodes and implemented Black hole Attack and Gray hole Attack, which degrades the performance of the network. In our research, we have found a novel mitigation technique which is efficient to mitigate both the attack from the network.

Wireless technology is widely used today and is growing rapidly. One of the wireless technologies is VANET where the network can communicate with vehicles (V2V) which can prevent accidents on the road. Energy is also a problem in VANET so it needs to be used efficiently. The presence of malicious nodes or nodes can eliminate and disrupt the process of data communication. The routing protocol used in this study is AODV. The purpose of this study is to analyze the comparison of blackhole attack and flooding attack against energy-efficient AODV on VANET. This research uses simulation methods and several supporting programs such as OpenStreetMap, SUMO, NS2, NAM, and AWK to test the AODV routing protocol. Quality of service (QOS) parameters used in this study are throughput, packet loss, and end to end delay. Energy parameters are also used to examine the energy efficiency used. This study uses the number of variations of nodes consisting of 20 nodes, 40 nodes, 60 nodes, and different network conditions, namely normal network conditions, network conditions with black hole attacks, and network conditions with flooding attacks. The results obtained can be concluded that the highest value of throughput when network conditions are normal, the greatest value of packet loss when there is a black hole attack, the highest end to end delay value and the largest remaining energy when there is a flooding attack.

Mobile edge computing (MEC), an emerging technology, has the characteristics of low latency, mobile energy savings, and context-awareness. As a type of access network, wireless mesh network (WMN) has gained wide attention due to its flexible network architecture, low deployment cost, and self-organization. The combination of MEC and WMN can solve the shortcomings of traditional wireless communication such as storage capacity, privacy, and security. In this paper, we propose a location-aware (LA) algorithm to cognize the location and a location-aware offloading policy (LAOP) algorithm considering the energy consumption and time delay. Simulation results show that the proposed LAOP algorithm can obtain a higher completion rate and lower average processing delay compared with the other two methods.

In multi-hop wireless mesh networks, the end-to-end delay for a packet is getting longer as the relaying hops to the destination are increasing. The real-time packet such as the urgent safety message should be delivered within the stipulated deadline. Most previous studies have been focused to find out the optimal route to the destination. We propose an intellectual priority-based packet transmission scheme for multi-interface devices in multi-hop wireless mesh networks.

Wireless mesh networks (WMNs) are dynamically self-organized and self-configured technology ensuring efficient connection to Internet. Such networks suffer from many issues, like lack of performance efficiency when huge amount of traffic are injected inside the networks. To deal with such issues, we propose in this paper an adapted fuzzy framework; by monitoring the rate of change in queue length in addition to the current length of the queue, we are able to provide a measure of future queue state. Furthermore, by using explicit rate messages we can make node sources more responsive to unexpected changes in the network traffic load. The simulation results show the efficiency of the proposed model.

Named Data Networking (NDN) uses the content name to enable content sharing in a network using Interest and Data messages. In essence, NDN supports communication through multiple interfaces, therefore, it is imperative to think of the interface that better meets the communication requirements of the application. The current interface ranking is based on single static metric such as minimum number of hops, maximum satisfaction rate, or minimum network delay. However, this ranking may adversely affect the network performance. To fill the gap, in this paper, we propose a new multi-metric robust interface ranking scheme that combines multiple metrics with different objective functions. Furthermore, we also introduce different forwarding modes to handle the forwarding decision according to the available ranked interfaces. Extensive simulation experiments demonstrate that the proposed scheme selects the best and suitable forwarding interface to deliver content.

To accommodate the rapidly changing Internet requirements, Information-Centric Networking (ICN) was recently introduced as a promising architecture for the future Internet. One of the ICN primary features is `in-network caching'; due to its ability to minimize network traffic and respond faster to users' requests. Therefore, various caching algorithms have been presented that aim to enhance the network performance using different measures, such as cache hit ratio and cache hit distance. Choosing a caching strategy is critical, and an adequate replacement strategy is also required to decide which content should be dropped. Thus, in this paper, we propose a content replacement scheme for ICN, called Randomized LFU that is implemented with respect to content popularity taking the time complexity into account. We use Abilene and Tree network topologies in our simulation models. The proposed replacement achieves encouraging results in terms of the cache hit ratio, inner hit, and hit distance and it outperforms FIFO, LRU, and Random replacement strategies.

Due to the harsh environment and energy limitation, maintaining efficient communication is crucial to the lifetime of Underwater Sensor Networks (UWSN). Named Data Networking (NDN), one of future network architectures, begins to be applied to UWSN. Although Underwater Named Data Networking (UNDN) performs well in data transmission, it still faces some security threats, such as the Denial-of-Service (DoS) attacks caused by Interest Flooding Attacks (IFAs). In this paper, we present a new type of DoS attacks, named as Synergetic Denial-of-Service (SDoS). Attackers synergize with each other, taking turns to reply to malicious interests as late as possible. SDoS attacks will damage the Pending Interest Table, Content Store, and Forwarding Information Base in routers with high concealment. Simulation results demonstrate that the SDoS attacks quadruple the increased network traffic compared with normal IFAs and the existing IFA detection algorithm in UNDN is completely invalid to SDoS attacks. In addition, we analyze the infection problem in UNDN and propose a defense method Trident based on carefully designed adaptive threshold, burst traffic detection, and attacker identification. Experiment results illustrate that Trident can effectively detect and resist both SDoS attacks and normal IFAs. Meanwhile, Trident can robustly undertake burst traffic and congestion.

In modern grid systems which is a typical cyber-physical System (CPS), information space and physical space are closely related. Once the communication link is interrupted, it will make a great damage to the power system. If the service path is too concentrated, the risk will be greatly increased. In order to solve this problem, this paper constructs a route planning algorithm that combines node load pressure, link load balance and service delay risk. At present, the existing intelligent algorithms are easy to fall into the local optimal value, so we chooses the deep reinforcement learning algorithm (DRL). Firstly, we build a risk assessment model. The node risk assessment index is established by using the node load pressure, and then the link risk assessment index is established by using the average service communication delay and link balance degree. The route planning problem is then solved by a route planning algorithm based on DRL. Finally, experiments are carried out in a simulation scenario of a power grid system. The results show that our method can find a lower risk path than the original Dijkstra algorithm and the Constraint-Dijkstra algorithm.

Due to the network topology high dynamic changes, the number of ground users and the impact of uneven traffic, the load difference between SDN-based satellite network controllers varies widely, which will cause network performance such as network delay and throughput to drop dramatically. Aiming at the above problems, a multi-controller optimized deployment strategy of satellite network based on SDN was proposed. First, the controller's load state is divided into four types: overload state, high load state, normal state, and idle state; second, when a controller in the network is idle, the switch under its jurisdiction is migrated to the adjacent low load controller and turn off the controller to reduce waste of resources. When the controller is in a high-load state and an overload state, consider both the controller and the switch, and migrate the high-load switch to the adjacent low-load controller. Balance the load between controllers, improve network performance, and improve network performance and network security. Simulation results show that the method has an average throughput improvement of 2.7% and a delay reduction of 3.1% compared with MCDALB and SDCLB methods.

Advertisement sharing in vehicular network through vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication is a fascinating in-vehicle service for advertisers and the users due to multiple reasons. It enable advertisers to promote their product or services in the region of their interest. Also the users get to receive more relevant ads. Usually, users tend to contribute in dissemination of ads if their privacy is preserved and if some incentive is provided. Recent researches have focused on enabling both of the parameters for the users by developing fair incentive mechanism which preserves privacy by using Zero-Knowledge Proof of Knowledge (ZKPoK) (Ming et al., 2019). However, the anonymity provided by ZKPoK can introduce internal attacker scenarios in the network due to which authenticated users can disseminate fake ads in the network without payment. As the existing scheme uses certificate-less cryptography, due to which malicious users cannot be removed from the network. In order to resolve these challenges, we employed conditional anonymity and introduced Monitoring Authority (MA) in the system. In our proposed scheme, the pseudonyms are assigned to the vehicles while their real identities are stored in Certification Authority (CA) in encrypted form. The pseudonyms are updated after a pre-defined time threshold to prevent behavioural privacy leakage. We performed security and performance analysis to show the efficiency of our proposed system.

The Precision Time Protocol is essential for many time-sensitive and time-aware applications. However, it was never designed for security, and despite various approaches to harden this protocol against manipulation, it is still prone to cyber-attacks. Here Advanced Persistent Threats (APT) are of particular concern, as they may stealthily and over extended periods of time manipulate computer clocks that rely on the accurate functioning of this protocol. Simulating such attacks is difficult, as it requires firmware manipulation of network and PTP infrastructure components. Therefore, this paper proposes and demonstrates a programmable Man-in-the-Middle (pMitM) and a programmable injector (pInj) device that allow the implementation of a variety of attacks, enabling security researchers to quantify the impact of APTs on time synchronisation.

With the growing use of the Robot Operating System (ROS), it can be argued that it has become a de-facto framework for developing robotic solutions. ROS is used to build robotic applications for industrial automation, home automation, medical and even automatic robotic surveillance. However, whenever ROS is utilized, security is one of the main concerns that needs to be addressed in order to ensure a secure network communication of robots. Cyber-attacks may hinder evolution and adaptation of most ROS-enabled robotic systems for real-world use over the Internet. Thus, it is important to address and prevent security threats associated with the use of ROS-enabled applications. In this paper, we propose a novel approach for securing ROS-enabled robotic system by integrating ROS with the Message Queuing Telemetry Transport (MQTT) protocol. We manage to secure robots' network communications by providing authentication and data encryption, therefore preventing man-in-the-middle and hijacking attacks. We also perform real-world experiments to assess how the performance of a ROS-enabled robotic surveillance system is affected by the proposed approach.