Biblio

A Robot Operating System (ROS) plays a significant role in organizing industrial robots for manufacturing. With an increasing number of the robots, the operators integrate a ROS with networked communication to share the data. This cyber-physical nature exposes the ROS to cyber attacks. To this end, this paper proposes a cross-layer approach to achieve secure and resilient control of a ROS. In the physical layer, due to the delay caused by the security mechanism, we design a time-delay controller for the ROS agent. In the cyber layer, we define cyber states and use Markov Decision Process to evaluate the tradeoffs between physical and security performance. Due to the uncertainty of the cyber state, we extend the MDP to a Partially Observed Markov Decision Process (POMDP). We propose a threshold solution based on our theoretical results. Finally, we present numerical examples to evaluate the performance of the secure and resilient mechanism.

Mobile Ad-hoc Network (MANET) consists of different configurations, where it deals with the dynamic nature of its creation and also it is a self-configurable type of a network. The primary task in this type of networks is to develop a mechanism for routing that gives a high QoS parameter because of the nature of ad-hoc network. The Ad-hoc-on-Demand Distance Vector (AODV) used here is the on-demand routing mechanism for the computation of the trust. The proposed approach uses the Artificial neural network (ANN) and the Support Vector Machine (SVM) for the discovery of the black hole attacks in the network. The results are carried out between the black hole AODV and the security mechanism provided by us as the Secure AODV (SAODV). The results were tested on different number of nodes, at last, it has been experimented for 100 nodes which provide an improvement in energy consumption of 54.72%, the throughput is 88.68kbps, packet delivery ratio is 92.91% and the E to E delay is of about 37.27ms.

The center-piece of this work is a software measurement physical unclonable function (PUF). It measures processor chip ALU silicon biometrics in a manner similar to all PUFs. Additionally, it composes the silicon measurement with the data-dependent delay of a particular program instruction in a way that is difficult to decompose through a mathematical model. This approach ensures that each software instruction is measured if computed. The SW-PUF measurements bind the execution of software to a specific processor with a corresponding certificate. This makes the SW-PUF a promising candidate for applications requiring Trusted Computing. For instance, it could measure the integrity of an execution path by generating a signature that is unique to the specific program execution path and the processor chip. We present an area and energy-efficient scheme based on the SW-PUF to provide a more robust root of trust for measurement than the existing trusted platform module (TPM). To explore the feasibility of the proposed design, the SW-PUF has been implemented in HSPICE using 45 nm technology and evaluated on the FPGA platform.

The major challenge of Real Time Protocol is to balance efficiency and fairness over limited bandwidth. MPTCP has proved to be effective for multimedia and real time networks. Ideally, an MPTCP sender should couple the subflows sharing the bottleneck link to provide TCP friendliness. However, existing shared bottleneck detection scheme either utilize end-to-end delay without consideration of multiple bottleneck scenario, or identify subflows on switch at the expense of operation overhead. In this paper, we propose a lightweight yet accurate approach, EMPTCP, to detect shared bottleneck. EMPTCP uses the widely deployed ECN scheme to capture the real congestion state of shared bottleneck, while at the same time can be transparently utilized by various enhanced MPTCP protocols. Through theory analysis, simulation test and real network experiment, we show that EMPTCP achieves higher than 90% accuracy in shared bottleneck detection, thus improving the network efficiency and fairness.

In this paper, we propose a robust Nash strategy for a class of uncertain Markov jump delay stochastic systems (UMJDSSs) via static output feedback (SOF). After establishing the extended bounded real lemma for UMJDSS, the conditions for the existence of a robust Nash strategy set are determined by means of cross coupled stochastic matrix inequalities (CCSMIs). In order to solve the SOF problem, an heuristic algorithm is developed based on the algebraic equations and the linear matrix inequalities (LMIs). In particular, it is shown that robust convergence is guaranteed under a new convergence condition. Finally, a practical numerical example based on the congestion control for active queue management is provided to demonstrate the reliability and usefulness of the proposed design scheme.

We present ctrlTCP, a method to combine the congestion controls of multiple TCP connections. In contrast to the previous methods such as the Congestion Manager, ctrlTCP can couple all TCP flows that leave one sender, traverse a common bottleneck (e.g., a home user's thin uplink) and arrive at different destinations. Using ns-2 simulations and an implementation in the FreeBSD kernel, we show that our mechanism reduces queuing delay, packet loss, and short flow completion times while enabling precise allocation of the share of the available bandwidth between the connections according to the needs of the applications.

Communication between two Internet hosts using parallel connections may result in unwanted interference between the connections. In this dissertation, we propose a sender-side solution to address this problem by letting the congestion controllers of the different connections collaborate, correctly taking congestion control logic into account. Real-life experiments and simulations show that our solution works for a wide variety of congestion control mechanisms, provides great flexibility when allocating application traffic to the connections, and results in lower queuing delay and less packet loss.

In wireless sensor networks (WSNs), congestion control is a very essential region of concern. When the packets that are coming get increased than the actual capacity of network or nodes results into congestion in the network. Congestion in network can cause reduction in throughput, increase in network delay, and increase in packet loss and sensor energy waste. For that reason, new complex methods are mandatory to tackle with congestion. So it is necessary to become aware of congestion and manage the congested resources in wireless sensor networks for enhancing the network performance. Diverse methodologies for congestion recognition and prevention have been presented in the previous couple of years. To handle some of the problems, this paper exhibits a new technique for controlling the congestion. An efficient and reliable routing protocol (ERRP) based on bio inspired algorithms is introduced in this paper for solving congestion problem. In the proposed work, a way is calculated to send the packets on the new pathway. The proposed work has used three approaches for finding the path which results into a congestion free path. Our analysis and simulation results shows that our approach provides better performance as compared to previous approaches in terms of throughput, packet loss, delay etc.

Intrusion Detection system (IDS) was an application which was aimed to monitor network activity or system and it could find if there was a dangerous operation. Implementation of IDS on Software Define Network architecture (SDN) has drawbacks. IDS on SDN architecture might decreasing network Quality of Service (QoS). So the network could not provide services to the existing network traffic. Throughput, delay and packet loss were important parameters of QoS measurement. Snort IDS and bro IDS were tools in the application of IDS on the network. Both had differences, one of which was found in the detection method. Snort IDS used a signature based detection method while bro IDS used an anomaly based detection method. The difference between them had effects in handling the network traffic through it. In this research, we compared both tools. This comparison are done with testing parameters such as throughput, delay, packet loss, CPU usage, and memory usage. From this test, it was found that bro outperform snort IDS for throughput, delay , and packet loss parameters. However, CPU usage and memory usage on bro requires higher resource than snort.

The recent trend of military is to combined Internet of Things (IoT) knowledge to their field for enhancing the impact in battlefield. That's why Internet of battlefield (IoBT) is our concern. This paper discusses how Fog Radio Access Network(F-RAN) can provide support for local computing in Industrial IoT and IoBT. F-RAN can play a vital role because of IoT devices are becoming popular and the fifth generation (5G) communication is also an emerging issue with ultra-low latency, energy consumption, bandwidth efficiency and wide range of coverage area. To overcome the disadvantages of cloud radio access networks (C-RAN) F-RAN can be introduced where a large number of F-RAN nodes can take part in joint distributed computing and content sharing scheme. The F-RAN in IoBT is effective for enhancing the computing ability with fog computing and edge computing at the network edge. Since the computing capability of the fog equipment are weak, to overcome the difficulties of fog computing in IoBT this paper illustrates some challenging issues and solutions to improve battlefield efficiency. Therefore, the distributed computing load balancing problem of the F-RAN is researched. The simulation result indicates that the load balancing strategy has better performance for F-RAN architecture in the battlefield.

In this paper, a novel anti-jamming mechanism is proposed to analyze and enhance the security of adversarial Internet of Battlefield Things (IoBT) systems. In particular, the problem is formulated as a dynamic psychological game between a soldier and an attacker. In this game, the soldier seeks to accomplish a time-critical mission by traversing a battlefield within a certain amount of time, while maintaining its connectivity with an IoBT network. The attacker, on the other hand, seeks to find the optimal opportunity to compromise the IoBT network and maximize the delay of the soldier's IoBT transmission link. The soldier and the attacker's psychological behavior are captured using tools from psychological game theory, with which the soldier's and attacker's intentions to harm one another are considered in their utilities. To solve this game, a novel learning algorithm based on Bayesian updating is proposed to find an ∈ -like psychological self-confirming equilibrium of the game.

The group key maintenance in MANET is especially risky, because repeated node movement, link breakdown and lower capacity resources. The member movement needs key refreshment to maintain privacy among members. To survive with these characteristics variety of clustering concepts used to subdivide the network. To establish considerably stable and trustable environment fuzzy based trust clustering taken into consideration with Group key management. The nodes with highest trust and energy elected as Cluster Head and it forms cluster in its range. The proposed work analyze secure multicast transmission by implementing Polynomial-based key management in Fuzzy Trust based clustered networks (FTBCA) for secure multicast transmission that protect against both internal and external attackers and measure the performance by injecting attack models.

The high penetration of third-party intellectual property (3PIP) brings a high risk of malicious inclusions and data leakage in products due to the planted hardware Trojans, and system level security constraints have recently been proposed for MPSoCs protection against hardware Trojans. However, secret communication still can be established in the context of the proposed security constraints, and thus, another type of security constraints is also introduced to fully prevent such malicious inclusions. In addition, fulfilling the security constraints incurs serious overhead of schedule length, and a two-stage performance-constrained task scheduling algorithm is then proposed to maintain most of the security constraints. In the first stage, the schedule length is iteratively reduced by assigning sets of adjacent tasks into the same core after calculating the maximum weight independent set of a graph consisting of all timing critical paths. In the second stage, tasks are assigned to proper IP vendors and scheduled to time periods with a minimization of cores required. The experimental results show that our work reduces the schedule length of a task graph, while only a small number of security constraints are violated.

In many industry Internet of Things applications, resources like CPU, memory, and battery power are limited and cannot afford the classic cryptographic security solutions. Silicon physical unclonable function (PUF) is a lightweight security primitive that exploits manufacturing variations during the chip fabrication process for key generation and/or device authentication. However, traditional weak PUFs such as ring oscillator (RO) PUF generate chip-unique key for each device, which restricts their application in security protocols where the same key is required to be shared in resource-constrained devices. In this article, in order to address this issue, we propose a PUF-based key sharing method for the first time. The basic idea is to implement one-to-one input-output mapping with lookup table (LUT)-based interstage crossing structures in each level of inverters of RO PUF. Individual customization on configuration bits of interstage crossing structure and different RO selections with challenges bring high flexibility. Therefore, with the flexible configuration of interstage crossing structures and challenges, crossover RO PUF can generate the same shared key for resource-constrained devices, which enables a new application for lightweight key sharing protocols.

Most of the security algorithms proposed for the sensor networks such as secure routing, data encryption and authentication, and intrusion detection target protecting the content of the collected data from being exposed to different types of attacks. However, the context of the collected data, such as event occurrence, event time, and event location, is not addressed by these security mechanisms and can still be leaked to the adversaries. Therefore, we propose in this paper a novel and efficient unobservability scheme for source/sink location privacy for wireless multimedia sensor networks. The proposed privacy scheme is based on a cross-layer design between the application and routing layers in order to exploit the multimedia processing technique with multipath routing to hide the event occurrences and locations of important nodes without degrading the network performance. Simulation analysis shows that our proposed scheme satisfies the privacy requirements and has better performance compared to other existing techniques.

Vehicular ad hoc network is one of most recent research areas to deploy intelligent Transport System. Due to their highly dynamic topology, energy constrained and no central point coordination, routing with minimal delay, minimal energy and maximize throughput is a big challenge. Software Defined Networking (SDN) is new paradigm to improve overall network lifetime. It incorporates dynamic changes with minimal end-end delay, and enhances network intelligence. Along with this, intelligence secure routing is also a major constraint. This paper proposes a novel approach to Energy efficient secured routing protocol for Software Defined Internet of vehicles using Restricted Boltzmann Algorithm. This algorithm is to detect hostile routes with minimum delay, minimum energy and maximum throughput compared with traditional routing protocols.

The US Federal Communications Commission (FCC) has recently mandated the database-driven dynamic spectrum access where unlicensed secondary users search for idle bands and use them opportunistically. The database-driven dynamic spectrum access approach is regarded for minimizing any harmful interference to licensed primary users caused by RF channel sensing uncertainties. However, when several secondary users (or several malicious users) query the RF spectrum database at the same time, spectrum server could experience denial of service (DoS) attack. In this paper, we investigate the Aggregated-Query-as-a-Secure-Service (AQaaSS) for querying RF spectrum database by secondary users for opportunistic wireless communications where selected number of secondary users aka grid leaders, query the database on behalf of all other secondary users, aka grid followers and relay the idle channel information to grid followers. Furthermore, the grid leaders are selected based on their both reputation or trust level and location in the network for the integrity of the information that grid followers receive. Grid followers also use the weighted majority voting to filter out comprised information about the idle channels. The performance of the proposed approach is evaluated using numerical results. The proposed approach gives lower latency (or same latency) to the secondary users and lower load (or same load) to the RF spectrum database server when more number of secondary users (or less number of secondary users) query than that of the server capacity.

This paper reports the definition, setup and obtained results of the Fed4FIRE + medium experiment ERASER, aimed to evaluate the actual Quality of Service (QoS) guarantees that the clean-slate Recursive InterNetwork Architecture (RINA) can deliver to heterogeneous applications at large-scale. To this goal, a 37-Node 5G metro/regional RINA network scenario, spanning from the end-user to the server where applications run in a datacenter has been configured in the Virtual Wall experimentation facility. This scenario has initially been loaded with synthetic application traffic flows, with diverse QoS requirements, thus reproducing different network load conditions. Next,their experienced QoS metrics end-to-end have been measured with two different QTA-Mux (i.e., the most accepted candidate scheduling policy for providing RINA with its QoS support) deployment scenarios. Moreover, on this RINA network scenario loaded with synthetic application traffic flows, a real HD (1080p) video streaming demonstration has also been conducted, setting up video streaming sessions to end-users at different network locations, illustrating the perceived Quality of Experience (QoE). Obtained results in ERASER disclose that, by appropriately deploying and configuring QTA-Mux, RINA can yield effective QoS support, which has provided perfect QoE in almost all locations in our demo when assigning video traffic flows the highest (i.e., Gold) QoS Cube.

This paper is concerned with the stabilization problem of cyber physical system (CPS) exposed to a random replay attack. The study will ignore the effects of communication delays and packet losses, and the attention will be focused on the effect of replay attack on the stability of (CPS). The closed-loop system is modeled as Markovian jump linear system with two jumping parameters. Linear matrix inequality (LMI) formulation is used to give a condition for stochastic stabilization of the system. Finally the theory is illustrated through a numerical example.

We present TendrilStaller, an eclipse attack targeting at Bitcoin's peer-to-peer network. TendrilStaller enables an adversary to delay block propagation to a victim for 10 minutes. The adversary thus impedes the victim from getting the latest blockchain state. It only takes as few as one Bitcoin full node and two light weight nodes to perform the attack. The light weight nodes perform a subset of the functions of a full Bitcoin node. The attack exploits a recent block propagation protocol introduced in April 2016. The protocol prescribes a Bitcoin node to select 3 neighbors that can send new blocks unsolicited. These neighbors are selected based on their recent performance in providing blocks quickly. The adversary induces the victim to select 3 attack nodes by having attack nodes send valid blocks to the victim more quickly than other neighbors. For this purpose, the adversary deploys a handful of light weight nodes so that the adversary itself receives new blocks faster. The adversary then performs the attack to delay blocks propagated to the victim. We implement the attack on top of current default Bitcoin protocol We deploy the attack nodes in multiple locations around the globe and randomly select victim nodes. Depending on the round-trip time between the adversary and the victim, 50%-85% of the blocks could be delayed to the victim. We further show that the adoption of light weight nodes greatly increases the attack probability by 15% in average. Finally, we propose several countermeasures to mitigate this eclipse attack.

Tor's anonymity network is one of the most widely used anonymity networks online, it consists of thousands of routers run by volunteers. Tor preserves the anonymity of its users by relaying the traffic through a number of routers (called onion routers) forming a circuit. The current design of Tor's transport layer suffers from a number of problems affecting the performance of the network. Several researches proposed changes in the transport design in order to eliminate the effect of these problems and improve the performance of Tor's network. In this paper. we propose "QuicTor", an improvement to the transport layer of Tor's network by using Google's protocol "QUIC" instead of TCP. QUIC was mainly developed to eliminate TCP's latency introduced from the handshaking delays and the head-of-line blocking problem. We provide an empirical evaluation of our proposed design and compare it to two other proposed designs, IMUX and PCTCP. We show that QuicTor significantly enhances the performance of Tor's network.

The cyber-physical systems (CPSes) rely on computing and control techniques to achieve system safety and reliability. However, recent attacks show that these techniques are vulnerable once the cyber-attackers have bypassed air gaps. The attacks may cause service disruptions or even physical damages. This paper designs the built-in attack characterization scheme for one general type of cyber-attacks in CPS, which we call time delay attack, that delays the transmission of the system control commands. We use the recurrent neural networks in deep learning to estimate the delay values from the input trace. Specifically, to deal with the long time-sequence data, we design the deep learning model using stacked bidirectional long short-term memory (LSTM) units. The proposed approach is tested by using the data generated from a power plant control system. The results show that the LSTM-based deep learning approach can work well based on data traces from three sensor measurements, i.e., temperature, pressure, and power generation, in the power plant control system. Moreover, we show that the proposed approach outperforms the base approach based on k-nearest neighbors.

Controller Area Network is the most widely adopted communication standard in automobiles. The CAN protocol is robust and is designed to minimize overhead. The light-weight nature of this protocol implies that it can't efficiently process secure communication. With the exponential increase in automobile communications, there is an urgent need for efficient and effective security countermeasures. We propose a support vector machine based intrusion detection system that is able to detect anomalous behavior with high accuracy. We outline a process for parameter selection and feature vector selection. We identify strengths and weaknesses of our system and propose to extend our work for time-series based data.

The National Airspace System (NAS), as a portion of the US' transportation system, has not yet begun to model or adopt integration of Artificial Intelligence (AI) technology. However, users of the NAS, i.e., Air transport operators, UAS operators, etc. are beginning to use this technology throughout their operations. At issue within the broader aviation marketplace, is the continued search for a solution set to the persistent daily delays and schedule perturbations that occur within the NAS. Despite billions invested through the NAS Modernization Program, the delays persist in the face of reduced demand for commercial routings. Every delay represents an economic loss to commercial transport operators, passengers, freighters, and any business depending on the transportation performance. Therefore, the FAA needs to begin to address from an advanced concepts perspective, what this wave of new technology will affect as it is brought to bear on various operations performance parameters, including safety, security, efficiency, and resiliency solution sets. This paper is the first in a series of papers we are developing to explore the application of AI in the National Airspace System (NAS). This first paper is meant to get everyone in the aviation community on the same page, a primer if you will, to start the technical discussions. This paper will define AI; the capabilities associated with AI; current use cases within the aviation ecosystem; and how to prepare for insertion of AI in the NAS. The next series of papers will look at NAS Operations Theory utilizing AI capabilities and eventually leading to a future intelligent NAS (iNAS) environment.

Online Social Networks(OSN) plays a vital role in our day to day life. The most popular social network, Facebook alone counts currently 2.23 billion users worldwide. Online social network users are aware of the various security risks that exist in this scenario including privacy violations and they are utilizing the privacy settings provided by OSN providers to make their data safe. But most of them are unaware of the risk which exists after deletion of their data which is not really getting deleted from the OSN server. Self destruction of data is one of the prime recommended methods to achieve assured deletion of data. Numerous techniques have been developed for self destruction of data and this paper discusses and evaluates these techniques along with the various privacy risks faced by an OSN user in this web centered world.