Biblio

Transitioning to more open architectures has been making Cyber-Physical Systems (CPS) vulnerable to malicious attacks that are beyond the conventional cyber attacks. This paper studies attack-resilience enhancement for a system under emerging attacks in the environment of the controller. An effective way to address this problem is to make system state estimation accurate enough for control regardless of the compromised components. This work follows this way and develops a procedure named CPS checkpointing and recovery, which leverages historical data to recover failed system states. Specially, we first propose a new concept of physical-state recovery. The essential operation is defined as rolling the system forward starting from a consistent historical system state. Second, we design a checkpointing protocol that defines how to record system states for the recovery. The protocol introduces a sliding window that accommodates attack-detection delay to improve the correctness of stored states. Third, we present a use case of CPS checkpointing and recovery that deals with compromised sensor measurements. At last, we evaluate our design through conducting simulator-based experiments and illustrating the use of our design with an unmanned vehicle case study.

Design for Testability (DfT) techniques allow devices to be tested at various levels of the manufacturing process. Scan architecture is a dominantly used DfT technique, which supports a high level of fault coverage, observability and controllability. However, scan architecture can be used by hardware attackers to gain critical information stored within the device. The security threats due to an unrestricted access provided by scan architecture has to be addressed to ensure hardware security. In this work, a solution based on the Clock and Data Recovery (CDR) method has been presented to authenticate users and limit the access to the scan architecture to authorized users. As compared to the available solution the proposed method presents a robust performance and reduces the area overhead by more than 10%.

The use of real-time video streaming is increasing day-by-day, and its security has become a serious issue now. Video encryption is a challenging task because of its large frame size. Video encryption can be done with symmetric key as well as asymmetric key encryption. Among different asymmetric key encryption technique, ECC performs better than other algorithms like RSA in terms of smaller key size and faster encryption and decryption operation. In this work, we have analyzed the performance of 18 different ECC curves and suggested some suitable curves for real-time video encryption.

Along with the rapid development of hardware security techniques, the revolutionary growth of countermeasures or attacking methods developed by intelligent and adaptive adversaries have significantly complicated the ability to create secure hardware systems. Thus, there is a critical need to (re)evaluate existing or new hardware security techniques against these state-of-the-art attacking methods. With this in mind, this paper presents a novel framework for incorporating active learning techniques into hardware security field. We demonstrate that active learning can significantly improve the learning efficiency of physical unclonable function (PUF) modeling attack, which samples the least confident and the most informative challenge-response pair (CRP) for training in each iteration. For example, our experimental results show that in order to obtain a prediction error below 4%, 2790 CRPs are required in passive learning, while only 811 CRPs are required in active learning. The sampling strategies and detailed applications of PUF modeling attack under various environmental conditions are also discussed. When the environment is very noisy, active learning may sample a large number of mislabeled CRPs and hence result in high prediction error. We present two methods to mitigate the contradiction between informative and noisy CRPs.

Wireless mesh networking (WMN) is a new technology aimed to introduce the benefits of using multi-hop and multi-path to the wireless world. However, the absence of a fast and reliable handoff protocol is a major drawback especially in a technology designed to feature high mobility and scalability. We propose a fast and efficient handoff authentication protocol for wireless mesh networks. It is a token-based authentication protocol using pre-distributed parameters. We provide a performance comparison among our protocol, UFAP, and other protocols including EAP-TLS and EAP-PEAP tested in an actual setup. Performance analysis will prove that our proposed handoff authentication protocol is 250 times faster than EAP-PEAP and 500 times faster than EAP-TLS. The significant improvement in performance allows UFAP to provide seamless handoff and continuous operation even for real-time applications which can only tolerate short delays under 50 ms.

Challenges associated with developing analytics solutions at the edge of large scale Industrial Internet of Things (IIoT) networks close to where data is being generated in most cases involves developing analytics solutions from ground up. However, this approach increases IoT development costs and system complexities, delay time to market, and ultimately lowers competitive advantages associated with delivering next-generation IoT designs. To overcome these challenges, existing, widely available, hardware can be utilized to successfully participate in distributed edge computing for IIoT systems. In this paper, an osmotic computing approach is used to illustrate how distributed osmotic computing and existing low-cost hardware may be utilized to solve complex, compute-intensive Explainable Artificial Intelligence (XAI) deep learning problem from the edge, through the fog, to the network cloud layer of IIoT systems. At the edge layer, the C28x digital signal processor (DSP), an existing low-cost, embedded, real-time DSP that has very wide deployment and integration in several IoT industries is used as a case study for constructing real-time graph-based Coiflet wavelets that could be used for several analytic applications including deep learning pre-processing applications at the edge and fog layers of IIoT networks. Our implementation is the first known application of the fixed-point C28x DSP to construct Coiflet wavelets. Coiflet Wavelets are constructed in the form of an osmotic microservice, using embedded low-level machine language to program the C28x at the network edge. With the graph-based approach, it is shown that an entire Coiflet wavelet distribution could be generated from only one wavelet stored in the C28x based edge device, and this could lead to significant savings in memory at the edge of IoT networks. Pearson correlation coefficient is used to select an edge generated Coiflet wavelet and the selected wavelet is used at the fog layer for pre-processing and denoising IIoT data to improve data quality for fog layer based deep learning application. Parameters for implementing deep learning at the fog layer using LSTM networks have been determined in the cloud. For XAI, communication network noise is shown to have significant impact on results of predictive deep learning at IIoT network fog layer.

Faced with a turbulent economic, political and social environment, Companies need to build effective risk management systems in their supply chains. Risk management can only be effective when the risks identification and analysis are enough accurate. In this perspective, this paper proposes a risk assessment approach based on the analytic hierarchy process and group decision making. In this study, a new method is introduced that will reduce the impact of incoherent judgments on group decision-making, It is, the “reduced weight function” that decreases the weight associated to a member of the expert panel based on the consistency of its judgments.

Dual Connectivity(DC) is one of the key technologies standardized in Release 12 of the 3GPP specifications for the Long Term Evolution (LTE) network. It attempts to increase the per-user throughput by allowing the user equipment (UE) to maintain connections with the MeNB (master eNB) and SeNB (secondary eNB) simultaneously, which are inter-connected via non-ideal backhaul. In this paper, we focus on one of the use cases of DC whereby the downlink U-plane data is split at the MeNB and transmitted to the UE via the associated MeNB and SeNB concurrently. In this case, out-of-order packet delivery problem may occur at the UE due to the delay over the non-ideal backhaul link, as well as the dynamics of channel conditions over the MeNB-UE and SeNB-UE links, which will introduce extra delay for re-ordering the packets. As a solution, we propose to adopt the RaptorQ FEC code to encode the source data at the MeNB, and then the encoded symbols are separately transmitted through the MeNB and SeNB. The out-of-order problem can be effectively eliminated since the UE can decode the original data as long as it receives enough encoded symbols from either the MeNB or SeNB. We present detailed protocol design for the RaptorQ code based concurrent transmission scheme, and simulation results are provided to illustrate the performance of the proposed scheme.

The importance of Networked Control Systems (NCS) is steadily increasing due to recent trends such as smart factories. Correct functionality of such NCS needs to be protected as malfunctioning systems could have severe consequences for the controlled process or even threaten human lives. However, with the increase in NCS, also attacks targeting these systems are becoming more frequent. To mitigate attacks that utilize captured sensor data in an NCS, transferred data needs to be protected. While using well-known methods such as Transport Layer Security (TLS) might be suitable to protect the data, resource constraint devices such as sensors often are not powerful enough to perform the necessary cryptographic operations. Also, as we will show in this paper, applying simple encryption in an NCS may enable easy Denial-of-Service (DoS) attacks by attacking single bits of the encrypted data. Therefore, in this paper, we present a hardware-based approach that enables sensors to perform the necessary encryption while being robust against (injected) bit failures.

In the near future, vehicular cloud will help to improve traffic safety and efficiency. Unfortunately, a computing of vehicular cloud and fog cloud faced a set of challenges in security, authentication, privacy, confidentiality and detection of misbehaving vehicles. In addition to, there is a need to recognize false messages from received messages in VANETs during moving on the road. In this work, the security issues and challenges for computing in the vehicular cloud over for computing is studied.

We propose an approach to enforce security in disruption- and delay-tolerant networks (DTNs) where long delays, high packet drop rates, unavailability of central trusted entity etc. make traditional approaches unfeasible. We use trust model based on subjective logic to continuously evaluate trustworthiness of security credentials issued in distributed manner by network participants to deal with absence of centralised trusted authorities.

Mobile Ad-hoc Network (MANET) is a prominent technology in the wireless networking field in which the movables nodes operates in distributed manner and collaborates with each other in order to provide the multi-hop communication between the source and destination nodes. Generally, the main assumption considered in the MANET is that each node is trusted node. However, in the real scenario, there are some unreliable nodes which perform black hole attack in which the misbehaving nodes attract all the traffic towards itself by giving false information of having the minimum path towards the destination with a very high destination sequence number and drops all the data packets. In the paper, we have presented different categories for black hole attack mitigation techniques and also presented the summary of various techniques along with its drawbacks that need to be considered while designing an efficient protocol.

Secure routing over VANET is a major issue due to its high mobility environment. Due to dynamic topology, routes are frequently updated and also suffers from link breaks due to the obstacles i.e. buildings, tunnels and bridges etc. Frequent link breaks can cause packet drop and thus result in degradation of network performance. In case of VANETs, it becomes very difficult to identify the reason of the packet drop as it can also occur due to the presence of a security threat. VANET is a type of wireless adhoc network and suffer from common attacks which exist for mobile adhoc network (MANET) i.e. Denial of Services (DoS), Black hole, Gray hole and Sybil attack etc. Researchers have already developed various security mechanisms for secure routing over MANET but these solutions are not fully compatible with unique attributes of VANET i.e. vehicles can communicate with each other (V2V) as well as communication can be initiated with infrastructure based network (V2I). In order to secure the routing for both types of communication, there is need to develop a solution. In this paper, a method for secure routing is introduced which can identify as well as eliminate the existing security threat.

Jellyfish attack is type of DoS attack which is difficult to detect and prevent. Jellyfish attack is categorized as JF Reorder Attack, JF Periodic Dropping Attack and JF Delay Variance Attack. JF attack delay data packets for some amount of time before forwarding and after reception which results high end-to-end delay in the network. JF Attack disrupts whole functionality of transmission and reduces the performance of network. In this paper difference of receive time and sending time greater than threshold value then delay occur due to congestion or availability of JF nodes that confirm by checking load of network. This way detect and prevent jellyfish attack.

One of the specially designated versatile networks, commonly referred to as MANET, performs on the basics that each and every one grouping in nodes totally operate in self-sorting out limits. In any case, performing in a group capacity maximizes quality and different sources. Mobile ad hoc network is a wireless infrastructureless network. Due to its unique features, various challenges are faced under MANET when the role of routing and its security comes into play. The review has demonstrated that the impact of failures during the information transmission has not been considered in the existing research. The majority of strategies for ad hoc networks just determines the path and transmits the data which prompts to packet drop in case of failures, thus resulting in low dependability. The majority of the existing research has neglected the use of the rejoining processing of the root nodes network. Most of the existing techniques are based on detecting the failures but the use of path re-routing has also been neglected in the existing methods. Here, we have proposed a method of path re-routing for managing the authorized nodes and managing the keys for group in ad hoc environment. Securing Schemes, named as 2ACK and the EGSR schemes have been proposed, which may be truly interacted to most of the routing protocol. The path re-routing has the ability to reduce the ratio of dropped packets. The comparative analysis has clearly shown that the proposed technique outperforms the available techniques in terms of various quality metrics.

A MANET is a group of wireless mobile nodes which cooperate in forwarding packets over a wireless links. Due to the lack of an infrastructure and open nature of MANET, security has become an essential and challenging issue. The mobile nature and selfishness of malicious node is a critical issue in causing the security problem. The MANETs are more defenseless to the security attacks; some of them are black hole and gray hole attacks. One of its key challenges is to find black hole attack. In this paper, researchers propose a secure AODV protocol (SAODV) for detection and removal of black hole and gray hole attacks in MANTEs. The proposed method is simulated using NS-2 and it seems that the proposed methodology is more secure than the existing one.

Hardware implementations of cryptographic algorithms may leak information through numerous side channels, which can be used to reveal the secret cryptographic keys, and therefore compromise the security of the algorithm. Power Analysis Attacks (PAAs) [1] exploit the information leakage from the device's power consumption (typically measured on the supply and/or ground pins). Digital circuits consume dynamic switching energy when data propagate through the logic in each new calculation (e.g. new clock cycle). The average power dissipation of a design can be expressed by: Ptot(t) = α · (Pd(t) + Ppvt(t)) (1) where α is the activity factor (the probability that the gate will switch) and depends on the probability distribution of the inputs to the combinatorial logic. This induces a linear relationship between the power and the processed data [2]. Pd is the deterministic power dissipated by the switching of the gate, including any parasitic and intrinsic capacitances, and hence can be evaluated prior to manufacturing. Ppvt is the change in expected power consumption due to nondeterministic parameters such as process variations, mismatch, temperature, etc. In this manuscript, we describe the design of logic gates that induce data-independent (constant) α and Pd.

Named Data Networking (NDN) is a future Internet architecture, NDN forwarding strategy is a hot research topic in MANET. At present, there are two categories of forwarding strategies in NDN. One is the blind forwarding(BF), the other is the aware forwarding(AF). Data packet return by the way that one came forwarding strategy(DRF) as one of the BF strategy may fail for the interruptions of the path that are caused by the mobility of nodes. Consumer need to wait until the interest packet times out to request the data packet again. To solve the insufficient of DRF, in this paper a Forwarding Strategy, called FN based on Neighbor-aware is proposed for NDN MANET. The node maintains the neighbor information and the request information of neighbor nodes. In the phase of data packet response, in order to improve request satisfaction rate, node specifies the next hop node; Meanwhile, in order to reduce packet loss rate, node assists the last hop node to forward packet to the specific node. The simulation results show that compared with DRF and greedy forwarding(GF) strategy, FN can improve request satisfaction rate when node density is high.

Most of Wireless Sensor Networks (WSNs) are usually deployed in hostile environments where the communications conditions are not stable and not reliable. Hence, there is a need to design an effective distributed schemes to enable the sensors cooperating in order to recover the sensed data. In this paper, we establish a novel cooperative data exchange (CDE) scheme using instantly decodable network coding (IDNC) across the sensor nodes. We model the problem using the cooperative game theory in partition form. We develop also a distributed merge-and-split algorithm in order to form dynamically coalitions that maximize their utilities in terms of both energy consumption and IDNC delay experienced by all sensors. Indeed, the proposed algorithm enables these sensors to self-organize into stable clustered network structure where all sensors do not have incentives to change the cluster he is part of. Simulation results show that our cooperative scheme allows nodes not only to reduce the energy consumption, but also the IDNC completion time.

Network coding is a potential method that numerous investigators have move forwarded due to its significant advantages to enhance the proficiency of data communication. In this work, utilize simulations to assess the execution of various network topologies employing network coding. By contrasting the results of network and without network coding, it insists that network coding can improve the throughput, end-to-end delays, Packet Delivery Rate (PDR) and consistency. This paper presents the comparative performance analysis of network coding such as, XOR, LNC, and RLNC. The results demonstrates the XOR technique has attractive outcomes and can improve the real time performance metrics i.e.; throughput, end-to-end delay and PDR by substantial limitations. The analysis has been carried out based on packet size and also number of packets to be transmitted. Results illustrates that the network coding facilitate in dependence between networks.

Digital fingerprinting refers to as method that can assign each copy of an intellectual property (IP) a distinct fingerprint. It was introduced for the purpose of protecting legal and honest IP users. The unique fingerprint can be used to identify the IP or a chip that contains the IP. However, existing fingerprinting techniques are not practical due to expensive cost of creating fingerprints and the lack of effective methods to verify the fingerprints. In the paper, we study a practical scan chain based fingerprinting method, where the digital fingerprint is generated by selecting the Q-SD or Q'-SD connection during the design of scan chains. This method has two major advantages. First, fingerprints are created as a post-silicon procedure and therefore there will be little fabrication overhead. Second, altering the Q-SD or Q'-SD connection style requires the modification of test vectors for each fingerprinted IP in order to maintain the fault coverage. This enables us to verify the fingerprint by inspecting the test vectors without opening up the chip to check the Q-SD or Q'-SD connection styles. We perform experiment on standard benchmarks to demonstrate that our approach has low design overhead. We also conduct security analysis to show that such fingerprints are robust against various attacks.

Software development for Cyber-Physical Systems (CPS), e.g., autonomous vehicles, requires both functional and non-functional quality assurance to guarantee that the CPS operates safely and effectively. EAST-ADL is a domain specific architectural language dedicated to safety-critical automotive embedded system design. We have previously modified EAST-ADL to include energy constraints and transformed energy-aware real-time (ERT) behaviors modeled in EAST-ADL/Stateflow into UPPAAL models amenable to formal verification. Previous work is extended in this paper by including support for Simulink and an integration of Simulink/Stateflow (S/S) within the same too lchain. S/S models are transformed, based on the extended ERT constraints with probability parameters, into verifiable UPPAAL-SMC models and integrate the translation with formal statistical analysis techniques: Probabilistic extension of EAST-ADL constraints is defined as a semantics denotation. A set of mapping rules is proposed to facilitate the guarantee of translation. Formal analysis on both functional- and non-functional properties is performed using Simulink Design Verifier and UPPAAL-SMC. Our approach is demonstrated on the autonomous traffic sign recognition vehicle case study.

True random numbers have a fair role in modern digital transactions. In order to achieve secured authentication, true random numbers are generated as security keys which are highly unpredictable and non-repetitive. True random number generators are used mainly in the field of cryptography to generate random cryptographic keys for secure data transmission. The proposed work aims at the generation of true random numbers based on CMOS Boolean Chaotic Oscillator. As a part of this work, ASIC approach of CMOS Boolean Chaotic Oscillator is modelled and simulated using Cadence Virtuoso tool based on 45nm CMOS technology. Besides, prototype model has been implemented with circuit components and analysed using NI ELVIS platform. The strength of the generated random numbers was ensured by NIST (National Institute of Standards and Technology) Test Suite and ASIC approach was validated through various parameters by performing various analyses such as frequency, delay and power.

Applications of true random number generators (TRNGs) span from art to numerical computing and system security. In cryptographic applications, TRNGs are used for generating new keys, nonces and masks. For this reason, a TRNG is an essential building block and often a point of failure for embedded security systems. One type of primitives that are widely used as source of randomness are ring oscillators. For a ring-oscillator-based TRNG, the true randomness originates from its timing jitter. Therefore, determining the jitter strength is essential to estimate the quality of a TRNG. In this paper, we propose a method to measure the jitter strength of a ring oscillator implemented on an FPGA. The fast tapped delay chain is utilized to perform the on-chip measurement with a high resolution. The proposed method is implemented on both a Xilinx FPGA and an Intel FPGA. Fast carry logic components on different FPGAs are used to implement the fast delay line. This carry logic component is designed to be fast and has dedicated routing, which enables a precise measurement. The differential structure of the delay chain is used to thwart the influence of undesirable noise from the measurement. The proposed methodology can be applied to other FPGA families and ASIC designs.

PUFs are an emerging security primitive that offers a lightweight security alternative to highly constrained devices like RFIDs. PUFs used in authentication protocols however suffer from unreliable outputs. This hinders their scaling, which is necessary for increased security, and makes them also problematic to use with cryptographic functions. We introduce a new Dual Arbiter PUF design that reveals additional information concerning the stability of the outputs. We then employ a novel filtering scheme that discards unreliable outputs with a minimum number of evaluations, greatly reducing the BER of the PUF.