Biblio

An often overlooked but equally important aspect of unmanned aerial system (UAS) design is the security of their networking protocols and how they deal with cyberattacks. In this context, cyberattacks are malicious attempts to monitor or modify incoming and outgoing data from the system. These attacks could target anywhere in the system where a transfer of data occurs but are most common in the transfer of data between the control station and the UAS. A compromise in the networking system of a UAS could result in a variety of issues including increased network latency between the control station and the UAS, temporary loss of control over the UAS, or a complete loss of the UAS. A complete loss of the system could result in the UAS being disabled, crashing, or the attacker overtaking command and control of the platform, all of which would be done with little to no alert to the operator. Fortunately, the majority of higher-end, enterprise, and government UAS platforms are aware of these threats and take actions to mitigate them. However, as the consumer market continues to grow and prices continue to drop, network security may be overlooked or ignored in favor of producing the lowest cost product possible. Additionally, these commercial off-the-shelf UAS often use uniform, standardized frequency bands, autopilots, and security measures, meaning a cyberattack could be developed to affect a wide variety of models with minimal changes. This paper will focus on a low-cost educational-use UAS and test its resilience to a variety of cyberattack methods, including man-in-the-middle attacks, spoofing of data, and distributed denial-of-service attacks. Following this experiment will be a discussion of current cybersecurity practices for counteracting these attacks and how they can be applied onboard a UAS. Although in this case the cyberattacks were tested against a simpler platform, the methods discussed are applicable to any UAS platform attempting to defend against such cyberattack methods.

Solidly mounted resonators (SMRs) built on dielectric acoustic reflectors can save several fabrication steps as well as avoid undesired parasitic effects when exciting extended electrodes via capacitive coupling. In this work we manufacture and measure the frequency response of AlN-based SMRs built on 7-layer ZnO/SiO2 acoustic reflectors with SiO2 working as low impedance material and ZnO as high impedance material. After applying a 700°C treatment, their frequency response is measured again and compared with the pre-treatment measurements.

In this work, a digitally tunable Frequency Selec-tive Surface (FSS) for use in Physical Layer Security (PLS) systems is presented. The design of a unit cell is described, which is optimized by simulations for the frequency range of 5 GHz indoor Wi-Fi. Based on the developed unit cell, a prototype with 64 binary switchable elements is set up. The performance of the surface is demonstrated by measurements.

Recently, the informatics infrastructure of INRiM Time and Frequency Laboratory has been completely renewed with particular attention to network security and software architecture aspects, with the aims to improve the reliability, robustness and automation of the overall set-up. This upgraded infrastructure has allowed, since January 2020, a fully automated generation and monitoring of the Italian time scale UTC(IT), based on dedicated software developed in-house [1]. We focus in this work on the network and software aspects of our set-up, which enable a robust and reliable automatic time scale generation with continuous monitoring and minimal human intervention.

In modern power grids (PGs), load frequency control (LFC) is effectively employed to preserve the frequency within the allowable ranges. However, LFC dependence on information and communication technologies (ICTs) makes PGs vulnerable to cyber attacks. Manipulation of measured data and control commands known as false data injection attacks (FDIAs) can negatively affect grid frequency performance and destabilize PG. This paper investigates the frequency performance of an isolated PG under coordinated FDIAs. A control scheme based on the combination of a Kalman filter, a chi-square detector, and a linear quadratic Gaussian controller is proposed to detect and mitigate the coordinated FDIAs. The efficiency of the proposed control scheme is evaluated under two types of scaling and exogenous FDIAs. The simulation results demonstrate that the proposed control scheme has significant capabilities to detect and mitigate the designed FDIAs.

Common randomness of channels offers the possibility to create cryptographic keys without the need for a key exchange procedure. Channel reciprocity for TDD (time-division duplexing) systems has been used for this purpose many times. FDD (frequency-division duplexing) systems, however, were long considered to not provide any usable symmetry. However, since the scattering transmission parameters S\textbackslashtextlessinf\textbackslashtextgreater12\textbackslashtextless/inf\textbackslashtextgreater and S\textbackslashtextlessinf\textbackslashtextgreater21\textbackslashtextless/inf\textbackslashtextgreater would ideally be the same due to reciprocity, when using neighboring frequency ranges for both directions, they would just follow a continuous curve when putting them next to each other. To not rely on absolute phase, we use phase differences between antennas and apply a polynomial curve fitting, thereafter, quantize the midpoint between the two frequency ranges with the two measurement directions. This is shown to work even with some spacing between the two bands. For key reconciliation, we force the measurement point from one direction to be in the midpoint of the quantization interval by a grid shift (or likewise measurement data shift). Since the histogram over the quantization intervals does not follow a uniform distribution, some source coding / hashing will be necessary. The key disagreement rate toward an eavesdropper was found to be close to 0.5. Additionally, when using an antenna array, a random permutation of antenna measurements can even further improve the protection against eavesdropping.

Process variation is the critical issue in hardware Trojan detection. In the state-of-art works, ring oscillators are employed to address this problem. But ring oscillators are very sensitive to IR-drop effect, which exists ICs. In this paper, based on circuit theory, a IR-drop calibration method is proposed. The nominal power supply voltage and the others power supply voltage with a very small difference of the nominal power supply voltage are applied to the test chip. It is assumed that they have the same IR-drop $Δ$V. Combined with these measured data, the value of Vth + $Δ$V, can be obtained by mathematic analysis. The typical Vth from circuit simulation is used to compute $Δ$V. We studied the proposed method in a tested chip.

With the rapid growth of the cloud computing and strengthening of security requirements, encrypted cloud services are of importance and benefit. For the huge ciphertext data stored in the cloud, many secure searchable methods based on cryptography with keywords are introduced. In all the methods, attribute-based searchable encryption is considered as the truthful and efficient method since it supports the flexible access policy. However, the attribute-based system suffers from two defects when applied in the cloud storage. One of them is that the huge data in the cloud makes the users process all the relevant files related to the certain keyword. For the other side, the users and users' attributes inevitably change frequently. Therefore, attribute revocation is also an important problem in the system. To overcome these drawbacks, an attribute-based ranked searchable encryption scheme with revocation is proposed. We rank the ciphertext documents according to the TF×IDF principle, and then only return the relevant top-k files. Besides the decryption sever, an encryption sever is also introduced. And a large number of computations are outsourced to the encryption server and decryption server, which reduces the computing overhead of the client. In addition, the proposed scheme uses a real-time revocation method to achieve attribute revocation and delegates most of the update tasks to the cloud, which also reduces the calculation overhead of the user side. The performance evaluations show the scheme is feasible and more efficient than the available ones.

With the rapid progress of informatization construction in power business, data resource has become the basic strategic resource of the power industry and innovative element in power production. The security protection of data in power business is particularly important in the informatization construction of power business. In order to implement data security protection, transparent encryption is one of the fifteen key technical standards in the Construction Guideline of the Standard Network Data Security System. However, data storage in the encrypted state is bound to affect the security audit of data to a certain extent. Based on this problem, this paper proposes a scheme to audit the sensitivity of the power business data under the protection of encryption to achieve an efficient sensitivity audit of ciphertext data with the premise of not revealing the decryption key or data information. Through a security demonstration, this paper fully proves that this solution is secure under the known plaintext attacks.

In the past decade, cyber-attack events on the power grid have proven to be sophisticated and advanced. These attacks led to severe consequences on the grid operation, such as equipment damage or power outages. Hence, it is more critical than ever to develop tools for security assessment and detection of anomalies in the cyber-physical grid. For an extensive power grid, it is complex to analyze the causes of frequency deviations. Besides, if the system is compromised, attackers can leverage on the frequency deviation to bypass existing protection measures of the grid. This paper aims to develop a novel specification-based method to detect False Data Injection Attacks (FDIAs) in the multi-area system. Firstly, we describe the implementation of a three-area system model. Next, we assess the risk and devise several intrusion scenarios. Specifically, we inject false data into the frequency measurement and Automatic Generation Control (AGC) signals. We then develop a rule-based method to detect anomalies at the system-level. Our simulation results proves that the proposed algorithm can detect FDIAs in the system.

In this study, a truncated singular value decomposition (TSVD) based computationally efficient through the wall imaging (TWI) is addressed. Mainly, two different scenarios with identical and non-identical multiple scatterers behind the wall have been considered. The scattered data are processed with special scheme in order to improve quality of the results and measurements are performed at four different frequencies. Next, effects of selecting truncation threshold in TSVD methods are analyzed and a detailed quantitative comparison is provided to demonstrate capabilities of these TSVD methods over selection of truncation threshold.

Control systems for critical infrastructure are becoming increasingly interconnected while cyber threats against critical infrastructure are becoming more sophisticated and difficult to defend against. Historically, cyber security has emphasized building defenses to prevent loss of confidentiality, integrity, and availability in digital information and systems, but in recent years cyber attacks have demonstrated that no system is impenetrable and that control system operation may be detrimentally impacted. Cyber resilience has emerged as a complementary priority that seeks to ensure that digital systems can maintain essential performance levels, even while capabilities are degraded by a cyber attack. This paper examines how cyber security and cyber resilience may be measured and quantified in a control system environment. Load Frequency Control is used as an illustrative example to demonstrate how cyber attacks may be represented within mathematical models of control systems, to demonstrate how these events may be quantitatively measured in terms of cyber security or cyber resilience, and the differences and similarities between the two mindsets. These results demonstrate how various metrics are applied, the extent of their usability, and how it is important to analyze cyber-physical systems in a comprehensive manner that accounts for all the various parts of the system.

We investigate an implementation of a compressive sampling (CS) stepped frequency ground penetrating radar. Due to the small number of targets, the B-scan is represented as a sparse image. Due to the nature of stepped frequency radar, smaller number of random frequencies can be used to obtain each A-scan (sparse delays). Also, the measurements obtained from different antenna positions can be reduced to a smaller number of random antenna positions. We also use the structure in the B-scan, i.e. the shape of the targets, which can be known, for instance, when detecting land mines. We demonstrate our method using radar data available from the Web from the land mine targets buried in the ground. We use group sparsity, i.e. we assume that the targets have some non-zero (and presumably known) dimension in the cross-range coordinate of the B-scan. For such targets, we also use the Markov chain model for the targets, where we simultaneously estimate the model parameters using the EMturboGAMP algorithm. Both approaches result in improved performance.

Recently, IoT, 5G mobile, big data, and artificial intelligence are increasingly used in the real world. These technologies are based on convergenced in Cyber Physical System(Cps). Cps technology requires core technologies to ensure reliability, real-time, safety, autonomy, and security. CPS is the system that can connect between cyberspace and physical space. Cyberspace attacks are confused in the real world and have a lot of damage. The personal information that dealing in CPS has high confidentiality, so the policies and technique will needed to protect the attack in advance. If there is an attack on the CPS, not only personal information but also national confidential data can be leaked. In order to prevent this, the risk is measured using the Factor Analysis of Information Risk (FAIR) Model, which can measure risk by element for situational awareness in CPS environment. To reduce risk by preventing attacks in CPS, this paper measures risk after using the concept of Crime Prevention Through Environmental Design(CPTED).

We propose POWERALERT, an efficient external integrity checker for untrusted hosts. Current attestation systems suffer from shortcomings, including requiring a complete checksum of the code segment, from being static, use of timing information sourced from the untrusted machine, or using imprecise timing information such as network round-trip time. We address those shortcomings by (1) using power measurements from the host to ensure that the checking code is executed and (2) checking a subset of the kernel space over an extended period. We compare the power measurement against a learned power model of the execution of the machine and validate that the execution was not tampered. Finally, POWERALERT randomizes the integrity checking program to prevent the attacker from adapting. We model the interaction between POWERALERT and an attacker as a time-continuous game. The Nash equilibrium strategy of the game shows that POWERALERT has two optimal strategy choices: (1) aggressive checking that forces the attacker into hiding, or (2) slow checking that minimizes cost. We implement a prototype of POWERALERT using Raspberry Pi and evaluate the performance of the integrity checking program generation.

In this paper, we present a work-in-progress approach to detect integrity attacks to Smart Grids by analyzing the readings from smart meters. Our approach is based on process mining and time-evolving graphs. In particular, process mining is used to discover graphs, from the dataset collecting the readings over a time period, that represent the behaviour of a customer. The time-evolving graphs are then compared in order to detect anomalous behavior of a customer. To evaluate the feasibility of our approach, we have conducted preliminary experiments by using the dataset provided by the Ireland's Commission for Energy Regulation (CER).

Spammers use automated content spinning techniques to evade plagiarism detection by search engines. Text spinners help spammers in evading plagiarism detectors by automatically restructuring sentences and replacing words or phrases with their synonyms. Prior work on spun content detection relies on the knowledge about the dictionary used by the text spinning software. In this work, we propose an approach to detect spun content and its seed without needing the text spinner's dictionary. Our key idea is that text spinners introduce stylometric artifacts that can be leveraged for detecting spun documents. We implement and evaluate our proposed approach on a corpus of spun documents that are generated using a popular text spinning software. The results show that our approach can not only accurately detect whether a document is spun but also identify its source (or seed) document - all without needing the dictionary used by the text spinner.

The security of computer programs and systems is a very critical issue. With the number of attacks launched on computer networks and software, businesses and IT professionals are taking steps to ensure that their information systems are as secure as possible. However, many programmers do not think about adding security to their programs until their projects are near completion. This is a major mistake because a system is as secure as its weakest link. If security is viewed as an afterthought, it is highly likely that the resulting system will have a large number of vulnerabilities, which could be exploited by attackers. One of the reasons programmers overlook adding security to their code is because it is viewed as a complicated or time-consuming process. This paper presents a tool that will help programmers think more about security and add security tactics to their code with ease. We created a model that learns from existing open source projects and documentation using machine learning and text mining techniques. Our tool contains a module that runs in the background to analyze code as the programmer types and offers suggestions of where security could be included. In addition, our tool fetches existing open source implementations of cryptographic algorithms and sample code from repositories to aid programmers in adding security easily to their projects.

The modern electric power grid is a complex cyber-physical system whose reliable operation is enabled by a wide-area monitoring and control infrastructure. Recent events have shown that vulnerabilities in this infrastructure may be exploited to manipulate the data being exchanged. Such a scenario could cause the associated control applications to mis-operate, potentially causing system-wide instabilities. There is a growing emphasis on looking beyond traditional cybersecurity solutions to mitigate such threats. In this paper we perform a testbed-based validation of one such solution - Attack Resilient Control (ARC) - on Iowa State University's PowerCyber testbed. ARC is a cyber-physical security solution that combines domain-specific anomaly detection and model-based mitigation to detect stealthy attacks on Automatic Generation Control (AGC). In this paper, we first describe the implementation architecture of the experiment on the testbed. Next, we demonstrate the capability of stealthy attack templates to cause forced under-frequency load shedding in a 3-area test system. We then validate the performance of ARC by measuring its ability to detect and mitigate these attacks. Our results reveal that ARC is efficient in detecting stealthy attacks and enables AGC to maintain system operating frequency close to its nominal value during an attack. Our studies also highlight the importance of testbed-based experimentation for evaluating the performance of cyber-physical security and control applications.

The MgO-based magnetic tunnel junction (MTJ) is the basis of modern hard disk drives' magnetic read sensors. Within its operating bandwidth, the sensor's performance is significantly affected by nonlinear and oscillating behavior arising from the MTJ's magnetization dynamics at microwave frequencies. Static I-V curve measurements are commonly used to characterize sensor's nonlinear effects. Unfortunately, these do not sufficiently capture the MTJ's magnetization dynamics. In this paper, we demonstrate the use of the two-tone measurement technique for full treatment of the sensor's nonlinear effects in conjunction with dynamic ones. This approach is new in the field of magnetism and magnetic materials, and it has its challenges due to the nature of the device. Nevertheless, the experimental results demonstrate how the two-tone measurement technique can be used to characterize magnetic sensor nonlinear properties.

Non-intrusive load monitoring (NILM) extracts information about how energy is being used in a building from electricity measurements collected at a single location. Obtaining measurements at only one location is attractive because it is inexpensive and convenient, but it can result in large amounts of data from high frequency electrical measurements. Different ways to compress or selectively measure this data are therefore required for practical implementations of NILM. We explore the use of random filtering and random demodulation, techniques that are closely related to compressed sensing, to offer a computationally simple way of compressing the electrical data. We show how these techniques can allow one to reduce the sampling rate of the electricity measurements, while requiring only one sampling channel and allowing accurate NILM performance. Our tests are performed using real measurements of electrical signals from a public data set, thus demonstrating their effectiveness on real appliances and allowing for reproducibility and comparison with other data management strategies for NILM.

This paper presents a model calibration algorithm for the modulated wideband converter (MWC) with non-ideal analog lowpass filter (LPF). The presented technique uses a test signal to estimate the finite impulse response (FIR) of the practical non-ideal LPF, and then a digital compensation filter is designed to calibrate the approximated FIR filter in the digital domain. At the cost of a moderate oversampling rate, the calibrated filter performs as an ideal LPF. The calibrated model uses the MWC system with non-ideal LPF to capture the samples of underlying signal, and then the samples are filtered by the digital compensation filter. Experimental results indicate that, without making any changes to the architecture of MWC, the proposed algorithm can obtain the samples as that of standard MWC with ideal LPF, and the signal can be reconstructed with overwhelming probability.

Wireless information security generates shared secret keys from reciprocal channel dynamics. Current solutions are mostly based on temporal per-frame channel measurements of signal strength and suffer from low key generate rate (KGR), large budget in channel probing, and poor secrecy if a channel does not temporally vary significantly. This paper designs a cross-layer solution that measures noise-free per-symbol channel dynamics across both time and frequency domain and derives keys from the highly fine-grained per-symbol reciprocal channel measurements. This solution consists of merits that: (1) the persymbol granularity improves the volume of available uncorrelated channel measurements by orders of magnitude over per-frame granularity in conventional solutions and so does KGR; 2) the solution exploits subtle channel fluctuations in frequency domain that does not force users to move to incur enough temporal variations as conventional solutions require; and (3) it measures noise-free channel response that suppresses key bit disagreement between trusted users. As a result, in every aspect, the proposed solution improves the security performance by orders of magnitude over conventional solutions. The performance has been evaluated on both a GNU SDR testbed in practice and a local GNU Radio simulator. The cross-layer solution can generate a KGR of 24.07 bits per probing frame on testbed or 19 bits in simulation, although conventional optimal solutions only has a KGR of at most one or two bit per probing frame. It also has a low key bit disagreement ratio while maintaining a high entropy rate. The derived keys show strong independence with correlation coefficients mostly less than 0.05. Furthermore, it is empirically shown that any slight physical change, e.g. a small rotation of antenna, results in fundamentally different cross-layer frequency measurements, which implies the strong secrecy and high efficiency of the proposed solution.
 

Source code authorship attribution is the task of determining the author of source code whose author is not explicitly known. One specific method of source code authorship attribution that has been shown to be extremely effective is the SCAP method. This method, however, relies on a parameter L that has heretofore been quite nebulous. In the SCAP method, each candidate author's known work is represented as a profile of that author, where the parameter L defines the profile's maximum length. In this study, alternative approaches for selecting a value for L were investigated. Several alternative approaches were found to perform better than the baseline approach used in the SCAP method. The approach that performed the best was empirically shown to improve the performance from 91.0% to 97.2% measured as a percentage of documents correctly attributed using a data set consisting of 7,231 programs written in Java and C++.

The addition of synchrophasors such as phasor measurement units (PMUs) to the existing power grid will enhance real-time monitoring and analysis of the grid. The PMU collects bus voltage, line current, and frequency measurements and uses the communication network to send the measurements to the respective substation(s)/control center(s). Since this approach relies on network infrastructure, possible cyber security vulnerabilities have to be addressed to ensure that is stable, secure, and reliable. In this paper, security vulnerabilities associated with a synchrophasor network in a benchmark IEEE 68 bus (New England/New York) power system model are examined. Currently known feasible attacks are demonstrated. Recommended testing and verification methods are also presented.