Biblio

In this paper, we investigate a networked control problem in the presence of Denial-of-Service (DoS) attacks, which prevent transmissions over the communication network. The communication between the process and controller is also subject to bit rate constraints. For mitigating the influences of DoS attacks and bit rate constraints, we develop a variable bit rate (VBR) encoding-decoding protocol and quantized controller to stabilize the control system. We show that the system’s resilience against DoS under VBR is preserved comparing with those under constant bit rate (CBR) quantized control, with fewer bits transmitted especially when the attack levels are low. The proposed VBR quantized control framework in this paper is general enough such that the results of CBR quantized control under DoS and moreover the results of minimum bit rate in the absence of DoS can be recovered.

Although DC microgrids using a distributed cooperative control architecture can avoid the instability or shutdown issues caused by a single-point failure as compared to the centralized approach, limited global information in the former makes it difficult to detect cyber attacks. Here, we present a false data injection attack (FDIA)–-termed as a local control input attack–-targeting voltage observers in the secondary controllers and control loops in the primary controllers. Such an attack cannot be detected by only observing the performance of the estimated voltage of each agent, thereby posing a potential threat to the system operation. To address this, a detection method using the outputs of the voltage observers is developed to identify the exact location of an FDIA. The proposed approach is based on the characteristics of the distributed cooperative network and avoids heavy dependency on the system model parameters. Next, an event-driven mitigation approach is deployed to substitute the attacked element with a reconstructed signal upon the detection of an attack. Finally, the effectiveness of the proposed resilient scheme is validated using simulation results.

The Enterprise Architecture and Systems Engineering communities are often faced with complexity barriers that develop due to the fact that modern systems must be agile and resilient. This requires dynamic changes to the system so as to adapt to changing missions as well as changes in the internal and external environments. The requirement is not entirely new, but practitioners need guidance on how to manage the life cycle of such systems. This is a problem because we must be able to architect systems by alleviating the difficulties in systems life cycle management (e.g., by helping the enterprise- or systems engineer organise and maintain models and architecture descriptions of the system of interest). Building on Pask’s conversation theoretic model of aware (human or machine) individuals, the paper proposes a reference model for systems that maintain their own models real time, act efficiently, and create system-level awareness on all levers of aggregation.

Distributed wind is an electric energy resource segment with strong potential to be deployed in many applications, but special consideration of resilience and cybersecurity is needed to address the unique conditions associated with distributed wind. Distributed wind is a strong candidate to help meet renewable energy and carbon-free energy goals. However, care must be taken as more systems are installed to ensure that the systems are reliable, resilient, and secure. The physical and communications requirements for distributed wind mean that there are unique cybersecurity considerations, but there is little to no existing guidance on best practices for cybersecurity risk management for distributed wind systems specifically. This research develops an architecture for managing cyber risks associated with distributed wind systems through resilience functions. The architecture takes into account the configurations, challenges, and standards for distributed wind to create a risk-focused perspective that considers threats, vulnerabilities, and consequences. We show how the resilience functions of identification, preparation, detection, adaptation, and recovery can mitigate cyber threats. We discuss common distributed wind architectures and interconnections to larger power systems. Because cybersecurity cannot exist independently, the cyber-resilience architecture must consider the system holistically. Finally, we discuss risk assessment recommendations with special emphasis on what sets distributed wind systems apart from other distributed energy resources (DER).

Federated Learning (FL) is a multiparty learning computing approach that can aid privacy-preservation machine learning. However, FL has several potential security and privacy threats. First, the existing FL requires a central coordinator for the learning process which brings a single point of failure and trust issues for the shared trained model. Second, during the learning process, intentionally unreliable model updates performed by Byzantine colluding parties can lower the quality and convergence of the shared ML models. Therefore, discovering verifiable local model updates (i.e., integrity or correctness) and trusted parties in FL becomes crucial. In this paper, we propose a resilient and verifiable FL algorithm based on a reputation scheme to cope with unreliable parties. We develop a selection algorithm for task publisher and blockchain-based multiparty learning architecture approach where local model updates are securely exchanged and verified without the central party. We also proposed a novel auditing scheme to ensure our proposed approach is resilient up to 50% Byzantine colluding attack in a malicious scenario.

Security is of importance for communication networks, and many network nodes, like sensors and IoT devices, are resource-constrained. Physical Unclonable Functions (PUFs) leverage physical variations of the integrated circuits to produce responses unique to individual circuits and have the potential for delivering security for low-cost networks. But before a PUF can be adopted for security applications, all security vulnerabilities must be discovered. Recently, a new PUF known as Interpose PUF (IPUF) was proposed, which was tested to be secure against reliability-based modeling attacks and machine learning attacks when the attacked IPUF is of small size. A recent study showed IPUFs succumbed to a divide-and-conquer attack, and the attack method requires the position of the interpose bit known to the attacker, a condition that can be easily obfuscated by using a random interpose position. Thus, large IPUFs may still remain secure against all known modeling attacks if the interpose position is unknown to attackers. In this paper, we present a new modeling attack method of IPUFs using multilayer neural networks, and the attack method requires no knowledge of the interpose position. Our attack was tested on simulated IPUFs and silicon IPUFs implemented on FPGAs, and the results showed that many IPUFs which were resilient against existing attacks cannot withstand our new attack method, revealing a new vulnerability of IPUFs by re-defining the boundary between secure and insecure regions in the IPUF parameter space.

MPLS has been in the forefront of high-speed Wide Area Networks (WANs), for almost two decades [1], [12]. The performance advantages in implementing Multi-Protocol Label Switching (MPLS) are mainly its superior speed based on fast label switching and its capability to perform Fast Reroute rapidly when failure(s) occur - in theory under 50 ms [16], [17], which makes MPLS also interesting for real-time applications. We investigate the aforementioned advantages of MPLS by creating two real testbeds using actual routers that commercial Internet Service Providers (ISPs) use, one with a ring and one with a partial mesh architecture. In those two testbeds we compare the performance of MPLS channels versus normal routing, both using the Open Shortest Path First (OSPF) routing protocol. The speed of the Fast Reroute mechanism for MPLS when failures are occurring is investigated. Firstly, baseline experiments are performed consisting of MPLS versus normal routing. Results are evaluated and compared using both single and dual failure scenarios within the two architectures. Our results confirm recovery times within 50 ms.

Recent technological advancements have proliferated the use of small embedded devices for collecting, processing, and transferring the security-critical information. The Internet of Things (IoT) has enabled remote access and control of these network-connected devices. Consequently, an attacker can exploit security vulnerabilities and compromise these devices. In this context, the secure boot becomes a useful security mechanism to verify the integrity and authenticity of the software state of the devices. However, the current secure boot schemes focus on detecting the presence of potential malware on the device but not on disinfecting and restoring the software to a benign state. This manuscript presents CARE - the first secure boot framework that provides malicious code modification attack detection, resilience, and onboard recovery mechanism for the compromised devices. The framework uses a prototype hybrid CARE: Code Authentication and Resilience Engine to verify the integrity and authenticity of the software and restore it to a benign state. It uses Physical Memory Protection (PMP) and other security enchaining techniques of RISC-V processor to provide resilience from modern attacks. The state-of-the-art comparison and performance analysis results indicate that the proposed secure boot framework provides promising resilience and recovery mechanism with very little (8%) performance and resource overhead.

Physically Unclonable Functions (PUFs) are hardware-based security primitives that utilize manufacturing process variations to realize binary keys (Weak PUFs) or binary functions (Strong PUFs). This primitive is desirable for key generation and authentication in constrained devices, due to its low power and low area overhead. However, in recent years many research papers are focused on the vulnerability of PUFs to modeling attacks. This attack is possible because the PUFs challenge and response exchanges are usually transmitted over communication channel without encryption. Thus, an attacker can collect challenge-response pairs and use it as input into a learning algorithm, to create a model that can predict responses given new challenges. In this paper we introduce a serial and a parallel novel 64-bits memory-based controlled PUF (Mc-PUF) architecture for device authentication that has high uniqueness and randomness, reliable, and resilient against modeling attacks. These architectures generate a response by utilizing bits extracted from the fingerprint of a synchronous random-access memory (SRAM) PUF with a control logic. The synthesis of the serial architecture yielded an area of 1.136K GE, while the parallel architecture was 3.013K GE. The best prediction accuracy obtained from the modeling attack was 50%, which prevents an attacker from accurately predicting responses to future challenges. We also showcase the scalability of the design through XOR-ing several Mc-PUFs, further improving upon its security and performance. The remainder of the paper presents the proposed architectures, along with their hardware implementations, area and power consumption, and security resilience against modeling attacks. The 3-XOR Mc-PUF had the greatest overhead, but it produced the best randomness, uniqueness, and resilience against modeling attacks.

Recent technological advancement demands organizations to have measures in place to manage their Information Technology (IT) systems. Enterprise Architecture Frameworks (EAF) offer companies an efficient technique to manage their IT systems aligning their business requirements with effective solutions. As a result, experts have developed multiple EAF's such as TOGAF, Zachman, MoDAF, DoDAF, SABSA to help organizations to achieve their objectives by reducing the costs and complexity. These frameworks however, concentrate mostly on business needs lacking holistic enterprise-wide security practices, which may cause enterprises to be exposed for significant security risks resulting financial loss. This study focuses on evaluating business capabilities in TOGAF, NIST, COBIT, MoDAF, DoDAF, SABSA, and Zachman, and identify essential security requirements in TOGAF, SABSA and COBIT19 frameworks by comparing their resiliency processes, which helps organization to easily select applicable framework. The study shows that; besides business requirements, EAF need to include precise cybersecurity guidelines aligning EA business strategies. Enterprises now need to focus more on building resilient approach, which is beyond of protection, detection and prevention. Now enterprises should be ready to withstand against the cyber-attacks applying relevant cyber resiliency approach improving the way of dealing with impacts of cybersecurity risks.

Assuring Cybersecurity for the Internet of things (IoT) remains a significant challenge. Most IoT devices have minimal computational power and should be secured with lightweight security techniques (optimized computation and energy tradeoff). Furthermore, IoT devices are mainly designed to have long lifetimes (e.g., 10–15 years), forcing the designers to open the system for possible future updates. Here, we developed a lightweight and reconfigurable security architecture for IoT devices. Our research goal is to create a simple authentication protocol based on physical unclonable function (PUF) for FPGA-based IoT devices. The main challenge toward realization of this protocol is to make it make it resilient against machine learning attacks and it shall not use cryptography primitives.

We introduce a lightweight architecture of Intrusion Detection Systems (IDS) for ad-hoc IoT networks. Current state-of-the-art IDS have been designed based on assumptions holding from conventional computer networks, and therefore, do not properly address the nature of IoT networks. In this work, we first identify the correlation between the communication overheads and the placement of an IDS (as captured by proper placement of active IDS agents in the network). We model such networks as Random Geometric Graphs. We then introduce a novel IDS architectural approach by having only a minimum subset of the nodes acting as IDS agents. These nodes are able to monitor the network and detect attacks at the networking layer in a collaborative manner by monitoring 1-hop network information provided by routing protocols such as RPL. Conducted experiments show that our proposed IDS architecture is resilient and robust against frequent topology changes due to node failures. Our detailed experimental evaluation demonstrates significant performance gains in terms of communication overhead and energy dissipation while maintaining high detection rates.

In the era of edge computing and Artificial Intelligence (AI), securing billions of edge devices within a network against intelligent attacks is crucial. We propose PUFGAN, an innovative machine learning attack-proof security architecture, by embedding a self-adversarial agent within a device fingerprint- based security primitive, public PUF (PPUF) known for its strong fingerprint-driven cryptography. The self-adversarial agent is implemented using Generative Adversarial Networks (GANs). The agent attempts to self-attack the system based on two GAN variants, vanilla GAN and conditional GAN. By turning the attacking quality through generating realistic secret keys used in the PPUF primitive into system vulnerability, the security architecture is able to monitor its internal vulnerability. If the vulnerability level reaches at a specific value, PUFGAN allows the system to restructure its underlying security primitive via feedback to the PPUF hardware, maintaining security entropy at as high a level as possible. We evaluated PUFGAN on three different machine environments: Google Colab, a desktop PC, and a Raspberry Pi 2, using a real-world PPUF dataset. Extensive experiments demonstrated that even a strong device fingerprint security primitive can become vulnerable, necessitating active restructuring of the current primitive, making the system resilient against extreme attacking environments.

Wide-area protection and control (WAPAC) systems are widely applied in the energy management system (EMS) that rely on a wide-area communication network to maintain system stability, security, and reliability. As technology and grid infrastructure evolve to develop more advanced WAPAC applications, however, so do the attack surfaces in the grid infrastructure. This paper presents an attack-resilient system (ARS) for the WAPAC cybersecurity by seamlessly integrating the network intrusion detection system (NIDS) with intrusion mitigation and prevention system (IMPS). In particular, the proposed NIDS utilizes signature and behavior-based rules to detect attack reconnaissance, communication failure, and data integrity attacks. Further, the proposed IMPS applies state transition-based mitigation and prevention strategies to quickly restore the normal grid operation after cyberattacks. As a proof of concept, we validate the proposed generic architecture of ARS by performing experimental case study for wide-area protection scheme (WAPS), one of the critical WAPAC applications, and evaluate the proposed NIDS and IMPS components of ARS in a cyber-physical testbed environment. Our experimental results reveal a promising performance in detecting and mitigating different classes of cyberattacks while supporting an alert visualization dashboard to provide an accurate situational awareness in real-time.

Recent advances in adversarial attacks uncover the intrinsic vulnerability of modern deep neural networks. Since then, extensive efforts have been devoted to enhancing the robustness of deep networks via specialized learning algorithms and loss functions. In this work, we take an architectural perspective and investigate the patterns of network architectures that are resilient to adversarial attacks. To obtain the large number of networks needed for this study, we adopt one-shot neural architecture search, training a large network for once and then finetuning the sub-networks sampled therefrom. The sampled architectures together with the accuracies they achieve provide a rich basis for our study. Our ''robust architecture Odyssey'' reveals several valuable observations: 1) densely connected patterns result in improved robustness; 2) under computational budget, adding convolution operations to direct connection edge is effective; 3) flow of solution procedure (FSP) matrix is a good indicator of network robustness. Based on these observations, we discover a family of robust architectures (RobNets). On various datasets, including CIFAR, SVHN, Tiny-ImageNet, and ImageNet, RobNets exhibit superior robustness performance to other widely used architectures. Notably, RobNets substantially improve the robust accuracy ( 5% absolute gains) under both white-box and black-box attacks, even with fewer parameter numbers. Code is available at https://github.com/gmh14/RobNets.

The following topics are dealt with: security of data; distributed power generation; power engineering computing; power grids; power system security; computer network security; voltage control; risk management; power system measurement; critical infrastructures.

Over time, the use of wireless technologies has significantly increased due to bandwidth improvements, cost-effectiveness, and ease of deployment. Owing to the ease of access to the communication medium, wireless communications and technologies are inherently vulnerable to attacks. These attacks include brute force attacks such as jamming attacks and those that target the communication protocol (Wi-Fi and Bluetooth protocols). Thus, there is a need to make wireless communication resilient and secure against attacks. Existing wireless protocols and applications have attempted to address the need to improve systems security as well as privacy. They have been highly effective in addressing privacy issues, but ineffective in addressing security threats like jamming and session hijacking attacks and other types of Denial of Service Attacks. In this article, we present an ``architecture for resilient wireless communications'' based on the concept of Moving Target Defense. To increase the difficulty of launching successful attacks and achieve resilient operation, we changed the runtime characteristics of wireless links, such as the modulation type, network address, packet size, and channel operating frequency. The architecture reduces the overhead resulting from changing channel configurations using two communication channels, in which one is used for communication, while the other acts as a standby channel. A prototype was built using Software Defined Radio to test the performance of the architecture. Experimental evaluations showed that the approach was resilient against jamming attacks. We also present a mathematical analysis to demonstrate the difficulty of performing a successful attack against our proposed architecture.

With current IoT architectures, once a single device in a network is compromised, it can be used to disrupt the behavior of other devices on the same network. Even though system administrators can secure critical devices in the network using best practices and state-of-the-art technology, a single vulnerable device can undermine the security of the entire network. The goal of this work is to limit the ability of an attacker to exploit a vulnerable device on an IoT network and fabricate deceitful messages to co-opt other devices. The approach is to limit attackers by using device proxies that are used to retransmit and control network communications. We present an architecture that prevents deceitful messages generated by compromised devices from affecting the rest of the network. The design assumes a centralized and trustworthy machine that can observe the behavior of all devices on the network. The central machine collects application layer data, as opposed to low-level network traffic, from each IoT device. The collected data is used to train models that capture the normal behavior of each individual IoT device. The normal behavioral data is then used to monitor the IoT devices and detect anomalous behavior. This paper reports on our experiments using both a binary classifier and a density-based clustering algorithm to model benign IoT device behavior with a realistic test-bed, designed to capture normal behavior in an IoT-monitored environment. Results from the IoT testbed show that both the classifier and the clustering algorithms are promising and encourage the use of application-level data for detecting compromised IoT devices.

The increasing complexity of modern computing devices has rendered security architectures vulnerable to recent side-channel and transient-execution attacks. We discuss the most relevant defenses as well as their drawbacks and how to overcome them for next-generation secure processor design.

Modern System-on-Chip (SoC) designs integrate a number of third party IPs (3PIPs) that coordinate and communicate through a Network-on-Chip (NoC) fabric to realize system functionality. An important class of SoC security attack involves a rogue IP tampering with the inter-IP communication. These attacks include message snoop, message mutation, message misdirection, IP masquerade, and message flooding. Static IP-level trust verification cannot protect against these SoC-level attacks. In this paper, we analyze the vulnerabilities of system level communication among IPs and develop a novel SoC security architecture that provides system resilience against exploitation by untrusted 3PIPs integrated over an NoC fabric. We show how to address the problem through a collection of fine-grained SoC security policies that enable on-the-fly monitoring and control of appropriate security-relevant events. Our approach, for the first time to our knowledge, provides an architecture-level solution for trusted SoC communication through run-time resilience in the presence of untrusted IPs. We demonstrate viability of our approach on a realistic SoC design through a series of attack models and show that our architecture incurs minimal to modest overhead in area, power, and system latency.

Most cyber-attacks and data breaches in cloud infrastructure are due to human errors and misconfiguration vulnerabilities. Cloud customer-centric tools are imperative for mitigating these issues, however existing cloud security models are largely unable to tackle these security challenges. Therefore, novel security mechanisms are imperative, we propose Risk-driven Fault Injection (RDFI) techniques to address these challenges. RDFI applies the principles of chaos engineering to cloud security and leverages feedback loops to execute, monitor, analyze and plan security fault injection campaigns, based on a knowledge-base. The knowledge-base consists of fault models designed from secure baselines, cloud security best practices and observations derived during iterative fault injection campaigns. These observations are helpful for identifying vulnerabilities while verifying the correctness of security attributes (integrity, confidentiality and availability). Furthermore, RDFI proactively supports risk analysis and security hardening efforts by sharing security information with security mechanisms. We have designed and implemented the RDFI strategies including various chaos engineering algorithms as a software tool: CloudStrike. Several evaluations have been conducted with CloudStrike against infrastructure deployed on two major public cloud infrastructure: Amazon Web Services and Google Cloud Platform. The time performance linearly increases, proportional to increasing attack rates. Also, the analysis of vulnerabilities detected via security fault injection has been used to harden the security of cloud resources to demonstrate the effectiveness of the security information provided by CloudStrike. Therefore, we opine that our approaches are suitable for overcoming contemporary cloud security issues.

The following topics are dealt with: Internet of Things; invasive software; security of data; program testing; reverse engineering; product codes; binary codes; decoding; maximum likelihood decoding; field programmable gate arrays.

Modern computing networks that enable distributed computing are comprised of a wide range of heterogeneous devices with different levels of resources, which are interconnected by different networking technologies and communication protocols. This integration, together with the state of the art technologies, has brought into play new uncertainties, associated with physical world and the cyber space. In heterogeneous networked control systems environments, awareness and resilience are two important properties that these systems should bear and comply with. In this work the problem of resilience enhancement in heterogeneous networked control systems is addressed based on a distributed middleware, which is propped up on a hierarchical multi-agent framework, where each of the constituent agents is devoted to a specific task. The proposed architecture takes into account physical and cyber vulnerabilities and ensures state and context awareness, and a minimum level of acceptable operational performance, in response to physical and cyber disturbances. Experiments on a IPv6-based test-bed proved the relevance and benefits offered by the proposed architecture.

Data fusion, as a means to improve aircraft and air traffic safety, is a recent focus of some researchers and system developers. Increases in data volume and processing needs necessitate more powerful hardware and more flexible software architectures to satisfy these needs. Such improvements in processed data also mean the overall system becomes more complex and correspondingly, resulting in a potentially significantly larger cyber-attack space. Today's multicore processors are one means of satisfying the increased computational needs of data fusion-based systems. When coupled with a real-time operating system (RTOS) capable of flexible core and application scheduling, large cabinets of (power hungry) single-core processors may be avoided. The functional and assurance capabilities of such an RTOS can be critical elements in providing application isolation, constrained data flows, and restricted hardware access (including covert channel prevention) necessary to reduce the overall cyber-attack space. This paper examines fundamental considerations of a multiple independent levels of security (MILS) architecture when supported by a multicore-based real-time operating system. The paper draws upon assurance activities and functional properties associated with a previous Common Criteria evaluation assurance level (EAL) 6+ / High-Robustness Separation Kernel certification effort and contrast those with activities performed as part of a MILS multicore related project. The paper discusses key characteristics and functional capabilities necessary to achieve overall system security and safety. The paper defines architectural considerations essential for scheduling applications on a multicore processor to reduce security risks. For civil aircraft systems, the paper discusses the applicability of the security assurance and architecture configurations to system providers looking to increase their resilience to cyber threats.

The lack of strong cyber-physical modeling capabilities presents many challenges across the design, development, verification, and maintenance phases of a system [7]. Novel techniques for modeling the cyber-grid components, along with analysis and verification techniques, are imperative to the deployment of a resilient and robust power grid. Several works address False Data Injection (FDI) attacks to the power grid. However, most of them suffer from the lack of a model to investigate the effects of attacks. This paper proposed a cyber-physical model using Architecture Analysis & Design Language (AADL) [15] and power system information models to address different attacks in power systems.