Biblio

Security evaluation of diverse SDN frameworks is of significant importance to design resilient systems and deal with attacks. Focused on SDN scenarios, a game-theoretic model is proposed to analyze their security performance in existing SDN architectures. The model can describe specific traits in different structures, represent several types of information of players (attacker and defender) and quantitatively calculate systems' reliability. Simulation results illustrate dynamic SDN structures have distinct security improvement over static ones. Besides, effective dynamic scheduling mechanisms adopted in dynamic systems can enhance their security further.

Conventional cyber defenses require continual maintenance: virus, firmware, and software updates; costly functional impact tests; and dedicated staff within a security operations center. The conventional defenses require access to external sources for the latest updates. The whitelisted system, however, is ideally a system that can sustain itself freed from external inputs. Cyber-Physical Systems (CPS), have the following unique traits: digital commands are physically observable and verifiable; possible combinations of commands are limited and finite. These CPS traits, combined with a trust anchor to secure an unclonable digital identity (i.e., digitally unclonable function [DUF] - Patent Application \#15/183,454; CodeLock), offers an excellent opportunity to explore defenses built on whitelisting approach called “Trustworthy Design Architecture (TDA).” There exist significant research challenges in defining what are the physically verifiable whitelists as well as the criteria for cyber-physical traits that can be used as the unclonable identity. One goal of the project is to identify a set of physical and/or digital characteristics that can uniquely identify an endpoint. The measurements must have the properties of being reliable, reproducible, and trustworthy. Given that adversaries naturally evolve with any defense, the adversary will have the goal of disrupting or spoofing this process. To protect against such disruptions, we provide a unique system engineering technique, when applied to CPSs (e.g., nuclear processing facilities, critical infrastructures), that will sustain a secure operational state without ever needing external information or active inputs from cybersecurity subject-matter experts (i.e., virus updates, IDS scans, patch management, vulnerability updates). We do this by eliminating system dependencies on external sources for protection. Instead, all internal co- munication is actively sealed and protected with integrity, authenticity and assurance checks that only cyber identities bound to the physical component can deliver. As CPSs continue to advance (i.e., IoTs, drones, ICSs), resilient-maintenance free solutions are needed to neutralize/reduce cyber risks. TDA is a conceptual system engineering framework specifically designed to address cyber-physical systems that can potentially be maintained and operated without the persistent need or demand for vulnerability or security patch updates.

Unattended Wireless Sensor Networks (UWSN) are usually deployed in human-hostile environments. Such architectures raise a challenge to data protection for two main reasons. First, sensors have limited capacities in terms of performance and memory, so not all cryptographic mechanisms can be applied. Moreover, the measurements cannot be immediately gathered, so they have to be kept inside the devices until a mobile sink comes to collect them. This paper introduces a new method for secure and resilient data protection inside UWSN. It is based on a lightweight fragmentation scheme that transforms data collected by a sensor into multiple secure fragments that are distributed over sensor's neighboring nodes in a way that only a certain amount of these fragments is required for data recovery. Moreover, data security is reinforced by the use of a dynamic key refreshed after each visit of the mobile sink. Authentication and integrity information are dispersed within the fragments to protected data from active attacks. Homomorphic properties of the algorithm allow to significantly reduce storage space inside the nodes. Performance and empirical security evaluation results show that the proposed scheme achieves a good trade-off between performance, data protection and memory occupation.

Vehicular ad-Hoc Networks (VANETs) have been promoted as a key technology that can provide a wide variety of services such as traffic management, passenger safety, as well as travel convenience and comfort. VANETs are now proposed to be part of the upcoming Fifth Generation (5G) technology, integrated with Software Defined Networking (SDN), as key enabler of 5G. The technology of fog computing in 5G turned out to be an adequate solution for faster processing in delay sensitive application, such as VANETs, being a hybrid solution between fully centralized and fully distributed networks. In this paper, we propose a three-way integration between VANETs, SDN, and 5G for a resilient VANET security design approach, which strikes a good balance between network, mobility, performance and security features. We show how such an approach can secure VANETs from different types of attacks such as Distributed Denial of Service (DDoS) targeting either the controllers or the vehicles in the network, and how to trace back the source of the attack. Our evaluation shows the capability of the proposed system to enforce different levels of real-time user-defined security, while maintaining low overhead and minimal configuration.

Utility networks are part of every nation's critical infrastructure, and their protection is now seen as a high priority objective. In this paper, we propose a threat awareness architecture for critical infrastructures, which we believe will raise security awareness and increase resilience in utility networks. We first describe an investigation of trends and threats that may impose security risks in utility networks. This was performed on the basis of a viewpoint approach that is capable of identifying technical and non-technical issues (e.g., behaviour of humans). The result of our analysis indicated that utility networks are affected strongly by technological trends, but that humans comprise an important threat to them. This provided evidence and confirmed that the protection of utility networks is a multi-variable problem, and thus, requires the examination of information stemming from various viewpoints of a network. In order to accomplish our objective, we propose a systematic threat awareness architecture in the context of a resilience strategy, which ultimately aims at providing and maintaining an acceptable level of security and safety in critical infrastructures. As a proof of concept, we demonstrate partially via a case study the application of the proposed threat awareness architecture, where we examine the potential impact of attacks in the context of social engineering in a European utility company.

Building secure systems used to mean ensuring a secure perimeter, but that is no longer the case. Today's systems are ill-equipped to deal with attackers that are able to pierce perimeter defenses. Data provenance is a critical technology in building resilient systems that will allow systems to recover from attackers that manage to overcome the "hard-shell" defenses. In this paper, we provide background information on data provenance, details on provenance collection, analysis, and storage techniques and challenges. Data provenance is situated to address the challenging problem of allowing a system to "fight-through" an attack, and we help to identify necessary work to ensure that future systems are resilient.

This paper focuses on exploitable cyber vulnerabilities in industrial control systems (ICS) and on a new approach of resiliency against them. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of cyber-attacks for ICS is impossible. Countering the impact and consequence of possible malfunctions caused by such attacks in the safety-critical ICS's, this paper proposes new controller architecture to fail-operate even under compromised situations. The proposed new ICS is realized with diversification of hardware/software and unidirectional communication in alerting suspicious infiltration to upper-level management. Equipped with control bus monitoring, this operation-basis approach of infiltration detection would become a truly cyber-resilient ICS. The proposed system is tested in a lab hardware experimentation setup and on a cybersecurity test bed, DeterLab, for validation.

Life-cycle management of stateful VNF services is a complicated task, especially when automated resiliency and scaling should be handled in a secure manner, without service degradation. We present FlowSNAC, a resilient and scalable VNF service for user authentication and service deployment. FlowSNAC consists of both stateful and stateless components, some of that are SDN-based and others that are NFVs. We describe how it adapts to changing conditions by automatically updating resource allocations through a series of intermediate steps of traffic steering, resource allocation, and secure state transfer. We conclude by highlighting some of the lessons learned during implementation, and their wider consequences for the architecture of SDN/NFV management and orchestration systems.

With the developing understanding of Information Security and digital assets, IT technology has put on tremendous importance of network admission control (NAC). In NAC architecture, admission decisions and resource reservations are taken at edge devices, rather than resources or individual routers within the network. The NAC architecture enables resilient resource reservation, maintaining reservations even after failures and intra-domain rerouting. Admission Control Networks destiny is based on IP networks through its Security and Quality of Service (QoS) demands for real time multimedia application via advance resource reservation techniques. To achieve Security & QoS demands, in real time performance networks, admission control algorithm decides whether the new traffic flow can be admitted to the network or not. Secure allocation of Peer for multimedia traffic flows with required performance is a great challenge in resource reservation schemes. In this paper, we have proposed our model for VoIP networks in order to achieve security services along with QoS, where admission control decisions are taken place at edge routers. We have analyzed and argued that the measurement based admission control should be done at edge routers which employs on-demand probing parallel from both edge routers to secure the source and destination nodes respectively. In order to achieve Security and QoS for a new call, we choose various probe packet sizes for voice and video calls respectively. Similarly a technique is adopted to attain a security allocation approach for selecting an admission control threshold by proposing our admission control algorithm. All results are tested on NS2 based simulation to evalualate the network performance of edge router based upon network admission control in VoIP traffic.

Control plane distribution on Software Defined Networking enhances security, performance and scalability of the network. In this paper, we propose an efficient architecture for distribution of controllers. The main contributions of the proposed architecture are: i) A controller distributed areas to ensure security, performance and scalability of the network; ii) A single database maintained by a designated controller to provide consistency to the control plane; iii) An optimized heuristic for locating controllers to reduce latency in the control plane; iv) A resilient mechanism of choosing the designated controller to ensure the proper functioning of the network, even when there are failures. A prototype of the proposal was implemented and the placement heuristic was analyzed in real topologies. The results show that connectivity is maintained even in failure scenarios. Finally, we show that the placement optimization reduces the average latency of controllers. Our proposed heuristic achieves a fair distribution of controllers and outperforms the network resilience of other heuristics up to two times better.

We propose secure RAID, i.e., low-complexity schemes to store information in a distributed manner that is resilient to node failures and resistant to node eavesdropping. We generalize the concept of systematic encoding to secure RAID and show that systematic schemes have significant advantages in the efficiencies of encoding, decoding and random access. For the practical high rate regime, we construct three XOR-based systematic secure RAID schemes with optimal encoding and decoding complexities, from the EVENODD codes and B codes, which are array codes widely used in the RAID architecture. These schemes optimally tolerate two node failures and two eavesdropping nodes. For more general parameters, we construct efficient systematic secure RAID schemes from Reed-Solomon codes. Our results suggest that building “keyless”, information-theoretic security into the RAID architecture is practical.

The modern electric power grid is a complex cyber-physical system whose reliable operation is enabled by a wide-area monitoring and control infrastructure. Recent events have shown that vulnerabilities in this infrastructure may be exploited to manipulate the data being exchanged. Such a scenario could cause the associated control applications to mis-operate, potentially causing system-wide instabilities. There is a growing emphasis on looking beyond traditional cybersecurity solutions to mitigate such threats. In this paper we perform a testbed-based validation of one such solution - Attack Resilient Control (ARC) - on Iowa State University's PowerCyber testbed. ARC is a cyber-physical security solution that combines domain-specific anomaly detection and model-based mitigation to detect stealthy attacks on Automatic Generation Control (AGC). In this paper, we first describe the implementation architecture of the experiment on the testbed. Next, we demonstrate the capability of stealthy attack templates to cause forced under-frequency load shedding in a 3-area test system. We then validate the performance of ARC by measuring its ability to detect and mitigate these attacks. Our results reveal that ARC is efficient in detecting stealthy attacks and enables AGC to maintain system operating frequency close to its nominal value during an attack. Our studies also highlight the importance of testbed-based experimentation for evaluating the performance of cyber-physical security and control applications.

Customer Edge Switching (CES) is an experimental Internet architecture that provides reliable and resilient multi-domain communications. It provides resilience against security threats because domains negotiate inbound and outbound policies before admitting new traffic. As CES and its signalling protocols are being prototyped, there is a need for independent testing of the CES architecture. Hence, our research goal is to develop an automated test framework that CES protocol designers and early adopters can use to improve the architecture. The test framework includes security, functional, and performance tests. Using the Robot Framework and STRIDE analysis, in this paper we present this automated security test framework. By evaluating sample test scenarios, we show that the Robot Framework and our CES test suite have provided productive discussions about this new architecture, in addition to serving as clear, easy-to-read documentation. Our research also confirms that test automation can be useful to improve new protocol architectures and validate their implementation.

In this paper, we introduce the use of adaptive controllers into software-defined networking (SDN) and propose the use of adaptive consistency models in the context of distributed SDN controllers. These adaptive controllers can tune their own configurations in real-time in order to enhance the performance of the applications running on top of them. We expect that the use of such controllers could alleviate some of the emerging challenges in SDN that could have an impact on the performance, security, or scalability of the network. Further, we propose extending the SDN controller architecture to support adaptive consistency based on tunable consistency models. Finally, we compare the performance of a proof-of-concept distributed load-balancing application when it runs on-top of: (1) an adaptive and (2) a non-adaptive controller. Our results indicate that adaptive controllers were more resilient to sudden changes in the network conditions than the non-adaptive ones.

Internet infrastructure developments and the rise of the IoT Socio-Technical Systems (STS) have frequently generated more unsecure protocols to facilitate the rapid intercommunication between the plethoras of IoT devices. Whereas, current development of the IoT has been mainly focused on enabling and effectively meeting the functionality requirement of digital-enabled enterprises we have seen scant regard to their IA architecture, marginalizing system resilience with blatant afterthoughts to cyber defence. Whilst interconnected IoT devices do facilitate and expand information sharing; they further increase of risk exposure and potential loss of trust to their Socio-Technical Systems. A change in the IoT paradigm is needed to enable a security-first mind-set; if the trusted sharing of information built upon dependable resilient growth of IoT is to be established and maintained. We argue that Information Assurance is paramount to the success of IoT, specifically its resilience and dependability to continue its safe support for our digital economy.

Software Defined Networking (SDN) is the new promise towards an easily configured and remotely controlled network. Based on Centralized control, SDN technology has proved its positive impact on the world of network communications from different aspects. Security in SDN, as in traditional networks, is an essential feature that every communication system should possess. In this paper, we propose an SDN security design approach, which strikes a good balance between network performance and security features. We show how such an approach can be used to prevent DDoS attacks targeting either the controller or the different hosts in the network, and how to trace back the source of the attack. The solution lies in introducing a third plane, the security plane, in addition to the data plane, which is responsible for forwarding data packets between SDN switches, and parallel to the control plane, which is responsible for rule and data exchange between the switches and the SDN controller. The security plane is designed to exchange security-related data between a third party agent on the switch and a third party software module alongside the controller. Our evaluation shows the capability of the proposed system to enforce different levels of real-time user-defined security with low overhead and minimal configuration.

Efficient management and control of modern and next-gen networks is of paramount importance as networks have to maintain highly reliable service quality whilst supporting rapid growth in traffic demand and new application services. Rapid mitigation of network service degradations is a key factor in delivering high service quality. Automation is vital to achieving rapid mitigation of issues, particularly at the network edge where the scale and diversity is the greatest. This automation involves the rapid detection, localization and (where possible) repair of service-impacting faults and performance impairments. However, the most significant challenge here is knowing what events to detect, how to correlate events to localize an issue and what mitigation actions should be performed in response to the identified issues. These are defined as policies to systems such as ECOMP. In this paper, we present AESOP, a data-driven intelligent system to facilitate automatic learning of policies and rules for triggering remedial actions in networks. AESOP combines best operational practices (domain knowledge) with a variety of measurement data to learn and validate operational policies to mitigate service issues in networks. AESOP's design addresses the following key challenges: (i) learning from high-dimensional noisy data, (ii) capturing multiple fault models, (iii) modeling the high service-cost of false positives, and (iv) accounting for the evolving network infrastructure. We present the design of our system and show results from our ongoing experiments to show the effectiveness of our policy leaning framework.

When a person gets to a door and wants to get in, what do they do? They knock. In our system, the user's specific knock pattern authenticates their identity, and opens the door for them. The system empowers people's intuitive actions and responses to affect the world around them in a new way. We leverage IOT, and physical computing to make more technology feel like less. From there, the system of a knock based entrance creates affordances in social interaction for shared spaces wherein ownership fluidity and accessibility needs to be balanced with security

A low power consumption three-position four-way direct drive control valve based on hybrid excited linear actuator (HELA-DDCV) was provided to meet the requirements of the response time and the power consumption. A coupling system numerical model was established and validated by experiments, which is based on Matlab/Simulink, from four points of view: electric circuit, electromagnetic field, mechanism and fluid mechanics. A dual-closed-loop PI control strategy for both spool displacement and coil current is adopted, and the process of displacement response was analyzed as well as the power consumption performances. The results show that the prototype valve spool displacement response time is less than 9.6ms. Furthermore, the holding current is less than 30% of the peak current in working process, which reduces the power consumption effectively and improves the system stability. Note that the holding current can be eliminated when the spool working at the ends of stroke, and 0.26 J energy is needed in once action independent of the working time.

Identity masking methods have been developed in recent years for use in multiple applications aimed at protecting privacy. There is only limited work, however, targeted at evaluating effectiveness of methods-with only a handful of studies testing identity masking effectiveness for human perceivers. Here, we employed human participants to evaluate identity masking algorithms on video data of drivers, which contains subtle movements of the face and head. We evaluated the effectiveness of the “personalized supervised bilinear regression method for Facial Action Transfer (FAT)” de-identification algorithm. We also evaluated an edge-detection filter, as an alternate “fill-in” method when face tracking failed due to abrupt or fast head motions. Our primary goal was to develop methods for humanbased evaluation of the effectiveness of identity masking. To this end, we designed and conducted two experiments to address the effectiveness of masking in preventing recognition and in preserving action perception. 1- How effective is an identity masking algorithm?We conducted a face recognition experiment and employed Signal Detection Theory (SDT) to measure human accuracy and decision bias. The accuracy results show that both masks (FAT mask and edgedetection) are effective, but that neither completely eliminated recognition. However, the decision bias data suggest that both masks altered the participants' response strategy and made them less likely to affirm identity. 2- How effectively does the algorithm preserve actions? We conducted two experiments on facial behavior annotation. Results showed that masking had a negative effect on annotation accuracy for the majority of actions, with differences across action types. Notably, the FAT mask preserved actions better than the edge-detection mask. To our knowledge, this is the first study to evaluate a deidentification method aimed at preserving facial ac- ions employing human evaluators in a laboratory setting.

In this proposed method, the traditional elevators are upgraded in such a way that any alarming situation in the elevator can be detected and then sent to a main center where further action can be taken accordingly. Different emergency situation can be handled by implementing the system. Smart elevator system works by installing different modules inside the elevator such as speed sensors which will detect speed variations occurring above or below a certain threshold of elevator speed. The smart elevator system installed within the elevator sends a message to the emergency response center and sends an automated call as well. The smart system also includes an emotion detection algorithm which will detect emotions of the individual based on their expression in the elevator. The smart system also has a whisper detection system as well to know if someone stuck inside the elevator is alive during any hazardous situation. A broadcast signal is used as a check in the elevator system to evaluate if every part of the system is in stable state. Proposed system can completely replace the current elevator systems and become part of smart homes.

We present a novel multimodal fusion model for affective content analysis, combining visual, audio and deep visual-sentiment descriptors from the media content with automated facial action measurements from naturalistic responses to the media. We collected a dataset of 48,867 facial responses to 384 media clips and extracted a rich feature set from the facial responses and media content. The stimulus videos were validated to be informative, inspiring, persuasive, sentimental or amusing. By combining the features, we were able to obtain a classification accuracy of 63% (weighted F1-score: 0.62) for a five-class task. This was a significant improvement over using the media content features alone. By analyzing the feature sets independently, we found that states of informed and persuaded were difficult to differentiate from facial responses alone due to the presence of similar sets of action units in each state (AU 2 occurring frequently in both cases). Facial actions were beneficial in differentiating between amused and informed states whereas media content features alone performed less well due to similarities in the visual and audio make up of the content. We highlight examples of content and reactions from each class. This is the first affective content analysis based on reactions of 10,000s of people.

Crowd management in urban settings has mostly relied on either classical, non-automated mechanisms or spontaneous notifications/alerts through social networks. Such management techniques are heavily marred by lack of comprehensive control, especially in terms of averting risks in a manner that ensures crowd safety and enables prompt emergency response. In this paper, we propose a Markov Decision Process Scheme MDP to realize a smart infrastructure that is directly aimed at crowd management. A key emphasis of the scheme is a robust and reliable scalability that provides sufficient flexibility to manage a mixed crowd (i.e., pedestrian, cyclers, manned vehicles and unmanned vehicles). The infrastructure also spans various population settings (e.g., roads, buildings, game arenas, etc.). To realize a reliable and scalable crowd management scheme, the classical MDP is decomposed into Local MDPs with smaller action-state spaces. Preliminarily results show that the MDP decomposition can reduce the system global cost and facilitate fast convergence to local near-optimal solution for each L-MDP.

This paper presents the results of research and simulation of feature automated control of a hysteretic object and the difference between automated control and automatic control. The main feature of automatic control is in the fact that the control loop contains human being as a regulator with its limited response speed. The human reaction can be described as integrating link. The hysteretic object characteristic is switching from one state to another. This is followed by a transient process from one to another characteristic. For this reason, it is very difficult to keep the object in a desired state. Automatic operation ensures fast switching of the feedback signal that produces such a mode, which in many ways is similar to the sliding mode. In the sliding mode control signal abruptly switches from maximum to minimum and vice versa. The average value provides the necessary action to the object. Theoretical analysis and simulation show that the use of the maximum value of the control signal is not required. It is sufficient that the switching oscillation amplitude is such that the output signal varies with the movement of the object along both branches with hysteretic characteristics in the fastest cycle. The average output value in this case corresponds to the prescribed value of the control task. With automated control, the human response can be approximately modeled by integrating regulator. In this case the amplitude fluctuation could be excessively high and the frequency could be excessively low. The simulation showed that creating an artificial additional fluctuation in the control signal makes possible to provide a reduction in the amplitude and the resulting increase in the frequency of oscillation near to the prescribed value. This should be evaluated as a way to improve the quality of automated control with the helps of human being. The paper presents some practical examples of the examined method.

Mission assurance requires effective, near-real time defensive cyber operations to appropriately respond to cyber attacks, without having a significant impact on operations. The ability to rapidly compute, prioritize and execute network-based courses of action (CoAs) relies on accurate situational awareness and mission-context information. Although diverse solutions exist for automatically collecting and analysing infrastructure data, few deliver automated analysis and implementation of network-based CoAs in the context of the ongoing mission. In addition, such processes can be operatorintensive and available tools tend to be specific to a set of common data sources and network responses. To address these issues, Defence Research and Development Canada (DRDC) is leading the development of the Automated Computer Network Defence (ARMOUR) technology demonstrator and cyber defence science and technology (S&T) platform. ARMOUR integrates new and existing off-the-shelf capabilities to provide enhanced decision support and to automate many of the tasks currently executed manually by network operators. This paper describes the cyber defence integration framework, situational awareness, and automated mission-oriented decision support that ARMOUR provides.