Biblio

SWIM (System Wide Information Management) has become the development direction of A TM (Air Traffic Management) system by providing interoperable services to promote the exchange and sharing of data among various stakeholders. The premise of data sharing is security, and the access control has become the key guarantee for the secure sharing and exchange. The CP-ABE scheme (Ciphertext Policy Attribute-Based Encryption) can realize one-to-many access control, which is suitable for the characteristics of SWIM environment. However, the combination of the existing CP-ABE access control and SWIM has following constraints. 1. The traditional single authority CP-ABE scheme requires unconditional trust in the authority center. Once the authority center is corrupted, the excessive authority of the center may lead to the complete destruction of system security. So, SWIM with a large user group and data volume requires multiple authorities CP-ABE when performing access control. 2. There is no unified management of users' data access records. Lack of supervision on user behavior make it impossible to effectively deter malicious users. 3. There are a certain proportion of lightweight data users in SWIM, such as aircraft, users with handheld devices, etc. And their computing capacity becomes the bottleneck of data sharing. Aiming at these issues above, this paper based on cloud-chain fusion basically proposes a multi-authority CP-ABE scheme, called the MOV ATM scheme, which has three advantages. 1. Based on a multi-cloud and multi-authority CP-ABE, this solution conforms to the distributed nature of SWIM; 2. This scheme provides outsourced computing and verification functions for lightweight users; 3. Based on blockchain technology, a blockchain that is maintained by all stakeholders of SWIM is designed. It takes user's access records as transactions to ensure that access records are well documented and cannot be tampered with. Compared with other schemes, this scheme adds the functions of multi-authority, outsourcing, verifiability and auditability, but do not increase the decryption cost of users.

The computing of smart devices at the perception layer of the power Internet of Things is often insufficient, and complex computing can be outsourced to server resources such as the cloud computing, but the allocation process is not safe and controllable. Under special constraints of the power Internet of Things such as multi-users and heterogeneous terminals, we propose a CP-ABE-based non-interactive verifiable computation model of perceptual layer data. This model is based on CP-ABE, NPOT, FHE and other relevant safety and verifiable theories, and designs a new multi-user non-interactive secure verifiable computing scheme to ensure that only users with the decryption key can participate in the execution of NPOT Scheme. In terms of the calculation process design of the model, we gave a detailed description of the system model, security model, plan. Based on the definition given, the correctness and safety of the non-interactive safety verifiable model design in the power Internet of Things environment are proved, and the interaction cost of the model is analyzed. Finally, it proves that the CP-ABE-based non-interactive verifiable computation model for the perceptual layer proposed in this paper has greatly improved security, applicability, and verifiability, and is able to meet the security outsourcing of computing in the power Internet of Things environment.

Cloud computing is a unified management and scheduling model of computing resources. To satisfy multiple resource requirements for various application, edge computing has been proposed. One challenge of edge computing is cross-domain data security sharing problem. Ciphertext policy attribute-based encryption (CP-ABE) is an effective way to ensure data security sharing. However, many existing schemes focus on could computing, and do not consider the features of edge computing. In order to address this issue, we propose a cross-domain data security sharing approach for edge computing based on CP-ABE. Besides data user attributes, we also consider access control from edge nodes to user data. Our scheme first calculates public-secret key peer of each edge node based on its attributes, and then uses it to encrypt secret key of data ciphertext to ensure data security. In addition, our scheme can add non-user access control attributes such as time, location, frequency according to the different demands. In this paper we take time as example. Finally, the simulation experiments and analysis exhibit the feasibility and effectiveness of our approach.

Social networks are considered to be heterogeneous graph neural networks (HGNNs) with deep learning technological advances. HGNNs, compared to homogeneous data, absorb various aspects of information about individuals in the training stage. That means more information has been covered in the learning result, especially sensitive information. However, the privacy-preserving methods on homogeneous graphs only preserve the same type of node attributes or relationships, which cannot effectively work on heterogeneous graphs due to the complexity. To address this issue, we propose a novel heterogeneous graph neural network privacy-preserving method based on a differential privacy mechanism named HeteDP, which provides a double guarantee on graph features and topology. In particular, we first define a new attack scheme to reveal privacy leakage in the heterogeneous graphs. Specifically, we design a two-stage pipeline framework, which includes the privacy-preserving feature encoder and the heterogeneous link reconstructor with gradients perturbation based on differential privacy to tolerate data diversity and against the attack. To better control the noise and promote model performance, we utilize a bi-level optimization pattern to allocate a suitable privacy budget for the above two modules. Our experiments on four public benchmarks show that the HeteDP method is equipped to resist heterogeneous graph privacy leakage with admirable model generalization.

With the increasing complexity of the driving environment, more and more attention has been paid to the research on improving the intelligentization of traffic control. Among them, the digital twin-based internet of vehicle can establish a mirror system on the cloud to improve the efficiency of communication between vehicles, provide warning and safety instructions for drivers, avoid driving potential dangers. To ensure the security and effectiveness of data sharing in traffic control, this paper proposes a secure and privacy-preserving scheme for digital twin-based traffic control. Specifically, in the data uploading phase, we employ a group signature with a time-bound keys technique to realize data source authentication with efficient members revocation and privacy protection, which can ensure that data can be securely stored on cloud service providers after it synchronizes to its twin. In the data sharing stage, we employ the secure and efficient attribute-based access control technique to provide flexible and efficient data sharing, in which the parameters of a specific sub-policy can be stored during the first decryption and reused in subsequent data access containing the same sub-policy, thus reducing the computing complexity. Finally, we analyze the security and efficiency of the scheme theoretically.

This paper studies the problem of designing optimal privacy mechanism with less energy cost. The eavesdropper and the defender with limited resources should choose which channel to eavesdrop and defend, respectively. A zero-sum stochastic game framework is used to model the interaction between the two players and the game is solved through the Nash Q-learning approach. A numerical example is given to verify the proposed method.

The development of science and technology has led to the construction of smart cities, and in this scenario, there are many applications that need to provide their real-time location information, which is very likely to cause the leakage of personal location privacy. To address this situation, this paper designs a location privacy protection scheme based on graph anonymity, which is based on the privacy protection idea of K-anonymity, and represents the spatial distribution among APs in the form of a graph model, using the method of finding clustered noisy fingerprint information in the graph model to ensure a similar performance to the real location fingerprint in the localization process, and thus will not be distinguished by the location providers. Experiments show that this scheme can improve the effectiveness of virtual locations and reduce the time cost using greedy strategy, which can effectively protect location privacy.

In the context of big data era, in order to prevent malicious access and information leakage during data services, researchers put forward a location big data encryption method based on privacy protection in practical exploration. According to the problems arising from the development of information network in recent years, users often encounter the situation of randomly obtaining location information in the network environment, which not only threatens their privacy security, but also affects the effective transmission of information. Therefore, this study proposed the privacy protection as the core position of big data encryption method, must first clear position with large data representation and positioning information, distinguish between processing position information and the unknown information, the fuzzy encryption theory, dynamic location data regrouping, eventually build privacy protection as the core of the encryption algorithm. The empirical results show that this method can not only effectively block the intrusion of attack data, but also effectively control the error of position data encryption.

Cloud computing solutions enable Cyber-Physical Systems (CPSs) to utilize significant computational resources and implement sophisticated control algorithms even if limited computation capabilities are locally available for these systems. However, such a control architecture suffers from an important concern related to the privacy of sensor measurements and the computed control inputs within the cloud. This paper proposes a solution that allows implementing a set-theoretic model predictive controller on the cloud while preserving this privacy. This is achieved by exploiting the offline computations of the robust one-step controllable sets used by the controller and two affine transformations of the sensor measurements and control optimization problem. It is shown that the transformed and original control problems are equivalent (i.e., the optimal control input can be recovered from the transformed one) and that privacy is preserved if the control algorithm is executed on the cloud. Moreover, we show how the actuator can take advantage of the set-theoretic nature of the controller to verify, through simple set-membership tests, if the control input received from the cloud is admissible. The correctness of the proposed solution is verified by means of a simulation experiment involving a dual-tank water system.

Differential privacy is a widely-used metric, which provides rigorous privacy definitions and strong privacy guarantees. Much of the existing studies on differential privacy are based on datasets where the tuples are independent, and thus are not suitable for correlated data protection. In this paper, we focus on correlated differential privacy, by taking the data correlations and the prior knowledge of the initial data into account. The data correlations are modeled by Bayesian conditional probabilities, and the prior knowledge refers to the exact values of the data. We propose general correlated differential privacy conditions for the discrete and continuous random noise-adding mechanisms, respectively. In case that the conditions are inaccurate due to the insufficient prior knowledge, we introduce the tuple dependence based on rough set theory to improve the correlated differential privacy conditions. The obtained theoretical results reveal the relationship between the correlations and the privacy parameters. Moreover, the improved privacy condition helps strengthen the mechanism utility. Finally, evaluations are conducted over a micro-grid system to verify the privacy protection levels and utility guaranteed by correlated differential private mechanisms.

This paper investigates the problem of synthesizing sensor deception attackers against privacy in the context of supervisory control of discrete-event systems (DES). We consider a plant controlled by a supervisor, which is subject to sensor deception attacks. Specifically, we consider an active attacker that can tamper with the observations received by the supervisor. The privacy requirement of the supervisory control system is to maintain initial-state opacity, i.e., it does not want to reveal the fact that it was initiated from a secret state during its operation. On the other hand, the attacker aims to deceive the supervisor, by tampering with its observations, such that initial-state opacity is violated due to incorrect control actions. We investigate from the attacker’s point of view by presenting an effective approach for synthesizing sensor attack strategies threatening the privacy of the system. To this end, we propose the All Attack Structure (AAS) that records state estimates for both the supervisor and the attacker. This structure serves as a basis for synthesizing a sensor attack strategy. We also discuss how to simplify the synthesis complexity by leveraging the structural properties. A running academic example is provided to illustrate the synthesis procedure.

In today’s world, digital data are enormous due to technologies that advance data collection, storage, and analyses. As more data are shared or publicly available, privacy is of great concern. Having privacy means having control over your data. The first step towards privacy protection is to understand various aspects of privacy and have the ability to quantify them. Much work in structured data, however, has focused on approaches to transforming the original data into a more anonymous form (via generalization and suppression) while preserving the data integrity. Such anonymization techniques count data instances of each set of distinct attribute values of interest to signify the required anonymity to protect an individual’s identity or confidential data. While this serves the purpose, our research takes an alternative approach to provide quick privacy measures by way of anonymity especially when dealing with large-scale data. This paper presents a study of anonymity measures based on their relevant properties that impact privacy. Specifically, we identify three properties: uniformity, variety, and diversity, and formulate their measures. The paper provides illustrated examples to evaluate their validity and discusses the use of multi-aspects of anonymity and privacy measures.

Recently, it has been proposed to deal with fusion of multi-object densities exploiting the minimum information loss (MIL) rule, which has shown its superiority over generalized covariance intersection (GCI) fusion whenever sensor nodes have low detection probability. On the contrary, GCI shows better performance than MIL when dense clutter is involved in the measurements. In this paper, we are going to study the behavior of multi-object fusion with MIL and, respectively, GCI rules in the situation wherein the sensor network is exposed to cyber-attacks. Both theoretical and numerical analyses demonstrate that MIL is more robust than GCI fusion when the multi-sensor system is subject to a packet substitution attack.

We study how information flows through a multi-robot network in order to better understand how to provide resilience to malicious information. While the notion of global resilience is well studied, one way existing methods provide global resilience is by bringing robots closer together to improve the connectivity of the network. However, large changes in network structure can impede the team from performing other functions such as coverage, where the robots need to spread apart. Our goal is to mitigate the trade-off between resilience and network structure preservation by applying resilience locally in areas of the network where it is needed most. We introduce a metric, Influence, to identify vulnerable regions in the network requiring resilience. We design a control law targeting local resilience to the vulnerable areas by improving the connectivity of robots within these areas so that each robot has at least 2F+1 vertex-disjoint communication paths between itself and the high influence robot in the vulnerable area. We demonstrate the performance of our local resilience controller in simulation and in hardware by applying it to a coverage problem and comparing our results with an existing global resilience strategy. For the specific hardware experiments, we show that our control provides local resilience to vulnerable areas in the network while only requiring 9.90% and 15.14% deviations from the desired team formation compared to the global strategy.

Resilience of urban infrastructure to sudden, system-wide, potentially catastrophic events is a critical need across domains. The growing connectivity of infrastructure, including its cyber-physical components which can be controlled in real time, offers an attractive path towards rapid adaptation to adverse events and adjustment of system objectives. However, existing work in the field often offers disjoint approaches that respond to particular scenarios. On the other hand, abstract work on control of complex systems focuses on attempting to adapt to the changes in the system dynamics or environment, but without understanding that the system may simply not be able to perform its original task after an adverse event. To address this challenge, this programmatic paper proposes a vision for a new paradigm of infrastructure resilience. Such a framework treats infrastructure across domains through a unified theory of controlled dynamical systems, but remains cognizant of the lack of knowledge about the system following a widespread adverse event and aims to identify the system's fundamental limits. As a result, it will enable the infrastructure operator to assess and assure system performance following an adverse event, even if the exact nature of the event is not yet known. Building off ongoing work on assured resilience of control systems, in this paper we identify promising early results, challenges that motivate the development of resilience theory for infrastructure system, and possible paths forward for the proposed effort.

Actuator malfunctions may have disastrous con-sequences for systems not designed to mitigate them. We focus on the loss of control authority over actuators, where some actuators are uncontrolled but remain fully capable. To counter-act the undesirable outputs of these malfunctioning actuators, we use real-time measurements and redundant actuators. In this setting, a system that can still reach its target is deemed resilient. To quantify the resilience of a system, we compare the shortest time for the undamaged system to reach the target with the worst-case shortest time for the malfunctioning system to reach the same target, i.e., when the malfunction makes that time the longest. Contrary to prior work on driftless linear systems, the absence of analytical expression for time-optimal controls of general linear systems prevents an exact calculation of quantitative resilience. Instead, relying on Lyapunov theory we derive analytical bounds on the nominal and malfunctioning reach times in order to bound quantitative resilience. We illustrate our work on a temperature control system.

Public transportation is an important system of urban passenger transport. The purpose of this article is to explore the impact of network resilience when each station of urban rail transit network was attacked by large passenger flow. Based on the capacity load model, we propose a load redistribution mechanism to simulate the passenger flow propagation after being attacked by large passenger flow. Then, taking Xi'an's rail network as an example, we study the resilience variety of the network after a node is attacked by large passenger flow. Through some attack experiments, the feasibility of the model for studying the resilience of the rail transit system is finally verified.

This paper deals with the implementation of robust control, based on the finite time Lyapunov stability theory, to solve the trajectory tracking problem of an unconventional quadrotor with rotating arms (also known as foldable drone). First, the model of this Unmanned Aerial Vehicle (UAV) taking into consideration the variation of the inertia, the Center of Gravity (CoG) and the control matrix is presented. The theoretical foundations of backstepping control enhanced by a Super-Twisting (ST) algorithm are then discussed. Numerical simulations are performed to demonstrate the effectiveness of the proposed control strategy. Finally, a qualitative and quantitative comparative study is made between the proposed controller and the classical backstepping controller. Overall, the results obtained show that the proposed control approach provides better performance in terms of accuracy and resilience.

Network attacks are becoming more intense and characterized by complexity and persistence. Mechanisms that ensure network resilience to faults and threats should be well provided. Different approaches have been proposed to network resilience; however, most of them rely on static policies, which is unsuitable for current complex network environments and real-time requirements. To address these issues, we present a Belief-Desire-Intention (BDI) based multi-agent resilience network controller coupled with blockchain. We first clarify the theory and platform of the BDI, then discuss how the BDI evaluates the network resilience. In addition, we present the architecture, workflow, and applications of the resilience network controller. Simulation results show that the resilience network controller can effectively detect and mitigate distributed denial of service attacks.

In this paper, we deal with the resilient consensus problem in networked control systems in which a group of agents are interacting with each other. A min-max-based resilient consensus algorithm has been proposed to help normal agents reach an agreement upon their state values in the presence of misbehaving ones. It is shown that the use of the developed algorithm will result in less computational load and fast convergence. Both synchronous and asynchronous update schemes for the network have been studied. Finally, the effectiveness of the proposed algorithm has been evaluated through numerical examples.

The resilience assessment of electric and gas networks gains importance due to increasing interdependencies caused by the coupling of gas-fired units. However, the gradually increasing scale of the integrated electricity and gas system (IEGS) poses a significant challenge to current assessment methods. The numerical analysis method is accurate but time-consuming, which may incur a significant computational cost in large-scale IEGS. Therefore, this paper proposes a resilience assessment method based on hetero-functional graph theory for IEGS to balance the accuracy with the computational complexity. In contrast to traditional graph theory, HFGT can effectively depict the coupled systems with inherent heterogeneity and can represent the structure of heterogeneous functional systems in a clear and unambiguous way. In addition, due to the advantages of modelling the system functionality, the effect of line-pack in the gas network on the system resilience is depicted more precisely in this paper. Simulation results on an IEGS with the IEEE 9-bus system and a 7-node gas system verify the effectiveness of the proposed method.

In order to solve the problem that the traditional “centralized” access control technology can no longer guarantee the security of access control in the current Internet of Things (IoT)environment, a dynamic access control game mechanism based on trust is proposed. According to the reliability parameters of the recommended information obtained by the two elements of interaction time and the number of interactions, the user's trust value is dynamically calculated, and the user is activated and authorized to the role through the trust level corresponding to the trust value. The trust value and dynamic adjustment factor are introduced into the income function to carry out game analysis to avoid malicious access behavior of users. The hybrid Nash equilibrium strategy of both sides of the transaction realizes the access decision-making work in the IoT environment. Experimental results show that the game mechanism proposed in this paper has a certain restraining effect on malicious nodes and can play a certain incentive role in the legitimate access behavior of IoT users.

National cultural security has existed since ancient times, but it has become a focal proposition in the context of the times and real needs. From the perspective of national security, national cultural security is an important part of national security, and it has become a strategic task that cannot be ignored in defending national security. Cultural diversity and imbalance are the fundamental prerequisites for the existence of national cultural security. Finally, the artificial intelligence algorithm is used as the theoretical basis for this article, the connotation and characteristics of China's national cultural security theory; Xi Jinping's "network view"; network ideological security view. The fourth part is the analysis of the current cultural security problems, hazards and their root causes in our country.

Access control is a widely used technology to protect information security. The implementation of access control depends on the response generated by access control policies to users’ access requests. Therefore, ensuring the correctness of access control policies is an important step to ensure the smooth implementation of access control mechanisms. To solve this problem, this paper proposes a constraint based access control policy security analysis framework (CACPSAF) to perform security analysis on access control policies. The framework transforms the problem of security analysis of access control policy into the satisfiability of security principle constraints. The analysis and calculation of access control policy can be divided into formal transformation of access control policy, SMT coding of policy model, generation of security principle constraints, policy detection and evaluation. The security analysis of policies is divided into mandatory security principle constraints, optional security principle constraints and user-defined security principle constraints. The multi-dimensional security analysis of access control policies is realized and the semantic expression of policy analysis is stronger. Finally, the effectiveness of this framework is analyzed by performance evaluation, which proves that this framework can provide strong support for fine-grained security analysis of policies, and help to correctly model and conFigure policies during policy modeling, implementation and verification.

This paper presents a study on the "Dynamic Load Altering Attacks" (D-LAAs), their effects on the dynamics of a transmission network, and provides a robust control protection scheme, based on polytopic uncertainties, invariance theory, Lyapunov arguments and graph theory. The proposed algorithm returns an optimal Energy Storage Systems (ESSs) placement, that minimizes the number of ESSs placed in the network, together with the associated control law that can robustly stabilize against D-LAAs. The paper provides a contextualization of the problem and a modelling approach for power networks subject to D-LAAs, suitable for the designed robust control protection scheme. The paper also proposes a reference scenario for the study of the dynamics of the control actions and their effects in different cases. The approach is evaluated by numerical simulations on large networks.