Biblio

In order to solve the problem of untargeted data security grading methods in the process of power grid data governance, this paper analyzes the mainstream data security grading standards at home and abroad, investigates and sorts out the characteristics of power grid data security grading requirements, and proposes a method that considers national, social, and A grid data security classification scheme for the security impact of four dimensions of individuals and enterprises. The plan determines the principle of power grid data security classification. Based on the basic idea of “who will be affected to what extent and to what extent when the power grid data security is damaged”, it defines three classification factors that need to be considered: the degree of impact, the scope of influence, and the objects of influence, and the power grid data is divided into five security levels. In the operation stage of power grid data security grading, this paper sorts out the experience and gives the recommended grading process. This scheme basically conforms to the status quo of power grid data classification, and lays the foundation for power grid data governance.

Smart grids are envisioned as the next-generation electricity grids. The data measured from the smart grid is very sensitive. It is thus highly necessary to adopt data access control in smart grids to guarantee the security and privacy of the measured data. Due to its flexibility and scalability, attribute-based encryption (ABE) is widely utilized to realize data access control in smart grids. However, most existing ABE solutions impose a heavy decryption overhead on their users. To this end, we propose a lightweight attribute-based encryption scheme for data access control in smart grids by adopting the idea of computation outsourcing. Under our proposed scheme, users can outsource a large amount of computation to a server during the decryption phase while still guaranteeing the security and privacy of the data. Theoretical analysis and experimental evaluation demonstrate that our scheme outperforms the existing schemes by achieving a very low decryption cost.

In defense and security applications, detection of moving target direction is as important as the target detection and/or target classification. In this study, a methodology for the detection of different mobile targets as approaching or receding was proposed for ground surveillance radar data, and convolutional neural networks (CNN) based on transfer learning were employed for this purpose. In order to improve the classification performance, the use of two key concepts, namely Deep Convolutional Generative Adversarial Network (DCGAN) and decision fusion, has been proposed. With DCGAN, the number of limited available data used for training was increased, thus creating a bigger training dataset with identical distribution to the original data for both moving directions. This generated synthetic data was then used along with the original training data to train three different pre-trained deep convolutional networks. Finally, the classification results obtained from these networks were combined with decision fusion approach. In order to evaluate the performance of the proposed method, publicly available RadEch dataset consisting of eight ground target classes was utilized. Based on the experimental results, it was observed that the combined use of the proposed DCGAN and decision fusion methods increased the detection accuracy of moving target for person, vehicle, group of person and all target groups, by 13.63%, 10.01%, 14.82% and 8.62%, respectively.

Smart cities deploy large numbers of sensors and collect a tremendous amount of data from them. For example, Advanced Metering Infrastructures (AMIs), which consist of physical meters that collect usage data about public utilities such as power and water, are an important building block in a smart city. In a typical sensor network, the measurement devices are connected through a computer network, which exposes them to cyber attacks. Furthermore, the data is centrally managed at the operator’s servers, making it vulnerable to insider threats.Our goal is to protect the integrity of data collected by large-scale sensor networks and the firmware in measurement devices from cyber attacks and insider threats. To this end, we first develop a comprehensive threat model for attacks against data and firmware integrity, which can target any of the stakeholders in the operation of the sensor network. Next, we use our threat model to analyze existing defense mechanisms, including signature checks, remote firmware attestation, anomaly detection, and blockchain-based secure logs. However, the large size of the Trusted Computing Base and a lack of scalability limit the applicability of these existing mechanisms. We propose the Feather-Light Blockchain Infrastructure (FLBI) framework to address these limitations. Our framework leverages a two-layer architecture and cryptographic threshold signature chains to support large networks of low-capacity devices such as meters and data aggregators. We have fully implemented the FLBI’s end-to-end functionality on the Hyperledger Fabric and private Ethereum blockchain platforms. Our experiments show that the FLBI is able to support millions of end devices.

FPGA bitstream protection schemes are often the first line of defense for secure hardware designs. In general, breaking the bitstream encryption would enable attackers to subvert the confidentiality and infringe on the IP. Or breaking the authenticity enables manipulating the design, e.g., inserting hardware Trojans. Since FPGAs see widespread use in our interconnected world, such attacks can lead to severe damages, including physical harm. Recently we [1] presented a surprising attack — Starbleed — on Xilinx 7-Series FPGAs, tricking an FPGA into acting as a decryption oracle. For their UltraScale(+) series, Xilinx independently upgraded the security features to AES-GCM, RSA signatures, and a periodic GHASH-based checksum to validate the bitstream during decryption. Hence, UltraScale(+) devices were considered not affected by Starbleed-like attacks [2], [1].We identified novel security weaknesses in Xilinx UltraScale(+) FPGAs if configured outside recommended settings. In particular, we present four attacks in this situation: two attacks on the AES encryption and novel GHASH-based checksum and two authentication downgrade attacks. As a major contribution, we show that the Starbleed attack is still possible within the UltraScale(+) series by developing an attack against the GHASH-based checksum. After describing and analyzing the attacks, we list the subtle configuration changes which can lead to security vulnerabilities and secure configurations not affected by our attacks. As Xilinx only recommends configurations not affected by our attacks, users should be largely secure. However, it is not unlikely that users employ settings outside the recommendations, given the rather large number of configuration options and the fact that Security Misconfiguration is among the leading top 10 OWASP security issues. We note that these security weaknesses shown in this paper had been unknown before.

Confidentiality and integrity security are the key challenges in future 5G networks. To encounter these challenges, various signature and key agreement protocols are being implemented in 5G systems to secure high-speed mobile-to-mobile communication. Many security ciphers such as SNOW 3G, Advanced Encryption Standard (AES), and ZUC are used for 5G security. Among these protocols, the AES algorithm has been shown to achieve higher hardware efficiency and throughput in the literature. In this paper, we implement the AES algorithm on Field Programmable Gate Array (FPGA) and real-time performance factors of the AES algorithm were exploited to best fit the needs and requirements of 5G. In addition, several modifications such as partial pipelining and deep pipelining (partial pipelining with sub-module pipelining) are implemented on Virtex 6 FPGA ML60S board to improve the throughput of the proposed design.

With the proliferation of malware, the detection and classification of malware have been hot topics in the academic and industrial circles of cyber security, and the generation of malware signatures is one of the important research directions. In this paper, we propose NBP-MS, a method of signature generation that is based on network traffic generated by malware. Specifically, we utilize the network traffic generated by malware to perform fine-grained profiling of its network behaviors first, and then cluster all the profiles to generate network behavior signatures to classify malware, providing support for subsequent analysis and defense.

SaaS is a cloud-based application service that allows users to use applications that work in a cloud environment. SaaS is a subscription type, and the service expenditure varies depending on the license, the number of users, and duration of use. For efficient network management, security and cost management, accurate detection of user behavior for SaaS applications is required. In this paper, we propose a rule-based traffic analysis method for the user behavior detection. We conduct comparative experiments with signature-based method by using the real SaaS application and demonstrate the validity of the proposed method.

The attacker’s server plays an important role in sending attack orders and receiving stolen information, particularly in the more recent cyberattacks. Under these circumstances, it is important to use network-based signatures to block malicious communications in order to reduce the damage. However, in addition to blocking malicious communications, signatures are also required not to block benign communications during normal business operations. Therefore, the generation of signatures requires a high level of understanding of the business, and highly depends on individual skills. In addition, in actual operation, it is necessary to test whether the generated signatures do not interfere with benign communications, which results in high operational costs. In this paper, we propose SIGMA, a system that automatically generates signatures to block malicious communication without interfering with benign communication and then automatically evaluates the impact of the signatures. SIGMA automatically extracts the common parts of malware communication destinations by clustering them and generates multiple candidate signatures. After that, SIGMA automatically calculates the impact on normal communication based on business logs, etc., and presents the final signature to the analyst, which has the highest blockability of malicious communication and non-blockability of normal communication. Our objectives with this system are to reduce the human factor in generating the signatures, reduce the cost of the impact evaluation, and support the decision of whether to apply the signatures. In the preliminary evaluation, we showed that SIGMA can automatically generate a set of signatures that detect 100% of suspicious URLs with an over-detection rate of just 0.87%, using the results of 14,238 malware analyses and actual business logs. This result suggests that the cost for generation of signatures and the evaluation of their impact on business operations can be suppressed, which used to be a time-consuming and human-intensive process.

Aiming at the prevention of information security risk in protection and control of smart substation, a multi-level security defense method of substation based on data aggregation and convolution neural network (CNN) is proposed. Firstly, the intelligent electronic device(IED) uses "digital certificate + digital signature" for the first level of identity authentication, and uses UKey identification code for the second level of physical identity authentication; Secondly, the device group of the monitoring layer judges whether the data report is tampered during transmission according to the registration stage and its own ID information, and the device group aggregates the data using the credential information; Finally, the convolution decomposition technology and depth separable technology are combined, and the time factor is introduced to control the degree of data fusion and the number of input channels of the network, so that the network model can learn the original data and fused data at the same time. Simulation results show that the proposed method can effectively save communication overhead, ensure the reliable transmission of messages under normal and abnormal operation, and effectively improve the security defense ability of smart substation.

Demand response has emerged as one of the most promising methods for the deployment of sustainable energy systems. Attempts to democratize demand response and establish programs for residential consumers have run into scalability issues and risks of leaking sensitive consumer data. In this work, we propose a privacy-friendly, incentive-based demand response market, where consumers offer their flexibility to utilities in exchange for a financial compensation. Consumers submit encrypted offer which are aggregated using Computation Over Encrypted Data to ensure consumer privacy and the scalability of the approach. The optimal allocation of flexibility is then determined via double-auctions, along with the optimal consumption schedule for the users with respect to the day-ahead electricity prices, thus also shielding participants from high electricity prices. A case study is presented to show the effectiveness of the proposed approach.

A unified cloud management platform is the key to efficient and secure management of cloud computing resources. To improve the operation effect of the power cloud service platform, power companies can use the micro-service architecture technology to carry out data processing, information integration, and innovative functional architecture of the power cloud service platform, realize the optimal design of the power cloud service platform and improve the power cloud service platform-security service quality. According to the technical requirements of the power cloud security management platform, this paper designs the technical architecture of the power unified cloud security management platform and expounds on the functional characteristics of the cloud security management platform to verify the feasibility and effectiveness of the cloud security management platform.

Securing cloud configurations is an elusive task, which is left up to system administrators who have to base their decisions on "trial and error" experimentations or by observing good practices (e.g., CIS Benchmarks). We propose a knowledge, AND/OR, graphs approach to model cloud deployment security objects and vulnerabilities. In this way, we can capture relationships between configurations, permissions (e.g., CAP\_SYS\_ADMIN), and security profiles (e.g., AppArmor and SecComp). Such an approach allows us to suggest alternative and safer configurations, support administrators in the study of what-if scenarios, and scale the analysis to large scale deployments. We present an initial validation and illustrate the approach with three real vulnerabilities from known sources.

This paper presents a scalable single-input-multiple-output DC/DC converter targeting load transient response and security improvement for low-power System-on-Chips (SoCs). A two-stage modular architecture is introduced to enable scalability. The shared switched-capacitor pre-charging circuits are implemented to improve load transient response and decouple correlations between inputs and outputs. The demo version of the converter has three identical outputs, each supporting 0.3V to 0.9V with a maximum load current of 150mA. Based on post-layout simulation results in 32nm CMOS process, the converter output provides 19.3V/μs reference tracking speed and 27mA/ns workload transitions with negligible voltage droops or spikes. No cross regulation is observed at any outputs with a worst-case voltage ripple of 68mV. Peak efficiency reaches 85.5% for each output. With variable delays added externally, the input-output correlations can change 10 times and for steady-state operation, such correlation factors are always kept below 0.05. The converter is also scaled to support 6 outputs with only 0.56mm2 more area and maintains same load transient response performance.

Blockchain as a tamper-proof, non-modifiable and traceable distributed ledger technology has received extensive attention. Although blockchain's immutability provides security guarantee, it prevents the development of new blockchain technology. As we think, there are several arguments to prefer a controlled modifiable blockchain, from the possibility to cancel the transaction and necessity to remove the illicit or harmful documents, to the ability to support the scalability of blockchain. Meanwhile, the rapid development of quantum technology has made the establishment of post-quantum cryptosystems an urgent need. In this paper, we put forward the first lattice-based redactable consortium blockchain scheme that makes it possible to rewrite or repeal the content of any blocks. Our approach uses a consensus-based election and lattice-based chameleon hash function (Cash and Hofheinz etc. EUROCRYPT 2010). With knowledge of secret trapdoor, the participant could find the hash collisions efficiently. And each member of the consortium blockchain has the right to edit the history.

Simulations have gained paramount importance in terms of software development for wireless sensor networks and have been a vital focus of the scientific community in this decade to provide efficient, secure, and safe communication in smart cities. Network Simulators are widely used for the development of safe and secure communication architectures in smart city. Therefore, in this technical survey report, we have conducted experimental comparisons among ten different simulation environments that can be used to simulate smart-city operations. We comprehensively analyze and compare simulators COOJA, NS-2 with framework Mannasim, NS-3, OMNeT++ with framework Castalia, WSNet, TOSSIM, J-Sim, GloMoSim, SENSE, and Avrora. These simulators have been run eight times each and comparison among them is critically scrutinized. The main objective behind this research paper is to assist developers and researchers in selecting the appropriate simulator against the scenario to provide safe and secure wired and wireless networks. In addition, we have discussed the supportive simulation environments, functions, and operating modes, wireless channel models, energy consumption models, physical, MAC, and network-layer protocols in detail. The selection of these simulation frameworks is based on features, literature, and important characteristics. Lastly, we conclude our work by providing a detailed comparison and describing the pros and cons of each simulator.

he growing trend towards network “softwarization” allows the creation and deployment of even complex network environments in a few minutes or seconds, rather than days or weeks as required by traditional methods. This revolutionary approach made it necessary to seek automatic processes to solve network security problems. One of the main issues in the automation of network security concerns the proper and efficient modeling of network traffic. In this paper, we describe two optimized Traffic Flows representation models, called Atomic Flows and Maximal Flows. In addition to the description, we have validated and evaluated the proposed models to solve two key network security problems - security verification and automatic configuration - showing the advantages and limitations of each solution.

Network Time Security (NTS) standardizes mechanisms that allow clients to authenticate timing information received via Network Time Protocol (NTP). NTS includes a new key establishment protocol, NTS-KE, and extension fields for NTPv4 which, when utilized together, allow clients to authenticate messages from time servers. Utilizing an open source implementation of each, we determine the existence and severity of any performance or scalability impact introduced by NTS when compared to NTP. We found that conducting individual authenticated time transfer takes approximately 116% longer when utilizing NTS over NTP. Additionally, we found that NTS-KE can only support approximately 2000 requests per second before a substantial and consistent increase in turnaround time is observed.

In this paper we propose a novel integrated DC/DC converter featuring a single-input-multiple-output architecture for emerging System-on-Chip applications to improve load transient response and power side-channel security. The converter is able to provide multiple outputs ranging from 0.3V to 0.92V using a global 1V input. By using modularized circuit blocks, the converter can be extended to provide higher power or more outputs with minimal design complexity. Performance metrics including power efficiency and load transient response can be well maintained as well. Implemented in 32nm technology, single output efficiency can reach to 88% for the post layout models. By enabling delay blocks and circuits sharing, the Pearson correlation coefficient of input and output can be reduced to 0.1 under rekeying test. The reference voltage tracking speed is up to 31.95 V/μs and peak load step response is 53 mA/ns. Without capacitors, the converter consumes 2.85 mm2 for high power version and only 1.4 mm2 for the low power case.

The growing maturity of orchestration languages is contributing to the elaboration of cloud composite services, whose resources may be deployed over different distributed infrastructures. These composite services are subject to changes over time, that are typically required to support cloud properties, such as scalability and rapid elasticity. In particular, the migration of their elementary resources may be triggered by performance constraints. However, changes induced by this migration may introduce vulnerabilities that may compromise the resources, or even the whole cloud service. In that context, we propose an automated SMT1-based security framework for supporting the migration of resources in cloud composite services, and preventing the occurrence of new configuration vulnerabilities. We formalize the underlying security automation based on SMT solving, in order to assess the migrated resources and select adequate counter-measures, considering both endogenous and exogenous security mechanisms. We then evaluate its benefits and limits through large series of experiments based on a proof-of-concept prototype implemented over the CVC4 commonly-used open-source solver. These experiments show a minimal overhead with regular operating systems deployed in cloud environments.

As the voucher for identity, digital certificates and the public key infrastructure (PKI) system have always played a vital role to provide the authentication services. In recent years, with the increase in attacks on traditional centralized PKIs and the extensive deployment of blockchains, researchers have tried to establish blockchain-based secure decentralized PKIs and have made significant progress. Although blockchain enhances security, it brings new problems in scalability due to the inherent limitations of blockchain’s data structure and consensus mechanism, which become much severe for the massive access in the era of 5G and B5G. In this paper, we propose ScalaCert to mitigate the scalability problems of blockchain-based PKIs by utilizing redactable blockchain for "on-cert" revocation. Specifically, we utilize the redactable blockchain to record revocation information directly on the original certificate ("on-cert") and remove additional data structures such as CRL, significantly reducing storage overhead. Moreover, the combination of redactable and consortium blockchains brings a new kind of attack called deception of versions (DoV) attack. To defend against it, we design a random-block-node-check (RBNC) based freshness check mechanism. Security and performance analyses show that ScalaCert has sufficient security and effectively solves the scalability problem of the blockchain-based PKI system.

With the growing number of IoT applications and devices, IoT security breaches are a dangerous reality. Cost pressure and complexity of security tests for embedded systems and networked infrastructure are often the excuse for skipping them completely. In our paper we introduce SecLab security test lab to overcome that problem. Based on a flexible and lightweight architecture, SecLab allows developers and IoT security specialists to harden their systems with a low entry hurdle. The open architecture supports the reuse of existing external security test libraries and scalability for the assessment of complex IoT Systems. A reference implementation of security tests in a realistic IoT application scenario proves the approach.

A formal modeling language MCD for concurrent systems is proposed, and its syntax, semantics and formal definitions are given. MCD uses modules as basic components, and that the detection rules are not perfect, resulting in packets that do not belong to intrusion attacks being misjudged as attacks, respectively. Then the data detection algorithm based on MCD concurrency model protects hidden computer viruses and security threats, and the efficiency is increased by 7.5% Finally, the computer network security protection system is researched based on security modeling.

Cybersecurity attacks, which have many business impacts, continuously become more intelligent and complex. These attacks take the form of a combination of various attack elements. APT attacks reflect this characteristic well. To defend against APT attacks, organizations should sufficiently understand these attacks based on the attack elements and their relations and actively defend against these attacks in multiple dimensions. Most organizations perform risk management to manage their information security. Generally, they use the information system risk assessment (ISRA). However, the method has difficulties supporting sufficiently analyzing security risks and actively responding to these attacks due to the limitations of asset-driven qualitative evaluation activities. In this paper, we propose a threat-driven risk assessment method. This method can evaluate how dangerous APT attacks are for an organization, analyze security risks from multiple perspectives, and support establishing an adaptive security strategy.

Effective information security risk management is essential for survival of any business that is dependent on IT. In this paper we present an efficient and effective solution to find best parameters for managing cyber risks using artificial intelligence. Genetic algorithm is use as it can provide our required optimization and intelligence. Results show that GA is professional in finding the best parameters and minimizing the risk.