Biblio

For a class of Cyber-Physical Systems (CPSs), we address the problem of performing computations over the cloud without revealing private information about the structure and operation of the system. We model CPSs as a collection of input-output dynamical systems (the system operation modes). Depending on the mode the system is operating on, the output trajectory is generated by one of these systems in response to driving inputs. Output measurements and driving inputs are sent to the cloud for processing purposes. We capture this "processing" through some function (of the input-output trajectory) that we require the cloud to compute accurately - referred here as the trajectory utility. However, for privacy reasons, we would like to keep the mode private, i.e., we do not want the cloud to correctly identify what mode of the CPS produced a given trajectory. To this end, we distort trajectories before transmission and send the corrupted data to the cloud. We provide mathematical tools (based on output-regulation techniques) to properly design distorting mechanisms so that: 1) the original and distorted trajectories lead to the same utility; and the distorted data leads the cloud to misclassify the mode.

The fast improvement in telecommunication technologies that has characterised the last decade is enabling a revolution centred on Cyber-Physical Systems (CPSs). Elements inside cities, from vehicles to cars, can now be connected and share data, describing both our environment and our behaviours. These data can also be used in an active way, by becoming the tenet of innovative services and products, i.e. of Cyber-Physical Products (CPPs). Still, having data is not tantamount to having knowledge, and an important overlooked topic is how should them be analysed. In this contribution we tackle the issue of the development of an analytics toolbox for processing CPS data. Specifically, we review and quantify the main requirements that should be fulfilled, both functional (e.g. flexibility or dependability) and technical (e.g. scalability, response time, etc.). We further propose an initial set of analysis that should in it be included. We finally review some challenges and open issues, including how security and privacy could be tackled by emerging new technologies.

A cyber-physical system (CPS) is a term that implements mainly three parts, Physical elements, communication networks, and control systems. Currently, CPS includes the Internet of Things (IoT), Internet of Vehicles (IoV), and many other systems. These systems face many security challenges and different types of attacks, such as Jamming, DDoS.CPS attacks tend to be much smarter and more dynamic; thus, it needs defending strategies that can handle this level of intelligence and dynamicity. Last few years, many researchers use machine learning as a base solution to many CPS security issues. This paper provides a survey of the recent works that utilized the Q-Learning algorithm in terms of security enabling and privacy-preserving. Different adoption of Q-Learning for security and defending strategies are studied. The state-of-the-art of Q-learning and CPS systems are classified and analyzed according to their attacks, domain, supported techniques, and details of the Q-Learning algorithm. Finally, this work highlight The future research trends toward efficient utilization of Q-learning and deep Q-learning on CPS security.

A cyber-physical system (CPS) is expected to be resilient to more than one type of adversary. In this paper, we consider a CPS that has to satisfy a linear temporal logic (LTL) objective in the presence of two kinds of adversaries. The first adversary has the ability to tamper with inputs to the CPS to influence satisfaction of the LTL objective. The interaction of the CPS with this adversary is modeled as a stochastic game. We synthesize a controller for the CPS to maximize the probability of satisfying the LTL objective under any policy of this adversary. The second adversary is an eavesdropper who can observe labeled trajectories of the CPS generated from the previous step. It could then use this information to launch other kinds of attacks. A labeled trajectory is a sequence of labels, where a label is associated to a state and is linked to the satisfaction of the LTL objective at that state. We use differential privacy to quantify the indistinguishability between states that are related to each other when the eavesdropper sees a labeled trajectory. Two trajectories of equal length will be differentially private if they are differentially private at each state along the respective trajectories. We use a skewed Kantorovich metric to compute distances between probability distributions over states resulting from actions chosen according to policies from related states in order to quantify differential privacy. Moreover, we do this in a manner that does not affect the satisfaction probability of the LTL objective. We validate our approach on a simulation of a UAV that has to satisfy an LTL objective in an adversarial environment.

The increasing development of smart grid facilitates that modern power grids inter-connect with each other and form a large power system, making it possible and advantageous to conduct coordinated power flow among several grids. The communication burden and privacy issue are the prominent challenges in the application of synchronous iteration power flow method. In this paper, a synchronous iterative method of power flow in inter-connected power grid considering privacy preservation is proposed. By establishing the masked model of power flow for each sub-grid, the synchronous iteration is conducted by gathering the masked model of sub-grids in the coordination center and solving the masked correction equation in a concentration manner at each step. Generally, the proposed method can concentrate the major calculation of power flow on the coordination center, reduce the communication burden and guarantee the privacy preservation of sub-grids. A case study on IEEE 118-bus test system demonstrate the feasibility and effectiveness of the proposed methodology.

In this paper, we examine algebraic attacks on the O'zDSt 1105:2009. We begin with a brief review of the meaning of algebraic cryptanalysis, followed by an algebraic cryptanalysis of O'zDSt 1105:2009. Primarily O'zDSt 1105:2009 encryption algorithm is decomposed and each transformation in it is algebraic described separately. Then input and output of each transformation are expressed with other transformation, encryption key, plaintext and cipher text. Created equations, unknowns on it and degree of unknowns are analyzed, and then overall result is given. Based on experimental results, it is impossible to save all system of equations that describes all transformations in O'zDSt 1105:2009 standard. Because, this task requires 273 bytes for the second round. For this reason, it is advisable to evaluate the parameters of the system of algebraic equations, representing the O'zDSt 1105:2009 standard, theoretically.

This article describes the principles of construction, training and use of neural networks. The features of the neural network approach are indicated, as well as the range of tasks for which it is most preferable. Algorithms of functioning, software implementation and results of work of an artificial neural network are presented.

One of the main goals of studying pattern matching techniques is their significant role in real-world applications, such as the intrusion detection systems branch. The purpose of the network attack detection systems NIDS is to protect the infocommunication network from unauthorized access. This article provides an analysis of the exact match and fuzzy matching methods, and discusses a new implementation of the classic Aho-Korasik pattern matching algorithm at the hardware level. The proposed approach to the implementation of the Aho-Korasik algorithm can make it possible to ensure the efficient use of resources, such as memory and energy.

Nowadays, blockchain is very common and widely used in various fields. The properties of blockchain-based algorithms such as being decentralized and uncontrolled by institutions and governments, are the main reasons that has attracted many applications. The security and the scalability limitations are the main challenges for the development of these systems. Using second layer network is one of the various methods proposed to improve the scalability of these systems. This network can increase the total number of transactions per second by creating extra channels between the nodes that operate in a different layer not obligated to be on consensus ledger. In this paper, the optimal structure for the second layer network has been presented. In the proposed structure we try to distribute the parameters of the second layer network as symmetrically as possible. To prove the optimality of this structure we first introduce the maximum scalability bound, and then calculate it for the proposed structure. This paper will show how the second layer method can improve the scalability without any information about the rate of transactions between nodes.

The security of lattice-based cryptosystems that are secure for the post-quantum period is based on the difficulty of the shortest vector problem (SVP) and the closest vector problem (CVP). In the literature, many sieving algorithms are proposed to solve these hard problems. In this paper, efficient implementation of HashSieve sieving algorithm is discussed. A modular software library to have an efficient implementation of HashSieve algorithm is developed. Modular software library is used as an infrastructure in order for the HashSieve efficient implementation to be better than the sample in the literature (Laarhoven's standard HashSieve implementation). According to the experimental results, it is observed that HashSieve efficient implementation has a better running time than the example in the literature. It is concluded that both implementations are close to each other in terms of the memory space used.

Through the widespread use of information technologies, institutions have started to offer most of their services electronically. The best example of this is e-government. Since institutions provide their services to the electronic environment, the quality of the services they provide increases and their access to services becomes easier. Since personal information can be verified with inter-agency information sharing systems, wrong or unfair transactions can be prevented. Since information sharing between institutions is generally done through web services, protection of personal data transmitted via web services is of great importance. There are comprehensive national and international regulations on the protection of personal data. According to these regulations, protection of personal data shared between institutions is a legal obligation; protection of personal data is an issue that needs to be handled comprehensively. This study, protection of personal data shared between institutions through web services against software developers is discussed. With a proposed application, it is aimed to take a new security measure for the protection of personal data. The proposed application consists of a web interface prepared using React and Java programming languages and rest services that provide anonymization of personal data.

Internet of Medical Things (IoMT) is the connection between medical devices and information systems to share, collect, process, store, and integrate patient and health data using network technologies. X-Rays, MR, MRI, and CT scans are the most frequently used patient medical image data. These images usually include patient information in one of the corners of the image. In this research work, to protect patient information, a new robust and secure watermarking algorithm developed for a selected region of interest (ROI) of medical images. First ROI selected from the medical image, then selected part divided equal blocks and applied Discrete Cosine Transformation (DCT) algorithm to embed a watermark into the selected coefficients. Several geometric and removal attacks are applied to the watermarked multimedia element such as lossy image compression, the addition of Gaussian noise, denoising, filtering, median filtering, sharpening, contrast enhancement, JPEG compression, and rotation. Experimental results show very promising results in PSNR and similarity ratio (SR) values after blocked DCT (B-DCT) based embedding algorithm against the Discrete Wavelet Transformation (DWT), Least Significant Bits (LSB) and DCT algorithms.

Public key encryption with equality test (PKEET) enables the testing whether two ciphertexts encrypt the same message. Identity-based encryption with equality test (IBEET) simplify the certificate management of PKEET, which leads to many potential applications such as in smart city applications or Wireless Body Area Networks. Lee et al. (ePrint 2016) proposed a generic construction of IBEET scheme in the standard model utilising a 3-level hierachy IBE together with a one-time signature scheme, which can be instantiated in lattice setting. Duong et al. (ProvSec 2019) proposed the first direct construction of IBEET in standard model from lattices. However, their scheme achieve CPA security only. In this paper, we improve the Duong et al.'s construction by proposing an IBEET in standard model which achieves CCA2 security and with smaller ciphertext and public key size.

This article describes a new way to generate and distribute secret encryption keys, in which the processes of generating a public key and formicating a secret encryption key are performed in algebra with a parameter, the secrecy of which provides increased durability of the key.

Random numbers have a wide usage in the area of cryptography. In practice, pseudo random number generators are used in place of true random number generators, as regeneration of them may be required. Therefore because of generation methods of pseudo random number sequences, statistical randomness tests have a vital importance. In this paper, a randomness test suite is specified for long binary sequences. In literature, there are many randomness tests and test suites. However, in most of them, to apply randomness test, long sequences are partitioned into a certain fixed length and the collection of short sequences obtained is evaluated instead. In this paper, instead of partitioning a long sequence into fixed length subsequences, a concept of dynamic partitioning is introduced in accordance with the random variable in consideration. Then statistical methods are applied. The suggested suite, containing four statistical tests: Collision Tests, Weight Test, Linear Complexity Test and Index Coincidence Test, all of them work with the idea of dynamic partitioning. Besides the adaptation of this approach to randomness tests, the index coincidence test is another contribution of this work. The distribution function and the application of all tests are given in the paper.

The dummy-based method has been commonly used to protect the users location privacy in location-based services, since it can provide precise results and generally do not rely on a third party or key sharing. However, the close spatiotemporal correlation between the consecutively reported locations enables the adversary to identify some dummies, which lead to the existing dummy-based schemes fail to protect the users location privacy completely. To address this limit, this paper proposes a new algorithm to produce dummy location by generating dummy trajectory, which naturally takes into account of the spatiotemporal correlation all round. Firstly, the historical trajectories similar to the user's travel route are chosen as the dummy trajectories which depend on the distance between two trajectories with the help of home gateway. Then, the dummy is generated from the dummy trajectory by taking into account of time reachability, historical query similarity and the computation of in-degree/out-degree. Security analysis shows that the proposed scheme successfully perturbs the spatiotemporal correlation between neighboring location sets, therefore, it is infeasible for the adversary to distinguish the users real location from the dummies. Furthermore, extensive experiments indicate that the proposal is able to protect the users location privacy effectively and efficiently.

Digital connectivity is fundamental to the health care system to deliver safe and effective care. However, insecure connectivity could be a major threat to patient safety and privacy (e.g., in August 2017, FDA recalled 465,000 pacemakers because of discovering security flaws). Although connecting a patient's pacemaker to the Internet has many advantages for monitoring the patient, this connectivity opens a new door for cyber-attackers to steal the patient data or even control the pacemaker or damage it. Therefore, patients are forced to choose between connectivity and security. This paper presents a framework for secure and private communications between wearable medical devices and patient monitoring systems. The primary objective of this research is twofold, first to identify and analyze the communication vulnerabilities, second, to develop a framework for combating unauthorized access to data through the compromising of computer security. Specifically, hiding targets from cyber-attackers could prevent our system from future cyber-attacks. This is the most effective way to stop cyber-attacks in their first step.

Nowadays, STEM (science, technology, engineering and mathematics) have never been treated so seriously before. Artificial Intelligence (AI) has played an important role currently in STEM. Under the 2020 COVID-19 pandemic crisis, coronavirus disease across over the world we are living in. Every government seek advices from scientist before making their strategic plan. Most of countries collect data from hospitals (and care home and so on in the society), carried out data analysis, using formula to make some AI models, to predict the potential development patterns, in order to make their government strategy. AI security become essential. If a security attack make the pattern wrong, the model is not a true prediction, that could result in thousands life loss. The potential consequence of this non-accurate forecast would be even worse. Therefore, take security into account during the forecast AI modelling, step-by-step data governance, will be significant. Cyber security should be applied during this kind of prediction process using AI deep learning technology and so on. Some in-depth discussion will follow.AI security impact is a principle concern in the world. It is also significant for both nature science and social science researchers to consider in the future. In particular, because many services are running on online devices, security defenses are essential. The results should have properly data governance with security. AI security strategy should be up to the top priority to influence governments and their citizens in the world. AI security will help governments' strategy makers to work reasonably balancing between technologies, socially and politics. In this paper, strategy related challenges of AI and Security will be discussed, along with suggestions AI cyber security and politics trade-off consideration from an initial planning stage to its near future further development.

JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by antivirus and hinder manual analysis by professional malware analysts. Consequently, this paper presents SAFE-DEOBS, a JavaScript deobfuscation tool that we have built. The aim of SAFE-DEOBS is to automatically deobfuscate JavaScript malware such that an analyst can more rapidly determine the malicious script's intent. This is achieved through a number of static analyses, inspired by techniques from compiler theory. We demonstrate the utility of SAFE-DEOBS through a case study on real-world JavaScript malware, and show that it is a useful addition to a malware analyst's toolset.

Now-a-days web applications are everywhere. Usually these applications are developed by database program which are often written in popular host programming languages such as C, C++, C\#, Java, etc., with embedded Structured Query Language (SQL). These applications are used to access and process crucial data with the help of Database Management System (DBMS). Preserving the sensitive data from any kind of attacks is one of the prime factors that needs to be maintained by the web applications. The SQL injection attacks is one of the important security threat for the web applications. In this paper, we propose a code-based analysis approach to automatically detect and prevent the possible SQL Injection Attacks (SQLIA) in a query before submitting it to the underlying database. This approach analyses the user input by assigning a complex number to each input element. It has two part (i) input clustering and (ii) safe (non-malicious) input identification. We provide a details discussion of the proposal w.r.t the literature on security and execution overhead point of view.

Shared register emulations on top of message-passing systems provide an illusion of a simpler shared memory system which can make the task of a system designer easier. Numerous shared register applications have a considerably high read-to-write ratio. Thus, having algorithms that make reads more efficient than writes is a fair trade-off.Typically, such algorithms for reads and writes are asymmetric and sacrifice the stringent consistency condition atomicity, as it is impossible to have fast reads for multi-writer atomicity. Safety is a consistency condition that has has gathered interest from both the systems and theory community as it is weaker than atomicity yet provides strong enough guarantees like "strong consistency" or read-my-write consistency. One requirement that is assumed by many researchers is that of the reliable broadcast (RB) primitive, which ensures the "all or none" property during a broadcast. One drawback is that such a primitive takes 1.5 rounds to complete and requires server-to-server communication.This paper implements an efficient multi-writer multi-reader safe register without using a reliable broadcast primitive. Moreover, we provide fast reads or one-shot reads – our read operations can be completed in one round of client-to-server communication. Of course, this comes with the price of requiring more servers when compared to prior solutions assuming reliable broadcast. However, we show that this increased number of servers is indeed necessary as we prove a tight bound on the number of servers required to implement Byzantine-fault tolerant safe registers in a system without reliable broadcast.We extend our results to data stored using erasure coding as well. We present an emulation of single-writer multi-reader safe register based on MDS codes. The usage of MDS codes reduces storage and communication costs. On the negative side, we also show that to use MDS codes and at the same time achieve one-shot reads, we need even more servers.

Account data of electrical power system is the link of all businesses in the whole life cycle of equipment. It is of great significance to improve the data quality of power equipment account data for improving the information level of power enterprises. In the past, there was only the error correction technology to check whether it was empty and whether it contained garbled code. The error correction technology for same field of the same kind of power equipment account data is proposed in this paper. Combined with the characteristics of production business, the possible similar power equipment can be found through the function location type and other fields of power equipment account data. Based on the principle of search scoring, the horizontal comparison is used to search and score in turn. Finally, the potential spare parts and existing data quality are identified according to the scores. And judge whether it is necessary to carry out inspection maintenance.

Learning-based approaches often outperform hand-coded algorithmic solutions for many problems in robotics. However, learning long-horizon tasks on real robot hardware can be intractable, and transferring a learned policy from simulation to reality is still extremely challenging. We present a novel approach to model-free reinforcement learning that can leverage existing sub-optimal solutions as an algorithmic prior during training and deployment. During training, our gated fusion approach enables the prior to guide the initial stages of exploration, increasing sample-efficiency and enabling learning from sparse long-horizon reward signals. Importantly, the policy can learn to improve beyond the performance of the sub-optimal prior since the prior's influence is annealed gradually. During deployment, the policy's uncertainty provides a reliable strategy for transferring a simulation-trained policy to the real world by falling back to the prior controller in uncertain states. We show the efficacy of our Multiplicative Controller Fusion approach on the task of robot navigation and demonstrate safe transfer from simulation to the real world without any fine-tuning. The code for this project is made publicly available at https://sites.google.com/view/mcf-nav/home.

Open-source development is a well-accepted model by software development communities from both academia and industry. Many companies and corporations adopt and use open source systems daily as a core component in their business activities. One of the most important factors that will determine the success of this model is security. The security of software systems is a combination of source code quality, stability, and vulnerabilities. Software vulnerabilities can be introduced by many factors, some of which are the way that programmers write their programs, their background on security standards, and safe programming practices. This paper describes a cloud-based software tool developed by the authors that can help our computing communities in both academia and research to evaluate their software systems on the source code level to help them identify and detect some of the well-known source code vulnerability patterns that can cause security issues if maliciously exploited. The paper also presents an empirical study on the prevalence of vulnerable C/C++ coding patterns inside three large-scale open-source systems comprising more than 42 million lines of source code. The historical data for the studied systems is presented over five years to uncover some historical trends to highlight the changes in the system analyzed over time concerning the presence of some of the source code vulnerabilities patterns. The majority of results show the continued usage of known unsafe functions.

Antisparse coding aims at spreading the information uniformly over representation coefficients and can be expressed as the solution of an ℓ∞-norm regularized problem. In this paper, we propose a new methodology, coined "safe squeezing", accelerating the computation of antisparse representations. The idea consists in identifying saturated entries of the solution via simple tests and compacting their contribution to achieve some form of dimensionality reduction. Numerical experiments show that the proposed approach leads to significant computational gain.