Biblio

Recent years have seen an increase in the data usage in cars, particularly as they become more autonomous and connected. With the rise in data use have come concerns about automotive cyber-security. An in-vehicle network shown to be particularly vulnerable is the Controller Area Network (CAN), which is the communication bus used by the car's safety critical and performance critical components. Cyber attacks on the CAN have been demonstrated, leading to research to develop attack detection and attack prevention systems. Such research requires representative attack demonstrations and data for testing. Obtaining this data is problematical due to the expense, danger and impracticality of using real cars on roads or tracks for example attacks. Whilst CAN simulators are available, these tend to be configured for testing conformance and functionality, rather than analysing security and cyber vulnerability. We therefore adapt a leading, industry-standard, CAN simulator to incorporate a core set of cyber attacks that are representative of those proposed by other researchers. Our adaptation allows the user to configure the attacks, and can be added easily to the free version of the simulator. Here we describe the simulator and, after reviewing the attacks that have been demonstrated and discussing their commonalities, we outline the attacks that we have incorporated into the simulator.

With the tighter integration of power system and Information and Communication Technology (ICT), power grid is becoming a typical cyber physical system (CPS). It is important to analyze the impact of the cyber event on power system, so that it is necessary to build a co-simulation system for studying the interaction between power system and ICT. In this paper, a cyber physical power system (CPPS) co-simulation platform is proposed, which includes the hardware-in-the-loop (HIL) simulation function. By using flexible interface, various simulation software for power system and ICT can be interconnected into the platform to build co-simulation tools for various simulation purposes. To demonstrate it as a proof, one simulation framework for real life cyber-attack on power system control is introduced. In this case, the real life denial-of-service attack on a router in automatic voltage control (AVC) is simulated to demonstrate impact of cyber-attack on power system.

Cyber-physical systems (CPS) research leverages the expertise of researchers from multiple domains to engineer complex systems of interacting physical and computational components. An approach called co-simulation is often used in CPS conceptual design to integrate the specialized tools and simulators from each of these domains into a joint simulation for the evaluation of design decisions. Many co-simulation platforms are being developed to expedite CPS conceptualization and realization, but most use intrusive modeling and communication libraries that require researchers to either abandon their existing models or spend considerable effort to integrate them into the platform. A significant number of these co-simulation platforms use the High Level Architecture (HLA) standard that provides a rich set of services to facilitate distributed simulation. This paper introduces a simple gateway that can be readily implemented without co-simulation expertise to adapt existing models and research infrastructure for use in HLA. An open-source implementation of the gateway has been developed for the National Institute of Standards and Technology (NIST) co-simulation platform called the Universal CPS Environment for Federation (UCEF).

In order to be more environmentally friendly, a lot of parts and aspects of life become electrified to reduce the usage of fossil fuels. This can be seen in the increased number of electrical vehicles in everyday life. This of course only makes a positive impact on the environment, if the electricity is produced environmentally friendly and comes from renewable sources. But when the green electrical power is produced, it still needs to be transported to where it's needed, which is not necessarily near the production site. In China, one of the ways to do this transport is to use High Voltage Direct Current (HVDC) technology. This of course means, that the current has to be converted to DC before being transported to the end user. That implies that the converter stations are of great importance for the grid security. Therefore, a precise monitoring of the stations is necessary. Ideally, this could be accomplished with wireless sensor nodes with an autarkic energy supply. A role in this energy supply could be played by a thermoelectrical generator (TEG). But to assess the power generated in the specific environment, a simulation would be highly desirable, to evaluate the power gained from the temperature difference in the converter station. This paper proposes a method to simulate the generated power by combining a model for the generator with a Computational Fluid Dynamics (CFD) model converter.

Multi-tag identification technique has been applied widely in the RFID system to increase flexibility of the system. However, it also brings serious tags collision issues, which demands the efficient anti-collision schemes. In this paper, we propose a Multi-target tags assignment slots algorithm based on Hash function (MTSH) for efficient multi-tag identification. The proposed algorithm can estimate the number of tags and dynamically adjust the frame length. Specifically, according to the number of tags, the proposed algorithm is composed of two cases. when the number of tags is small, a hash function is constructed to map the tags into corresponding slots. When the number of tags is large, the tags are grouped and randomly mapped into slots. During the tag identification, tags will be paired with a certain matching rate and then some tags will exit to improve the efficiency of the system. The simulation results indicate that the proposed algorithm outperforms the traditional anti-collision algorithms in terms of the system throughput, stability and identification efficiency.

Vehicular Named Data Network (VNDN) uses NDN as an underlying communication paradigm to realize intelligent transportation system applications. Content communication is the essence of NDN, which is primarily carried out through content naming, forwarding, intrinsic content security, and most importantly the in-network caching. In vehicular networks, vehicles on the road communicate with other vehicles and/or infrastructure network elements to provide passengers a reliable, efficient, and infotainment-rich commute experience. Recently, different aspects of NDN have been investigated in vehicular networks and in vehicular social networks (VSN); however, in this paper, we investigate the in-network caching, realized in NDN through the content store (CS) data structure. As the stale contents in CS do not just occupy cache space, but also decrease the overall performance of NDN-driven VANET and VSN applications, therefore the size of CS and the content lifetime in CS are primary issues in VNDN communications. To solve these issues, we propose a simple yet efficient multi-metric CS management mechanism through cache replacement (M2CRP). We consider the content popularity, relevance, freshness, and distance of a node to devise a set of algorithms for selection of the content to be replaced in CS in the case of replacement requirement. Simulation results show that our multi-metric strategy outperforms the existing cache replacement mechanisms in terms of Hit Ratio.

Inductive contactless energy transfer (CET) systems show a certain oscillating transient behavior of inrush currents on both system sides. This causes current overshoots in the electrical components and has to be considered for the system dimensioning. This paper presents a simple and yet very accurate model, which describes the dynamic behavior of series-series compensated inductive CET systems. This model precisely qualifies the systems current courses for both sides in time domain. Additionally, an analysis in frequency domain allows further knowledge for parameter estimation. Since this model is applicable for purely resistive loads and constant voltage loads with bridge rectifiers, it is very practicable and can be useful for control techniques and narameter estimation.

Growing amounts of research on IoT and its implications for security, privacy, economy and society has been carried out to inform policies and design. However, ordinary people who are citizens and users of these emerging technologies have rarely been involved in the processes that inform these policies, governance mechanisms and design due to the institutionalised processes that prioritise objective knowledge over subjective ones. People's subjective experiences are often discarded. This priority is likely to further widen the gap between people, technology policies and design as technologies advance towards delegated human agencies, which decreases human interfaces in technology-mediated relationships with objects, systems, services, trade and other (often) unknown third-party beneficiaries. Such a disconnection can have serious implications for policy implementation, especially when it involves human limitations. To address this disconnection, we argue that a space for people to meaningfully contribute their subjective knowledge — experience- to complex technology policies that, in turn, shape their experience and well-being needs to be constructed. To this end, our paper contributes the design and pilot implementation of a method to reconnect and involve people in IoT security policymaking and development.

With fast development of distributed generation, storages and control techniques, a growing number of microgrids are interconnected with distribution networks. Microgrid capacity that a local distribution system can afford, is important to distribution network planning and microgrids well-organized integration. Therefore, this paper focuses on estimating consumption ability of distribution system interconnected with microgrids. The method to judge rationality of microgrids access plan is put forward, and an index system covering operation security, power quality and energy management is proposed. Consumption ability estimation procedure based on rationality evaluation and interactions is built up then, and requirements on multi-scenario simulation are presented. Case study on a practical distribution system design with multi-microgrids guarantees the validity and reasonableness of the proposed method and process. The results also indicate construction and reinforcement directions for the distribution network.

Cyber-physical systems (CPSs) encompass a network of sensors and actuators that are monitored, controlled and integrated by a computing and communication core. As autonomous underwater vehicles (AUVs) become more intelligent and connected, new use cases in ocean production, security and environmental monitoring become feasible. Swarms of small, affordable and hydrobatic AUVs can be beneficial in substance cloud tracking and algae farming, and a CPS linking the AUVs with multi-fidelity simulations can improve performance while reducing risks and costs. In this paper, we present a CPS concept tightly linking the AUV network in ROS to virtual validation using Simulink and Gazebo. A robust hardware-software interface using the open-source UAVCAN-ROS bridge is described for enabling hardware-in-the-loop validation. Hardware features of the hydrobatic SAM AUV are described, with a focus on subsystem integration. Results presented include pre-tuning of controllers, validation of mission plans in simulation and real time subsystem performance in tank tests. These first results demonstrate the interconnection between different system elements and offer a proof of concept.

In the network security risk assessment on critical information infrastructure of smart city, to describe attack vectors for predicting possible initial access is a challenging task. In this paper, an attack vector evaluation model based on weakness, path and action is proposed, and the formal representation and quantitative evaluation method are given. This method can support the assessment of attack vectors based on known and unknown weakness through combination of depend conditions. In addition, defense factors are also introduced, an attack vector evaluation model of integrated defense is proposed, and an application example of the model is given. The research work in this paper can provide a reference for the vulnerability assessment of attack vector.

The intense incursion of the Internet of Things (IoT) into all areas of modern life has led to a need for a more detailed study of these technologies and their mechanisms of work. It is necessary to study mechanisms in order to improve QoS, security, identifying shortest routes, mobility, etc. This paper proposes an enhanced simulation framework that implements an improved mechanism for prioritising traffic on 6LoWPAN networks and the realisation of micro-mobility.

Peer-to-peer computing (P2P) refers to the famous technology that provides peers an equal spontaneous collaboration in the network by using appropriate information and communication systems without the need for a central server coordination. Today, the interconnection of several P2P networks has become a genuine solution for increasing system reliability, fault tolerance and resource availability. However, the existence of security threats in such networks, allows us to investigate the safety of users from P2P threats by studying the effects of competition between these interconnected networks. In this paper, we present an e-epidemic model to characterize the worm propagation in an interconnected peer-to-peer network. Here, we address this issue by introducing a model of network competition where an unprotected network is willing to partially weaken its own safety in order to more severely damage a more protected network. The unprotected network can infect all peers in the competitive networks after their non react against the passive worm propagation. Our model also evaluated the effect of an immunization strategies adopted by the protected network to resist against attacking networks. The launch time of immunization strategies in the protected network, the number of peers synapse connected to the both networks, and other effective parameters have also been investigated in this paper.

Experimentation tools facilitate exploration of Tor performance and security research problems and allow researchers to safely and privately conduct Tor experiments without risking harm to real Tor users. However, researchers using these tools configure them to generate network traffic based on simplifying assumptions and outdated measurements and without understanding the efficacy of their configuration choices. In this work, we design a novel technique for dynamically learning Tor network traffic models using hidden Markov modeling and privacy-preserving measurement techniques. We conduct a safe but detailed measurement study of Tor using 17 relays (\textasciitilde2% of Tor bandwidth) over the course of 6 months, measuring general statistics and models that can be used to generate a sequence of streams and packets. We show how our measurement results and traffic models can be used to generate traffic flows in private Tor networks and how our models are more realistic than standard and alternative network traffic generation\textasciitildemethods.

Digital twins open up new possibilities in terms of monitoring, simulating, optimizing and predicting the state of cyber-physical systems (CPSs). Furthermore, we argue that a fully functional, virtual replica of a CPS can also play an important role in securing the system. In this work, we present a framework that allows users to create and execute digital twins, closely matching their physical counterparts. We focus on a novel approach to automatically generate the virtual environment from specification, taking advantage of engineering data exchange formats. From a security perspective, an identical (in terms of the system's specification), simulated environment can be freely explored and tested by security professionals, without risking negative impacts on live systems. Going a step further, security modules on top of the framework support security analysts in monitoring the current state of CPSs. We demonstrate the viability of the framework in a proof of concept, including the automated generation of digital twins and the monitoring of security and safety rules.

The interconnection of networks between several techno-socio-economic sectors such as energy, transport, and communication, questions the manageability and resilience of the digital society. System interdependencies alter the fundamental dynamics that govern isolated systems, which can unexpectedly trigger catastrophic instabilities such as cascading failures. This paper envisions a general-purpose, yet simple prototyping of self-management software systems that can turn system interdependencies from a cause of instability to an opportunity for higher resilience. Such prototyping proves to be challenging given the highly interdisciplinary scope of interdependent networks. Different system dynamics and organizational constraints such as the distributed nature of interdependent networks or the autonomy and authority of system operators over their controlled infrastructure perplex the design for a general prototyping approach, which earlier work has not yet addressed. This paper contributes such a modular design solution implemented as an open source software extension of SFINA, the Simulation Framework for Intelligent Network Adaptations. The applicability of the software artifact is demonstrated with the introduction of a novel self-healing mechanism for interdependent power networks, which optimizes power flow exchanges between a damaged and a healer network to mitigate power cascading failures. Results show a significant decrease in the damage spread by self-healing synergies, while the degree of interconnectivity between the power networks indicates a tradeoff between links survivability and load served. The contributions of this paper aspire to bring closer several research communities working on modeling and simulation of different domains with an economic and societal impact on the resilience of real-world interdependent networks.

Despite the very high volatility of the cryptocurrency markets, the interest in the development and adaptation of existing cryptocurrencies such as Bitcoin as well as new distributed ledger technologies is increasing. Therefore, understanding the security and vulnerability issues of such blockchain systems plays a critical role. In this work, we propose a configurable distributed simulation framework for analyzing Bitcoin-like blockchain systems which are based on Proof-of-Work protocols. The simulator facilitates investigating security properties of blockchain systems by enabling users to configure several characteristics of the blockchain network and executing different attack scenarios, such as double-spending attacks and flood attacks and observing the effects of the attacks on the blockchain network.

The Time-Slotted Channel Hopping (TSCH) mode, defined by the IEEE 802.15.4e protocol, aims to reduce the effects of narrowband interference and multipath fading on some channels through the frequency hopping method. To work satisfactorily, this method must be based on the evaluation of the channel quality through which the packets will be transmitted to avoid packet losses. In addition to the estimation, it is necessary to manage channel blacklists, which prevents the sensors from hopping to bad quality channels. The blacklists can be applied locally or globally, and this paper evaluates the use of a local blacklist through simulation of a TSCH network in a simulated harsh industrial environment. This work evaluates two approaches, and both use a developed protocol based on TSCH, called Adaptive Blacklist TSCH (AB-TSCH), that considers beacon packets and includes a link quality estimation with blacklists. The first approach uses the protocol to compare a simple version of TSCH to configurations with different sizes of blacklists in star topology. In this approach, it is possible to analyze the channel adaption method that occurs when the blacklist has 15 channels. The second approach uses the protocol to evaluate blacklists in tree topology, and discusses the inherent problems of this topology. The results show that, when the estimation is performed continuously, a larger blacklist leads to an increase of performance in star topology. In tree topology, due to the simultaneous transmissions among some nodes, the use of smaller blacklist showed better performance.

This paper presents a new approach for the shape formation based on the artificial method. It refers to the basic concept in the swarm intelligence: complex behaviors of the swarm can be formed with simple rules designed in the agents. In the framework, the distance image is used to generate not only an attraction field to keep all the agents in the given shape, but also repulsive force field among the agents to make them distribute uniformly. Compared to the traditional methods based on centralized control, the algorithm has properties of distributed and simple computation, convergence and robustness, which is very suitable for the swarm robots in the real world considering the limitation of communication, collision avoidance and calculation problems. We also show that some initial sensitive method can be improved in the similar way. The simulation results prove the proposed approach is suitable for convex. non-convex and line shapes.

The importance of peer-to-peer (P2P) network overlays produced enormous interest in the research community due to their robustness, scalability, and increase of data availability. P2P networks are overlays of logically connected hosts and other nodes including servers. P2P networks allow users to share their files without the need for any centralized servers. Since P2P networks are largely constructed of end-hosts, they are susceptible to abuse and malicious activity, such as sybil attacks. Impostors perform sybil attacks by assigning nodes multiple addresses, as opposed to a single address, with the goal of degrading network quality. Sybil nodes will spread malicious data and provide bogus responses to requests. To prevent sybil attacks from occurring, a novel defense mechanism is proposed. In the proposed scheme, the DHT key-space is divided and treated in a similar manner to radio frequency allocation incensing. An overlay of trusted nodes is used to detect and handle sybil nodes with the aid of source-destination pairs reporting on each other. The simulation results show that the proposed scheme detects sybil nodes in large sized networks with thousands of interactions.

To be applicable to high user request workloads, web caching strategies benefit from low implementation and update effort. In this regard, the Least Recently Used (LRU) replacement principle is a simple and widely-used method. Despite its popularity, LRU has deficits in the achieved hit rate performance and cannot consider transport and network optimization criteria for selecting content to be cached. As a result, many alternatives have been proposed in the literature, which improve the cache performance at the cost of higher complexity. In this work, we evaluate the implementation complexity and runtime performance of LRU, Least Frequently Used (LFU), and score based strategies in the class of fast O(1) updates with constant effort per request. We implement Window LFU (W-LFU) within this class and show that O(1) update effort can be achieved. We further compare fast update schemes of Score Gated LRU and new Score Gated Polling (SGP). SGP is simpler than LRU and provides full flexibility for arbitrary score assessment per data object as information basis for performance optimization regarding network cost and quality measures.

This paper presents netsim, a combined software/hardware system for performing realtime realistic operation of autonomous underwater vehicles (AUVs) with acoustic modem telemetry in a virtual ocean environment. The design of the system is flexible to the choice of physical link hardware, allowing for the system to be tested against existing and new modems. Additionally, the virtual ocean channel simulator is designed to perform in real time by coupling less frequent asynchronous queries to high-fidelity models of the ocean environment and acoustic propagation with frequent pertubation-based updates for the exact position of the simulated AUVs. The results demonstrate the performance of this system using the WHOI Micro-Modem 2 hardware in the virtual ocean environment of the Arctic Beaufort Sea around 73 degrees latitude. The acoustic environment in this area has changed dramatically in recent years due to the changing climate.

To improve customer experience, datacenter operators offer support for simplifying application and resource management. For example, running workloads of workflows on behalf of customers is desirable, but requires increasingly more sophisticated autoscaling policies, that is, policies that dynamically provision resources for the customer. Although selecting and tuning autoscaling policies is a challenging task for datacenter operators, so far relatively few studies investigate the performance of autoscaling for workloads of workflows. Complementing previous knowledge, in this work we propose the first comprehensive performance study in the field. Using trace-based simulation, we compare state-of-the-art autoscaling policies across multiple application domains, workload arrival patterns (e.g., burstiness), and system utilization levels. We further investigate the interplay between autoscaling and regular allocation policies, and the complexity cost of autoscaling. Our quantitative study focuses not only on traditional performance metrics and on state-of-the-art elasticity metrics, but also on time-and memory-related autoscaling-complexity metrics. Our main results give strong and quantitative evidence about previously unreported operational behavior, for example, that autoscaling policies perform differently across application domains and allocation and provisioning policies should be co-designed.

The process used to build an autonomous smart home system using Cyber-Physical Systems (CPS) principles has received much attention by researchers and developers. However, there are many challenges during the design and implementation of such a system, such as Portability, Timing, Prediction, and Integrity. This paper presents a novel modeling methodology for a smart home system in the scope of CyberPhysical interface that attempts to overcome these issues. We discuss a high-level design approach that simulates the first three levels of a 5C architecture in CPS layers in a smart home environment. A detailed description of the model design, architecture, and a software implementation via NetLogo simulation have been presented in this paper.

Fueled by massive amounts of data, models produced by machine-learning (ML) algorithms are being used in diverse domains where security is a concern, such as, automotive systems, finance, health-care, computer vision, speech recognition, natural-language processing, and malware detection. Of particular concern is use of ML in cyberphysical systems, such as driver-less cars and aviation, where the presence of an adversary can cause serious consequences. In this paper we focus on attacks caused by adversarial samples, which are inputs crafted by adding small, often imperceptible, perturbations to force a ML model to misclassify. We present a simple gradient-descent based algorithm for finding adversarial samples, which performs well in comparison to existing algorithms. The second issue that this paper tackles is that of metrics. We present a novel metric based on few computer-vision algorithms for measuring the quality of adversarial samples.