Biblio

As a national strategic hot spot, the Internet of Things (IoT) has shown its vigor and vitality. With the development of IoT, its application in power grid is more and more extensive. As an advanced technology for information sensing and transmission, IoT has been applied extensively in power generation, transmission, transformation, distribution, utilization and other processes, and will develop with broad prospect in smart grid. Narrow Band Internet of Things (NB-IoT) is of broad application prospects in production management, life-cycle asset management and smart power utilization of smart grid. Its characteristics and security demands of application domain present a challenge for the security of electric power business. However, current protocols either need dual authentication and key agreements, or have poor compatibility with current network architecture. In order to improve the high security of power network data transmission, an end-to-end security authentication protocol of NB-IoT for smart grid based on physical unclonable function and state secret algorithm SM3 is proposed in this paper. A self-controllable NB-IoT application layer security architecture was designed by introducing the domestic cryptographic algorithm, extending the existing key derivation structure of LTE, and combining the physical unclonable function to ensure the generation of encryption keys between NB-IoT terminals and power grid business platforms. The protocol of this paper realizes secure data transmission and bidirectional identity authentication between IoT devices and terminals. It is of low communication costs, lightweight and flexible key update. In addition, the protocol also supports terminal authentication during key agreement, which furtherly enhances the security of business systems in smart grid.

As the next generation of the power system, smart grid develops towards automated and intellectualized. Along with the benefits brought by smart grids, e.g., improved energy conversion rate, power utilization rate, and power supply quality, are the security challenges. One of the most important issues in smart grids is to ensure reliable communication between the secondary equipment. The state-of-art method to ensure smart grid security is to detect cyber attacks by deep learning. However, due to the small number of negative samples, the performance of the detection system is limited. In this paper, we propose a novel approach that utilizes the Generative Adversarial Network (GAN) to generate abundant negative samples, which helps to improve the performance of the state-of-art detection system. The evaluation results demonstrate that the proposed method can effectively improve the performance of the detection system by 4%.

Security and consistency of smart grids is one of the main issues in the design and maintenance of highly controlled and monitored new power grids. Bad data injection attack could lead to disasters such as power system outage, or huge economical losses. In many attack scenarios, the attacker can come up with new attack strategies that couldn't be detected by the traditional bad data detection methods. Adaptive Partitioning State Estimation (APSE) method [3] has been proposed recently to combat such attacks. In this work, we evaluate and compare with a traditional method. The main idea of APSE is to increase the sensitivity of the chi-square test by partitioning the large grids into small ones and apply the test on each partition individually and repeat this procedure until the faulty node is located. Our simulation findings using MATPOWER program show that the method is not consistent where it is sensitive the systems size and the location of faulty nodes as well.

The technological development of the energy sector also produced complex data. In this study, the relationship between smart grid and big data approaches have been investigated. After analyzing which areas of the smart grid system use big data technologies and technologies, big data technologies for detecting smart grid attacks have received attention. Big data analytics can produce efficient solutions and it is especially important to choose which algorithms and metrics to use. For this reason, an application prototype has been proposed that uses a big data method to detect attacks on the smart grid. The algorithm with high accuracy was determined to be 92% for random forests and 87% for decision trees.

Traditional power grid security schemes are being replaced by highly advanced and efficient smart security schemes due to the advancement in grid structure and inclusion of cyber control and monitoring tools. Smart attackers create physical, cyber, or cyber-physical attacks to gain the access of the power system and manipulate/override system status, measurements and commands. In this paper, we formulate the environment for the attacker-defender interaction in the smart power grid. We provide a strategic analysis of the attacker-defender strategic interaction using a game theoretic approach. We apply repeated game to formulate the problem, implement it in the power system, and investigate for optimal strategic behavior in terms of mixed strategies of the players. In order to define the utility or cost function for the game payoffs calculation, generation power is used. Attack-defense budget is also incorporated with the attacker-defender repeated game to reflect a more realistic scenario. The proposed game model is validated using IEEE 39 bus benchmark system. A comparison between the proposed game model and the all monitoring model is provided to validate the observations.

Cyber security has been a top concern for electric power companies deploying smart meters and smart grid technology. Despite the well-known advantages of smart grid technology and the smart meters, it is not yet very clear how and to what extent, the Cyber attacks can hamper the operation of the smart meters, and remote data collections regarding the power usage from the customer sites. To understand these questions, we conducted experiments in a controlled lab environment of our cyber security lab to test a commercial grade smart meter. In this paper, we present results of our investigation for a commercial grade smart meter and measure the operation integrity of the smart meter under cyber-attack conditions.

Energy Distribution Grids are considered critical infrastructure, hence the Distribution System Operators (DSOs) have developed sophisticated engineering practices to improve their resilience. Over the last years, due to the "Smart Grid" evolution, this infrastructure has become a distributed system where prosumers (the consumers who produce and share surplus energy through the grid) can plug in distributed energy resources (DERs) and manage a bi-directional flow of data and power enabled by an advanced IT and control infrastructure. This introduces new challenges, as the prosumers possess neither the skills nor the knowledge to assess the risk or secure the environment from cyber-threats. We propose a simple and usable approach based on the Reference Model of Information Assurance & Security (RMIAS), to support the prosumers in the selection of cybesecurity measures. The purpose is to reduce the risk of being directly targeted and to establish collective responsibility among prosumers as grid gatekeepers. The framework moves from a simple risk analysis based on security goals to providing guidelines for the users for adoption of adequate security countermeasures. One of the greatest advantages of the approach is that it does not constrain the user to a specific threat model.

Due to the rise of huge population in mankind and the large variety of upcoming utilization of power, the energy requirement has substantially increased. Smart Grid is a very important part of the Smart Cities initiative and is one of the crucial components in distribution and reconciliation of energy. Security of the smart grid infrastructure, which is an integral part of the smart grid framework, intended at transitioning the conventional power grid system into a robust, reliable, adaptable and intelligent energy utility, is an impending problem that needs to be arrested quickly. With the increasingly intensifying integration of smart devices in the smart grid infrastructure with other interconnected applications and the communication backbone is compelling both the energy users and the energy utilities to thoroughly look into the privacy and security issues of the smart grid. In this paper, we present challenges of the existing security mechanisms deployed in the smart grid framework and we tried to bring forward the unresolved problems that would highlight the security aspects of Smart Grid as a challenging area of research and development in the future.

From financial services platforms to social networks to vehicle control, software has come to mediate many activities of daily life. Governing bodies and standards organizations have responded to this trend by creating regulations and standards to address issues such as safety, security and privacy. In this environment, the compliance of software development to standards and regulations has emerged as a key requirement. Compliance claims and arguments are often captured in assurance cases, with linked evidence of compliance. Evidence can come from testcases, verification proofs, human judgement, or a combination of these. That is, we try to build (safety-critical) systems carefully according to well justified methods and articulate these justifications in an assurance case that is ultimately judged by a human. Yet software is deeply rooted in uncertainty making pragmatic assurance more inductive than deductive: most of complex open-world functionality is either not completely specifiable (due to uncertainty) or it is not cost-effective to do so, and deductive verification cannot happen without specification. Inductive assurance, achieved by sampling or testing, is easier but generalization from finite set of examples cannot be formally justified. And of course the recent popularity of constructing software via machine learning only worsens the problem - rather than being specified by predefined requirements, machine-learned components learn existing patterns from the available training data, and make predictions for unseen data when deployed. On the surface, this ability is extremely useful for hard-to specify concepts, e.g., the definition of a pedestrian in a pedestrian detection component of a vehicle. On the other, safety assessment and assurance of such components becomes very challenging. In this talk, I focus on two specific approaches to arguing about safety and security of software under uncertainty. The first one is a framework for managing uncertainty in assurance cases (for "conventional" and "machine-learned" systems) by systematically identifying, assessing and addressing it. The second is recent work on supporting development of requirements for machine-learned components in safety-critical domains.

As many organizations deploy their chatbots on social network applications to interact with their customers, a person may switch among different chatbots for different services. To reduce the switching cost, this study proposed the Federated Chat Service Framework. The framework maintains user profiles and historical behaviors. Instead of deploying chatbots, organizations follow the rules of the framework to provide chat services. Therefore, the framework can organize service requests with context information and responses to emulate the conversations between users and chat services. Consequently, the study can hopefully contribute to reducing the cost for a user to communicate with different chatbots.

As cyber attacks to Industrial Internet of Things (IIoT) remain a major challenge, blockchain has emerged as a promising technology for IIoT security due to its decentralization and immutability characteristics. Existing blockchain designs, however, introduce high computational complexity and latency challenges which are unsuitable for IIoT. This paper proposes Xyreum, a new high-performance and scalable blockchain for enhanced IIoT security and privacy. Xyreum uses a Time-based Zero-Knowledge Proof of Knowledge (T-ZKPK) with authenticated encryption to perform Mutual Multi-Factor Authentication (MMFA). T-ZKPK properties are also used to support Key Establishment (KE) for securing transactions. Our approach for reaching consensus, which is a blockchain group decision-making process, is based on lightweight cryptographic algorithms. We evaluate our scheme with respect to security, privacy, and performance, and the results show that, compared with existing relevant blockchain solutions, our scheme is secure, privacy-preserving, and achieves a significant decrease in computation complexity and latency performance with high scalability. Furthermore, we explain how to use our scheme to strengthen the security of the REMME protocol, a blockchain-based security protocol deployed in several application domains.

This article shows the possibility of detection of the hidden information in images. This is the approach to steganalysis than the basic data about the image and the information about the hiding method of the information are unknown. The architecture of the convolutional neural network makes it possible to detect small changes in the image with high probability.

There has been a growing expansion in the use of steganography, due to the evolution in using internet technology and multimedia technology. Hence, nowadays, the information is not secured sufficiently while transmitting it over the network. Therefore, information security has taken an important role to provide security against unauthorized individuals. This paper proposes steganography and cryptography technique to secure image based on hybrid edge detector. Cryptography technique is used to encrypt a secret image by using Vernam cipher algorithm. The robust of this algorithm is depending on pseudorandom key. Therefore, pseudo-random key is generated from a nonlinear feedback shift register (Geffe Generator). While in steganography, Hybrid Sobel and Kirch edge detector have been applied on the cover image to locate edge pixels. The least significant bit (LSB) steganography technique is used to embed secret image bits in the cover image in which 3 bits are embedded in edge pixel and 2 bits in smooth pixel. The proposed method can be used in multi field such as military, medical, communication, banking, Electronic governance, and so on. This method gives an average payload ratio of 1.96 with 41.5 PSNR on average. Besides, the maximum size of secret image that can be hidden in the cover image of size 512*512 is 262*261. Also, when hiding 64800 bits in baboon cover image of size 512*512, it gives PSNR of 50.42 and MSE of 0.59.

Video Steganography is an extension of image steganography where any kind of file in any extension is hidden into a digital video. The video content is dynamic in nature and this makes the detection of hidden data difficult than other steganographic techniques. The main motive of using video steganography is that the videos can store large amount of data in it. This paper focuses on security using the combination of hybrid neural networks and hash function for determining the best bits in the cover video to embed the secret data. For the embedding process, the cover video and the data to be hidden is uploaded. Then the hash algorithm and neural networks are applied to form the stego video. For the extraction process, the reverse process is applied and the secret data is obtained. All experiments are done using MatLab2016a software.

In this paper, we develop a statistical framework for image steganography in which the cover and stego messages are modeled as multivariate Gaussian random variables. By minimizing the detection error of an optimal detector within the generalized adopted statistical model, we propose a novel Gaussian embedding method. Furthermore, we extend the formulation to cost-based steganography, resulting in a universal embedding scheme that works with embedding costs as well as variance estimators. Experimental results show that the proposed approach avoids embedding in smooth regions and significantly improves the security of the state-of-the-art methods, such as HILL, MiPOD, and S-UNIWARD.

Now-a-days, video steganography has developed for a secured communication among various users. The two important factor of steganography method are embedding potency and embedding payload. Here, a Multiple Object Tracking (MOT) algorithmic programs used to detect motion object, also shows foreground mask. Discrete wavelet Transform (DWT) and Discrete Cosine Transform (DCT) are used for message embedding and extraction stage. In existing system Least significant bit method was proposed. This technique of hiding data may lose some data after some file transformation. The suggested Multiple object tracking algorithm increases embedding and extraction speed, also protects secret message against various attackers.

In recent years, various cloud-based services have been introduced in our daily lives, and information security is now an important topic for protecting the users. In the literature, many technologies have been proposed and incorporated into different services. Data hiding or steganography is a data protection technology, and images are often used as the cover data. On the other hand, steganalysis is an important tool to test the security strength of a steganography technique. So far, steganalysis has been used mainly for detecting the existence of secret data given an image, i.e., to classify if the given image is a normal or a stego image. In this paper, we investigate the possibility of identifying the locations of the embedded data if the a given image is suspected to be a stego image. The purpose is of two folds. First, we would like to confirm the decision made by the first level steganalysis; and the second is to provide a way to guess the size of the embedded data. Our experimental results show that in most cases the embedding positions can be detected. This result can be useful for developing more secure steganography technologies.

Steganography means hiding secrete message in cover object in a way that no suspicious from the attackers, the most popular steganography schemes is image steganography. A very common questions that asked in the field are: 1- what is the embedding scheme used?, 2- where is (location) the secrete messages are embedded?, and 3- how the sender will tell the receiver about the locations of the secrete message?. Here in this paper we are deal with and aimed to answer questions number 2 and 3. We used the popular scheme in image steganography which is least significant bits for embedding in edges positions in color images. After we separate the color images into its components Red, Green, and Blue, then we used one of the components as an index to find the edges, while other one or two components used for embedding purpose. Using this technique we will guarantee the same number and positions of edges before and after embedding scheme, therefore we are guaranteed extracting the secrete message as it's without any loss of secrete messages bits.

Network steganography is a branch of steganography that hides information through packet header manipulation and uses protocols as carriers to hide secret information. Many techniques were already developed using the Transmission Control Protocol (TCP) headers. Among the schemes in hiding information in the TCP header, the Initial Sequence Number (ISN) field is the most difficult to be detected since this field can have arbitrary values within the requirements of the standard. In this paper, a more undetectable scheme is proposed by increasing the complexity of hiding data in the TCP ISN using dynamic identifiers. The experimental results have shown that using Bayes Net, the proposed scheme outperforms the existing scheme with a low detection accuracy of 0.52%.

Part of our team proposed a new steganalytic method based on NIST tests at MMM-ACNS 2017 [1], and it was encouraged to investigate some cipher modifications to prevent such types of steganalysis. In the current paper, we propose one cipher modification based on decompression by arithmetic source compression coding. The experiment shows that the current proposed method allows to protect stegosystems against steganalysis based on NIST tests, while security of the encrypted embedded messages is kept. Protection of contemporary image steganography based on edge detection and modified LSB against NIST tests steganalysis is also presented.

In this paper, a general content adaptive image steganography detector in the spatial domain is proposed. We assemble conventional Haar and LBP features to construct local co-occurrence features, then the boosted classifiers are used to assemble the features as well as the final detector, and each weak classifier of the boosted classifiers corresponds to the co-occurrence feature of a local image region. Moreover, the classification ability and the generalization power of the candidate features are both evaluated for decision in the feature selection procedure of boosting training, which makes the final detector more accuracy. The experimental results on standard dataset show that the proposed framework can detect two primary content adaptive stego algorithms in the spatial domain with higher accuracy than the state-of-the-art steganalysis method.

Steganography is defined as the art of hiding secret data in a non-secret digital carrier called cover media. Trading delicate data without assurance against intruders that may intrude on this data is a lethal. In this manner, transmitting delicate information and privileged insights must not rely on upon just the current communications channels insurance advancements. Likewise should make more strides towards information insurance. This article proposes an improved approach for video steganography. The improvement made by searching for exact matching between the secret text and the video frames RGB channels and Random Key -Dependent Data, achieving steganography performance criteria, invisibility, payload/capacity and robustness.

This paper presents a machine learning classifier designed to identify SQL injection vulnerabilities in PHP code. Both classical and deep learning based machine learning algorithms were used to train and evaluate classifier models using input validation and sanitization features extracted from source code files. On ten-fold cross validations a model trained using Convolutional Neural Network(CNN) achieved the highest precision (95.4%), while a model based on Multilayer Perceptron(MLP) achieved the highest recall (63.7%) and the highest f-measure (0.746).

In this paper, we present a combinatorial testing methodology for testing web applications in regards to SQL injection vulnerabilities. We describe three attack grammars that were developed and used to generate concrete attack vectors. Furthermore, we present and evaluate two different oracles used to observe the application's behavior when subjected to such attack vectors. We also present a prototype tool called SQLInjector capable of automated SQL injection vulnerability testing for web applications. The developed methodology can be applied to any web application that uses server side scripting and HTML for handling user input and has a SQL database backend. Our approach relies on the use of a database proxy, making this a gray-box testing method. We establish the effectiveness of the proposed tool with the WAVSEP verification framework and conduct a case study on real-world web applications, where we are able to discover both known vulnerabilities and additional previously undiscovered flaws.

Stealing confidential information from a database has become a severe vulnerability issue for web applications. The attacks can be prevented by defining a whitelist of SQL queries issued by web applications and detecting queries not in list. For large-scale web applications, automated generation of the whitelist is conducted because manually defining numerous query patterns is impractical for developers. Conventional methods for automated generation are unable to detect attacks immediately because of the long time required for collecting legitimate queries. Moreover, they require application-specific implementations that reduce the versatility of the methods. As described herein, we propose a method to generate a whitelist automatically using queries issued during web application tests. Our proposed method uses the queries generated during application tests. It is independent of specific applications, which yields improved timeliness against attacks and versatility for multiple applications.