Biblio

With the fast development of autonomous driving and vehicular communication technologies, intelligent transportation systems that are based on VANET (Vehicular Ad-Hoc Network) have shown great promise. For instance, through V2V (Vehicle-to-Vehicle) and V2I (Vehicle-to-Infrastructure) communication, intelligent intersections allow more fine-grained control of vehicle crossings and significantly enhance traffic efficiency. However, the performance and safety of these VANET-based systems could be seriously impaired by communication delays and packet losses, which may be caused by network congestion or by malicious attacks that target communication timing behavior. In this paper, we quantitatively model and analyze some of the timing and security issues in transportation networks with VANET-based intelligent intersections. In particular, we demonstrate how communication delays may affect the performance and safety of a single intersection and of multiple interconnected intersections, and present our delay-tolerant intersection management protocols. We also discuss the issues of such protocols when the vehicles are non-cooperative and how they may be addressed with game theory.

This paper studies physical layer security in a wireless ad hoc network with numerous legitimate transmitter-receiver pairs and passive eavesdroppers. A hybrid full-/half-duplex receiver deployment strategy is proposed to secure legitimate transmissions, by letting a fraction of legitimate receivers work in the full-duplex (FD) mode sending jamming signals to confuse eavesdroppers upon their own information receptions, and other receivers work in the half-duplex mode just receiving desired signals. This paper aims to properly choose the fraction of the FD receivers to enhance network security. Tractable expressions for the connection outage probability and the secrecy outage probability of a typical legitimate link are first derived, based on which the network-wide secrecy throughput is maximized. Some insights into the optimal fraction are further developed. It is concluded that the fraction of the FD receivers triggers a non-trivial trade-off between reliability and secrecy, and the optimal fraction significantly improves the network security performance.

Fast-changing topologies and uncoordinated transmissions are two critical challenges of implementing data security in vehicular ad-hoc networks (VANETs). We propose a new protocol, where transmitters adaptively switch between backing off retransmissions and changing keys to improve success rate. A new 3-dimensional (3-D) Markov model, which can analyze the proposed protocol with symmetric or asymmetric keys in terms of data security and connectivity, is developed. Analytical results, validated by simulations, show that the proposed protocol achieves substantially improved resistance against collusion attacks.

One challenge for engineered cyber physical systems (CPSs) is the possibility for a malicious intruder to change the data transmitted across the cyber channel as a means to degrade the performance of the physical system. In this paper, we consider a data injection attack on a cyber physical system. We propose a hybrid framework for detecting the presence of an attack and operating the plant in spite of the attack. Our method uses an observer-based detection mechanism and a passivity balance defense framework in the hybrid architecture. By switching the controller, passivity and exponential stability are established under the proposed framework.

Cloud computing is a solution to reduce the cost of IT by providing elastic access to shared resources. It also provides solutions for on-demand computing power and storage for devices at the edge networks with limited resources. However, increasing the number of connected devices caused by IoT architecture leads to higher network traffic and delay for cloud computing. The centralised architecture of cloud computing also makes the edge networks more susceptible to challenges in the core network. Fog computing is a solution to decrease the network traffic, delay, and increase network resilience. In this paper, we study how fog computing may improve network resilience. We also conduct a simulation to study the effect of fog computing on network traffic and delay. We conclude that using fog computing prepares the network for better response time in case of interactive requests and makes the edge networks more resilient to challenges in the core network.

The IoT (Internet of Things) is one of the primary reasons for the massive growth in the number of connected devices to the Internet, thus leading to an increased volume of traffic in the core network. Fog and edge computing are becoming a solution to handle IoT traffic by moving timesensitive processing to the edge of the network, while using the conventional cloud for historical analysis and long-term storage. Providing processing, storage, and network communication at the edge network are the aim of fog computing to reduce delay, network traffic, and decentralise computing. In this paper, we define a framework that realises fog computing that can be extended to install any service of choice. Our framework utilises fog nodes as an extension of the traditional switch to include processing, networking, and storage. The fog nodes act as local decision-making elements that interface with software-defined networking (SDN), to be able to push updates throughout the network. To test our framework, we develop an IP spoofing security application and ensure its correctness through multiple experiments.

Traditionally, the focus of security and ensuring confidentiality, integrity, and availability of data in spacecraft systems has been on the ground segment and the uplink/downlink components. Although these are the most obvious attack vectors, potential security risks against the satellite's platform is also a serious concern. This paper discusses a notional satellite architecture and explores security vulnerabilities using a systems-level approach. Viewing attacks through this paradigm highlights several potential attack vectors that conventional satellite security approaches fail to consider. If left undetected, these could yield physical effects limiting the satellite's mission or performance. The approach presented aids in risk analysis and gives insight into architectural design considerations which improve the system's overall resiliency.

Cyber-Physical Systems (CPS) such as Unmanned Aerial Systems (UAS) sense and actuate their environment in pursuit of a mission. The attack surface of these remotely located, sensing and communicating devices is both large, and exposed to adversarial actors, making mission assurance a challenging problem. While best-practice security policies should be followed, they are rarely enough to guarantee mission success as not all components in the system may be trusted and the properties of the environment (e.g., the RF environment) may be under the control of the attacker. CPS must thus be built with a high degree of resilience to mitigate threats that security cannot alleviate. In this paper, we describe the Agile and Resilient Embedded Systems (ARES) methodology and metric set. The ARES methodology pursues cyber security and resilience (CSR) as high level system properties to be developed in the context of the mission. An analytic process guides system developers in defining mission objectives, examining principal issues, applying CSR technologies, and understanding their interactions.

Cloud computing has become a widely used computing paradigm providing on-demand computing and storage capabilities based on pay-as-you-go model. Recently, many organizations, especially in the field of big data, have been adopting the cloud model to perform data analytics through leasing powerful Virtual Machines (VMs). VMs can be attractive targets to attackers as well as untrusted cloud providers who aim to get unauthorized access to the business critical-data. The obvious security solution is to perform data analytics on encrypted data through the use of cryptographic keys as that of the Advanced Encryption Standard (AES). However, it is very easy to obtain AES cryptographic keys from the VM's Random Access Memory (RAM). In this paper, we present a novel key-scattering (KS) approach to protect the cryptographic keys while encrypting/decrypting data. Our solution is highly portable and interoperable. Thus, it could be integrated within today's existing cloud architecture without the need for further modifications. The feasibility of the approach has been proven by implementing a functioning prototype. The evaluation results show that our approach is substantially more resilient to brute force attacks and key extraction tools than the standard AES algorithm, with acceptable execution time.

Security evaluation of diverse SDN frameworks is of significant importance to design resilient systems and deal with attacks. Focused on SDN scenarios, a game-theoretic model is proposed to analyze their security performance in existing SDN architectures. The model can describe specific traits in different structures, represent several types of information of players (attacker and defender) and quantitatively calculate systems' reliability. Simulation results illustrate dynamic SDN structures have distinct security improvement over static ones. Besides, effective dynamic scheduling mechanisms adopted in dynamic systems can enhance their security further.

Conventional cyber defenses require continual maintenance: virus, firmware, and software updates; costly functional impact tests; and dedicated staff within a security operations center. The conventional defenses require access to external sources for the latest updates. The whitelisted system, however, is ideally a system that can sustain itself freed from external inputs. Cyber-Physical Systems (CPS), have the following unique traits: digital commands are physically observable and verifiable; possible combinations of commands are limited and finite. These CPS traits, combined with a trust anchor to secure an unclonable digital identity (i.e., digitally unclonable function [DUF] - Patent Application \#15/183,454; CodeLock), offers an excellent opportunity to explore defenses built on whitelisting approach called “Trustworthy Design Architecture (TDA).” There exist significant research challenges in defining what are the physically verifiable whitelists as well as the criteria for cyber-physical traits that can be used as the unclonable identity. One goal of the project is to identify a set of physical and/or digital characteristics that can uniquely identify an endpoint. The measurements must have the properties of being reliable, reproducible, and trustworthy. Given that adversaries naturally evolve with any defense, the adversary will have the goal of disrupting or spoofing this process. To protect against such disruptions, we provide a unique system engineering technique, when applied to CPSs (e.g., nuclear processing facilities, critical infrastructures), that will sustain a secure operational state without ever needing external information or active inputs from cybersecurity subject-matter experts (i.e., virus updates, IDS scans, patch management, vulnerability updates). We do this by eliminating system dependencies on external sources for protection. Instead, all internal co- munication is actively sealed and protected with integrity, authenticity and assurance checks that only cyber identities bound to the physical component can deliver. As CPSs continue to advance (i.e., IoTs, drones, ICSs), resilient-maintenance free solutions are needed to neutralize/reduce cyber risks. TDA is a conceptual system engineering framework specifically designed to address cyber-physical systems that can potentially be maintained and operated without the persistent need or demand for vulnerability or security patch updates.

Unattended Wireless Sensor Networks (UWSN) are usually deployed in human-hostile environments. Such architectures raise a challenge to data protection for two main reasons. First, sensors have limited capacities in terms of performance and memory, so not all cryptographic mechanisms can be applied. Moreover, the measurements cannot be immediately gathered, so they have to be kept inside the devices until a mobile sink comes to collect them. This paper introduces a new method for secure and resilient data protection inside UWSN. It is based on a lightweight fragmentation scheme that transforms data collected by a sensor into multiple secure fragments that are distributed over sensor's neighboring nodes in a way that only a certain amount of these fragments is required for data recovery. Moreover, data security is reinforced by the use of a dynamic key refreshed after each visit of the mobile sink. Authentication and integrity information are dispersed within the fragments to protected data from active attacks. Homomorphic properties of the algorithm allow to significantly reduce storage space inside the nodes. Performance and empirical security evaluation results show that the proposed scheme achieves a good trade-off between performance, data protection and memory occupation.

Vehicular ad-Hoc Networks (VANETs) have been promoted as a key technology that can provide a wide variety of services such as traffic management, passenger safety, as well as travel convenience and comfort. VANETs are now proposed to be part of the upcoming Fifth Generation (5G) technology, integrated with Software Defined Networking (SDN), as key enabler of 5G. The technology of fog computing in 5G turned out to be an adequate solution for faster processing in delay sensitive application, such as VANETs, being a hybrid solution between fully centralized and fully distributed networks. In this paper, we propose a three-way integration between VANETs, SDN, and 5G for a resilient VANET security design approach, which strikes a good balance between network, mobility, performance and security features. We show how such an approach can secure VANETs from different types of attacks such as Distributed Denial of Service (DDoS) targeting either the controllers or the vehicles in the network, and how to trace back the source of the attack. Our evaluation shows the capability of the proposed system to enforce different levels of real-time user-defined security, while maintaining low overhead and minimal configuration.

Utility networks are part of every nation's critical infrastructure, and their protection is now seen as a high priority objective. In this paper, we propose a threat awareness architecture for critical infrastructures, which we believe will raise security awareness and increase resilience in utility networks. We first describe an investigation of trends and threats that may impose security risks in utility networks. This was performed on the basis of a viewpoint approach that is capable of identifying technical and non-technical issues (e.g., behaviour of humans). The result of our analysis indicated that utility networks are affected strongly by technological trends, but that humans comprise an important threat to them. This provided evidence and confirmed that the protection of utility networks is a multi-variable problem, and thus, requires the examination of information stemming from various viewpoints of a network. In order to accomplish our objective, we propose a systematic threat awareness architecture in the context of a resilience strategy, which ultimately aims at providing and maintaining an acceptable level of security and safety in critical infrastructures. As a proof of concept, we demonstrate partially via a case study the application of the proposed threat awareness architecture, where we examine the potential impact of attacks in the context of social engineering in a European utility company.

Building secure systems used to mean ensuring a secure perimeter, but that is no longer the case. Today's systems are ill-equipped to deal with attackers that are able to pierce perimeter defenses. Data provenance is a critical technology in building resilient systems that will allow systems to recover from attackers that manage to overcome the "hard-shell" defenses. In this paper, we provide background information on data provenance, details on provenance collection, analysis, and storage techniques and challenges. Data provenance is situated to address the challenging problem of allowing a system to "fight-through" an attack, and we help to identify necessary work to ensure that future systems are resilient.

This paper focuses on exploitable cyber vulnerabilities in industrial control systems (ICS) and on a new approach of resiliency against them. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of cyber-attacks for ICS is impossible. Countering the impact and consequence of possible malfunctions caused by such attacks in the safety-critical ICS's, this paper proposes new controller architecture to fail-operate even under compromised situations. The proposed new ICS is realized with diversification of hardware/software and unidirectional communication in alerting suspicious infiltration to upper-level management. Equipped with control bus monitoring, this operation-basis approach of infiltration detection would become a truly cyber-resilient ICS. The proposed system is tested in a lab hardware experimentation setup and on a cybersecurity test bed, DeterLab, for validation.

Life-cycle management of stateful VNF services is a complicated task, especially when automated resiliency and scaling should be handled in a secure manner, without service degradation. We present FlowSNAC, a resilient and scalable VNF service for user authentication and service deployment. FlowSNAC consists of both stateful and stateless components, some of that are SDN-based and others that are NFVs. We describe how it adapts to changing conditions by automatically updating resource allocations through a series of intermediate steps of traffic steering, resource allocation, and secure state transfer. We conclude by highlighting some of the lessons learned during implementation, and their wider consequences for the architecture of SDN/NFV management and orchestration systems.

With the developing understanding of Information Security and digital assets, IT technology has put on tremendous importance of network admission control (NAC). In NAC architecture, admission decisions and resource reservations are taken at edge devices, rather than resources or individual routers within the network. The NAC architecture enables resilient resource reservation, maintaining reservations even after failures and intra-domain rerouting. Admission Control Networks destiny is based on IP networks through its Security and Quality of Service (QoS) demands for real time multimedia application via advance resource reservation techniques. To achieve Security & QoS demands, in real time performance networks, admission control algorithm decides whether the new traffic flow can be admitted to the network or not. Secure allocation of Peer for multimedia traffic flows with required performance is a great challenge in resource reservation schemes. In this paper, we have proposed our model for VoIP networks in order to achieve security services along with QoS, where admission control decisions are taken place at edge routers. We have analyzed and argued that the measurement based admission control should be done at edge routers which employs on-demand probing parallel from both edge routers to secure the source and destination nodes respectively. In order to achieve Security and QoS for a new call, we choose various probe packet sizes for voice and video calls respectively. Similarly a technique is adopted to attain a security allocation approach for selecting an admission control threshold by proposing our admission control algorithm. All results are tested on NS2 based simulation to evalualate the network performance of edge router based upon network admission control in VoIP traffic.

Control plane distribution on Software Defined Networking enhances security, performance and scalability of the network. In this paper, we propose an efficient architecture for distribution of controllers. The main contributions of the proposed architecture are: i) A controller distributed areas to ensure security, performance and scalability of the network; ii) A single database maintained by a designated controller to provide consistency to the control plane; iii) An optimized heuristic for locating controllers to reduce latency in the control plane; iv) A resilient mechanism of choosing the designated controller to ensure the proper functioning of the network, even when there are failures. A prototype of the proposal was implemented and the placement heuristic was analyzed in real topologies. The results show that connectivity is maintained even in failure scenarios. Finally, we show that the placement optimization reduces the average latency of controllers. Our proposed heuristic achieves a fair distribution of controllers and outperforms the network resilience of other heuristics up to two times better.

We propose secure RAID, i.e., low-complexity schemes to store information in a distributed manner that is resilient to node failures and resistant to node eavesdropping. We generalize the concept of systematic encoding to secure RAID and show that systematic schemes have significant advantages in the efficiencies of encoding, decoding and random access. For the practical high rate regime, we construct three XOR-based systematic secure RAID schemes with optimal encoding and decoding complexities, from the EVENODD codes and B codes, which are array codes widely used in the RAID architecture. These schemes optimally tolerate two node failures and two eavesdropping nodes. For more general parameters, we construct efficient systematic secure RAID schemes from Reed-Solomon codes. Our results suggest that building “keyless”, information-theoretic security into the RAID architecture is practical.

The modern electric power grid is a complex cyber-physical system whose reliable operation is enabled by a wide-area monitoring and control infrastructure. Recent events have shown that vulnerabilities in this infrastructure may be exploited to manipulate the data being exchanged. Such a scenario could cause the associated control applications to mis-operate, potentially causing system-wide instabilities. There is a growing emphasis on looking beyond traditional cybersecurity solutions to mitigate such threats. In this paper we perform a testbed-based validation of one such solution - Attack Resilient Control (ARC) - on Iowa State University's PowerCyber testbed. ARC is a cyber-physical security solution that combines domain-specific anomaly detection and model-based mitigation to detect stealthy attacks on Automatic Generation Control (AGC). In this paper, we first describe the implementation architecture of the experiment on the testbed. Next, we demonstrate the capability of stealthy attack templates to cause forced under-frequency load shedding in a 3-area test system. We then validate the performance of ARC by measuring its ability to detect and mitigate these attacks. Our results reveal that ARC is efficient in detecting stealthy attacks and enables AGC to maintain system operating frequency close to its nominal value during an attack. Our studies also highlight the importance of testbed-based experimentation for evaluating the performance of cyber-physical security and control applications.

Customer Edge Switching (CES) is an experimental Internet architecture that provides reliable and resilient multi-domain communications. It provides resilience against security threats because domains negotiate inbound and outbound policies before admitting new traffic. As CES and its signalling protocols are being prototyped, there is a need for independent testing of the CES architecture. Hence, our research goal is to develop an automated test framework that CES protocol designers and early adopters can use to improve the architecture. The test framework includes security, functional, and performance tests. Using the Robot Framework and STRIDE analysis, in this paper we present this automated security test framework. By evaluating sample test scenarios, we show that the Robot Framework and our CES test suite have provided productive discussions about this new architecture, in addition to serving as clear, easy-to-read documentation. Our research also confirms that test automation can be useful to improve new protocol architectures and validate their implementation.

In this paper, we introduce the use of adaptive controllers into software-defined networking (SDN) and propose the use of adaptive consistency models in the context of distributed SDN controllers. These adaptive controllers can tune their own configurations in real-time in order to enhance the performance of the applications running on top of them. We expect that the use of such controllers could alleviate some of the emerging challenges in SDN that could have an impact on the performance, security, or scalability of the network. Further, we propose extending the SDN controller architecture to support adaptive consistency based on tunable consistency models. Finally, we compare the performance of a proof-of-concept distributed load-balancing application when it runs on-top of: (1) an adaptive and (2) a non-adaptive controller. Our results indicate that adaptive controllers were more resilient to sudden changes in the network conditions than the non-adaptive ones.

Internet infrastructure developments and the rise of the IoT Socio-Technical Systems (STS) have frequently generated more unsecure protocols to facilitate the rapid intercommunication between the plethoras of IoT devices. Whereas, current development of the IoT has been mainly focused on enabling and effectively meeting the functionality requirement of digital-enabled enterprises we have seen scant regard to their IA architecture, marginalizing system resilience with blatant afterthoughts to cyber defence. Whilst interconnected IoT devices do facilitate and expand information sharing; they further increase of risk exposure and potential loss of trust to their Socio-Technical Systems. A change in the IoT paradigm is needed to enable a security-first mind-set; if the trusted sharing of information built upon dependable resilient growth of IoT is to be established and maintained. We argue that Information Assurance is paramount to the success of IoT, specifically its resilience and dependability to continue its safe support for our digital economy.

Software Defined Networking (SDN) is the new promise towards an easily configured and remotely controlled network. Based on Centralized control, SDN technology has proved its positive impact on the world of network communications from different aspects. Security in SDN, as in traditional networks, is an essential feature that every communication system should possess. In this paper, we propose an SDN security design approach, which strikes a good balance between network performance and security features. We show how such an approach can be used to prevent DDoS attacks targeting either the controller or the different hosts in the network, and how to trace back the source of the attack. The solution lies in introducing a third plane, the security plane, in addition to the data plane, which is responsible for forwarding data packets between SDN switches, and parallel to the control plane, which is responsible for rule and data exchange between the switches and the SDN controller. The security plane is designed to exchange security-related data between a third party agent on the switch and a third party software module alongside the controller. Our evaluation shows the capability of the proposed system to enforce different levels of real-time user-defined security with low overhead and minimal configuration.