Biblio

Large-scale onboarding of industrial cyber physical systems requires efficiency and security. In situations with the dynamic addition of devices (e.g., from subcontractors entering a workplace), automation of the onboarding process is desired. The Eclipse Arrowhead framework, which provides a platform for industrial automation, requires reliable, flexible, and secure device onboarding to local clouds. In this paper, we propose a device onboarding method in the Arrowhead framework where decentralized authorization is provided by Power of Attorney. The model allows users to subgrant power to trusted autonomous devices to act on their behalf. We present concepts, an implementation of the proposed system, and a use case for scalable onboarding where Powers of Attorney at two levels are used to allow a subcontractor to onboard its devices to an industrial site. We also present performance evaluation results.

With the growing number of IoT applications and devices, IoT security breaches are a dangerous reality. Cost pressure and complexity of security tests for embedded systems and networked infrastructure are often the excuse for skipping them completely. In our paper we introduce SecLab security test lab to overcome that problem. Based on a flexible and lightweight architecture, SecLab allows developers and IoT security specialists to harden their systems with a low entry hurdle. The open architecture supports the reuse of existing external security test libraries and scalability for the assessment of complex IoT Systems. A reference implementation of security tests in a realistic IoT application scenario proves the approach.

Achieving agile and resilient autonomous capabilities for cyber defense requires moving past indicators and situational awareness into automated response and recovery capabilities. The objective of the AlphaSOC project is to use state of the art sequential decision-making methods to automatically investigate and mitigate attacks on cyber physical systems (CPS). To demonstrate this, we developed a simulation environment that models the distributed navigation control system and physics of a large ship with two rudders and thrusters for propulsion. Defending this control network requires processing large volumes of cyber and physical signals to coordi-nate defensive actions over many devices with minimal disruption to nominal operation. We are developing a Reinforcement Learning (RL)-based approach to solve the resulting sequential decision-making problem that has large observation and action spaces.

The emergence of CPSs leads to modernization of critical infrastructures and improving flexibility and efficiency from one point of view. However, from another point of view, this modernization has subjected them to cyber threats. This paper provides a modeling approach for evaluating the security of CPSs. The main idea behind the presented model is to study the attacker and the system behaviors in the penetration and attack phases with exploiting some defensive countermeasures such as redundant components and attack detection strategies. By using the proposed approach, we can investigate how redundancy factor of sensors, controllers and actuators and intrusion detection systems can improve the system security and delay the system security failure.

In this paper, we investigate the conditions for the existence of dynamically undetectable attacks and perfectly undetectable attacks. Then we provide a quantitative measure on the security for discrete-time linear time-invariant (LTI) systems under both actuator and sensor attacks based on undetectability. Finally, the computation of proposed security index is reduced to a min-cut problem for the structured systems by graph theory. Numerical examples are provided to illustrate the theoretical results.

The model called CSAI-4-CPS is proposed to characterize the use of Artificial Intelligence in Cybersecurity applied to the context of CPS - Cyber-Physical Systems. The model aims to establish a methodology being able to self-adapt using shared machine learning models, without incurring the loss of data privacy. The model will be implemented in a generic framework, to assess accuracy across different datasets, taking advantage of the federated learning and machine learning approach. The proposed solution can facilitate the construction of new AI cybersecurity tools and systems for CPS, enabling a better assessment and increasing the level of security/robustness of these systems more efficiently.

Low-Power and Lossy Networks (LLNs) run on resource-constrained devices and play a key role in many Industrial Internet of Things and Cyber-Physical Systems based applications. But, achieving an energy-efficient routing in LLNs is a major challenge nowadays. This challenge is addressed by Routing Protocol for Low-power Lossy Networks (RPL), which is specified in RFC 6550 as a “Proposed Standard” at present. In RPL, a client node uses Destination Advertisement Object (DAO) control messages to pass on the destination information towards the root node. An attacker may exploit the DAO sending mechanism of RPL to perform a DAO Insider attack in LLNs. In this paper, it is shown that an aggressive attacker can drastically degrade the network performance. To address DAO Insider attack, a lightweight defense solution is proposed. The proposed solution uses an early blacklisting strategy to significantly mitigate the attack and restore RPL performance. The proposed solution is implemented and tested on Cooja Simulator.

5G and beyond 5G low power wireless networks make Internet of Things (IoT) and Cyber-Physical Systems (CPS) applications capable of serving massive amounts of devices and machines. Due to the broadcast nature of wireless networks, it is crucial to secure the communication between these devices and machines from spoofing and interception attacks. This paper is concerned with the security of carrier frequency offset (CFO) based continuous physical layer authentication. The interaction between an attacker and a defender is modeled as a dynamic discrete leader-follower game with imperfect information. In the considered model, a legitimate user (Alice) communicates with the defender/operator (Bob) and is authorized by her CFO continuously. The attacker (Eve), by listening/eavesdropping the communication between Alice and Bob, tries to learn the CFO characteristics of Alice and aims to inject malicious packets to Bob by impersonating Alice. First, by showing that the optimal attacker strategy is a threshold policy, an optimization problem of the attacker with exponentially growing action space is reduced to a tractable integer optimization problem with a single parameter, then the corresponding defender cost is derived. Extensive simulations illustrate the characteristics of optimal strategies/utilities of the players depending on the actions, and show that the defender’s optimal false positive rate causes attack success probabilities to be in the order of 0.99. The results show the importance of the parameters while finding the balance between system security and efficiency.

Industrial Control Systems (ICS) are complex systems made up of many components with different tasks. For a safe and secure operation, each device needs to carry out its tasks correctly. To monitor a system and ensure the correct behavior of systems, anomaly detection is used.Models of expected behavior often rely only on cyber or physical features for anomaly detection. We propose an anomaly detection system that combines both types of features to create a dynamic fingerprint of an ICS. We present how a cyber-physical anomaly detection using sound on the physical layer can be designed, and which challenges need to be overcome for a successful implementation. We perform an initial evaluation for identifying actions of a 3D printer.

The aim of this study is to determine the current challenges related to security and trust issues in digital supply chains. The development of information and communication technologies (ICT) has improved the efficiency of supply chains, while creating new vulnerabilities and increasing the likelihood of security threats. Previous studies lack the physical security aspect, so the emphasis is on the security of cyber-physical systems. In order to achieve the goal of the study, traditional and digital supply chains, their security risks and main differences were examined. A security framework for cyber-physical risks in digital supply chains was developed.

Frequently emergency services are required nationally and globally, in Mexico during 2020 of the 16,22,879 calls made to 911, statistics reveal that 58.43% were about security, 16.57% assistance, 13.49% medical, 6.29% civil protection, among others. However, the constant traffic of cities generates delays in the time of arrival to medical, military or civil protection services, wasting time that can be critical in an emergency. The objective is to create a connection between the road infrastructure (traffic lights) and emergency vehicles to reduce waiting time as a vehicle on a mission passes through a traffic light with Controller Area Network CAN controller to modify the color and give way to the emergency vehicle that will send signals to the traffic light controller through a controller located in the car. For this, the Controller Area Network Flexible Data (CAN-FD) controllers will be used in traffic lights since it is capable of synchronizing data in the same bus or cable to avoid that two messages arrive at the same time, which could end in car accidents if they are not it respects a hierarchy and the CANblue ll controller that wirelessly connects devices (vehicle and traffic light) at a speed of 1 Mbit / s to avoid delays in data exchange taking into account the high speeds that a car can acquire. It is intended to use the CAN controller for the development of improvements in response times in high-speed data exchange in cities with high traffic flow. As a result of the use of CAN controllers, a better data flow and interconnection is obtained.

The secure functioning of automotive systems is vital to the safety of their passengers and other roadway users. One of the critical functions for safety is the controller area network (CAN), which interconnects the safety-critical electronic control units (ECUs) in the majority of ground vehicles. Unfortunately CAN is known to be vulnerable to several attacks. One such attack is the bus-off attack, which can be used to cause a victim ECU to disconnect itself from the CAN bus and, subsequently, for an attacker to masquerade as that ECU. A limitation of the bus-off attack is that it requires the attacker to achieve tight synchronization between the transmission of the victim and the attacker's injected message. In this paper, we introduce a schedule-based attack framework for the CAN bus-off attack that uses the real-time schedule of the CAN bus to predict more attack opportunities than previously known. We describe a ranking method for an attacker to select and optimize its attack injections with respect to criteria such as attack success rate, bus perturbation, or attack latency. The results show that vulnerabilities of the CAN bus can be enhanced by schedule-based attacks.

The CAN (Controller Area Network) bus, which transmits and receives ECU control information in vehicle, has a critical risk of external intrusion because there is no standardized security system. Recently, the need for IDS (Intrusion Detection System) to detect external intrusion of CAN bus is increasing, and high accuracy and real-time processing for intrusion detection are required. In this paper, we propose Hybrid MR (Machine learning and Ruleset) -IDS based on machine learning and ruleset to improve IDS performance. For high accuracy and detection rate, feature engineering was conducted based on the characteristics of the CAN bus, and the generated features were used in detection step. The proposed Hybrid MR-IDS can cope to various attack patterns that have not been learned in previous, as well as the learned attack patterns by using both advantages of rule set and machine learning. In addition, by collecting CAN data from an actual vehicle in driving and stop state, five attack scenarios including physical effects during all driving cycle are generated. Finally, the Hybrid MR-IDS proposed in this paper shows an average of 99% performance based on F1-score.

Electromagnetic emissions associated with the transmission of automotive controller area network (CAN) messages within a passenger car have been analysed and used to reconstruct the original CAN messages. Concurrent monitoring of the CAN traffic via a wired connection to the vehicle OBD-II port was used to validate the effectiveness of the reconstruction process. These results confirm the feasibility of reconstructing in-vehicle network data for forensic purposes, without the need for wired access, at distances of up to 1 m from the vehicle by using magnetic field measurements, and up to 3 m using electric field measurements. This capability has applications in the identification and resolution of EMI issues in vehicle data network, as well as possible implications for automotive cybersecurity.

Modern cars are becoming more accessible targets for cyberattacks due to the proliferation of wireless communication channels. The intra-vehicle Controller Area Network (CAN) bus lacks authentication, which exposes critical components to interference from less secure, wirelessly compromised modules. To address this issue, we propose vProfile, a sender authentication system based on voltage fingerprints of Electronic Control Units (ECUs). vProfile exploits the physical properties of ECU output voltages on the CAN bus to determine the authenticity of bus messages, which enables the detection of both hijacked ECUs and external devices connected to the bus. We show the potential of vProfile using experiments on two production vehicles with precision and recall scores of over 99.99%. The improved identification rates and more straightforward design of vProfile make it an attractive improvement over existing methods.

The Controller Area Network (CAN) bus is the de-facto standard for connecting the Electronic Control Units (ECUs) in automobiles. However, there are serious cyber-security risks due to the lack of security mechanisms. In order to mine the vulnerabilities in CAN bus, this paper proposes CAN-FT, a fuzz testing method for automotive CAN bus, which uses a Generative Adversarial Network (GAN) based fuzzy message generation algorithm and the Adaptive Boosting (AdaBoost) based anomaly detection mechanism to capture the abnormal states of CAN bus. Experimental results on a real-world vehicle show that CAN-FT can find vulnerabilities more efficiently and comprehensively.

Cyber-attacks in electrical power system causes serious damages causing breakdown of few equipment to shutdown of the complete power system. Game theory is used as a tool to detect the cyber-attack in the power system recently. Interaction between the attackers and the defenders which is the inherent nature of the game theory is exploited to detect the cyber-attack in the power system. This paper implements the cyber-attack detection on a two-area power system controlled using the Load Frequency controller. Ant Lion Optimization is used to tune the integral controller applied in the Load Frequency Controller. Cyber-attacks that include constant injection, bias injection, overcompensation, and negative compensation are tested on the Game theory-based attack detection algorithm proposed. It is considered that the smart meters are attacked with the attacks by manipulating the original data in the power system. MATLAB based implementation is developed and observed that the defender action is satisfactory in the two-area system considered. Tuning of integral controller in the Load Frequency controller in the two-area system is also observed to be effective.

The power cyber-physical system combines the cyber network with the traditional electrical power network, which can monitor and control the operation of the power grid stably and efficiently. Since the system's structure and function is complicated and large, it becomes fragile as a result. Therefore, establishing a reasonable and effective CPS model and discussing its vulnerability performance under external attacks is essential and vital for power grid operation. This paper uses the theory of complex networks to establish a independent system model by IEEE-118-node power network and 200-node scale-free information network, introducing information index to identify and sort important nodes in the network, and then cascade model of the power cyber-physical system based on the node load capacity is constructed and the vulnerability assessment analysis is carried out. The simulation shows that the disintegration speed of the system structure under deliberate attacks is faster than random attacks; And increasing the node threshold can effectively inhibit the propagation of failure.

The vulnerability assessment of the cyber-physical power system based on complex network theory is applied in this paper. The influence of the power system statistics upon the system vulnerability is studied based on complex network theory. The electrical betweenness is defined to suitably describe the power system characteristics. The real power systems are utilized as examples to analyze the distribution of the degree and betweenness of the power system as a complex network. The topology model of the cyber-physical power system is formed, and the static analysis is implemented to the study of the cyber-physical power system structural vulnerability. The IEEE 300 bus test system is selected to verify the model.

The Internet is evolving everywhere and expanding its entity globally. The IoT(Internet of things) is a new and interesting concept introduced in this world of internet. Generally it is interconnected computing device which can be embedded in our daily routine objects through which we can send and receive data. It is beyond connecting computers and laptops only although it can connect billion of devices. It can be described as reliable method of communication that also make use of other technologies like wireless sensor, QR code etc. IoT (Internet of Things) is making everything smart with use of technology like smart homes, smart cities, smart watches. In this chapter, we will study the security algorithms in IoT (Internet of Things) which can be achieved with encryption process. In the world of IoT, data is more vulnerable to threats. So as to protect data integrity, data confidentiality, we have Light weight Encryption Algorithms like symmetric key cryptography and public key cryptography for secure IoT (Internet of Things) named as Secure IoT. Because it is not convenient to use full encryption algorithms that require large memory size, large program code and larger execution time. Light weight algorithms meet all resource constraints of small memory size, less execution time and efficiency. The algorithms can be measured in terms of key size, no of blocks and algorithm structure, chip size and energy consumption. Light Weight Techniques provides security to smart object networks and also provides efficiency. In Symmetric Key Cryptography, two parties can have identical keys but has some practical difficulty. Public Key Cryptography uses both private and public key which are related to each other. Public key is known to everyone while private key is kept secret. Public Key cryptography method is based on mathematical problems. So, to implement this method, one should have a great expertise.

An image hiding algorithm based on bit plane and two-dimensional code is proposed in this paper. The main characteristic of information hiding is to use the information redundant data of the existing image, to embed the information into these redundant data by the information hiding algorithm, or to partially replace redundant information with information to be embedded to achieve a visual invisible purpose. We first analyze the color index usage frequency of the block index matrix in the algorithm, and calculate the distance between the color of the block index matrix with only one color and the other color in the palette that is closest to the color. Then, the QR model and the compression model are applied to improve the efficiency. We compare the proposed model with the stateof-the-art models.

The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for different accounts, administrators never check password files for flaws that might lead to a successful cracking, and the lack of a tight security policy regarding regular password replacement are a few problems that need to be addressed. The proposed research work aims at enhancing this security mechanism, prevent penetrations, password theft, and attempted break-ins towards securing computing systems. The selected solution approach is two-folded; it implements a two-factor authentication scheme to prevent unauthorized access, accompanied by Honeyword principles to detect corrupted or stolen tokens. Both can be integrated into any platform or web application with the use of QR codes and a mobile phone.

In Indonesia, there have been many certificates forgery happened. The lack of security system for the certificate and the difficulty in verification process toward the authenticity certificate become the main factor of the certificate forgery cases happen. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The application is built in web system to facilitate the user to access it everywhere and any time. This research uses Research and Development method for problem analysis and to develop application using Software Development Life Cycle method with waterfall approach. Black box testing is chosen as testing method for each function in this system. The result of this research is creatcate application that’s designed to support the publishing and the verification of the electronic authenticity certificate by online. There are two main schemes in system: the scheme in making e-certificate and the scheme of verification QR Code. There is the electronic professional certificate application by applying digital signature and QR Code. It can publish e-certificate that can prevent from criminal action such certificate forgery, that’s showed in implementation and can be proven in test.

Security is a most concerning matter for client's data in today's emerging technological world in each field, like banking, management, retail, shopping, communication, education, etc. Arise in cyber-crime due to the black hat community, there is always a need for a better way to secure the client's sensitive information, Security is the key point in online banking as the threat of unapproved online access to a client's data is very significant as it ultimately danger to bank reputation. The more secure and powerful methods can allow a client to work with untrusted parties. Paper is focusing on how secure banking transaction system can work by using homomorphic encryption and steganography techniques. For data encryption NTRU, homomorphic encryption can be used and to hide details through the QR code, a cover image can be embed using steganography techniques.

A Quick Response (QR) Code is a type of barcode that can be read by the digital devices and which stores the information in a square-shaped. The QR Code readers can extract data from the patterns which are presented in the QR Code matrix. A QR Code can be acting as an attack vector that can harm indirectly. In such case a QR Code can carry malicious or phishing URLs and redirect users to a site which is well conceived by the attacker and pretends to be an authorized one. Once the QR Code is decoded the commands are triggered and executed, causing damage to information, operating system and other possible sequence the attacker expects to gain. In this paper, a new model for QR Code authentication and phishing detection has been presented. The proposed model will be able to detect the phishing and malicious URLs in the process of the QR Code validation as well as to prevent the user from validating it. The development of this application will help to prevent users from being tricked by the harmful QR Codes.