Biblio

The ability to react to a malicious attack starts with high fidelity recognition, and with that, an agile response to the attack. The current Operational Technology (OT) systems for a critical infrastructure include an intrusion detection system (IDS), but the ability to adapt to an intrusion is a human initiated response. Orchestrators, which are coming of age in the financial sector and allow for levels of automated response, are not prevalent in the OT space. To evolve to such responses in the OT space, a tradeoff analysis is first needed. This tradeoff analysis should evaluate the mitigation benefits of responses versus the physical affects that result. Providing an informed and automated response decision. This paper presents a formulation of a novel tradeoff analysis and its use in advancing a cyber-physical architecture for automated responses (CyPhAAR).

Nowadays, massive amounts of data are stored in the cloud, how to access control the cloud data has become a prerequisite for protecting the security of cloud data. In order to address the problems of centralized control and privacy protection in current access control, we propose an access control scheme based on the blockchain and re-encryption technology, namely PERBAC-BC scheme. The access control policy is managed by the decentralized and immutability characteristics of blockchain, while the re-encryption is protected by the trusted computing characteristic of blockchain and the privacy is protected by the identity re-encryption technology. The overall structure diagram and detailed execution flow of the scheme are given in this paper. Experimental results show that, compared with the traditional hybrid encryption scheme, the time and space consumption is less when the system is expanded. Then, the time and space performance of each part of the scheme is simulated, and the security of blockchain is proved. The results also show that the time and space performance of the scheme are better and the security is stronger, which has certain stability and expandability.

When a robot breaks a person's trust by making a mistake or failing, continued interaction will depend heavily on how the robot repairs the trust that was broken. Prior work in psychology has demonstrated that both the trust violation framing and the trust repair strategy influence how effectively trust can be restored. We investigate trust repair between a human and a robot in the context of a competitive game, where a robot tries to restore a human's trust after a broken promise, using either a competence or integrity trust violation framing and either an apology or denial trust repair strategy. Results from a 2×2 between-subjects study ( n=82) show that participants interacting with a robot employing the integrity trust violation framing and the denial trust repair strategy are significantly more likely to exhibit behavioral retaliation toward the robot. In the Dyadic Trust Scale survey, an interaction between trust violation framing and trust repair strategy was observed. Our results demonstrate the importance of considering both trust violation framing and trust repair strategy choice when designing robots to repair trust. We also discuss the influence of human-to-robot promises and ethical considerations when framing and repairing trust between a human and robot.

In this paper, we propose a compositional scheme for the construction of abstractions for networks of control systems by using the interconnection matrix and joint dissipativity-type properties of subsystems and their abstractions. In the proposed framework, the abstraction, itself a control system (possibly with a lower dimension), can be used as a substitution of the original system in the controller design process. Moreover, we provide a procedure for constructing abstractions of a class of nonlinear control systems by using the bounds on the slope of system nonlinearities. We illustrate the proposed results on a network of linear control systems by constructing its abstraction in a compositional way without requiring any condition on the number or gains of the subsystems. We use the abstraction as a substitute to synthesize a controller enforcing a certain linear temporal logic specification. This example particularly elucidates the effectiveness of dissipativity-type compositional reasoning for large-scale systems.

We consider a compositional construction of approximate abstractions of interconnected control systems. In our framework, an abstraction acts as a substitute in the controller design process and is itself a continuous control system. The abstraction is related to the concrete control system via a so-called simulation function: a Lyapunov-like function, which is used to establish a quantitative bound between the behavior of the approximate abstraction and the concrete system. In the first part of the paper, we provide a small gain type condition that facilitates the compositional construction of an abstraction of an interconnected control system together with a simulation function from the abstractions and simulation functions of the individual subsystems. In the second part of the paper, we restrict our attention to linear control system and characterize simulation functions in terms of controlled invariant, externally stabilizable subspaces. Based on those characterizations, we propose a particular scheme to construct abstractions for linear control systems. We illustrate the compositional construction of an abstraction on an interconnected system consisting of four linear subsystems. We use the abstraction as a substitute to synthesize a controller to enforce a certain linear temporal logic specification.

At present, the network architecture is based on the TCP/IP protocol and node communications are achieved by the IP address and identifier of the node. The IP address in the network remains basically unchanged, so it is more likely to be attacked by network intruder. To this end, it is important to make periodic dynamic hopping in a specific address space possible, so that an intruder fails to obtain the internal network address and grid topological structure in real time and to continue to perform infiltration by the building of a new address space layout randomization system on the basis of SDN from the perspective of an attacker.

This paper presents a framework for medium access control (MAC) and physical (PRY) cross-layer security design of wireless avionics intra-communications (WAICs). The paper explores the different options based on the latest results of MAC-PRY cross-layer design and the available standard technologies for WAICs. Particular emphasis is given to solutions based on multiple-input multiple-output (MIMO) systems and recent developments towards a wireless technology with ultra-low latency and high reliability in the context of 5G and machine-type traffic support. One major objective is to improve WAICs technology and thus match the real-time, reliability and safety critical performance of the internal aeronautics bus technologies (e.g., ARINC 664). The main identified vulnerabilities and potential solutions are explored, as well as their impact on system design complexity and feasibility for wireless networks on-board aircraft. The solutions are presented in the context of the European project SCOTT (secure connected trustable things) using the recently released reference architecture for trusted IoT systems. Other aspects of SCOTT such as trust, privacy, security classes, and safety are also discussed here for the aeronautics domain.

Mobile Ad hoc Network (MANET) is the collection of mobile devices which could change the locations and configure themselves without a centralized base point. Mobile Ad hoc Networks are vulnerable to attacks due to its dynamic infrastructure. The routing attacks are one among the possible attacks that causes damage to MANET. This paper gives a new method of risk aware response technique which is combined version the Dijkstra's shortest path algorithm and Destination Sequenced Distance Vector (DSDV) algorithm. This can reduce black hole attacks. Dijkstra's algorithm finds the shortest path from the single source to the destination when the edges have positive weights. The DSDV is an improved version of the conventional technique by adding the sequence number and next hop address in each routing table.

Voice-based input is usually used as the primary input method for augmented reality (AR) headsets due to immersive AR experience and good recognition performance. However, recent researches have shown that an attacker can inject inaudible voice commands to the devices that lack voice verification. Even if we secure voice input with voice verification techniques, an attacker can easily steal the victim's voice using low-cast handy recorders and replay it to voice-based applications. To defend against voice-spoofing attacks, AR headsets should be able to determine whether the voice is from the person who is using the AR headsets. Existing voice-spoofing defense systems are designed for smartphone platforms. Due to the special locations of microphones and loudspeakers on AR headsets, existing solutions are hard to be implemented on AR headsets. To address this challenge, in this paper, we propose a voice-spoofing defense system for AR headsets by leveraging both the internal body propagation and the air propagation of human voices. Experimental results show that our system can successfully accept normal users with average accuracy of 97% and defend against two types of attacks with average accuracy of at least 98%.

The NOC Network on chip provides better performance and scalability communication structures point-to-point signal node, shared through bus architecture. Information analysis of method using the IOT termination, as the energy consumed in this regard reduces and reduces the network load but it also displays safety concerns because the valuation data is stored or transmitted to the network in various stages of the node. Using encryption to protect data on the area of network-on-chip Analysis Machine is a way to solve data security issues. We propose a Network on chip based on a combined multicore cluster with special packages for computing-intensive data processing and encryption functionality and support for software, in a tight power envelope for analyzing and coordinating integrated encryption. Programming for regular computing tasks is the challenge of efficient and secure data analysis for IOT end-end applications while providing full-functionality with high efficiency and low power to satisfy the needs of multiple processing applications. Applications provide a substantial parallel, so they can also use NOC's ability. Applications must compose in. This system controls the movement of the packets through the network. As network on chip (NOC) systems become more prevalent in the processing unit. Routers and interconnection networks are the main components of NOC. This system controls the movement of packets over the network. Chip (NOC) networks are very backward for the network processing unit. Guides and Link Networks are critical elements of the NOC. Therefore, these areas require less access and power consumption, so we can better understand environmental and energy transactions. In this manner, a low-area and efficient NOC framework were proposed by removing virtual channels.

Data leakage and disclosure to attackers is a significant problem in embedded systems, considering the ability of attackers to get physical access to the systems. We present methods to protect memory data leakage in tamper-proof embedded systems. We present methods that exploit memory supply voltage manipulation to change the memory contents, leading to an operational and reusable memory or to destroy memory cell circuitry. For the case of memory data change, we present scenaria for data change to a known state and to a random state. The data change scenaria are effective against attackers who cannot detect the existence of the protection circuitry; furthermore, original data can be calculated in the case of data change to a known state, if the attacker identifies the protection circuitry and its operation. The methods that change memory contents to a random state or destroy memory cell circuitry lead to irreversible loss of the original data. However, since the known state can be used to calculate the original data.

We investigate a method of building a closed domain intelligent conversational agent using deep neural networks. A conversational agent is a dialog system intended to converse with a human, with a coherent structure. Our conversational agent uses a retrieval based model that identifies the intent of the input user query and maps it to a knowledge base to return appropriate results. Human conversations are based on context, but existing conversational agents are context insensitive. To overcome this limitation, our system uses a simple stack based context identification and storage system. The conversational agent generates responses according to the current context of conversation. allowing more human-like conversations.

In VLSI industry the design cycle is categorized into Front End Design and Back End Design. Front End Design flow is from Specifications to functional verification of RTL design. Back End Design is from logic synthesis to fabrication of chip. Handheld devices like Mobile SOC's is an amalgamation of many components like GPU, camera, sensor, display etc. on one single chip. In order to integrate these components protocols are needed. One such protocol in the emerging trend is I3C protocol. I3C is abbreviated as Improved Inter Integrated Circuit developed by Mobile Industry Processor Interface (MIPI) alliance. Most probably used for the interconnection of sensors in Mobile SOC's. The main motivation of adapting the standard is for the increase speed and low pin count in most of the hardware chips. The bus protocol is backward compatible with I2C devices. The paper includes detailed study I3C bus protocol and developing verification environment for the protocol. The test bench environment is written and verified using system Verilog and UVM. The Universal Verification Methodology (UVM) is base class library built using System Verilog which provides the fundamental blocks needed to quickly develop reusable and well-constructed verification components and test environments. The Functional Coverage of around 93.55 % and Code Coverage of around 98.89 % is achieved by verification closure.

With the growth of technology, designs became more complex and may contain bugs. This makes verification an indispensable part in product development. UVM describe a standard method for verification of designs which is reusable and portable. This paper verifies IIC bus protocol using Universal Verification Methodology. IIC controller is designed in Verilog using Vivado. It have APB interface and its function and code coverage is carried out in Mentor graphic Questasim 10.4e. This work achieved 83.87% code coverage and 91.11% functional coverage.

This paper presents a control strategy for Cyber-Physical System defense developed in the framework of the European Project ATENA, that concerns Critical Infrastructure (CI) protection. The aim of the controller is to find the optimal security configuration, in terms of countermeasures to implement, in order to address the system vulnerabilities. The attack/defense problem is modeled as a multi-agent general sum game, where the aim of the defender is to prevent the most damage possible by finding an optimal trade-off between prevention actions and their costs. The problem is solved utilizing Reinforcement Learning and simulation results provide a proof of the proposed concept, showing how the defender of the protected CI is able to minimize the damage caused by his her opponents by finding the Nash equilibrium of the game in the zero-sum variant, and, in a more general scenario, by driving the attacker in the position where the damage she/he can cause to the infrastructure is lower than the cost it has to sustain to enforce her/his attack strategy.

Over the past decade, the reliance on Unmanned Aerial Systems (UAS) to carry out critical missions has grown drastically. With an increased reliance on UAS as mission assets and the dependency of UAS on cyber resources, cyber security of UAS must be improved by adopting sound security principles and relevant technologies from the computing community. On the other hand, the traditional avionics community, being aware of the importance of cyber security, is looking at new architecture and designs that can accommodate both the traditional safety oriented principles as well as the cyber security principles and techniques. It is with the effective and timely convergence of these domains that a holistic approach and co-design can meet the unique requirements of modern systems and operations. In this paper, authors from both the cyber security and avionics domains describe our joint effort and insights obtained during the course of designing secure and resilient embedded avionics systems.

Recently, IoT, 5G mobile, big data, and artificial intelligence are increasingly used in the real world. These technologies are based on convergenced in Cyber Physical System(Cps). Cps technology requires core technologies to ensure reliability, real-time, safety, autonomy, and security. CPS is the system that can connect between cyberspace and physical space. Cyberspace attacks are confused in the real world and have a lot of damage. The personal information that dealing in CPS has high confidentiality, so the policies and technique will needed to protect the attack in advance. If there is an attack on the CPS, not only personal information but also national confidential data can be leaked. In order to prevent this, the risk is measured using the Factor Analysis of Information Risk (FAIR) Model, which can measure risk by element for situational awareness in CPS environment. To reduce risk by preventing attacks in CPS, this paper measures risk after using the concept of Crime Prevention Through Environmental Design(CPTED).

A Local Area Network (LAN) consists of wireless mobile nodes that can communicate with each other through electromagnetic radio waves. Mobile Ad hoc Network (MANET) consists of mobile nodes, the network is infrastructure less. It dynamically self organizes in arbitrary and temporary network topologies. Security is extremely vital for MANET. Attacks pave way for security. Among all the potential attacks on MANET, detection of wormhole attack is very difficult.One malicious node receives packets from a particular location, tunnels them to a different contagious nodes situated in another location of the network and distorts the full routing method. All routes are converged to the wormhole established by the attackers. The complete routing system in MANET gets redirected. Many existing ways have been surveyed to notice wormhole attack in MANET. Our proposed methodology is a unique wormhole detection and prevention algorithm that shall effectively notice the wormhole attack in theMANET. Our notion is to extend the detection as well as the quantitative relation relative to the existing ways.

Software Defined Networking (SDN) is an emerging paradigm that changes the way networks are managed by separating the control plane from data plane and making networks programmable. The separation brings about flexibility, automation, orchestration and offers savings in both capital and operational expenditure. Despite all the advantages offered by SDN it introduces new threats that did not exist before or were harder to exploit in traditional networks, making network penetration potentially easier. One of the key threat to SDN is the authentication and authorisation of network applications that control network behaviour (unlike the traditional network where network devices like routers and switches are autonomous and run proprietary software and protocols to control the network). This paper proposes a mechanism that helps the control layer authenticate network applications and set authorisation permissions that constrict manipulation of network resources.

The wireless spectrum is a scarce resource, and the number of wireless terminals is constantly growing. One way to mitigate this strong constraint for wireless traffic is the use of dynamic mechanisms to utilize the spectrum, such as cognitive and software-defined radios. This is especially important for the upcoming wireless sensor and actuator networks in aircraft, where real-time guarantees play an important role in the network. Future wireless networks in aircraft need to be scalable, cater to the specific requirements of avionics (e.g., standardization and certification), and provide interoperability with existing technologies. In this paper, we demonstrate that dynamic network reconfigurability is a solution to the aforementioned challenges. We supplement this claim by surveying several flexible approaches in the context of wireless sensor and actuator networks in aircraft. More specifically, we examine the concept of dynamic resource management, accomplished through more flexible transceiver hardware and by employing dedicated spectrum agents. Subsequently, we evaluate the advantages of cross-layer network architectures which overcome the fixed layering of current network stacks in an effort to provide quality of service for event-based and time-triggered traffic. Lastly, the challenges related to implementation of the aforementioned mechanisms in wireless sensor and actuator networks in aircraft are elaborated, and key requirements to future research are summarized.

Most security software tools try to detect malicious components by cryptographic hashes, signatures or based on their behavior. The former, is a widely adopted approach based on Integrity Measurement Architecture (IMA) enabling appraisal and attestation of system components. The latter, however, may induce a very long time until misbehavior of a component leads to a successful detection. Another approach is a Dynamic Runtime Attestation (DRA) based on the comparison of binary code loaded in the memory and well-known references. Since DRA is a complex approach, involving multiple related components and often complex attestation strategies, a flexible and extensible architecture is needed. In a cooperation project an architecture was designed and a Proof of Concept (PoC) successfully developed and evaluated. To achieve needed flexibility and extensibility, the implementation facilitates central components providing attestation strategies (guidelines). These guidelines define and implement the necessary steps for all relevant attestation operations, i.e. measurement, reference generation and verification.

Traditionally, the focus of security and ensuring confidentiality, integrity, and availability of data in spacecraft systems has been on the ground segment and the uplink/downlink components. Although these are the most obvious attack vectors, potential security risks against the satellite's platform is also a serious concern. This paper discusses a notional satellite architecture and explores security vulnerabilities using a systems-level approach. Viewing attacks through this paradigm highlights several potential attack vectors that conventional satellite security approaches fail to consider. If left undetected, these could yield physical effects limiting the satellite's mission or performance. The approach presented aids in risk analysis and gives insight into architectural design considerations which improve the system's overall resiliency.

The utilization of the online services especially the access to Internet Banking services has grown rapidly from last five years. The Internet Banking services provide the customers with the secure and reliable environment to deal with. But with the technology advancement, it is mandatory for the banks to put into practice the ideal technologies or the best security strategies and procedures to authorize or validate the originality of the customers. This must be done to ensure that the data or the information being transmitted during any kind of transaction is safe and no kind of leakage or modification of the information is possible for the intruder. This paper presents a digital watermark method for the QR Code (Quick Response Code) In this, a visible watermark is embedded in the QR Code image using the watermark technology (DCT) and describes the functioning feature of a secure authorization system by means of QR codes & the digital watermark for Internet Banking.

NASA's next-generation space communications network will involve dynamic and autonomous services analogous to services provided by current terrestrial wireless networks. This architecture concept, known as the Space Mobile Network (SMN), is enabled by several technologies now in development. A pillar of the SMN architecture is the establishment and utilization of a continuous bidirectional control plane space link channel and a new User Initiated Service (UIS) protocol to enable more dynamic and autonomous mission operations concepts, reduced user space communications planning burden, and more efficient and effective provider network resource utilization. This paper provides preliminary results from the application of model-driven architecture methodology to develop UIS. Such an approach is necessary to ensure systematic investigation of several open questions concerning the efficiency, robustness, interoperability, scalability and security of the control plane space link and UIS protocol.

We propose a clean-slate network architecture called Centralized Identifier Network (CIN) which jointly considers the ideas of both control plane/forwarding plane separation and identifier/locator separation. In such an architecture, a controller cluster is designed to perform routers' link states gathering and routing calculation/handing out. Meanwhile, a tailor-made router without routing calculation function is designed to forward packets and communicate with its controller. Furthermore, A router or a host owns a globally unique ID and a host should be registered to a router whose ID will be the host's location. Control plane/forwarding plane separation enables CIN easily re-splitting the network functions into finer optional building blocks for sufficient flexibility and adaptability. Identifier/locator separation helps CIN deal with serious scaling problems and offer support for host mobility. This article mainly shows the routing mechanism of CIN. Furthermore, numerical results are presented to demonstrate the performance of the proposed mechanism.