ENTROPY ANALYSIS OF DATA COLLECTED FROM INERTIAL MEASUREMENT UNIT OF CYBER-PHYSICAL SYSTEM UNDER NON-DISTURBED CONDITIONS

Nowadays cyber-physical systems are widely used for many purposes. We consider the provision of information security of data channels in such systems. Cryptographic data security approach based on random sequences is commonly used to solve this task. Its reliability depends on quality of random data being used, thus truly random sequences are preferable for application. Truly random data generation is a time-consuming process and it requires entropy sources of physical nature. The goal of the paper presented is to research methods and approaches of collecting random numbers using inertial measurement unit as a part of cyber-physical system. Method. Quality assessment of a binary sequence was carried out during the research by determination of random sequence statistical characteristics.Main Results. Research results have shown up that raw data collected from onboard inertial sensors possess lack of entropy under non-disturbed conditions, therefore an additional post-processing is required. Practical Relevance. The results of the research can be used to obtain random sequences for on board cyber-physical systems equipped with inertial measurement units without the use of additional devices. It is planned to collect data from a flying unmanned aerial system in future to apply extractors and to utilize other methods in order to improve quality of a binary sequenc

Maximize resource utilization based channel access model with presence of reactive jammer for underwater wireless sensor network

Underwater sensor networks (UWSNs) are vulnerable to jamming attacks. Especially, reactive jamming which emerged as a greatest security threat to UWSNs. Reactive jammer are difficult to be removed, defended and identified. Since reactive jammer can control and regulate (i.e., the duration of the jam signal) the probability of jamming for maintaining high vulnerability with low detection probability. The existing model are generally designed considering terrestrial wireless sensor networks (TWSNs). Further, these models are limited in their ability to detect jamming correctly, distinguish between the corrupted and uncorrupted parts of a packet, and be adaptive with the dynamic environment. Cooperative jamming model has presented in recent times to utilize resource efficiently. However, very limited work is carried out using cooperative jamming detection. For overcoming research challenges, this work present Maximize Resource Utilization based Channel Access (MRUCA). The MRUCA uses cross layer design for mitigating reactive jammer (i.e., MRUCA jointly optimizes the cooperative hopping probabilities and channel accessibility probabilities of authenticated sensor device). Along with channel, load capacity of authenticated sensor device is estimated to utilize (maximize) resource efficiently. Experiment outcome shows the proposed MRUCA model attain superior performance than state-of-art model in terms of packet transmission, BER and Detection rate

Solution of a Conjecture: On 2-PCD RFID Distance Bounding Protocols

The file attached to this record is the author's final peer reviewed version.It is a popular challenge to design distance bounding protocols that are both secure and efficient. Motivated by this, many distance bounding protocols against relay attacks have been advanced in recent times. Another interesting question is whether these protocols provides the best security. In 2010, Kara et al. analysis the optimal security limits of low-cost distance bounding protocols having bit-wise fast phases and no final signature. As for the classification, they have introduced the notion of k-previous challenge dependent (k-PCD) protocols where each response bit depends on the current and the k previous challenges. They have given the theoretical security bounds for two specific classes k = 0 and 1, but have left the security bounds for k >= 2 as an open problem. In this paper, we aim to answer the open question concerning the security limits of 2-PCD protocols. We describe two generic attacks for mafia and distance frauds that can be applied on any 2-PCD protocols. Then, we provide the optimal trade-off curve between the security levels of mafia and distance frauds that determines the security limits of 2-PCD protocols. Finally our results also prove the conjecture that 2-PCD protocols enhance the security compared to 0-PCD and 1-PCD cases

An Overview of Wireless IoT Protocol Security in the Smart Home Domain

While the application of IoT in smart technologies becomes more and more proliferated, the pandemonium of its protocols becomes increasingly confusing. More seriously, severe security deficiencies of these protocols become evident, as time-to- market is a key factor, which satisfaction comes at the price of a less thorough security design and testing. This applies especially to the smart home domain, where the consumer-driven market demands quick and cheap solutions. This paper presents an overview of IoT application domains and discusses the most important wireless IoT protocols for smart home, which are KNX-RF, EnOcean, Zigbee, Z-Wave and Thread. Finally, it describes the security features of said protocols and compares them with each other, giving advice on whose protocols are more suitable for a secure smart home.Comment: 8 pages, 4 figure

Modeling In-Network Aggregation in VANETs

The multitude of applications envisioned for vehicular ad hoc networks requires efficient communication and dissemination mechanisms to prevent network congestion. In-network data aggregation promises to reduce bandwidth requirements and enable scalability in large vehicular networks. However, most existing aggregation schemes are tailored to specific applications and types of data. Proper comparative evaluation of different aggregation schemes is difficult. Yet, comparability is essential to properly measure accuracy, performance, and efficiency. We outline a modeling approach for VANET aggregation schemes to achieve objective comparability. Our modeling approach consists of three models, which provide different perspectives on an aggregation scheme. The generalized architecture model facilitates categorization of aggregation schemes. The aggregation information flow model supports analysis of where information is aggregated by a scheme. The aggregation state graph models how knowledge about the road network and its environment is represented by a scheme. Furthermore, it facilitates error estimation with respect to the ground truth. We apply each modeling approach to existing aggregation schemes from the literature and highlight strengths, as well as weaknesses, that can be used as a starting point for designing a more generic aggregation scheme

TriFlow: Triaging Android Applications using Speculative Information Flows

Information flows in Android can be effectively used to give an informative summary of an application’s behavior, showing how and for what purpose apps use specific pieces of information. This has been shown to be extremely useful to characterize risky behaviors and, ultimately, to identify unwanted or malicious applications in Android. However, identifying information flows in an application is computationally highly expensive and, with more than one million apps in the Google Play market, it is critical to prioritize applications that are likely to pose a risk. In this work, we develop a triage mechanism to rank applications considering their potential risk. Our approach, called TRIFLOW, relies on static features that are quick to obtain. TRIFLOW combines a probabilistic model to predict the existence of information flows with a metric of how significant a flow is in benign and malicious apps. Based on this, TRIFLOW provides a score for each application that can be used to prioritize analysis. TRIFLOW also provides an explanatory report of the associated risk. We evaluate our tool with a representative dataset of benign and malicious Android apps. Our results show that it can predict the presence of information flows very accurately and that the overall triage mechanism enables significant resource saving.This work was supported by the MINECO grants TIN2013-46469-R and TIN2016-79095-C2-2-R, and by the CAM grant S2013/ICE-3095

Cybersecurity in Power Grids: Challenges and Opportunities

Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, and (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, as well as identify further opportunities to strengthen cybersecurity in interconnected power grids

PUF for the Commons: Enhancing Embedded Security on the OS Level

Security is essential for the Internet of Things (IoT). Cryptographic operations for authentication and encryption commonly rely on random input of high entropy and secure, tamper-resistant identities, which are difficult to obtain on constrained embedded devices. In this paper, we design and analyze a generic integration of physically unclonable functions (PUFs) into the IoT operating system RIOT that supports about 250 platforms. Our approach leverages uninitialized SRAM to act as the digital fingerprint for heterogeneous devices. We ground our design on an extensive study of PUF performance in the wild, which involves SRAM measurements on more than 700 IoT nodes that aged naturally in the real-world. We quantify static SRAM bias, as well as the aging effects of devices and incorporate the results in our system. This work closes a previously identified gap of missing statistically significant sample sizes for testing the unpredictability of PUFs. Our experiments on COTS devices of 64 kB SRAM indicate that secure random seeds derived from the SRAM PUF provide 256 Bits-, and device unique keys provide more than 128 Bits of security. In a practical security assessment we show that SRAM PUFs resist moderate attack scenarios, which greatly improves the security of low-end IoT devices.Comment: 18 pages, 12 figures, 3 table