Replay Attack Detection in Smart Grids using Switching Multi-sine Watermarking

Cyber-Physical Systems (CPS) are systems that include physical and computational components linked by communication channels. In a Smart Grid (SG), the power plants and loads communicate with supervisors (Central Controllers (CC)) for managing the power demand more efficiently. As such, a smart grid can be regarded as a CPS. The computational components and communication links of a CPS can be subject to cyber-attacks. Researchers have been exploring detection and mitigation strategies for various types of cyber-attacks. An important type of attack is the replay attack for which various strategies based on watermarking signals have been proposed. One such scheme is based on switching multi-sine waves as the watermarking signal. This thesis adapts this scheme and develops a design procedure for detecting replay attacks for smart grids. Specifically, it examines the places in a grid where the watermarking signal can be injected and presents guidelines for choosing the amplitude and frequencies of sine waves that suit smart grids. One of the drawbacks of using a watermarking signal is the additional control cost (i.e., decrease in performance). In the context of smart grids, watermarking results in small fluctuations in delivered power. This thesis extends the single-input-single-output watermarking to a two-input-two-output watermarking scheme for smart grids in such a way to considerably lower grid power fluctuations due to watermarking. The proposed method is verified using a simulated grid connected inverter-based plants. Simulation results show that using the suggested strategy, the effect of watermarking on the overall grid power reduces significantly

Symmetry-Adapted Machine Learning for Information Security

Symmetry-adapted machine learning has shown encouraging ability to mitigate the security risks in information and communication technology (ICT) systems. It is a subset of artificial intelligence (AI) that relies on the principles of processing future events by learning past events or historical data. The autonomous nature of symmetry-adapted machine learning supports effective data processing and analysis for security detection in ICT systems without the interference of human authorities. Many industries are developing machine-learning-adapted solutions to support security for smart hardware, distributed computing, and the cloud. In our Special Issue book, we focus on the deployment of symmetry-adapted machine learning for information security in various application areas. This security approach can support effective methods to handle the dynamic nature of security attacks by extraction and analysis of data to identify hidden patterns of data. The main topics of this Issue include malware classification, an intrusion detection system, image watermarking, color image watermarking, battlefield target aggregation behavior recognition model, IP camera, Internet of Things (IoT) security, service function chain, indoor positioning system, and crypto-analysis

A survey of timing channels and countermeasures

A timing channel is a communication channel that can transfer information to a receiver/decoder by modulating the timing behavior of an entity. Examples of this entity include the interpacket delays of a packet stream, the reordering packets in a packet stream, or the resource access time of a cryptographic module. Advances in the information and coding theory and the availability of high-performance computing systems interconnected by high-speed networks have spurred interest in and development of various types of timing channels. With the emergence of complex timing channels, novel detection and prevention techniques are also being developed to counter them. In this article, we provide a detailed survey of timing channels broadly categorized into network timing channel, in which communicating entities are connected by a network, and in-system timing channel, in which the communicating entities are within a computing system. This survey builds on the last comprehensive survey by Zander et al. [2007] and considers all three canonical applications of timing channels, namely, covert communication, timing side channel, and network flow watermarking. We survey the theoretical foundations, the implementation, and the various detection and prevention techniques that have been reported in literature. Based on the analysis of the current literature, we discuss potential future research directions both in the design and application of timing channels and their detection and prevention techniques

Discrimination between replay attacks and sensor faults for cyber-physical systems via event-triggered communication

In this paper, a threat discrimination methodology is proposed for cyber-physical systems with event-triggered data communication, aiming to identify sensor bias faults from two possible types of threats: replay attacks and sensor bias faults. Event-triggered adaptive estimation and backward-in-time signal processing are the main techniques used. Specifically, distinct incremental systems of the event-triggered cyber-physical system resulting from the considered threat types are established for each threat type, and the difference between their inputs are found and utilized to discriminate the threats. An event-triggered adaptive estimator is then designed by using the event-triggered sampled data based on the system in the attack case, allowing to reconstruct the unknown increments in both the threat cases. The backward-in-time model of the incremental system in the replay attack case is proposed as the signal processor to process the reconstructions of the increments. Such a model can utilize the aforementioned input difference between the incremental systems such that its output has distinct quantitative properties in the attack case and in the fault case. The fault discrimination condition is rigorously investigated and characterizes quantitatively the class of distinguishable sensor bias faults. Finally, a numerical simulation is presented to illustrate the effectiveness of the proposed methodology

Discrimination between replay attacks and sensor faults for cyber-physical systems via event-triggered communication

In this paper, a threat discrimination methodology is proposed for cyber-physical systems with event-triggered data communication, aiming to identify sensor bias faults from two possible types of threats: replay attacks and sensor bias faults. Event-triggered adaptive estimation and backward-in-time signal processing are the main techniques used. Specifically, distinct incremental systems of the event-triggered cyber-physical system resulting from the considered threat types are established for each threat type, and the difference between their inputs are found and utilized to discriminate the threats. An event-triggered adaptive estimator is then designed by using the event-triggered sampled data based on the system in the attack case, allowing to reconstruct the unknown increments in both the threat cases. The backward-in-time model of the incremental system in the replay attack case is proposed as the signal processor to process the reconstructions of the increments. Such a model can utilize the aforementioned input difference between the incremental systems such that its output has distinct quantitative properties in the attack case and in the fault case. The fault discrimination condition is rigorously investigated and characterizes quantitatively the class of distinguishable sensor bias faults. Finally, a numerical simulation is presented to illustrate the effectiveness of the proposed methodology

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

Enhanced coding, clock recovery and detection for a magnetic credit card

Merged with duplicate record 10026.1/2299 on 03.04.2017 by CS (TIS)This thesis describes the background, investigation and construction of a system for storing data on the magnetic stripe of a standard three-inch plastic credit in: inch card. Investigation shows that the information storage limit within a 3.375 in by 0.11 in rectangle of the stripe is bounded to about 20 kBytes. Practical issues limit the data storage to around 300 Bytes with a low raw error rate: a four-fold density increase over the standard. Removal of the timing jitter (that is prob-' ably caused by the magnetic medium particle size) would increase the limit to 1500 Bytes with no other system changes. This is enough capacity for either a small digital passport photograph or a digitized signature: making it possible to remove printed versions from the surface of the card. To achieve even these modest gains has required the development of a new variable rate code that is more resilient to timing errors than other codes in its efficiency class. The tabulation of the effects of timing errors required the construction of a new code metric and self-recovering decoders. In addition, a new method of timing recovery, based on the signal 'snatches' has been invented to increase the rapidity with which a Bayesian decoder can track the changing velocity of a hand-swiped card. The timing recovery and Bayesian detector have been integrated into one computation (software) unit that is self-contained and can decode a general class of (d, k) constrained codes. Additionally, the unit has a signal truncation mechanism to alleviate some of the effects of non-linear distortion that are present when a magnetic card is read with a magneto-resistive magnetic sensor that has been driven beyond its bias magnetization. While the storage density is low and the total storage capacity is meagre in comparison with contemporary storage devices, the high density card may still have a niche role to play in society. Nevertheless, in the face of the Smart card its long term outlook is uncertain. However, several areas of coding and detection under short-duration extreme conditions have brought new decoding methods to light. The scope of these methods is not limited just to the credit card