7,418 research outputs found
Enhancing Cyber-Resiliency of DER-based SmartGrid: A Survey
The rapid development of information and communications technology has
enabled the use of digital-controlled and software-driven distributed energy
resources (DERs) to improve the flexibility and efficiency of power supply, and
support grid operations. However, this evolution also exposes
geographically-dispersed DERs to cyber threats, including hardware and software
vulnerabilities, communication issues, and personnel errors, etc. Therefore,
enhancing the cyber-resiliency of DER-based smart grid - the ability to survive
successful cyber intrusions - is becoming increasingly vital and has garnered
significant attention from both industry and academia. In this survey, we aim
to provide a systematical and comprehensive review regarding the
cyber-resiliency enhancement (CRE) of DER-based smart grid. Firstly, an
integrated threat modeling method is tailored for the hierarchical DER-based
smart grid with special emphasis on vulnerability identification and impact
analysis. Then, the defense-in-depth strategies encompassing prevention,
detection, mitigation, and recovery are comprehensively surveyed,
systematically classified, and rigorously compared. A CRE framework is
subsequently proposed to incorporate the five key resiliency enablers. Finally,
challenges and future directions are discussed in details. The overall aim of
this survey is to demonstrate the development trend of CRE methods and motivate
further efforts to improve the cyber-resiliency of DER-based smart grid.Comment: Submitted to IEEE Transactions on Smart Grid for Publication
Consideratio
Towards causal federated learning : a federated approach to learning representations using causal invariance
Federated Learning is an emerging privacy-preserving distributed machine learning approach to building a shared model by performing distributed training locally on participating devices (clients) and aggregating the local models into a global one. As this approach prevents data collection and aggregation, it helps in reducing associated privacy risks to a great extent.
However, the data samples across all participating clients are
usually not independent and identically distributed (non-i.i.d.), and Out of Distribution (OOD) generalization for the learned models can be poor. Besides this challenge, federated learning also remains vulnerable to various attacks on security wherein a few malicious participating entities work towards inserting backdoors, degrading the generated aggregated model as well as inferring the data owned by participating entities. In this work, we propose an approach for learning invariant (causal) features common to all participating clients in a federated learning setup and analyse empirically how it enhances the Out of Distribution (OOD) accuracy as well as the privacy of the final learned model. Although Federated Learning allows for participants to contribute their local data without revealing it, it faces issues in data security and in accurately paying participants for quality data contributions. In this report, we also propose an EOS Blockchain design and workflow to establish data security, a novel validation error based metric upon which we qualify gradient uploads for payment, and implement a small example of our Blockchain Causal Federated Learning model to analyze its performance with respect to robustness, privacy and fairness in incentivization.L’apprentissage fédéré est une approche émergente d’apprentissage automatique distribué
préservant la confidentialité pour créer un modèle partagé en effectuant une formation
distribuée localement sur les appareils participants (clients) et en agrégeant les modèles locaux
en un modèle global. Comme cette approche empêche la collecte et l’agrégation de données,
elle contribue à réduire dans une large mesure les risques associés à la vie privée. Cependant,
les échantillons de données de tous les clients participants sont généralement pas indépendante
et distribuée de manière identique (non-i.i.d.), et la généralisation hors distribution (OOD)
pour les modèles appris peut être médiocre. Outre ce défi, l’apprentissage fédéré reste
également vulnérable à diverses attaques contre la sécurité dans lesquelles quelques entités
participantes malveillantes s’efforcent d’insérer des portes dérobées, dégradant le modèle
agrégé généré ainsi que d’inférer les données détenues par les entités participantes. Dans cet
article, nous proposons une approche pour l’apprentissage des caractéristiques invariantes
(causales) communes à tous les clients participants dans une configuration d’apprentissage
fédérée et analysons empiriquement comment elle améliore la précision hors distribution
(OOD) ainsi que la confidentialité du modèle appris final. Bien que l’apprentissage fédéré
permette aux participants de contribuer leurs données locales sans les révéler, il se heurte à des
problèmes de sécurité des données et de paiement précis des participants pour des contributions
de données de qualité. Dans ce rapport, nous proposons également une conception et un
flux de travail EOS Blockchain pour établir la sécurité des données, une nouvelle métrique
basée sur les erreurs de validation sur laquelle nous qualifions les téléchargements de gradient
pour le paiement, et implémentons un petit exemple de notre modèle d’apprentissage fédéré
blockchain pour analyser ses performances
Edge Learning for 6G-enabled Internet of Things: A Comprehensive Survey of Vulnerabilities, Datasets, and Defenses
The ongoing deployment of the fifth generation (5G) wireless networks
constantly reveals limitations concerning its original concept as a key driver
of Internet of Everything (IoE) applications. These 5G challenges are behind
worldwide efforts to enable future networks, such as sixth generation (6G)
networks, to efficiently support sophisticated applications ranging from
autonomous driving capabilities to the Metaverse. Edge learning is a new and
powerful approach to training models across distributed clients while
protecting the privacy of their data. This approach is expected to be embedded
within future network infrastructures, including 6G, to solve challenging
problems such as resource management and behavior prediction. This survey
article provides a holistic review of the most recent research focused on edge
learning vulnerabilities and defenses for 6G-enabled IoT. We summarize the
existing surveys on machine learning for 6G IoT security and machine
learning-associated threats in three different learning modes: centralized,
federated, and distributed. Then, we provide an overview of enabling emerging
technologies for 6G IoT intelligence. Moreover, we provide a holistic survey of
existing research on attacks against machine learning and classify threat
models into eight categories, including backdoor attacks, adversarial examples,
combined attacks, poisoning attacks, Sybil attacks, byzantine attacks,
inference attacks, and dropping attacks. In addition, we provide a
comprehensive and detailed taxonomy and a side-by-side comparison of the
state-of-the-art defense methods against edge learning vulnerabilities.
Finally, as new attacks and defense technologies are realized, new research and
future overall prospects for 6G-enabled IoT are discussed
Muscle activity-driven green-oriented random number generation mechanism to secure WBSN wearable device communications
Wireless body sensor networks (WBSNs) mostly consist of low-cost sensor nodes and implanted devices which generally have extremely limited capability of computations and energy capabilities. Hence, traditional security protocols and privacy enhancing technologies are not applicable to the WBSNs since their computations and cryptographic primitives are normally exceedingly complicated. Nowadays, mobile wearable and wireless muscle-computer interfaces have been integrated with the WBSN sensors for various applications such as rehabilitation, sports, entertainment, and healthcare. In this paper, we propose MGRNG, a novel muscle activity-driven green-oriented random number generation mechanism which uses the human muscle activity as green energy resource to generate random numbers (RNs). The RNs can be used to enhance the privacy of wearable device communications and secure WBSNs for rehabilitation purposes. The method was tested on 10 healthy subjects as well as 5 amputee subjects with 105 segments of simultaneously recorded surface electromyography signals from their forearm muscles. The proposed MGRNG requires only one second to generate a 128-bit RN, which is much more efficient when compared to the electrocardiography-based RN generation algorithms. Experimental results show that the RNs generated from human muscle activity signals can pass the entropy test and the NIST random test and thus can be used to secure the WBSN nodes
A Comprehensive Insight into Game Theory in relevance to Cyber Security
The progressively ubiquitous connectivity in the present information systems pose newer challenges tosecurity. The conventional security mechanisms have come a long way in securing the well-definedobjectives of confidentiality, integrity, authenticity and availability. Nevertheless, with the growth in thesystem complexities and attack sophistication, providing security via traditional means can beunaffordable. A novel theoretical perspective and an innovative approach are thus required forunderstanding security from decision-making and strategic viewpoint. One of the analytical tools whichmay assist the researchers in designing security protocols for computer networks is game theory. Thegame-theoretic concept finds extensive applications in security at different levels, including thecyberspace and is generally categorized under security games. It can be utilized as a robust mathematicaltool for modelling and analyzing contemporary security issues. Game theory offers a natural frameworkfor capturing the defensive as well as adversarial interactions between the defenders and the attackers.Furthermore, defenders can attain a deep understanding of the potential attack threats and the strategiesof attackers by equilibrium evaluation of the security games. In this paper, the concept of game theoryhas been presented, followed by game-theoretic applications in cybersecurity including cryptography.Different types of games, particularly those focused on securing the cyberspace, have been analysed andvaried game-theoretic methodologies including mechanism design theories have been outlined foroffering a modern foundation of the science of cybersecurity
Software Protection and Secure Authentication for Autonomous Vehicular Cloud Computing
Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC.
In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our vision of a layer-based approach to thoroughly study state-of-the-art literature in the realm of AVs. Particularly, we examined some cyber-attacks and compared their promising mitigation strategies from our perspective. Then, we focused on two security issues involving AVCC: software protection and authentication.
For the first problem, our concern is protecting client’s programs executed on remote AVCC resources. Such a usage scenario is susceptible to information leakage and reverse-engineering. Hence, we proposed compiler-based obfuscation techniques. What distinguishes our techniques, is that they are generic and software-based and utilize the intermediate representation, hence, they are platform agnostic, hardware independent and support different high level programming languages. Our results demonstrate that the control-flow of obfuscated code versions are more complicated making it unintelligible for timing side-channels.
For the second problem, we focus on protecting AVCC from unauthorized access or intrusions, which may cause misuse or service disruptions. Therefore, we propose a strong privacy-aware authentication technique for users accessing AVCC services or vehicle sharing their resources with the AVCC. Our technique modifies robust function encryption, which protects stakeholder’s confidentiality and withstands linkability and “known-ciphertexts” attacks. Thus, we utilize an authentication server to search and match encrypted data by performing dot product operations. Additionally, we developed another lightweight technique, based on KNN algorithm, to authenticate vehicles at computationally limited charging stations using its owner’s encrypted iris data. Our security and privacy analysis proved that our schemes achieved privacy-preservation goals. Our experimental results showed that our schemes have reasonable computation and communications overheads and efficiently scalable
- …