3,071 research outputs found
A Practical Searchable Symmetric Encryption Scheme for Smart Grid Data
Outsourcing data storage to the remote cloud can be an economical solution to
enhance data management in the smart grid ecosystem. To protect the privacy of
data, the utility company may choose to encrypt the data before uploading them
to the cloud. However, while encryption provides confidentiality to data, it
also sacrifices the data owners' ability to query a special segment in their
data. Searchable symmetric encryption is a technology that enables users to
store documents in ciphertext form while keeping the functionality to search
keywords in the documents. However, most state-of-the-art SSE algorithms are
only focusing on general document storage, which may become unsuitable for
smart grid applications. In this paper, we propose a simple, practical SSE
scheme that aims to protect the privacy of data generated in the smart grid.
Our scheme achieves high space complexity with small information disclosure
that was acceptable for practical smart grid application. We also implement a
prototype over the statistical data of advanced meter infrastructure to show
the effectiveness of our approach
Securing CAN-Based Cyber-Physical Systems
With the exponential growth of cyber-physical systems (CPSs), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lacks a systematic review of the CPS security literature. In particular, the heterogeneity of CPS components and the diversity of CPS systems have made it difficult to study the problem with one generalized model. As the first component of this dissertation, existing research on CPS security is studied and systematized under a unified framework. Smart cars, as a CPS application, were further explored under the proposed framework and new attacks are identified and addressed. The Control Area Network (CAN bus) is a prevalent serial communication protocol adopted in industrial CPS, especially in small and large vehicles, ships, planes, and even in drones, radar systems, and submarines. Unfortunately, the CAN bus was designed without any security considerations. We then propose and demonstrate a stealthy targeted Denial of Service (DoS) attack against CAN. Experimentation shows that the attack is effective and superior to attacks of the same category due to its stealthiness and ability to avoid detection from current countermeasures. Two controls are proposed to defend against various spoofing and DoS attacks on CAN. The first one aims to minimize the attack using a mechanism called ID-Hopping so that CAN arbitration IDs are randomized so an attacker would not be able to target them. ID-Hopping raises the bar for attackers by randomizing the expected patterns in a CAN network. Such randomization hinders an attackerās ability to launch targeted DoS attacks. Based on the evaluation on the testbed, the randomization mechanism, ID-Hopping, holds a promising solution for targeted DoS, and reverse engineering CAN IDs, and which CAN networks are most vulnerable. The second countermeasure is a novel CAN firewall that aims to prevent an attacker from launching a plethora of nontraditional attacks on CAN that existing solutions do not adequately address. The firewall is placed between a potential attackerās node and the rest of the CAN bus. Traffic is controlled bi-directionally between the main bus and the attackerās side so that only benign traffic can pass to the main bus. This ensures that an attacker cannot arbitrarily inject malicious traffic into the main bus. Demonstration and evaluation of the attack and firewall were conducted by a bit-level analysis, i.e., āBit bangingā, of CANās traffic. Results show that the firewall successfully prevents the stealthy targeted DoS attack, as well as, other recent attacks. To evaluate the proposed attack and firewall, a testbed was built that consisted of BeagleBone Black and STM32 Nucleo- 144 microcontrollers to simulate real CAN traffic. Finally, a design of an Intrusion Detection System (IDS) was proposed to complement the firewall. It utilized the proposed firewall to add situational awareness capabilities to the busās security posture and detect and react to attacks that might bypass the firewall based on certain rules
Deep Learning-Based Dynamic Watermarking for Secure Signal Authentication in the Internet of Things
Securing the Internet of Things (IoT) is a necessary milestone toward
expediting the deployment of its applications and services. In particular, the
functionality of the IoT devices is extremely dependent on the reliability of
their message transmission. Cyber attacks such as data injection,
eavesdropping, and man-in-the-middle threats can lead to security challenges.
Securing IoT devices against such attacks requires accounting for their
stringent computational power and need for low-latency operations. In this
paper, a novel deep learning method is proposed for dynamic watermarking of IoT
signals to detect cyber attacks. The proposed learning framework, based on a
long short-term memory (LSTM) structure, enables the IoT devices to extract a
set of stochastic features from their generated signal and dynamically
watermark these features into the signal. This method enables the IoT's cloud
center, which collects signals from the IoT devices, to effectively
authenticate the reliability of the signals. Furthermore, the proposed method
prevents complicated attack scenarios such as eavesdropping in which the cyber
attacker collects the data from the IoT devices and aims to break the
watermarking algorithm. Simulation results show that, with an attack detection
delay of under 1 second the messages can be transmitted from IoT devices with
an almost 100% reliability.Comment: 6 pages, 9 figure
A framework for smart production-logistics systems based on CPS and industrial IoT
Industrial Internet of Things (IIoT) has received increasing attention from both academia and industry. However, several challenges including excessively long waiting time and a serious waste of energy still exist in the IIoT-based integration between production and logistics in job shops. To address these challenges, a framework depicting the mechanism and methodology of smart production-logistics systems is proposed to implement intelligent modeling of key manufacturing resources and investigate self-organizing configuration mechanisms. A data-driven model based on analytical target cascading is developed to implement the self-organizing configuration. A case study based on a Chinese engine manufacturer is presented to validate the feasibility and evaluate the performance of the proposed framework and the developed method. The results show that the manufacturing time and the energy consumption are reduced and the computing time is reasonable. This paper potentially enables manufacturers to deploy IIoT-based applications and improve the efficiency of production-logistics systems
CPS Data Streams Analytics based on Machine Learning for Cloud and Fog Computing: A Survey
Cloud and Fog computing has emerged as a promising paradigm for the Internet of things (IoT) and cyber-physical systems (CPS). One characteristic of CPS is the reciprocal feedback loops between physical processes and cyber elements (computation, software and networking), which implies that data stream analytics is one of the core components of CPS. The reasons for this are: (i) it extracts the insights and the knowledge from the data streams generated by various sensors and other monitoring components embedded in the physical systems; (ii) it supports informed decision making; (iii) it enables feedback from the physical processes to the cyber counterparts; (iv) it eventually facilitates the integration of cyber and physical systems. There have been many successful applications of data streams analytics, powered by machine learning techniques, to CPS systems. Thus, it is necessary to have a survey on the particularities of the application of machine learning techniques to the CPS domain. In particular, we explore how machine learning methods should be deployed and integrated in cloud and fog architectures for better fulfilment of the requirements, e.g. mission criticality and time criticality, arising in CPS domains. To the best of our knowledge, this paper is the ļ¬rst to systematically study machine learning techniques for CPS data stream analytics from various perspectives, especially from a perspective that leads to the discussion and guidance of how the CPS machine learning methods should be deployed in a cloud and fog architecture
- ā¦