Vehicle path verification using wireless sensor networks

Path Verification is a problem where a verifier would like to determine how closely a vehicle actually traversed a path that it claims to have traversed. This problem has critical significances in terms of vehicle mobility. Mobile nodes can be patrols officers or cab drivers, while respective verifiers can be police dispatchers or cab operators. In this paper, we design a sensor network assisted technique for vehicle path verification. In our design, a number of static wireless sensors placed in road segments will serve as witnesses and certify vehicles as they move. Post movement, these witness certificates will be utilized by the verifier to derive the actual path of a suspect vehicle. The challenge now is how to compare a Claimed Path as reported by the vehicle and the Actual Path derived from witness certificates. In this paper, we design a simple, yet effective technique for comparing similarity between two vehicle paths. Our technique extends from Continuous Dynamic Time Warping, which involves constructing a universal manifold from the two paths and then finding the geodesic on the resulting polygonal surface (shortest path along the surface) which is a diagonal from the origin of the surface to the terminal point. This distance is analogous to the Fréchet distance and yields a good measure of the similarity between two paths. Using simulations and real experiments, we demonstrate the performance of our technique from the perspective of detecting false paths claims from correct ones. We also design light-weight cryptographic techniques to prevent vehicle masquerading and certificate forging attacks. A proof of concept experiment was conducted on the streets of Rolla, Missouri. A sensor grid was established on a small section of Rolla and a vehicle with a transmitter was driven through the grid many times. The analysis of the data yielded results consistent with the expected ones --Abstract, page iii

Multiple security domain nondeducibility in cyber-physical systems

Cyber-physical Systems (CPS) present special problems for security. This dissertation examines the cyber security problem, the physical security problem, the security problems presented when cyber systems and physical systems are intertwined, and problems presented by the fact that CPS leak information simply by being observed. The issues presented by applying traditional cyber security to CPS are explored and some of the shortcomings of these models are noted. Specific models of a drive-by-wire\u27\u27 automobile connected to a road side assistance network, a Stuxnet type\u27\u27 attack, the smart grid, and others are presented in detail. The lack of good tools for CPS security is addressed in part by the introduction of a new model, Multiple Security Domains Nondeducibility over an Event System, or MSDND(ES). The drive-by-wire automobile is studied to show how MSDND(ES) is applied to a system that traditional security models do not describe well. The issue of human trust in inherently vulnerable CPS with embedded cyber monitors, is also explored. A Stuxnet type attack on a CPS is examined using both MSDND(ES) and Belief, Information acquisition, and Trust (BIT) logic to provide a clear and precise method to discuss issues of trust and belief in monitors and electronic reports. To show these techniques, the electrical smart grid as envisioned by the Future Renewable Electric Energy Delivery and Management Systems Center (FREEDM) project is also modeled. Areas that may lead to the development of additional tools are presented as possible future work to address the fact: CPS are different and require different models and tools to understand. --Abstract, page iii

Using Information Flow Methods to Secure Cyber-Physical Systems

The problems involved in securing cyber-physical systems are well known to the critical infrastructure protection community. However, the diversity of cyber-physical systems means that the methods used to analyze system security must often be reinvented. The issues of securing the physical assets of a system, the electronics that control the system and the interfaces between the cyber and physical components of the system require a number of security tools. Of particular interest is preventing an attacker from exploiting nondeducibility-secure information flows to hide an attack or the source of an attack. This potentially enables the attacker to interrupt system availability. This chapter presents an algorithm that formalizes the steps taken to design and test the security of a cyber-physical system. The algorithm leverages information flow security techniques to secure physical assets, cyber assets and the boundaries between security domains

Computer Networks and the Internet: A Hands-On Approach

The goal of this textbook is to provide enough background into the inner workings of the Internet to allow a novice to understand how the various protocols on the Internet work together to accomplish simple tasks, such as a search. By building an Internet with all the various services a person uses every day, one will gain an appreciation not only of the work that goes on unseen, but also of the choices made by designers to make life easier for the user. Each chapter consists of background information on a specific topic or Internet service, and where appropriate a final section on how to configure a Raspberry Pi to provide that service. While mainly meant as an undergraduate textbook for a course on networking or Internet protocols and services, it can also be used by anyone interested in the Internet as a step-by-step guide to building one\u27s own Intranet, or as a reference guide as to how things work on the global Internet

A Modal Model of Stuxnet Attacks on Cyber-Physical Systems: A Matter of Trust

Multiple Security Domains Nondeducibility, MSDND, yields results even when the attack hides important information from electronic monitors and human operators. Because MSDND is based upon modal frames, it is able to analyze the event system as it progresses rather than relying on traces of the system. Not only does it provide results as the system evolves, MSDND can point out attacks designed to be missed in other security models. This work examines information flow disruption attacks such as Stuxnet and formally explains the role that implicit trust in the cyber security of a cyber physical system (CPS) plays in the success of the attack. The fact that the attack hides behind MSDND can be used to help secure the system by modifications to break MSDND and leave the attack nowhere to hide. Modal operators are defined to allow the manipulation of belief and trust states within the model. We show how the attack hides and uses the operator\u27s trust to remain undetected. In fact, trust in the CPS is key to the success of the attack

A Multiple Security Domain Model of a Drive-By-Wire System

Traditional security models partition the security universe into two distinct and completely separate worlds: us and them. This partition is absolute and complete. More complex situations are most commonly treated as sets of increasingly more secure domains. This view is too simplistic for cyber-physical systems. Absolute divisions are conceptually clean, but they do not reflect the real world. Security partitions often overlap, frequently provide for the high level to have complete access to the low level, and are more complex than an impervious wall. We present a model that handles situations where the security domains are complex or the threat space is ill defined. To demonstrate our method, we examine a \u27drive by wire\u27 system from both the traditional view and in light of the modern reality. This paper examines the system from the viewpoint of the driver with special emphasis on the driver\u27s inability to determine who, or what, is actually in control of the automobile during critical situations

Modeling and Reasoning about the Security of Drive-By-Wire Automobile Systems

An increasing number of modern automobiles are essentially drive-by-wire systems, highly computerized, and connected wirelessly to services such as OnStar or Toyota Safety Connect. While these features enhance automobile safety and reliability, the security impact is a growing concern. This paper examines the security of drive-by-wire automobile systems. Generic models of access control and information flow are defined, with specific instances of the 2010 Toyota Prius used where appropriate. The automobile systems are examined from the viewpoint of the driver with special emphasis on the driver\u27s ability to determine who, or what, is actually in control of the automobile in critical situations

Using Information-Flow Methods to Analyze the Security of Cyber-Physical Systems

Securing information flow is essential to methods that must ensure confidentiality, but information-flow disruption is equally important because it points to an integrity vulnerability. A proposed security model addresses both aspects, accounting for cyber-physical systems\u27 unique confidentiality and integrity vulnerabilities

Vehicle Path Verification using Wireless Sensor Networks

In Path Verification, a verifier needs to determine how closely a mobile node\u27s claimed path agrees with its actual path. We design a technique to leverage new or existing static wireless sensor networks to provide witness certificates to allow the verifier to compare actual paths with claimed paths of the vehicle as a notion of curve similarity. This is done by using Continuous Dynamic Time Warping to construct a manifold from the actual and claimed paths. The geodesic distance from the path origins to the path terminations over the surface of this manifold is analogous to the Fréchet Distance between the paths. Using simulations and experiments on city streets, we demonstrate the performance of our technique. We also propose lightweight cryptographic techniques to mitigate security attacks

A Secure Data Sharing and Query Processing Framework via Federation of Cloud Computing

Due to cost-efficiency and less hands-on management, data owners are outsourcing their data to the cloud which can provide access to the data as a service. However, by outsourcing their data to the cloud, the data owners lose control over their data as the cloud provider becomes a third party service provider. At first, encrypting the data by the owner and then exporting it to the cloud seems to be a good approach. However, there is a potential efficiency problem with the outsourced encrypted data when the data owner revokes some of the users\u27 access privileges. An existing solution to this problem is based on symmetric key encryption scheme but it is not secure when a revoked user rejoins the system with different access privileges to the same data record. In this paper, we propose an efficient and Secure Data Sharing (SDS) framework using homomorphic encryption and proxy re-encryption schemes that prevents the leakage of unauthorized data when a revoked user rejoins the system. We also modify our underlying SDS framework and present a new solution based on the data distribution technique to prevent the information leakage in the case of collusion between a revoked user and the cloud service provider. A comparison of the proposed solution with existing methods is provided in detail. Furthermore, we demonstrate how the existing work can be utilized in our proposed framework to support secure query processing. We provide a detailed security as well as experimental analysis of the proposed framework on Amazon EC2 and highlight its practical value