Reliability and sensitivity analysis of loop-designed security and stability control system in interconnected power systems

Security and stability control system(SSCS)in power systems involves collecting information and sending the decision from/to control stations at different layers;the tree structure of the SSCS requires more levels.Failure of a station or channel can cause all the execution stations(EXs)to be out of control.The randomness of the controllable capacity of the EXs increases the difficulty of the reliability evaluation of the SSCS.In this study,the loop designed SSCS and reliability analysis are examined for the interconnected systems.The uncertainty analysis of the controllable capacity based on the evidence theory for the SSCS is proposed.The bidirectional and loop channels are introduced to reduce the layers and stations of the existing SSCS with tree configuration.The reliability evaluation and sensitivity analysis are proposed to quantify the controllability and vulnerable components for the SSCS in different configurations.By aiming at the randomness of the controllable capacity of the EXs,the uncertainty analysis of the controllable capacity of the SSCS based on the evidence theory is proposed to quantify the probability of the SSCS for balancing the active power deficiency of the grid.

Networked Control Systems:A Survey of Trends and Techniques

Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages of the network architectures include reduced system wiring, plug and play devices,increased system agility, and ease of system diagnosis and maintenance. Consequently, networked control is the current trend for industrial automation and has ever-increasing applications in a wide range of areas, such as smart grids, manufacturing systems,process control, automobiles, automated highway systems, and unmanned aerial vehicles. The modelling, analysis, and control of networked control systems have received considerable attention in the last two decades. The ‘control over networks’ is one of the key research directions for networked control systems. This paper aims at presenting a survey of trends and techniques in networked control systems from the perspective of ‘control over networks’, providing a snapshot of five control issues: sampled-data control, quantization control, networked control, event-triggered control, and security control. Some challenging issues are suggested to direct the future research.

Controlled Secure Direct Communication Protocol via the Three-Qubit Partially Entangled Set of States

In this paper,we first re-examine the previous protocol of controlled quantum secure direct communication of Zhang et al.’s scheme,which was found insecure under two kinds of attacks,fake entangled particles attack and disentanglement attack.Then,by changing the party of the preparation of cluster states and using unitary operations,we present an improved protocol which can avoid these two kinds of attacks.Moreover,the protocol is proposed using the three-qubit partially entangled set of states.It is more efficient by only using three particles rather than four or even more to transmit one bit secret information.Given our using state is much easier to prepare for multiqubit states and our protocol needs less measurement resource,it makes this protocol more convenient from an applied point of view.

Secure Synchronization Control for a Class of Cyber-Physical Systems With Unknown Dynamics

This paper investigates the secure synchronization control problem for a class of cyber-physical systems(CPSs)with unknown system matrices and intermittent denial-of-service(DoS)attacks.For the attack free case,an optimal control law consisting of a feedback control and a compensated feedforward control is proposed to achieve the synchronization,and the feedback control gain matrix is learned by iteratively solving an algebraic Riccati equation(ARE).For considering the attack cases,it is difficult to perform the stability analysis of the synchronization errors by using the existing Lyapunov function method due to the presence of unknown system matrices.In order to overcome this difficulty,a matrix polynomial replacement method is given and it is shown that,the proposed optimal control law can still guarantee the asymptotical convergence of synchronization errors if two inequality conditions related with the DoS attacks hold.Finally,two examples are given to illustrate the effectiveness of the proposed approaches.

Analysis and Improvement of an Efficient Controlled Quantum Secure Direct Communication and Authentication Protocol

The controlled quantum secure direct communication(CQSDC)with authentication protocol based on four particle cluster states via quantum one-time pad and local unitary operations is cryptanalyzed.It is found that there are some serious security issues in this protocol.An eavesdropper(Eve)can eavesdrop on some information of the identity strings of the receiver and the controller without being detected by the selective-CNOT-operation(SCNO)attack.By the same attack,Eve can also steal some information of the secret message that the sender transmits.In addition,the receiver can take the same kind of attack to eavesdrop on some information of the secret message out of the control of the controller.This means that the requirements of CQSDC are not satisfied.At last,we improve the original CQSDC protocol to a secure one.

A Quantitative Security Metric Model for Security Controls:Secure Virtual Machine Migration Protocol as Target of Assessment

Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.

A Survey of Cyber Attacks on Cyber Physical Systems:Recent Advances and Challenges

A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.

Security Risk Prevention and Control Deployment for 5G Private Industrial Networks

In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.

Towards a Dynamic Controller Scheduling-Timing Problem in Software-Defined Networking

Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to exploit the controller's vulnerabilities and launch attacks wisely. We tend to believe that dynamically altering such static mappings is a promising approach to alleviate this issue, since a moving target is difficult to be compromised even by skilled adversaries. It is critical to determine the right time to conduct scheduling and to balance the overhead afforded and the security levels guaranteed. Little previous work has been done to investigate the economical time in dynamic-scheduling controllers. In this paper, we take the first step to both theoretically and experimentally study the scheduling-timing problem in dynamic control plane. We model this problem as a renewal reward process and propose an optimal algorithm in deciding the right time to schedule with the objective of minimizing the long-term loss rate. In our experiments, simulations based on real network attack datasets are conducted and we demonstrate that our proposed algorithm outperforms given scheduling schemes.

Security,Controllability,Manageability and Survivability in Trustworthy Network

The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of 'trustworthy networks' and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed. The network trustworthiness could and should be eventually achieved.

Quasi-dynamic Interactions and Security Control of Integrated Electricity and Heating Systems in Normal Operations

Coupling between electricity systems and heating systems are becoming stronger,leading to more flexible and more complex interactions between these systems.The operation of integrated energy systems is greatly affected,especially when security is concerned.Steady-state analysis methods have been widely studied in recent research,which is far from enough when the slow thermal dynamics of heating networks are introduced.Therefore,an integrated quasi-dynamic model of integrated electricity and heating systems is developed.The model combines a heating network dynamic thermal model and the sequential steady-state models of electricity networks,coupling components,and heating network hydraulics.Based on this model,a simulation method is proposed and quasi-dynamic interactions between electricity systems and heating systems are quantified with the highlights of transport delay.Then the quasi-dynamic interactions were applied using security control to relieve congestion in electricity systems.Results show that both the transport delay and control strategies have significant influences on the quasi-dynamic interactions.

A survey on the security of cyber-physical systems

Cyber-physical systems （CPSs） are integrations of computation, communication, control and physical processes. Typical examples where CPSs are deployed include smart grids, civil infrastructure, medical devices and manufacturing. Security is one of the most important issues that should be investigated in CPSs and hence has received much attention in recent years. This paper surveys recent results in this area and mainly focusses on three important categories： attack detection, attack design and secure estimation and control. We also discuss several future research directions including risk assessment, modeling of attacks and attacks design, counter-attack strategy and testbed and validation.

Controlled Secure Quantum Dialogue Using a Pure Entangled GHZ States

We present a controlled secure quantum dialogue protocol using a non-maximally （pure） entangled Greenberger-Horne-Zeibinger （GHZ） states at first, and then discuss the requirements for a real quantum dialogue. We show that the authorized two users can exchange their secret messages after purifying the non-maximally entangled GHZ states quantum channel unconditionally securely and simultaneously under the control of a third party.

A distributed authentication and authorization scheme for in-network big data sharing

Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking （ICN） is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography （IBC） to propose a Distributed Authentication and Authorization Scheme （DAAS）, where an identity-based signature （IBS） is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption （CP-ABE） is used to enable the distributed and fine-grained authorization. DAAS consists of three phases： initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest （NOAM） dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest （AM） distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.

Controlled Secure Quantum Communication Using Pure Entangled W Class States

We present a controlled secure quantum communication protocol using non-maximally （pure） entangled W states first, and then discuss the basic requirements for a real quantum communication. We show that the authorized two users can exchange their secret messages with the help of the controller after purifying the non-maximally entangled states quantum channel unconditionally securely and simultaneously. Our quantum communication protocol seems even more feasible within present technologies.

A New Intrusion Detection Algorithm AE-3WD for Industrial Control Network

In this paper,we propose a intrusion detection algorithm based on auto-encoder and three-way decisions(AE-3WD)for industrial control networks,aiming at the security problem of industrial control network.The ideology of deep learning is similar to the idea of intrusion detection.Deep learning is a kind of intelligent algorithm and has the ability of automatically learning.It uses self-learning to enhance the experience and dynamic classification capabilities.We use deep learning to improve the intrusion detection rate and reduce the false alarm rate through learning,a denoising AutoEncoder and three-way decisions intrusion detection method AE-3WD is proposed to improve intrusion detection accuracy.In the processing,deep learning AutoEncoder is used to extract the features of high-dimensional data by combining the coefficient penalty and reconstruction loss function of the encode layer during the training mode.A multi-feature space can be constructed by multiple feature extractions from AutoEncoder,and then a decision for intrusion behavior or normal behavior is made by three-way decisions.NSL-KDD data sets are used to the experiments.The experiment results prove that our proposed method can extract meaningful features and effectively improve the performance of intrusion detection.

A High-Assurance Trust Model for Digital Community Control System Based on Internet of Things

Security issues and lnternet of Things （loT） become indispensable part in digital community as loT develops with the pervasive introduction of additional ＂smart＂ sensors and devices over the last decades, and it necessitates the implementation of information security principle in digital community system. A three-level criticality model to determine the potential impact is proposed in digital community system when various devices lost in this paper. Combining the actual security requirement of digital community and characteristics of loT, a hierarchical security architecture including defense-in-deep cybersecurity and distribute secure control is proposed. A high-assurance trust model, which assumes insider compromise, which exists in the digital community, is finally proposed according to the security issues analysis.

Decision Support System for Adaptive Restoration Control of Distribution System

Aiming at the high-dimensional uncertainties of restoration process, an optimization model for distribution system restoration control is proposed considering expected restoration benefits, expected restoration costs, and security risks of the overall restoration scheme. In the proposed model, the effect of security control on restoration process is actively analyzed considering the security control costs of preventive, emergency, and correction controls. A two-layer decision support framework for distribution system restoration decision support system(DRDSS) is also designed. The upper layer of the proposed framework generates the pre-adjustment schemes of operation mode for energized power grid by load transfer and selects the optimal pre-adjustment scheme and the corresponding partitioning scheme based on the partition adjustment results of each pre-adjustment scheme. In addition, it optimizes the spatial-temporal decision-making of the inter-partition connectivity. For each partition, the lower layer of the proposed framework pre-selects the units and loads to be restored according to the pre-evaluated restoration income, generates the table of alternative restoration scheme for coping with uncertain events through simulation and deduction, and evaluates the risk and benefit of each scheme.For the uncertain events in the actual restoration process, the current restoration scheme can be adaptively switched to a sub-optimal scheme or re-optimized if necessary. Meanwhile, the proposed framework provides an information interaction interface for collaborative restoration with the related transmission system. A 123-node test system is built to evaluate the effectiveness and adaptability of the proposed model and framework.

Security for cyber-physical systems: Secure control against known-plaintext attack

There has been a surge of interests in the security of cyber-physical systems(CPSs), yet it is commonly assumed that the adversary has a full knowledge of physical system models. This paper argues that such an unrealistic assumption can be relaxed: the adversary might still be able to identify the system model by passively observing the control input and sensory data. In such a setup, the attack with knowledge of input-output data can be categorized as a Known-Plaintext Attack. A necessary and sufficient condition has been provided, under which the adversary can uniquely obtain the knowledge of the underlying physical system.From the defender's perspective, a secure controller design—which exhibits a low rank structure—is proposed which renders the system unidentifiable to the adversary, while trading off the control system's performance. Finally, a numerical example has been provided to demonstrate the effectiveness of the proposed secure controller design.

Adaptive cooperative secure control of networked multiple unmanned systems under FDI attacks

With the expanding applications of multiple unmanned systems in various fields,more and more research attention has been paid to their security.The aim is to enhance the anti-interference ability,ensure their reliability and stability,and better serve human society.This article conducts adaptive cooperative secure tracking consensus of networked multiple unmanned systems subjected to false data injection attacks.From a practical perspective,each unmanned system is modeled using high-order unknown nonlinear discrete-time systems.To reduce the communication bandwidth between agents,a quantizer-based codec mechanism is constructed.This quantizer uses a uniform logarithmic quantizer,combining the advantages of both quantizers.Because the transmission information attached to the false data can affect the accuracy of the decoder,a new adaptive law is added to the decoder to overcome this difficulty.A distributed controller is devised in the backstepping framework.Rigorous mathematical analysis shows that our proposed control algorithms ensure that all signals of the resultant systems remain bounded.Finally,simulation examples reveal the practical utility of the theoretical analysis.