先进信息技术在智能配用电系统(Smart power distribution and utilization system,SPDUS)中的广泛应用,加深了系统信息侧与电力物理侧的耦合程度,智能配用电系统已逐渐转变为信息-物理空间高度融合、信息资源与物理资源相互结合与协调...先进信息技术在智能配用电系统(Smart power distribution and utilization system,SPDUS)中的广泛应用,加深了系统信息侧与电力物理侧的耦合程度,智能配用电系统已逐渐转变为信息-物理空间高度融合、信息资源与物理资源相互结合与协调的智能配用电信息物理系统(Smart power distribution and utilization cyber physical system,SPDU-CPS)。本文重点从面向SPDU-CPS的网络攻击入侵检测、网络攻击防御保护以及自愈控制三个角度,对国内外相关技术的发展与挑战进行总结、梳理。在网络攻击入侵检测方面,总结了基于偏差类、基于特征类以及混合类网络攻击检测方法的检测思路及实施路径;在网络攻击防御保护方面,总结了提升信息网络防御能力的信息侧保护方法、基于资源优化配置和数据校正保护的物理侧保护方法以及融合两侧信息及保护功能的信息物理协同保护方法;在自愈控制方面,对传统电力物理侧自愈控制以及基于信息物理协同的自愈控制现有研究进行了归纳和整理。最后,结合SPDU-CPS的特点及发展趋势,对未来研究方向进行了展望。展开更多
Wireless Mesh Networks (WMNs) are vulnerable to various security threats because of their special infrastructure and communication mode, wherein insider attacks are the most challenging issue. To address this proble...Wireless Mesh Networks (WMNs) are vulnerable to various security threats because of their special infrastructure and communication mode, wherein insider attacks are the most challenging issue. To address this problem and protect innocent users from malicious attacks, it is important to encourage cooperation and deter malicious behaviors. Reputation systems constitute a major category of techniques used for managing trust in distributed networks, and they are effective in characterizing and quantifying a node's behavior for WMNs. However, conventional layered reputation mechanisms ignore several key factors of reputation in other layers; therefore, they cannot provide optimal performance and accurate malicious node identification and isolation for WMNs. In this paper, we propose a novel dynamic reputation mechanism, SLCRM, which couples reputation systems with a cross-layer design and node-security-rating classification techniques to dynamically detect and restrict insider attacks. Simulation results show that in terms of network throughput, packet delivery ratio, malicious nodes' identification, and success rates, SI_CRM imple- ments security protection against insider attacks in a more dynamic, effective, and efficient manner than the subjective logic and uncertainty-based reputation model and the familiarity-based reputation model.展开更多
To protect the copyright of the image as well as the image quality, a kind of image zero-watermark method based on the Krawtchouk moment invariants and timestamp is proposed. A method is used to protect the image, in ...To protect the copyright of the image as well as the image quality, a kind of image zero-watermark method based on the Krawtchouk moment invariants and timestamp is proposed. A method is used to protect the image, in which features are drawn out from the image as the watermarking. The main steps of the method are presented. Firstly, some low-order moment invariants of the image are extracted. Secondly, the moment invariants and the key are registered to a fair third party to gain the timestamp. Finally, the timestamp can be used to prove who the real owner is. The processing method is simple, only with a few low-order moment invariants to be computed. Experimental results are obtained and compared with those of the method based on geometric moment invariants. Results show that the scheme can well withstand such geometrical attacks as rotating, scaling, cropping, combined attack, translating, removing lines, filtering, and JPEG lossy compression.展开更多
Existing location privacy- preserving methods, without a trusted third party, cannot resist conspiracy attacks and active attacks. This paper proposes a novel solution for location based service (LBS) in vehicular a...Existing location privacy- preserving methods, without a trusted third party, cannot resist conspiracy attacks and active attacks. This paper proposes a novel solution for location based service (LBS) in vehicular ad hoc network (VANET). Firstly, the relationship among anonymity degree, expected company area and vehicle density is discussed. Then, a companion set F is set up by k neighbor vehicles. Based on secure multi-party computation, each vehicle in V can compute the centroid, not revealing its location to each other. The centroid as a cloaking location is sent to LBS provider (P) and P returns a point of interest (POI). Due to a distributed secret sharing structure, P cannot obtain the positions of non-complicity vehicles by colluding with multiple internal vehicles. To detect fake data from dishonest vehicles, zero knowledge proof is adopted. Comparing with other related methods, our solution can resist passive and active attacks from internal and external nodes. It provides strong privacy protection for LBS in VANET.展开更多
Security issues in networked control systems(NCSs) have received increasing attention in recent years.However, security protection often requires extra energy consumption, computational overhead, and time delays,whi...Security issues in networked control systems(NCSs) have received increasing attention in recent years.However, security protection often requires extra energy consumption, computational overhead, and time delays,which could adversely affect the real-time and energy-limited system. In this paper, random cryptographic protection is implemented. It is less expensive with respect to computational overhead, time, and energy consumption,compared with persistent cryptographic protection. Under the consideration of weak attackers who have little system knowledge, ungenerous attacking capability and the desire for stealthiness and random zero-measurement attacks are introduced as the malicious modification of measurements into zero signals. NCS is modeled as a stochastic system with two correlated Bernoulli distributed stochastic variables for implementation of random cryptographic protection and occurrence of random zero-measurement attacks; the stochastic stability can be analyzed using a linear matrix inequality(LMI) approach. The proposed stochastic stability analysis can help determine the proper probability of running random cryptographic protection against random zero-measurement attacks with a certain probability. Finally, a simulation example is presented based on a vertical take-off and landing(VTOL) system. The results show the effectiveness, robustness, and application of the proposed method, and are helpful in choosing the proper protection mechanism taking into account the time delay and in determining the system sampling period to increase the resistance against such attacks.展开更多
文摘先进信息技术在智能配用电系统(Smart power distribution and utilization system,SPDUS)中的广泛应用,加深了系统信息侧与电力物理侧的耦合程度,智能配用电系统已逐渐转变为信息-物理空间高度融合、信息资源与物理资源相互结合与协调的智能配用电信息物理系统(Smart power distribution and utilization cyber physical system,SPDU-CPS)。本文重点从面向SPDU-CPS的网络攻击入侵检测、网络攻击防御保护以及自愈控制三个角度,对国内外相关技术的发展与挑战进行总结、梳理。在网络攻击入侵检测方面,总结了基于偏差类、基于特征类以及混合类网络攻击检测方法的检测思路及实施路径;在网络攻击防御保护方面,总结了提升信息网络防御能力的信息侧保护方法、基于资源优化配置和数据校正保护的物理侧保护方法以及融合两侧信息及保护功能的信息物理协同保护方法;在自愈控制方面,对传统电力物理侧自愈控制以及基于信息物理协同的自愈控制现有研究进行了归纳和整理。最后,结合SPDU-CPS的特点及发展趋势,对未来研究方向进行了展望。
基金supported by the Program for Changjiang Scholars and Innovative Research Team in University under Grant No.IRT1078the Key Program of NSFC-Guangdong Union Foundation under Grant No.U1135002+1 种基金Major National S&T Program under Grant No.2011ZX03005-002the Fundamental Research Funds for the Central Universities under Grant No.JY10000903001
文摘Wireless Mesh Networks (WMNs) are vulnerable to various security threats because of their special infrastructure and communication mode, wherein insider attacks are the most challenging issue. To address this problem and protect innocent users from malicious attacks, it is important to encourage cooperation and deter malicious behaviors. Reputation systems constitute a major category of techniques used for managing trust in distributed networks, and they are effective in characterizing and quantifying a node's behavior for WMNs. However, conventional layered reputation mechanisms ignore several key factors of reputation in other layers; therefore, they cannot provide optimal performance and accurate malicious node identification and isolation for WMNs. In this paper, we propose a novel dynamic reputation mechanism, SLCRM, which couples reputation systems with a cross-layer design and node-security-rating classification techniques to dynamically detect and restrict insider attacks. Simulation results show that in terms of network throughput, packet delivery ratio, malicious nodes' identification, and success rates, SI_CRM imple- ments security protection against insider attacks in a more dynamic, effective, and efficient manner than the subjective logic and uncertainty-based reputation model and the familiarity-based reputation model.
文摘To protect the copyright of the image as well as the image quality, a kind of image zero-watermark method based on the Krawtchouk moment invariants and timestamp is proposed. A method is used to protect the image, in which features are drawn out from the image as the watermarking. The main steps of the method are presented. Firstly, some low-order moment invariants of the image are extracted. Secondly, the moment invariants and the key are registered to a fair third party to gain the timestamp. Finally, the timestamp can be used to prove who the real owner is. The processing method is simple, only with a few low-order moment invariants to be computed. Experimental results are obtained and compared with those of the method based on geometric moment invariants. Results show that the scheme can well withstand such geometrical attacks as rotating, scaling, cropping, combined attack, translating, removing lines, filtering, and JPEG lossy compression.
基金the National Natural Science Foundation of China,by the Natural Science Foundation of Anhui Province,by the Specialized Research Fund for the Doctoral Program of Higher Education of China,the Fundamental Research Funds for the Central Universities
文摘Existing location privacy- preserving methods, without a trusted third party, cannot resist conspiracy attacks and active attacks. This paper proposes a novel solution for location based service (LBS) in vehicular ad hoc network (VANET). Firstly, the relationship among anonymity degree, expected company area and vehicle density is discussed. Then, a companion set F is set up by k neighbor vehicles. Based on secure multi-party computation, each vehicle in V can compute the centroid, not revealing its location to each other. The centroid as a cloaking location is sent to LBS provider (P) and P returns a point of interest (POI). Due to a distributed secret sharing structure, P cannot obtain the positions of non-complicity vehicles by colluding with multiple internal vehicles. To detect fake data from dishonest vehicles, zero knowledge proof is adopted. Comparing with other related methods, our solution can resist passive and active attacks from internal and external nodes. It provides strong privacy protection for LBS in VANET.
基金supported by the National Natural Science Foundation of China(No.61433006)the Key Research Project of Zhejiang Province,China(No.2017C01062)+3 种基金the Open Research Project of the State Key Laboratory of Industrial Control Technology,Zhejiang University,China(No.ICT1800422)the Opening Project of Shanghai Key Laboratory of Integrated Administration Technologies for Information Security,China(No.AGK2018003)the Department of Education of Zhejiang Province,China(No.Y201840611)the Zhejiang Provincial Natural Science Foundation of China(No.LY16F020019)
文摘Security issues in networked control systems(NCSs) have received increasing attention in recent years.However, security protection often requires extra energy consumption, computational overhead, and time delays,which could adversely affect the real-time and energy-limited system. In this paper, random cryptographic protection is implemented. It is less expensive with respect to computational overhead, time, and energy consumption,compared with persistent cryptographic protection. Under the consideration of weak attackers who have little system knowledge, ungenerous attacking capability and the desire for stealthiness and random zero-measurement attacks are introduced as the malicious modification of measurements into zero signals. NCS is modeled as a stochastic system with two correlated Bernoulli distributed stochastic variables for implementation of random cryptographic protection and occurrence of random zero-measurement attacks; the stochastic stability can be analyzed using a linear matrix inequality(LMI) approach. The proposed stochastic stability analysis can help determine the proper probability of running random cryptographic protection against random zero-measurement attacks with a certain probability. Finally, a simulation example is presented based on a vertical take-off and landing(VTOL) system. The results show the effectiveness, robustness, and application of the proposed method, and are helpful in choosing the proper protection mechanism taking into account the time delay and in determining the system sampling period to increase the resistance against such attacks.
