A Review on Security and Privacy Issues Pertaining to Cyber-Physical Systems in the Industry 5.0 Era

The advent of Industry 5.0 marks a transformative era where Cyber-Physical Systems(CPSs)seamlessly integrate physical processes with advanced digital technologies.However,as industries become increasingly interconnected and reliant on smart digital technologies,the intersection of physical and cyber domains introduces novel security considerations,endangering the entire industrial ecosystem.The transition towards a more cooperative setting,including humans and machines in Industry 5.0,together with the growing intricacy and interconnection of CPSs,presents distinct and diverse security and privacy challenges.In this regard,this study provides a comprehensive review of security and privacy concerns pertaining to CPSs in the context of Industry 5.0.The review commences by providing an outline of the role of CPSs in Industry 5.0 and then proceeds to conduct a thorough review of the different security risks associated with CPSs in the context of Industry 5.0.Afterward,the study also presents the privacy implications inherent in these systems,particularly in light of the massive data collection and processing required.In addition,the paper delineates potential avenues for future research and provides countermeasures to surmount these challenges.Overall,the study underscores the imperative of adopting comprehensive security and privacy strategies within the context of Industry 5.0.

Security and Privacy Frameworks for Access Control Big Data Systems

In the security and privacy fields,Access Control(AC)systems are viewed as the fundamental aspects of networking security mechanisms.Enforcing AC becomes even more challenging when researchers and data analysts have to analyze complex and distributed Big Data(BD)processing cluster frameworks,which are adopted to manage yottabyte of unstructured sensitive data.For instance,Big Data systems’privacy and security restrictions are most likely to failure due to the malformed AC policy configurations.Furthermore,BD systems were initially developed toped to take care of some of the DB issues to address BD challenges and many of these dealt with the“three Vs”(Velocity,Volume,and Variety)attributes,without planning security consideration,which are considered to be patch work.Some of the BD“three Vs”characteristics,such as distributed computing,fragment,redundant data and node-to node communication,each with its own security challenges,complicate even more the applicability of AC in BD.This paper gives an overview of the latest security and privacy challenges in BD AC systems.Furthermore,it analyzes and compares some of the latest AC research frameworks to reduce privacy and security issues in distributed BD systems,which very few enforce AC in a cost-effective and in a timely manner.Moreover,this work discusses some of the future research methodologies and improvements for BD AC systems.This study is valuable asset for Artificial Intelligence(AI)researchers,DB developers and DB analysts who need the latest AC security and privacy research perspective before using and/or improving a current BD AC framework.

Towards a Comprehensive Security Framework of Cloud Data Storage Based on Multi Agent System Architecture

The tremendous growth of the cloud computing environments requires new architecture for security services. Cloud computing is the utilization of many servers/data centers or cloud data storages (CDSs) housed in many different locations and interconnected by high speed networks. CDS, like any other emerging technology, is experiencing growing pains. It is immature, it is fragmented and it lacks standardization. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this paper a comprehensive security framework based on Multi-Agent System (MAS) architecture for CDS to facilitate confidentiality, correctness assurance, availability and integrity of users' data in the cloud is proposed. Our security framework consists of two main layers as agent layer and CDS layer. Our propose MAS architecture includes main five types of agents: Cloud Service Provider Agent (CSPA), Cloud Data Confidentiality Agent (CDConA), Cloud Data Correctness Agent (CDCorA), Cloud Data Availability Agent (CDAA) and Cloud Data Integrity Agent (CDIA). In order to verify our proposed security framework based on MAS architecture, pilot study is conducted using a questionnaire survey. Rasch Methodology is used to analyze the pilot data. Item reliability is found to be poor and a few respondents and items are identified as misfits with distorted measurements. As a result, some problematic questions are revised and some predictably easy questions are excluded from the questionnaire. A prototype of the system is implemented using Java. To simulate the agents, oracle database packages and triggers are used to implement agent functions and oracle jobs are utilized to create agents.

Research on Heterogeneous Data Sharing in Early Warning System for Grain Security

The data nodes with heterogeneous database in early warning system for grain security seriously hampered the effective data collection in this system. In this article,the existing middleware technologies was analyzed,the problem-solution approach of heterogeneous data sharing was discussed through middleware technologies. Based on this method,and according to the characteristics of early warning system for grain security,the technology of data sharing in this system were researched and explored to solve the issues of collection of heterogeneous data sharing.

Networked Control Systems:A Survey of Trends and Techniques

Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages of the network architectures include reduced system wiring, plug and play devices,increased system agility, and ease of system diagnosis and maintenance. Consequently, networked control is the current trend for industrial automation and has ever-increasing applications in a wide range of areas, such as smart grids, manufacturing systems,process control, automobiles, automated highway systems, and unmanned aerial vehicles. The modelling, analysis, and control of networked control systems have received considerable attention in the last two decades. The ‘control over networks’ is one of the key research directions for networked control systems. This paper aims at presenting a survey of trends and techniques in networked control systems from the perspective of ‘control over networks’, providing a snapshot of five control issues: sampled-data control, quantization control, networked control, event-triggered control, and security control. Some challenging issues are suggested to direct the future research.

Developing a Geological Management Information System: National Important Mining Zone Database

Geo-data is a foundation for the prediction and assessment of ore resources, so managing and making full use of those data, including geography database, geology database, mineral deposits database, aeromagnetics database, gravity database, geochemistry database and remote sensing database, is very significant. We developed national important mining zone database （NIMZDB） to manage 14 national important mining zone databases to support a new round prediction of ore deposit. We found that attention should be paid to the following issues： ① data accuracy： integrity, logic consistency, attribute, spatial and time accuracy; ② management of both attribute and spatial data in the same system;③ transforming data between MapGIS and ArcGIS; ④ data sharing and security; ⑤ data searches that can query both attribute and spatial data. Accuracy of input data is guaranteed and the search, analysis and translation of data between MapGIS and ArcGIS has been made convenient via the development of a checking data module and a managing data module based on MapGIS and ArcGIS. Using AreSDE, we based data sharing on a client/server system, and attribute and spatial data are also managed in the same system.

Generalized Attack Model for Networked Control Systems, Evaluation of Control Methods

Networked Control Systems (NCSs) have been implemented in several different industries. The integration with advanced communication networks and computing techniques allows for the enhancement of efficiency of industrial control systems. Despite all the advantages that NCSs bring to industry, they remain at risk to a spectrum of physical and cyber-attacks. In this paper, we elaborate on security vulnerabilities of NCSs, and examine how these vulnerabilities may be exploited when attacks occur. A general model of NCS designed with three different controllers, i.e., proportional-integral-derivative (PID) controllers, Model Predictive control (MPC) and Emotional Learning Controller (ELC) are studied. Then three different types of attacks are applied to evaluate the system performance. For the case study, a networked pacemaker system using the Zeeman nonlinear heart model (ZHM) as the plant combined with the above-mentioned controllers to test the system performance when under attacks. The results show that with Emotional Learning Controller (ELC), the pacemaker is able to track the ECG signal with high fidelity even under different attack scenarios.

Ensuring Security, Confidentiality and Fine-Grained Data Access Control of Cloud Data Storage Implementation Environment

With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.

Cyber Resilience through Real-Time Threat Analysis in Information Security

This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].

Analysis of Secured Cloud Data Storage Model for Information

This paper was motivated by the existing problems of Cloud Data storage in Imo State University, Nigeria such as outsourced data causing the loss of data and misuse of customer information by unauthorized users or hackers, thereby making customer/client data visible and unprotected. Also, this led to enormous risk of the clients/customers due to defective equipment, bugs, faulty servers, and specious actions. The aim if this paper therefore is to analyze a secure model using Unicode Transformation Format (UTF) base 64 algorithms for storage of data in cloud securely. The methodology used was Object Orientated Hypermedia Analysis and Design Methodology (OOHADM) was adopted. Python was used to develop the security model;the role-based access control (RBAC) and multi-factor authentication (MFA) to enhance security Algorithm were integrated into the Information System developed with HTML 5, JavaScript, Cascading Style Sheet (CSS) version 3 and PHP7. This paper also discussed some of the following concepts;Development of Computing in Cloud, Characteristics of computing, Cloud deployment Model, Cloud Service Models, etc. The results showed that the proposed enhanced security model for information systems of cooperate platform handled multiple authorization and authentication menace, that only one login page will direct all login requests of the different modules to one Single Sign On Server (SSOS). This will in turn redirect users to their requested resources/module when authenticated, leveraging on the Geo-location integration for physical location validation. The emergence of this newly developed system will solve the shortcomings of the existing systems and reduce time and resources incurred while using the existing system.

基于区块链的车联网跨域数据安全传输系统设计

为有效应对车联网系统在数据传输过程中的安全问题,提出一种基于区块链的车联网跨域数据安全传输系统。该系统将车联网安全数据传输过程划分为注册、安全通信与数据共享三个关键环节。在注册阶段,车辆和路边单元需要通过可信机构完成注册,以确保其的身份合法性;在通信阶段,为了减少路边单元与车辆频繁认证,设计了跨域认证的方法,保障数据传输的可靠性和完整性,并引入假名来保护用户隐私;在共享阶段,文中设计了基于多线程遍历共享广播森林的事务广播算法,利用广度优先搜索思想建立广播森林,并使用多线程遍历进行数据事务广播传输。实验仿真结果显示,文中方案的签名计算成本减少70%,验证计算成本减少41%;其次,在ER模型下,相比使用Gossip协议进行事务数据传输,该方案中交通数据事务总时间降低了93%;在BA模型下降低了87%。

基于AI的多模态融合感知综合决策系统设计实现

针对传统军事要地安防系统智能化程度较低,各自独立互不关联,缺少顶层数据综合治理等问题,选取外围周界、重要卡口、无人巡更和区域高点四种典型安防业务场景开展建模,通过数据标准化接入、智能研判分析、安防态势显示三个处理环节,构建基于AI的多模态融合感知综合决策系统,实现前端感知多维化、中台研判智能化、后端处置多样化,有效支撑了重要军事目标安全防卫,系统后续也具有良好的可扩展性与可维护性。

A Novel Secure Data Transmission Scheme in Industrial Internet of Things

The industrial Internet of Things(IoT)is a trend of factory development and a basic condition of intelligent factory.It is very important to ensure the security of data transmission in industrial IoT.Applying a new chaotic secure communication scheme to address the security problem of data transmission is the main contribution of this paper.The scheme is proposed and studied based on the synchronization of different-structure fractional-order chaotic systems with different order.The Lyapunov stability theory is used to prove the synchronization between the fractional-order drive system and the response system.The encryption and decryption process of the main data signals is implemented by using the n-shift encryption principle.We calculate and analyze the key space of the scheme.Numerical simulations are introduced to show the effectiveness of theoretical approach we proposed.

A Moored Underwater Energy Conservation System for Profiling Measurement

There is a need to obtain the hydrologic data including ocean current, wave, temperature and so on in the South China Sea. A new profiling instrument which does not suffer from the damage due to nature forces or incidents caused by passing ships, is under development to acquire data from this area. This device is based on a taut single point mid-water mooring system. It incorporates a small, instrumented vertically profiling float attached via an electromechanical cable to a winch integral with the main subsurface flotation. On a pre-set schedule, the instrument float with sensors is winched up to the surface if there is no ship passing by, which is defined by an on-board miniature sonar. And it can be. inunediately winched down to a certain depth if the sonar sensor finds something is coming. Since, because of logistics, the area can only be visited once for a long time and a minimum of 10 times per day profiles are desired, energy demands are severe. To respond to these concerns, the system has been designed to conserve a substantial portion of the potential energy lost during the ascent phase of each profile and subsequently use this energy to pull the instrument down. Compared with the previous single-point layered measuring mode, it is advanced and economical. At last the paper introduces the test in the South China Sea.

新型电力系统数据跨域流通泛安全边界防护技术

新型电力系统建设涉及多业务系统、多部门、多方主体间进行海量、异构数据的交互和共享,电力数据的内外部网络环境与安全形势日趋复杂化,数据流通的脆弱性风险加剧。首先,分析新型电力系统下数据流的类型与特性,概括电力数据流通安全防护面临的新形势;其次,基于专用数据处理器(DPU)的高性能流量编排和多功能安全网关能力,构建面向电力数据跨域流通安全增强的泛安全边界,凭借数据面可编程技术沟通网络安全与数据安全双维度安全能力,提出基于DPU的数据跨域流通协同防护技术应用方案;最后,阐释DPU在不同电力通信网络层次的部署方式、价值与关键技术,分析现阶段DPU在电力领域应用存在的挑战。

Development of the Software Application with Graphical User Interface for One Model Cyber Security

The article is dedicated to the development of software application with graphical user interface for analyzing of the operation of Integrated System of Data Defense from cyber-threats (ISDD) which includes subsystems of detection and elimination of vulnerabilities existing in the system, as well as Requests of Unauthorized Access (RUA). In the subsystems of eliminations of vulnerabilities and queues of unauthorized access considered as multichannel queueing systems with corresponding servers and queues, at random times there come requests to fix threats detected by the system. It is supposed that flows of requests demanding to eliminate threats coming to the mentioned subsystems of queueing systems are described with the Poisson distribution of probabilities, but processes of their elimination obey exponential law. For the system described above, there has been developed software realization of graphical interface which allows easily to change input parameters and observe graphical reflection of changes of the output indicators of the system.

Data Stream Subspace Clustering for Anomalous Network Packet Detection

As the Internet offers increased connectivity between human beings, it has fallen prey to malicious users who exploit its resources to gain illegal access to critical information. In an effort to protect computer networks from external attacks, two common types of Intrusion Detection Systems (IDSs) are often deployed. The first type is signature-based IDSs which can detect intrusions efficiently by scanning network packets and comparing them with human-generated signatures describing previously-observed attacks. The second type is anomaly-based IDSs able to detect new attacks through modeling normal network traffic without the need for a human expert. Despite this advantage, anomaly-based IDSs are limited by a high false-alarm rate and difficulty detecting network attacks attempting to blend in with normal traffic. In this study, we propose a StreamPreDeCon anomaly-based IDS. StreamPreDeCon is an extension of the preference subspace clustering algorithm PreDeCon designed to resolve some of the challenges associated with anomalous packet detection. Using network packets extracted from the first week of the DARPA '99 intrusion detection evaluation dataset combined with Generic Http, Shellcode and CLET attacks, our IDS achieved 94.4% sensitivity and 0.726% false positives in a best case scenario. To measure the overall effectiveness of the IDS, the average sensitivity and false positive rates were calculated for both the maximum sensitivity and the minimum false positive rate. With the maximum sensitivity, the IDS had 80% sensitivity and 9% false positives on average. The IDS also averaged 63% sensitivity with a 0.4% false positive rate when the minimal number of false positives is needed. These rates are an improvement on results found in a previous study as the sensitivity rate in general increased while the false positive rate decreased.

我国“数字煤炭”建设发展研究与探讨

“数字煤炭”的内涵是通过数字技术与煤炭工业的深度融合,优化煤炭生产、运营、流通、转化、服务等各环节,全面推进煤炭工业及所关联对象的数字化进程,进而实现煤炭工业以安全、高效、绿色、智能、健康为核心目标的高质量发展。全面阐述了优化升级煤炭数字基础设施、全面赋能现代化煤炭产业体系、完善煤炭数字技术创新体系等10个方面“数字煤炭”建设的主要内容;为进一步提升“数字煤炭”建设水平,研究提出应突出顶层设计、健全体制机制、保障资金投入、实施示范评价等具体建议;认为在数字中国建设背景下,为实现煤炭工业高质量发展,“数字煤炭”建设势在必行。

Blockchain-Based Secure Authentication Scheme for Medical Data Sharing

Data security is vital for medical cyber physical system (MCPS). The decentralization feature of blockchain is helpful to solve the problem that the secure authentication process is highly dependent on the trusted third party and implement data security transmission. In this paper, the blockchain technology is used to describe the security requirements in authentication process. A network model of MCPS based on blockchain is proposed. Through analysis of medical data storage architecture, data was ensured not to be tampered and trackable. The security threat was eliminated by bilinear mapping in the authentication process of medical data providers and users. The credibility problem of the trusted third party was avoided and the two-way authentication was realized between the hospital and blockchain node. The security analysis and performance test were carried out to verify the security and related performance of the authentication protocol. The results show that the MCPS based on blockchain realizes medical treatment data sharing, and meets safety requirements in the security authentication phase.