Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to...Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to exploit the controller's vulnerabilities and launch attacks wisely. We tend to believe that dynamically altering such static mappings is a promising approach to alleviate this issue, since a moving target is difficult to be compromised even by skilled adversaries. It is critical to determine the right time to conduct scheduling and to balance the overhead afforded and the security levels guaranteed. Little previous work has been done to investigate the economical time in dynamic-scheduling controllers. In this paper, we take the first step to both theoretically and experimentally study the scheduling-timing problem in dynamic control plane. We model this problem as a renewal reward process and propose an optimal algorithm in deciding the right time to schedule with the objective of minimizing the long-term loss rate. In our experiments, simulations based on real network attack datasets are conducted and we demonstrate that our proposed algorithm outperforms given scheduling schemes.展开更多
Security and stability control system(SSCS)in power systems involves collecting information and sending the decision from/to control stations at different layers;the tree structure of the SSCS requires more levels.Fai...Security and stability control system(SSCS)in power systems involves collecting information and sending the decision from/to control stations at different layers;the tree structure of the SSCS requires more levels.Failure of a station or channel can cause all the execution stations(EXs)to be out of control.The randomness of the controllable capacity of the EXs increases the difficulty of the reliability evaluation of the SSCS.In this study,the loop designed SSCS and reliability analysis are examined for the interconnected systems.The uncertainty analysis of the controllable capacity based on the evidence theory for the SSCS is proposed.The bidirectional and loop channels are introduced to reduce the layers and stations of the existing SSCS with tree configuration.The reliability evaluation and sensitivity analysis are proposed to quantify the controllability and vulnerable components for the SSCS in different configurations.By aiming at the randomness of the controllable capacity of the EXs,the uncertainty analysis of the controllable capacity of the SSCS based on the evidence theory is proposed to quantify the probability of the SSCS for balancing the active power deficiency of the grid.展开更多
In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application o...In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.展开更多
Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the...Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.展开更多
The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming m...The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of 'trustworthy networks' and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed. The network trustworthiness could and should be eventually achieved.展开更多
This study presents a radio frequency(RF)fingerprint identification method combining a convolutional neural network(CNN)and gated recurrent unit(GRU)network to identify measurement and control signals.The proposed alg...This study presents a radio frequency(RF)fingerprint identification method combining a convolutional neural network(CNN)and gated recurrent unit(GRU)network to identify measurement and control signals.The proposed algorithm(CNN-GRU)uses a convolutional layer to extract the IQ-related learning timing features.A GRU network extracts timing features at a deeper level before outputting the final identification results.The number of parameters and the algorithm’s complexity are reduced by optimizing the convolutional layer structure and replacing multiple fully-connected layers with gated cyclic units.Simulation experiments show that the algorithm achieves an average identification accuracy of 84.74% at a -10 dB to 20 dB signal-to-noise ratio(SNR)with fewer parameters and less computation than a network model with the same identification rate in a software radio dataset containing multiple USRP X310s from the same manufacturer,with fewer parameters and less computation than a network model with the same identification rate.The algorithm is used to identify measurement and control signals and ensure the security of the measurement and control link with theoretical and engineering applications.展开更多
A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects phy...A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.展开更多
Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages ...Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages of the network architectures include reduced system wiring, plug and play devices,increased system agility, and ease of system diagnosis and maintenance. Consequently, networked control is the current trend for industrial automation and has ever-increasing applications in a wide range of areas, such as smart grids, manufacturing systems,process control, automobiles, automated highway systems, and unmanned aerial vehicles. The modelling, analysis, and control of networked control systems have received considerable attention in the last two decades. The ‘control over networks’ is one of the key research directions for networked control systems. This paper aims at presenting a survey of trends and techniques in networked control systems from the perspective of ‘control over networks’, providing a snapshot of five control issues: sampled-data control, quantization control, networked control, event-triggered control, and security control. Some challenging issues are suggested to direct the future research.展开更多
We present a controlled secure quantum dialogue protocol using a non-maximally (pure) entangled Greenberger-Horne-Zeibinger (GHZ) states at first, and then discuss the requirements for a real quantum dialogue. We ...We present a controlled secure quantum dialogue protocol using a non-maximally (pure) entangled Greenberger-Horne-Zeibinger (GHZ) states at first, and then discuss the requirements for a real quantum dialogue. We show that the authorized two users can exchange their secret messages after purifying the non-maximally entangled GHZ states quantum channel unconditionally securely and simultaneously under the control of a third party.展开更多
In this paper,we first re-examine the previous protocol of controlled quantum secure direct communication of Zhang et al.’s scheme,which was found insecure under two kinds of attacks,fake entangled particles attack a...In this paper,we first re-examine the previous protocol of controlled quantum secure direct communication of Zhang et al.’s scheme,which was found insecure under two kinds of attacks,fake entangled particles attack and disentanglement attack.Then,by changing the party of the preparation of cluster states and using unitary operations,we present an improved protocol which can avoid these two kinds of attacks.Moreover,the protocol is proposed using the three-qubit partially entangled set of states.It is more efficient by only using three particles rather than four or even more to transmit one bit secret information.Given our using state is much easier to prepare for multiqubit states and our protocol needs less measurement resource,it makes this protocol more convenient from an applied point of view.展开更多
This paper investigates the secure synchronization control problem for a class of cyber-physical systems(CPSs)with unknown system matrices and intermittent denial-of-service(DoS)attacks.For the attack free case,an opt...This paper investigates the secure synchronization control problem for a class of cyber-physical systems(CPSs)with unknown system matrices and intermittent denial-of-service(DoS)attacks.For the attack free case,an optimal control law consisting of a feedback control and a compensated feedforward control is proposed to achieve the synchronization,and the feedback control gain matrix is learned by iteratively solving an algebraic Riccati equation(ARE).For considering the attack cases,it is difficult to perform the stability analysis of the synchronization errors by using the existing Lyapunov function method due to the presence of unknown system matrices.In order to overcome this difficulty,a matrix polynomial replacement method is given and it is shown that,the proposed optimal control law can still guarantee the asymptotical convergence of synchronization errors if two inequality conditions related with the DoS attacks hold.Finally,two examples are given to illustrate the effectiveness of the proposed approaches.展开更多
The controlled quantum secure direct communication(CQSDC)with authentication protocol based on four particle cluster states via quantum one-time pad and local unitary operations is cryptanalyzed.It is found that there...The controlled quantum secure direct communication(CQSDC)with authentication protocol based on four particle cluster states via quantum one-time pad and local unitary operations is cryptanalyzed.It is found that there are some serious security issues in this protocol.An eavesdropper(Eve)can eavesdrop on some information of the identity strings of the receiver and the controller without being detected by the selective-CNOT-operation(SCNO)attack.By the same attack,Eve can also steal some information of the secret message that the sender transmits.In addition,the receiver can take the same kind of attack to eavesdrop on some information of the secret message out of the control of the controller.This means that the requirements of CQSDC are not satisfied.At last,we improve the original CQSDC protocol to a secure one.展开更多
Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, w...Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography (IBC) to propose a Distributed Authentication and Authorization Scheme (DAAS), where an identity-based signature (IBS) is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption (CP-ABE) is used to enable the distributed and fine-grained authorization. DAAS consists of three phases: initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest (NOAM) dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest (AM) distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.展开更多
We present a controlled secure quantum communication protocol using non-maximally (pure) entangled W states first, and then discuss the basic requirements for a real quantum communication. We show that the authorize...We present a controlled secure quantum communication protocol using non-maximally (pure) entangled W states first, and then discuss the basic requirements for a real quantum communication. We show that the authorized two users can exchange their secret messages with the help of the controller after purifying the non-maximally entangled states quantum channel unconditionally securely and simultaneously. Our quantum communication protocol seems even more feasible within present technologies.展开更多
In this paper,we propose a intrusion detection algorithm based on auto-encoder and three-way decisions(AE-3WD)for industrial control networks,aiming at the security problem of industrial control network.The ideology o...In this paper,we propose a intrusion detection algorithm based on auto-encoder and three-way decisions(AE-3WD)for industrial control networks,aiming at the security problem of industrial control network.The ideology of deep learning is similar to the idea of intrusion detection.Deep learning is a kind of intelligent algorithm and has the ability of automatically learning.It uses self-learning to enhance the experience and dynamic classification capabilities.We use deep learning to improve the intrusion detection rate and reduce the false alarm rate through learning,a denoising AutoEncoder and three-way decisions intrusion detection method AE-3WD is proposed to improve intrusion detection accuracy.In the processing,deep learning AutoEncoder is used to extract the features of high-dimensional data by combining the coefficient penalty and reconstruction loss function of the encode layer during the training mode.A multi-feature space can be constructed by multiple feature extractions from AutoEncoder,and then a decision for intrusion behavior or normal behavior is made by three-way decisions.NSL-KDD data sets are used to the experiments.The experiment results prove that our proposed method can extract meaningful features and effectively improve the performance of intrusion detection.展开更多
Complex cyber-physical network refers to a new generatio~ of complex networks whose normal functioning significantly relies on tight interactions between its physical and cyber compo- nents. Many modern critical infra...Complex cyber-physical network refers to a new generatio~ of complex networks whose normal functioning significantly relies on tight interactions between its physical and cyber compo- nents. Many modern critical infrastructures can be appropriately modelled as complex cyber-physical networks. Typical examples of such infrastructures are electrical power grids, WWW, public trans- portation systems, state financial networks, and the Interact. These critical facilities play important roles in ensuring the stability of society as well as the development of economy. Advances in informa- tion and communication technology open opportunities for malicious attackers to launch coordinated attacks on cyber-physical critical facilities in networked infrastructures from any Interact-accessible place. Cybersecurity of complex cyber-physical networks has emerged as a hot topic within this con- text. In practice, it is also very crucial to understand the interplay between the evolution of underlying network structures and the collective dynamics on these complex networks and consequently to design efficient security control strategies to protect the evolution of these networks. In this paper, cybersecu- rity of complex cyber-physical networks is first outlined and then some security enhancing techniques, with particular emphasis on safety communications, attack detection and fault-tolerant control, are suggested. Furthermore, a new class of efficient secure the achievement of desirable pinning synchronization control strategies are proposed for guaranteeing behaviors in complex cyber-physical networks against malicious attacks on nodes. The authors hope that this paper motivates to design enhanced security strategies for complex cyber-physical network systems, to realize resilient and secure critical infrastructures.展开更多
Coupling between electricity systems and heating systems are becoming stronger,leading to more flexible and more complex interactions between these systems.The operation of integrated energy systems is greatly affecte...Coupling between electricity systems and heating systems are becoming stronger,leading to more flexible and more complex interactions between these systems.The operation of integrated energy systems is greatly affected,especially when security is concerned.Steady-state analysis methods have been widely studied in recent research,which is far from enough when the slow thermal dynamics of heating networks are introduced.Therefore,an integrated quasi-dynamic model of integrated electricity and heating systems is developed.The model combines a heating network dynamic thermal model and the sequential steady-state models of electricity networks,coupling components,and heating network hydraulics.Based on this model,a simulation method is proposed and quasi-dynamic interactions between electricity systems and heating systems are quantified with the highlights of transport delay.Then the quasi-dynamic interactions were applied using security control to relieve congestion in electricity systems.Results show that both the transport delay and control strategies have significant influences on the quasi-dynamic interactions.展开更多
Cyber-physical systems (CPSs) are integrations of computation, communication, control and physical processes. Typical examples where CPSs are deployed include smart grids, civil infrastructure, medical devices and m...Cyber-physical systems (CPSs) are integrations of computation, communication, control and physical processes. Typical examples where CPSs are deployed include smart grids, civil infrastructure, medical devices and manufacturing. Security is one of the most important issues that should be investigated in CPSs and hence has received much attention in recent years. This paper surveys recent results in this area and mainly focusses on three important categories: attack detection, attack design and secure estimation and control. We also discuss several future research directions including risk assessment, modeling of attacks and attacks design, counter-attack strategy and testbed and validation.展开更多
The traditional“three defense lines”for power systems are based on local information and static protection&control strategy,which are not suitable to modern large-scale power systems.In order to improve the secu...The traditional“three defense lines”for power systems are based on local information and static protection&control strategy,which are not suitable to modern large-scale power systems.In order to improve the security of UHV hybrid power grids,the Integrated Wide Area Protection&Control(IWAPC)is proposed in this paper by applying the new technologies of synchronized high-speed communication,which integrates“three defense lines”and promotes existing wide area protection only for security control.The IWAPC is the hierarchical protection and control system which provides the protection and control for wide area power networks to improve their reliability and security.It is divided into three levels,the local bay level,the substation integrated protection level and the wide area protection level.The wide area real-time protection and control information platform is the most important part of the IWAPC,which is based on a synchronized wide area communication network.The key technologies and new development trends include network topology analysis,wide area backup protection,wide area intelligent reclosing,wide area load shedding,wide area auto-switching,overload cutoff and transfer,transmission section protection,intelligent system splitting and dynamic stability control.It cannot only integrate three lines of defense for power system protection and control,but also improve security of the power grid.展开更多
There has been a surge of interests in the security of cyber-physical systems(CPSs), yet it is commonly assumed that the adversary has a full knowledge of physical system models. This paper argues that such an unreali...There has been a surge of interests in the security of cyber-physical systems(CPSs), yet it is commonly assumed that the adversary has a full knowledge of physical system models. This paper argues that such an unrealistic assumption can be relaxed: the adversary might still be able to identify the system model by passively observing the control input and sensory data. In such a setup, the attack with knowledge of input-output data can be categorized as a Known-Plaintext Attack. A necessary and sufficient condition has been provided, under which the adversary can uniquely obtain the knowledge of the underlying physical system.From the defender's perspective, a secure controller design—which exhibits a low rank structure—is proposed which renders the system unidentifiable to the adversary, while trading off the control system's performance. Finally, a numerical example has been provided to demonstrate the effectiveness of the proposed secure controller design.展开更多
基金supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (No. 61521003)The National Key R&D Program of China (No.2016YFB0800101)+1 种基金the National Science Foundation for Distinguished Young Scholars of China (No.61602509)Henan Province Key Technologies R&D Program of China(No.172102210615)
文摘Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to exploit the controller's vulnerabilities and launch attacks wisely. We tend to believe that dynamically altering such static mappings is a promising approach to alleviate this issue, since a moving target is difficult to be compromised even by skilled adversaries. It is critical to determine the right time to conduct scheduling and to balance the overhead afforded and the security levels guaranteed. Little previous work has been done to investigate the economical time in dynamic-scheduling controllers. In this paper, we take the first step to both theoretically and experimentally study the scheduling-timing problem in dynamic control plane. We model this problem as a renewal reward process and propose an optimal algorithm in deciding the right time to schedule with the objective of minimizing the long-term loss rate. In our experiments, simulations based on real network attack datasets are conducted and we demonstrate that our proposed algorithm outperforms given scheduling schemes.
基金supported by Science and Technology Project of SGCC“Research on Flat Architecture and Implementation Technology of Security and Stability Control System in Ultra Large Power Grid”(52170221000U).
文摘Security and stability control system(SSCS)in power systems involves collecting information and sending the decision from/to control stations at different layers;the tree structure of the SSCS requires more levels.Failure of a station or channel can cause all the execution stations(EXs)to be out of control.The randomness of the controllable capacity of the EXs increases the difficulty of the reliability evaluation of the SSCS.In this study,the loop designed SSCS and reliability analysis are examined for the interconnected systems.The uncertainty analysis of the controllable capacity based on the evidence theory for the SSCS is proposed.The bidirectional and loop channels are introduced to reduce the layers and stations of the existing SSCS with tree configuration.The reliability evaluation and sensitivity analysis are proposed to quantify the controllability and vulnerable components for the SSCS in different configurations.By aiming at the randomness of the controllable capacity of the EXs,the uncertainty analysis of the controllable capacity of the SSCS based on the evidence theory is proposed to quantify the probability of the SSCS for balancing the active power deficiency of the grid.
文摘In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.
文摘Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.
基金the National Key BasicResearch Program (973 Program) under Grant2007CB307104.
文摘The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of 'trustworthy networks' and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed. The network trustworthiness could and should be eventually achieved.
基金supported by the National Natural Science Foundation of China(No.62027801).
文摘This study presents a radio frequency(RF)fingerprint identification method combining a convolutional neural network(CNN)and gated recurrent unit(GRU)network to identify measurement and control signals.The proposed algorithm(CNN-GRU)uses a convolutional layer to extract the IQ-related learning timing features.A GRU network extracts timing features at a deeper level before outputting the final identification results.The number of parameters and the algorithm’s complexity are reduced by optimizing the convolutional layer structure and replacing multiple fully-connected layers with gated cyclic units.Simulation experiments show that the algorithm achieves an average identification accuracy of 84.74% at a -10 dB to 20 dB signal-to-noise ratio(SNR)with fewer parameters and less computation than a network model with the same identification rate in a software radio dataset containing multiple USRP X310s from the same manufacturer,with fewer parameters and less computation than a network model with the same identification rate.The algorithm is used to identify measurement and control signals and ensure the security of the measurement and control link with theoretical and engineering applications.
基金supported by Institutional Fund Projects(IFPNC-001-135-2020)technical and financial support from the Ministry of Education and King Abdulaziz University,DSR,Jeddah,Saudi Arabia。
文摘A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.
基金supported in part by the Australian Research Council Discovery Project(DP160103567)
文摘Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages of the network architectures include reduced system wiring, plug and play devices,increased system agility, and ease of system diagnosis and maintenance. Consequently, networked control is the current trend for industrial automation and has ever-increasing applications in a wide range of areas, such as smart grids, manufacturing systems,process control, automobiles, automated highway systems, and unmanned aerial vehicles. The modelling, analysis, and control of networked control systems have received considerable attention in the last two decades. The ‘control over networks’ is one of the key research directions for networked control systems. This paper aims at presenting a survey of trends and techniques in networked control systems from the perspective of ‘control over networks’, providing a snapshot of five control issues: sampled-data control, quantization control, networked control, event-triggered control, and security control. Some challenging issues are suggested to direct the future research.
基金The project supported by National Natural Science Foundation of China under Grant No. 10575017
文摘We present a controlled secure quantum dialogue protocol using a non-maximally (pure) entangled Greenberger-Horne-Zeibinger (GHZ) states at first, and then discuss the requirements for a real quantum dialogue. We show that the authorized two users can exchange their secret messages after purifying the non-maximally entangled GHZ states quantum channel unconditionally securely and simultaneously under the control of a third party.
基金Project supported by NSFC(Grant Nos.61671087,61272514,61170272,61003287,61571335,61628209)the Fok Ying Tong Education Foundation(Grant No.131067)+2 种基金the National Key R&D Program of China under Grant 2017YFB0802300the Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ016)Hubei Science Foundation(2016CFA030,2017AAA125)。
文摘In this paper,we first re-examine the previous protocol of controlled quantum secure direct communication of Zhang et al.’s scheme,which was found insecure under two kinds of attacks,fake entangled particles attack and disentanglement attack.Then,by changing the party of the preparation of cluster states and using unitary operations,we present an improved protocol which can avoid these two kinds of attacks.Moreover,the protocol is proposed using the three-qubit partially entangled set of states.It is more efficient by only using three particles rather than four or even more to transmit one bit secret information.Given our using state is much easier to prepare for multiqubit states and our protocol needs less measurement resource,it makes this protocol more convenient from an applied point of view.
基金supported in part by the National Natural Science Foundation of China(61873050)the Fundamental Research Funds for the Central Universities(N180405022,N2004010)+1 种基金the Research Fund of State Key Laboratory of Synthetical Automation for Process Industries(2018ZCX14)Liaoning Revitalization Talents Program(XLYC1907088)。
文摘This paper investigates the secure synchronization control problem for a class of cyber-physical systems(CPSs)with unknown system matrices and intermittent denial-of-service(DoS)attacks.For the attack free case,an optimal control law consisting of a feedback control and a compensated feedforward control is proposed to achieve the synchronization,and the feedback control gain matrix is learned by iteratively solving an algebraic Riccati equation(ARE).For considering the attack cases,it is difficult to perform the stability analysis of the synchronization errors by using the existing Lyapunov function method due to the presence of unknown system matrices.In order to overcome this difficulty,a matrix polynomial replacement method is given and it is shown that,the proposed optimal control law can still guarantee the asymptotical convergence of synchronization errors if two inequality conditions related with the DoS attacks hold.Finally,two examples are given to illustrate the effectiveness of the proposed approaches.
基金This work was supported by National Natural Science Foundation of China(Grant No.61502101)the Six Talent Peaks Project of Jiangsu Province(Grant No.XYDXX-003)+1 种基金Scientific Research Foundation of the science and Technology Department of Fujian Province(Grant No.JK2015023)Shangda Li Education Foundation of Jimei University(Grant No.ZC2013010).
文摘The controlled quantum secure direct communication(CQSDC)with authentication protocol based on four particle cluster states via quantum one-time pad and local unitary operations is cryptanalyzed.It is found that there are some serious security issues in this protocol.An eavesdropper(Eve)can eavesdrop on some information of the identity strings of the receiver and the controller without being detected by the selective-CNOT-operation(SCNO)attack.By the same attack,Eve can also steal some information of the secret message that the sender transmits.In addition,the receiver can take the same kind of attack to eavesdrop on some information of the secret message out of the control of the controller.This means that the requirements of CQSDC are not satisfied.At last,we improve the original CQSDC protocol to a secure one.
文摘Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography (IBC) to propose a Distributed Authentication and Authorization Scheme (DAAS), where an identity-based signature (IBS) is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption (CP-ABE) is used to enable the distributed and fine-grained authorization. DAAS consists of three phases: initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest (NOAM) dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest (AM) distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.
基金The project supported by National Natural Science Foundation of China under Grant No.10575017
文摘We present a controlled secure quantum communication protocol using non-maximally (pure) entangled W states first, and then discuss the basic requirements for a real quantum communication. We show that the authorized two users can exchange their secret messages with the help of the controller after purifying the non-maximally entangled states quantum channel unconditionally securely and simultaneously. Our quantum communication protocol seems even more feasible within present technologies.
基金supported by National Nature Science Foundation of China (Grant No.61471182)Postgraduate Research&Practice Innovation Program of Jiangsu Province (Grant No.KYCX20_2993)Jiangsu postgraduate research innovation project (SJCX18_0784)。
文摘In this paper,we propose a intrusion detection algorithm based on auto-encoder and three-way decisions(AE-3WD)for industrial control networks,aiming at the security problem of industrial control network.The ideology of deep learning is similar to the idea of intrusion detection.Deep learning is a kind of intelligent algorithm and has the ability of automatically learning.It uses self-learning to enhance the experience and dynamic classification capabilities.We use deep learning to improve the intrusion detection rate and reduce the false alarm rate through learning,a denoising AutoEncoder and three-way decisions intrusion detection method AE-3WD is proposed to improve intrusion detection accuracy.In the processing,deep learning AutoEncoder is used to extract the features of high-dimensional data by combining the coefficient penalty and reconstruction loss function of the encode layer during the training mode.A multi-feature space can be constructed by multiple feature extractions from AutoEncoder,and then a decision for intrusion behavior or normal behavior is made by three-way decisions.NSL-KDD data sets are used to the experiments.The experiment results prove that our proposed method can extract meaningful features and effectively improve the performance of intrusion detection.
基金supported by the National Key Research and Development Program of China under Grant No.2016YFB0800401the National Nature Science Foundation of China under Grant Nos.61304168,61673104,and 61322302+3 种基金the Natural Science Foundation of Jiangsu Province of China under Grant No.BK20130595the National Ten Thousand Talent Program for Young Top-Notch Talents,the Six Talent Peaks of Jiangsu Province of China under Grant No.2014-DZXX-004the Doctoral Program of Higher Education of China under Grant No.20130092120030the Fundamental Research Funds for the Central Universities of China under Grant No.2242016K41030
文摘Complex cyber-physical network refers to a new generatio~ of complex networks whose normal functioning significantly relies on tight interactions between its physical and cyber compo- nents. Many modern critical infrastructures can be appropriately modelled as complex cyber-physical networks. Typical examples of such infrastructures are electrical power grids, WWW, public trans- portation systems, state financial networks, and the Interact. These critical facilities play important roles in ensuring the stability of society as well as the development of economy. Advances in informa- tion and communication technology open opportunities for malicious attackers to launch coordinated attacks on cyber-physical critical facilities in networked infrastructures from any Interact-accessible place. Cybersecurity of complex cyber-physical networks has emerged as a hot topic within this con- text. In practice, it is also very crucial to understand the interplay between the evolution of underlying network structures and the collective dynamics on these complex networks and consequently to design efficient security control strategies to protect the evolution of these networks. In this paper, cybersecu- rity of complex cyber-physical networks is first outlined and then some security enhancing techniques, with particular emphasis on safety communications, attack detection and fault-tolerant control, are suggested. Furthermore, a new class of efficient secure the achievement of desirable pinning synchronization control strategies are proposed for guaranteeing behaviors in complex cyber-physical networks against malicious attacks on nodes. The authors hope that this paper motivates to design enhanced security strategies for complex cyber-physical network systems, to realize resilient and secure critical infrastructures.
基金This work was supported in part by the National Natural Science Foundation of China(NSFC)(51537006)European Union’s Horizon 2020 research and innovation programme(774309,MAGNATUDE),WEFO FLEXIS project.
文摘Coupling between electricity systems and heating systems are becoming stronger,leading to more flexible and more complex interactions between these systems.The operation of integrated energy systems is greatly affected,especially when security is concerned.Steady-state analysis methods have been widely studied in recent research,which is far from enough when the slow thermal dynamics of heating networks are introduced.Therefore,an integrated quasi-dynamic model of integrated electricity and heating systems is developed.The model combines a heating network dynamic thermal model and the sequential steady-state models of electricity networks,coupling components,and heating network hydraulics.Based on this model,a simulation method is proposed and quasi-dynamic interactions between electricity systems and heating systems are quantified with the highlights of transport delay.Then the quasi-dynamic interactions were applied using security control to relieve congestion in electricity systems.Results show that both the transport delay and control strategies have significant influences on the quasi-dynamic interactions.
基金This work was supported in part by the Natural Science Foundation of China (Nos. 61321002, 61120106010, 61522303, U1509215), the Program for New Century Excellent Talents in University (No. NCET-13-0045), and the Beijing Higher Education Young Elite Teacher Project.
文摘Cyber-physical systems (CPSs) are integrations of computation, communication, control and physical processes. Typical examples where CPSs are deployed include smart grids, civil infrastructure, medical devices and manufacturing. Security is one of the most important issues that should be investigated in CPSs and hence has received much attention in recent years. This paper surveys recent results in this area and mainly focusses on three important categories: attack detection, attack design and secure estimation and control. We also discuss several future research directions including risk assessment, modeling of attacks and attacks design, counter-attack strategy and testbed and validation.
文摘The traditional“three defense lines”for power systems are based on local information and static protection&control strategy,which are not suitable to modern large-scale power systems.In order to improve the security of UHV hybrid power grids,the Integrated Wide Area Protection&Control(IWAPC)is proposed in this paper by applying the new technologies of synchronized high-speed communication,which integrates“three defense lines”and promotes existing wide area protection only for security control.The IWAPC is the hierarchical protection and control system which provides the protection and control for wide area power networks to improve their reliability and security.It is divided into three levels,the local bay level,the substation integrated protection level and the wide area protection level.The wide area real-time protection and control information platform is the most important part of the IWAPC,which is based on a synchronized wide area communication network.The key technologies and new development trends include network topology analysis,wide area backup protection,wide area intelligent reclosing,wide area load shedding,wide area auto-switching,overload cutoff and transfer,transmission section protection,intelligent system splitting and dynamic stability control.It cannot only integrate three lines of defense for power system protection and control,but also improve security of the power grid.
基金supported by the National Natural Science Foundation of China (Grant No. 91748112)the National Key Research and Development Program of China (Grant No. 2018AAA0101601)。
文摘There has been a surge of interests in the security of cyber-physical systems(CPSs), yet it is commonly assumed that the adversary has a full knowledge of physical system models. This paper argues that such an unrealistic assumption can be relaxed: the adversary might still be able to identify the system model by passively observing the control input and sensory data. In such a setup, the attack with knowledge of input-output data can be categorized as a Known-Plaintext Attack. A necessary and sufficient condition has been provided, under which the adversary can uniquely obtain the knowledge of the underlying physical system.From the defender's perspective, a secure controller design—which exhibits a low rank structure—is proposed which renders the system unidentifiable to the adversary, while trading off the control system's performance. Finally, a numerical example has been provided to demonstrate the effectiveness of the proposed secure controller design.