Experimental validation of a resilient monitoring and control system

Complex, high performance, engineering systems have to be closely monitored and controlled to ensure safe operation and protect public from potential hazards. One of the main challenges in designing monitoring and control algorithms for these systems is that sensors and actuators may be malfunctioning due to malicious or natural causes. To address this challenge, this paper addresses a resilient monitoring and control (ReMAC) system by expanding previously developed resilient condition assessment monitoring systems and Kalman filter-based diagnostic methods and integrating them with a supervisory controller developed here. While the monitoring and diagnostic algorithms assess plant cyber and physical health conditions, the supervisory controller selects, from a set of candidates, the best controller based on the current plant health assessments. To experimentally demonstrate its enhanced performance, the developed ReMAC system is then used for monitoring and control of a chemical reactor with a water cooling system in a hardware-in-the-loop setting, where the reactor is computer simulated and the water cooling system is implemented by a machine condition monitoring testbed at Idaho National Laboratory. Results show that the ReMAC system is able to make correct plant health assessments despite sensor malfunctioning due to cyber attacks and make decisions that achieve best control actions despite possible actuator malfunctioning. Monitoring challenges caused by mismatches between assumed system component models and actual measurements are also identified for future work.     

Protection issues for supply systems involving random attacks

This paper focuses on the protection issues for supply systems involving random attacks, which are described as attacks whose targets cannot be predicted. We present the random-attack median fortification problem (RAMF) to identify the fortification strategy that minimizes the expected operation cost after random attacks. RAMF is formulated as an integer-linear program and solved directly using general-purpose MIP solver. Moreover, a more complex problem, the fortification median problem for disruptions caused by mixed types of attacks (FMMA), is introduced to find a balance between defending the worst-case attacks and random attacks. Solving FMMA can achieve good protection results, which are more practical in dealing with systems with mixed types of attacks, if the proportion between the types is properly estimated. We formulate FMMA as a non-linear bilevel program and extend a typical implicit enumeration (IE) algorithm to solve the problem. Finally, computational experiments demonstrate the effectiveness of both RAMF and FMMA in dealing with protective affairs involving random attacks. The efficiency of solving the formulations of RAMF and FMMA is also testified.     

Robust and blind watermarking technique in DCT domain using inter-block coefficient differencing

In this paper, a robust blind watermarking technique, based on block-based DCT coefficient modification is proposed. The difference between two DCT coefficients of the adjacent blocks at the same position is calculated. Depending upon the watermark bit to be embedded; this difference is brought in a particular predefined range which is achieved by modifying one of the two DCT coefficients. The amount of modification to a DCT coefficient of a block depends upon the scaling variable, DC coefficient and median of certain zig-zag ordered AC coefficients of that block. The robustness of the proposed scheme has been examined for various singular and hybrid attacks. Comparison results reveal that the proposed technique has a higher degree of robustness against various singular and hybrid attacks. Further a watermark of good quality is extracted even after various simultaneous attacks on the system.     

Dynamic and adaptive detection method for flooding in wireless sensor networks

In recent years, wireless sensor networks (WSNs) have attracted an increasing attention in several fields. However, WSNs must be treated with significant challenges in their design due to their special characteristics such as limited energy, processing power, and data storage that make the energy consumption saving a real challenge. Also, regarding their distributed deployment in open radio frequency and lack of physical security, these networks are vulnerable and exposed to several attacks: passive eavesdropping, active attacks, and identity theft. In this paper, we propose a new method called accordion method to detect and apprehend denial of service attacks in WSNs. This approach is a dynamic and an adaptive method based on using clustering method which allows electing control nodes that analyze the traffic inside a cluster and send warnings to the cluster head whenever an abnormal behavior is suspected or detected. The proposed method relies on the analysis of the evolution of the threshold messages (alerts) sent in the cluster. The proposed method has been evaluated, and the obtained numerical results show its benefit compared with other detection methods.     

QoS-Centric Stateful Resource Management in Information Systems

There is little resource management and Quality of Service (QoS) guarantee in the best-effort model underlying existing information systems, leaving information systems vulnerable to exploits and denial-of-service attacks. To overcome these problems, an engineering approach to QoS-centric stateful resource management in information systems is presented in this paper. System engineering principles are first used to identify various scales and levels of resources in information systems. QoS attributes of resources are then discussed. We also introduce the topological and algebraic structures of propagating QoS attributes across levels and scales of various resources for service contracting and admission control. We use a control-theoretic structure to specify QoS-guarantee functions for managing individual resources, including functions of admission control, scheduling & control, QoS conformance monitoring, and state probing and testing, along with scheduling techniques and statistical process control (SPC) techniques to support these functions.     

堆溢出的攻击演变与防范

以栈溢出为主的缓冲区溢出研究取得了较为丰硕的成果,与其相比,堆溢出攻击要困难许多,研究力度也少了许多。然而我们绝不能低估基于堆的溢出攻击,事实上,堆溢出已经成为攻击软件的主要方式之一。论文从基本的堆溢出开始,详细研究了堆溢出的主要攻击手段及其演变,介绍了各种常见的防御措施,并且对这些研究成果进行了分析总结。最后陈述了我们对此问题的观点。     

路由器端基于模式聚集的流量控制研究

不断发展的DoS/DDoS攻击对Internet安全是一个严重的威胁,传统的IDS针对DoS/DDoS攻击的防御方法并不能减少路由器上的攻击流量。文中提出了一种新的运行在核心路由器上的基于多层模式聚集的流量控制机制,它根据不同协议的统计特征设计出不同聚集模式,使用轻量级的协议分析和多层聚集来控制流量。实验证明该机制不但简化了包分类的复杂性,对攻击手段的变化还有一定的免疫性,能对恶意攻击包进行有效过滤,实现在骨干网络上限制非法流量的目的。     

Boolean functions of an odd number of variables with maximum algebraic immunity

In this paper, we study Boolean functions of an odd number of variables with maximum algebraic immunity. We identify three classes of such functions, and give some necessary conditions of such functions, which help to examine whether a Boolean function of an odd number of variables has the maximum algebraic immunity. Further, some necessary conditions for such functions to have also higher nonlinearity are proposed, and a class of these functions are also obtained. Finally, we present a sufficient and necessary condition for Boolean functions of an odd number of variables to achieve maximum algebraic immunity and to be also 1-resilient.     

A Method for Patching Interleaving-Replay Attacks in Faulty Security Protocols

The verification of security protocols has attracted a lot of interest in the formal methods community, yielding two main verification approaches: i) state exploration, e.g. FDR [Gavin Lowe. Breaking and fixing the needham-schroeder public-key protocol using FDR. In TACAs'96: Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems, pages 147–166, London, UK, 1996. Springer-Verlag] and OFMC [A.D. Basin, S. Mödersheim, and L. Viganò. An on-the-fly model-checker for security protocol analysis. In D. Gollmann and E. Snekkenes, editors, ESORICS'03: 8th European Symposium on Research in Computer Security, number 2808 in Lecture Notes in Computer Science, pages 253–270, Gjøvik, Norway, 2003. Springer-Verlag]; and ii) theorem proving, e.g. the Isabelle inductive method [Lawrence C. Paulson. The inductive approach to verifying cryptographic protocols. Journal in Computer Security, 6(1-2):85–128, 1998] and Coral [G. Steel, A. Bundy, and M. Maidl. Attacking the asokan-ginzboorg protocol for key distribution in an ad-hoc bluetooth network using coral. In H. König, M. Heiner, and A. Wolisz, editors, IFIP TC6 /WG 6.1: Proceedings of 23rd IFIP International Conference on Formal Techniques for Networked and Distributed Systems, volume 2767, pages 1–10, Berlin, Germany, 2003. FORTE 2003 (work in progress papers)]. Complementing formal methods, Abadi and Needham's principles aim to guide the design of security protocols in order to make them simple and, hopefully, correct [M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 22(1):6–15, 1996]. We are interested in a problem related to verification but far less explored: the correction of faulty security protocols. Experience has shown that the analysis of counterexamples or failed proof attempts often holds the key to the completion of proofs and for the correction of a faulty model. In this paper, we introduce a method for patching faulty security protocols that are susceptible to an interleaving-replay attack. Our method makes use of Abadi and Needham's principles for the prudent engineering practice for cryptographic protocols in order to guide the location of the fault in a protocol as well as the proposition of candidate patches. We have run a test on our method with encouraging results. The test set includes 21 faulty security protocols borrowed from the Clark-Jacob library [J. Clark and J. Jacob. A survey of authentication protocol literature: Version 1.0. Technical report, Department of Computer Science, University of York, November 1997. A complete specification of the Clark-Jacob library in CAPSL is available at http://www.cs.sri.com/millen/capsl/].     

数据加密标准旁路攻击差分功耗仿真分析

器件在加密过程中会产生功率、电磁等信息的泄漏,这些加密执行过程中产生的能量辐射涉及到加密时的密钥信息;文章首先简单分析了CMOS器件工作时产生功耗泄漏的机理,即与门电路内处理数据的汉明距离成正比;详细分析了DES加密过程的功耗轨迹,建立了DES加密过程中的功耗泄漏模型,并利用该模型建立了差分功耗分析(DPA)仿真平台;通过这个仿真平台在没有复杂测试设备与测试手段的情况下,对DES加密实现在面临DPA攻击时的脆弱性进行分析,全部猜测48位子密钥所须时间大约为6分钟,剩下的8位可以通过强力攻击或是附加分析一轮而得到;可见对于没有任何防护措施的DES加密实现是不能防御DPA攻击的.