分布式系统中抵御错误注入攻击的优化设计

安全关键分布式系统面临恶意窃听和错误注入攻击的挑战。以往研究主要针对防止恶意窃听,即考虑提供保密性服务,而忽略了错误注入的安全威胁。针对上述问题,考虑为消息的加解密过程进行错误检测,并最大化系统的错误覆盖率,最小化系统的异构度。首先选取AES对消息进行加解密;然后基于错误检测码确定了五种不同的错误检测方案,并求出了对应的错误覆盖率及时间开销;最后在保证实时性的约束下,提出了一种基于模拟退火(SA)的启发式算法,该算法能最大化系统的错误覆盖率和最小化系统的异构度。实验结果表明,所提算法与贪心算法相比,目标函数值提高了18%以上,该算法具有一定有效性和健壮性。

Optimization design of preventing fault injection attack on distributed embedded systems

Security-critical distributed systems have faced with malicious snooping and fault injection attack challenges. Traditional researches mainly focus on preventing malicious snooping which disregard fault injection attack threat. Concerning the above problem, the fault detection for message' encryption/decryption was considered, to maximize the fault coverage and minimize the heterogeneous degree of the messages' fault coverage. Firstly, Advanced Encryption Standard (AES) was used to protect confidentiality. Secondly, five fault detection schemes were proposed, and their fault coverage rates and time overheads were derived and measured, respectively. Finally, an efficient heuristic algorithm based on Simulated Annealing (SA) under the real-time constraint was proposed, which can maximize the fault coverage and minimize the heterogeneity. The experimental results show that the objective function value achieved by the proposed algorithm is 18% higher than that of the greedy algorithm at least, verifying the efficiency and robustness of the proposed algorithm.