A switching-based Moving Target Defense against sensor attacks in control systems

Moving Target Defense (MTD) prevents adversaries from being able to predict the effect of their attacks by adding uncertainty in the state of a system during runtime. In this paper, we present an MTD algorithm that randomly changes the availability of the sensor data, so that it is difficult for adversaries to tailor stealthy attacks while, at the same time, minimizing the impact of false-data injection attacks. Using tools from the design of state estimators, namely, observers, and switched systems, we formulate an optimization problem to find the probability of the switching signals that increase the visibility of stealthy attacks while decreasing the deviation caused by false data injection attacks. We show that the proposed MTD algorithm can be designed to guarantee the stability of the closed-loop system with desired performance. In addition, we formulate an optimization problem for the design of the parameters so as to minimize the impact of the attacks. The results are illustrated in two case studies, one about a generic linear time-invariant system and another about a vehicular platooning problem.     

Injection attack detection using machine learning for smart IoT applications

Smart cities are a rapidly growing IoT application. These smart cities mainly rely on wireless sensors to connect their different components (smart devices) together. Smart cities rely on the integration of IoT and 5G technologies, and this has created a demand for a massive IoT network of connected devices. The data traffic coming from indoor wireless networks (e.g., smart homes, smart hospitals, smart factories , or smart school buildings) contributes to over 80% of the total data traffic of the current IoT network. As smart cities and their applications grow, security and privacy challenges have become a major concern for billions of IoT smart devices. One reason for this could be the oversight of handling security issues of IoT devices by their manufacturers, which enables attackers to exploit the vulnerabilities in these devices by performing different types of attacks, e.g., DDoS and injection attacks. Intrusion detection is one way to detect and mitigate the risk of such attacks. In this paper, an intrusion detection method was proposed to detect injection attacks in IoT applications (e.g. smart cities). In this method, two types of feature selection techniques (constant removal and recursive feature elimination) were used and tested by a number of machine learning classifiers (i.e., SVM, Random Forest, and Decision Tree). The T-Test was conducted to evaluate the quality of this proposed feature selection method. Using the public dataset, AWID, the evaluation results showed that the decision tree classifier can be used to detect injection attacks with an accuracy of 99% using only 8 features, which were selected using the proposed feature selection method. Also, the comparison with the most related work showed the advantages of the proposed intrusion detection method.     

On the robustness of Harris detector in image watermarking attacks

This paper investigates the misplacement issue presented on the detection of feature points by using the well-known Harris detector, under several watermarking attacks. Harris detector, as a powerful tool in finding image's points of high importance, called “interest points”, has been widely used to locate specific image portions where watermarks are embedded, according to some watermarking insertion procedure. Although Harris detector constitutes a significant part of a typical feature-based watermarking process, no work dealing with its performance under certain attacks has been reported yet. This work studies the accuracy of Harris detector in finding the feature points, which define the watermarked regions of attacked images, firstly as an individual processing module and secondly as a part of a feature-based watermarking methodology. Detailed theoretical analysis followed by appropriate simulation experiments has shown that the incorporation of the Harris detector into the watermarking procedure presents misplacement issues that can lead the watermarking algorithm to unreliable results. In the way of decreasing these misplacement errors, a novel algorithm that extracts more stable interest points, with promising performance is also proposed.     

一种抗高阶旁路攻击的LED密码算法

LED密码算法是2011年提出的超轻量级密码算法,主要是为资源受限下物联网加密应用研发的.轻量级密码算法结构相对简单,更容易被旁路攻击成功.随机掩码是一种有效抗旁路攻击的方法,在深入LED密码算法结构研究的基础上,提出一种全随机掩码的LED密码算法CMLED.论述了CMLED算法的设计方法,从形式化方面给出了抗高阶旁路攻击选择掩码的原则.同时,对全随机掩码的CMLED与原始算法进行了硬件资源占用与加密效率对比,实验表明CMLED仍然可以高效地在智能卡上实现.     

基于主成分-集对分析法的联合火力打击陆军弹药消耗预测方案评估模型研究

陆军作为联合火力打击的重要组成部分,具有反应快、火力猛、精度高、机动灵活的特点,是实施联合火力打击不可缺少的重要力量.陆军在联合火力打击中,如何快速准确的从多种弹药预测方案中分析、评估优选出最佳的陆军弹药消耗预测方案,对提高陆军快速反应能力,提升部队战斗力,打赢未来战争至关重要.为此,在分析影响联合火力打击陆军弹药消耗主要因素的基础上,构建了符合联合火力打击陆军弹药消耗特点的评估指标体系,提出了一种基于主成分和集对分析法综合分析的联合火力打击陆军弹药消耗预测方案的评估优选方法,通过方法可求得指标权重,最终评估优选出最佳的联合火力打击陆军弹药消耗预测方案.结合实例分析,验证构建的评估模型能够用于多种联合火力打击陆军弹药消耗预测方案的评估优选,为进一步提高联合火力打击陆军弹药消耗预测方案提供技术指导.     

Three Attacks on the Mediated Semi-Quantum Key Distribution without Invoking Quantum Measurement

Semi-quantum key distribution is a very interesting new branch of quantum key distribution. It can be implemented when one or more participants are restricted to operate quantum states only on the quantum computational basis. Very recently, a mediated semi-quantum key distribution protocol without invoking two participants' quantum measurement has been proposed. The protocol allows two “classical” participants without sophisticated quantum capability to establish a shared secret key under an untrusted third party. It is claimed that the protocol is secure against several well-known attacks. However, in this paper, it is first pointed out that there exist three attacks “Measurement Attack, Modification Attack, and Collective Attack” on the mediated semi-quantum key distribution protocol without invoking quantum measurement. By proposed attacks, a malicious third party can obtain the secret key without being noticed by legitimated participants.     

Robust H∞state estimation for a class of complex networks with dynamic event-triggered scheme against hybrid attacks

We investigate the dynamic event-triggered state estimation for uncertain complex networks with hybrid delays suffering from both deception attacks and denial-of-service attacks.Firstly,the effects of time-varying delays and finitedistributed delays are considered during data transmission between nodes.Secondly,a dynamic event-triggered scheme(ETS)is introduced to reduce the frequency of data transmission between sensors and estimators.Thirdly,by considering the discussed plant,dynamic ETS,state estimator,and hybrid attacks into a unified framework,this framework is transferred into a novel dynamical model.Furthermore,with the help of Lyapunov stability theory and linear matrix inequality techniques,sufficient condition to ensure that the system is exponentially stable and satisfies H∞performance constraints is obtained,and the design algorithm for estimator gains is given.Finally,two numerical examples verify the effectiveness of the proposed method.     

Collective Attack and Improvement on “Mediated Semi-Quantum Key Distribution Using Single Photons”

Lin et al. proposed a mediated semi-quantum key distribution protocol in 2019. This study shows that Lin et al.'s protocol has a security loophole that could mount to the collective attack to reveal some information about the secret key without being detected. To overcome this problem, an improved protocol is proposed and its security is proven.     

Unidimensional Two-Way Continuous-Variable Quantum Key Distribution Using Coherent States

We propose a unidimensional two-way continuous-variable quantum key distribution protocol with coherent states, where the sender modulates a single quadrature of the coherent states rather than both quadratures to simplify the structure of a two-way system. Security analysis is performed with a general attack strategy, known as two-mode attack, which helps to reduce limitations in the analysis. The performance of the protocol under all accessible two-mode attacks at fixed distance is illustrated. Further, two typical two-mode attack strategies are obtained from it, which are one-mode attack strategy and optimal two-mode attack strategy. Between them, the one-mode attack is the simplest form of the two-mode attack, while the optimal two-mode attack is the most complicated one. Simulations show that though the system is simplified, the performance of the two-way protocol with unidimensional modulation is still comparable to that of the counterpart with Gaussian modulation even against the optimal two-mode attack when Eve’s ability is maximized. Thus, the proposed protocol simplifies the two-way system while guaranteeing its performance to a certain extent. Especially in a practical system with short transmission distance and high excess noise, the protocol has a good application prospect.