In covert communication systems, covert messages can be transmitted without being noticed by the monitors or adversaries. Therefore, the covert communication technology has emerged as a novel method for network authentication, copyright protection, and the evidence of cybercrimes. However, how to design the covert communication in the physical layer of wireless networks and how to improve the channel capacity for the covert communication systems are very challenging. In this paper, we propose a wireless covert communication system, where data streams from the antennas of the transmitter are coded according to a code book to transmit covert and public messages. We adopt a modulation scheme, named covert quadrature amplitude modulation (QAM), to modulate the messages, where the constellation of covert information bits deviates from its normal coordinates. Moreover, the covert receiver can detect the covert information bits according to the constellation departure. Simulation results show that proposed covert communication system can significantly improve the covert data rate and reduce the covert bit error rate, in comparison with the traditional covert communication systems.

As the IPv6 protocol has been rapidly developed and applied, the security of IPv6 networks has become the focus of academic and industrial attention. Despite the fact that the IPv6 protocol is designed with security in mind, due to insufficient defense measures of current firewalls and intrusion detection systems for IPv6 networks, the construction of covert channels using fields not defined or reserved in IPv6 protocols may compromise the information systems. By discussing the possibility of constructing storage covert channels within IPv6 protocol fields, 10 types of IPv6 covert channels are constructed with undefined and reserved fields, including the flow label field, the traffic class field of IPv6 header, the reserved fields of IPv6 extension headers and the code field of ICMPv6 header. An IPv6 covert channel detection method based on field matching (CC-Guard) is proposed, and a typical IPv6 network environment is built for testing. In comparison with existing detection tools, the experimental results show that the CC-Guard not only can detect more covert channels consisting of IPv6 extension headers and ICMPv6 headers, but also achieves real-time detection with a lower detection overhead.

As IoT technologies mature, they are increasingly finding their way into more sensitive domains, such as Medical and Industrial IoT, in which safety and cyber-security are paramount. While the number of deployed IoT devices continues to increase annually, they still present severe cyber-security vulnerabilities, turning them into potential targets and entry points to support further attacks. Naturally, as these nodes are compromised, attackers aim at setting up stealthy communication behaviours, to exfiltrate data or to orchestrate nodes of a botnet in a cloaked fashion. Network covert channels are increasingly being used with such malicious intents. The IEEE 802.15.4 is one of the most pervasive protocols in IoT, and a fundamental part of many communication infrastructures. Despite this fact, the possibility of setting up such covert communication techniques on this medium has received very little attention. We aim at analysing the performance and feasibility of such covert-channel implementations upon the IEEE 802.15.4 protocol. This will enable a better understanding of the involved risk and help supporting the development of further cyber-security mechanisms to mitigate this threat.

In this work, we propose a novel framework to identify and mitigate a recently disclosed covert channel scheme exploiting unprotected broadcast messages in cellular MAC layer protocols. Examples of covert channel are used in data exfiltration, remote command-and-control (CnC) and espionage. Responsibly disclosed to GSMA (CVD-2021-0045), the SPAR-ROW covert channel scheme exploits the downlink power of LTE/5G base-stations that broadcast contention resolution identity (CRI) from any anonymous device according to the 3GPP standards. Thus, the SPARROW devices can covertly relay short messages across long-distance which can be potentially harmful to critical infrastructure. The SPARROW schemes can also complement the solutions for long-range M2M applications. This work investigates the security vs. performance trade-off in CRI-based contention resolution mechanisms. Then it offers a rig-orously designed method to randomly obfuscate CRI broadcast in future 5G/6G standards. Compared to CRI length reduction, the proposed method achieves considerable protection against SPARROW exploitation with less impact on the random-access performance as shown in the numerical results.

We introduce the notion of an application-based covert channel—or ABCC—which provides a formal syntax for describing covert channels that tunnel messages through existing protocols. Our syntax captures many recent systems, including DeltaShaper (PETS 2017) and Protozoa (CCS 2020). We also define what it means for an ABCC to be secure against a passive eavesdropper, and prove that suitable abstractions of existing censorship circumvention systems satisfy our security notion. In doing so, we define a number of important non-cryptographic security assumptions that are often made implicitly in prior work. We believe our formalisms may be useful to censorship circumvention developers for reasoning about the security of their systems and the associated security assumptions required.

Can quantum entanglement increase the capacity of (classical) covert channels? To one familiar with Holevo's Theorem it is tempting to think that the answer is obviously no. However, in this work we show: quantum entanglement can in fact increase the capacity of a classical covert channel, in the presence of an active adversary; on the other hand, a zero-capacity channel is not improved by entanglement, so entanglement cannot create ‘purely quantum’ covert channels; the problem of determining the capacity of a given channel in the presence of entanglement is undecidable; but there is an algorithm to bound the entangled capacity of a channel from above, adapted from the semi-definite hierarchy from the theory of non-local games, whose close connection to channel capacity is at the core of all of our results.

The modern networking world is being exposed to many risks more frequently every day. Most of systems strongly rely on remaining anonymous throughout the whole endpoint exploitation process. Covert channels represent risk since they ex-ploit legitimate communications and network protocols to evade typical filtering. This firewall avoidance sees covert channels frequently used for malicious communication of intruders with systems they compromised, and thus a real threat to network security. While there are commercial tools to safeguard computer networks, novel applications such as automotive connectivity and V2X present new challenges. This paper focuses on the analysis of the recent ways of using covert channels and detecting them, but also on the state-of-the-art possibilities of protection against them. We investigate observing the timing covert channels behavior simulated via injected ICMP traffic into standard network communications. Most importantly, we concentrate on enhancing firewall with detection and prevention of such attack built-in features. The main contribution of the paper is design for detection timing covert channel threats utilizing detection methods based on statistical analysis. These detection methods are combined and implemented in one program as a simple host-based intrusion detection system (HIDS). As a result, the proposed design can analyze and detect timing covert channels, with the addition of taking preventive measures to block any future attempts to breach the security of an end device.

Covert channels are data transmission methods that bypass the detection of security mechanisms and pose a serious threat to critical infrastructure. Meanwhile, it is also an effective way to ensure the secure transmission of private data. Therefore, research on covert channels helps us to quickly detect attacks and protect the security of data transmission. This paper proposes covert channels based on the timestamp of the Internet Control Message Protocol echo reply packet in the Linux system. By considering the concealment, we improve our proposed covert channels, ensuring that changing trends in the timestamp of modified consecutive packets are consistent with consecutive regular packets. Besides, we design an Iptables rule based on the current system time to analyze the performance of the proposed covert channels. Finally, it is shown through experiments that the channels complete the private data transmission in the industrial control network. Furthermore, the results demonstrate that the improved covert channels offer better performance in concealment, time cost, and the firewall test.

The excess buffering of packets in network elements, also referred to as bufferbloat, results in high latency. Considering the requirements of traffic generated by video conferencing systems like Zoom, cloud rendered gaming platforms like Google Stadia, or even video streaming services such as Netflix, Amazon Prime and YouTube, timeliness of such traffic is important. Ensuring low latency to IP flows with a high throughput calls for the application of Active Queue Management (AQM) schemes. This introduces yet another problem as the co-existence of scalable and classic congestion controls leads to the starvation of classic TCP flows. Technologies such as Low Latency Low Loss Scalable Throughput (L4S) and the corresponding dual queue coupled AQM, DualPI2, provide a robust solution to these problems. However, their deployment on hardware targets such as programmable switches is quite challenging due to the complexity of algorithms and architectural constraints of switching ASICs. In this study, we provide proof of concept implementations of two AQMs that enable the co-existence of scalable and traditional TCP traffic, namely DualPI2 and the preceding single-queue PI2 AQM, on an Intel Tofino switching ASIC. Given the fixed operation of the switch’s traffic manager, we investigate to what extent it is possible to implement a fully RFC-compliant version of the two AQMs on the Tofino ASIC. The study shows that an appropriate split between control and data plane operations is required while we also exploit fixed functionality of the traffic manager to support such solutions.

The demand for increasing flexibility use in power systems is stressed by the changing grid utilization. Making use of largely untapped flexibility potential is possible through novel flexibility markets. Different approaches for these markets are being developed and vary considering their handling of transaction schemes and relation of participating entities. This paper delivers the conceptual development of a holistic system architecture for the realization of an interregional flexibility market, which targets a market based congestion management in the transmission and distribution system through trading between system operators and flexibility providers. The framework combines a market mechanism with the required supplements like appropriate control algorithms for emergency situations, cyber-physical system monitoring and cyber-security assessment. The resulting methods are being implemented and verified in a remote-power-hardware-in-the-loop setup coupling a real world low voltage grid with a geographically distant real time simulation using state of the art control system applications with an integration of the aforementioned architecture components.

Since its inception, the Internet has experienced tremendous speed and functionality improvements. Among these developments are innovative approaches such as the design and deployment of Internet Protocol version six (IPv6) and the continuous modification of TCP. New transport protocols like Stream Communication Transport Protocol (SCTP) and Multipath TCP (MPTCP), which can use multiple data paths, have been developed to overcome the IP-coupled challenge in TCP. However, given the difficulties of packet modifiers over the Internet that prevent the deployment of newly proposed protocols, e.g., SCTP, a UDP innovative approach with QUIC (Quick UDP Internet Connection) has been put forward as an alternative. QUIC reduces the connection establishment complexity in TCP and its variants, high security, stream multiplexing, and pluggable congestion control. Motivated by the gains and acceptability of MPTCP, Multipath QUIC has been developed to enable multipath transmission in QUIC. While several researchers have reviewed the progress of improvement and application of MPTCP, the review on MPQUIC improvement is limited. To breach the gap, this paper provides a brief survey on the practical application and progress of MPQUIC in data communication. We first review the fundamentals of multipath transport protocols. We then provide details on the design of QUIC and MPQUIC. Based on the articles reviewed, we looked at the various applications of MPQUIC, identifying the application domain, tools used, and evaluation parameters. Finally, we highlighted the open research issues and directions for further investigations.

Dual Connectivity is a key approach to achieving optimization of throughput and latency in heterogeneous networks. Originally a technique introduced by the 3rd Generation Partnership Project (3GPP) for terrestrial communications, it is not been widely explored in satellite systems. In this paper, Dual Connectivity is implemented in a multi-orbital satellite network, where a network model is developed by employing the diversity gains from Dual Connectivity and Carrier Aggregation for the enhancement of satellite uplink capacity. An introduction of software defined network controller is performed at the network layer coupled with a carefully designed hybrid resource allocation algorithm which is implemented strategically. The algorithm performs optimum dynamic flow control and traffic steering by considering the availability of resources and the channel propagation information of the orbital links to arrive at a resource allocation pattern suitable in enhancing uplink system performance. Simulation results are shown to evaluate the achievable gains in throughput and latency; in addition we provide useful insight in the design of multi-orbital satellite networks with implementable scheduler design.

As cyber-physical systems are becoming more wide spread, it is imperative to secure these systems. In the real world these systems produce large amounts of data. However, it is generally impractical to test security techniques on operational cyber-physical systems. Thus, there exists a need to have realistic systems and data for testing security of cyber-physical systems [1]. This is often done in testbeds and cyber ranges. Most cyber ranges and testbeds focus on traditional network systems and few incorporate cyber-physical components. When they do, the cyber-physical components are often simulated. In the systems that incorporate cyber-physical components, generally only the network data is analyzed for attack detection and diagnosis. While there is some study in using physical signals to detect and diagnosis attacks, this data is not incorporated into current testbeds and cyber ranges. This study surveys currents testbeds and cyber ranges and demonstrates a prototype testbed that includes cyber-physical components and sensor data in addition to traditional cyber data monitoring.

Due to the rapid development of cyber-physical systems, there are more and more security problems. The purpose of this work is to develop the concept of a knowledge base in the field of security of cyber-physical systems based on an ontological approach. To create the concept of a knowledge base, it was necessary to consider the system of a cyber-physical system and highlight its structural parts. As a result, the main concepts of the security of a cyber-physical system were identified and the concept of a knowledge base was drawn up, which in the future will help to analyze potential threats to cyber-physical systems.

A methodology for studying the level of security for various types of CPS through the analysis of the consequences was developed during the research process. An analysis of the architecture of cyber-physical systems was carried out, vulnerabilities and threats of specific devices were identified, a list of possible information attacks and their consequences after the exploitation of vulnerabilities was identified. The object of research is models of cyber-physical systems, including IoT devices, microcomputers, various sensors that function through communication channels, organized by cyber-physical objects. The main subjects of this investigation are methods and means of security testing of cyber-physical systems (CPS). The main objective of this investigation is to update the problem of security in cyber-physical systems, to analyze the security of these systems. In practice, the testing methodology for the cyber-physical system “Smart Factory” was implemented, which simulates the operation of a real CPS, with different types of links and protocols used.

Since the cyber and physical layers in the distribution system are deeply integrated, the traditional distribution system has gradually developed into the cyber-physical distribution system (CPDS), and the failures of the cyber layer will affect the reliable and safe operation of the whole distribution system. Therefore, this paper proposes an CPDS planning method considering the reliability of the cyber-physical system. First, the reliability evaluation model of CPDS is proposed. Specifically, the functional reliability model of the cyber layer is introduced, based on which the physical equipment reliability model is further investigated. Second, an optimal planning model of CPDS considering cyber-physical random failures is developed, which is solved using the Monte Carlo Simulation technique. The proposed model is tested on the modified IEEE 33-node distribution system, and the results demonstrate the effectiveness of the proposed method.

In this paper, a data-driven security detection approach is proposed in a simple manner. The detector is designed to deal with false data injection attacks suffered by industrial cyber-physical systems with unknown model information. First, the attacks are modeled from the perspective of the generalized plant mismatch, rather than the operating data being tampered. Second, some subsystems are selected to reduce the design complexity of the detector, and based on them, an output estimator with iterative form is presented in a theoretical way. Then, a security detector is constructed based on the proposed estimator and its cost function. Finally, the effectiveness of the proposed approach is verified by simulations of a Western States Coordinated Council 9-bus power system.

The security control problem of cyber-physical system (CPS) under actuator attacks is studied in the paper. Considering the strict-feedback cyber-physical systems with external disturbance, a security control scheme is proposed by combining backstepping method and super-twisting sliding mode technology when the transmission control input signal of network layer is under false data injection(FDI) attack. Firstly, the unknown nonlinear function of the CPS is identified by Radial Basis Function Neural Network. Secondly, the backstepping method and super-twisting sliding mode algorithm are combined to eliminate the influence of actuator attack and ensure the robustness of the control system. Then, by Lyapunov stability theory, it is proved that the proposed control scheme can ensure that all signals in the closed-loop system are semi-global and ultimately uniformly bounded. Finally, the effectiveness of the proposed control scheme is verified by the inverted pendulum simulation.

With the intelligent development of power system, due to the double-layer structure of smart grid and the characteristics of failure propagation across layers, the attack path also changes significantly: from single-layer to multi-layer and from static to dynamic. In response to the shortcomings of the single-layer attack path of traditional attack path identification methods, this paper proposes the idea of cross-layer attack, which integrates the threat propagation mechanism of the information layer and the failure propagation mechanism of the physical layer to establish a forward-backward bi-directional detection model. The model is mainly used to predict possible cross-layer attack paths and evaluate their path generation probabilities to provide theoretical guidance and technical support for defenders. The experimental results show that the method proposed in this paper can well identify the dynamic cross-layer attacks in the smart grid.

Security of Internet of Things (IoT) is one of the most prevalent crucial challenges ever since. The diversified devices and their specification along with resource constrained protocols made it more complex to address over all security need of IoT. Denial of Service attacks, being the most powerful and frequent attacks on IoT have been considered so forth. However, the attack happens on multiple layers and thus a single detection technique for each layer is not sufficient and effective to combat these attacks. Current study focuses on cross layer intrusion detection system (IDS) for detection of multiple Denial of Service (DoS) attacks. Presently, two attacks at Transmission Control Protocol (TCP) and Routing Protocol are considered for Low power and Lossy Networks (RPL) and a neural network-based IDS approach has been proposed for the detection of such attacks. The attacks are simulated on NetSim and detection and the performance shows up to 80% detection probabilities.

The Internet of Things is a developing technology that converts physical objects into virtual objects connected to the internet using wired and wireless network architecture. Use of cross-layer techniques in the internet of things is primarily driven by the high heterogeneity of hardware and software capabilities. Although traditional layered architecture has been effective for a while, cross-layer protocols have the potential to greatly improve a number of wireless network characteristics, including bandwidth and energy usage. Also, one of the main concerns with the internet of things is security, and machine learning (ML) techniques are thought to be the most cuttingedge and viable approach. This has led to a plethora of new research directions for tackling IoT's growing security issues. In the proposed study, a number of cross-layer approaches based on machine learning techniques that have been offered in the past to address issues and challenges brought on by the variety of IoT are in-depth examined. Additionally, the main issues are mentioned and analyzed, including those related to scalability, interoperability, security, privacy, mobility, and energy utilization.

As a mature and open mobile operating system, Android runs on many IoT devices, which has led to Android-based IoT devices have become a hotbed of malware. Existing static detection methods for malware using artificial intelligence algorithms focus only on the java code layer when extracting API features, however there is a lot of malicious behavior involving native layer code. Thus, to make up for the neglect of the native code layer, we propose a heterogeneous information network-based Android malware detection method with cross-layer features. We first translate the semantic information of apps and API calls into the form of meta-paths, and construct the adjacency of apps based on API calls, then combine information from different meta-paths using multi-core learning. We implemented our method on the dataset from VirusShare and AndroZoo, and the experimental results show that the accuracy of our method is 93.4%, which is at least 2% higher than other related methods using heterogeneous information networks for malware detection.

Multi-label image classification task aims to predict multiple object labels in a given image and faces the challenge of variable-sized objects. Limited by the size of CNN convolution kernels, existing CNN-based methods have difficulty capturing global dependencies and effectively fusing multiple layers features, which is critical for this task. Recently, transformers have utilized multi-head attention to extract feature with long range dependencies. Inspired by this, this paper proposes a Cross-layer Aggregation with Transformers (CAT) framework, which leverages transformers to capture the long range dependencies of CNN-based features with Long Range Dependencies module and aggregate the features layer by layer with Cross-Layer Fusion module. To make the framework efficient, a multi-head pre-max attention is designed to reduce the computation cost when fusing the high-resolution features of lower-layers. On two widely-used benchmarks (i.e., VOC2007 and MS-COCO), CAT provides a stable improvement over the baseline and produces a competitive performance.

Physical-layer key (PLK) generation scheme is a new key generation scheme based on wireless channel reciprocity. However, the security of physical layer keys still lacks sufficient theoretical support in the presence of eavesdropping attacks until now, which affects the promotion in practical applications. By analyzing the propagation mode of multipath signals under non-line-of-sight (nLoS), an improved spatial cross-correlation model is constructed, where the spatial cross-correlation is between eavesdropping channel and legitimate channel. Results show that compared with the multipath and obstacle distribution of the channel, the azimuth and distance between the eavesdropper and the eavesdropped user have a greater impact on the cross-correlation.

In the deep nano-scale regime, reliability has emerged as one of the major design issues for high-density integrated systems. Among others, key reliability-related issues are soft errors, high temperature, and aging effects (e.g., NBTI-Negative Bias Temperature Instability), which jeopardize the correct applications' execution. Tremendous amount of research effort has been invested at individual system layers. Moreover, in the era of growing cyber-security threats, modern computing systems experience a wide range of security threats at different layers of the software and hardware stacks. However, considering the escalating reliability and security costs, designing a highly reliable and secure system would require engaging multiple system layers (i.e. both hardware and software) to achieve cost-effective robustness. This talk provides an overview of important reliability issues, prominent state-of-the-art techniques, and various hardwaresoftware collaborative reliability modeling and optimization techniques developed at our lab, with a focus on the recent works on ML-based reliability techniques. Afterwards, this talk will also discuss how advanced ML techniques can be leveraged to devise new types of hardware security attacks, for instance on logic locked circuits. Towards the end of the talk, I will also give a quick pitch on the reliability and security challenges for the embedded machine learning (ML) on resource/energy-constrained devices subjected to unpredictable and harsh scenarios.