International Conference: Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC) 2015, Shanghai, China

 

 
SoS Logo

International Conference:

Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC) 2015,

Shanghai, China

 

The 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC) 2015 was held 5–7 August 2015 in Shanghai, China. Focused on cyber-physical systems and security, the work cited here has much of interest to the Science of Security community. Citations were recovered on December 14, 2015.




Wang, P.; Ali, A.; Kelly, W., “Data Security and Threat Modeling for Smart City Infrastructure,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–6, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245322

Abstract: Smart city opens up data with a wealth of information that brings innovation and connects government, industry and citizens. Cyber insecurity, on the other hand has raised concerns among data privacy and threats to smart city systems. In this paper, we look into security issues in smart city infrastructure from both technical and business operation perspectives and propose an approach to analyze threats and to improve data security of smart city systems. The assessment process takes hundreds of features into account. Data collected during the assessment stage are then imported into an algorithm that calculates the threat factor. Mitigation strategies are provided to help reducing risks of smart city systems from being hacked into and to protect data from being misused, stolen or identifiable. Study shows that the threat factor can be reduced significantly by following this approach. Experiments show that this comprehensive approach can reduce the risks of cyber intrusions to smart city systems. It can also deal with privacy concerns in this big data arena.

Keywords: Big Data; data protection; security of data; smart cities; big data; cyber insecurity; cyber intrusions; data privacy; data protection; data security; smart city infrastructure; threat modeling; Business; Encryption; Firewalls (computing); Malware; cyber physical; data security; smart city; threat modeling (ID#: 15-8133)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245322&isnumber=7245317

 

Akhriza, T.M.; Yinghua Ma; Jianhua Li, “A Novel Fibonacci Windows Model for Finding Emerging Patterns over Online Data Stream,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–8, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245323

Abstract: Patterns i.e. the itemsets whose frequency increased significantly from one class to another are called emerging patterns (EP). Finding EP in a massive online data streaming is a tough yet complex task. On one hand the emergence of patterns must be examined at different time stamps since no one knows when the patterns may be emerging; on another hand, EP must be found in a given limited time and memory resources. In this work a novel method to accomplish such task is proposed. The history of itemsets and their support is kept in a novel data window model, called Fibonacci windows model, which shrinks a big number of data historical windows into a considerable much smaller number of windows. The emergence of itemsets being extracted from online transactions is examined directly with respect to the Fibonacci windows. Furthermore, as the historical windows are recorded, EP can be found both in online and offline mode.

Keywords: data mining; transaction processing; EP; Fibonacci windows model; data window model; emerging patterns; historical windows; itemsets; offline mode; online data streaming; online mode; online transactions; time stamps; Computer security; Data mining; Data models; History; Itemsets; Merging; Data Window Model; Emerging Patterns; Online Data Stream (ID#: 15-8134)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245323&isnumber=7245317

 

Xiaohe Fan; Kefeng Fan; Yong Wang; Ruikang Zhou, “Overview of Cyber-Security of Industrial Control System,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no.,

pp. 1–7, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245324

Abstract: With the development of information technology, the network connection of industrial control system (ICS) and information technology (IT) is becoming more and more closely. What’s more, the security issues of traditional IT systems in industrial control system are also more prominent. Early industrial control system mainly uses physical isolation approach to protect security. In this paper, we review the characteristics and reference models of industrial control system and analyze the current security status of industrial control system. Moreover, we propose a defense-in-depth system, security policies of active protection and passive monitoring for these security issues. Besides, we also discuss the key technologies and summarize the full text.

Keywords: control engineering computing; data protection industrial control; production engineering computing; security of data; ICS; IT systems; active protection security policy; cyber-security; defense-in-depth system; industrial control system; information technology; passive monitoring; physical isolation approach; security policy; security protection; Control systems; Information security; Process control; Production; Safety; Anomaly detection; Industrial Control System (ICS); Information security; Risk assessment (ID#: 15-8135)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245324&isnumber=7245317

 

Zongshuai Hu; Yong Wang; Chunhua Gu; Dejun Mengm; Xiaoli Yang; Shuai Chen, “Malicious Data Identification in Smart Grid Based on Residual Error Method,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–5, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245325

Abstract: Most of methods on malicious data identification are based on the residual in power system applications. Residual error method, which is an effective method to identify a single malicious data can be basically divided into weighted residual error method and normalized residual error method. In this paper the states and measurement estimated value can be calculated firstly by the traditional weighted least squares state estimation algorithm. Then the measurement residual and the objective function value can be also calculated. The algorithm of weighted residual error method is tested on IEEE5 bus system by MATLAB and the analysis on the results of calculation example shows that this method is an effective one which a single malicious data can be effectively dealt with, and it can be applied to malicious data identification. In this paper the largest weighted residues in the case of single malicious data are 8.361 and correspond to real power injection at bus2, which are far above the threshold to improve the efficiency of malicious data identification.

Keywords: least squares approximations; power system measurement; power system state estimation; smart power grids; IEEE5 bus system; MATLAB; malicious data identification; normalized residual error method; smart grid; weighted least squares state estimation algorithm; weighted residual error method; MATLAB; Measurement uncertainty; Pollution measurement; Power systems; State estimation; Transmission line measurements; Weight measurement; malicious data identification; measurement residual Introduction; residual error method; smart grid; the states; weighted least squares state estimation (ID#: 15-8136)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245325&isnumber=7245317

 

Vasseur, M.; Xiuzhen Chen; Khatoun, R.; Serhrouchni, A., “Survey on Packet Marking Fields and Information for IP Traceback,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–8, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245326

Abstract: Not all header fields in IP packets are used simultaneously during transmissions. Some fields may provide traceback services, especially for the defense against DDoS attacks. In this paper, we analyze which IP header fields may be used without impacting the other services provided by the IP protocol. We also analyze how unused fields can be filled for the purpose of traceback, and with what probability can a router mark packets. Finally we compare the different existing methods for packet marking based on the fields used and marking information.

Keywords: IP networks; computer network security; probability; DDoS attack; IP traceback; packet marking field; probability; Computer security; Industrial control; Quality of service; Routing protocols; DDoS attacks; IP header fields; Packet marking (ID#: 15-8137)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245326&isnumber=7245317

 

Yanan Wang; Xiuzhen Chen; Jianhua Li, “A New Genetic-Based Rumor Diffusion Model for Social Networks,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no.,

pp. 1–5, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245327

Abstract: The spreading process of rumor is different from that of general messages because two special factors: reason of individual and rumor refuting, affect the process of rumor dissemination besides conventional factor, i.e. information amount. In this paper, we propose a genetics-based rumor diffusion model (GRDM) which regards an individual with multiple rumors in a network as a ‘chromosome’ which is composed by a set of genes. The GRDM specifies a rule for interactions between chromosomes to model the rumor interactions between individuals. A series of experiments are done on the dynamic social network dataset collected from Sina-Weibo with 9299 users and 215386 pieces of following relationship information between them. The experimental results show that the genetic-algorithm-based rumor diffusion model is reasonable and feasible in demonstrating the diffusion of rumor in social networks and some key factors, i.e. starting node, individual reason and rumor refuting, would affect the propagation process.

Keywords:  genetic algorithms; social networking (online); social sciences computing; GRDM; Sina Weibo; genetic algorithm; genetic-based rumor diffusion model; rumor dissemination process; rumor spreading process; social networks; Biological cells; Computational modeling; Mathematical model; Media; Social network services; Sociology; Statistics; rumor diffusion; social network (ID#: 15-8138)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245327&isnumber=7245317

 

Khatoun, R.; Gut, P.; Doulami, R.; Khoukhi, L.; Serhrouchni, A., “A Reputation System for Detection of Black Hole Attack in Vehicular Networking,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–5, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245328

Abstract: In recent years, vehicular networks has drawn special attention as it has significant potential to play an important role in future smart city to improve the traffic efficiency and guarantee the road safety. Safety in vehicular networks is crucial because that it affects the life of humans. It is essential like that the vital information cannot be modified or deleted by an attacker and must be also determine the responsibility of drivers while maintaining their privacy. The Black hole attack is a well-known and critical threat of network availability in vehicular environment. In this paper we present a new reputation system for vehicular networks, where each vehicle reports the packet transmission with its neighbours and the Trust Authority (TA) classifies the reliability of players based on the reports. This reputation system can quickly detect the malicious players in the network, prevent the damage caused by the Black hole attack and improve the effectiveness of routing process.

Keywords: mobile radio; road safety; smart cities; telecommunication network routing; black hole attack detection; malicious player detection; packet transmission; reputation system; road safety; routing process; smart city; trust authority; vehicular networking; Ad hoc networks; Packet loss; Protocols; Routing; Vehicles; Black hole attack; Intrusion detection; Smart City; Vehicular Networking (ID#: 15-8139)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245328&isnumber=7245317

 

Yue Wu; Fanchao Meng; Guanghao Wang; Ping Yi, “A Dempster-Shafer Theory Based Traffic Information Trust Model in Vehicular Ad Hoc Networks,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–7, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245329

Abstract: Road congestion has troubled hundreds of thousands of drivers for a long time. In recent years, an application named dynamic routing, in which vehicles reroute themselves around congested areas with road information received, is proposed to deal with traffic jam. Due to lack of trust for traffic information data in vehicular ad hoc networks (VANETs), malicious vehicles can easily disseminate false road information and mislead other vehicles to choose the wrong route. This paper proposes a new data centric trust model for traffic information in VANETs, which is based on data trust rather than entity trust to verify road information, and utilizes Dempster-Shafer theory in general voting algorithm to increase robustness. Simulation results show that our model avoids malicious fake road information and effectively improves the vehicle’s travelling time performance without additional information exchange.

Keywords: inference mechanisms; intelligent transportation systems; road traffic; uncertainty handling; vehicular ad hoc networks; Dempster-Shafer theory; VANET; dynamic routing; information exchange; road congestion; road information; traffic information data; traffic information trust model; traffic jam; vehicle travelling time; voting algorithm; Data models; Error analysis; Roads; Routing; Uncertainty; Vehicle dynamics; Vehicles; Data Centric Trust; Dempster-Shafer Theory; Dynamic Routing (ID#: 15-8140)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245329&isnumber=7245317

 

Drias, Z.; Serhrouchni, A.; Vogel, O., “Analysis of Cyber Security for Industrial Control Systems,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–8, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245330

Abstract: Industrial control systems (ICS) are specialized information systems that differs significantly form traditional information systems used in the IT world. The main use of ICS is to manage critical infrastructures such as, Oil and Natural Gas facilities, nuclear plants, smart grids, water and waste water ... etc. ICS have many unique functional characteristics, including a need for real-time response and extremely high availability, predictability, reliability, as well as distributed intelligence. Which for, many advanced computing, communication and internet technologies were integrated to the ICS to cover more costumers requirements such as mobility, data analytics, extensibility ... etc. The integration of these technologies makes from the ICS open systems to the external world; this openness exposes the critical infrastructures to several Cyber security critical issues. Nowadays, cyber security emerges to be one of the most critical issues because of the immediate impact and the high cost of cyber-attacks. In this paper, we present a comprehensive analysis of cyber security issues for ICS. Specifically we focus on discussing and reviewing the different types and architectures of an ICS, security requirements, different threats attacks, and existing solutions to secure Industrial control systems. By this survey, we desire to provide a clear understanding of security issues in ICS and clarify the different research issues to solve in the future.

Keywords: control engineering computing; industrial control; information systems; open systems; production engineering computing; security of data; ICS open systems; IT world; critical infrastructures; cyber security analysis; cyber-attacks; distributed intelligence; natural gas facilities; nuclear plants; oil facilities; secure Industrial control systems; security requirements; smart grids; specialized information systems; threats attacks; wastewater; Computer security; Internet; Process control; Protocols; Servers; Cyber security; DCS; ICS; SCADA (ID#: 15-8141)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245330&isnumber=7245317

 

Guenane, F.A.; Serhrouchni, A., “Secure Access & Authentication for Collaborative Intercloud Exchange Service,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no.,

pp. 1–5, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245331

Abstract: Recent advances in information technology make remote collaboration and resource sharing easier for next generation of distributed systems. The Intercloud is an interconnection system of several cloud provider infrastructures that allows the dynamic coordination of the deployment of applications and the distribution of the load across multiple data centers. In this paper, we propose a new design to establish a new generation of secure collaborative cloud services where several companies are patially or fully pooling their resources to optimize their operating costs and increase the availability of their services in a secure way by performing secure access & authentication for collaborative interCloud exchange services.

Keywords: authorisation; cloud computing; computer centres; groupware; authentication; cloud provider infrastructures; collaborative intercloud exchange service; data centers; information technology; operating costs; remote collaboration; resource sharing; secure access; secure collaborative cloud services; Authentication; Cloud computing; Collaboration; Computational modeling; Computer architecture; Servers; Access Control; Collaborative Internet; Identity Management; Intercloud; Security As A Service (ID#: 15-8142)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245331&isnumber=7245317

 

Begriche, Youcef; Khatoun, Rida; Khoukhi, Lyes; Chen Xiuzhen, “Bayesian-Based Model for a Reputation System in Vehicular Networks,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–6, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245332

Abstract: Vehicular ad hoc networks (VANETs) are a cost-effective technology to enhance driving safety and traffic efficiency. In such promising networks, security is of prime concern because an attack by a malicious vehicle might have disastrous impact leading to loss of life. Reputation trust management has been proposed in the recent years as a novel way to tackle some of those not yet solved threats in VANETs. In this paper, we propose a robust distributed reputation model based on Bayesian filter. The model allows nodes to establish profiles (e.g., malicious, honest) on their neighbors and to detect malicious behaviors (e.g., black hole, gray hole). The simulation results proved that intentionally dropping packets in VANETs can be fully detected, with our proposed Bayesian filter, with high level of accuracy.

Keywords: Bayes methods; radiofrequency filters; road safety; road traffic; vehicular ad hoc networks; Bayesian filter; Bayesian-based model; VANET; driving safety enhancement; reputation system; reputation trust management; robust distributed reputation model; traffic efficiency enhancement; vehicular ad hoc network; Computer security; Monitoring; Safety; Sensitivity; Vehicles (ID#: 15-8143)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245332&isnumber=7245317

 

Huangmiao Chen; Xiuzhen Chen; Lei Fan; Changsong Chen, “Classified Security Protection Evaluation for Vehicle Information System,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–6, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245673

Abstract: This paper firstly analyzes security vulnerabilities, threats and special security requirements of current vehicle information system. And further referring to the classified security protection evaluation standards of traditional information system, we establish classified security protection evaluation system for vehicle information system. This system summarizes typical information assets in car system, divides vehicle information system into two classes/levels: family and business, and defines target and requirement of security protection for two kinds of vehicle information system, respectively. Finally, a series of feasible evaluation methods and tools are presented for evaluation practice. A big contribution of this paper is to explore classified security protection evaluation for vehicle information system and fills up the gap of evaluating security state of automotive information system all over the world.

Keywords: automobiles; security of data; traffic information systems; automotive information system; business; car system; classified security protection evaluation standards; classified security protection evaluation system; family; information assets; security requirements; security threats; security vulnerabilities; vehicle information system; Access control; Authentication; Bluetooth; Information systems; Monitoring; Vehicles; classified security protection; evaluation system; security vulnerability and threat (ID#: 15-8144)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245673&isnumber=7245317

 

Gantsou, D., “On the Use of Security Analytics for Attack Detection in Vehicular Ad Hoc Networks,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–6, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245674

Abstract: A vehicular ad hoc network (VANET) is a special kind of mobile ad hoc network built on top of the IEEE802.11p standard for a better adaptability to the wireless mobile environment. As it is used for both supporting vehicle-to-vehicle (V2V) as well as vehicle-to-infrastructure (V2I) communications, and connecting vehicles to external resources including cloud services, Internet, and user devices while improving the road traffic conditions, VANET is a Key component of intelligent transportation systems (ITS). As such, VANET can be exposed to cyber attacks related to the wireless environment, and those of traditional information technologies systems it is connected to. However, when looking at solutions that have been proposed to address VANET security issues, it emerges that guaranteeing security in VANET essentially amounts to resorting to cryptographic-centric mechanisms. Although the use of public key Infrastructure (PKI) fulfills most VANET’ security requirements related to physical properties of the wireless transmissions, simply relying on cryptography does not secure a network. This is the case for vulnerabilities at layers above the MAC layer. Because of their capability to bypass security policy control, they can still expose VANET, and thus, the ITS to cyber attacks. Thereby, one needs security solutions that go beyond cryptographic mechanisms in order cover multiple threat vectors faced by VANET. In this paper focusing on attack detection, we show how using an implementation combining observation of events and incidents from multiple sources at different layers Sybil nodes can be detected regardless of the VANET architecture.

Keywords: intelligent transportation systems; telecommunication security; vehicular ad hoc networks; IEEE802.11p standard; VANET; attack detection; cryptographic-centric mechanisms; cyber attacks; mobile ad hoc network; security analytics; wireless mobile environment; Communication system security; Cryptography; IP networks; Vehicles; Vehicular ad hoc networks; Intelligent Transportation Systems (ITS); Vehicular ad hoc network (VANET) security  (ID#: 15-8145)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245674&isnumber=7245317

 

Rmayti, M.; Begriche, Y.; Khatoun, R.; Khoukhi, L.; Gaiti, D., “Flooding Attacks Detection in MANETs,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on,  pp. 1–6, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245675

Abstract: Flooding attacks are well-known security threats that can lead to a denial of service (DoS) in computer networks. These attacks consist of an excessive traffic generation, by which an attacker aim to disrupt or interrupt some services in the network. The impact of flooding attacks is not just about some nodes, it can be also the whole network. Many routing protocols are vulnerable to these attacks, especially those using reactive mechanism of route discovery, like AODV. In this paper, we propose a statistical approach to defense against RREQ flooding attacks in MANETs. Our detection mechanism can be applied on AODV-based ad hoc networks. Simulation results prove that these attacks can be detected with a low rate of false alerts.

Keywords: computer network security; mobile ad hoc networks; routing protocols; statistical analysis; telecommunication traffic; AODV; DoS; MANET; RREQ flooding attacks; ad hoc on-demand distance vector; computer networks; denial of service; flooding attack detection; route discovery; routing protocols; security threats; traffic generation; Ad hoc networks; Computer crime; IP networks; Routing; Routing protocols (ID#: 15-8146)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245675&isnumber=7245317

 

Xiao Chen; Liang Pang; Yuhuan Tang; Hongpeng Yang; Zhi Xue, “Security in MIMO Wireless Hybrid Channel with Artificial Noise,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–4, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245676

Abstract: Security is an important issue in the field of wireless channel. In this paper, the security problem of Gaussian MIMO wireless hybrid channel is considered where a transmitter with multiple antennas sends information to an intended receiver with one antenna in the presence of an eavesdropper with multiple antennas. Through utilizing some of the power to produce ‘artificial noise’, the transmitter can only degrade the eavesdropper’s channel to ensure the security of the communication. But there is an inherent weakness in this scheme. Then a Hybrid Blind Space Elimination (HBSE) scheme is proposed and proved to fix the design flaw in order to strengthen the original scheme.

Keywords: Gaussian channels; MIMO communication; wireless channels; Gaussian MIMO wireless hybrid channel; HBSE scheme; artificial noise; hybrid blind space elimination scheme; security problem; Communication system security; Noise; Receiving antennas; Security; Transmitting antennas; Wireless communication; HBSE; MIMO-WHC; Security; secrecy capacity; wireless hybrid channel (ID#: 15-8147)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245676&isnumber=7245317

 

Tan Heng Chuan; Jun Zhang; Ma Maode; Chong, P.H.J.; Labiod, H., “Secure Public Key Regime (SPKR) in Vehicular Networks,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–7, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245678

Abstract: Public Key Regime (PKR) was proposed as an alternative to certificate based PKI in securing Vehicular Networks (VNs). It eliminates the need for vehicles to append their certificate for verification because the Road Side Units (RSUs) serve as Delegated Trusted Authorities (DTAs) to issue up-to-date public keys to vehicles for communications. If a vehicle’s private/public key needs to be revoked, the root TA performs real time updates and disseminates the changes to these RSUs in the network. Therefore, PKR does not need to maintain a huge Certificate Revocation List (CRL), avoids complex certificate verification process and minimizes the high latency. However, the PKR scheme is vulnerable to Denial of Service (DoS) and collusion attacks. In this paper, we study these attacks and propose a pre-authentication mechanism to secure the PKR scheme. Our new scheme is called the Secure Public Key Regime (SPKR). It is based on the Schnorr signature scheme that requires vehicles to expend some amount of CPU resources before RSUs issue the requested public keys to them. This helps to alleviate the risk of DoS attacks. Furthermore, our scheme is secure against collusion attacks. Through numerical analysis, we show that SPKR has a lower authentication delay compared with the Elliptic Curve Digital Signature (ECDSA) scheme and other ECDSA based counterparts.

Keywords: mobile radio; public key cryptography; certificate revocation list; collusion attack; complex certificate verification process; delegated trusted authorities; denial of service attack; lower authentication delay; preauthentication mechanism; road side units; secure public key regime; vehicular networks; Authentication; Computer crime; Digital signatures; Public key; Vehicles; Collusion Attacks; Denial of Service Attacks; Schnorr signature; certificate-less PKI (ID#: 15-8148)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245678&isnumber=7245317

 

Msahli, M.; Hammi, M.T.; Serhrouchni, A., “Safe Box Cloud Authentication Using TLS Extension,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–6, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245679

Abstract: Although the great success and the popularity of Cloud computing, an important number of challenges and threats are inherent to this new computing paradigm. One of the serious challenges in Cloud service architecture is managing authentication. Our goal in this paper is to present a flexible authentication solution based on TLS standard and asynchronous one time password mechanism. Our purpose is to be as close as possible to the TLS standard treatment and calculation of different security settings. The addition of a strong password (HOTP) preserves a maximum of operational reliability to TLS protocol. We also offer the same strength client authentication method as digital certificate. In this paper we will also demonstrate the efficiency of the proposed framework as an authentication alternative in case of private Safe Box Cloud Service.

Keywords: cloud computing; message authentication; protocols; software architecture; Safe Box Cloud service authentication; TLS protocol; cloud service architecture; transport layer security; Authentication; Cloud computing; Protocols; Servers; Standards; Synchronization; Cloud; GNUTLS; HOTP; TLS; security (ID#: 15-8149)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245679&isnumber=7245317

 

Memmi, G.; Kapusta, K.; Han Qiu, “Data Protection: Combining Fragmentation, Encryption, and Dispersion,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no.,

pp. 1–9, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245680

Abstract: In this paper, we first present a general description of what is a fragmentation system including a number of high level requirements. Then, we focus on fragmentation of two kinds of data. First, a bitmap image is split in two parts a public one and a private one. We describe two processes and address the question of performance. Then, we survey works on fragmentation of text: in a brute force manner then considering data stored in a structured database.

Keywords: cryptography; data protection; database management systems; image processing; text analysis; bitmap image; data fragmentation; dispersion; encryption; structured database; text fragmentation; Computer security; Discrete cosine transforms; Encryption; Frequency-domain analysis; Graphics processing units; Portable computers; Data protection; GPU; data dispersion; database; defragmentation; encryption; fragmentation; image encryption; information protection; privacy; selective encryption

(ID#: 15-8150)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245680&isnumber=7245317

 

Zheng Li-xiong; Xu Xiao-lin; Li Jia; Zhang Lu; Pan Xuan-chen; Ma Zhi-yuan; Zhang Li-hong, “Malicious URL Prediction Based on Community Detection,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–7, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245681

Abstract: Traditional Anti-virus technology is primarily based on static analysis and dynamic monitoring. However, both technologies are heavily depended on application files, which increase the risk of being attacked, wasting of time and network bandwidth. In this study, we propose a new graph-based method, through which we can preliminary detect malicious URL without application file. First, the relationship between URLs can be found through the relationship between people and URLs. Then the association rules can be mined with confidence of each frequent URLs. Secondly, the networks of URLs was built through the association rules. When the networks of URLs were finished, we clustered the date with modularity to detect communities and every community represents different types of URLs. We suppose that a URL has association with one community, then the URL is malicious probably. In our experiments, we successfully captured 82% of malicious samples, getting a higher capture than using traditional methods.

Keywords: computer viruses; data mining; graph theory; program diagnostics; association rule; community detection; dynamic monitoring; graph-based method; malicious URL prediction; network bandwidth; static analysis; traditional anti-virus technology; Association rules; Malware; Mobile communication; Monitoring; Uniform resource locators; Anti-Virus; Association Rules; Community Detection; Malicious URL (ID#: 15-8151)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245681&isnumber=7245317

 

Brauchli, A.; Depeng Li, “A Solution Based Analysis of Attack Vectors on Smart Home Systems,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–6, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245682

Abstract: The development and wider adoption of smart home technology also created an increased requirement for safe and secure smart home environments with guaranteed privacy constraints. After a short survey of privacy and security in the more broad smart-world context this paper lists, analyzes and ranks possible attack vectors or entry points into a smart home system and proposes solutions to remedy or diminish the risk of compromised security or privacy. Further, we evaluate the usability impacts resulting from the proposed solutions. The smart home system used for the analysis in this paper is a digital STROM installation, a home-automation solution that is quickly gaining popularity in central Europe, the findings, however, aim to be as solution independent as possible.

Keywords: data privacy; home automation; security of data; attack vector solution based analysis; central Europe; digital STROM installation; home-automation solution; privacy constraints; secure smart home systems; Decision support systems; Home appliances; Privacy; Security; Servers; Smart homes; Smart phones (ID#: 15-8152)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245682&isnumber=7245317

 

Singh, P.; Garg, S.; Kumar, V.; Saquib, Z., “A Testbed for SCADA Cyber Security and Intrusion Detection,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no., pp. 1–6, 5–7 Aug. 2015. doi:10.1109/SSIC.2015.7245683

Abstract: Power grid is an important element of the cyber physical systems. Attacks on such infrastructure may have catastrophic impact and hence the mitigation solutions for the attacks are necessary. It is impractical to test attacks and mitigation strategies on real networks. A testbed as a platform bridges the cyber-physical divide by bringing in the physical system inside the cyber domain, and test the attack scenarios. We are proposing such a testbed here that can simulate power systems Supervisory Control and Data Acquisition (SCADA). The testbed consists of traffic generator, simulated devices like Remote Terminal Units (RTUs), Master Terminal Unit (MTU), Human Machine Interface (HMI) etc. and the communication channel wrapped around industrial communication protocols such as IEC-60870-5-101 and DNP3. The proposed testbed includes with a comparator module which helps in detecting potential intrusions at RTU. A compromised RTU can be manipulated to send fabricated commands in the grid or to send polled responses from the grid. Detecting compromised systems at early stages helps in reducing damage to Industrial Control System (ICS) and providing higher security measures.

Keywords: SCADA systems; human computer interaction; power grids; security of data; HMI; ICS; MTU; RTU; SCADA; SCADA cyber security; cyber physical systems; cyber-physical divide; human machine interface; industrial control system; intrusion detection; master terminal unit; power grid; remote terminal units; supervisory control and data acquisition; Computer security; Generators; Process control; Protocols; SCADA systems; Industrial Control Systems; Intrusion Detection; Power System Simulation; SCADA Security; Test-bed (ID#: 15-8153)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245683&isnumber=7245317


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.