The Internet of Wearable Things(IoWT)or Wearable Internet of Things(WIoT)is a new paradigm that combines IoT and wearable technology.Advances in IoT technology have enabled the miniaturization of sensors embedded in w...The Internet of Wearable Things(IoWT)or Wearable Internet of Things(WIoT)is a new paradigm that combines IoT and wearable technology.Advances in IoT technology have enabled the miniaturization of sensors embedded in wearable devices and the ability to communicate data and access real-time information over low-power mobile networks.IoWT devices are highly interdependent with mobile devices.However,due to their limited processing power and bandwidth,IoWT devices are vulnerable to cyberattacks due to their low level of security.Threat modeling and frameworks for analyzing cyber threats against existing IoT or low-power protocols have been actively researched.The threat analysis framework used in existing studies was limited to specific protocols and did not target IoWT devices.In addition,In the literature surveyed to date,no cyber threat analysis framework is targeting IoWT.Therefore,the threat model presented in the existing research on cyber threat analysis and modeling for IoWT is specialized for specific devices.In addition,because it does not present standardized attack tactics and techniques,there is a limitation in that it is difficult to identify attacks quickly.In this paper,we propose an Internet of Wearable Things threat analysis frameWork(IWTW)framework that can derive security threats through systematic analysis of IoWT attack cases and possible security threats and perform cyber threat analysis based on them.The methodology for developing the IWTW framework consists of three steps:Analysis,Standardization,and Compilation.IoWT attack cases and potential security threats are analyzed in the analysis stage.In the standardization stage,attack tactics and techniques derived from the analysis of attack cases and potential security threats are standardized,resulting in 3 attack categories,18 attack tactics,and 68 attack techniques.In the compilation stage,standardized security threats are combined to develop the IWTW framework ultimately.We present four case studies targeting MiBand 2,Fitbit Charge HR/Surge,Samsung Gear 3,Xiaomi Amazifit,Honor Band 5,Honor Watch ES,and Senbono CF-58 devices to validate the proposed IWTW framework.We analyzed the attack process through a case study and applied the IWTW framework to derive standardized attack categories,tactics,and techniques effectively.By applying the IWTW framework to cyber threat analysis targeting IoWT,security threats can be standardized,and the attack process can be quickly derived,enabling effective attack analysis on IoWT.展开更多
In the early days of IoT’s introduction, it was challenging to introduce encryption communication due to the lackof performance of each component, such as computing resources like CPUs and batteries, to encrypt and d...In the early days of IoT’s introduction, it was challenging to introduce encryption communication due to the lackof performance of each component, such as computing resources like CPUs and batteries, to encrypt and decryptdata. Because IoT is applied and utilized in many important fields, a cyberattack on IoT can result in astronomicalfinancial and human casualties. For this reason, the application of encrypted communication to IoT has beenrequired, and the application of encrypted communication to IoT has become possible due to improvements inthe computing performance of IoT devices and the development of lightweight cryptography. The applicationof encrypted communication in IoT has made it possible to use encrypted communication channels to launchcyberattacks. The approach of extracting evidence of an attack based on the primary information of a networkpacket is no longer valid because critical information, such as the payload in a network packet, is encrypted byencrypted communication. For this reason, technology that can detect cyberattacks over encrypted network trafficoccurring in IoT environments is required. Therefore, this research proposes an encrypted cyberattack detectionsystem for the IoT (ECDS-IoT) that derives valid features for cyberattack detection from the cryptographic networktraffic generated in the IoT environment and performs cyberattack detection based on the derived features. ECDSIoT identifies identifiable information from encrypted traffic collected in IoT environments and extracts statisticsbased features through statistical analysis of identifiable information. ECDS-IoT understands information aboutnormal data by learning only statistical features extracted from normal data. ECDS-IoT detects cyberattacks basedonly on the normal data information it has trained. To evaluate the cyberattack detection performance of theproposed ECDS-IoT in this research, ECDS-IoT used CICIoT2023, a dataset containing encrypted traffic generatedby normal and seven categories of cyberattacks in the IoT environment and experimented with cyberattackdetection on encrypted traffic using Autoencoder, RNN, GRU, LSTM, BiLSTM, and AE-LSTM algorithms. Asa result of evaluating the performance of cyberattack detection for encrypted traffic, ECDS-IoT achieved highperformance such as accuracy 0.99739, precision 0.99154, recall 1.0, F1 score 0.99575, and ROC_AUC 0.99822when using the AE-LSTM algorithm. As shown by the cyberattack detection results of ECDS-IoT, it is possibleto detect most cyberattacks through encrypted traffic. By applying ECDS-IoT to IoT, it can effectively detectcyberattacks concealed in encrypted traffic, promoting the efficient operation of IoT and preventing financial andhuman damage caused by cyberattacks.展开更多
As energy-related problems continue to emerge,the need for stable energy supplies and issues regarding both environmental and safety require urgent consideration.Renewable energy is becoming increasingly important,wit...As energy-related problems continue to emerge,the need for stable energy supplies and issues regarding both environmental and safety require urgent consideration.Renewable energy is becoming increasingly important,with solar power accounting for the most significant proportion of renewables.As the scale and importance of solar energy have increased,cyber threats against solar power plants have also increased.So,we need an anomaly detection system that effectively detects cyber threats to solar power plants.However,as mentioned earlier,the existing solar power plant anomaly detection system monitors only operating information such as power generation,making it difficult to detect cyberattacks.To address this issue,in this paper,we propose a network packet-based anomaly detection system for the Programmable Logic Controller(PLC)of the inverter,an essential system of photovoltaic plants,to detect cyber threats.Cyberattacks and vulnerabilities in solar power plants were analyzed to identify cyber threats in solar power plants.The analysis shows that Denial of Service(DoS)and Manin-the-Middle(MitM)attacks are primarily carried out on inverters,aiming to disrupt solar plant operations.To develop an anomaly detection system,we performed preprocessing,such as correlation analysis and normalization for PLC network packets data and trained various machine learning-based classification models on such data.The Random Forest model showed the best performance with an accuracy of 97.36%.The proposed system can detect anomalies based on network packets,identify potential cyber threats that cannot be identified by the anomaly detection system currently in use in solar power plants,and enhance the security of solar plants.展开更多
Cyberattacks targeting industrial control systems(ICS)are becoming more sophisticated and advanced than in the past.A programmable logic controller(PLC),a core component of ICS,controls and monitors sensors and actuat...Cyberattacks targeting industrial control systems(ICS)are becoming more sophisticated and advanced than in the past.A programmable logic controller(PLC),a core component of ICS,controls and monitors sensors and actuators in the field.However,PLC has memory attack threats such as program injection and manipulation,which has long been a major target for attackers,and it is important to detect these attacks for ICS security.To detect PLC memory attacks,a security system is required to acquire and monitor PLC memory directly.In addition,the performance impact of the security system on the PLC makes it difficult to apply to the ICS.To address these challenges,this paper proposes a system to detect PLC memory attacks by continuously acquiring and monitoring PLC memory.The proposed system detects PLC memory attacks by acquiring the program blocks and block information directly from the same layer as the PLC and then comparing them in bytes with previous data.Experiments with Siemens S7-300 and S7-400 PLC were conducted to evaluate the PLC memory detection performance and performance impact on PLC.The experimental results demonstrate that the proposed system detects all malicious organization block(OB)injection and data block(DB)manipulation,and the increment of PLC cycle time,the impact on PLC performance,was less than 1 ms.The proposed system detects PLC memory attacks with a simpler detection method than earlier studies.Furthermore,the proposed system can be applied to ICS with a small performance impact on PLC.展开更多
The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing num...The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing numerous devices.As many devices are installed,managing security for the entire IoT device ecosystem becomes challenging,and attack vectors accessible to attackers increase.However,these devices often have low power and specifications,lacking the same security features as general Information Technology(IT)systems,making them susceptible to cyberattacks.This vulnerability is particularly concerning in smart cities,where IoT devices are connected to essential support systems such as healthcare and transportation.Disruptions can lead to significant human and property damage.One rep-resentative attack that exploits IoT device vulnerabilities is the Distributed Denial of Service(DDoS)attack by forming an IoT botnet.In a smart city environment,the formation of IoT botnets can lead to extensive denial-of-service attacks,compromising the availability of services rendered by the city.Moreover,the same IoT devices are typically employed across various infrastructures within a smart city,making them potentially vulnerable to similar attacks.This paper addresses this problem by designing a defense process to effectively respond to IoT botnet attacks in smart city environ-ments.The proposed defense process leverages the defense techniques of the MITRE D3FEND framework to mitigate the propagation of IoT botnets and support rapid and integrated decision-making by security personnel,enabling an immediate response.展开更多
Industrial Control System(ICS),which is based on Industrial IoT(IIoT),has an intelligent mobile environment that supports various mobility,but there is a limit to relying only on the physical security of the ICS envir...Industrial Control System(ICS),which is based on Industrial IoT(IIoT),has an intelligent mobile environment that supports various mobility,but there is a limit to relying only on the physical security of the ICS environment.Due to various threat factors that can disrupt the workflow of the IIoT,machine learning-based anomaly detection technologies are being presented;it is also essential to study for increasing detection performance to minimize model errors for promoting stable ICS operation.In this paper,we established the requirements for improving the anomaly detection performance in the IIoT-based ICS environment by analyzing the related cases.After that,we presented an improving method of the performance of a machine learning model specialized for IIoT-based ICS,which increases the detection rate by applying correlation coefficients and clustering;it provides a mechanism to predict thresholds on a per-sequence.Likewise,we adopted the HAI dataset environment that actively reflected the characteristics of IIoT-based ICS and demonstrated that performance could be improved through comparative experiments with the traditional method and our proposed method.The presented method can further improve the performance of commonly applied error-based detection techniques and includes a primary method that can be enhanced over existing detection techniques by analyzing correlation coefficients between features to consider feedback between ICS components.Those can contribute to improving the performance of several detection models applied in ICS and other areas.展开更多
One of the latest technologies enabling remote control,operational efficiency upgrades,and real-time big-data monitoring in an industrial control system(ICS)is the IIoT-Cloud ICS,which integrates the Industrial Intern...One of the latest technologies enabling remote control,operational efficiency upgrades,and real-time big-data monitoring in an industrial control system(ICS)is the IIoT-Cloud ICS,which integrates the Industrial Internet of Things(IIoT)and the cloud into the ICS.Although an ICS benefits from the application of IIoT and the cloud in terms of cost reduction,efficiency improvement,and real-time monitoring,the application of this technology to an ICS poses an unprecedented security risk by exposing its terminal devices to the outside world.An adversary can collect information regarding senders,recipients,and prime-time slots through traffic analysis and use it as a linchpin for the next attack,posing a potential threat to the ICS.To address this problem,we designed a network traffic obfuscation system(NTOS)for the IIoT-Cloud ICS,based on the requirements derived from the ICS characteristics and limitations of existing NTOS models.As a strategy to solve this problem wherein a decrease in the traffic volume facilitates traffic analysis or reduces the packet transmission speed,we proposed an NTOS based on packet scrambling,wherein a packet is split into multiple pieces before transmission,thus obfuscating network analysis.To minimize the ICS modification and downtime,the proposed NTOS was designed using an agentbased model.In addition,for the ICS network traffic analyzer to operate normally in an environment wherein the NTOS is applied,a rule-based NTOS was adopted such that the actual traffic flow is known only to the device that is aware of the rule and is blocked for attackers.The experimental results verified that the same time requested for response and level of difficulty of analysis were maintained by the application of an NTOS based on packet scrambling,even when the number of requests received by the server per second was reduced.The network traffic analyzer of the ICS can capture the packet flow by using the pre-communicated NTOS rule.In addition,by designing an NTOS using an agent-based model,the impact on the ICS was minimized such that the system could be applied with short downtime.展开更多
This paper introduces a new fog-assisted cloud storage which can achieve much higher throughput compared to the traditional cloud-only storage architecture by reducing the traffics toward the cloud storage. The fog-st...This paper introduces a new fog-assisted cloud storage which can achieve much higher throughput compared to the traditional cloud-only storage architecture by reducing the traffics toward the cloud storage. The fog-storage service providers are transparency to end-users and therefore, no modification on the end-user devices is necessary. This new system is featured with(1) a stronger audit scheme which is naturally coupled with the proposed architecture and does not suffer from the replay attack and(2) a transparent and efficient compensation mechanism for the fog-storage service providers. We provide rigorous theoretical analysis on the correctness and soundness of the proposed system. To the best of our knowledge, this is the first paper to discuss about a storage data audit scheme for fog-assisted cloud storage as well as the compensation mechanism for the service providers of the fog-storage service providers.展开更多
基金supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.RS-2021-II210493,5G Massive Next Generation Cyber Attack Deception Technology Development,90%)the Gachon University research fund of 2022(GCU-202300750001,10%).
文摘The Internet of Wearable Things(IoWT)or Wearable Internet of Things(WIoT)is a new paradigm that combines IoT and wearable technology.Advances in IoT technology have enabled the miniaturization of sensors embedded in wearable devices and the ability to communicate data and access real-time information over low-power mobile networks.IoWT devices are highly interdependent with mobile devices.However,due to their limited processing power and bandwidth,IoWT devices are vulnerable to cyberattacks due to their low level of security.Threat modeling and frameworks for analyzing cyber threats against existing IoT or low-power protocols have been actively researched.The threat analysis framework used in existing studies was limited to specific protocols and did not target IoWT devices.In addition,In the literature surveyed to date,no cyber threat analysis framework is targeting IoWT.Therefore,the threat model presented in the existing research on cyber threat analysis and modeling for IoWT is specialized for specific devices.In addition,because it does not present standardized attack tactics and techniques,there is a limitation in that it is difficult to identify attacks quickly.In this paper,we propose an Internet of Wearable Things threat analysis frameWork(IWTW)framework that can derive security threats through systematic analysis of IoWT attack cases and possible security threats and perform cyber threat analysis based on them.The methodology for developing the IWTW framework consists of three steps:Analysis,Standardization,and Compilation.IoWT attack cases and potential security threats are analyzed in the analysis stage.In the standardization stage,attack tactics and techniques derived from the analysis of attack cases and potential security threats are standardized,resulting in 3 attack categories,18 attack tactics,and 68 attack techniques.In the compilation stage,standardized security threats are combined to develop the IWTW framework ultimately.We present four case studies targeting MiBand 2,Fitbit Charge HR/Surge,Samsung Gear 3,Xiaomi Amazifit,Honor Band 5,Honor Watch ES,and Senbono CF-58 devices to validate the proposed IWTW framework.We analyzed the attack process through a case study and applied the IWTW framework to derive standardized attack categories,tactics,and techniques effectively.By applying the IWTW framework to cyber threat analysis targeting IoWT,security threats can be standardized,and the attack process can be quickly derived,enabling effective attack analysis on IoWT.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-00493,5G Massive Next Generation Cyber Attack Deception Technology Development).
文摘In the early days of IoT’s introduction, it was challenging to introduce encryption communication due to the lackof performance of each component, such as computing resources like CPUs and batteries, to encrypt and decryptdata. Because IoT is applied and utilized in many important fields, a cyberattack on IoT can result in astronomicalfinancial and human casualties. For this reason, the application of encrypted communication to IoT has beenrequired, and the application of encrypted communication to IoT has become possible due to improvements inthe computing performance of IoT devices and the development of lightweight cryptography. The applicationof encrypted communication in IoT has made it possible to use encrypted communication channels to launchcyberattacks. The approach of extracting evidence of an attack based on the primary information of a networkpacket is no longer valid because critical information, such as the payload in a network packet, is encrypted byencrypted communication. For this reason, technology that can detect cyberattacks over encrypted network trafficoccurring in IoT environments is required. Therefore, this research proposes an encrypted cyberattack detectionsystem for the IoT (ECDS-IoT) that derives valid features for cyberattack detection from the cryptographic networktraffic generated in the IoT environment and performs cyberattack detection based on the derived features. ECDSIoT identifies identifiable information from encrypted traffic collected in IoT environments and extracts statisticsbased features through statistical analysis of identifiable information. ECDS-IoT understands information aboutnormal data by learning only statistical features extracted from normal data. ECDS-IoT detects cyberattacks basedonly on the normal data information it has trained. To evaluate the cyberattack detection performance of theproposed ECDS-IoT in this research, ECDS-IoT used CICIoT2023, a dataset containing encrypted traffic generatedby normal and seven categories of cyberattacks in the IoT environment and experimented with cyberattackdetection on encrypted traffic using Autoencoder, RNN, GRU, LSTM, BiLSTM, and AE-LSTM algorithms. Asa result of evaluating the performance of cyberattack detection for encrypted traffic, ECDS-IoT achieved highperformance such as accuracy 0.99739, precision 0.99154, recall 1.0, F1 score 0.99575, and ROC_AUC 0.99822when using the AE-LSTM algorithm. As shown by the cyberattack detection results of ECDS-IoT, it is possibleto detect most cyberattacks through encrypted traffic. By applying ECDS-IoT to IoT, it can effectively detectcyberattacks concealed in encrypted traffic, promoting the efficient operation of IoT and preventing financial andhuman damage caused by cyberattacks.
基金supported by the Korea Institute of Energy Technology Evaluation and Planning(KETEP)grant funded by the Korea government(MOTIE)(20224B10100140,50%)the Nuclear Safety Research Program through the Korea Foundation of Nuclear Safety(KoFONS)using the financial resource granted by the Nuclear Safety and Security Commission(NSSC)of the Republic of Korea(No.2106058,40%)the Gachon University Research Fund of 2023(GCU-202110280001,10%)。
文摘As energy-related problems continue to emerge,the need for stable energy supplies and issues regarding both environmental and safety require urgent consideration.Renewable energy is becoming increasingly important,with solar power accounting for the most significant proportion of renewables.As the scale and importance of solar energy have increased,cyber threats against solar power plants have also increased.So,we need an anomaly detection system that effectively detects cyber threats to solar power plants.However,as mentioned earlier,the existing solar power plant anomaly detection system monitors only operating information such as power generation,making it difficult to detect cyberattacks.To address this issue,in this paper,we propose a network packet-based anomaly detection system for the Programmable Logic Controller(PLC)of the inverter,an essential system of photovoltaic plants,to detect cyber threats.Cyberattacks and vulnerabilities in solar power plants were analyzed to identify cyber threats in solar power plants.The analysis shows that Denial of Service(DoS)and Manin-the-Middle(MitM)attacks are primarily carried out on inverters,aiming to disrupt solar plant operations.To develop an anomaly detection system,we performed preprocessing,such as correlation analysis and normalization for PLC network packets data and trained various machine learning-based classification models on such data.The Random Forest model showed the best performance with an accuracy of 97.36%.The proposed system can detect anomalies based on network packets,identify potential cyber threats that cannot be identified by the anomaly detection system currently in use in solar power plants,and enhance the security of solar plants.
基金supported by the Korea WESTERN POWER(KOWEPO)(2022-Commissioned Research-11,Development of Cyberattack Detection Technology for New and Renewable Energy Control System Using AI(Artificial Intelligence),50%)the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-01806,Development of Security by Design and Security Management Technology in Smart Factory,40%)the Gachon University Research Fund of 2023(GCU-202110280001,10%).
文摘Cyberattacks targeting industrial control systems(ICS)are becoming more sophisticated and advanced than in the past.A programmable logic controller(PLC),a core component of ICS,controls and monitors sensors and actuators in the field.However,PLC has memory attack threats such as program injection and manipulation,which has long been a major target for attackers,and it is important to detect these attacks for ICS security.To detect PLC memory attacks,a security system is required to acquire and monitor PLC memory directly.In addition,the performance impact of the security system on the PLC makes it difficult to apply to the ICS.To address these challenges,this paper proposes a system to detect PLC memory attacks by continuously acquiring and monitoring PLC memory.The proposed system detects PLC memory attacks by acquiring the program blocks and block information directly from the same layer as the PLC and then comparing them in bytes with previous data.Experiments with Siemens S7-300 and S7-400 PLC were conducted to evaluate the PLC memory detection performance and performance impact on PLC.The experimental results demonstrate that the proposed system detects all malicious organization block(OB)injection and data block(DB)manipulation,and the increment of PLC cycle time,the impact on PLC performance,was less than 1 ms.The proposed system detects PLC memory attacks with a simpler detection method than earlier studies.Furthermore,the proposed system can be applied to ICS with a small performance impact on PLC.
基金supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-00493,5G Massive Next Generation Cyber Attack Deception Technology Development,60%)supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-01806,Development of Security by Design and Security Management Technology in Smart Factory,30%)this work was supported by the Gachon University Research Fund of 2023(GCU-202106330001%,10%).
文摘The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing numerous devices.As many devices are installed,managing security for the entire IoT device ecosystem becomes challenging,and attack vectors accessible to attackers increase.However,these devices often have low power and specifications,lacking the same security features as general Information Technology(IT)systems,making them susceptible to cyberattacks.This vulnerability is particularly concerning in smart cities,where IoT devices are connected to essential support systems such as healthcare and transportation.Disruptions can lead to significant human and property damage.One rep-resentative attack that exploits IoT device vulnerabilities is the Distributed Denial of Service(DDoS)attack by forming an IoT botnet.In a smart city environment,the formation of IoT botnets can lead to extensive denial-of-service attacks,compromising the availability of services rendered by the city.Moreover,the same IoT devices are typically employed across various infrastructures within a smart city,making them potentially vulnerable to similar attacks.This paper addresses this problem by designing a defense process to effectively respond to IoT botnet attacks in smart city environ-ments.The proposed defense process leverages the defense techniques of the MITRE D3FEND framework to mitigate the propagation of IoT botnets and support rapid and integrated decision-making by security personnel,enabling an immediate response.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.NRF-2020R1A2C1012187,50%)the Nuclear Safety Research Program through the Korea Foundation of Nuclear Safety(KoFONS)using the financial resource granted by the Nuclear Safety and Security Commission(NSSC)of the Republic of Korea(No.2101058,25%)+1 种基金the Institute of Information&communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-00493)5G Massive Next Generation Cyber Attack Deception Technology Development,25%).
文摘Industrial Control System(ICS),which is based on Industrial IoT(IIoT),has an intelligent mobile environment that supports various mobility,but there is a limit to relying only on the physical security of the ICS environment.Due to various threat factors that can disrupt the workflow of the IIoT,machine learning-based anomaly detection technologies are being presented;it is also essential to study for increasing detection performance to minimize model errors for promoting stable ICS operation.In this paper,we established the requirements for improving the anomaly detection performance in the IIoT-based ICS environment by analyzing the related cases.After that,we presented an improving method of the performance of a machine learning model specialized for IIoT-based ICS,which increases the detection rate by applying correlation coefficients and clustering;it provides a mechanism to predict thresholds on a per-sequence.Likewise,we adopted the HAI dataset environment that actively reflected the characteristics of IIoT-based ICS and demonstrated that performance could be improved through comparative experiments with the traditional method and our proposed method.The presented method can further improve the performance of commonly applied error-based detection techniques and includes a primary method that can be enhanced over existing detection techniques by analyzing correlation coefficients between features to consider feedback between ICS components.Those can contribute to improving the performance of several detection models applied in ICS and other areas.
基金This work was supported by the Defense Acquisition Program Administration and Agency for Defense Development under the contract UD210029TD.
文摘One of the latest technologies enabling remote control,operational efficiency upgrades,and real-time big-data monitoring in an industrial control system(ICS)is the IIoT-Cloud ICS,which integrates the Industrial Internet of Things(IIoT)and the cloud into the ICS.Although an ICS benefits from the application of IIoT and the cloud in terms of cost reduction,efficiency improvement,and real-time monitoring,the application of this technology to an ICS poses an unprecedented security risk by exposing its terminal devices to the outside world.An adversary can collect information regarding senders,recipients,and prime-time slots through traffic analysis and use it as a linchpin for the next attack,posing a potential threat to the ICS.To address this problem,we designed a network traffic obfuscation system(NTOS)for the IIoT-Cloud ICS,based on the requirements derived from the ICS characteristics and limitations of existing NTOS models.As a strategy to solve this problem wherein a decrease in the traffic volume facilitates traffic analysis or reduces the packet transmission speed,we proposed an NTOS based on packet scrambling,wherein a packet is split into multiple pieces before transmission,thus obfuscating network analysis.To minimize the ICS modification and downtime,the proposed NTOS was designed using an agentbased model.In addition,for the ICS network traffic analyzer to operate normally in an environment wherein the NTOS is applied,a rule-based NTOS was adopted such that the actual traffic flow is known only to the device that is aware of the rule and is blocked for attackers.The experimental results verified that the same time requested for response and level of difficulty of analysis were maintained by the application of an NTOS based on packet scrambling,even when the number of requests received by the server per second was reduced.The network traffic analyzer of the ICS can capture the packet flow by using the pre-communicated NTOS rule.In addition,by designing an NTOS using an agent-based model,the impact on the ICS was minimized such that the system could be applied with short downtime.
基金supported by Institute for Information & Communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 20166-00599, a study on functional signature and its applications)supported in part by the Soonchunhyang University Research Fund
文摘This paper introduces a new fog-assisted cloud storage which can achieve much higher throughput compared to the traditional cloud-only storage architecture by reducing the traffics toward the cloud storage. The fog-storage service providers are transparency to end-users and therefore, no modification on the end-user devices is necessary. This new system is featured with(1) a stronger audit scheme which is naturally coupled with the proposed architecture and does not suffer from the replay attack and(2) a transparent and efficient compensation mechanism for the fog-storage service providers. We provide rigorous theoretical analysis on the correctness and soundness of the proposed system. To the best of our knowledge, this is the first paper to discuss about a storage data audit scheme for fog-assisted cloud storage as well as the compensation mechanism for the service providers of the fog-storage service providers.
