The automatic collection of power grid situation information, along with real-time multimedia interaction between the front and back ends during the accident handling process, has generated a massive amount of power g...The automatic collection of power grid situation information, along with real-time multimedia interaction between the front and back ends during the accident handling process, has generated a massive amount of power grid data. While wireless communication offers a convenient channel for grid terminal access and data transmission, it is important to note that the bandwidth of wireless communication is limited. Additionally, the broadcast nature of wireless transmission raises concerns about the potential for unauthorized eavesdropping during data transmission. To address these challenges and achieve reliable, secure, and real-time transmission of power grid data, an intelligent security transmission strategy with sensor-transmission-computing linkage is proposed in this paper. The primary objective of this strategy is to maximize the confidentiality capacity of the system. To tackle this, an optimization problem is formulated, taking into consideration interruption probability and interception probability as constraints. To efficiently solve this optimization problem, a low-complexity algorithm rooted in deep reinforcement learning is designed, which aims to derive a suboptimal solution for the problem at hand. Ultimately, through simulation results, the validity of the proposed strategy in guaranteed communication security, stability, and timeliness is substantiated. The results confirm that the proposed intelligent security transmission strategy significantly contributes to the safeguarding of communication integrity, system stability, and timely data delivery.展开更多
In an era characterized by digital pervasiveness and rapidly expanding datasets,ensuring the integrity and reliability of information is paramount.As cyber threats evolve in complexity,traditional cryptographic method...In an era characterized by digital pervasiveness and rapidly expanding datasets,ensuring the integrity and reliability of information is paramount.As cyber threats evolve in complexity,traditional cryptographic methods face increasingly sophisticated challenges.This article initiates an exploration into these challenges,focusing on key exchanges(encompassing their variety and subtleties),scalability,and the time metrics associated with various cryptographic processes.We propose a novel cryptographic approach underpinned by theoretical frameworks and practical engineering.Central to this approach is a thorough analysis of the interplay between Confidentiality and Integrity,foundational pillars of information security.Our method employs a phased strategy,beginning with a detailed examination of traditional cryptographic processes,including Elliptic Curve Diffie-Hellman(ECDH)key exchanges.We also delve into encrypt/decrypt paradigms,signature generation modes,and the hashes used for Message Authentication Codes(MACs).Each process is rigorously evaluated for performance and reliability.To gain a comprehensive understanding,a meticulously designed simulation was conducted,revealing the strengths and potential improvement areas of various techniques.Notably,our cryptographic protocol achieved a confidentiality metric of 9.13 in comprehensive simulation runs,marking a significant advancement over existing methods.Furthermore,with integrity metrics at 9.35,the protocol’s resilience is further affirmed.These metrics,derived from stringent testing,underscore the protocol’s efficacy in enhancing data security.展开更多
Explainable Artificial Intelligence(XAI)has an advanced feature to enhance the decision-making feature and improve the rule-based technique by using more advanced Machine Learning(ML)and Deep Learning(DL)based algorit...Explainable Artificial Intelligence(XAI)has an advanced feature to enhance the decision-making feature and improve the rule-based technique by using more advanced Machine Learning(ML)and Deep Learning(DL)based algorithms.In this paper,we chose e-healthcare systems for efficient decision-making and data classification,especially in data security,data handling,diagnostics,laboratories,and decision-making.Federated Machine Learning(FML)is a new and advanced technology that helps to maintain privacy for Personal Health Records(PHR)and handle a large amount of medical data effectively.In this context,XAI,along with FML,increases efficiency and improves the security of e-healthcare systems.The experiments show efficient system performance by implementing a federated averaging algorithm on an open-source Federated Learning(FL)platform.The experimental evaluation demonstrates the accuracy rate by taking epochs size 5,batch size 16,and the number of clients 5,which shows a higher accuracy rate(19,104).We conclude the paper by discussing the existing gaps and future work in an e-healthcare system.展开更多
With the continuous expansion of the Industrial Internet of Things(IIoT),more andmore organisations are placing large amounts of data in the cloud to reduce overheads.However,the channel between cloud servers and smar...With the continuous expansion of the Industrial Internet of Things(IIoT),more andmore organisations are placing large amounts of data in the cloud to reduce overheads.However,the channel between cloud servers and smart equipment is not trustworthy,so the issue of data authenticity needs to be addressed.The SM2 digital signature algorithm can provide an authentication mechanism for data to solve such problems.Unfortunately,it still suffers from the problem of key exposure.In order to address this concern,this study first introduces a key-insulated scheme,SM2-KI-SIGN,based on the SM2 algorithm.This scheme boasts strong key insulation and secure keyupdates.Our scheme uses the elliptic curve algorithm,which is not only more efficient but also more suitable for IIoT-cloud environments.Finally,the security proof of SM2-KI-SIGN is given under the Elliptic Curve Discrete Logarithm(ECDL)assumption in the random oracle.展开更多
We consider a scenario where an unmanned aerial vehicle(UAV),a typical unmanned aerial system(UAS),transmits confidential data to a moving ground target in the presence of multiple eavesdroppers.Multiple friendly reco...We consider a scenario where an unmanned aerial vehicle(UAV),a typical unmanned aerial system(UAS),transmits confidential data to a moving ground target in the presence of multiple eavesdroppers.Multiple friendly reconfigurable intelligent surfaces(RISs) help to secure the UAV-target communication and improve the energy efficiency of the UAV.We formulate an optimization problem to minimize the energy consumption of the UAV,subject to the mobility constraint of the UAV and that the achievable secrecy rate at the target is over a given threshold.We present an online planning method following the framework of model predictive control(MPC) to jointly optimize the motion of the UAV and the configurations of the RISs.The effectiveness of the proposed method is validated via computer simulations.展开更多
This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transpo...This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.展开更多
These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairnes...These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairness because the seller and the buyer may not fully trust each other.Therefore,in this paper,a blockchain-based secure and fair data trading system is proposed by taking advantage of the smart contract and matchmaking encryption.The proposed system enables bilateral authorization,where data trading between a seller and a buyer is accomplished only if their policies,required by each other,are satisfied simultaneously.This can be achieved by exploiting the security features of the matchmaking encryption.To guarantee non-repudiation and fairness between trading parties,the proposed system leverages a smart contract to ensure that the parties honestly carry out the data trading protocol.However,the smart contract in the proposed system does not include complex cryptographic operations for the efficiency of onchain processes.Instead,these operations are carried out by off-chain parties and their results are used as input for the on-chain procedure.The system also uses an arbitration protocol to resolve disputes based on the trading proof recorded on the blockchain.The performance of the protocol is evaluated in terms of off-chain computation overhead and on-chain gas consumption.The results of the experiments demonstrate that the proposed protocols can enable the implementation of a cost-effective data trading system.展开更多
Due to the broadcast nature of wireless communications,users’data transmitted wirelessly is susceptible to security/privacy threats.Meanwhile,as a result of the limitation of spectrum resources,massive wireless conne...Due to the broadcast nature of wireless communications,users’data transmitted wirelessly is susceptible to security/privacy threats.Meanwhile,as a result of the limitation of spectrum resources,massive wireless connections will incur serious interference,which may damage the efficiency of data transmission.Therefore,improving both efficiency and secrecy of data transmission is of research significance.In this paper,we propose a wireless transmission scheme by taking both Secure Communication(SC)and Interference Management(IM)into account,namely SCIM.With this scheme,an SCIM signal is generated by the legitimate transmitter(Tx)and sent along with the desired signal,so that the SCIM signal can interact with and suppress the environmental interference at the legitimate receiver(Rx).Meanwhile,the SCIM signal may interfere with the eavesdropper in the coverage of legitimate transmission so as to deteriorate the eavesdropping performance.Therefore,the secrecy of desired transmission is improved.In this way,both the transmission efficiency and privacy are enhanced.Then,by taking various transmission preferences into account,we develop different implementations of SCIM,including Interference Suppression First SCIM(ISF-SCIM),Data Transmission First SCIM(DTF-SCIM),Anti-Eavesdropping First SCIM(AEF-SCIM),and Secrecy Rate Maximization SCIM(SRM-SCIM).Our in-depth simulation results have shown the proposed methods to effectively improve the efficiency and secrecy of the legitimate transmission.展开更多
Future components to enhance the basic,native security of 5G networks are either complex mechanisms whose impact in the requiring 5G communications are not considered,or lightweight solutions adapted to ultrareliable ...Future components to enhance the basic,native security of 5G networks are either complex mechanisms whose impact in the requiring 5G communications are not considered,or lightweight solutions adapted to ultrareliable low-latency communications(URLLC)but whose security properties remain under discussion.Although different 5G network slices may have different requirements,in general,both visions seem to fall short at provisioning secure URLLC in the future.In this work we address this challenge,by introducing cost-security functions as a method to evaluate the performance and adequacy of most developed and employed non-native enhanced security mechanisms in 5G networks.We categorize those new security components into different groups according to their purpose and deployment scope.We propose to analyze them in the context of existing 5G architectures using two different approaches.First,using model checking techniques,we will evaluate the probability of an attacker to be successful against each security solution.Second,using analytical models,we will analyze the impact of these security mechanisms in terms of delay,throughput consumption,and reliability.Finally,we will combine both approaches using stochastic cost-security functions and the PRISM model checker to create a global picture.Our results are first evidence of how a 5G network that covers and strengthened all security areas through enhanced,dedicated non-native mechanisms could only guarantee secure URLLC with a probability of∼55%.展开更多
To secure web applications from Man-In-The-Middle(MITM)and phishing attacks is a challenging task nowadays.For this purpose,authen-tication protocol plays a vital role in web communication which securely transfers dat...To secure web applications from Man-In-The-Middle(MITM)and phishing attacks is a challenging task nowadays.For this purpose,authen-tication protocol plays a vital role in web communication which securely transfers data from one party to another.This authentication works via OpenID,Kerberos,password authentication protocols,etc.However,there are still some limitations present in the reported security protocols.In this paper,the presented anticipated strategy secures both Web-based attacks by leveraging encoded emails and a novel password form pattern method.The proposed OpenID-based encrypted Email’s Authentication,Authorization,and Accounting(EAAA)protocol ensure security by relying on the email authenticity and a Special Secret Encrypted Alphanumeric String(SSEAS).This string is deployed on both the relying party and the email server,which is unique and trustworthy.The first authentication,OpenID Uniform Resource Locator(URL)identity,is performed on the identity provider side.A second authentication is carried out by the hidden Email’s server side and receives a third authentication link.This Email’s third SSEAS authentication link manages on the relying party(RP).Compared to existing cryptographic single sign-on protocols,the EAAA protocol ensures that an OpenID URL’s identity is secured from MITM and phishing attacks.This study manages two attacks such as MITM and phishing attacks and gives 339 ms response time which is higher than the already reported methods,such as Single Sign-On(SSO)and OpenID.The experimental sites were examined by 72 information technology(IT)specialists,who found that 88.89%of respondents successfully validated the user authorization provided to them via Email.The proposed EAAA protocol minimizes the higher-level risk of MITM and phishing attacks in an OpenID-based atmosphere.展开更多
Reconfigurable intelligent surface(RIS)assisted dual-function radar communications(DFRC)system is a promising integrated sensing and communication(ISAC)technology for future 6G.In this paper,we propose a scheme of RIS...Reconfigurable intelligent surface(RIS)assisted dual-function radar communications(DFRC)system is a promising integrated sensing and communication(ISAC)technology for future 6G.In this paper,we propose a scheme of RIS-assisted DFRC system based on frequency shifted chirp spread spectrum index modulation(RDFI)for secure communications.The proposed RDFI achieves the sensing and transmission of target location information in its radar and communication modes,respectively.In both modes,the frequency-shifted chirp spread spectrum index modulation(FSCSS-IM)signal is used as the baseband signal for radar and communications,so that the signal sent by the radar also carries information.This scheme implements the RIS-assisted beamforming in the communication mode through the azimuth information of the target acquired in the radar mode,so that the signal received from the eavesdropper is distorted in amplitude and phase.In addition,this paper analyzes the radar measurement accuracy and communication security of the FSCSS-IM signal using ambiguity function and secrecy rate(SR)analysis,respectively.Simulation results show that RDFI achieves both excellent bit error rate(BER)performance and physical layer security of communications.展开更多
With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying ...With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.展开更多
Dear Editor, This letter aims to investigate the problem of attack detection and state estimation when the system suffers from external malicious attacks. A finite-time reduce-order observer is designed, which can ach...Dear Editor, This letter aims to investigate the problem of attack detection and state estimation when the system suffers from external malicious attacks. A finite-time reduce-order observer is designed, which can achieve attack detection at the preset time instant. Meanwhile, it is shown that the protection of the key nodes greatly improves the efficiency of secure state estimation. Finally, the proposed theory is applied to a general cyber-physical system to illustrate its effectiveness.展开更多
The secure dominating set(SDS),a variant of the dominating set,is an important combinatorial structure used in wireless networks.In this paper,we apply algorithmic game theory to study the minimum secure dominating se...The secure dominating set(SDS),a variant of the dominating set,is an important combinatorial structure used in wireless networks.In this paper,we apply algorithmic game theory to study the minimum secure dominating set(Min SDS) problem in a multi-agent system.We design a game framework for SDS and show that every Nash equilibrium(NE) is a minimal SDS,which is also a Pareto-optimal solution.We prove that the proposed game is an exact potential game,and thus NE exists,and design a polynomial-time distributed local algorithm which converges to an NE in O(n) rounds of interactions.Extensive experiments are done to test the performance of our algorithm,and some interesting phenomena are witnessed.展开更多
Welcome to the twelfth issue of 2023 in the IEEE/CAA Journal of Automatica Sinica(JAS).In the sixth issue of2023,I systematically addressed the latest development of Meta Vehicles,and sorted out some important contrib...Welcome to the twelfth issue of 2023 in the IEEE/CAA Journal of Automatica Sinica(JAS).In the sixth issue of2023,I systematically addressed the latest development of Meta Vehicles,and sorted out some important contributions published in the IEEE/CAA JAS focusing on control,estimation,and optimization of automated vehicles with reliability,security,efficiency,and intelligence.展开更多
The future 6G networks will integrates space and terrestrial networks to realize a fully connected world with extensive collaboration.However,how to build trust between multiple parties is a difficult problem for secu...The future 6G networks will integrates space and terrestrial networks to realize a fully connected world with extensive collaboration.However,how to build trust between multiple parties is a difficult problem for secure cooperation without a reliable third-party.Blockchain is a promising technology to solve this problem by converting the trust between multi-parties to the trust to the common shared data.Several works have proposed to apply the incentive mechanism in blockchain to encourage effective cooperation,but how to evaluate the cooperation performance and avoid breach of contract is not discussed.In this paper,a secure relay scheme is proposed based on the consortium blockchain system composed by different operators.In particular,smart contract checks the integrity of the message based on RSA accumulator,and executes transactions automatically when the message is delivered successfully.Detailed procedures are introduced for both uplink and downlink relay.Implementation based on Hyperledger Fabric proves the effectiveness of the proposed scheme and shows that the complexity of the scheme is low enough for practical deployment.展开更多
Mobile Industrial Internet of Things(IIoT)applications have achieved the explosive growth in recent years.The mobile IIoT has flourished and become the backbone of the industry,laying a solid foundation for the interc...Mobile Industrial Internet of Things(IIoT)applications have achieved the explosive growth in recent years.The mobile IIoT has flourished and become the backbone of the industry,laying a solid foundation for the interconnection of all things.The variety of application scenarios has brought serious challenges to mobile IIoT networks,which face complex and changeable communication environments.Ensuring data secure transmission is critical for mobile IIoT networks.This paper investigates the data secure transmission performance prediction of mobile IIoT networks.To cut down computational complexity,we propose a data secure transmission scheme employing Transmit Antenna Selection(TAS).The novel secrecy performance expressions are first derived.Then,to realize real-time secrecy analysis,we design an improved Convolutional Neural Network(CNN)model,and propose an intelligent data secure transmission performance prediction algorithm.For mobile signals,the important features may be removed by the pooling layers.This will lead to negative effects on the secrecy performance prediction.A novel nine-layer improved CNN model is designed.Out of the input and output layers,it removes the pooling layer and contains six convolution layers.Elman,Back-Propagation(BP)and LeNet methods are employed to compare with the proposed algorithm.Through simulation analysis,good prediction accuracy is achieved by the CNN algorithm.The prediction accuracy obtains a 59%increase.展开更多
The wide application of intelligent terminals in microgrids has fueled the surge of data amount in recent years.In real-world scenarios,microgrids must store large amounts of data efficiently while also being able to ...The wide application of intelligent terminals in microgrids has fueled the surge of data amount in recent years.In real-world scenarios,microgrids must store large amounts of data efficiently while also being able to withstand malicious cyberattacks.To meet the high hardware resource requirements,address the vulnerability to network attacks and poor reliability in the tradi-tional centralized data storage schemes,this paper proposes a secure storage management method for microgrid data that considers node trust and directed acyclic graph(DAG)consensus mechanism.Firstly,the microgrid data storage model is designed based on the edge computing technology.The blockchain,deployed on the edge computing server and combined with cloud storage,ensures reliable data storage in the microgrid.Secondly,a blockchain consen-sus algorithm based on directed acyclic graph data structure is then proposed to effectively improve the data storage timeliness and avoid disadvantages in traditional blockchain topology such as long chain construction time and low consensus efficiency.Finally,considering the tolerance differences among the candidate chain-building nodes to network attacks,a hash value update mechanism of blockchain header with node trust identification to ensure data storage security is proposed.Experimental results from the microgrid data storage platform show that the proposed method can achieve a private key update time of less than 5 milliseconds.When the number of blockchain nodes is less than 25,the blockchain construction takes no more than 80 mins,and the data throughput is close to 300 kbps.Compared with the traditional chain-topology-based consensus methods that do not consider node trust,the proposed method has higher efficiency in data storage and better resistance to network attacks.展开更多
Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challe...Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challenges.Authentication and access control are two notable challenges for any IIoT based industrial deployment.Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors,actuators,fog devices and gateways.Thus,articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security.In this paper,first,we present cryptanalysis for the certificate-based scheme proposed for a similar environment by Das et al.and prove that their scheme is vulnerable to various traditional attacks such as device anonymity,MITM,and DoS.We then put forward an interdevice authentication scheme using an ECC(Elliptic Curve Cryptography)that is highly secure and lightweight compared to other existing schemes for a similar environment.Furthermore,we set forth a formal security analysis using the random oracle-based ROR model and informal security analysis over the Doleve-Yao channel.In this paper,we present comparison of the proposed scheme with existing schemes based on communication cost,computation cost and security index to prove that the proposed EBAKE-SE is highly efficient,reliable,and trustworthy compared to other existing schemes for an inter-device authentication.At long last,we present an implementation for the proposed EBAKE-SE using MQTT protocol.展开更多
This paper addresses the problem of distributed secure state estimation for multi-agent systems under homologous sensor attacks.Two types of secure Luenberger-like distributed observers are proposed to estimate the sy...This paper addresses the problem of distributed secure state estimation for multi-agent systems under homologous sensor attacks.Two types of secure Luenberger-like distributed observers are proposed to estimate the system state and attack signal simultaneously.Specifically,the proposed two observers are applicable to deal with the cases in the presence and absence of time delays during network communication.It is also shown that the proposed observers can ensure the attack estimations from different agents asymptotically converge to the same value.Sufficient conditions for guaranteeing the asymptotic convergence of the estimation errors are derived.Simulation examples are finally provided to demonstrate the effectiveness of the proposed results.展开更多
文摘The automatic collection of power grid situation information, along with real-time multimedia interaction between the front and back ends during the accident handling process, has generated a massive amount of power grid data. While wireless communication offers a convenient channel for grid terminal access and data transmission, it is important to note that the bandwidth of wireless communication is limited. Additionally, the broadcast nature of wireless transmission raises concerns about the potential for unauthorized eavesdropping during data transmission. To address these challenges and achieve reliable, secure, and real-time transmission of power grid data, an intelligent security transmission strategy with sensor-transmission-computing linkage is proposed in this paper. The primary objective of this strategy is to maximize the confidentiality capacity of the system. To tackle this, an optimization problem is formulated, taking into consideration interruption probability and interception probability as constraints. To efficiently solve this optimization problem, a low-complexity algorithm rooted in deep reinforcement learning is designed, which aims to derive a suboptimal solution for the problem at hand. Ultimately, through simulation results, the validity of the proposed strategy in guaranteed communication security, stability, and timeliness is substantiated. The results confirm that the proposed intelligent security transmission strategy significantly contributes to the safeguarding of communication integrity, system stability, and timely data delivery.
文摘In an era characterized by digital pervasiveness and rapidly expanding datasets,ensuring the integrity and reliability of information is paramount.As cyber threats evolve in complexity,traditional cryptographic methods face increasingly sophisticated challenges.This article initiates an exploration into these challenges,focusing on key exchanges(encompassing their variety and subtleties),scalability,and the time metrics associated with various cryptographic processes.We propose a novel cryptographic approach underpinned by theoretical frameworks and practical engineering.Central to this approach is a thorough analysis of the interplay between Confidentiality and Integrity,foundational pillars of information security.Our method employs a phased strategy,beginning with a detailed examination of traditional cryptographic processes,including Elliptic Curve Diffie-Hellman(ECDH)key exchanges.We also delve into encrypt/decrypt paradigms,signature generation modes,and the hashes used for Message Authentication Codes(MACs).Each process is rigorously evaluated for performance and reliability.To gain a comprehensive understanding,a meticulously designed simulation was conducted,revealing the strengths and potential improvement areas of various techniques.Notably,our cryptographic protocol achieved a confidentiality metric of 9.13 in comprehensive simulation runs,marking a significant advancement over existing methods.Furthermore,with integrity metrics at 9.35,the protocol’s resilience is further affirmed.These metrics,derived from stringent testing,underscore the protocol’s efficacy in enhancing data security.
文摘Explainable Artificial Intelligence(XAI)has an advanced feature to enhance the decision-making feature and improve the rule-based technique by using more advanced Machine Learning(ML)and Deep Learning(DL)based algorithms.In this paper,we chose e-healthcare systems for efficient decision-making and data classification,especially in data security,data handling,diagnostics,laboratories,and decision-making.Federated Machine Learning(FML)is a new and advanced technology that helps to maintain privacy for Personal Health Records(PHR)and handle a large amount of medical data effectively.In this context,XAI,along with FML,increases efficiency and improves the security of e-healthcare systems.The experiments show efficient system performance by implementing a federated averaging algorithm on an open-source Federated Learning(FL)platform.The experimental evaluation demonstrates the accuracy rate by taking epochs size 5,batch size 16,and the number of clients 5,which shows a higher accuracy rate(19,104).We conclude the paper by discussing the existing gaps and future work in an e-healthcare system.
基金This work was supported in part by the National Natural Science Foundation of China(Nos.62072074,62076054,62027827,62002047)the Sichuan Science and Technology Innovation Platform and Talent Plan(Nos.2020JDJQ0020,2022JDJQ0039)+2 种基金the Sichuan Science and Technology Support Plan(Nos.2020YFSY0010,2022YFQ0045,2022YFS0220,2023YFG0148,2021YFG0131)the YIBIN Science and Technology Support Plan(No.2021CG003)the Medico-Engineering Cooperation Funds from University of Electronic Science and Technology of China(Nos.ZYGX2021YGLH212,ZYGX2022YGRH012).
文摘With the continuous expansion of the Industrial Internet of Things(IIoT),more andmore organisations are placing large amounts of data in the cloud to reduce overheads.However,the channel between cloud servers and smart equipment is not trustworthy,so the issue of data authenticity needs to be addressed.The SM2 digital signature algorithm can provide an authentication mechanism for data to solve such problems.Unfortunately,it still suffers from the problem of key exposure.In order to address this concern,this study first introduces a key-insulated scheme,SM2-KI-SIGN,based on the SM2 algorithm.This scheme boasts strong key insulation and secure keyupdates.Our scheme uses the elliptic curve algorithm,which is not only more efficient but also more suitable for IIoT-cloud environments.Finally,the security proof of SM2-KI-SIGN is given under the Elliptic Curve Discrete Logarithm(ECDL)assumption in the random oracle.
基金funding from the Australian Government,via grant AUSMURIB000001 associated with ONR MURI Grant N00014-19-1-2571。
文摘We consider a scenario where an unmanned aerial vehicle(UAV),a typical unmanned aerial system(UAS),transmits confidential data to a moving ground target in the presence of multiple eavesdroppers.Multiple friendly reconfigurable intelligent surfaces(RISs) help to secure the UAV-target communication and improve the energy efficiency of the UAV.We formulate an optimization problem to minimize the energy consumption of the UAV,subject to the mobility constraint of the UAV and that the achievable secrecy rate at the target is over a given threshold.We present an online planning method following the framework of model predictive control(MPC) to jointly optimize the motion of the UAV and the configurations of the RISs.The effectiveness of the proposed method is validated via computer simulations.
文摘This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.
基金supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(No.2022R1I1A3063257)supported by Electronics and Telecommunications Research Institute(ETRI)grant funded by the Korean Government[22ZR1300,Research on Intelligent Cyber Security and Trust Infra].
文摘These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairness because the seller and the buyer may not fully trust each other.Therefore,in this paper,a blockchain-based secure and fair data trading system is proposed by taking advantage of the smart contract and matchmaking encryption.The proposed system enables bilateral authorization,where data trading between a seller and a buyer is accomplished only if their policies,required by each other,are satisfied simultaneously.This can be achieved by exploiting the security features of the matchmaking encryption.To guarantee non-repudiation and fairness between trading parties,the proposed system leverages a smart contract to ensure that the parties honestly carry out the data trading protocol.However,the smart contract in the proposed system does not include complex cryptographic operations for the efficiency of onchain processes.Instead,these operations are carried out by off-chain parties and their results are used as input for the on-chain procedure.The system also uses an arbitration protocol to resolve disputes based on the trading proof recorded on the blockchain.The performance of the protocol is evaluated in terms of off-chain computation overhead and on-chain gas consumption.The results of the experiments demonstrate that the proposed protocols can enable the implementation of a cost-effective data trading system.
基金supported in part by the Natural Science Foundation of Shaanxi Province under Grant Number 2021JM-143the Fundamental Research Funds for the Central Universities under Grant Number JB211502+5 种基金the Project of Key Laboratory of Science and Technology on Communication Network under Grant Number 6142104200412the National Natural Science Foundation of China under Grant Number 61672410the Academy of Finland under Grant Number 308087the China 111 project under Grant Number B16037JSPS KAKENHI under Grant Number JP20K14742and the Project of Cyber Security Establishment with Inter University Cooperation.
文摘Due to the broadcast nature of wireless communications,users’data transmitted wirelessly is susceptible to security/privacy threats.Meanwhile,as a result of the limitation of spectrum resources,massive wireless connections will incur serious interference,which may damage the efficiency of data transmission.Therefore,improving both efficiency and secrecy of data transmission is of research significance.In this paper,we propose a wireless transmission scheme by taking both Secure Communication(SC)and Interference Management(IM)into account,namely SCIM.With this scheme,an SCIM signal is generated by the legitimate transmitter(Tx)and sent along with the desired signal,so that the SCIM signal can interact with and suppress the environmental interference at the legitimate receiver(Rx).Meanwhile,the SCIM signal may interfere with the eavesdropper in the coverage of legitimate transmission so as to deteriorate the eavesdropping performance.Therefore,the secrecy of desired transmission is improved.In this way,both the transmission efficiency and privacy are enhanced.Then,by taking various transmission preferences into account,we develop different implementations of SCIM,including Interference Suppression First SCIM(ISF-SCIM),Data Transmission First SCIM(DTF-SCIM),Anti-Eavesdropping First SCIM(AEF-SCIM),and Secrecy Rate Maximization SCIM(SRM-SCIM).Our in-depth simulation results have shown the proposed methods to effectively improve the efficiency and secrecy of the legitimate transmission.
基金The publication is produced within the framework of Ramon Alcarria y Borja Bordel’s research projects on the occasion of their stay at Argonne Labs(Jose Castillejo’s 2021 grant)supported by the Ministry of Science,Innovation andUniversities through the COGNOS project.
文摘Future components to enhance the basic,native security of 5G networks are either complex mechanisms whose impact in the requiring 5G communications are not considered,or lightweight solutions adapted to ultrareliable low-latency communications(URLLC)but whose security properties remain under discussion.Although different 5G network slices may have different requirements,in general,both visions seem to fall short at provisioning secure URLLC in the future.In this work we address this challenge,by introducing cost-security functions as a method to evaluate the performance and adequacy of most developed and employed non-native enhanced security mechanisms in 5G networks.We categorize those new security components into different groups according to their purpose and deployment scope.We propose to analyze them in the context of existing 5G architectures using two different approaches.First,using model checking techniques,we will evaluate the probability of an attacker to be successful against each security solution.Second,using analytical models,we will analyze the impact of these security mechanisms in terms of delay,throughput consumption,and reliability.Finally,we will combine both approaches using stochastic cost-security functions and the PRISM model checker to create a global picture.Our results are first evidence of how a 5G network that covers and strengthened all security areas through enhanced,dedicated non-native mechanisms could only guarantee secure URLLC with a probability of∼55%.
文摘To secure web applications from Man-In-The-Middle(MITM)and phishing attacks is a challenging task nowadays.For this purpose,authen-tication protocol plays a vital role in web communication which securely transfers data from one party to another.This authentication works via OpenID,Kerberos,password authentication protocols,etc.However,there are still some limitations present in the reported security protocols.In this paper,the presented anticipated strategy secures both Web-based attacks by leveraging encoded emails and a novel password form pattern method.The proposed OpenID-based encrypted Email’s Authentication,Authorization,and Accounting(EAAA)protocol ensure security by relying on the email authenticity and a Special Secret Encrypted Alphanumeric String(SSEAS).This string is deployed on both the relying party and the email server,which is unique and trustworthy.The first authentication,OpenID Uniform Resource Locator(URL)identity,is performed on the identity provider side.A second authentication is carried out by the hidden Email’s server side and receives a third authentication link.This Email’s third SSEAS authentication link manages on the relying party(RP).Compared to existing cryptographic single sign-on protocols,the EAAA protocol ensures that an OpenID URL’s identity is secured from MITM and phishing attacks.This study manages two attacks such as MITM and phishing attacks and gives 339 ms response time which is higher than the already reported methods,such as Single Sign-On(SSO)and OpenID.The experimental sites were examined by 72 information technology(IT)specialists,who found that 88.89%of respondents successfully validated the user authorization provided to them via Email.The proposed EAAA protocol minimizes the higher-level risk of MITM and phishing attacks in an OpenID-based atmosphere.
基金supported by the National Science Fund for Young Scholars(Grant No.62201539)the Project of Innovation and Entrepreneurship Training for National Undergraduates(Grant No.202210356005)the project of Zhejiang University Student Science and Technology Innovation Activity Plan(Grant No.2023R409055)。
文摘Reconfigurable intelligent surface(RIS)assisted dual-function radar communications(DFRC)system is a promising integrated sensing and communication(ISAC)technology for future 6G.In this paper,we propose a scheme of RIS-assisted DFRC system based on frequency shifted chirp spread spectrum index modulation(RDFI)for secure communications.The proposed RDFI achieves the sensing and transmission of target location information in its radar and communication modes,respectively.In both modes,the frequency-shifted chirp spread spectrum index modulation(FSCSS-IM)signal is used as the baseband signal for radar and communications,so that the signal sent by the radar also carries information.This scheme implements the RIS-assisted beamforming in the communication mode through the azimuth information of the target acquired in the radar mode,so that the signal received from the eavesdropper is distorted in amplitude and phase.In addition,this paper analyzes the radar measurement accuracy and communication security of the FSCSS-IM signal using ambiguity function and secrecy rate(SR)analysis,respectively.Simulation results show that RDFI achieves both excellent bit error rate(BER)performance and physical layer security of communications.
基金supported by the National Key Research and Development Program of China,“Joint Research of IoT Security System and Key Technologies Based on Quantum Key,”under project number 2020YFE0200600.
文摘With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.
基金supported by the National Natural Science Foundation of China (62233004, 62073076, 61803166)the Jiangsu Provincial Key Laboratory of Networked Collective Intelligence (BM2017002)+1 种基金the Fundamental Research Funds for the Central Universities (3208002102A2)Fundamental Research Funds for the Central Universities (2242022k30038)。
文摘Dear Editor, This letter aims to investigate the problem of attack detection and state estimation when the system suffers from external malicious attacks. A finite-time reduce-order observer is designed, which can achieve attack detection at the preset time instant. Meanwhile, it is shown that the protection of the key nodes greatly improves the efficiency of secure state estimation. Finally, the proposed theory is applied to a general cyber-physical system to illustrate its effectiveness.
基金supported in part by the National Natural Science Foundation of China(U20A2068, 11771013)Zhejiang Provincial Natural Science Foundation of China (LD19A010001)。
文摘The secure dominating set(SDS),a variant of the dominating set,is an important combinatorial structure used in wireless networks.In this paper,we apply algorithmic game theory to study the minimum secure dominating set(Min SDS) problem in a multi-agent system.We design a game framework for SDS and show that every Nash equilibrium(NE) is a minimal SDS,which is also a Pareto-optimal solution.We prove that the proposed game is an exact potential game,and thus NE exists,and design a polynomial-time distributed local algorithm which converges to an NE in O(n) rounds of interactions.Extensive experiments are done to test the performance of our algorithm,and some interesting phenomena are witnessed.
文摘Welcome to the twelfth issue of 2023 in the IEEE/CAA Journal of Automatica Sinica(JAS).In the sixth issue of2023,I systematically addressed the latest development of Meta Vehicles,and sorted out some important contributions published in the IEEE/CAA JAS focusing on control,estimation,and optimization of automated vehicles with reliability,security,efficiency,and intelligence.
基金supported by National Key Research and Development Program of Chain(No.2021YFE0205300)National Natural Science Foundation of China(No.62171313).
文摘The future 6G networks will integrates space and terrestrial networks to realize a fully connected world with extensive collaboration.However,how to build trust between multiple parties is a difficult problem for secure cooperation without a reliable third-party.Blockchain is a promising technology to solve this problem by converting the trust between multi-parties to the trust to the common shared data.Several works have proposed to apply the incentive mechanism in blockchain to encourage effective cooperation,but how to evaluate the cooperation performance and avoid breach of contract is not discussed.In this paper,a secure relay scheme is proposed based on the consortium blockchain system composed by different operators.In particular,smart contract checks the integrity of the message based on RSA accumulator,and executes transactions automatically when the message is delivered successfully.Detailed procedures are introduced for both uplink and downlink relay.Implementation based on Hyperledger Fabric proves the effectiveness of the proposed scheme and shows that the complexity of the scheme is low enough for practical deployment.
基金supported by the National Natural Science Foundation of China(No.62201313)the Opening Foundation of Fujian Key Laboratory of Sensing and Computing for Smart Cities(Xiamen University)(No.SCSCKF202101)the Open Project of Fujian Provincial Key Laboratory of Information Processing and Intelligent Control(Minjiang University)(No.MJUKF-IPIC202206).
文摘Mobile Industrial Internet of Things(IIoT)applications have achieved the explosive growth in recent years.The mobile IIoT has flourished and become the backbone of the industry,laying a solid foundation for the interconnection of all things.The variety of application scenarios has brought serious challenges to mobile IIoT networks,which face complex and changeable communication environments.Ensuring data secure transmission is critical for mobile IIoT networks.This paper investigates the data secure transmission performance prediction of mobile IIoT networks.To cut down computational complexity,we propose a data secure transmission scheme employing Transmit Antenna Selection(TAS).The novel secrecy performance expressions are first derived.Then,to realize real-time secrecy analysis,we design an improved Convolutional Neural Network(CNN)model,and propose an intelligent data secure transmission performance prediction algorithm.For mobile signals,the important features may be removed by the pooling layers.This will lead to negative effects on the secrecy performance prediction.A novel nine-layer improved CNN model is designed.Out of the input and output layers,it removes the pooling layer and contains six convolution layers.Elman,Back-Propagation(BP)and LeNet methods are employed to compare with the proposed algorithm.Through simulation analysis,good prediction accuracy is achieved by the CNN algorithm.The prediction accuracy obtains a 59%increase.
文摘The wide application of intelligent terminals in microgrids has fueled the surge of data amount in recent years.In real-world scenarios,microgrids must store large amounts of data efficiently while also being able to withstand malicious cyberattacks.To meet the high hardware resource requirements,address the vulnerability to network attacks and poor reliability in the tradi-tional centralized data storage schemes,this paper proposes a secure storage management method for microgrid data that considers node trust and directed acyclic graph(DAG)consensus mechanism.Firstly,the microgrid data storage model is designed based on the edge computing technology.The blockchain,deployed on the edge computing server and combined with cloud storage,ensures reliable data storage in the microgrid.Secondly,a blockchain consen-sus algorithm based on directed acyclic graph data structure is then proposed to effectively improve the data storage timeliness and avoid disadvantages in traditional blockchain topology such as long chain construction time and low consensus efficiency.Finally,considering the tolerance differences among the candidate chain-building nodes to network attacks,a hash value update mechanism of blockchain header with node trust identification to ensure data storage security is proposed.Experimental results from the microgrid data storage platform show that the proposed method can achieve a private key update time of less than 5 milliseconds.When the number of blockchain nodes is less than 25,the blockchain construction takes no more than 80 mins,and the data throughput is close to 300 kbps.Compared with the traditional chain-topology-based consensus methods that do not consider node trust,the proposed method has higher efficiency in data storage and better resistance to network attacks.
基金supported by the Researchers Supporting Project(No.RSP-2021/395)King Saud University,Riyadh,Saudi Arabia.
文摘Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challenges.Authentication and access control are two notable challenges for any IIoT based industrial deployment.Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors,actuators,fog devices and gateways.Thus,articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security.In this paper,first,we present cryptanalysis for the certificate-based scheme proposed for a similar environment by Das et al.and prove that their scheme is vulnerable to various traditional attacks such as device anonymity,MITM,and DoS.We then put forward an interdevice authentication scheme using an ECC(Elliptic Curve Cryptography)that is highly secure and lightweight compared to other existing schemes for a similar environment.Furthermore,we set forth a formal security analysis using the random oracle-based ROR model and informal security analysis over the Doleve-Yao channel.In this paper,we present comparison of the proposed scheme with existing schemes based on communication cost,computation cost and security index to prove that the proposed EBAKE-SE is highly efficient,reliable,and trustworthy compared to other existing schemes for an inter-device authentication.At long last,we present an implementation for the proposed EBAKE-SE using MQTT protocol.
基金supported by the Fundamental Research Funds for the Central Universities(buctrc202201)High Performance Computing Platform,College of Information Science and Technology,Beijing University of Chemical Technology。
文摘This paper addresses the problem of distributed secure state estimation for multi-agent systems under homologous sensor attacks.Two types of secure Luenberger-like distributed observers are proposed to estimate the system state and attack signal simultaneously.Specifically,the proposed two observers are applicable to deal with the cases in the presence and absence of time delays during network communication.It is also shown that the proposed observers can ensure the attack estimations from different agents asymptotically converge to the same value.Sufficient conditions for guaranteeing the asymptotic convergence of the estimation errors are derived.Simulation examples are finally provided to demonstrate the effectiveness of the proposed results.