Resilient control for wireless networked control systems under DoS attack via a hierarchical game

In this paper, the resilient control problem is investigated for a wireless networked control system (WNCS) under denial‐of‐service (DoS) attack via a hierarchical game approach. In the presence of a wireless network, a DoS attacker leads to extra packet dropout in the cyber layer of WNCS by launching interference power. A zero‐sum Markov game is exploited to model the interaction between the transmitter and the DoS attacker under dynamic network environment. Additionally, with the attack‐induced packet loss, an H_∞ minimax controller is designed in the physical layer by using a delta operator approach. Both value iteration and Q‐learning methods are used to solve the hierarchical game problem for the WNCS. The proposed method is applied to a load frequency control system to illustrate the effectiveness.     

Countering jamming attacks against an authentication and key agreement protocol for mobile satellite communications

The radio-based medium of satellite communication systems is vulnerable to interference on physical channels: unintentional interferences occur frequently and jamming attacks can be achieved using low-grade technology. While application layer security protocols cannot defend against denial of service (DoS) attacks where the attacker jams continuously, effective security protocols ensure that communication can continue after such interference has stopped.This paper analyses an authentication and key agreement protocol for satellite communications. The presented analysis reveals that the protocol is susceptible to a new DoS attack, where attackers jam a single message to achieve a permanent DoS condition. A new authentication and key agreement protocol is proposed that additionally addresses the scenario where messages send over the mobile satellite channel may not reach their intended recipient due to accidental or malicious interference. Analysis of the new protocol demonstrates that it is effective in countering the disruptive effects of jamming.     

DoS干扰攻击下的信息物理系统状态反馈稳定

基于网络的工业控制系统作为信息物理系统(CPSs)的一种重要应用正迅猛发展.然而,近年来针对工业控制系统的恶意网络攻击引起了人们对CPS安全问题的广泛关注.拒绝服务(DoS)干扰攻击作为CPS中最容易发生的攻击方式得到了深入研究.对此,提出一种能量受限的、周期的DoS干扰攻击模型,攻击的目的是增大无线信道发生数据包随机丢包的概率.基于一类CPS简化模型,考虑CPS中传感器与控制器(S-C)之间无线信道同时存在DoS干扰攻击和固有随机数据包丢失的情况,采用状态反馈,基于随机Lyapunov函数和线性矩阵不等式方法得到可以保证系统稳定的充分条件,并利用系统稳定的充分条件和锥补线性化算法设计控制器.最后,通过两个数值仿真例子验证所提出控制策略的有效性.     

DoS攻击下多线性系统多信道传输调度问题

信息物理系统(cyber-physical systems,CPSs)的应用愈加广泛,但因其本身具备开放性,易遭受网络攻击,并且攻击者越来越智能,故有必要开展CPSs安全性的相关研究.鉴于此,考虑具有多个远程状态估计子系统的信息物理系统在DoS攻击下的交互过程.每个系统中各传感器监控各自的系统,并由调度器为各个传感器的数据包分配通道,将其本地估计发送给远程状态估计器,目标是最小化总估计误差协方差.为了更接近实际应用场景,考虑在多信道传输过程中通道信号会受到不同环境影响,因此在不同环境的信道传输数据需要消耗的能量有所不同.调度器和攻击者对于通道的选择,需要满足通道对最低能量的需求才能进行传输和攻击.对于攻击者而言,考虑其更加智能,如果对一条通道攻击后仍然有剩余能量并满足其余通道要求,则可同时选择攻击其他通道进行攻击,进而实现与调度器相反的目标.在此基础上,构造一个双人零和博弈,并采用纳什Q学习算法求解双方的最优策略,为研究信息物理系统安全状态估计提供研究思路.     

Dynamic event-based consensus of multi-agent systems with secure mode resilient to DoS attack

In this article, the resilient leaderless consensus problem for a multi-agent system (MAS) under denial-of-service(DoS) attack is investigated. The DoS attack is carried out with multiple strategies. The sufficient condition for MASs achieving consensus under multi-mode DoS attack is developed. In order to actively alleviate the influence caused by the DoS attack, the MAS switches between normal and secure modes. Once a DoS attack occurs, the agents will switch into the secure mode with a lower open-loop divergence rate. A dynamic event-based consensus protocol is proposed, driving the MAS achieve consensus while saving communication resources effectively. Moreover, rigorous proof analysis demonstrates the Zeno-free property of the developed dynamic event-triggered mechanism. Finally, a numerical simulation is provided to illustrate the effectiveness of the proposed theoretical results.     

Probabilistic model checking for the quantification of DoS security threats

Secure authentication features of communication and electronic commerce protocols involve computationally expensive and memory intensive cryptographic operations that have the potential to be turned into denial-of-service (DoS) exploits. Recent proposals attempt to improve DoS resistance by implementing a trade-off between the resources required for the potential victim(s) with the resources used by a prospective attacker. Such improvements have been proposed for the Internet Key Exchange (IKE), the Just Fast Keying (JFK) key agreement protocol and the Secure Sockets Layer (SSL/TLS) protocol. In present article, we introduce probabilistic model checking as an efficient tool-assisted approach for systematically quantifying DoS security threats. We model a security protocol with a fixed network topology using probabilistic specifications for the protocol participants. We attach into the protocol model, a probabilistic attacker model which performs DoS related actions with assigned cost values. The costs for the protocol participants and the attacker reflect the level of some resource expenditure (memory, processing capacity or communication bandwidth) for the associated actions. From the developed model we obtain a Discrete Time Markov Chain (DTMC) via property preserving discrete-time semantics. The DTMC model is verified using the PRISM model checker that produces probabilistic estimates for the analyzed DoS threat. In this way, it is possible to evaluate the level of resource expenditure for the attacker, beyond which the likelihood of widespread attack is reduced and subsequently to compare alternative design considerations for optimal resistance to the analyzed DoS threat. Our approach is validated through the analysis of the Host Identity Protocol (HIP). The HIP base-exchange is seen as a cryptographic key-exchange protocol with special features related to DoS protection. We analyze a serious DoS threat, for which we provide probabilistic estimates, as well as results for the associated attacker and participants' costs.     

Guaranteed cost control of cyber‐physical systems with packet dropouts under dos jamming attacks

Cyber‐Physical Systems (CPSs) are vulnerable to malicious network attacks due to tight combination of cyber‐system and physical system through a more open network communication. In this paper, a guaranteed cost control problem for a CPS under DoS jamming attacks is solved via both state feedback and output feedback methods. Specifically, an energy constraint DoS jammer with clear periodic attack strategy is proposed to attack wireless channel and to degrade the system performance. Without knowing the DoS jammer's attack strategy, a passive attack‐tolerant mechanism is established, and the corresponding state feedback and output feedback controllers are designed to achieve guaranteed cost control for the CPS with inherent packet dropouts under DoS jamming attacks. Finally, numerical examples are presented to demonstrate the effectiveness of the guaranteed cost controllers.     

A Secure IoT Firmware Update Scheme Against SCPA and DoS Attacks

In the IEEE S&P 2017,Ronen et al.exploited side-channel power analysis (SCPA) and approximately 5000 power traces to recover the global AES-CCM key that Philip Hue lamps use to decrypt and authenticate new firmware.Based on the recovered key,the attacker could create a malicious firmware update and load it to Philip Hue lamps to cause Internet of Things (IoT) security issues.Inspired by the work of Ronen et al.,we propose an AES-CCM-based firmware update scheme against SCPA and denial of service (DoS) attacks.The proposed scheme applied in IoT terminal devices includes two aspects of design (i.e.,bootloader and application layer).Firstly,in the bootloader,the number of updates per unit time is limited to prevent the attacker from acquiring a sufficient number of useful traces in a short time,which can effectively counter an SCPA attack.Secondly,in the application layer,using the proposed handshake protocol,the IoT device can access the IoT server to regain update permission,which can defend against DoS attacks.Moreover,on the STM32F405+M25P40 hardware platform,we implement Philips' and the proposed modified schemes.Experimental results show that compared with the firmware update scheme of Philips Hue smart lamps,the proposed scheme additionally requires only 2.35 KB of Flash memory and a maximum of 0.32 s update time to effectively enhance the security of the AES-CCM-based firmware update process.     

Event-triggered containment control for multi-agent systems under hybrid cyber attacks

This paper studies event-triggered containment control problem of multi-agent systems (MASs) under deception attacks and denial-of-service (DoS) attacks. First, to save limited network resources, an event-triggered mechanism is proposed for MASs under hybrid cyber attacks. Different from the existing event-triggered mechanisms, the negative influences of deception attacks and DoS attacks are considered in the proposed triggering function. The communication frequencies between agents are reduced. Then, based on the proposed event-triggered mechanism, a corresponding control protocol is proposed to ensure that the followers will converge to the convex hull formed by the leaders under deception attacks and DoS attacks. Compared with the previous researches about containment control, in addition to hybrid cyber attacks being considered, the nonlinear functions related to the states of the agents are applied to describe the deception attack signals in the MAS. By orthogonal transformation of deception attack signals, the containment control problem under deception attacks and DoS attacks is reformulated as a stability problem. Then, the sufficient conditions on containment control can be obtained. Finally, a set of simulation example is used to verify the effectiveness of the proposed method.     

Dynamic probabilistic packet marking for efficient IP traceback

Recently, denial-of-service (DoS) attack has become a pressing problem due to the lack of an efficient method to locate the real attackers and ease of launching an attack with readily available source codes on the Internet. Traceback is a subtle scheme to tackle DoS attacks. Probabilistic packet marking (PPM) is a new way for practical IP traceback. Although PPM enables a victim to pinpoint the attacker’s origin to within 2–5 equally possible sites, it has been shown that PPM suffers from uncertainty under spoofed marking attack. Furthermore, the uncertainty factor can be amplified significantly under distributed DoS attack, which may diminish the effectiveness of PPM. In this work, we present a new approach, called dynamic probabilistic packet marking (DPPM), to further improve the effectiveness of PPM. Instead of using a fixed marking probability, we propose to deduce the traveling distance of a packet and then choose a proper marking probability. DPPM may completely remove uncertainty and enable victims to precisely pinpoint the attacking origin even under spoofed marking DoS attacks. DPPM supports incremental deployment. Formal analysis indicates that DPPM outperforms PPM in most aspects.     

Defense techniques for low-rate DoS attacks against application servers

Low-rate denial of service (DoS) attacks have recently emerged as new strategies for denying networking services. Such attacks are capable of discovering vulnerabilities in protocols or applications behavior to carry out a DoS with low-rate traffic. In this paper, we focus on a specific attack: the low-rate DoS attack against application servers, and address the task of finding an effective defense against this attack.Different approaches are explored and four alternatives to defeat these attacks are suggested. The techniques proposed are based on modifying the way in which an application server accepts incoming requests. They focus on protective measures aimed at (i) preventing an attacker from capturing all the positions in the incoming queues of applications, and (ii) randomizing the server operation to eliminate possible vulnerabilities due to predictable behaviors.We extensively describe the suggested techniques, discussing the benefits and drawbacks for each under two criteria: the attack efficiency reduction obtained, and the impact on the normal operation of the server. We evaluate the proposed solutions in a both a simulated and a real environment, and provide guidelines for their implementation in a production system.     

列车控制系统的抗拒绝服务攻击弹性控制策略

当遭受拒绝服务(DoS)攻击时,分布式列车控制系统的弹性控制问题受到广泛关注.本文提出了一种基于分布式领导车状态观测器和障碍李雅普诺夫函数的弹性控制策略,不仅可以避免列车碰撞,同时实现了编队控制的目标.首先,给出了一种分布式的领导车状态观测器设计方法,用于实时估计领导车的状态.理论分析表明,在DoS攻击满足一定约束的条件下,该状态观测器的估计误差具有指数稳定特性.在此基础上,通过将列车碰撞避免问题转化为状态受限问题,提出一种基于障碍李雅普诺夫函数的状态受限控制律,解决了DoS攻击下确保碰撞避免的车队控制问题.最后,数值仿真证实了本文方法的有效性.     

DoS攻击下一类二阶多智能体系统的安全分组一致性研究

针对拒绝服务(denial-of-service, DoS)攻击下一类二阶多智能体系统的安全分组一致性协同控制问题,区别于同类工作,在非周期性多信道独立的攻击场景下,基于复杂系统中智能体间的合作与竞争交互,提出一种新的带有状态估计器的安全分组一致性控制协议.在该协议的作用下,首先,给出DoS攻击持续时间的约束条件,通过设计合适的李雅普诺夫函数,结合求解代数黎卡提方程得到不同攻击模式下信道的衰减率;然后,通过引入与各个信道对应的等效衰减率,克服所得衰减率与信道难以匹配的问题,并给出系统的稳定性判据;最后,通过数值实验验证理论分析所得结论的正确性和有效性.     

Reexamining the security of fair quantum blind signature schemes

In this paper, we reexamined the security of fair quantum blind signature protocols and found there exists a secure leakage caused by the reuse of signing key. To illustrate it, a new attack strategy is proposed based on unambiguous set discrimination of quantum state. In this attack, the attacker can forge a valid signature for any message when he owns three signatures. Finally, a feasible improved method is proposed to solve this problem.     

Security enforcement in wireless sensor networks: A framework based on non-cooperative games

This paper focuses on the design of security enforcement mechanisms for the prevention of denial of service (DoS) attacks in wireless sensor networks. In the first part, we identify the requirement for security enforcement using auction theory, which allows us to detect non-cooperative nodes. Our novel scheme for preventing DoS attacks is called Secure Auction based Routing (SAR). In the proposed protocol, nodes prefer to participate in forwarding incoming packets and gaining reputation in the network. Nodes willing to do so must compete against each other, and the competition is based on auction theory. The amount of bid that each node offers is equal to its utility value; and the price that a winner of a bid pays is a reduction in its original battery power. Since a node’s truthful bidding is shown to be a dominant strategy, in order to prevent DoS attack, nodes that do not bid truthfully should be isolated.In the second part, we formulate the attack–defense problem as a non-cooperative, two-player, non-zero-sum game between an attacker and a wireless sensor network. We show that this game achieves Nash equilibrium, thus leading to a defense strategy for the network. We propose two novel schemes. The first one is called Utility based Dynamic Source Routing (UDSR), which incorporates the total utility of each en-route node in data packets, where utility is the difference between gain and cost for each node. The second scheme is based on a watch-list, where each node earns a rating from its neighbors, based on its previous cooperation in the network. Simulation results show that the proposed game theoretic framework significantly increases the chance of success in defense strategy for the wireless sensor network.     

分布式主动型防火墙

介绍了分布式防火墙的概念与模型,分析了分布式防火墙不依赖于网络拓朴结构的优点。为克服分布式防火墙在防止拒绝服务攻击中的不足,提出了分布式主动型防火墙的模型:不被动地防止攻击,而是将内部的攻击拒绝在攻击者处。运用策略分解的方法,将一条KeyNote语言描述的策略分为两部分再发放给相应主机。此方法有效地防止了来自内部的拒绝服务攻击,使服务器能正常提供服务。     

Keeping Denial-of-Service Attackers in the Dark

We consider the problem of overcoming (distributed) denial-of-service (DoS) attacks by realistic adversaries that have knowledge of their attack's successfulness, for example, by observing service performance degradation or by eavesdropping on messages or parts thereof. A solution for this problem in a high-speed network environment necessitates lightweight mechanisms for differentiating between valid traffic and the attacker's packets. The main challenge in presenting such a solution is to exploit existing packet-filtering mechanisms in a way that allows fast processing of packets but is complex enough so that the attacker cannot efficiently craft packets that pass the filters. We show a protocol that mitigates DoS attacks by adversaries that can eavesdrop and (with some delay) adapt their attacks accordingly. The protocol uses only available efficient packet-filtering mechanisms based mainly on addresses and port numbers. Our protocol avoids the use of fixed ports and instead performs "pseudorandom port hopping." We model the underlying packet-filtering services and define measures for the capabilities of the adversary and for the success rate of the protocol. Using these, we provide a novel rigorous analysis of the impact of DoS on an end-to-end protocol and show that our protocol provides effective DoS prevention for realistic attack and deployment scenarios.     

DoS攻击下基于多率采样的多智能体系统安全一致性

本 文 研 究 了 一 类 带 有 多 率 采 样 的 线 性 多 智 能 体 系 统(Multiagent Systems, MASs)在 拒 绝 服 务(Denial-of-Service, DoS)攻击下的安全一致性控制问题, 其中DoS攻击通常阻断智能体之间的信息传输. 本文将多 率采样在网络化控制系统中的结果推广到了多智能体系统, 并考虑了非理想通信网络环境. 首先, 通过引入一个匹 配机制来同步由多率采样引起的智能体不同状态分量的采样数据. 然后, 在DoS攻击下, 针对带有多率采样的线 性MAS提出了一个基于多率采样的安全一致性控制器. 通过使用李雅普诺夫稳定性理论和切换系统方法, 获得了 包含DoS 攻击持续时间以及攻击频率的安全一致性充分条件. 最后, 给出了一个仿真例子来验证所提方法的有效 性, 并给出了多率采样与单率采样机制的性能对比分析.     

Coordinated cyber‐physical attacks considering DoS attacks in power systems

The smart grid faces a variety of physical and cyber attacks. Coordinated cyber‐physical attacks can cause severer consequences than the single cyber or physical attacks, which can be divided into two categories according to whether the physical attack is stealthy or not. Coordinated cyber‐physical attacks considering DoS attacks are investigated due to the lower cost of DoS attacks. In each category of coordinated cyber‐physical attacks, the mathematical models are derived and suitable methods are adopted to solve the corresponding issue. The experimental simulation demonstrates the potentially damaging effects and threats of this newly proposed attack. It is also presented that this newly proposed attack can use lower attack resources to introduce more catastrophic effects on the power system.     

Stealthy switching attacks on sensors against state estimation in cyber-physical systems

This article focuses on designing sensor attacks to deteriorate the state estimation in cyber-physical systems. The scenario that the malicious attack signals can be injected into different but limited number of sensor communication channels is considered. The state estimation error variations and innovation variations are adopted to measure attack performance and attack stealthiness, respectively. A switching attack strategy is proposed, under which the estimation error variations are driven to the predesigned target value and the norm of innovation variations remains at a small level. The switching attack design problem is formulated as a discrete switched optimal control problem which can be solved by dynamic programming, while the computational burden is heavy. To overcome this difficulty, by using pruning technique to remove the redundant matrices generated in dynamic programming, the quadratic optimization problem becomes numerically tractable. In this way, the suboptimal attack signal sequence and switching sequence can be acquired. Finally, a simulation example is provided to illustrate the effectiveness of the proposed attack strategy.