Earticle

Governments, companies, universities and research institutes are pushing the research and development of cyber-physical systems (CPS). However, the development of cyber-physical systems is constrained by security factors. According to this situation, this paper put forward a CPS security model, which contains security objectives, basic theories, simulation, and CPS framework, summarizes security attacks to cyber-physical systems as a theoretical reference for the study of cyber–physical systems and to provide useful security defense. Based on the cyber-physical systems framework, the paper classifies attacks for the execution layer, transport layer and control layer. The execution layer attacks include security attacks for nodes such as sensors and actuators. Transport layer attacks include data leakage or damage and security issues during massive data integration. Control layer attacks include the loss of user privacy, incorrect access control policies and inadequate security standards. This paper gives security defenses and recommendations for all types of security attacks. Finally, this paper introduces categorizations of CPS application fields and explores their relationships.

Cloud computing is a technology which completely shifts the data to unaware Datacenter (DC) where the cloud service provider (CSP) is responsible for the subscribers’ data and its protection. Distributed Denial of Service (DDoS) is a kind of overload threat aims to subvert DC and their resources which leads to resource unavailable to legitimate requestors. In this paper we proposed an effective layered load balancing mechanism which scrutinizes the incoming requestors’ traffic at various layers and each layer outwits some kind of attack traffic. The early network traffic condition prediction paves the way to detect the threats earlier which in turn improves the availability. The significance of the proposed mechanism is detecting the higher rate of overload threats at earlier layers. Constant monitoring and stringent protocol setup for incoming traffic strengthens the proposed mechanism against several kinds of overload threats. Based on the traffic pattern of incoming requestors, the vulnerability is observed and outwitted at various layers. The simulation proved that the mechanism proposed is deployable at an attack-prone DC for resource protection, which would eventually benefit the DC economically as well.

Clean Development Mechanism (CDM) is a multi-win solution for the low-carbon development of urban infrastructure. It provides a low-cost plan and offering channels for technical transformation. Moreover, effective clean development strategy can certainly produce additional capital and technology benefits to meet the requirements of sustainability for urban infrastructure construction. This paper illustrates the clean development principles of urban infrastructure in a broader sense，and pay attention to the potential risk and controlling methodology of the CDM, which aims at promoting the formation and positive development of urban CMD system.

This paper firstly briefed the basic concepts of N public key cryptosystem, RS code and QC-LDPC code, and then put forward the cascade cryptosystem with the RS code being the outer code and QC-LDPC code being the internal code. At last, the writer analyzed in detail the security and performance of the N cryptosystem based on double public key, and thus proved its better security and performance than the traditional public key cryptosystem based on error correcting code. In addition, it is also endowed with higher practicability in complex environment.

Because of environmental issues such as global warming, natural disaster is a growing trend. Accordingly, interest in minimizing structural damage due to natural disasters is also increasing. One method for reducing these problems of disaster damage is to detect problematic situations quickly using Closed-circuit televisions (CCTVs), which are image sensors that allow damage to be controlled and countermeasures to be prepared. In the case of structural deformation situations occurring due to natural disasters, deformations tend to continue until the structure is recovered. However, since intelligent CCTVs have thus far failed to recognize or track moving objects, these CCTVs are not suitable for detecting the maintenance of structure deformation. Therefore, in the present study, a technique will be presented through which structural situations suspected of deformation (i.e., situations in which problems will occur if the current state is maintained) can be intelligently detected using difference images based on video images taken from actual structures at fixed positions.

By defining attack-defense action sequence and utility function of both sides, combine with dynamic Bayes game theory to analyze the confrontation and interdependence between the two agents’ strategies. Dynamic Bayes attack-defense game model can describe each possible strategy in every stage. This paper proposes the construction method of game extensive form by utilizing attack-defense confrontation model, and presents the equilibrium strategy solution algorithm.

This paper presents a Multimodal Biometric Recognition System (MBRS) which is capable of integrating various biometric information for person recognition. The MBRS is deployed as a cloud server and provides person recognition service for smart robots. Through the experiments based on multimodal biometric traits, the fact that the multimodal biometric recognition performs better than individual biometric recognition has been proved. In our approach, the implementation of a multimodal biometric recognition system based on face recognition system and voice recognition system is proposed. The MBRS provides the possibility of integrating multi biometric subsystems to do recognition. Even more, since the MBRS is deployed as a cloud server, the public interfaces were provided for the robots to do real-time person recognition. The experimental results show that the MBRS outperforms any individual face recognition subsystem and voice recognition subsystem.

In order to solve the redundancy question in complex network which is caused by similar attack method and similar node object in attack model, the node domain and transition domain of Petri Net are divided into equivalence classes, and then the construction method of rough vulnerability relation model is given. By defining similar degree of path, search for all of the characteristic attack path which can attain attack object by use of ant algorithm, and calculate the maximal threat of object node which is brought by characteristic strategy. In order to ensure threat prediction suit for attack scene, dynamic perception method of network threat is proposed, which relies on Intrusion Detection Systems (IDS) warning to amend threat value constantly.

Aiming at the problems that the existing model-based collaborative filtering algorithm has low recommendation accuracy and small recommendation coverage, we propose a collaborative filtering recommendation algorithm based on the trust propagation by introducing the trust information of social network to extend the matrix factorization-based recommendation model. We first design a set of trust propagation rules based on the direct trust relationships of the social network, so as to propagate the trust relationship in the social networks, and get to quantize the new trust relationship. Then we load the quantitative trust relations after the trust propagation as the trust weight into the matrix factorization-based model according to the characteristics that the matrix factorization technique can reduce the dimension of large-scale datasets.

The popularity of social networking sites has increased throughout the decade and everything that gains immense popularity with great human involvement also brings many challenges and issues along with it. Similarly the excessive use of online social networking causes a great increase in anomalies. In social networking the anomalies are like fake account, account hack, identity theft, spams and many other illegitimate activities. It is thus necessary to detect such anomalous and suspicious behavior of any user at these social platforms, as they could have an adverse impact on users, especially on teenagers. In this paper, we propose various methodologies for early detection of suspicious and anomalous activities. We have done the analysis of various parameters of social networking and its graph like indegree, outdegree, active time of a node (user) and its behavior.

Information has become the important and strategic resource, and social informatization has become the developing trend and core. The information safety will play an extremely important role in the information society. It is directly related to the national security, business and the normal life. Wireless Public Key Infrastrcture(WPKI) is a technology of wireless networks security, which is applied to transform the E-Business and the Internet for shopping, banking and transacting with one another in anywhere at anytime by using the wireless devices of mobile phone, PDA, IPAD and so on. Wireless application protocol (WAP) can ensure the secure e-business services and wireless applications. So the structure, principle, security infrastructure, application model and environment of WPKI are described in detail. Then the mobile E-business security model based on WPKI Technology is proposed in this paper. It will analyze and demonstrate how the WPKI technology can provide the security services to mobile E-business with similar security requirements and provide the reader with a high level technical application of the WPKI technology. And a application system provided an excellent example for demonstrating the effectiveness, and the secrecy, identity authentication and non repudiation are studied and analyzed.

The current third-party network service in B2C business is not perfect in China, rural tourism enterprises frequent change the third-party platform because the cooperation risk. The rural tourism industry is developing fast; however, most tourism enterprises are not clear whether third-party network platform will increase the economic and social value by cooperation. Also, the third-party platform is not effective to improve the business level, and do not know how to improve the service quality. Therefore, the third-party platform should pay more attention to the service quality and perceived value, grasp the collaborative operation of cognition, improve the cooperation performance by increasing relationship quality, and promote to establish a solid and long-term cooperation relationship.

The demanding in construction of the stand-alone networks and interconnection between convergence devices have led an increase in research on Mobile Ad-hoc Network and the application of Mobile Ad-hoc Network has been paid much attention as a Ubiquitous computing which is growing fast in the field of computer science. With performance both as hosts and routers, easy network configuration, and fast response, mobile nodes participating in Mobile Ad-hoc Network are suitable for Embedded computing but have vulnerable points, about lack of dynamic network topology due to mobility, network scalability, passive attacks, and active attacks which make it impossible to manage continuous security authentication service. In this study, hashed AODV routing is used to protect from counterfeiting messages by malicious nodes in the course of path finding and setting, and disguising misrouted messages as different mobile nodes and inputting them into the network.

In recent years, cloud computing is becoming popular in the field of information, however, the development of cloud computing have to face the problem of cloud security. Intrusion Deletion System (IDS) is one of the possible solutions to the problem of cloud security, but the correct rate of general application of the IDS is not very satisfactory, for this purpose we propose a density-based binary Support Vector Machine (SVM) method (D-BSVM). Its main idea is based on the density of each class in the data set, and gets a binary sequence of training, according to this sequence obtained binary SVM training model to predict the behavior of the system. Further, the method for calculating the density is the paralleled, thereby improving efficiency of overall system. Finally, we present experimental results, and by contrast our approach can improve the accuracy and detection rate of IDS.

An information security-aware culture will minimize internal threats to information assets through the construction of appropriate information security beliefs and values that guide employee behavior when interacting with information assets and information technology systems. This paper aims to illustrate the application of the Information Security Culture Framework (ISCF) to asses and cultivate an information security aware culture within an organization through an empirical study. The ISCF is a comprehensive framework that consists of five dimensions (Strategy, Technology, Organization, People, and Environment) and integrates change management and the human factor in information security. The empirical study includes three case studies, selected to demonstrate the effectiveness of ISCF in describing and explaining the organizational information security culture. A sequential mixed method, to collect quantitative survey data and qualitative interview data, is used to demonstrate the validity and reliability of the framework. The ISCF therefore could be used by all types of organizations in order to assess whether an acceptable level of information security culture has been implemented and, if not, corrective actions are suggested.

XML, the Extensible Markup Language, had become an important tool for both storage and exchange of data. As the applied areas of XML had been widen gradually, the security problems of XML became a main concern. Hence, the study of access control using XML had been an important topic of security study of XML nowadays. In this paper, we would first made a brief introduction of access control using XML, and some requirements of XML access control would be included. After that, we would give a detail presentation of an access control model using XML, and point out the most significant feature of it. Finally, we analyzed the direction and difficulty in the study of access control using XML, and then illustrate the practical significance of the study.

Safe file sharing mechanism in cloud storage is one of the most significant elements that affects the development of security technology. With application of homomorphic key agreement mechanism、Shamir secret sharing algorithm. Bloom Filter and B-tree search algorithm and Rsync data updating algorithm, a safe file sharing scheme in cloud storage is established based on cloud storage infrastructure of DHT networks. Under the circumstance of cloud storage, the scheme can make full use of the sharing mechanism and achieve the confidentiality and integrity of the file. Based on DHT networks, the analysis and test of data sharing are conducted in the paper. Together with file upload and download, the test of data encryption and decryption is done on the basis of Dropbox. As the result shows, the scheme puts forward a safe and effective solution to safe file sharing in cloud storage.

Quick response (QR) code is the prevalent trademark for a type of matrix barcode symbol. That code is always scanned to efficiently acquire data, especially for mobile device users. It involves the capabilities of data storage, reliable readability and strong error correction. This paper utilizes these properties of a QR code to propose an image tamper detection and recovery scheme for grayscale images. The image to be protected is first subsampled and decomposed the principal energy compaction for image blocks. These are regarded as the image authentication and recovery data and then are encoded into the pattern of a QR code. The QR code is subsequently embedded into the original image. Experimental results showed that the authentication and recovery data in a QR code is able to sustain certain perceptible distortions such that the proposed scheme can detect tampered regions clearly and recover them roughly. Moreover, the proposed scheme also provides a better embedded image quality in comparison with the previous method.

This paper presents an image encryption scheme for secure digital images based on secret sharing and coupled map lattices. In this scheme, the secret image is encrypted before the sharing phase based on key sequences generated by chaotic map lattices. Experimental results and analysis show that the proposed scheme has better security and can be easily protects both confidentiality and loss-tolerance simultaneously in shadow images.

To meet the real-time diagnosis requirements of complex systems, this paper presents a novel fault diagnosis framework based on dynamic fault tree and arithmetic circuit. It pays attention to meeting two challenges: model development and real-time reasoning. Specifically, we use a dynamic fault tree to model dynamic fault modes and calculate some quantitative parameters using algebraic technique and Bayesian network (BN) in order to avoid the state space explosion problem. Furthermore, we compile a BN into an arithmetic circuit to obtain answers to probabilistic queries by evaluating and differentiating the arithmetic circuit. In addition, we incorporate sensors information into diagnosis process and propose the schemes on how to update the diagnostic importance factor and the minimal cut sequences. Finally, the example of a train-ground communication system is used to demonstrate the proposed method.

A comparison of two encryption standards, 3DES and AES is presented. It may seem that DES is insecure and no longer of any use, but that is not the case since the DES and 3DES algorithms are still beyond the capability of most attacks in the present day. However, the power of computers is increasing and stronger algorithms are required to face hacker attacks. AES has been designed in software and hardware and it works quickly and efficiently, even on small devices such as smart phones. With a large block size and a longer keys, AES will provide more security in the long term.

With respect to fatigue damage of heavy traffic on the bridge structure, this paper studied on load spectrum and fatigue simulation. The author used manual recording, live cameras, vehicle dynamic weighing system (WIM) to conduct traffic investigation in a continuous 24-hour period. Basing on these data in Hebei province, we established typical vehicle load spectrum using probabilistic and statistical methods, and deduced a standard fatigue vehicle model on this basis. Then we prepared random load spectrum by MATLAB and realized loading it on a finite element model (FEM). Next, the paper assessed the fatigue life of in-service highway bridges that in Hebei by comparing typical vehicle load and random vehicle load. Results showed that vehicle speed has significant influence on fatigue damage under typical vehicle load. Equivalent stress amplitude is small in two operational states under random vehicle load, the general operation state and intensive operation state. Fatigue damage to bridge under general operation is obvious. After verified the applicability of the standard fatigue vehicle model, we can believe that this model developed in this article can be further used as a reference to check highway fatigue damage in the entire Hebei province. Moreover, all the results showed that the bridges wouldn’t get fatigue failure under a normal operation state when there is no impact of environmental factors.

In this particular work, we have done power dissipation analysis of DES algorithm, implemented on 28nm FPGA. We have used Xilinx ISE software development kit for all the observation done in this particular research work. Here, we have taken SSTL (Stub-Series Terminated Logic) as input-output standard. We have considered six sub-categories of SSTL (i.e. SSTL135, SSTL135_R, SSTL15, SSTL15_R, SSTL18_I and SSTL18_II) for four different WLAN frequencies (i.e. 2.4GHz, 3.6GHz, 4.9GHz, and 5.9GHz). We have done analysis considering five basic powers i.e. clock power, logic power, signal power, IOs power, leakage power and total power. There is 50-60% reduction in power dissipation, which is possible with proper selection of the most energy efficient IO standards i.e. SSTL135_R among SSTL logic families.

Localization algorithm is an important and challenging topic in Wireless Sensor Networks (WSNs), especially for the applications requiring the accurate position of the sensed information. Various algorithms have been proposed to obtain the location of sensor nodes. However, most of existing location algorithms assumes a non-adversarial environment. The position estimation accuracy decreases drastically when some of the sensor nodes are compromised. In this paper, we develop a secure localization scheme to resist the attack on the DV-Hop scheme, to mitigate the impact of such attacks. In our scheme, the flooding packets in the DV-Hop will be authenticated and the weight of beacon nodes will be used to abate the effect of nodes capture attack. Analysis and simulation results demonstrate that the proposed can not only against nodes compromised attack effectively but also achieve comparable localization performance

Quantum authentication protocols can be used to authenticate both quantum messages and classical messages. In this paper, a new quantum authentication protocol of classical messages is proposed. In our protocol, a sequence of Bell states is shared by the message sender and the corresponding receiver. This sequence is used as the authentication key. Four different unitary operations U0, U1, U2 and U3 are used to encode a classical message m and its hash value h(m) into a sequence of Bell states. To authenticate the classical message, the message receiver extracts m and h(m) from the qubits owned by himself/herself, and verifies whether h(m) matches m. The adversary’s disturbance to the quantum channel can be detected by checking whether h(m) matches m. The transmitted message has the properties of both secrecy and authentication. Our quantum authentication protocol is secure against message attack and no-message attack.

Security is the one of the major issue that exists in Mobile Ad hoc network. Mobile Ad hoc network is infrastructure less network so it is vulnerable to several security attacks that are on different layers. Wormhole attack is one of the serious routing attack on network layer. This paper focuses on the wormhole attack, its classification and the modes by which they are launched. This paper summarizes various detection techniques proposed for wormhole attack and also present the effect of wormhole attack on various performance parameters.

With the rapid development of computer network, digital watermarking, which is an effective digital products copyright protection technology, was widely applied in the security forensic. Those were analyzed that are the defects of existing time stamp scheme of digital watermarking and the characteristics of the pseudo-random sequence. The new scheme based on time stamp and pseudo-random sequence was proposed. Indistinguishability and scalability of watermark were analyzed from the experimental results. And other two aspects were obviously improved in the new scheme, which were in improving protocol’s security and reducing the quantity of data embedded in digital works.

In an open and distributed network, role-based access control (RBAC) model has the following deficiencies: Firstly, it is unable to provide flexible access control policy, and the granularity of authorization is too large. Secondly, the allocation and management of roles are too cumbersome, which leads to low efficiency of access control. To deal with these problems, we present a hybrid attribute based RBAC (HA-RBAC) model. In this paper, we deeply research the mapping relationships of roles and attributes, propose a combination of static-attribute-based roles and dynamic-attribute-based rules to simplify the management of access control policy and downsize the access control system, while we formally define the construction of HA-RBAC model and access control algorithm. Comparative analysis and simulation experiments show that this model can not only adapt to the role of fine-grained division and simplify policy management, but also improve the efficiency of access control, and reduce system consumption.

Certificateless public key cryptography (CL-PKC) is an appealing paradigm with the advantages of both conventional public key cryptosystem and ID-based cryptosystem because it avoids using certificates and eliminates the key escrow problem. Ring signcryption is an attractive primitive which allows one user to send a message anonymously, confidentially and authentically. Recently, Qi et al. proposed a novel certificateless ring signcryption scheme with bilinear pairings, and claimed the scheme is provably-secure in the random oracle model. In this paper, we reveal that Qi et al.’s scheme is not secure against both a Type I adversary and a Type II adversary. By giving specific attacks, we found it is unable to meet the fundamental requirements of confidentiality and unforgeability.