Vehicular Ad-hoc NETworks(VANETs)enable cooperative behaviors in vehicular environments and are seen as an integral component of Intelligent Transportation Systems(ITSs).The security of VANETs is crucial for their suc...Vehicular Ad-hoc NETworks(VANETs)enable cooperative behaviors in vehicular environments and are seen as an integral component of Intelligent Transportation Systems(ITSs).The security of VANETs is crucial for their successful deployment and widespread adoption.A critical aspect of preserving the security and privacy of VANETs is the efficient revocation of the ability of misbehaving or malicious vehicles to participate in the network.This is usually achieved by revoking the validity of the digital certificates of the offending nodes and by maintaining and distributing an accurate Certificate Revocation List(CRL).The immediate revocation of misbehaving vehicles is of prime importance for the safety of other vehicles and users.In this paper,we present a decentralized revocation approach based on Shamir’s secret sharing to revoke misbehaving vehicles with very low delays.Besides enhancing VANETs’security,our proposed protocol limits the size of the revocation list to the number of the revoked vehicles.Consequently,the authentication process is more efficient,and the communication overhead is reduced.We experimentally evaluate our protocol to demonstrate that it provides a reliable solution to the scalability,efficiency and security of VANETs.展开更多
Ensuring the correctness of answers to substring queries has not been a concern for consumers working within the traditional confines of their own organisational infrastructure. This is due to the fact that organisati...Ensuring the correctness of answers to substring queries has not been a concern for consumers working within the traditional confines of their own organisational infrastructure. This is due to the fact that organisations generally trust their handling of their own data hosted on their own servers and networks. With cloud computing however, where both data and processing are delegated to unknown servers, guarantees of the correctness of queries need to be available. The verification of the results of substring searches has not been given much focus to date within the wider scope of data and query, verification. We present a verification scheme for existential substring searc, hes on text files, which is the first of its kind to satisfy the desired properties of authenticity, completeness, and freshness. The scheme is based on suffix arrays, Merkle hash trees and cryptographic hashes to provide strong guarantees of correctness for the consumer, even in fully untrusted environments. We provide a description of our scheme, along with the results of experiments conducted on a fully-working prototype.展开更多
Zero trust architecture(ZTA)is a paradigm shift in how we protect data,stay connected and access resources.ZTA is non-perimeter-based defence,which has been emerging as a promising revolution in the cyber security fie...Zero trust architecture(ZTA)is a paradigm shift in how we protect data,stay connected and access resources.ZTA is non-perimeter-based defence,which has been emerging as a promising revolution in the cyber security field.It can be used to continuously maintain security by safeguarding against attacks both from inside and outside of the network system.However,ZTA automation and orchestration,towards seamless deployment on real-world networks,has been limited to be reviewed in the existing literature.In this paper,we first identify the bottlenecks,discuss the background of ZTA and compare it with traditional perimeter-based security architectures.More importantly,we provide an in-depth analysis of state-of-the-art AI techniques that have the potential in the automation and orchestration of ZTA.Overall,in this review paper,we develop a foundational view on the challenges and potential enablers for the automation and orchestration of ZTA.展开更多
With the growing concern about the security and privacy of smart grid systems,cyberattacks on critical power grid components,such as state estimation,have proven to be one of the top-priority cyber-related issues and ...With the growing concern about the security and privacy of smart grid systems,cyberattacks on critical power grid components,such as state estimation,have proven to be one of the top-priority cyber-related issues and have received significant attention in recent years.However,cyberattack detection in smart grids now faces new challenges,including privacy preservation and decentralized power zones with strategic data owners.To address these technical bottlenecks,this paper proposes a novel Federated Learning-based privacy-preserving and communication-efficient attack detection framework,known as FedDiSC,that enables Discrimination between power System disturbances and Cyberattacks.Specifically,we first propose a Federated Learning approach to enable Supervisory Control and Data Acquisition subsystems of decentralized power grid zones to collaboratively train an attack detection model without sharing sensitive power related data.Secondly,we put forward a representation learning-based Deep Auto-Encoder network to accurately detect power system and cybersecurity anomalies.Lastly,to adapt our proposed framework to the timeliness of real-world cyberattack detection in SGs,we leverage the use of a gradient privacy-preserving quantization scheme known as DP-SIGNSGD to improve its communication efficiency.Extensive simulations of the proposed framework on publicly available Industrial Control Systems datasets demonstrate that the proposed framework can achieve superior detection accuracy while preserving the privacy of sensitive power grid related information.Furthermore,we find that the gradient quantization scheme utilized improves communication efficiency by 40%when compared to a traditional federated learning approach without gradient quantization which suggests suitability in a real-world scenario.展开更多
文摘Vehicular Ad-hoc NETworks(VANETs)enable cooperative behaviors in vehicular environments and are seen as an integral component of Intelligent Transportation Systems(ITSs).The security of VANETs is crucial for their successful deployment and widespread adoption.A critical aspect of preserving the security and privacy of VANETs is the efficient revocation of the ability of misbehaving or malicious vehicles to participate in the network.This is usually achieved by revoking the validity of the digital certificates of the offending nodes and by maintaining and distributing an accurate Certificate Revocation List(CRL).The immediate revocation of misbehaving vehicles is of prime importance for the safety of other vehicles and users.In this paper,we present a decentralized revocation approach based on Shamir’s secret sharing to revoke misbehaving vehicles with very low delays.Besides enhancing VANETs’security,our proposed protocol limits the size of the revocation list to the number of the revoked vehicles.Consequently,the authentication process is more efficient,and the communication overhead is reduced.We experimentally evaluate our protocol to demonstrate that it provides a reliable solution to the scalability,efficiency and security of VANETs.
文摘Ensuring the correctness of answers to substring queries has not been a concern for consumers working within the traditional confines of their own organisational infrastructure. This is due to the fact that organisations generally trust their handling of their own data hosted on their own servers and networks. With cloud computing however, where both data and processing are delegated to unknown servers, guarantees of the correctness of queries need to be available. The verification of the results of substring searches has not been given much focus to date within the wider scope of data and query, verification. We present a verification scheme for existential substring searc, hes on text files, which is the first of its kind to satisfy the desired properties of authenticity, completeness, and freshness. The scheme is based on suffix arrays, Merkle hash trees and cryptographic hashes to provide strong guarantees of correctness for the consumer, even in fully untrusted environments. We provide a description of our scheme, along with the results of experiments conducted on a fully-working prototype.
文摘Zero trust architecture(ZTA)is a paradigm shift in how we protect data,stay connected and access resources.ZTA is non-perimeter-based defence,which has been emerging as a promising revolution in the cyber security field.It can be used to continuously maintain security by safeguarding against attacks both from inside and outside of the network system.However,ZTA automation and orchestration,towards seamless deployment on real-world networks,has been limited to be reviewed in the existing literature.In this paper,we first identify the bottlenecks,discuss the background of ZTA and compare it with traditional perimeter-based security architectures.More importantly,we provide an in-depth analysis of state-of-the-art AI techniques that have the potential in the automation and orchestration of ZTA.Overall,in this review paper,we develop a foundational view on the challenges and potential enablers for the automation and orchestration of ZTA.
文摘With the growing concern about the security and privacy of smart grid systems,cyberattacks on critical power grid components,such as state estimation,have proven to be one of the top-priority cyber-related issues and have received significant attention in recent years.However,cyberattack detection in smart grids now faces new challenges,including privacy preservation and decentralized power zones with strategic data owners.To address these technical bottlenecks,this paper proposes a novel Federated Learning-based privacy-preserving and communication-efficient attack detection framework,known as FedDiSC,that enables Discrimination between power System disturbances and Cyberattacks.Specifically,we first propose a Federated Learning approach to enable Supervisory Control and Data Acquisition subsystems of decentralized power grid zones to collaboratively train an attack detection model without sharing sensitive power related data.Secondly,we put forward a representation learning-based Deep Auto-Encoder network to accurately detect power system and cybersecurity anomalies.Lastly,to adapt our proposed framework to the timeliness of real-world cyberattack detection in SGs,we leverage the use of a gradient privacy-preserving quantization scheme known as DP-SIGNSGD to improve its communication efficiency.Extensive simulations of the proposed framework on publicly available Industrial Control Systems datasets demonstrate that the proposed framework can achieve superior detection accuracy while preserving the privacy of sensitive power grid related information.Furthermore,we find that the gradient quantization scheme utilized improves communication efficiency by 40%when compared to a traditional federated learning approach without gradient quantization which suggests suitability in a real-world scenario.
