Cyber-physical technologies are prone to attacks in addition to faults and failures. The issue of protecting cyber-physical systems should be tackled by jointly addressing security at both cyber and physical domains in order to promptly detect and mitigate cyber-physical threats. Toward this end, this letter proposes a new architecture combining control-theoretic solutions together with programmable networking techniques to jointly handle crucial threats to cyber-physical systems. The architecture paves the way for new interesting techniques research directions and challenges which we discuss in our work

The information required to build appropriate impact models depends directly on the nature of the system. The information dealt by health care systems, for instance, is particularly different from the information obtained by energy, telecommunication, transportation, or water supply systems. It is therefore important to properly classify the data of security events according to the nature of the system. This paper proposes an event data classification based on four main aspects: (i) the system's criticality, i.e., critical vs. non-critical; (ii) the geographical location of the target system, i.e., internal vs. external; (iii) the time at which the information is obtained and used by the attacker i.e., a priory vs. a posteriori; and (iv) the nature of the data, i.e., logical vs. physical. The ultimate goal of the proposed taxonomy is to help organizations in the assessment of their assets and events.

We present PCS, a privacy-preserving certification mechanism that allows users to conduct anonymous and unlinkable actions. The mechanism is built over an attribute-based signature construction. The proposal is proved secure against forgery and anonymity attacks. A use case on the integration of PCS to enhance the privacy of learners of an e-assessment environment, and some details of the ongoing implementation, are briefly presented.

We address the challenge of correctly estimating the position of wireless sensor network (WSN) nodes in the presence of malicious adversaries. We consider adversarial situations during the execution of node localization under three classes of colluding adversaries. We describe a decentralized algorithm that aims at determining the position of nodes in the presence of such colluders. Colluders are assumed to either forge or manipulate the information they exchange with the other nodes of the WSN. This algorithm allows location-unknown nodes to successfully detect adversaries within their communication range. Numeric simulation is reported to validate the approach. Results show the validity of the proposal, both in terms of localization and adversary detection.

We present an anonymous certification scheme that provides data minimization to allow the learners of an e-assessment platform to reveal only required information to certificate authority providers. Attribute-based signature schemes are considered as a promising cryptographic primitive for building privacy-preserving attribute credentials, also known as anonymous credentials. These mechanisms allow the derivation of certified attributes by the issuing authority relying on non-interactive protocols and enable end-users to authenticate with verifiers in a pseudonymous manner, e.g., by providing only the minimum amount of information to service providers.

We address security issues in cyber-physical systems (CPSs). We focus on the detection of attacks against cyber-physical systems. Attacks against these systems shall be handled both in terms of safety and security. Networked-control technologies imposed by industrial standards already cover the safety dimension. However, from a security standpoint, using only cyber information to analyze the security of a cyber-physical system is not enough, since the physical malicious actions that can threaten the correct behavior of the systems are ignored. For this reason, the systems have to be protected from threats to their cyber and physical layers. Some authors have handled replay and integrity attacks using, for example, physical attestation to validate the cyber process and to detect the attacks, or watermark-based detectors which uses also physical parameters to ensure the cyber layers. We reexamine the effectiveness of a stationary watermark-based detector. We show that this approach only detects adversaries that do not attempt to get any knowledge about the system dynamics. We analyze the detection ratio of the original design under the presence of new adversaries that are able to infer the system dynamics and are able to evade the detector with high frequency. We propose a new detection scheme which employs several non-stationary watermarks. We validate the detection efficiency of the new strategy via numeric simulations and via running experiments on a laboratory testbed. Results show that the proposed strategy is able to detect adversaries using non-parametric methods, but it is not equally effective against adversaries using parametric identification methods.

How can a group of distributed secondary users make rendezvous on one among a set of available channels, whose exact content is a priori unknown to the participants? Let us assume that secondary users scan the set of channels, attempting to make rendezvous with each other. Each user has several radios that are concurrently used to achieve rendezvous. We propose two rendezvous algorithms for users equipped with several radios each. We study in detail the multiple user case and the asymmetric case, where the users have different but overlapping channel sets. The performance of the algorithms are analyzed and evaluated through simulation. Equations modeling the worst case performance and expected performance are developed. (C) 2016 Published by Elsevier Ltd.

Peinado et al. analyzed the security of the J3Gen pseudorandom number generator proposed by Melia-Segui et al., and claimed weaknesses regarding its security properties. They also presented a deterministic attack based on the decimation of the J3Gen output sequences. We show that the assumptions made by Peinado et al. are not correct and that the proposed deterministic attack against J3Gen does not hold in practice.

Pseudorandom generators are the main security tool in EPC Gen2 systems. Besides its statistical compliance with the standard, no further information is provided on its design, performance or generation scheme. We empirically analysed EPC Gen2 pseudorandom sequences using a novel experimental setup. From our analysis, we obtained evidences that pseudorandom number generators used in different commercial integrated circuits use the same algorithm. This paper presents the results of this analysis. Copyright (c) 2012 John Wiley & Sons, Ltd.

Pseudorandom number generation (PRNG) is the main security tool in low-cost passive radio-frequency identification (RFID) technologies, such as EPC Gen2. We present a lightweight PRNG design for low-cost passive RFID tags, named J3Gen. J3Gen is based on a linear feedback shift register (LFSR) configured with multiple feedback polynomials. The polynomials are alternated during the generation of sequences via a physical source of randomness. J3Gen successfully handles the inherent linearity of LFSR based PRNGs and satisfies the statistical requirements imposed by the EPC Gen2 standard. A hardware implementation of J3Gen is presented and evaluated with regard to different design parameters, defining the key-equivalence security and nonlinearity of the design. The results of a SPICE simulation confirm the power-consumption suitability of the proposal.

Firewall configurations are evolving into dynamic policies that depend on protocol states. As a result, stateful configurations tend to be much more error prone. Some errors occur on configurations that only contain stateful rules. Others may affect those holding both stateful and stateless rules. Such situations lead to configurations in which actions on certain packets are conducted by the firewall, while other related actions are not. We address automatic solutions to handle these problems. Permitted states and transitions of connection-oriented protocols (in essence, on any layer) are encoded as automata. Flawed rules are identified and potential modifications are provided in order to get consistent configurations. We validate the feasibility of our proposal based on a proof of concept prototype that automatically parses existing firewall configuration files and handles the discovery of flawed rules according to our approach. (C) 2013 Elsevier Ltd. All rights reserved.

The use of anonymity-based infrastructures and anonymisers is a plausible solution to mitigate privacy problems on the Internet. Tor (short for The onion router) is a popular low-latency anonymity system that can be installed as an end-user application on a wide range of operating systems to redirect the traffic through a series of anonymising proxy circuits. The construction of these circuits determines both the latency and the anonymity degree of the Tor anonymity system. While some circuit construction strategies lead to delays which are tolerated for activities like Web browsing, they can make the system vulnerable to linking attacks. We evaluate in this paper three classical strategies for the construction of Tor circuits, with respect to their de-anonymisation risk and latency performance. We then develop a new circuit selection algorithm that considerably reduces the success probability of linking attacks while keeping a good degree of performance. We finally conduct experiments on a real-world Tor deployment over Planet Lab. Our experimental results confirm the validity of our strategy and its performance increase for Web browsing. (c) 2013 Elsevier Ltd. All rights reserved.

A common operation in wireless ad hoc networks is the flooding of broadcast messages to establish network topologies and routing tables. The flooding of broadcast messages is, however, a resource consuming process. It might require the retransmission of messages by most network nodes. It is, therefore, very important to optimize this operation. In this paper, we first analyze the multipoint relaying (MPR) flooding mechanism used by the Optimized Link State Routing (OLSR) protocol to distribute topology control (TC) messages among all the system nodes. We then propose a new flooding method, based on the fusion of two key concepts: distance-enabled multipoint relaying and connected dominating set (CDS) flooding. We present experimental simulations that show our approach improves the performance of previous existing proposals. (C) 2010 Elsevier Ltd. All rights reserved.