Cyber-Physical Security for IoT Systems

With the proliferation of mobile devices and the increasing demand for low-latency and high-throughput applications, mobile edge computing (MEC) has emerged as a promising paradigm to offload computational tasks to the network edge. However, the dynamic and resource-constrained nature of MEC environments introduces new challenges, particularly in the realm of security. In this context, intrusion detection becomes crucial to safeguard the integrity and confidentiality of sensitive data processed at the edge. This paper presents a novel Secured Edge Computing Intrusion Detection System (SEC-IDS) tailored for MEC environments. The proposed SEC-IDS framework integrates both signature-based and anomaly-based detection mechanisms to enhance the accuracy and adaptability of intrusion detection. Leveraging edge computing resources, the framework distributes detection tasks closer to the data source, thereby reducing latency and improving real-time responsiveness. To validate the effectiveness of the proposed SEC-IDS framework, extensive experiments were conducted in a simulated MEC environment. The results demonstrate superior detection rates compared to traditional centralized approaches, highlighting the efficiency and scalability of the proposed solution. Furthermore, the framework exhibits resilience to resource constraints commonly encountered in edge computing environments. Full article

Information is pivotal in contemporary society, highlighting the necessity for a secure cryptographic system. The emergence of quantum algorithms and the swift advancement of specialized quantum computers will render traditional cryptography susceptible to quantum attacks in the foreseeable future. The lattice-based Saber key encapsulation protocol holds significant value in cryptographic research and practical applications. In this paper, we propose three types of polynomial multipliers for various application scenarios including lightweight Schoolbook multiplier, high-throughput multiplier based on the TMVP-Schoolbook algorithm and improved pipelined NTT multiplier. Other principal modules of Saber are designed encompassing the hash function module, sampling module and functional submodule. Based on our proposed multiplier, we implement the overall hardware circuits of the Saber key encapsulation protocol. Experimental results demonstrate that our overall hardware circuits have different advantages. Our lightweight implementation has minimal resource consumption. Our high-throughput implementation only needs 23.28 $\mathsf{\mu }$s to complete the whole process, which is the fastest among the existing works. The throughput rate is 10,988 Kbps and the frequency is 416 MHz. Our hardware implementation based on the improved pipelined NTT multiplier achieved a good balance between area and performance. The overall frequency can reach 357 MHz. Full article

The Internet of Medical Things (IoMT) is a bio-network of associated medical devices, which is slowly improving the healthcare industry by focusing its abilities on enhancing personal healthcare benefits with medical data. Moreover, the IoMT tries to deliver sufficient and more suitable medical services at a low cost. With the rapid growth of technology, medical instruments that are widely used anywhere are likely to increase security issues and create safe data transmission issues through resource limitations and available connectivity. Moreover, the patients probably face the risk of different forms of physical harm because of IoMT device attacks. In this paper, we present a secure environment for IoMT devices against cyber-attacks for patient medical data using a new IoMT framework with a hybrid genetic algorithm-based random forest (GA-RF) model. The proposed algorithm achieved better results in terms of accuracy (99.999%), precision, and recall (100%, respectively) to detect cyber-attacks based on two NSL-KDD and UNSW_2018_IoT_Botnet data sets than the other machine learning algorithms. Full article

With the rise in sophisticated cyber threats, traditional authentication methods are no longer sufficient. Risk-based authentication (RBA) plays a critical role in the context of the zero trust framework—a paradigm shift that assumes no trust within or outside the network. This research introduces a novel proposal as its core: utilization of the time required by OpenID Connect (OIDC) token exchanges as a new RBA feature. This innovative approach enables the detection of tunneled connections without any intervention from the user’s browser or device. By analyzing the duration of OIDC token exchanges, the system can identify any irregularities that may signify unauthorized access attempts. This approach not only improves upon existing RBA frameworks but is also in alignment with the broader movement toward intelligent and responsive security systems. Full article

Malware propagation is a growing concern due to its potential impact on the security and integrity of connected devices in Internet of Things (IoT) network environments. This study investigates parameter estimation for Susceptible-Infectious-Recovered (SIR) and Susceptible–Infectious–Recovered–Susceptible (SIRS) models modeling malware propagation in an IoT network. Synthetic data of malware propagation in the IoT network is generated and a comprehensive comparison is made between two approaches: algorithms based on Monte Carlo methods and Physics-Informed Neural Networks (PINNs). The results show that, based on the infection curve measured in the IoT network, both methods are able to provide accurate estimates of the parameters of the malware propagation model. Furthermore, the results show that the choice of the appropriate method depends on the dynamics of the spreading malware and computational constraints. This work highlights the importance of considering both classical and AI-based approaches and provides a basis for future research on parameter estimation in epidemiological models applied to malware propagation in IoT networks. Full article

The advanced technology of vehicles makes them vulnerable to external exploitation. The current trend of research is to impose security measures to protect vehicles from different aspects. One of the main problems that counter Intrusion Detection Systems (IDSs) is the necessity to have a low false acceptance rate (FA) with high detection accuracy without major changes in the vehicle network infrastructure. Furthermore, the location of IDSs can be controversial due to the limitations and concerns of Electronic Control Units (ECUs). Thus, we propose a novel framework of multistage to detect abnormality in vehicle diagnostic data based on specifications of diagnostics and stacking ensemble for various machine learning models. The proposed framework is verified against the KIA SOUL and Seat Leon 2018 datasets. Our IDS is evaluated against point anomaly attacks and period anomaly attacks that have not been used in its training. The results show the superiority of the framework and its robustness with high accuracy of 99.21%, a low false acceptance rate of 0.003%, and a good detection rate (DR) of 99.63% for Seat Leon 2018, and an accuracy of 99.22%, a low false acceptance rate of 0.005%, and good detection rate of 98.59% for KIA SOUL. Full article

This paper proposes a modified sensor measurement expression for a moving target defense (MTD) strategy to detect coordinated cyber-physical attacks (CCPAs). Essentially, the MTD defense characteristics for detecting false data injection attacks (FDIAs) differ from those used to detect CCPAs. In the first case, the MTD performance in detecting FDIAs at the attack-execution stage is mainly considered, which is generally denoted by the detection probability; however, whether the construction of undetectable CCPAs is disrupted via the MTD strategy used during the attack-preparation stage is the focus of the latter case. There has been little work on the detection of undetectable CCPAs in the context of MTD post-activation. In our work, a novel approach to detecting undetectable CCPAs via a modified sensor measurement expression is proposed. First, the production mechanism for undetectable CCPAs without the application of an MTD strategy is transferred to that which occurs after MTD activation; then, based on an in-depth analysis of the CCPAs’ production mechanism after MTD activation, a novel modified sensor measurement expression is presented to detect undetectable CCPAs. Extensive simulations were conducted on three standard power systems to verify the effectiveness and simplicity of our approach to detecting CCPAs. Full article

Cluster formation and task processing are standard features for leveraging the performance of unmanned aerial vehicles (UAVs). As the UAV network is aided by sensors, functions such as clustering, reformation, and autonomous working are adaptively used for dense task processing. In consideration of the distributed nature of the UAV network coupled with wireless sensors, this article introduces a Rational Clustering Method (RCM) using dense task neighbor information exchange. The Rational Clustering Method (RCM) is an algorithm for dense task neighbor information exchange that can be used to cluster objects according to their shared properties. Each object’s task neighbors, and the similarities between them, are calculated using this method. Starting with the task density of its neighbors, the RCM algorithm gives each object in the dataset a weight. This information exchange process identifies a UAV units’ completing tasks and free slots. Using this information, high-slot UAVs within the communication range can be grouped as clusters. Unlike wireless sensor clusters, task allocation is performed on the basis of available slots and UAV longevity within the cluster; this prevents task incompletion/failures and delays in a densely populated UAV scenario. Cluster sustainability or dispersion is recommended when using distributed state learning. State learning transits between the pending task and UAV longevity; an intermediate state is defined for task reassignment amid immediate cluster deformation. This triple feature-based distributed method balances tasks between failures, overloading, and idle UAVs. The RCM was verified using task processing rate, completion ratio, reassignment, failures, and delay. Task processing rate was increased by 8.16% and completion ratio was increased by 10.3% with the proposed RCM-IE. Reassignment, failure, and delay were all reduced by 12.5%, 9.87%, and 11.99%, respectively, using this method. Full article

Cyber–physical systems (CPSs) are a new generation of intelligent system that integrate communication, control and computation functions and are widely used in traditional infrastructure networks, such as power network, transportation network and others. In order to ensure the stable operation and improve the robustness of CPSs, the studies of robustness assessment have attracted much attention from academia. However, previous models assume that the failure propagation conforms to a strongly interdependent relationship, and only consider the interaction between nodes, while ignoring the interaction between nodes and links. In this paper, we develop a novel simulation model with the consideration of both the coupling modes and the failure propagation objects. Based on the simulation model, we study how the interdependent mechanisms, failure propagation probability and protection strategies affect the robustness of CPSs. The simulations of our proposed model are demonstrated in a test CPS formed by coupling two classical complex networks. Compared with previous models, our proposed model shows different performances and comprehensively characterizes the interdependent relationship of CPSs. In detail, disassortative coupling shows the worst performance and the CPS becomes more sensitive to failure propagation when Node–Link is selected as the failure propagation object. In addition, compared to the communication network, the power network is more sensitive to failure propagation. Protecting electrical nodes is a more effective way to strengthen the robustness of CPSs when conservation resources are limited. Our work provides useful advice to operators on how to effectively design and protect a CPS. Full article

Stealthy attacks in sensor and actuator loops are the research priorities in the security of cyber-physical systems. Existing attacks define the stealthiness conditions against the Chi-square or Kullback-Leibler divergence detectors and parameterize the attack model based on additive signals. Such conditions ignore the potential anomalies of the vulnerable outputs in the control layer, and the attack sequences need to be generated online, increasing the hardware and software costs. This paper investigates a type of multiplicative attack with essential stealthiness where the employed model is a novel form. The advantage is that the parameters can be designed in a constant form without having to be generated online. An essential stealthiness condition is proposed for the first time and complements the existing ones. Two sufficient conditions for the existence of constant attack matrices are given in the form of theorems, where two methods for decoupling the unknown variables are particularly considered. A quadruple-tank process, an experimental platform for attack and defense, is developed to verify the theoretical results. The experiments indicate that the proposed attack strategy can fulfill both the attack performance and stealthiness conditions. Full article