As essential components of the wide-area measurement system (WAMS), phasor measurement units (PMUs), frequency disturbance recorders (FDRs) and universal grid analyzers (UGAs) collect valuable data continuously to rev...
详细信息
As essential components of the wide-area measurement system (WAMS), phasor measurement units (PMUs), frequency disturbance recorders (FDRs) and universal grid analyzers (UGAs) collect valuable data continuously to reveal the dynamic variations of power systems and to enhance the operators' situational awareness ability. However, these devices are vulnerable to multiple types of data exception emerging in recent years, such as datasource ID mix exception spoofing, substantially threatening system security. To ensure the cyber security of WAMS, this work proposes a new spatial signature extraction method, followed by the quadratic kernel support vector machine (QKSVM)-based algorithm, to authenticate datasource in WAMS. First, the load-frequency characteristic (LFC), which can represent the impacts of load variations on frequency, is utilized to extract the spatial signatures of FDRs located in different regions. Then, the quadratic kernel function is employed in the QKSVM-based algorithm to map the signatures into Hilbert space to authenticate the datasource more accurately. Finally, case studies in the U.S. Western and Eastern power systems show that the proposed model-free algorithm is less sensitive to system sizes, and can achieve a higher authentication accuracy in a much shorter window length compared with other algorithms.
There are three problems at present that SAIDA and eSAIDA can resist packet-loss but cannot resist packet-injection, and PRABS can resist packet-injection but the communication cost is too large. We propose a new real...
详细信息
ISBN:
(纸本)9781467348041;9781467348065
There are three problems at present that SAIDA and eSAIDA can resist packet-loss but cannot resist packet-injection, and PRABS can resist packet-injection but the communication cost is too large. We propose a new real-time packet-injection-loss resistant data source authentication protocol (RPILRSA) in this paper. Using merkle hash tree, RPILRSA can discover the packets which are injected by the attacker before verifying the signature. Using erasure codes, this protocol can resist packet-loss in a certain extent, and realize real-time authentication by dividing data into blocks. Analysis shows that RPILRSA's communication cost is about 7%similar to 9% of PRABS, and the cost of computing and verifying authentication information in RPILRSA is also less than in PRABS.
An efficient packet-injection resistant data source authentication protocol for group communication(EPJRSA) was proposed to authenticate data *** can recognize which packets are injected by attacker and delete *** it ...
详细信息
An efficient packet-injection resistant data source authentication protocol for group communication(EPJRSA) was proposed to authenticate data *** can recognize which packets are injected by attacker and delete *** it cannot recover the lost *** an advanced protocol based on EPJRSA protocol is proposed to solve this *** advanced EPJRSA protocol is used to build a video broadcast *** system has the ability of packet loss and injection *** it can guarantee the security of both video data and authentication information at the same *** are set to verify the correctness of the system.
Software defined networking (SDN) decouples the controller plane from the data plane, offering flexible network configure and management. Because of this architecture, the SDN network is vulnerable to threats caused b...
详细信息
ISBN:
(纸本)9781450371445
Software defined networking (SDN) decouples the controller plane from the data plane, offering flexible network configure and management. Because of this architecture, the SDN network is vulnerable to threats caused by user identity forgery, such as illegal intrusion and DDoS attacks. In this paper, we propose a control and forwarding mechanism based on cipher identification in SDN. All packets are encapsulated with cipher identification and signed by private keys based on cipher identification. In order to prevent the forged packets, mechanism verifies the signature at the entrance and exit of the network. The cipher identifier is designed as a matching field recognized by the SDN switch, and the network forwarding behavior is defined based on the cipher identifier.
Quantum network coding is vulnerable to pollution attacks, especially when using classical channel as auxiliary resource. On this basis, this letter proposes a secure quantum network coding scheme against pollution at...
详细信息
Quantum network coding is vulnerable to pollution attacks, especially when using classical channel as auxiliary resource. On this basis, this letter proposes a secure quantum network coding scheme against pollution attacks. The scheme uses quantum homomorphic signature for the efficient authentication of different datasources so as to detect pollution attacks in the butterfly network. Furthermore, with the help of trusted intermediate nodes, it can locate a corrupt datasource. Analysis results show that the proposed quantum network coding scheme can defend against pollution attacks with high fidelity, fewer resource consumption, and lower rate region.
Many applications, such as broadcasting stock quotes and video-conferencing require data source authentication of the received multicast traffic. Multicast data source authentication must take into consideration the s...
详细信息
Many applications, such as broadcasting stock quotes and video-conferencing require data source authentication of the received multicast traffic. Multicast data source authentication must take into consideration the scalability and the efficiency of the underlying cryptographic schemes and mechanisms, because multicast groups can be very large and the exchanged data are likely to be important in volume (streaming). Besides, multicast data source authentication must be robust enough against packet loss because most of multicast multimedia applications do not use reliable packet delivery. In this paper, we propose a hybrid hash-chaining scheme in conjunction with an adaptive and efficient data source authentication protocol which tolerates packet loss and guarantees non-repudiation of media-streaming origin. We have simulated our protocol using NS-2, and the simulation results show that the protocol has remarkable features and efficiency compared to other recent data source authentication protocols. (C) 2005 Elsevier Ltd. All rights reserved.
暂无评论