Sriram Sankaran - Academia.edu (original) (raw)

Papers by Sriram Sankaran

Springer eBooks, Dec 15, 2021

The increase in computing and communication capabilities has enabled embedded devices to perform ... more The increase in computing and communication capabilities has enabled embedded devices to perform a wide variety of sensing and monitoring tasks in diverse domains. Keystroke authentication for embedded devices leverages the unique typing patterns of users toward creating behavioral profiles for identification. However, keystroke authentication can be bypassed by manipulating inputs thus causing machine learning models to operate on perturbed data resulting in higher error rates. In this paper, we propose to develop an adversarial model for keystroke authentication in embedded devices. The proposed model leverages Feature Importance Guided Attack (FIGA) [1] method to add perturbations in the inputs which in turn increases error rate thus allowing the attacker access to the system. Evaluation using RandomForest, XGBoost, and SVM models shows an average Error rate across all the users to be 60%, 55%, and 63%, respectively. Our analysis shows that it takes an average of 3.18 s for the attacker to generate samples per user and that the generated samples are realistic in nature. Finally, the computational complexity of our proposed model is O(n) which is comparable with existing adversarial models.

Local Computer Networks, 2018

International Conference on Advanced Computing, 2018

The increasing complexity of mobile applications leads to rapid battery drain in mobile devices. ... more The increasing complexity of mobile applications leads to rapid battery drain in mobile devices. Limited improvements in battery technology have forced system designers to utilize the limited energy efficiently thus making energy management one of the foremost concerns in mobile devices. Our analysis reveals that users differ in their context and CPU usage patterns which can be utilized for energy savings. However, predicting CPU usage is challenging due to ever-increasing size of user data coupled with varying usage behavior. In this work, we develop a hybrid model using time series and deep neural networks to predict future usage which in turn can be leveraged for power savings. We start with studying the varying usage patterns of users and further proceed to describe our hybrid model and finally perform evaluation on the user traces from the Livelab dataset. Proof of concept evaluation for a single user shows that the proposed hybrid model incurs lesser errors compared to individual ones used in a standalone manner. Our proposed model is generic in that it can be applied to users with varying usage behavior which in turn can be used to facilitate efficient allocation of resources.

The emerging discipline of Cyber Physical Systems (CPS) integrate the interdisciplinary fields of... more The emerging discipline of Cyber Physical Systems (CPS) integrate the interdisciplinary fields of computing, networking and control to offer solutions to real world problems. CPS solutions typically include security mechanisms that defend against attack attempts and initiate countermeasures to thwart the attacker objectives. To minimize the system performance overhead, the optimal decision would be to initialize the security mechanism in response to attack attempts in contrast to sustained operation. In this work, we use Markov Decision Processes (MDP) to decide the threshold upon which the system initiates the security mechanism. The system may be initialized at the threshold to minimize the overall operating costs. The proposed model can be further used to develop a decision-centric security architecture for CPS that balances the trade-off between system performance and security.

Wireless Communications and Mobile Computing, Oct 10, 2018

As sensor-related technologies have been developed, smartphones obtain more information from inte... more As sensor-related technologies have been developed, smartphones obtain more information from internal and external sensors. This interaction accelerates the development of applications in the Internet of Things environment. Due to many attributes that may vary the quality of the IoT system, sensor manufacturers provide their own data format and application even if there is a well-defined standard, such as ISO/IEEE 11073 for personal health devices. In this paper, we propose a client-server-based sensor adaptation layer for an Android platform to improve interoperability among nonstandard sensors. Interoperability is an important quality aspect for the IoT that may have a strong impact on the system especially when the sensors are coming from different sources. Here, the server compares profiles that have clues to identify the sensor device with a data packet stream based on a modified Boyer-Moore-Horspool algorithm. Our matching model considers features of the sensor data packet. To verify the operability, we have implemented a prototype of this proposed system. The evaluation results show that the start and end pattern of the data packet are more efficient when the length of the data packet is longer.

The increasing complexity of mobile applications coupled with growing user demands lead to rapid ... more The increasing complexity of mobile applications coupled with growing user demands lead to rapid battery drain in mobile devices. However, battery technology cannot keep up with these trends thus making power management one of the foremost concerns. While system-level approaches to power management exist, the energy impact of applications on individual system components needs to be better understood for energy efficient system design. In this work, we develop energy models for mobile devices using performance counters and estimate the power consumption of system components for numerous embedded applications. Our models provide enhancements in I/O towards estimating I/O energy and cache to incorporate energy consumed during cache refill and write-back in the energy estimation process. We further compare our power estimates with existing models and demonstrate the uniqueness of our model.

Vehicular networks are being progressively advocated for traffic and congestion management, accid... more Vehicular networks are being progressively advocated for traffic and congestion management, accident prevention as well as enabling numerous location-based services. In vehicular networks, vehicles form platoons for improving operational efficiency and providing better traffic management thus resulting in optimized performance. However, platoons are vulnerable to notorious threats such as Sybil attacks wherein malicious users fabricate fictitious identities or impersonate those of legitimate nodes. In this paper, we model Sybil attacks in vehicular platoons using OMNET++, SUMO and Veins framework and evaluate their impact on performance. Further, a defense mechanism using hybrid key management in conjunction with witness based mechanisms is proposed. Evaluation shows that the proposed defense mechanism significantly limits the impact of Sybil attacks with minimal overhead. The proposed approach is lightweight in that public key based credentials are bootstrapped to set-up pairwise symmetric keys thus resulting in decreased overhead.

Internet of Things (IoTs) is gaining increasing significance due to real-time communication and d... more Internet of Things (IoTs) is gaining increasing significance due to real-time communication and decision making capabilties of sensors integrated into everyday objects. IoTs are power and bandwidth-constrained with applications in smarthome, healthcare, transportation and industrial domains. Routing bears significant importance in IoTs where sensors acting as hosts deliver data to the gateways which in turn impacts power consumption. Thus there exists a need for modeling and analysis of routing in IoT networks towards predicting power consumption. In this work, we develop an analytical model of a naive flooding based routing protocol using Markov chains. In particular, we derive steady state transition probabilities of transmit and receive states using protocol execution traces and further utilize them towards predicting power consumption. Our approach to modeling is generic in that it can be applied to routing protocols across domains. Evaluation of the model shows that the predicted values for power consumption lie closer to the actual observations obtained using ns-2 simulation thus resulting in minimal mean square errors.

Internet of Things (IoTs) is gaining increasing significance due to real-time communication and d... more Internet of Things (IoTs) is gaining increasing significance due to real-time communication and decision making capabilities of sensors integrated into everyday objects. Securing IoTs is one of the foremost concerns due to the ubiquitous nature of the sensors coupled with the increasing sensitivity of user data. Further, power-constrained nature of the IoTs emphasizes the need for lightweight security that can tailor to the stringent resource requirements of the sensors. In this work, we propose a lighweight security framework for IoTs using Identity based Cryptography. In particular, we develop a hierarchical security architecture for IoTs and further develop protocols for secure communication in IoTs using identity based cryptography. Our proposed mechanism has been evaluated using simulations conducted using Contiki and RELIC. Evaluation shows that our proposed mechanism is lightweight incurring lesser overhead and thus can be applied in IoTs.

2022 IEEE International Symposium on Smart Electronic Systems (iSES), Dec 1, 2022

The Industrial Internet of Things (IIoT) enhances the benefit of the Internet of Things (IoT) to ... more The Industrial Internet of Things (IIoT) enhances the benefit of the Internet of Things (IoT) to a higher level, especially in industries where human error can lead to catastrophic effects. However, security is a major concern in IIoT as hackers can gain access to connected systems, thus potentially subjecting operations to a shutdown. Besides, the outbreak of the COVID-19 pandemic changed the operations style of organizations into a remote work model. Consequently, there has been a significant increase in cyber-attacks leveraging vulnerabilities of IoT devices connected to the Internet. Considering the above factors, we propose a method of remote user authentication combining Photo Response Non-Uniformity (PRNU) with fingerprint bio-metric, which can prevent attacks. PRNU uniquely identifies the scanner, thereby authenticates the device of the user. To prove the effectiveness of PRNU, we collect fingerprint images from various scanners prototyped using Raspberry Pi and evaluate the performance. Our performance evaluation with a set of 10 fingerprint scanners shows promising results. Moreover, our analysis shows that the proposed scheme achieves a classification accuracy of 99%.

yber Physical Systems (CPS) are emerging as a current research discipline at the convergence of p... more yber Physical Systems (CPS) are emerging as a current research discipline at the convergence of physical, biological, engineering and data sciences. As technology evolves, Cyber Physical Systems become vulnerable to a wider spectrum of threats. Addressing these threats require the need for novel solutions for protecting critical infrastructure. However, there are two distinct challenges faced by researchers from cross-disciplinary fields such as energy systems, data science, and cyber security. First, there are lack of experimental platforms integrating industry-standard hardware, software and protocols. This impedes the research of conducting cybersecurity study on CPS including vulnerabilities connected with CPS parts and modeling their corresponding impact. Second, the absence of systematic labelled data along with other information relevant to the model poses hazards to the growth and assessment of data mining algorithms that can classify CPS cyber threats. Therefore, an experimental platform is required to model attacks and understand their impact on system operations and end-users and further develop analytics based security solutions to mitigate them. In this paper, we develop a cyber physical testbed using NS-3 network simulator in conjunction with Raspberry Pi acting as a proxy for CPS hardware components. In addition, we model a distributed denial of service attack (DDoS), a potential cyber threat in CPS using NS-3. Finally, we develop an anomaly detection system using Artificial Neural Network (ANN) that uses network layer parameters to distinguish between normal and anomalous behaviour. Evaluation shows that our proposed system achieves an accuracy of 98.32%. Cyber Physical, ANN, NS-3, Raspberry Pi

Transactions on Emerging Telecommunications Technologies, Sep 10, 2020

Advancements in computing and communication technologies, coupled with the ubiquitous availabilit... more Advancements in computing and communication technologies, coupled with the ubiquitous availability of low‐cost embedded devices, have enabled the vision of cyber‐physical systems (CPSs). With the advent of advanced persistent threats, CPSs are more vulnerable to sophisticated cyber‐attacks that cause catastrophic damages, thereby necessitating the development of novel defence architectures for CPS security. This work presents an analytical framework based on noncooperative game theory to evaluate the trustworthiness of individual nodes that constitute CPSs. The proposed approach uses the Nash equilibrium solution to derive a minimum trust threshold score for the CPS nodes. The game‐theoretic framework is evaluated on a supervisory control and data acquisition system prototype to model the evolution of the trust scores its sensors. Furthermore, we apply the model on a simulated unmanned aerial vehicle (UAV) system and derive the trust threshold. The trust threshold represents the minimum trust score required to be maintained by individual UAV nodes. Nodes with trust scores below the threshold are potentially malicious and may be removed or isolated to ensure the secure operation of the system. The proposed approach is successfully implemented to detect malicious behavior in a simulated multiloop UAV control system with a fewer number of false‐positives, achieving a maximum accuracy of 98.85% across different scenarios.

Journal of Ambient Intelligence and Humanized Computing, May 14, 2020

Cyber-Physical Systems (CPSs) integrate the interdisciplinary fields of computing, networking and... more Cyber-Physical Systems (CPSs) integrate the interdisciplinary fields of computing, networking and control to perform tasks in the real world. CPSs have recently found applications in many battery-powered devices with stringent energy consumption requirements. To ensure secure operation, CPS necessitates sufficient security mechanisms to be incorporated against cyber attacks. However, maximizing energy efficiency and improving security are desirable but contrasting requirements. Towards reducing energy consumption, the optimal strategy for CPS is to initialize the security mechanism dynamically, at the onset of cyberattacks. In the absence of attacks, CPS can deactivate the security mechanism to minimize energy consumption. In the case of CPS, this approach is novel and contrary to the traditional approach of long-term, continual operation of the security mechanism. Towards this goal, we use a decision-centric approach based on Markov Decision Process (MDP) to estimate a threshold upon which the system initiates its security mechanism. We evaluate our proposed mechanism using MATLAB based TrueTime simulator. Evaluation shows that our proposed MDP-based approach achieves maximum energy-savings of 8.26 and 11.05% in defending against Denial-of-Service and Deception attacks, respectively. Further, our approach can be used to develop sustainable CPS designs that balance the trade-off between energy-efficiency and security.

IEEE Access, 2022

The rapid proliferation of embedded devices has led to the growth of the Internet of Things (IoT)... more The rapid proliferation of embedded devices has led to the growth of the Internet of Things (IoT) with applications in numerous domains such as home automation, healthcare, education and agriculture. However, many of the connected devices particularly in smart homes are the target of attacks that try to exploit security vulnerabilities such as hard-coded passwords and insecure data transfer. Recent studies show that there is a considerable surge in the number of phishing attacks targeting smart homes during the COVID-19 pandemic. Moreover, many of the existing user authentication protocols in the literature incur additional computational overhead and need to be made more resilient to smart home targeted attacks. In this paper, we propose a novel lightweight and privacy-preserving remote user authentication protocol for securing smart home applications. Our approach is based on Photo Response Non-Uniformity (PRNU) to make our protocol resilient to smart home attacks such as smartphone capture attacks and phishing attacks. In addition, the lightweight nature of our solution is suitable for deployment on heterogeneous and resource constrained IoT devices. Besides, we leverage geometric secret sharing for establishing mutual authentication among the participating entities. We validate the security of the proposed protocol using the AVISPA formal verification tool and prototype it on a Raspberry Pi to analyze the power consumption. Finally, a comparison with existing schemes reveals that our scheme incurs a 20% reduction in communication overhead on smart devices. Furthermore, our proposed scheme is usable as it absolves users from memorizing passwords and carrying smart cards.

Networked Control Systems (NCS) have emerged as a viable solution to effectively manage critical ... more Networked Control Systems (NCS) have emerged as a viable solution to effectively manage critical infrastructures in smart cities and modern industrial settings. The networked architecture of NCS that facilitates the communication between its distributed components makes them vulnerable to cyber attacks. The vulnerabilities in the communication network coupled with safety critical nature of data necessitates the need to develop models to analyze the impact of cyber attacks on system stability and performance. In this work, we develop an analytical model for Denial of Service (DoS) and Deception attacks in NCS. Based on the insights from the model, we propose a mechanism based on symmetric key encryption to secure NCS from such attacks. The comparison of our security mechanism with the standard reference signal demonstrates that our approach is successful in securing the NCS with minimal performance overhead.

Lecture Notes in Computer Science, 2018

User authentication plays an important role in smart home environments in which devices are inter... more User authentication plays an important role in smart home environments in which devices are interconnected through the Internet and security risks are high. Most of the existing research works for remote user authentication in smart homes fail in one way or the other in combating common attacks specifically smartphone capture attack. Robust authentication method which can uniquely identify the smartphones of users can thwart unauthorized access through the physical capture of smartphones. Existing studies demonstrate that Photo Response Non-Uniformity (PRNU) of a smartphone can be used to uniquely identify the device with an error rate less than 0.5%. Based on these results, we propose a multi-factor user authentication protocol based on Elliptic Curve Cryptography (ECC) and secret sharing for smart home environments. We leverage face biometric and PRNU to make it resilient to common attacks. Moreover, the proposed protocol achieves mutual authentication among all participating entities and thereby ensures the legitimacy of all the participating entities. Subsequently, a session key is established for secure communication between the users and the devices. Our analysis of the proposed protocol shows that it provides significantly better security than the existing schemes with a reasonable overhead. In addition, it provides better usability by alleviating the burden of users from memorizing passwords and carrying additional mechanisms such as smart cards.

Internet of Things (IoTs) offers a plethora of opportunities for remote monitoring and communicat... more Internet of Things (IoTs) offers a plethora of opportunities for remote monitoring and communication of everyday objects known as things with applications in numerous domains. The advent of blockchains can be a significant enabler for IoTs towards conducting and verifying transactions in a secure manner. However, applying blockchains to IoTs is challenging due to the resource constrained nature of the embedded devices coupled with significant delay incurred in processing and verifying transactions in the blockchain. Thus there exists a need for profiling the energy consumption of blockchains for securing IoTs and analyzing energy-performance trade-offs. Towards this goal, we profile the impact of workloads based on Smart Contracts and further quantify the power consumed by different operations performed by the devices on the Ethereum platform. In contrast to existing approaches that are focused on performance, we characterize performance and energy consumption for real workloads and analyse energy-performance trade-offs. Our proposed methodology is generic in that it can be applied to other platforms. The insights obtained from the study can be used to develop secure protocols for IoTs using blockchains.

2022 IEEE International Symposium on Smart Electronic Systems (iSES), Dec 1, 2022

Springer eBooks, Dec 15, 2021

The increase in computing and communication capabilities has enabled embedded devices to perform ... more The increase in computing and communication capabilities has enabled embedded devices to perform a wide variety of sensing and monitoring tasks in diverse domains. Keystroke authentication for embedded devices leverages the unique typing patterns of users toward creating behavioral profiles for identification. However, keystroke authentication can be bypassed by manipulating inputs thus causing machine learning models to operate on perturbed data resulting in higher error rates. In this paper, we propose to develop an adversarial model for keystroke authentication in embedded devices. The proposed model leverages Feature Importance Guided Attack (FIGA) [1] method to add perturbations in the inputs which in turn increases error rate thus allowing the attacker access to the system. Evaluation using RandomForest, XGBoost, and SVM models shows an average Error rate across all the users to be 60%, 55%, and 63%, respectively. Our analysis shows that it takes an average of 3.18 s for the attacker to generate samples per user and that the generated samples are realistic in nature. Finally, the computational complexity of our proposed model is O(n) which is comparable with existing adversarial models.

Local Computer Networks, 2018

International Conference on Advanced Computing, 2018

The increasing complexity of mobile applications leads to rapid battery drain in mobile devices. ... more The increasing complexity of mobile applications leads to rapid battery drain in mobile devices. Limited improvements in battery technology have forced system designers to utilize the limited energy efficiently thus making energy management one of the foremost concerns in mobile devices. Our analysis reveals that users differ in their context and CPU usage patterns which can be utilized for energy savings. However, predicting CPU usage is challenging due to ever-increasing size of user data coupled with varying usage behavior. In this work, we develop a hybrid model using time series and deep neural networks to predict future usage which in turn can be leveraged for power savings. We start with studying the varying usage patterns of users and further proceed to describe our hybrid model and finally perform evaluation on the user traces from the Livelab dataset. Proof of concept evaluation for a single user shows that the proposed hybrid model incurs lesser errors compared to individual ones used in a standalone manner. Our proposed model is generic in that it can be applied to users with varying usage behavior which in turn can be used to facilitate efficient allocation of resources.

The emerging discipline of Cyber Physical Systems (CPS) integrate the interdisciplinary fields of... more The emerging discipline of Cyber Physical Systems (CPS) integrate the interdisciplinary fields of computing, networking and control to offer solutions to real world problems. CPS solutions typically include security mechanisms that defend against attack attempts and initiate countermeasures to thwart the attacker objectives. To minimize the system performance overhead, the optimal decision would be to initialize the security mechanism in response to attack attempts in contrast to sustained operation. In this work, we use Markov Decision Processes (MDP) to decide the threshold upon which the system initiates the security mechanism. The system may be initialized at the threshold to minimize the overall operating costs. The proposed model can be further used to develop a decision-centric security architecture for CPS that balances the trade-off between system performance and security.

Wireless Communications and Mobile Computing, Oct 10, 2018

As sensor-related technologies have been developed, smartphones obtain more information from inte... more As sensor-related technologies have been developed, smartphones obtain more information from internal and external sensors. This interaction accelerates the development of applications in the Internet of Things environment. Due to many attributes that may vary the quality of the IoT system, sensor manufacturers provide their own data format and application even if there is a well-defined standard, such as ISO/IEEE 11073 for personal health devices. In this paper, we propose a client-server-based sensor adaptation layer for an Android platform to improve interoperability among nonstandard sensors. Interoperability is an important quality aspect for the IoT that may have a strong impact on the system especially when the sensors are coming from different sources. Here, the server compares profiles that have clues to identify the sensor device with a data packet stream based on a modified Boyer-Moore-Horspool algorithm. Our matching model considers features of the sensor data packet. To verify the operability, we have implemented a prototype of this proposed system. The evaluation results show that the start and end pattern of the data packet are more efficient when the length of the data packet is longer.

The increasing complexity of mobile applications coupled with growing user demands lead to rapid ... more The increasing complexity of mobile applications coupled with growing user demands lead to rapid battery drain in mobile devices. However, battery technology cannot keep up with these trends thus making power management one of the foremost concerns. While system-level approaches to power management exist, the energy impact of applications on individual system components needs to be better understood for energy efficient system design. In this work, we develop energy models for mobile devices using performance counters and estimate the power consumption of system components for numerous embedded applications. Our models provide enhancements in I/O towards estimating I/O energy and cache to incorporate energy consumed during cache refill and write-back in the energy estimation process. We further compare our power estimates with existing models and demonstrate the uniqueness of our model.

Vehicular networks are being progressively advocated for traffic and congestion management, accid... more Vehicular networks are being progressively advocated for traffic and congestion management, accident prevention as well as enabling numerous location-based services. In vehicular networks, vehicles form platoons for improving operational efficiency and providing better traffic management thus resulting in optimized performance. However, platoons are vulnerable to notorious threats such as Sybil attacks wherein malicious users fabricate fictitious identities or impersonate those of legitimate nodes. In this paper, we model Sybil attacks in vehicular platoons using OMNET++, SUMO and Veins framework and evaluate their impact on performance. Further, a defense mechanism using hybrid key management in conjunction with witness based mechanisms is proposed. Evaluation shows that the proposed defense mechanism significantly limits the impact of Sybil attacks with minimal overhead. The proposed approach is lightweight in that public key based credentials are bootstrapped to set-up pairwise symmetric keys thus resulting in decreased overhead.

Internet of Things (IoTs) is gaining increasing significance due to real-time communication and d... more Internet of Things (IoTs) is gaining increasing significance due to real-time communication and decision making capabilties of sensors integrated into everyday objects. IoTs are power and bandwidth-constrained with applications in smarthome, healthcare, transportation and industrial domains. Routing bears significant importance in IoTs where sensors acting as hosts deliver data to the gateways which in turn impacts power consumption. Thus there exists a need for modeling and analysis of routing in IoT networks towards predicting power consumption. In this work, we develop an analytical model of a naive flooding based routing protocol using Markov chains. In particular, we derive steady state transition probabilities of transmit and receive states using protocol execution traces and further utilize them towards predicting power consumption. Our approach to modeling is generic in that it can be applied to routing protocols across domains. Evaluation of the model shows that the predicted values for power consumption lie closer to the actual observations obtained using ns-2 simulation thus resulting in minimal mean square errors.

Internet of Things (IoTs) is gaining increasing significance due to real-time communication and d... more Internet of Things (IoTs) is gaining increasing significance due to real-time communication and decision making capabilities of sensors integrated into everyday objects. Securing IoTs is one of the foremost concerns due to the ubiquitous nature of the sensors coupled with the increasing sensitivity of user data. Further, power-constrained nature of the IoTs emphasizes the need for lightweight security that can tailor to the stringent resource requirements of the sensors. In this work, we propose a lighweight security framework for IoTs using Identity based Cryptography. In particular, we develop a hierarchical security architecture for IoTs and further develop protocols for secure communication in IoTs using identity based cryptography. Our proposed mechanism has been evaluated using simulations conducted using Contiki and RELIC. Evaluation shows that our proposed mechanism is lightweight incurring lesser overhead and thus can be applied in IoTs.

2022 IEEE International Symposium on Smart Electronic Systems (iSES), Dec 1, 2022

The Industrial Internet of Things (IIoT) enhances the benefit of the Internet of Things (IoT) to ... more The Industrial Internet of Things (IIoT) enhances the benefit of the Internet of Things (IoT) to a higher level, especially in industries where human error can lead to catastrophic effects. However, security is a major concern in IIoT as hackers can gain access to connected systems, thus potentially subjecting operations to a shutdown. Besides, the outbreak of the COVID-19 pandemic changed the operations style of organizations into a remote work model. Consequently, there has been a significant increase in cyber-attacks leveraging vulnerabilities of IoT devices connected to the Internet. Considering the above factors, we propose a method of remote user authentication combining Photo Response Non-Uniformity (PRNU) with fingerprint bio-metric, which can prevent attacks. PRNU uniquely identifies the scanner, thereby authenticates the device of the user. To prove the effectiveness of PRNU, we collect fingerprint images from various scanners prototyped using Raspberry Pi and evaluate the performance. Our performance evaluation with a set of 10 fingerprint scanners shows promising results. Moreover, our analysis shows that the proposed scheme achieves a classification accuracy of 99%.

yber Physical Systems (CPS) are emerging as a current research discipline at the convergence of p... more yber Physical Systems (CPS) are emerging as a current research discipline at the convergence of physical, biological, engineering and data sciences. As technology evolves, Cyber Physical Systems become vulnerable to a wider spectrum of threats. Addressing these threats require the need for novel solutions for protecting critical infrastructure. However, there are two distinct challenges faced by researchers from cross-disciplinary fields such as energy systems, data science, and cyber security. First, there are lack of experimental platforms integrating industry-standard hardware, software and protocols. This impedes the research of conducting cybersecurity study on CPS including vulnerabilities connected with CPS parts and modeling their corresponding impact. Second, the absence of systematic labelled data along with other information relevant to the model poses hazards to the growth and assessment of data mining algorithms that can classify CPS cyber threats. Therefore, an experimental platform is required to model attacks and understand their impact on system operations and end-users and further develop analytics based security solutions to mitigate them. In this paper, we develop a cyber physical testbed using NS-3 network simulator in conjunction with Raspberry Pi acting as a proxy for CPS hardware components. In addition, we model a distributed denial of service attack (DDoS), a potential cyber threat in CPS using NS-3. Finally, we develop an anomaly detection system using Artificial Neural Network (ANN) that uses network layer parameters to distinguish between normal and anomalous behaviour. Evaluation shows that our proposed system achieves an accuracy of 98.32%. Cyber Physical, ANN, NS-3, Raspberry Pi

Transactions on Emerging Telecommunications Technologies, Sep 10, 2020

Advancements in computing and communication technologies, coupled with the ubiquitous availabilit... more Advancements in computing and communication technologies, coupled with the ubiquitous availability of low‐cost embedded devices, have enabled the vision of cyber‐physical systems (CPSs). With the advent of advanced persistent threats, CPSs are more vulnerable to sophisticated cyber‐attacks that cause catastrophic damages, thereby necessitating the development of novel defence architectures for CPS security. This work presents an analytical framework based on noncooperative game theory to evaluate the trustworthiness of individual nodes that constitute CPSs. The proposed approach uses the Nash equilibrium solution to derive a minimum trust threshold score for the CPS nodes. The game‐theoretic framework is evaluated on a supervisory control and data acquisition system prototype to model the evolution of the trust scores its sensors. Furthermore, we apply the model on a simulated unmanned aerial vehicle (UAV) system and derive the trust threshold. The trust threshold represents the minimum trust score required to be maintained by individual UAV nodes. Nodes with trust scores below the threshold are potentially malicious and may be removed or isolated to ensure the secure operation of the system. The proposed approach is successfully implemented to detect malicious behavior in a simulated multiloop UAV control system with a fewer number of false‐positives, achieving a maximum accuracy of 98.85% across different scenarios.

Journal of Ambient Intelligence and Humanized Computing, May 14, 2020

Cyber-Physical Systems (CPSs) integrate the interdisciplinary fields of computing, networking and... more Cyber-Physical Systems (CPSs) integrate the interdisciplinary fields of computing, networking and control to perform tasks in the real world. CPSs have recently found applications in many battery-powered devices with stringent energy consumption requirements. To ensure secure operation, CPS necessitates sufficient security mechanisms to be incorporated against cyber attacks. However, maximizing energy efficiency and improving security are desirable but contrasting requirements. Towards reducing energy consumption, the optimal strategy for CPS is to initialize the security mechanism dynamically, at the onset of cyberattacks. In the absence of attacks, CPS can deactivate the security mechanism to minimize energy consumption. In the case of CPS, this approach is novel and contrary to the traditional approach of long-term, continual operation of the security mechanism. Towards this goal, we use a decision-centric approach based on Markov Decision Process (MDP) to estimate a threshold upon which the system initiates its security mechanism. We evaluate our proposed mechanism using MATLAB based TrueTime simulator. Evaluation shows that our proposed MDP-based approach achieves maximum energy-savings of 8.26 and 11.05% in defending against Denial-of-Service and Deception attacks, respectively. Further, our approach can be used to develop sustainable CPS designs that balance the trade-off between energy-efficiency and security.

IEEE Access, 2022

The rapid proliferation of embedded devices has led to the growth of the Internet of Things (IoT)... more The rapid proliferation of embedded devices has led to the growth of the Internet of Things (IoT) with applications in numerous domains such as home automation, healthcare, education and agriculture. However, many of the connected devices particularly in smart homes are the target of attacks that try to exploit security vulnerabilities such as hard-coded passwords and insecure data transfer. Recent studies show that there is a considerable surge in the number of phishing attacks targeting smart homes during the COVID-19 pandemic. Moreover, many of the existing user authentication protocols in the literature incur additional computational overhead and need to be made more resilient to smart home targeted attacks. In this paper, we propose a novel lightweight and privacy-preserving remote user authentication protocol for securing smart home applications. Our approach is based on Photo Response Non-Uniformity (PRNU) to make our protocol resilient to smart home attacks such as smartphone capture attacks and phishing attacks. In addition, the lightweight nature of our solution is suitable for deployment on heterogeneous and resource constrained IoT devices. Besides, we leverage geometric secret sharing for establishing mutual authentication among the participating entities. We validate the security of the proposed protocol using the AVISPA formal verification tool and prototype it on a Raspberry Pi to analyze the power consumption. Finally, a comparison with existing schemes reveals that our scheme incurs a 20% reduction in communication overhead on smart devices. Furthermore, our proposed scheme is usable as it absolves users from memorizing passwords and carrying smart cards.

Networked Control Systems (NCS) have emerged as a viable solution to effectively manage critical ... more Networked Control Systems (NCS) have emerged as a viable solution to effectively manage critical infrastructures in smart cities and modern industrial settings. The networked architecture of NCS that facilitates the communication between its distributed components makes them vulnerable to cyber attacks. The vulnerabilities in the communication network coupled with safety critical nature of data necessitates the need to develop models to analyze the impact of cyber attacks on system stability and performance. In this work, we develop an analytical model for Denial of Service (DoS) and Deception attacks in NCS. Based on the insights from the model, we propose a mechanism based on symmetric key encryption to secure NCS from such attacks. The comparison of our security mechanism with the standard reference signal demonstrates that our approach is successful in securing the NCS with minimal performance overhead.

Lecture Notes in Computer Science, 2018

User authentication plays an important role in smart home environments in which devices are inter... more User authentication plays an important role in smart home environments in which devices are interconnected through the Internet and security risks are high. Most of the existing research works for remote user authentication in smart homes fail in one way or the other in combating common attacks specifically smartphone capture attack. Robust authentication method which can uniquely identify the smartphones of users can thwart unauthorized access through the physical capture of smartphones. Existing studies demonstrate that Photo Response Non-Uniformity (PRNU) of a smartphone can be used to uniquely identify the device with an error rate less than 0.5%. Based on these results, we propose a multi-factor user authentication protocol based on Elliptic Curve Cryptography (ECC) and secret sharing for smart home environments. We leverage face biometric and PRNU to make it resilient to common attacks. Moreover, the proposed protocol achieves mutual authentication among all participating entities and thereby ensures the legitimacy of all the participating entities. Subsequently, a session key is established for secure communication between the users and the devices. Our analysis of the proposed protocol shows that it provides significantly better security than the existing schemes with a reasonable overhead. In addition, it provides better usability by alleviating the burden of users from memorizing passwords and carrying additional mechanisms such as smart cards.

Internet of Things (IoTs) offers a plethora of opportunities for remote monitoring and communicat... more Internet of Things (IoTs) offers a plethora of opportunities for remote monitoring and communication of everyday objects known as things with applications in numerous domains. The advent of blockchains can be a significant enabler for IoTs towards conducting and verifying transactions in a secure manner. However, applying blockchains to IoTs is challenging due to the resource constrained nature of the embedded devices coupled with significant delay incurred in processing and verifying transactions in the blockchain. Thus there exists a need for profiling the energy consumption of blockchains for securing IoTs and analyzing energy-performance trade-offs. Towards this goal, we profile the impact of workloads based on Smart Contracts and further quantify the power consumed by different operations performed by the devices on the Ethereum platform. In contrast to existing approaches that are focused on performance, we characterize performance and energy consumption for real workloads and analyse energy-performance trade-offs. Our proposed methodology is generic in that it can be applied to other platforms. The insights obtained from the study can be used to develop secure protocols for IoTs using blockchains.

2022 IEEE International Symposium on Smart Electronic Systems (iSES), Dec 1, 2022