Small cluster in cyber physical systems: network topology, interdependence and cascading failures

In cyber physical system (CPS), computational resources and physical resources are strongly correlated and mutually dependent. Cascading failures occur between coupled networks, cause the system more fragile than single network. Besides widely used metric giant component, we study small cluster (small component) in interdependent networks after cascading failures occur. We first introduce an overview on how small clusters distribute in various single networks. Then we propose a percolation theory based mathematical method to study how small clusters be affected by the interdependence between two coupled networks. We prove that the upper bounds exist for both the fraction and the number of operating small clusters. Without loss of generality, we apply both synthetic network and real network data in simulation to study small clusters under different interdependence models and network topologies. The extensive simulations highlight our findings: except the giant component, considerable proportion of small clusters exists, with the remaining part fragmenting to very tiny pieces or even massive isolated single vertex; no matter how the two networks are tightly coupled, an upper bound exists for the size of small clusters. We also discover that the interdependent small-world networks generally have the highest fractions of operating small clusters. Three attack strategies are compared: Inter Degree Priority Attack, Intra Degree Priority Attack and Random Attack. We observe that the fraction of functioning small clusters keeps stable and is independent from the attack strategies.

In vitro strain measurements in cerebral aneurysm models for cyber-physical diagnosis

Background: The development of new diagnostic technologies for cerebrovascular diseases requires an understanding of the mechanism behind the growth and rupture of cerebral aneurysms. To provide a comprehensive diagnosis and prognosis of this disease, it is desirable to evaluate wall shear stress, pressure, deformation and strain in the aneurysm region, based on information provided by medical imaging technologies. Methods: In this research, we propose a new cyber-physical system composed of in vitro dynamic strain experimental measurements and computational fluid dynamics (CFD) simulation for the diagnosis of cerebral aneurysms. A CFD simulation and a scaled-up membranous silicone model of a cerebral aneurysm were completed, based on patient-specific data recorded in August 2008. In vitro blood flow simulation was realized with the use of a specialized pump. A vision system was also developed to measure the strain at different regions on the model by way of pulsating blood flow circulating inside the model. Results: Experimental results show that distance and area strain maxima were larger near the aneurysm neck (0.042 and 0.052), followed by the aneurysm dome (0.023 and 0.04) and finally the main blood vessel section (0.01 and 0.014). These results were complemented by a CFD simulation for the addition of wall shear stress, oscillatory shear index and aneurysm formation index. Diagnosis results using imaging obtained in August 2008 are consistent with the monitored aneurysm growth in 2011. Conclusion: The presented study demonstrates a new experimental platform for measuring dynamic strain within cerebral aneurysms. This platform is also complemented by a CFD simulation for advanced diagnosis and prediction of the growth tendency of an aneurysm in endovascular surgery.

An improved stochastic modeling of opportunistic routing in vehicular CPS

Vehicular Cyber-Physical System (VCPS) provides CPS services via exploring the sensing, computing and communication capabilities on vehicles. VCPS is deeply influenced by the performance of the underlying vehicular network with intermittent connections, which make existing routing solutions hardly to be applied directly. Epidemic routing, especially the one using random linear network coding, has been studied and proved as an efficient way in the consideration of delivery performance. Much pioneering work has tried to figure out how epidemic routing using network coding (ERNC) performs in VCPS, either by simulation or by analysis. However, none of them has been able to expose the potential of ERNC accurately. In this paper, we present a stochastic analytical framework to study the performance of ERNC in VCPS with intermittent connections. By novelly modeling ERNC in VCPS using a token-bucket model, our framework can provide a much more accurate results than any existing work on the unicast delivery performance analysis of ERNC in VCPS. The correctness of our analytical results has also been confirmed by our extensive simulations.

SCLPV: secure certificateless public verification for cloud-based cyber-physical-social systems against malicious auditors

Cyber-physical-social system (CPSS) allows individuals to share personal information collected from not only cyberspace but also physical space. This has resulted in generating numerous data at a user's local storage. However, it is very expensive for users to store large data sets, and it also causes problems in data management. Therefore, it is of critical importance to outsource the data to cloud servers, which provides users an easy, cost-effective, and flexible way to manage data, whereas users lose control on their data once outsourcing their data to cloud servers, which poses challenges on integrity of outsourced data. Many schemes have been proposed to allow a third-party auditor to verify data integrity using the public keys of users. Most of these schemes bear a strong assumption: the auditors are honest and reliable, and thereby are vulnerability in the case that auditors are malicious. Moreover, in most of these schemes, an auditor needs to manage users certificates to choose the correct public keys for verification. In this paper, we propose a secure certificateless public integrity verification scheme (SCLPV). The SCLPV is the first work that simultaneously supports certificateless public verification and resistance against malicious auditors to verify the integrity of outsourced data in CPSS. A formal security proof proves the correctness and security of our scheme. In addition, an elaborate performance analysis demonstrates that the SCLPV is efficient and practical. Compared with the only existing certificateless public verification scheme (CLPV), the SCLPV provides stronger security guarantees in terms of remedying the security vulnerability of the CLPV and resistance against malicious auditors. In comparison with the best of integrity verification scheme achieving resistance against malicious auditors, the communication cost between the auditor and the cloud server of the SCLPV is independent of the size of the processed data, meanwhile, the auditor in the SCLPV does not need to manage certificates.

Machine-to-machine communications with in-network data aggregation, processing, and actuation for large-scale cyber-physical systems

Machine-to-Machine (M2M) paradigm enables machines (sensors, actuators, robots, and smart meter readers) to communicate with each other with little or no human intervention. M2M is a key enabling technology for the cyber-physical systems (CPSs). This paper explores CPS beyond M2M concept and looks at futuristic applications. Our vision is CPS with distributed actuation and in-network processing. We describe few particular use cases that motivate the development of the M2M communication primitives tailored to large-scale CPS. M2M communications in literature were considered in limited extent so far. The existing work is based on small-scale M2M models and centralized solutions. Different sources discuss different primitives. Few existing decentralized solutions do not scale well. There is a need to design M2M communication primitives that will scale to thousands and trillions of M2M devices, without sacrificing solution quality. The main paradigm shift is to design localized algorithms, where CPS nodes make decisions based on local knowledge. Localized coordination and communication in networked robotics, for matching events and robots, were studied to illustrate new directions.

Multi-agent approach for enhancing security of protection schemes in cyber-physical energy systems

This paper presents a distributed multi-agent scheme to detect and identify cyber threats on the protection systems of power grids. The integration of information and communication technologies (ICTs) into existing power grids builds critical cyberphysical energy systems CPESs) in which digital relays are networked cyber-physical components subject to various cyber threats. Cyber attacks on protection systems may mimic real faults, cause component failure, and disable the communication links. Agents utilize both cyber and physical properties to reinforce the detection technique and further distinguish cyber attacks from physical faults. This paper also introduces the problem of secure communicationprotocols and highlights the comparative studies for enhancing thesecurity of the protection systems. The proposed scheme is validatedusing a benchmark power system under various fault and cyber attack scenarios.

Guest editors' introduction : Special issue on trust, security, and privacy in parallel and distributed systems

In modern computing paradigms, most computing systems, e.g., cluster computing, grid computing, cloud computing, the Internet, telecommunication networks, Cyber- Physical Systems (CPS), and Machine-to-Machine communication networks (M2M), are parallel and distributed systems. While providing improved expandability, manageability, efficiency, and reliability, parallel and distributed systems increase their security weaknesses to an unprecedented scale. As the system devices are widely connected, their vulnerabilities are shared by the entire system. Because tasks are allocated to, and information is exchanged among the system devices that may belong to different users, trust, security, and privacy issues have yet to be resolved. This special issue of the IEEE Transactions on Parallel and Distributed Systems (TPDS) highlights recent advances in trust, security, and privacy for emerging parallel and distributed systems. This special issue was initiated by Dr. Xu Li, Dr. Patrick McDaniel, Dr. Radha Poovendran, and Dr. Guojun Wang. Due to a large number of submissions, Dr. Zhenfu Cao, Dr. Keqiu Li, and Dr. Yang Xiang were later invited to the editorial team. Dr. Xu Li was responsible for coordinating the paper review process. In response to the call for papers, we received 150 effective submissions, out of which 24 are included in this special issue after rigorous review and careful revision, presenting an acceptance ratio of 16 percent. The accepted papers are divided into three groups, covering issues related to trust, security, and privacy, respectively.

Detecting and mitigating HX-DoS attacks against cloud web services

Cyber-Physical Systems allow for the interaction of the cyber world and physical worlds using as a central service called Cloud Web Services. Cloud Web Services can sit well within three models of Cyber- Physical Systems, Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a- Service (IaaS). With any Cyber-Physical system use Cloud Web Services it inherits a security problem, the HX-DoS attack. HX-DoS attack is a combination of HTTP and XML messages that are intentionally sent to flood and destroy the communication channel of the cloud service provider. The relevance of this research is that TCP/IP flood attacks are a common problem and a lot of research to mitigate them has previously been discussed. But HTTP denial of service and XML denial of service problem has only been addressed in a few papers. In this paper, we get closer to closing this gap on this problem with our new defence system called Pre- Decision, Advance Decision, Learning System (ENDER). In our previous experiments using our Cloud Protector, we were successful at detecting and mitigate 91% with a 9% false positive of HX-DoS attack traffic. In this paper, ENDER was able to improve upon this result by being trained and tested on the same data, but with a greater result of 99% detection and 1% false positive.

On the security of compressed sensing-based signal cryptosystem

With the development of the cyber-physical systems (CPS), the security analysis of the data therein becomes more and more important. Recently, due to the advantage of joint encryption and compression for data transmission in CPS, the emerging compressed sensing (CS)-based cryptosystem has attracted much attention, where security is of extreme importance. The existing methods only analyze the security of the plaintext under the assumption that the key is absolutely safe. However, for sparse plaintext, the prior sparsity knowledge of the plaintext could be exploited to partly retrieve the key, and then the plaintext, from the ciphertext. So, the existing methods do not provide a satisfactory security analysis. In this paper, it is conducted in the information theory frame, where the plaintext sparsity feature and the mutual information of the ciphertext, key, and plaintext are involved. In addition, the perfect secrecy criteria (Shannon-sense and Wyner-sense) are extended to measure the security. While the security level is given, the illegal access risk is also discussed. It is shown that the CS-based cryptosystem achieves the extended Wyner-sense perfect secrecy, but when the key is used repeatedly, both the plaintext and the key could be conditionally accessed.

Distributed multi-agent scheme to enhance cyber security of smart power grids

This paper presents a distributed multi-agent scheme for enhancing the cyber security of smart grids which integrates computational resources, physical processes, and communication capabilities. Smart grid infrastructures are vulnerable to various cyber attacks and noises whose influences are significant for reliable and secure operations. A distributed agent-based framework is developed to investigate the interactions between physical processes and cyber activities where the attacks are considered as additive sensor fault signals and noises as randomly generated disturbance signals. A model of innovative physical process-oriented counter-measure and abnormal angle-state observer is designed for detection and mitigation against integrity attacks. Furthermore, this model helps to identify if the observation errors are caused either by attacks or noises.

Simulating the change from a push to pull production system

This paper will document the initial discrete-event simulation performed to study a proposed change from a push to a pull system in an existing manufacturing company. The system is characterised by five machine lines with intermediate buffers, and five major part groupings. A simulation model has been developed to mimic the flow of kanban cards in the physical system, by using a series of requests that propagate back through the facility, which the machines must respond to. The customer
demand therefore controls the level of activity in the plant. The results of the initial modelling steps will be presented in this paper, especially the impact of kanban lot size and demand variability on the output and stability of the production system, from which a set of future work is proposed.

Haptic microrobotic cell injection system

Microrobotic cell injection is the subject of increasing research interest. At present, an operator relies completely on visual information and can be subject to low success rates, poor repeatability, and extended training times. This paper focuses on increasing operator performance during cell injection in two ways. First, our completed haptic cell injection system aims to increase the operator's performance during real-time cell injection. Haptic bilateralism is investigated and a mapping framework provides an intuitive method for manoeuvring the micropipette in a manner similar to handheld needle insertion. Volumetric virtual fixtures are then introduced to haptically assist the operator to penetrate the cell at the desired location. The performance of the volumetric virtual fixtures is also discussed. Second, the haptically enabled cell injection system is replicated as a virtual environment facilitating virtual offline operator training. Virtual operator training utilizes the same mapping framework and haptic virtual fixtures as the physical system allowing the operator to train offline and then directly transfer their skills to real-time cell injection.

Convection in fluid overlying porous layer : an application to Hall-Heroult cell

Finite-element method is used to predict the buoyancy-driven convection in a horizontal layer of fluid (aluminum melt) overlying a porous layer (cathode) saturated with the same fluid. This work aims to compare the Hall–Héroult process in electrolytic cell, where a layer of molten aluminum is reduced over the porous cathode surface. In this study, the physical system of the aluminum melt (fluid) and cathode (porous) together is considered as a composite system of fluid overlying porous layer. The main objective of this study to analyse the velocity components in thin fluid layer and its impact on a porous cathode surface if there is any. In addition, an externally imposed time-independent uniform magnetic field is used to analyse its influence on natural convective forces. The physical system of fluid overlying porous layer is analysed at different Hartmann, Darcy, and fluid-Rayleigh numbers for a fixed Prandtl number (Pr = 0.014). The predicted data show that the convective forces, caused by buoyancy-driven flow, are significant. It is shown that the velocity peaks moves toward the solid wall because of the presence of a magnetic field creating a stronger boundary-layer growth over the permeable cathode surface. The predicted results are plotted in terms of average Nusselt number and Darcy number to indicate the influence of pores and permeability on overall convective heat-transfer characteristics.