Wei Dong,Xiaojin Liu

DOI: https://doi.org/10.1109/tii.2015.2495147

IF: 12.3

2015-01-01

IEEE Transactions on Industrial Informatics

Abstract:Time synchronization is crucial for cyber-physical systems (CPSs), e.g., wireless sensor and actuator networks. Cyber physical security is an important yet challenging problem. In particular, attacks to the time synchronization service may incur data distortion or even malfunction of the whole system. Sybil attack is one of the most common attack types for sensor networks, where a node illegitimately claims multiple identities. Existing secure time-synchronization protocols; however, cannot well address Sybil attacks in the time synchronization process. We propose a robust and secure time-synchronization protocol (RTSP) to defend against Sybil attacks. Different from previous secure timesync protocols, RTSP employs a novel graph theoretical approach, which is able to perform anomaly detection at the message level instead of the node level. This fine-grained detection ability enables RTSP to become robust against Sybil attacks, as well as node compromise and message manipulation attacks. Extensive experimental results show the effectiveness of our proposed protocol.

Jianping He,Peng Cheng,Ling Shi,Jiming Chen

DOI: https://doi.org/10.1109/TSP.2013.2286102

IF: 4.875

2013-01-01

IEEE Transactions on Signal Processing

Abstract:It is important and challenging to achieve secure time synchronization in wireless sensor networks, which may be deployed in a hostile environment under various malicious attacks. The recently developed average-consensus-based time synchronization protocol (ATS) is a promising alternative as it does not depend on any reference node or network topology, which makes it robust to different kinds of attacks, e.g., denial-of-service, node destruction, etc. However, the in-network information fusion nature of average consensus makes the ATS vulnerable to the well-known message manipulation attacks. In this paper, we focus on how to defend the ATS protocol in wireless sensor networks under message manipulation attacks. We first investigate the impact of message manipulation attacks over ATS, and derive a necessary condition for ATS to converge. Then based on the obtained insights, we propose a novel adjusting parameter checking mechanism which exploits the two-hop neighboring information to dynamically constrain the attackers. We further incorporate all checking processes into the traditional ATS protocol to form a secure average-consensus-based time synchronization protocol (SATS). We prove that SATS guarantees the network time synchronization with an exponentially converging speed.

Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1155/2016/4147251

2016-01-01

Journal of Control Science and Engineering

Abstract:With the development of industrial informatization, the industrial control network has gradually become much accessible for attackers. A series of vulnerabilities will therefore be exposed, especially the vulnerability of exclusive industrial communication protocols (ICPs), which has not yet been attached with enough emphasis. In this paper, stochastic game theory is applied on the vulnerability analysis of clock synchronization protocol (CSP), one of the pivotal ICPs. The stochastic game model is built strictly according to the protocol with both Man-in-the-Middle (MIM) attack and dependability failures being taken into account. The situation of multiple attack routes is considered for depicting the practical attack scenarios, and the introduction of time aspect characterizes the success probabilities of attackers actions. The vulnerability analysis is then realized through determining the optimal strategies of attacker under different states of system, respectively.

Hui Li,Yanfei Zheng,Mi Wen,Kefei Chen

DOI: https://doi.org/10.1007/978-3-540-77018-3_52

2007-01-01

Abstract:Clock synchronization is a critical issue in most wireless sensor network applications. Although the synchronization is well studied in last few years. Most of these synchronization protocols assume benign environments, but cannot survive malicious attacks in hostile environments, especially when there are compromised nodes. In this paper, we propose a secure synchronization protocol for sensor network. Our protocol combine the sender-receiver model and receiver-receiver model to verify the synchronization process between each synchronizing pair. The approach guarantees that normal nodes can synchronize their clocks to global clock even if each normal node has up to t colluding malicious neighbor nodes during synchronization phase.

Jianping He,Jiming Chen,Peng Cheng,Xianghui Cao

DOI: https://doi.org/10.1109/tpds.2013.150

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Time synchronization is a fundamental requirement for the wide spectrum of applications with wireless sensor networks (WSNs). However, most existing time synchronization protocols are likely to deteriorate or even to be destroyed when the WSNs are attacked by malicious intruders. This paper is concerned with secure time synchronization for WSNs under message manipulation attacks. Specifically, the theoretical analysis and simulation results are first provided to demonstrate that the maximum consensus based time synchronization (MTS) protocol would be invalid under message manipulation attacks. Then, a novel secured maximum consensus based time synchronization (SMTS) protocol is proposed to detect and invalidate message manipulation attacks. Furthermore, we prove that SMTS is guaranteed to converge with simultaneous compensation of both clock skew and offset. Extensive numerical results show the effectiveness of our proposed protocol.

chengcheng zhao,jianping he,peng cheng,jiming chen

DOI: https://doi.org/10.3182/20140824-6-za-1003.02753

2014-01-01

IFAC Proceedings Volumes

Abstract:Abstract The security problem of consensus has been attracting increasing research attention for a large number of application scenarios. Many existing solutions in this aspect rely on the assumption that most of the neighboring nodes of each safe node are honest which may not be able to satisfy various practical situations. Motivated by a recent work dealing with the secure consensus for time synchronization in asynchronous networks, this paper aims to handle secure synchronous consensus under message manipulation attacks. Specifically, we first propose a secure synchronous consensus algorithm (SSCA), and prove that SSCA converges with an exponential rate through matrix analysis. Furthermore, we investigate how the exact behavior of message manipulation attack will affect the convergence of SSCA. Specifically, we show how such result can be employed to classify the attack behavior and help analyze the consensus performance. Examples and extensive simulations are provided to evaluate the effectiveness of proposed results.

Robert Annessi,Joachim Fabini,Tanja Zseby

DOI: https://doi.org/10.48550/arXiv.1705.10669

2017-05-30

Cryptography and Security

Abstract:Due to the increasing dependency of critical infrastructure on synchronized clocks, network time synchronization protocols have become an attractive target for attackers. We identify data origin authentication as the key security objective and suggest to employ recently proposed high-performance digital signature schemes (Ed25519 and MQQ-SIG)) as foundation of a novel set of security measures to secure multicast time synchronization. We conduct experiments to verify the computational and communication efficiency for using these signatures in the standard time synchronization protocols NTP and PTP. We propose additional security measures to prevent replay attacks and to mitigate delay attacks. Our proposed solutions cover 1-step mode for NTP and PTP and we extend our security measures specifically to 2-step mode (PTP) and show that they have no impact on time synchronization's precision.

Wei Yang,Yadong Wan,Jie He,Yuanlong Cao

DOI: https://doi.org/10.1155/2018/1954121

2018-01-01

Wireless Communications and Mobile Computing

Abstract:Time-slotted channel hopping (TSCH), which can enable highly reliable and low-power wireless mesh networks, is the cornerstone of current industrial wireless standards. In a TSCH network, all nodes must maintain high-precision synchronization. If an adversary launches a time-synchronization attack on a TSCH network, the entire network communication system can be paralyzed. Thus, time-synchronization security is a key problem in this network. In this article, time synchronization is divided into single-hop pairwise, clusterwise, and three-level multihop according to the network scope. We deeply analyze their security vulnerabilities due to the TSCH technology itself and its high-precision synchronization requirements and identify the specific attacks; then, we propose corresponding security countermeasures. Finally, we built a test bed using 16 OpenMoteSTM nodes and the OpenWSN software to evaluate the performance of the proposed scheme. The experimental results showed that serious security vulnerabilities exist in time-synchronization protocols, and the proposed countermeasures can successfully defend against the attacks.

Wangli He,Zekun Mo,Qing-Long Han,Feng Qian

DOI: https://doi.org/10.1109/jas.2020.1003297

2020-01-01

IEEE/CAA Journal of Automatica Sinica

Abstract:Cyber attacks pose severe threats on synchronization of multi-agent systems. Deception attack, as a typical type of cyber attack, can bypass the surveillance of the attack detection mechanism silently, resulting in a heavy loss. Therefore, the problem of mean-square bounded synchronization in multi-agent systems subject to deception attacks is investigated in this paper. The control signals can be replaced with false data from controller-to-actuator channels or the controller. The success of the attack is measured through a stochastic variable. A distributed impulsive controller using a pinning strategy is redesigned, which ensures that mean-square bounded synchronization is achieved in the presence of deception attacks. Some sufficient conditions are derived, in which upper bounds of the synchronization error are given. Finally, two numerical simulations with symmetric and asymmetric network topologies are given to illustrate the theoretical results.

Feng Ye,Xianghui Cao,Zheyuan Cheng,Mo-Yuen Chow

DOI: https://doi.org/10.1109/tsg.2023.3251401

IF: 10.275

2023-01-01

IEEE Transactions on Smart Grid

Abstract:Recently, the security issues of smart grids have received wide attention. In particular, false data injection attacks against distributed energy management systems (DEMSs) are considered of high importance as they are able to cause economic losses or even damages to system stability in subtle ways. Existing studies have identified many such attacks and proposed corresponding countermeasures. However, in this paper, we show that DEMS is still insecure and in risk of economic loss by proposing and analyzing a novel attack called Collusion Attack between a Storage and a Load (CASL). In CASL, a distributed energy storage device colludes with a load by injecting an abnormal extra power supply to the load in a secret way through using two secret functions. In this way, the colluding pair behaves as normal ones in both computational and communicational viewpoints. We theoretically prove the convergence of DEMS in presence of the attack, and derive an upper bound of the social welfare losses of DEMS caused by CASL. We demonstrate the effectiveness of CASL through simulations.

杨春明,屈玉贵,赵保华

2008-01-01

Abstract:A novel scheme called Dynamic Secure Clock-synchronization(DSCS) is proposed for wireless sensor networks(WSN).As a result,the attacks from the outside malicious nodes are blocked due to a local broadcast authentication scheme while the attacks from the inside compromised nodes are prevented by the redundant synchronization messages.The two solutions make DSCS secure and resilient.DSCS is fit for both dynamic and static networks.The simulation results present the great efficiency of DSCS.

Zhaowei Wang,Peng Zeng,Linghe Kong,Dong Li,Xi Jin

DOI: https://doi.org/10.3390/s18082718

IF: 3.9

2018-01-01

Sensors

Abstract:Time synchronization is critical for wireless sensors networks in industrial automation, e.g., event detection and process control of industrial plants and equipment need a common time reference. However, cyber-physical attacks are enormous threats causing synchronization protocols to fail. This paper studies the algorithm design and analysis in secure time synchronization for resource-constrained industrial wireless sensor networks under Sybil attacks, which cannot be well addressed by existing methods. A node-identification-based secure time synchronization (NiSTS) protocol is proposed. The main idea of this protocol is to utilize the timestamp correlation among different nodes and the uniqueness of a node’s clock skew to detect invalid information rather than isolating suspicious nodes. In the detection process, each node takes the relative skew with respect to its public neighbor as the basis to determine whether the information is reliable and to filter invalid information. The information filtering mechanism renders NiSTS resistant to Sybil attacks and message manipulation attacks. As a completely distributed protocol, NiSTS is not sensitive to the number of Sybil attackers. Extensive simulations were conducted to demonstrate the efficiency of NiSTS and compare it with existing protocols.

Marc Frei,Jonghoon Kwon,Seyedali Tabaeiaghdaei,Marc Wyss,Christoph Lenzen,Adrian Perrig

DOI: https://doi.org/10.48550/arXiv.2207.06116

2022-07-13

Networking and Internet Architecture

Abstract:Many critical computing applications rely on secure and dependable time which is reliably synchronized across large distributed systems. Today's time synchronization architectures are commonly based on global navigation satellite systems at the considerable risk of being exposed to outages, malfunction, or attacks against availability and accuracy. This paper describes a practical instantiation of a new global, Byzantine fault-tolerant clock synchronization approach that does not place trust in any single entity and is able to tolerate a fraction of faulty entities while still maintaining synchronization on a global scale among otherwise sovereign network topologies. Leveraging strong resilience and security properties provided by the path-aware SCION networking architecture, the presented design can be implemented as a backward compatible active standby solution for existing time synchronization deployments. Through extensive evaluation, we demonstrate that over 94% of time servers reliably minimize the offset of their local clocks to real-time in the presence of up to 20% malicious nodes, and all time servers remain synchronized with a skew of only 2 ms even after one year of reference clock outage.

谭运宝,钟诚,玉易,刘磊

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2011.09.047

2011-01-01

Abstract:For the packet loss behavior of the malicious node collusion in the mobile Ad hoc network environment,this paper presents a detection method against colluding nodes.This detection method focuses on cooperation monitoring of guard nodes and computes the trust values of transmission link with the monitoring results between source node and related guard nodes,and then applies the link trust values to avoid colluding nodes.The NS2 based simulation results show that the proposed method can effectively reduce the probability of misbehaving routes caused by colluding nodes and improve the packet delivery rate.

Zhenqian Wang,Yongqiang Wang

DOI: https://doi.org/10.48550/arXiv.2001.05560

2020-01-16

Abstract:Synchronization of pulse-coupled oscillators (PCOs) has gained significant attention recently due to increased applications in sensor networks and wireless communications. Given the distributed and unattended nature of wireless sensor networks, it is imperative to enhance the resilience of pulse-based synchronization against malicious attacks. However, most existing results on resilient PCO synchronization are obtained for all-to-all networks. We propose a new pulse-based synchronization mechanism to improve the resilience of PCO synchronization that is applicable under general connected topologies. Under the proposed synchronization mechanism, we rigorously characterize the condition for stealthy Byzantine attacks and prove that perfect synchronization of legitimate oscillators can be guaranteed in the presence of multiple stealthy Byzantine attackers, irrespective of whether the attackers collude with each other or not. The new mechanism can guarantee resilient synchronization even when the initial phases of legitimate oscillators are widely distributed in a half circle, which is in distinct difference from most existing attack-resilient synchronization algorithms (including the seminal paper from Lamport and Melliar-Smith [1]) that require a priori (almost) synchronization among legitimate oscillators. Numerical simulation results are given to confirm the theoretical results.

Signal Processing

Mun Choon Chan,Ee-chien Chang,Liming Lu,Peng Song Ngiam

DOI: https://doi.org/10.1007/11767480_8

2006-01-01

Abstract:We study the impact of malicious synchronization on com- puter systems that serve customers periodically. Systems supporting au- tomatic periodic updates are common in web servers providing regular news update, sports scores or stock quotes. Our study focuses on the pos- sibility of launching an efiective low rate attack on the server to degrade performance measured in terms of longer processing time and request drops due to timeouts. The attackers are assumed to behave like nor- mal users and send one request per update cycle. The only parameter utilized in the attack is the timing of the requests sent. By exploiting the periodic nature of the updates, a small number of attackers can herd users' update requests to a cluster and arrive in a short period of time. Herding can be used to discourage new users from joining the system and to modify the user arrival distribution, so that the subsequent burst attack will be efiective. While the herding based attacks can be launched with a small amount of resource, they can be easily prevented by adding a small random component to the length of the update interval.

Lakshay Narula,Todd E. Humphreys

DOI: https://doi.org/10.1109/jstsp.2018.2835772

IF: 7.695

2018-08-01

IEEE Journal of Selected Topics in Signal Processing

Abstract:This paper establishes a fundamental theory of secure clock synchronization. Accurate clock synchronization is the backbone of systems managing power distribution, financial transactions, telecommunication operations, database services, etc. Some clock synchronization (time transfer) systems, such as the global navigation satellite systems, are based on one-way communication from a master to a slave clock. Others, such as the network transport protocol, and the IEEE 1588 precision time protocol (PTP), involve two-way communication between the master and slave. This paper shows that all one-way time transfer protocols are vulnerable to replay attacks that can potentially compromise timing information. A set of conditions for secure two-way clock synchronization is proposed and proved to be necessary and sufficient. It is shown that IEEE 1588 PTP, although a two-way synchronization protocol, is not compliant with these conditions, and is therefore insecure. Requirements for secure IEEE 1588 PTP are proposed, and a second example protocol is offered to illustrate the range of compliant systems.

engineering, electrical & electronic

Robert Annessi,Joachim Fabini,Felix Iglesias,Tanja Zseby

DOI: https://doi.org/10.48550/arXiv.1811.08569

2018-11-21

Cryptography and Security

Abstract:Clock synchronization has become essential to modern societies since many critical infrastructures depend on a precise notion of time. This paper analyzes security aspects of high-precision clock synchronization protocols, particularly their alleged protection against delay attacks when clock synchronization traffic is encrypted using standard network security protocols such as IPsec, MACsec, or TLS. We use the Precision Time Protocol (PTP), the most widely used protocol for high-precision clock synchronization, to demonstrate that statistical traffic analysis can identify properties that support selective message delay attacks even for encrypted traffic. We furthermore identify a fundamental conflict in secure clock synchronization between the need of deterministic traffic to improve precision and the need to obfuscate traffic in order to mitigate delay attacks. A theoretical analysis of clock synchronization protocols isolates the characteristics that make these protocols vulnerable to delay attacks and argues that such attacks cannot be prevented entirely but only be mitigated. Knowledge of the underlying communication network in terms of one-way delays and knowledge on physical constraints of these networks can help to compute guaranteed maximum bounds for slave clock offsets. These bounds are essential for detecting delay attacks and minimizing their impact. In the general case, however, the precision that can be guaranteed in adversarial settings is orders of magnitude lower than required for high-precision clock synchronization in critical infrastructures, which, therefore, must not rely on a precise notion of time when using untrusted networks.

Junfeng Guo,Fei Wang,Qianwen Xue,Mengqing Wang

DOI: https://doi.org/10.1177/09596518241255413

2024-06-18

Proceedings of the Institution of Mechanical Engineers Part I Journal of Systems and Control Engineering

Abstract:Proceedings of the Institution of Mechanical Engineers, Part I: Journal of Systems and Control Engineering, Ahead of Print. The issue of secure cluster synchronization (SCS) of complex dynamical networks (CDNs) with parameter mismatches under deception attacks is investigated in this article. Firstly, the deception attacks are supposed to inject false information into controller-to-actuator channels, while the occurrences of deception attack are always subject to Bernoulli distribution. Secondly, an improved pinning impulsive control strategy is designed. The impulsive gain in the control strategy is take from a new range. Moreover, we obtain the estimation of synchronization error upper bound and boundaries of secure synchronization region. The synchronization error will converge to a bounded ball that depends on attack energy at a exponential rate. The CDNs without deception attacks under pinning impulsive control can achieve complete cluster synchronization. Finally, two numerical examples with 20 nodes based on MATLAB software are presented to demonstrate the effectiveness of the theoretical results.

automation & control systems

Yifeng Xiong,Nan Wu,Yuan Shen,Moe Z. Win

DOI: https://doi.org/10.1109/tsp.2017.2759098

IF: 4.875

2018-01-01

IEEE Transactions on Signal Processing

Abstract:Accurate clock synchronization is required for collaborative operations among nodes across wireless networks. Compared with traditional layer-by-layer methods, cooperative network synchronization techniques lead to significant improvement in performance, efficiency, and robustness. This paper develops a framework for the performance analysis of cooperative network synchronization. We introduce the concepts of cooperative dilution intensity (CDI) and relative CDI to characterize the interaction between agents, which can be interpreted as properties of a random walk over the network. Our approach enables us to derive closed-form asymptotic expressions of performance limits, relating them to the quality of observations as well as the network topology.