Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective ...Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.展开更多
In the realm of missile defense systems,the self-sufficient maneuver capacity of missile swarms is pivotal for their survival.Through the analysis of the missile dynamics model,a time-efficient cooperative attack stra...In the realm of missile defense systems,the self-sufficient maneuver capacity of missile swarms is pivotal for their survival.Through the analysis of the missile dynamics model,a time-efficient cooperative attack strategy for missile swarm is proposed.Based on the distribution of the attackers and defenders,the collision avoidance against the defenders is considered during the attack process.By analyzing the geometric relationship between the relative velocity vector and relative position vector of the attackers and defenders,the collision avoidance constrains of attacking swarm are redefined.The key point is on adjusting the relative velocity vectors to fall outside the collision cone.This work facilitates high-precision attack toward the target while keeping safe missing distance between other attackers during collision avoidance process.By leveraging an innovative repulsion artificial function,a time-efficient cooperative attack strategy for missile swarm is obtained.Through rigorous simulation,the effectiveness of this cooperative attack strategy is substantiated.Furthermore,by employing Monte Carlo simulation,the success rate of the cooperative attack strategy is assessesed and the optimal configuration for the missile swarm is deduced.展开更多
In the field of calculating the attack area of air-to-air missiles in modern air combat scenarios,the limitations of existing research,including real-time calculation,accuracy efficiency trade-off,and the absence of t...In the field of calculating the attack area of air-to-air missiles in modern air combat scenarios,the limitations of existing research,including real-time calculation,accuracy efficiency trade-off,and the absence of the three-dimensional attack area model,restrict their practical applications.To address these issues,an improved backtracking algorithm is proposed to improve calculation efficiency.A significant reduction in solution time and maintenance of accuracy in the three-dimensional attack area are achieved by using the proposed algorithm.Furthermore,the age-layered population structure genetic programming(ALPS-GP)algorithm is introduced to determine an analytical polynomial model of the three-dimensional attack area,considering real-time requirements.The accuracy of the polynomial model is enhanced through the coefficient correction using an improved gradient descent algorithm.The study reveals a remarkable combination of high accuracy and efficient real-time computation,with a mean error of 91.89 m using the analytical polynomial model of the three-dimensional attack area solved in just 10^(-4)s,thus meeting the requirements of real-time combat scenarios.展开更多
A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on ...A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on feedback and feed-forward channels simultaneously with limited resource.The attacker aims at degrading the UAV CPS's estimation performance to the max while keeping stealthiness characterized by the Kullback-Leibler(K-L)divergence.The attacker is resource limited which can only attack part of sensors,and the attacked sensor as well as specific forms of attack signals at each instant should be considered by the attacker.Also,the sensor selection principle is investigated with respect to time invariant attack covariances.Additionally,the optimal switching attack strategies in regard to time variant attack covariances are modeled as a multi-agent Markov decision process(MDP)with hybrid discrete-continuous action space.Then,the multi-agent MDP is solved by utilizing the deep Multi-agent parameterized Q-networks(MAPQN)method.Ultimately,a quadrotor near hover system is used to validate the effectiveness of the results in the simulation section.展开更多
Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend P...Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.展开更多
A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently...A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently,to recover massive superpolies,the nested monomial prediction technique,the algorithm based on the divide-and-conquer strategy,and stretching cube attacks were proposed,which have been used to recover a superpoly with over ten million monomials for the NFSR-based stream ciphers such as Trivium and Grain-128AEAD.Nevertheless,when these methods are used to recover superpolies,many invalid calculations are performed,which makes recovering superpolies more difficult.This study finds an interesting observation that can be used to improve the above methods.Based on the observation,a new method is proposed to avoid a part of invalid calculations during the process of recovering superpolies.Then,the new method is applied to the nested monomial prediction technique and an improved superpoly recovery framework is presented.To verify the effectiveness of the proposed scheme,the improved framework is applied to 844-and 846-round Trivium and the exact ANFs of the superpolies is obtained with over one hundred million monomials,showing the improved superpoly recovery technique is powerful.Besides,extensive experiments on other scaled-down variants of NFSR-based stream ciphers show that the proposed scheme indeed could be more efficient on the superpoly recovery against NFSR-based stream ciphers.展开更多
In this paper,the fixed-time time-varying formation of heterogeneous multi-agent systems(MASs) based on tracking error observer under denial-of-service(DoS) attacks is investigated.Firstly,the dynamic pinning strategy...In this paper,the fixed-time time-varying formation of heterogeneous multi-agent systems(MASs) based on tracking error observer under denial-of-service(DoS) attacks is investigated.Firstly,the dynamic pinning strategy is used to reconstruct the communication channel for the system that suffers from DoS attacks to prevent the discontinuous transmission information of the communication network from affecting MASs formation.Then,considering that the leader state is not available to each follower under DoS attacks,a fixed-time distributed observer without velocity information is constructed to estimate the tracking error between followers and the leader.Finally,adaptive radial basis function neural network(RBFNN) is used to approximate the unknown ensemble disturbances in the system,and the fixed-time time-varying formation scheme is designed with the constructed observer.The effectiveness of the proposed control algorithm is demonstrated by the numerical simulation.展开更多
An embedded cryptosystem needs higher reconfiguration capability and security. After analyzing the newly emerging side-channel attacks on elliptic curve cryptosystem (ECC), an efficient fractional width-w NAF (FWNA...An embedded cryptosystem needs higher reconfiguration capability and security. After analyzing the newly emerging side-channel attacks on elliptic curve cryptosystem (ECC), an efficient fractional width-w NAF (FWNAF) algorithm is proposed to secure ECC scalar multiplication from these attacks. This algorithm adopts the fractional window method and probabilistic SPA scheme to reconfigure the pre-computed table, and it allows designers to make a dynamic configuration on pre-computed table. And then, it is enhanced to resist SPA, DPA, RPA and ZPA attacks by using the random masking method. Compared with the WBRIP and EBRIP methods, our proposals has the lowest total computation cost and reduce the shake phenomenon due to sharp fluctuation on computation performance.展开更多
According to the characteristic of cruise missiles,navigation point setting is simplified,and the principle of route planning for saturation attack and a concept of reference route are put forward.With the help of the...According to the characteristic of cruise missiles,navigation point setting is simplified,and the principle of route planning for saturation attack and a concept of reference route are put forward.With the help of the shortest-tangent idea in route-planning and the algorithm of back reasoning from targets,a reference route algorithm is built on the shortest range and threat avoidance.Then a route-flight-time algorithm is built on navigation points.Based on the conditions of multi-direction saturation attack,a route planning algorithm of multi-direction saturation attack is built on reference route,route-flight-time,and impact azimuth.Simulation results show that the algorithm can realize missiles fired in a salvo launch reaching the target simultaneously from different directions while avoiding threat.展开更多
For the sake of understanding the deterioration behavior of concrete in actual railway tunnel structures subjected to aggressive sulfate medium in practice,detailed field investigations and tested analysis on sprayed ...For the sake of understanding the deterioration behavior of concrete in actual railway tunnel structures subjected to aggressive sulfate medium in practice,detailed field investigations and tested analysis on sprayed concrete linings of approximately 40-year-old railway tunnels in environments containing sulfate ion were carried out,respectively.The results show that the deterioration of concretes in the investigated area is serious,which involves complicated physicochemical process between the sulfate salt and concrete.Among them,the secondary sulfateminerals such as gypsum formation under very high concentration sulfate ion condition by accumulating and evaporation process dominate,followed by the crystallization of sulfate salt and formation of thaumasite.展开更多
Mobile ad hoc networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. T...Mobile ad hoc networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. The new DOS attack, called AA hoc Flooding Attack(AHFA), is that intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication can not be kept. After analyzed AM hoc Flooding Attack, we develop Flooding Attack Prevention (FAP), a genetic defense against the AM hoc Flooding Attack. When the intruder broadcasts exceeding packets of Route Request, the immediate neighbors of the intruder record the rate of Route Request. Once the threshold is exceeded, nodes deny any future request packets from the intruder. The results of our implementation show FAP can prevent the AM hoe Flooding attack efficiently.展开更多
The ever-changing battlefield environment requires the use of robust and adaptive technologies integrated into a reliable platform. Unmanned combat aerial vehicles(UCAVs) aim to integrate such advanced technologies wh...The ever-changing battlefield environment requires the use of robust and adaptive technologies integrated into a reliable platform. Unmanned combat aerial vehicles(UCAVs) aim to integrate such advanced technologies while increasing the tactical capabilities of combat aircraft. As a research object, common UCAV uses the neural network fitting strategy to obtain values of attack areas. However, this simple strategy cannot cope with complex environmental changes and autonomously optimize decision-making problems. To solve the problem, this paper proposes a new deep deterministic policy gradient(DDPG) strategy based on deep reinforcement learning for the attack area fitting of UCAVs in the future battlefield. Simulation results show that the autonomy and environmental adaptability of UCAVs in the future battlefield will be improved based on the new DDPG algorithm and the training process converges quickly. We can obtain the optimal values of attack areas in real time during the whole flight with the well-trained deep network.展开更多
This paper considers the problem of generating a flight trajectory for a single fixed-wing unmanned combat aerial vehicle (UCAV) performing an air-to-surface multi-target attack (A/SMTA) mission using satellite-gu...This paper considers the problem of generating a flight trajectory for a single fixed-wing unmanned combat aerial vehicle (UCAV) performing an air-to-surface multi-target attack (A/SMTA) mission using satellite-guided bombs. First, this problem is formulated as a variant of the traveling salesman problem (TSP), called the dynamic-constrained TSP with neighborhoods (DCT- SPN). Then, a hierarchical hybrid approach, which partitions the planning algorithm into a roadmap planning layer and an optimal control layer, is proposed to solve the DCTSPN. In the roadmap planning layer, a novel algorithm based on an updatable proba- bilistic roadmap (PRM) is presented, which operates by randomly sampling a finite set of vehicle states from continuous state space in order to reduce the complicated trajectory planning problem to planning on a finite directed graph. In the optimal control layer, a collision-free state-to-state trajectory planner based on the Gauss pseudospectral method is developed, which can generate both dynamically feasible and optimal flight trajectories. The entire process of solving a DCTSPN consists of two phases. First, in the offline preprocessing phase, the algorithm constructs a PRM, and then converts the original problem into a standard asymmet- ric TSP (ATSP). Second, in the online querying phase, the costs of directed edges in PRM are updated first, and a fast heuristic searching algorithm is then used to solve the ATSP. Numerical experiments indicate that the algorithm proposed in this paper can generate both feasible and near-optimal solutions quickly for online purposes.展开更多
In order to obtain the determining method of the installing angle and decrease the performance indices (cutting force and wearing rate) of the pick, the relationships among the installing angles (impact angle, inclina...In order to obtain the determining method of the installing angle and decrease the performance indices (cutting force and wearing rate) of the pick, the relationships among the installing angles (impact angle, inclination angle and the skew angle) were studied, and the static model of installing angles of the pick was built. The relationships among the impact angle, the tip angle of pick and the kinematics parameters of the pick were built, too. Moreover, the mechanic models of the maximum clearance angle and the wearing angle of the pick were set up. To research the relationships of the installing angles and the change law of the wearing angle along with the kinematics parameters, the simulation was done. In order to verify the correctness of the models, the cutting experiments were done by employing two picks with different pick tip angles. The results indicate that, the cutting force is the smallest when the direction of the resultant force of pick follows its axis, and the relationship derived among the installing angles should be satisfied. In addition, to decrease the cutting force and the wearing of the pick, the tip angle of pick should not be larger than the half of the difference between the minimum wearing angle and the impact angle of the pick, and the clearance angle must not be less than zero.展开更多
A novel integrated guidance and control (IGC) design method is proposed to solve problems of low control accuracy for a suicide unmanned combat aerial vehicle (UCAV) in the terminal attack stage. First of all, the IGC...A novel integrated guidance and control (IGC) design method is proposed to solve problems of low control accuracy for a suicide unmanned combat aerial vehicle (UCAV) in the terminal attack stage. First of all, the IGC system model of the UCAV is built based on the three-channel independent design idea, which reduces the difficulties of designing the controller. Then, IGC control laws are designed using the trajectory linearization control (TLC). A nonlinear disturbance observer (NDO) is introduced to the IGC controller to reject various uncertainties, such as the aerodynamic parameter perturbation and the measurement error interference. The stability of the closed-loop system is proven by using the Lyapunov theorem. The performance of the proposed IGC design method is verified in a terminal attack mission of the suicide UCAV. Finally, simulation results demonstrate the superiority and effectiveness in the aspects of guidance accuracy and system robustness.展开更多
Based on the analysis for the interception process of ship-to-air missile system to the anti-ship missile stream, the antagonism of ship-to-air missile and anti-ship missile stream was modeled by Monte Carlo method. T...Based on the analysis for the interception process of ship-to-air missile system to the anti-ship missile stream, the antagonism of ship-to-air missile and anti-ship missile stream was modeled by Monte Carlo method. This model containing the probability of acquiring anti-ship missile, threat estimation, firepower distribution, interception, effectiveness evaluation and firepower turning, can dynamically simulate the antagonism process of anti-ship missile attack stream and anti-air missile weapon system. The anti-ship missile's saturation attack stream for different ship-to-air missile systems can be calculated quantitatively. The simulated results reveal the relations among the anti-ship missile saturation attack and the attack intensity of anti-ship missile, interception mode and the main parameters of anti-air missile weapon system. It provides a theoretical basis for the effective operation of anti-ship missile.展开更多
The damage process of concrete exposed to sodium sulfate attack and drying-wetting cycles was investigated. The water to binder(W/B) ratio and the concentration of sulfate solution were taken as variable parameters. T...The damage process of concrete exposed to sodium sulfate attack and drying-wetting cycles was investigated. The water to binder(W/B) ratio and the concentration of sulfate solution were taken as variable parameters. Through the experiment, visual change, relative dynamic modulus of elasticity(RDME) and the surface damage layer thickness of concrete were measured.Furthermore, SEM and thermal analysis were used to investigate the changing of microstructure and corrosion products of concrete.The test results show that the ultrasonic velocity is related to the damage layer of concrete. It approves that an increase in damage layer thickness reduces the compactness and the ultrasonic velocity. The deterioration degree of concrete could be estimated effectively by measuring the surface damage layer and the RDME of concrete. It is also found that the content of gypsum in concrete is less than that of ettringite in test, and some gypsum is checked only after a certain corrosion extent. When the concrete is with high W/B ratio or exposed to high concentration of sulfate solution, the content of ettringite first increases and then decreases with corrosion time. However, the content of gypsum increases at a steady rate. The content of corrosion products does not correspond well with the observations of RDME change, and extensive amount of corrosion products can be formed before obvious damage occurs.展开更多
Due to their characteristics of dynamic topology, wireless channels and limited resources, mobile ad hoc networks are particularly vulnerable to a denial of service (DoS) attacks launched by intruders. The effects o...Due to their characteristics of dynamic topology, wireless channels and limited resources, mobile ad hoc networks are particularly vulnerable to a denial of service (DoS) attacks launched by intruders. The effects of flooding attacks in network simulation 2 (NS2) and measured performance parameters are investigated, including packet loss ratio, average delay, throughput and average number of hops under different numbers of attack nodes, flooding frequency, network bandwidth and network size. Simulation results show that with the increase of the flooding frequency and the number of attack nodes, network performance sharply drops. But when the frequency of flooding attacks or the number of attack nodes is greater than a certain value, performance degradation tends to a stable value.展开更多
A consensus-distributed fault-tolerant(CDFT)control law is proposed for a class of leader-following multi-vehicle cooperative attack(MVCA)systems in this paper.In particular,the switching communication topologies,stoc...A consensus-distributed fault-tolerant(CDFT)control law is proposed for a class of leader-following multi-vehicle cooperative attack(MVCA)systems in this paper.In particular,the switching communication topologies,stochastic multi-hop timevarying delays,and actuator faults are considered,which may lead to system performance degradation or on certain occasions even cause system instability.Firstly,the estimator of actuator faults for the following vehicle is designed to identify the actuator faults under a fixed topology.Then the CDFT control protocol and trajectory following error are derived by the relevant content of Lyapunov stability theory,the graph theory,and the matrix theory.The CDFT control protocol is proposed in the same manner,where a more realistic scenario is considered,in which the maximum trajectory following error and information on the switching topologies during the cooperative attack are available.Finally,numerical simulation are carried out to indicate that the proposed distributed fault-tolerant(DFT)control law is effective.展开更多
基金National Natural Science Foundation of China(62272147,12471492,62072161,12401687)Shandong Provincial Natural Science Foundation(ZR2024QA205)+1 种基金Science and Technology on Communication Security Laboratory Foundation(6142103012207)Innovation Group Project of the Natural Science Foundation of Hubei Province of China(2023AFA021)。
文摘Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.
基金supported by the Intelligent Aerospace System Leading Innovation Team Program of Zhejiang(2022R01003).
文摘In the realm of missile defense systems,the self-sufficient maneuver capacity of missile swarms is pivotal for their survival.Through the analysis of the missile dynamics model,a time-efficient cooperative attack strategy for missile swarm is proposed.Based on the distribution of the attackers and defenders,the collision avoidance against the defenders is considered during the attack process.By analyzing the geometric relationship between the relative velocity vector and relative position vector of the attackers and defenders,the collision avoidance constrains of attacking swarm are redefined.The key point is on adjusting the relative velocity vectors to fall outside the collision cone.This work facilitates high-precision attack toward the target while keeping safe missing distance between other attackers during collision avoidance process.By leveraging an innovative repulsion artificial function,a time-efficient cooperative attack strategy for missile swarm is obtained.Through rigorous simulation,the effectiveness of this cooperative attack strategy is substantiated.Furthermore,by employing Monte Carlo simulation,the success rate of the cooperative attack strategy is assessesed and the optimal configuration for the missile swarm is deduced.
基金National Natural Science Foundation of China(62373187)Forward-looking Layout Special Projects(ILA220591A22)。
文摘In the field of calculating the attack area of air-to-air missiles in modern air combat scenarios,the limitations of existing research,including real-time calculation,accuracy efficiency trade-off,and the absence of the three-dimensional attack area model,restrict their practical applications.To address these issues,an improved backtracking algorithm is proposed to improve calculation efficiency.A significant reduction in solution time and maintenance of accuracy in the three-dimensional attack area are achieved by using the proposed algorithm.Furthermore,the age-layered population structure genetic programming(ALPS-GP)algorithm is introduced to determine an analytical polynomial model of the three-dimensional attack area,considering real-time requirements.The accuracy of the polynomial model is enhanced through the coefficient correction using an improved gradient descent algorithm.The study reveals a remarkable combination of high accuracy and efficient real-time computation,with a mean error of 91.89 m using the analytical polynomial model of the three-dimensional attack area solved in just 10^(-4)s,thus meeting the requirements of real-time combat scenarios.
文摘A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on feedback and feed-forward channels simultaneously with limited resource.The attacker aims at degrading the UAV CPS's estimation performance to the max while keeping stealthiness characterized by the Kullback-Leibler(K-L)divergence.The attacker is resource limited which can only attack part of sensors,and the attacked sensor as well as specific forms of attack signals at each instant should be considered by the attacker.Also,the sensor selection principle is investigated with respect to time invariant attack covariances.Additionally,the optimal switching attack strategies in regard to time variant attack covariances are modeled as a multi-agent Markov decision process(MDP)with hybrid discrete-continuous action space.Then,the multi-agent MDP is solved by utilizing the deep Multi-agent parameterized Q-networks(MAPQN)method.Ultimately,a quadrotor near hover system is used to validate the effectiveness of the results in the simulation section.
基金National Natural Science Foundation of China(62472397)Innovation Program for Quantum Science and Technology(2021ZD0302902)。
文摘Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.
基金National Natural Science Foundation of China(62372464)。
文摘A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently,to recover massive superpolies,the nested monomial prediction technique,the algorithm based on the divide-and-conquer strategy,and stretching cube attacks were proposed,which have been used to recover a superpoly with over ten million monomials for the NFSR-based stream ciphers such as Trivium and Grain-128AEAD.Nevertheless,when these methods are used to recover superpolies,many invalid calculations are performed,which makes recovering superpolies more difficult.This study finds an interesting observation that can be used to improve the above methods.Based on the observation,a new method is proposed to avoid a part of invalid calculations during the process of recovering superpolies.Then,the new method is applied to the nested monomial prediction technique and an improved superpoly recovery framework is presented.To verify the effectiveness of the proposed scheme,the improved framework is applied to 844-and 846-round Trivium and the exact ANFs of the superpolies is obtained with over one hundred million monomials,showing the improved superpoly recovery technique is powerful.Besides,extensive experiments on other scaled-down variants of NFSR-based stream ciphers show that the proposed scheme indeed could be more efficient on the superpoly recovery against NFSR-based stream ciphers.
文摘In this paper,the fixed-time time-varying formation of heterogeneous multi-agent systems(MASs) based on tracking error observer under denial-of-service(DoS) attacks is investigated.Firstly,the dynamic pinning strategy is used to reconstruct the communication channel for the system that suffers from DoS attacks to prevent the discontinuous transmission information of the communication network from affecting MASs formation.Then,considering that the leader state is not available to each follower under DoS attacks,a fixed-time distributed observer without velocity information is constructed to estimate the tracking error between followers and the leader.Finally,adaptive radial basis function neural network(RBFNN) is used to approximate the unknown ensemble disturbances in the system,and the fixed-time time-varying formation scheme is designed with the constructed observer.The effectiveness of the proposed control algorithm is demonstrated by the numerical simulation.
基金supported by the National Natural Science Foundation of China(60373109)Ministry of Science and Technologyof China and the National Commercial Cryptography Application Technology Architecture and Application DemonstrationProject(2008BAA22B02).
文摘An embedded cryptosystem needs higher reconfiguration capability and security. After analyzing the newly emerging side-channel attacks on elliptic curve cryptosystem (ECC), an efficient fractional width-w NAF (FWNAF) algorithm is proposed to secure ECC scalar multiplication from these attacks. This algorithm adopts the fractional window method and probabilistic SPA scheme to reconfigure the pre-computed table, and it allows designers to make a dynamic configuration on pre-computed table. And then, it is enhanced to resist SPA, DPA, RPA and ZPA attacks by using the random masking method. Compared with the WBRIP and EBRIP methods, our proposals has the lowest total computation cost and reduce the shake phenomenon due to sharp fluctuation on computation performance.
基金supported by the Aeronautical Science Foundation of China (20085584010)
文摘According to the characteristic of cruise missiles,navigation point setting is simplified,and the principle of route planning for saturation attack and a concept of reference route are put forward.With the help of the shortest-tangent idea in route-planning and the algorithm of back reasoning from targets,a reference route algorithm is built on the shortest range and threat avoidance.Then a route-flight-time algorithm is built on navigation points.Based on the conditions of multi-direction saturation attack,a route planning algorithm of multi-direction saturation attack is built on reference route,route-flight-time,and impact azimuth.Simulation results show that the algorithm can realize missiles fired in a salvo launch reaching the target simultaneously from different directions while avoiding threat.
基金Project(2008G025-C) supported by the Ministry of Railway of ChinaProject(50708114) supported by the National Natural Science Foundation of China
文摘For the sake of understanding the deterioration behavior of concrete in actual railway tunnel structures subjected to aggressive sulfate medium in practice,detailed field investigations and tested analysis on sprayed concrete linings of approximately 40-year-old railway tunnels in environments containing sulfate ion were carried out,respectively.The results show that the deterioration of concretes in the investigated area is serious,which involves complicated physicochemical process between the sulfate salt and concrete.Among them,the secondary sulfateminerals such as gypsum formation under very high concentration sulfate ion condition by accumulating and evaporation process dominate,followed by the crystallization of sulfate salt and formation of thaumasite.
基金This project was supported by the National"863"High Technology Development Programof China (2003AA148010) Key Technologies R&D Programof China (2002DA103A03 -07)
文摘Mobile ad hoc networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. The new DOS attack, called AA hoc Flooding Attack(AHFA), is that intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication can not be kept. After analyzed AM hoc Flooding Attack, we develop Flooding Attack Prevention (FAP), a genetic defense against the AM hoc Flooding Attack. When the intruder broadcasts exceeding packets of Route Request, the immediate neighbors of the intruder record the rate of Route Request. Once the threshold is exceeded, nodes deny any future request packets from the intruder. The results of our implementation show FAP can prevent the AM hoe Flooding attack efficiently.
基金supported by the Key Laboratory of Defense Science and Technology Foundation of Luoyang Electro-optical Equipment Research Institute(6142504200108)。
文摘The ever-changing battlefield environment requires the use of robust and adaptive technologies integrated into a reliable platform. Unmanned combat aerial vehicles(UCAVs) aim to integrate such advanced technologies while increasing the tactical capabilities of combat aircraft. As a research object, common UCAV uses the neural network fitting strategy to obtain values of attack areas. However, this simple strategy cannot cope with complex environmental changes and autonomously optimize decision-making problems. To solve the problem, this paper proposes a new deep deterministic policy gradient(DDPG) strategy based on deep reinforcement learning for the attack area fitting of UCAVs in the future battlefield. Simulation results show that the autonomy and environmental adaptability of UCAVs in the future battlefield will be improved based on the new DDPG algorithm and the training process converges quickly. We can obtain the optimal values of attack areas in real time during the whole flight with the well-trained deep network.
文摘This paper considers the problem of generating a flight trajectory for a single fixed-wing unmanned combat aerial vehicle (UCAV) performing an air-to-surface multi-target attack (A/SMTA) mission using satellite-guided bombs. First, this problem is formulated as a variant of the traveling salesman problem (TSP), called the dynamic-constrained TSP with neighborhoods (DCT- SPN). Then, a hierarchical hybrid approach, which partitions the planning algorithm into a roadmap planning layer and an optimal control layer, is proposed to solve the DCTSPN. In the roadmap planning layer, a novel algorithm based on an updatable proba- bilistic roadmap (PRM) is presented, which operates by randomly sampling a finite set of vehicle states from continuous state space in order to reduce the complicated trajectory planning problem to planning on a finite directed graph. In the optimal control layer, a collision-free state-to-state trajectory planner based on the Gauss pseudospectral method is developed, which can generate both dynamically feasible and optimal flight trajectories. The entire process of solving a DCTSPN consists of two phases. First, in the offline preprocessing phase, the algorithm constructs a PRM, and then converts the original problem into a standard asymmet- ric TSP (ATSP). Second, in the online querying phase, the costs of directed edges in PRM are updated first, and a fast heuristic searching algorithm is then used to solve the ATSP. Numerical experiments indicate that the algorithm proposed in this paper can generate both feasible and near-optimal solutions quickly for online purposes.
基金Project(51005232) supported by the National Natural Science Foundation of ChinaProject(20100481176) supported by the China Postdoctoral Science Foundation+1 种基金Project(201104583) supported by the China Postdoctoral Special FundProject(1101106c) supported by Jiangsu Postdoctoral Foundation, China
文摘In order to obtain the determining method of the installing angle and decrease the performance indices (cutting force and wearing rate) of the pick, the relationships among the installing angles (impact angle, inclination angle and the skew angle) were studied, and the static model of installing angles of the pick was built. The relationships among the impact angle, the tip angle of pick and the kinematics parameters of the pick were built, too. Moreover, the mechanic models of the maximum clearance angle and the wearing angle of the pick were set up. To research the relationships of the installing angles and the change law of the wearing angle along with the kinematics parameters, the simulation was done. In order to verify the correctness of the models, the cutting experiments were done by employing two picks with different pick tip angles. The results indicate that, the cutting force is the smallest when the direction of the resultant force of pick follows its axis, and the relationship derived among the installing angles should be satisfied. In addition, to decrease the cutting force and the wearing of the pick, the tip angle of pick should not be larger than the half of the difference between the minimum wearing angle and the impact angle of the pick, and the clearance angle must not be less than zero.
基金supported by the National Natural Science Foundation of China(6160150571501184)the National Aviation Science Foundation of China(20155196022)
文摘A novel integrated guidance and control (IGC) design method is proposed to solve problems of low control accuracy for a suicide unmanned combat aerial vehicle (UCAV) in the terminal attack stage. First of all, the IGC system model of the UCAV is built based on the three-channel independent design idea, which reduces the difficulties of designing the controller. Then, IGC control laws are designed using the trajectory linearization control (TLC). A nonlinear disturbance observer (NDO) is introduced to the IGC controller to reject various uncertainties, such as the aerodynamic parameter perturbation and the measurement error interference. The stability of the closed-loop system is proven by using the Lyapunov theorem. The performance of the proposed IGC design method is verified in a terminal attack mission of the suicide UCAV. Finally, simulation results demonstrate the superiority and effectiveness in the aspects of guidance accuracy and system robustness.
文摘Based on the analysis for the interception process of ship-to-air missile system to the anti-ship missile stream, the antagonism of ship-to-air missile and anti-ship missile stream was modeled by Monte Carlo method. This model containing the probability of acquiring anti-ship missile, threat estimation, firepower distribution, interception, effectiveness evaluation and firepower turning, can dynamically simulate the antagonism process of anti-ship missile attack stream and anti-air missile weapon system. The anti-ship missile's saturation attack stream for different ship-to-air missile systems can be calculated quantitatively. The simulated results reveal the relations among the anti-ship missile saturation attack and the attack intensity of anti-ship missile, interception mode and the main parameters of anti-air missile weapon system. It provides a theoretical basis for the effective operation of anti-ship missile.
基金Project(51278403)supported by the National Natural Science Foundation of China
文摘The damage process of concrete exposed to sodium sulfate attack and drying-wetting cycles was investigated. The water to binder(W/B) ratio and the concentration of sulfate solution were taken as variable parameters. Through the experiment, visual change, relative dynamic modulus of elasticity(RDME) and the surface damage layer thickness of concrete were measured.Furthermore, SEM and thermal analysis were used to investigate the changing of microstructure and corrosion products of concrete.The test results show that the ultrasonic velocity is related to the damage layer of concrete. It approves that an increase in damage layer thickness reduces the compactness and the ultrasonic velocity. The deterioration degree of concrete could be estimated effectively by measuring the surface damage layer and the RDME of concrete. It is also found that the content of gypsum in concrete is less than that of ettringite in test, and some gypsum is checked only after a certain corrosion extent. When the concrete is with high W/B ratio or exposed to high concentration of sulfate solution, the content of ettringite first increases and then decreases with corrosion time. However, the content of gypsum increases at a steady rate. The content of corrosion products does not correspond well with the observations of RDME change, and extensive amount of corrosion products can be formed before obvious damage occurs.
基金supported by the National Natural Science Foundation of China (60932003)the National High Technology Research and Development Program of China (863 Program)(2007AA01Z452+2 种基金 2009AA01Z118)Shanghai Municipal Natural Science Foundation (09ZR1414900)The National Undergraduate Innovative Test Program(091024812)
文摘Due to their characteristics of dynamic topology, wireless channels and limited resources, mobile ad hoc networks are particularly vulnerable to a denial of service (DoS) attacks launched by intruders. The effects of flooding attacks in network simulation 2 (NS2) and measured performance parameters are investigated, including packet loss ratio, average delay, throughput and average number of hops under different numbers of attack nodes, flooding frequency, network bandwidth and network size. Simulation results show that with the increase of the flooding frequency and the number of attack nodes, network performance sharply drops. But when the frequency of flooding attacks or the number of attack nodes is greater than a certain value, performance degradation tends to a stable value.
基金supported by the National Natural Science Foundation of China(61773387)the China Postdoctoral Fund(2016M5909712017T100770)。
文摘A consensus-distributed fault-tolerant(CDFT)control law is proposed for a class of leader-following multi-vehicle cooperative attack(MVCA)systems in this paper.In particular,the switching communication topologies,stochastic multi-hop timevarying delays,and actuator faults are considered,which may lead to system performance degradation or on certain occasions even cause system instability.Firstly,the estimator of actuator faults for the following vehicle is designed to identify the actuator faults under a fixed topology.Then the CDFT control protocol and trajectory following error are derived by the relevant content of Lyapunov stability theory,the graph theory,and the matrix theory.The CDFT control protocol is proposed in the same manner,where a more realistic scenario is considered,in which the maximum trajectory following error and information on the switching topologies during the cooperative attack are available.Finally,numerical simulation are carried out to indicate that the proposed distributed fault-tolerant(DFT)control law is effective.
