A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on ...A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on feedback and feed-forward channels simultaneously with limited resource.The attacker aims at degrading the UAV CPS's estimation performance to the max while keeping stealthiness characterized by the Kullback-Leibler(K-L)divergence.The attacker is resource limited which can only attack part of sensors,and the attacked sensor as well as specific forms of attack signals at each instant should be considered by the attacker.Also,the sensor selection principle is investigated with respect to time invariant attack covariances.Additionally,the optimal switching attack strategies in regard to time variant attack covariances are modeled as a multi-agent Markov decision process(MDP)with hybrid discrete-continuous action space.Then,the multi-agent MDP is solved by utilizing the deep Multi-agent parameterized Q-networks(MAPQN)method.Ultimately,a quadrotor near hover system is used to validate the effectiveness of the results in the simulation section.展开更多
In this paper,the fixed-time time-varying formation of heterogeneous multi-agent systems(MASs) based on tracking error observer under denial-of-service(DoS) attacks is investigated.Firstly,the dynamic pinning strategy...In this paper,the fixed-time time-varying formation of heterogeneous multi-agent systems(MASs) based on tracking error observer under denial-of-service(DoS) attacks is investigated.Firstly,the dynamic pinning strategy is used to reconstruct the communication channel for the system that suffers from DoS attacks to prevent the discontinuous transmission information of the communication network from affecting MASs formation.Then,considering that the leader state is not available to each follower under DoS attacks,a fixed-time distributed observer without velocity information is constructed to estimate the tracking error between followers and the leader.Finally,adaptive radial basis function neural network(RBFNN) is used to approximate the unknown ensemble disturbances in the system,and the fixed-time time-varying formation scheme is designed with the constructed observer.The effectiveness of the proposed control algorithm is demonstrated by the numerical simulation.展开更多
Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective ...Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.展开更多
In the realm of missile defense systems,the self-sufficient maneuver capacity of missile swarms is pivotal for their survival.Through the analysis of the missile dynamics model,a time-efficient cooperative attack stra...In the realm of missile defense systems,the self-sufficient maneuver capacity of missile swarms is pivotal for their survival.Through the analysis of the missile dynamics model,a time-efficient cooperative attack strategy for missile swarm is proposed.Based on the distribution of the attackers and defenders,the collision avoidance against the defenders is considered during the attack process.By analyzing the geometric relationship between the relative velocity vector and relative position vector of the attackers and defenders,the collision avoidance constrains of attacking swarm are redefined.The key point is on adjusting the relative velocity vectors to fall outside the collision cone.This work facilitates high-precision attack toward the target while keeping safe missing distance between other attackers during collision avoidance process.By leveraging an innovative repulsion artificial function,a time-efficient cooperative attack strategy for missile swarm is obtained.Through rigorous simulation,the effectiveness of this cooperative attack strategy is substantiated.Furthermore,by employing Monte Carlo simulation,the success rate of the cooperative attack strategy is assessesed and the optimal configuration for the missile swarm is deduced.展开更多
In the field of calculating the attack area of air-to-air missiles in modern air combat scenarios,the limitations of existing research,including real-time calculation,accuracy efficiency trade-off,and the absence of t...In the field of calculating the attack area of air-to-air missiles in modern air combat scenarios,the limitations of existing research,including real-time calculation,accuracy efficiency trade-off,and the absence of the three-dimensional attack area model,restrict their practical applications.To address these issues,an improved backtracking algorithm is proposed to improve calculation efficiency.A significant reduction in solution time and maintenance of accuracy in the three-dimensional attack area are achieved by using the proposed algorithm.Furthermore,the age-layered population structure genetic programming(ALPS-GP)algorithm is introduced to determine an analytical polynomial model of the three-dimensional attack area,considering real-time requirements.The accuracy of the polynomial model is enhanced through the coefficient correction using an improved gradient descent algorithm.The study reveals a remarkable combination of high accuracy and efficient real-time computation,with a mean error of 91.89 m using the analytical polynomial model of the three-dimensional attack area solved in just 10^(-4)s,thus meeting the requirements of real-time combat scenarios.展开更多
Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend P...Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.展开更多
A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently...A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently,to recover massive superpolies,the nested monomial prediction technique,the algorithm based on the divide-and-conquer strategy,and stretching cube attacks were proposed,which have been used to recover a superpoly with over ten million monomials for the NFSR-based stream ciphers such as Trivium and Grain-128AEAD.Nevertheless,when these methods are used to recover superpolies,many invalid calculations are performed,which makes recovering superpolies more difficult.This study finds an interesting observation that can be used to improve the above methods.Based on the observation,a new method is proposed to avoid a part of invalid calculations during the process of recovering superpolies.Then,the new method is applied to the nested monomial prediction technique and an improved superpoly recovery framework is presented.To verify the effectiveness of the proposed scheme,the improved framework is applied to 844-and 846-round Trivium and the exact ANFs of the superpolies is obtained with over one hundred million monomials,showing the improved superpoly recovery technique is powerful.Besides,extensive experiments on other scaled-down variants of NFSR-based stream ciphers show that the proposed scheme indeed could be more efficient on the superpoly recovery against NFSR-based stream ciphers.展开更多
随着大量分布式能源的并网,能源互联网面临严重的网络攻击威胁。攻击者可利用通信层的漏洞,集成庞大的分布式僵尸网络。现有的网络攻击手段难以适配具有随机空间分布特性的僵尸网络,并且多侧重攻击的破坏性而忽视了对攻击隐蔽性的研究...随着大量分布式能源的并网,能源互联网面临严重的网络攻击威胁。攻击者可利用通信层的漏洞,集成庞大的分布式僵尸网络。现有的网络攻击手段难以适配具有随机空间分布特性的僵尸网络,并且多侧重攻击的破坏性而忽视了对攻击隐蔽性的研究。该文提出了从分布式僵尸网络实现对综合能源系统经济效益破坏的新型攻击方法。首先,建立基于僵尸节点的重要对象拒绝服务(denial of service,DoS)攻击模型,通过信息收集判断邻域中重要程度最高的节点,并推导出在有限攻击资源下影响DoS攻击效果的显式因素。其次,提出僵尸节点间的共谋虚假数据注入(false data injection,FDI)攻击策略,并分析不同的FDI攻击实现形式,旨在寻找对能源系统经济性最具破坏性的攻击模式。考虑典型的恶意节点检测机制,制定了僵尸节点自调节过程,使得攻击的实现对防御措施具有鲁棒性。最后,通过IEEE39-32节点的热电耦合系统拓扑仿真验证了所提攻击策略的有效性。展开更多
针对先进高性能飞行器对高精度大气数据的测控需求,研发设计了一套适用于亚声速飞行器的嵌入式大气数据传感(flush air data sensing,FADS)系统。该系统首先基于数值建模技术建立了FADS系统模型的压力数据库,并针对建模数据精度及风洞...针对先进高性能飞行器对高精度大气数据的测控需求,研发设计了一套适用于亚声速飞行器的嵌入式大气数据传感(flush air data sensing,FADS)系统。该系统首先基于数值建模技术建立了FADS系统模型的压力数据库,并针对建模数据精度及风洞试验校准数据分析了Ma=0.2~0.4对应的压力误差限;其次,开发了攻角实时解算算法,并集成到工程原理样机中;最后基于风洞试验和飞行试验对FADS系统的实时解算算法及样机进行了系统评估,并通过事后模型算法对攻角进行重新解算以评估攻角实时解算算法的可靠性。结果表明:(1)与机载惯性导航系统等其他独立测试系统解算的数据相比,飞行试验中FADS系统采用的攻角实时解算方法精度整体较好,攻角误差小于1°,在关键段小于0.5°;基于不同模型建立的FADS系统攻角解算方法得到的攻角数值基本一致,证实了开发的实时解算算法的可靠性。(2)基于风洞试验及飞行试验数据对算法误差限的考核结果显示,飞行试验初始阶段实时解算的攻角值产生波动是压力输入波动误差限较大造成的,高空低速时的压力波动幅值大是实时解算攻角值偏差较大的主要原因;建立的FADS系统的攻角解算方法在算法误差限范围内的压力波动对攻角解算值影响较小,但超过算法误差限的压力波动对攻角解算值影响显著。高空低速飞行器FADS系统对测压传感器精度水平及工程实施水平要求较高,在实际工程应用中应尽量保证测压传感器的精度水平。展开更多
文摘A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on feedback and feed-forward channels simultaneously with limited resource.The attacker aims at degrading the UAV CPS's estimation performance to the max while keeping stealthiness characterized by the Kullback-Leibler(K-L)divergence.The attacker is resource limited which can only attack part of sensors,and the attacked sensor as well as specific forms of attack signals at each instant should be considered by the attacker.Also,the sensor selection principle is investigated with respect to time invariant attack covariances.Additionally,the optimal switching attack strategies in regard to time variant attack covariances are modeled as a multi-agent Markov decision process(MDP)with hybrid discrete-continuous action space.Then,the multi-agent MDP is solved by utilizing the deep Multi-agent parameterized Q-networks(MAPQN)method.Ultimately,a quadrotor near hover system is used to validate the effectiveness of the results in the simulation section.
文摘In this paper,the fixed-time time-varying formation of heterogeneous multi-agent systems(MASs) based on tracking error observer under denial-of-service(DoS) attacks is investigated.Firstly,the dynamic pinning strategy is used to reconstruct the communication channel for the system that suffers from DoS attacks to prevent the discontinuous transmission information of the communication network from affecting MASs formation.Then,considering that the leader state is not available to each follower under DoS attacks,a fixed-time distributed observer without velocity information is constructed to estimate the tracking error between followers and the leader.Finally,adaptive radial basis function neural network(RBFNN) is used to approximate the unknown ensemble disturbances in the system,and the fixed-time time-varying formation scheme is designed with the constructed observer.The effectiveness of the proposed control algorithm is demonstrated by the numerical simulation.
基金National Natural Science Foundation of China(62272147,12471492,62072161,12401687)Shandong Provincial Natural Science Foundation(ZR2024QA205)+1 种基金Science and Technology on Communication Security Laboratory Foundation(6142103012207)Innovation Group Project of the Natural Science Foundation of Hubei Province of China(2023AFA021)。
文摘Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.
基金supported by the Intelligent Aerospace System Leading Innovation Team Program of Zhejiang(2022R01003).
文摘In the realm of missile defense systems,the self-sufficient maneuver capacity of missile swarms is pivotal for their survival.Through the analysis of the missile dynamics model,a time-efficient cooperative attack strategy for missile swarm is proposed.Based on the distribution of the attackers and defenders,the collision avoidance against the defenders is considered during the attack process.By analyzing the geometric relationship between the relative velocity vector and relative position vector of the attackers and defenders,the collision avoidance constrains of attacking swarm are redefined.The key point is on adjusting the relative velocity vectors to fall outside the collision cone.This work facilitates high-precision attack toward the target while keeping safe missing distance between other attackers during collision avoidance process.By leveraging an innovative repulsion artificial function,a time-efficient cooperative attack strategy for missile swarm is obtained.Through rigorous simulation,the effectiveness of this cooperative attack strategy is substantiated.Furthermore,by employing Monte Carlo simulation,the success rate of the cooperative attack strategy is assessesed and the optimal configuration for the missile swarm is deduced.
基金National Natural Science Foundation of China(62373187)Forward-looking Layout Special Projects(ILA220591A22)。
文摘In the field of calculating the attack area of air-to-air missiles in modern air combat scenarios,the limitations of existing research,including real-time calculation,accuracy efficiency trade-off,and the absence of the three-dimensional attack area model,restrict their practical applications.To address these issues,an improved backtracking algorithm is proposed to improve calculation efficiency.A significant reduction in solution time and maintenance of accuracy in the three-dimensional attack area are achieved by using the proposed algorithm.Furthermore,the age-layered population structure genetic programming(ALPS-GP)algorithm is introduced to determine an analytical polynomial model of the three-dimensional attack area,considering real-time requirements.The accuracy of the polynomial model is enhanced through the coefficient correction using an improved gradient descent algorithm.The study reveals a remarkable combination of high accuracy and efficient real-time computation,with a mean error of 91.89 m using the analytical polynomial model of the three-dimensional attack area solved in just 10^(-4)s,thus meeting the requirements of real-time combat scenarios.
基金National Natural Science Foundation of China(62472397)Innovation Program for Quantum Science and Technology(2021ZD0302902)。
文摘Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.
基金National Natural Science Foundation of China(62372464)。
文摘A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently,to recover massive superpolies,the nested monomial prediction technique,the algorithm based on the divide-and-conquer strategy,and stretching cube attacks were proposed,which have been used to recover a superpoly with over ten million monomials for the NFSR-based stream ciphers such as Trivium and Grain-128AEAD.Nevertheless,when these methods are used to recover superpolies,many invalid calculations are performed,which makes recovering superpolies more difficult.This study finds an interesting observation that can be used to improve the above methods.Based on the observation,a new method is proposed to avoid a part of invalid calculations during the process of recovering superpolies.Then,the new method is applied to the nested monomial prediction technique and an improved superpoly recovery framework is presented.To verify the effectiveness of the proposed scheme,the improved framework is applied to 844-and 846-round Trivium and the exact ANFs of the superpolies is obtained with over one hundred million monomials,showing the improved superpoly recovery technique is powerful.Besides,extensive experiments on other scaled-down variants of NFSR-based stream ciphers show that the proposed scheme indeed could be more efficient on the superpoly recovery against NFSR-based stream ciphers.
文摘随着大量分布式能源的并网,能源互联网面临严重的网络攻击威胁。攻击者可利用通信层的漏洞,集成庞大的分布式僵尸网络。现有的网络攻击手段难以适配具有随机空间分布特性的僵尸网络,并且多侧重攻击的破坏性而忽视了对攻击隐蔽性的研究。该文提出了从分布式僵尸网络实现对综合能源系统经济效益破坏的新型攻击方法。首先,建立基于僵尸节点的重要对象拒绝服务(denial of service,DoS)攻击模型,通过信息收集判断邻域中重要程度最高的节点,并推导出在有限攻击资源下影响DoS攻击效果的显式因素。其次,提出僵尸节点间的共谋虚假数据注入(false data injection,FDI)攻击策略,并分析不同的FDI攻击实现形式,旨在寻找对能源系统经济性最具破坏性的攻击模式。考虑典型的恶意节点检测机制,制定了僵尸节点自调节过程,使得攻击的实现对防御措施具有鲁棒性。最后,通过IEEE39-32节点的热电耦合系统拓扑仿真验证了所提攻击策略的有效性。
文摘针对先进高性能飞行器对高精度大气数据的测控需求,研发设计了一套适用于亚声速飞行器的嵌入式大气数据传感(flush air data sensing,FADS)系统。该系统首先基于数值建模技术建立了FADS系统模型的压力数据库,并针对建模数据精度及风洞试验校准数据分析了Ma=0.2~0.4对应的压力误差限;其次,开发了攻角实时解算算法,并集成到工程原理样机中;最后基于风洞试验和飞行试验对FADS系统的实时解算算法及样机进行了系统评估,并通过事后模型算法对攻角进行重新解算以评估攻角实时解算算法的可靠性。结果表明:(1)与机载惯性导航系统等其他独立测试系统解算的数据相比,飞行试验中FADS系统采用的攻角实时解算方法精度整体较好,攻角误差小于1°,在关键段小于0.5°;基于不同模型建立的FADS系统攻角解算方法得到的攻角数值基本一致,证实了开发的实时解算算法的可靠性。(2)基于风洞试验及飞行试验数据对算法误差限的考核结果显示,飞行试验初始阶段实时解算的攻角值产生波动是压力输入波动误差限较大造成的,高空低速时的压力波动幅值大是实时解算攻角值偏差较大的主要原因;建立的FADS系统的攻角解算方法在算法误差限范围内的压力波动对攻角解算值影响较小,但超过算法误差限的压力波动对攻角解算值影响显著。高空低速飞行器FADS系统对测压传感器精度水平及工程实施水平要求较高,在实际工程应用中应尽量保证测压传感器的精度水平。
基金浙江省“尖兵”“领雁”研发攻关计划(2024C01058)浙江省“十四五”第二批本科省级教学改革备案项目(JGBA2024014)+2 种基金2025年01月批次教育部产学合作协同育人项目(2501270945)2024年度浙江大学本科“AI赋能”示范课程建设项目(24)浙江大学第一批AI For Education系列实证教学研究项目(202402)。
