Dedication
About the Authors
Contributors
Foreword
Securing Cyber-Physical Infrastructure Perspectives and Overview of the Handbook
PART I. Theoretical Foundations
Introduction
Chapter 1. Security and Vulnerability of Cyber-Physical Infrastructure Networks
1.1 Introduction
1.2 Definitions for Security and Vulnerability of Network Dynamics
1.3 Network Control Tools for Characterizing and Designing Security and Vulnerability
1.4 Conclusions and Future Work
Chapter 2. Game Theory for Infrastructure Security
2.1 Introduction
2.2 Preliminaries
2.3 Intent-based Adversary Model for Anomaly Detection
2.4 Intent-based Adversary Model for Anonymous Communication Systems
2.5 Conclusion
Chapter 3. An Analytical Framework for Cyber-Physical Networks
3.1 Introduction
3.2 Spatial Dispersion Models
3.3 CPN Design and Analysis
3.4 CPN Infrastructure Robustness
3.5 Conclusions
Acknowledgments
Chapter 4. Evolution of Widely Spreading Worms and Countermeasures
4.1 Introduction
4.2 Objectives and strategies of Worm propagator and defender
4.3 Worm Initial Attacks
4.4 Defense against initial attacks
4.5 Worm Evolution
4.6 Defense Evolution versus Worm Evolution
4.7 Final Remarks
PART II. Security for Wireless Mobile Networks
Introduction
Chapter 5. Mobile Wireless Network Security
5.1 Introduction
5.2 Wireless Communications Security
5.3 Mobility Support Security
5.4 Conclusion and Future Research
Chapter 6. Robust Wireless Infrastructure against Jamming Attacks
6.1 Introduction
6.2 Design Vulnerabilities of Wireless Infrastructure
6.3 Resiliency to Outsider Cross-Layer Attacks
6.4 Resiliency to Insider Cross-Layer Attacks
6.5 Game-Theoretic Models and Mechanisms
6.6 Conclusions
Chapter 7. Security for Mobile Ad Hoc Networks
7.1 Introduction
7.2 Basic Features of Manet
7.3 Security Challenges
7.4 Security Attacks
7.5 Providing Basic Security Infrastructure
7.6 Security Solutions
7.7 Secure AD HOC Routing
7.8 Intrusion Detection and Response
7.9 Conclusions and Future work
Chapter 8. Defending Against Identity-Based Attacks in Wireless Networks
8.1 Introduction
8.2 Feasibility of Launching Identity-Based Attacks
8.3 Preventing Identity-Based Attacks via Authentication
8.4 Defending Against Spoofing Attacks
8.5 Defending Against Sybil Attacks
8.6 A Generalized Identity-Based Attack Detection Model
8.7 Challenges and Research Directions
8.8 Conclusion
PART III. Security for Sensor Networks
Introduction
Chapter 9. Efficient and Distributed Access Control for Sensor Networks
9.1 Introduction
9.2 Existing Schemes
9.3 System Models and Assumptions
9.4 Scheme I: Uni-Access Query
9.5 Scheme II: Multi-Access Query
9.6 Evaluation
9.7 Conclusion and Future Work
Chapter 10. Defending Against Physical Attacks in Wireless Sensor Networks
10.1 Introduction
10.2 Related Work
10.3 Physical Attacks in Sensor Networks
10.4 Challenges in Defending Against Physical Attacks
10.5 Case Study
10.6 Open Issues
10.7 Conclusions and Future Work
Chapter 11. Node Compromise Detection in Wireless Sensor Networks
11.1 Introduction
11.2 Related Work
11.3 Preliminaries
11.4 Limited Node Compromise Detection
11.5 Wide-spread Node Compromise Detection
11.6 Conclusion and Future Work
PART IV. Platform Security
Introduction
Chapter 12. Hardware and Security
12.1 Introduction
12.2 Hardware Supply Chain Security
12.3 Hardware Support for Software Security
12.4 Conclusions and Future Work
Chapter 13. Languages and Security
13.1 Introduction
13.2 Compiler Techniques for Copyrights and Watermarking
13.3 Compiler Techniques for Code Obfuscation
13.4 Compiler Techniques for Code Integrity
13.5 Proof-Carrying Code and Authentication
13.6 Static Analysis Techniques and Tools
13.7 Information Flow Techniques
13.8 Rule checking, Verification, and Run-time Support
13.9 Language Modifications for Increased Safety and Security
13.10 Conclusions and Future Work
PART V. Cloud Computing and Data Security
Introduction
Chapter 14. Protecting Data in Outsourcing Scenarios
14.1 Introduction
14.2 Data Encryption
14.3 Fragmentation for Protecting Data Confidentiality
14.4 Protecting Data Integrity
14.5 Open Issues
14.6 Conclusions
Acknowledgments
Chapter 15. Data Security in Cloud Computing
15.1 Overview
15.2 Data Security in Cloud Computing
15.3 Commercial and Organizational Practices
15.4 Summary
Chapter 16. Secure Mobile Cloud Computing
16.1 Introduction
16.2 Cloud Computing
16.3 Mobile Cloud Computing Security
16.4 Virtual Node Security
16.5 Virtual Network Security
16.6 Mobile Application Security
16.7 Research Challenges and Open Issues
16.8 Summary and Conclusion
Chapter 17. Relation Privacy Preservation in Publishing Online Social Networks
17.1 Introduction
17.2 Complete Identity Anonymization
17.3 Partially Exposing User Identity
17.4 Completely Disclosing User Identity
17.5 Utility Loss and Privacy Preservation Measures
17.6 Conclusion
PART VI. Event Monitoring and Situation Awareness
Introduction
Chapter 18. Distributed Network and System Monitoring for Securing Cyber-Physical Infrastructure
18.1 Overview
18.2 System Model and Design Principles
18.3 Recent Progress and Major Milestone Results
18.4 Open Problems
18.5 Summary and Future Directions
Chapter 19. Discovering and Tracking Patterns of Interest in Security Sensor Streams
19.1 Introduction
19.2 Sensor Event Analysis for Health Monitoring
19.3 Related Work
19.4 Discovering Activities
19.5 Recognizing Activities
19.6 Validation of Activity Discovery and Tracking Algorithms
19.7 Anomaly Detection
19.8 Conclusions
Chapter 20. Pervasive Sensing and Monitoring for Situational Awareness
20.1 Introduction
20.2 Hierarchical Modeling and Reasoning in Cyber-Physical Systems
20.3 Adaptive Middleware for Cyber-Physical Spaces
20.4 Enabling Scalability in Cyber-Physical Spaces
20.5 Dependability in Sentient Spaces
20.6 Privacy in Pervasive Spaces
20.7 Conclusions
Chapter 21. Sense and Response Systems for Crisis Management
21.1 Introduction
21.2 Decentralized Event Detection
21.3 Agency-Based and Community-Based Systems
PART VII. Policy Issues in Security Management
Introduction
Chapter 22. Managing and Securing Critical Infrastructure – A Semantic Policy- and Trust-Driven Approach
22.1 Introduction
22.2 Related Work
22.3 A Policy and Trust Framework to Secure CPS
22.4 Prototype Implementations
22.5 Conclusion and Future Work
Chapter 23. Policies, Access Control, and Formal Methods
23.1 Introduction
23.2 Access Control Concepts and Models
23.3 Tools and Methods for Managing Access Control
23.4 Formal Methods
23.5 Access Control for Critical Infrastructures – Open Problems and Possible Approaches
23.6 Concluding Remarks
Chapter 24. Formal Analysis of Policy-Based Security Configurations in Enterprise Networks
24.1 Introduction
24.2 State of the Art
24.3 Formal Verification of Security Policy Implementations
24.4 Verification of IPSec Policies
24.5 Conclusion
24.6 Open Research Problems
PART VIII. Security in Real-World Systems
Introduction
Chapter 25. Security and Privacy in the Smart Grid
25.1 Introduction
25.2 The Smart Grid
25.3 Security and Privacy Challenges
25.4 Toward a Secure and Privacy-Preserving Smart Grid
25.5 Concluding Remarks
Chapter 26. Cyber-Physical Security of Automotive Information Technology
26.1 Introduction
26.2 Automotive Security Analysis
26.3 ECU Reprogramming Security Issues
26.4 Conclusion
Acknowledgments
Chapter 27. Security and Privacy for Mobile Health-Care (m-Health) Systems
27.1 Introduction
27.2 Electronic Health Record (EHR)
27.3 Privacy and Security in E-Health Care
27.4 State of the Art Design for Health Information Privacy and Sharing (HIPS)
27.5 Security Analysis
27.6 Conclusion and Future Work
Acknowledgments
Chapter 28. Security and Robustness in the Internet Infrastructure
28.1 Introduction
28.2 Vulnerabilities in Domain Name Resolution
28.3 Security Solutions for the Domain Name System
28.4 Secure End-to-End Communication Protocols
28.5 Integrity of Internet Routing
28.6 Integrity Below the IP Layer
28.7 Configuration Management Security
28.8 Conclusions and Future Challenges
Acknowledgments
Chapter 29. Emergency Vehicular Networks
29.1 Introduction
29.2 Emergency Vehicle Support
29.3 The “Emergency” Vehicle Grid
29.4 Basic Urban Grid Routing
29.5 Delay-Tolerant Vehicular Routing
29.6 Mobimesh and Geo-Location Server: Finding the Destination Coordinates During the Emergency
29.7 Content Routing Across the Vanet
29.8 Emergency Video Dissemination
29.9 Vehicular Grid Surveillance
29.10 Map Updates Using Crowdsourcing
29.11 Security in the Emergency Vehicular Network
29.12 Conclusions
Chapter 30. Security Issues in VoIP Telecommunication Networks
30.1 Introduction
30.2 Connection Establishment and Call Routing
30.3 Man-in-the-Middle Attacks
30.4 Voice Pharming
30.5 Billing Attacks
30.6 Security Requirements of a P2P Telecommunication Network
30.7 Small World VIP-P2PSIP-Based on Trust
30.8 Conclusion
Acknowledgements
Index