The rapid development of computing, mobile and Internet technologies, the digital economy, on the one hand, hybridity and synergy, the development of post-quantum cryptography (the emergence of a full-scale quantum computer), on the other, put forward more stringent requirements for the principles of building special security mechanisms in modern specialpurpose systems. Targeted attacks in cyberspace also require a change not only in the principles of building a special communication system for critical infrastructure objects (SCS CIO), the system for communicating commands / control signals to the CIO elements, as well as the creation of fundamentally new approaches to the formation and transmission of commands for their use not only of the SCS equipment, as well as open modern commercial systems based on Internet technologies. This approach allows, in the context of the economic crisis, to ensure the delivery of the signal within a certain time frame in the conditions of modern hybrid cyber threats to the control system through the use of cyberspace infrastructure (synthesis of modern technologies of computer systems and networks, Internet technologies and technologies of mobile communication). The proposed mathematical component of the assessment of the reliability and probability of delivering the corresponding commands / signals allows the proposed model to be used to simulate various interventions into a special-purpose system, both external and internal.
The modern development of computer technology, the rapid development of cyberspace technologies, the emergence of new hybrid threats and their modification put forward more stringent requirements for special-purpose systems. This is due to the need to bring commands / control signals with a high degree of reliability, safety and efficiency to the elements of the CIO infrastructure in the post-quantum period (the emergence of a full-scale quantum computer).
This approach requires not only the formation of programs for the standardization of the information infrastructure of the CIO elements based on international standards and Green Paper approaches, but also the ability to counter modern threats with signs of hybridity and synergy.
1.1. Analysis of recent research and
publications
[
The aim of the research is to develop a model of a promising special-purpose system for critical infrastructure facilities.
To achieve the goal of the reserch, it is necessary to solve the following tasks:
− development of a mathematical model of a promising special-purpose system CIO; − mathematical assessment of the probability of delivering a message using a special-purpose system CIO;
− mathematical assessment of the reliability of the proof of the message using the special-purpose system CIO. 2. Development of a mathematical model of a promising specialpurpose system.
To ensure the safety, reliability and efficiency of the transmission of commands and / or control signals, a national system of confidential communication is used.
The national confidential communication
system is a set of special dual-use communication
systems (networks) that, using cryptographic and
/ or technical means, ensure the exchange of
confidential information in the interests of state
authorities and local governments, create
appropriate conditions for their interaction in
peacetime and in in the case of the introduction of
a special and martial law [
A special communication system (network) is a communication system (network) intended for the exchange of information under limited access.
A special dual-purpose communication system
(network) is a special communication system
(network) designed to provide communication in
the interests of state authorities and local
authorities, using part of its resource to provide
services to other consumers. The subjects of the
National System of Confidential Communication
are state authorities and local self-government
bodies, legal entities and individuals who take part
in the creation, functioning, development and use
of this system. Management of the National
System of Confidential Communications, its
functioning, development, use and protection of
information are provided by a specially
authorized central executive body in the field of
confidential communications in accordance with
the legislation. Centralized systems of
information protection and operational and
technical management are state-owned and are
not subject to privatization. The owners of other
components of the National System of
Confidential Communications may be subjects of
economic activity, regardless of the form of
ownership. The main feature of such systems is its
hierarchical structure and transmission method
based on forward error correction. This approach
requires the transmission of additional
("unnecessary" − checking) characters, greatly
simplifies the detection-suppression and / or
complete blocking of these communication
channels for the adversary[
However, the rapid development of computing resources for both Internet and mobile technologies LTE (Long-Term Evolution) allows the use, given the "steganographic" properties of these communication channels. The "steganographic" property is understood as the possibility of hiding from the attacker the fact, place, time and content of information transmitted by breaking the commands and / or control signals of the OCI into separate blocks (packets). This approach allows the use of open communication channels with a commercial method of delivering information to the recipient − the decisive feedback. In addition, the use of this approach does not require significant economic and human resources. Consider the model of a modified CIO control system on the example of the Armed Forces of Ukraine. In the system that is proposed to be used as a projects of the National Confidential Communication System: special communication systems (networks) as well as systems of open public Internet systems and mobile communication systems based on “G” technologies. In this system, the switching nodes are denoted by: сhiscsGF (special communication systems of the Ground Forces), i 1, I ,, сhsjcsAF (special communication systems of the Air Force), j 1, J , сhlscsNF (special communication systems of the Naval Forces), l 1, L , special dual-purpose system сhksdpsD (special dual-use system), k 1,
K , open Internet system сhmoIS communication system m1,
M , open mobile сhqomcs (open mobile communication Communication
system) channels are q 1, Q .
denoted accordingly: lisxcsGF , x 1,
X , l sjycsAF , y 1, Y , l scsNF , z 1, Z , special dual-purpose system lz l sdpsD ,, f 1, F , open Internet system lmoIvS ,, kf v 1, V , open mobile communication system lomcs ,, n 1, qn
N .
Thus, the overall system of the proposed special purpose control system CIO will be a set of individual components of the intermediate switching nodes and channels, and the total probability of receiving a command and / or signal is determined by the formula:
I X PQACCS = pscsGF сhiscsGF pscsGF l scsGF cr i=1 i ix=1 ix ix J Y psjcsAF сhsjcsAF psjycsAF l sjycsAF j=1 jy=1 L L l=1 plscsNF сhlscsNF lz=1 plszcsNF llszcsNF K F psdpsDсhksdpsD psdpsDl sdpsD
k kf kf k=1 kf =1 M V pmoIS сhmoIS pmoIvSlmoIvS m=1 mv=1
Q N pomcsсhqomcs pqonmcslqonmcs .
q q=1 qn=1 where:
piscsGF − the probability of correct reception / transmission of the i-th switching node сhiscsGF ;
pisxcsGF − the probability of transmission from the i-th switching node сhiscsGF
correct through the x-th channel lisxcsGF ;
psjcsAF − the probability of correct reception / transmission of the j-th switching node сhsjcsAF ; pscsAF jy − the probability of
correct transmission from the j-th switching node сhsjcsAF through the y-th channel l sjycsAF ;
plscsNF - the probability of correct reception / transmission of the l-th switching node сhlscsNF ; pscsNF - the probability of correct transmission
lz from the l-th switching node сhlscsNF through the z-th channel llszcsNF ; psdpsD − the probability of correct reception /
k transmission of the k-th switching node chksdpsD ; psdpsD kf − the probability of
correct transmission from the k-th switching node chksdpsD through the f-th channel lksfdpsD ;
pmoIS - the probability of correct reception / transmission of the m-th switching node сhmoIS ;
pmoIvS - the probability of correct transmission from the m-th switching node сhmoIS through the vth channel lmoIvS ; pomcs - the probability of correct reception /
q transmission of the q-th switching node сhqomcs ;
pqonmcs - the probability of correct transmission from the q-th switching node сhqomcs through the nth channel lqonmcs . 3. Mathematical assessment of the probability of delivering a message using a special-purpose control system for the OQI
Taking into account the possibility of modern cyber threats, the computing capabilities of cyber terrorists in the special-purpose control system of the CIO, it is proposed to transmit commands and / or control signals by separate independent units through all channels, both a special confidential communication system and over open networks.
Commands are transmitted in parallel. Each of the networks can be subject to attacks of a different nature, which lead to the failure of the corresponding network. We calculate the probability of delivery of a message that is transmitted (hereinafter, a packet), with the parallel operation of three networks (a special communication system (network) of the aircraft, an open Internet network, an open mobile network), provided that there is a majority body on the receiving side that makes decisions and the correctness of information transmission in the case of identity of at least two packets.
Let the probability of command transmission without distortion and failure for a special system (network) of communication − PcQrSCS , second network − PQoIS , third network − PcQromcs , ie packet
cr transmission without failures and losses, which can be caused by attacks of different classes. If there was no majority body on the host side, the probability of receiving a package on at least one of the networks could be calculated as follows:
QoIS + PcQromcs = PQACCS = PcQroIS + Pcr cr QSCS ) (1 – Perr Qomcs ) , = (1 – Perr QoIS ) (1 – Perr where
QSCS - the probability of erroneous reception
Perr of the command in a special system (network) of
PeQrroIS − the probability of communication; erroneous reception of the command on the Internet; PeQrromcs − the probability of erroneous reception of the command in the mobile network.
This expression can be interpreted as the value of the probability that all three networks will not fail simultaneously.
If there is a majority body on the receiving party to the calculation of the probability of receipt and confirmation of the correctness of the received package must be approached in a slightly different way.
Consider all possible states of the three listed networks. All sets of states are summarized in table. 1. +
PQACCS = PcQrSCS PcQroIS Pcr cr
Qomcs PQACCS = PcQrSCS PcQroIS (1 − PcQrSCS ) cr PcQrACCS = PcQrSCS (1− PcQroIS ) PcQromcs PcQrACCS = (1− PcQrSCS ) PcQroIS Pcr
Qomcs PQACCS = PcQrSCS (1 − PcQroIS ) (1 − PcQromcs ) cr PQACCS = (1 − PcQrSCS ) PcQroIS (1 − PcQromcs ) cr PQACCS = (1 − PcQrSCS ) (1 − PcQroIS ) PcQromcs cr
The “+” sign indicates that the packet was transmitted successfully, and the “-” sign indicates that due to various reasons (attacks, physical damage, technical failures, etc.), the packets were not delivered, or the packet came with distortions. The first four situations correspond to cases where the majority body can confirm that 2 of the 3 packets are identical, and can be interpreted as a correctly transmitted command. In other cases, the majority body cannot confirm the identity of the received packets on at least 2 networks. The probabilities of realization of the corresponding situations are given in the last column of table. 1.
Then the probability of receiving identical packages on at least 2 networks, which allows the majority body to work, will be equal to the sum of the probabilities of the first four situations:
PcQrACCS = PcQrSCS PcQroIS PcQromcs + +PcQrSCS PcQroIS (1 − PcQromcs ) + +PcQrSCS PcQromcs (1 − PcQroIS ) + +PcQroIS PcQromcs (1 − PcQrSCS )
However, when using a special network, it is possible to detect and correct any number of errors based on decoding algorithms. The payment for reliability and efficiency is the additional transmission of redundant (check) characters, which greatly simplifies the execution of a DOS0 attack by a cyber attacker. 4. Mathematical assessment of the control signal reliability using a special-purpose system.
A detailed study of the statistical properties of
error sequences in real communication channels
[
To calculate the reliability of command
transmission in a special system (network) of
communication of the Armed Forces, we use a
simplified mathematical model of
BennettFreulich, which does not impose restrictions on
the type of law of distribution of error packet
lengths [
Рп (l ) = Рп P (l ) .
Consider a simplified Bennet-Freulich model with disparate bundles of errors and their possible adjacency. In this case, no more than n characters can occur on a block length
n ' = l blocks of length errors l.
Then the probability of correct receiving of commands and / or signals in a special communication system (network) of the Armed Forces is determined by the formula: PcQrSCS = 1 − (1 − PeQrrSCS )n − Cn Perr (1 − Perr ) ' QSCS n− =1 = 1 − ' Cn Perr (1 − PeQrrSCS )n− .
=0 where − number of packet combinations, n − packet length.
To calculate the probability of correct
reception of commands on the Internet, we also
use a simplified Bennet-Freulich model. One of
the modifications of the Bennett-Freulich model,
which provides a polygeometric distribution of
the lengths of error packets considered in[
In [
The probability of correct transmission of an = n-bit data block can be defined as the probability of a random event, random variable A takes on a value greater than or equal to n, that is
Pcor = PA n = 1 − PA n = 1 − FA (n), where FA(n) is the distribution function of the random variable A from the argument n.
A random event B, which is that random value A will take a value less than n, can be represented as the sum of incompatible events:
B0 − a random event, which is that Λ <n and 0≤Ln <1;
B1 − a random event, which is that Λ <n + 1 and 1≤ Ln <2;
B2 − a random event, which is that Λ <n + 2 and 2≤ Ln <3; …
Vi − a random event, which is that Λ <n + i and i≤Ln <i + 1.
The random variables Λ and Ln are independent. Then the probabilities of these events are equal
P(B0 ) = P{( n) (0 Ln 1)} = = P{ n} P{0 Ln 1}; P(B1) = P{( n + 1) (1 Ln 2)} = = P{ n + 1} P{1 Ln 2}; P(B2 ) = P{( n + 2) (2 Ln 3)} = = P{ n + 2} P{2 Ln 3};
… P(Bi ) = P{( n + i) (i Ln i + 1)} = = P{ n + i} P{i Ln i + 1};
…
Since the events B0, В1, В2,…, Вi,… incompatible, then
PA n = P(B) = P(Bi ) =
i=0 = P{ n + i} P{i Ln i + 1}.
i=0
The probability P{Λ <n + i} is nothing but the distribution function random variables Λ from the argument n + i
P n + i = F (n + i) = 1− (1− Pп )n+i .
In order to find the probability that the value of random variables Ln, distributed by the normal law with the parameters mLn and σLn, falls in the interval [i, i + 1), we use the known formula i +1− mln −
i − mln , P{i Lп i +1} = ln ln where Φ(x) is the Laplace function of the argument x.
Substituting (2), (3) into (1), we obtain the distribution function BB BB FA (n) = PA n =
i +1 − mln − i − mln . = i=0 1 − (1 − Pп )n+i ln ln
Then the formula for calculating the probability of correct transmission of a data block of length n bits takes the form Pcor = 1 − FA (n) = 1 −
i +1 − mln − i − mln . − i=0 1 − (1 − Pn )n+i ln ln
Thus, for an open Internet with crucial feedback and a positive receipt, the probability of receiving the correct commands is determined by the formula: i + 1 − mln − i − mln PcQroIS = 1 − i=0 1 − (1 − Pп )n+i ln ln
i + 1 − mln − i − mln 1 − 1 1 r + 1 − mln 1 − i=0 1 − (1 − Pп )n+i ln ln 2r 2 − ln , i + 1 − mln − i − mln 1 − 1 1 r + 1 − mln 1 − i=0 1 − (1 − Pп )n+i ln ln 2r 2 − ln subscriber station, which is at a distance R from the transmitter,is equal to
N where n – length of i-th frame, Pn − probability of burst errors; mLn − mathematical expectation of packet length in errors; σLn -standard deviation of length packet of errors, N is the maximum number of repetitions determined by the formula, which is determined by by the formula: Рnec (1 − РI ae ) ln 1 − N РI ct , ln РI ae where
Pnec − necessary probability delivery packagein;
РIae − the probability of an error in the package;
РIct − probability right packet transmission with one attempts;
х − the nearest integer greater than or equal to x.
In cellular networks for determination of signal strength and interference at the input of the receiver of the subscriber terminal for prediction of losses when signal propagation is used model Okamura-Cottage. In accordance with this model, the signal power at the input of the receiver Pave
PcQromcs (R) = Prad () L ( R), where Prad(Θ) − which emits the power of the transmitter depending on the direction to the subscriber station; at this is expectedthat the antenna of the subscriber station has a pie chart; L(R) − losses (size, reverse attenuation) signal at distribution in urban areas,, depends from altitude, antennas which transmit and accept, distance between them,, carrier frequencies, empirical coefficient.
Power signal on during receiver back proportional distance to transmitter:
PcQromcs (R) = PBrad(Rx) , where B − coefficient, calculated empirically and depends from altitude, transmitting and reception antennas -hBS, carrier frequencies; x -indicator degree at R:
x = 4.49-0.655lg (hBS).
Power interference obstacles,, created six interfering transmitters the first hexagon,, is equal to
Pп1 = 6 Prad ()
B ( R3 )x
1
Pп1 = 6 BPrad((R3))x (1018)x
At work in cellular network appear interference from transmitters base stationsthat work on matching frequencies (in adjacent channels), and in results on during receiver necessary consider relation signal/ (noise + interference obstacle):
The probability of non-compliance with the requirements for permissible relation signal/obstacle (S/OBS) in point reception P(C) depends from dimensionality cluster. Probability P(C) decreases with growth dimensionality cluster. At this simultaneously falls frequency efficiency network. Evaluated different options clusters and absorbs optimal. Results evaluation different options clusters for standard GSM-900 bent in table. 2.
Parameters Р(C), % Р(C), % Р(C), % 1
Sectorality M
3
Thus, for a mobile network based on LTE technologies, the probability of correct command reception is determined by the formula: PcQromcs = 1− h =
P
s
.
Then the probability of correct reception in the proposed modified special-purpose system is equal to: PcQr.ACCS = PcQrSCS + PcQromcs + PcQroIS = 1 − =0 Cn Pпом (1 − PoQbsSCS )n− 1 − h = ' Ps
Pnoise + Рobs 5. Conclusions
1. The analysis of the existing special-purpose model in the control systems of critical infrastructure facilities does not allow the transmission of control signals / commands to the elements of the AQI infrastructure with the 1 − i=0 1 − (1 − Pп )n+i i + 1 −ln mln − i − mlnln N i + 1 − mln − i − mln 1 − 1 1 r + 1 − mln . 1 − i=0 1 − (1 − Pп )n+i ln ln 2r 2 − ln i + 1 − mln − i − mln 1 − 1 1 r + 1 − mln 1 − i=0 1 − (1 − Pп )n+i ln ln 2r 2 − ln required level of reliability in the context of modern targeted cyber threats requires new approaches and the use of all possible channels for communicating combat orders.
2. The proposed model of a promising specialpurpose system for managing objects of OKI uses both a system of special communication equipment and open commercial systems of cyberspace. When transmitting, it is proposed that each message is split into separate components, which are transmitted over all channels. In open channels, it is proposed to use digital steganography and / or unprofitable cryptography methods. Interception in each channel of individual components will not allow the enemy to get the original text. The final recipient (an element of the OCI infrastructure), on the basis of majority choice from all channels in all parts of the message, receives a command / control signal.
This approach allows, in the context of the economic crisis, to ensure the fulfillment of the assigned tasks on time,
3. The mathematical component of assessing the reliability and probability of delivering the corresponding commands / signals allows modeling the proposed model taking into account various interventions into the special-purpose system of critical infrastructure objects, both external and internal. A promising area of further research is the formation of mechanisms for breaking into parts and concealment during transmission over open channels.
dynavic TF-IDF. International Journal of Emerging Trends in Engineering Research (IJETER), Volume 8. No. 9, September 2020.pp 5713-5718.
OI:10.30534/ijeter/2020/130892020. [16] Fink L.M. The theory of transmission of discrete messages. Moscow, Publishing house "Soviet Radio", 1970. 728pp.