IT disaster recovery, cloud computing and information security news

Today’s complex, multi-tier systems, depend on layered communications to accomplish their tasks - yet every point of contact becomes a potential target for replay attacks. These are difficult to identify because the malicious actor uses information already in the system. By stealing an account number or a permission string stolen from one transmission and using it on another agent - or even the agent who originally received the transmission - the actor can gain access or incite a specific action.

A team of researchers from the University of Calabria in Italy has developed the first predictive control scheme that can help distributed networks with multiple agents not only identify replay attacks but also protect against them. Their approach was published in IEEE/CAA Journal of Automatica Sinica (Volume 8, Issue 3).

"Modern systems have an increasingly complex structure due to the large number of interacting agents aligned to accomplish specific tasks in a distributed fashion," said paper author Giuseppe Franzè, associate professor of control engineering in the Department of Informatics, Modeling, Electronics and System Engineering, University of Calabria. "The key result of the paper is that the described predictive control strategies, properly adapted to multi-agent configurations, can address difficult scenarios such as replay attacks."

Franzè and his team applied a ‘receding horizon’ model, that allows the researchers to predict what a system will look like in the future. By understanding what the system should look like, the model can identify when something unexpected occurs, like the resending of information.

Importantly, according to Franzè this strategy also offers protection by allowing the system to encapsulate in the moment before a replay attack, preserving communications until the attack can be successfully blocked.

"This low-demand model predictive control scheme is an efficient way to address unknown scenarios where external malicious agents affect normal system operations," Franzè said.

Read the paper ‘Resilience Against Replay Attacks: A Distributed Model Predictive Control Scheme for Networked Multi-Agent Systems’.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.