2. Home
  3. ARCHIVE
  4. 2018
  5. VOL 40, NO 2 (2018)
  6. Архив номеров
  7. 2024 год
  8. 46-3

Electronic modeling

Vol 46, No 3 (2024)

CONTENTS

Mathematical modeling and Computation Methods

 

S.Ye. Saukh, O.I. Kliuzko
Optimization Model for Electricity Procuremenets and Sales Portfolio of Electrical Energy Supplier Company
3-21
 

L.V. Kovalchuk, I.V. Koriakov, O.Yu. Bespalov
Statistical Tests for Checking Independence of Random Variables, Which Describe Sequences Generation in Cryptoalgorithms
22-38

Informational Technologics

 
I.S. Zinovieva, O.M. Potapchuk
Modern Methods of User Authentication and Authorization in Distributed Web-Oriented Systems
39-56

Computational Processes and Systems

 

A.M. Prymushko, T.V. Puchko, M.S. Yaroshynskyi, D.P. Sinko
Software Design of a Distributed High-Load Power Grid System Based on the Actor Model with the Use of Smart Contracts
57-72

Application of Modeling Methods and Facilities

 
R. Podgornyi, V. Kharchenko
Security Assessment and Choice of Messengers Using the Imeca Method
73-96
 

A.A. Vladimirsky, I.A. Vladimirsky, D.N. Semenyuk
Data Processing Based on Fast Fourier Transform in a Correlation Leak Detector
97-113
  N.I. Bouraou, A.V. Osovtsev
Modeling of the Stabilization System of Mobile Robot Equipment in the Conditions of Movement on Terrain with Slopes and Unevenness
114-125

OPTIMIZATION MODEL FOR ELECTRICITY PROCUREMENETS AND SALES PORTFOLIO OF ELECTRICAL ENERGY SUPPLIER COMPANY

S.Ye. Saukh, O.I. Kliuzko

Èlektron. model. 2024, 46(3):03-21

https://doi.org/10.15407/emodel.46.03.003

ABSTRACT

The study examined the market dynamics of an electricity supply company and proposed an optimization model aimed at enhancing its profitability in the wholesale market. This model is formulated as a mixed integer linear programming problem. By solving this optimization problem, the most advantageous contractual terms for purchasing and selling electricity from those available on the market are determined. This allows the company to efficiently manage its electricity portfolio and meet its consumption schedule as per existing supply contracts with consumers. The IBM ILOG CPLEX Optimization Studio software was employed to develop and solve the optimization problems related to the company's portfolio. The computational experiments conducted provide insights into the effectiveness of the proposed model and its practical applicability. These results demonstrate the model's adequacy and its potential for real-world implementation.

KEYWORDS

mathematical modeling, optimization model, programming, electric energy market, electric energy supply.

REFERENCES

  1. Saukh S., Borysenko A. (2020). Mathematical modeling of electric power systems in market conditions: Kyiv: Tri K. 340 p.
  2. Evdokimov, V., & Ivanov, H. (2017). Methods for determining volumes and prices of electricity in contracts in the conditions of a liberalized market. Modeling and Information Technologies, 81, 142-152. http://nbuv.gov.ua/UJRN/Mtit_2017_81_22.
  3. Law of Ukraine No. 2019-VIII “On the electricity market”, 13 April 2017. https://zakon.rada.gov.ua/laws/show/2019-19#Text
  4. Blinov, I., & Parus, E. (2022). Wholesale and retail electricity market: calculation work. Textbook for students majoring in 141 "Electric Power Engineering, Electrical Engineering and Electromechanics". Kyiv: Igor Sikorsky Kyiv Polytechnic Institute, 44 p.
  5. Hu, F., Feng, X., & Cao, H. (2018). A Short-Term Decision Model for Electricity Retailers: Electricity Procurement and Time-of-Use Pricing. Energies, 11(12), 3258.
    https://doi.org/10.3390/en11123258
  6. do Prado, J., & Qiao, W. (2019, May). A Stochastic Decision-Making Model for an Electricity Retailer with Intermittent Renewable Energy and Short-Term Demand Response. IEEE Transactions on Smart Grid, 10(3), 2581-2592
    https://doi.org/10.1109/TSG.2018.2805326
  7. Guo, L., Sriyakul, T., Nojavan, S., & Jermsittiparsert, K. (2020). Risk-Based Traded Demand Response Between Consumers’ Aggregator and Retailer Using Downside Risk Constraints Technique. IEEE Access, 8, 90957-90968. 
    https://doi.org/10.1109/ACCESS.2020.2993868
  8. Golmohamadi, H., & Keypour, R. (2018, July). Stochastic optimization for retailers with distributed wind generation considering demand response. Journal of Modern Power Systems and Clean Energy, 6(4), 733-748.
    https://doi.org/10.1007/s40565-017-0368-y
  9. Xu, H., Wen, J., Hu, Q., Shu, J., Lu, J., & Yang, Z. (2022, September). Energy Procurement and Retail Pricing for Electricity Retailers via Deep Reinforcement Learning with Long Short-term Memory. CSEE Journal of Power and Energy Systems, 8(5), 1338-1351. https://ieeexplore.ieee.org/document/9713968
  10. Liu, Y., Zhang, D., & Gooi, H.B. (2021, March). Data-driven Decision-making Strategies for Electricity Retailers: A Deep Reinforcement Learning Approach. CSEE Journal of Power and Energy Systems, 7(2), 358-367. https://ieeexplore.ieee.org/document/9215156
  11. Cesini Silva, L., Guzman, C., & Rider, M. (2022). Contracting Strategy for Consumers with Distributed Energy Resources in the Liberalized Electricity Market. IEEE Access, 10, 80437-80447.
    https://doi.org/10.1109/ACCESS.2022.3194901
  12. Oprea, S., Bâra A., Preotescu, D., Bologa, R., & Coroianu, L. (2020). A Trading Simulator Model for the Wholesale Electricity Market. IEEE Access, 8, 184210-184230.
    https://doi.org/10.1109/ACCESS.2020.3029291

Full text: PDF

 

STATISTICAL TESTS FOR CHECKING INDEPENDENCE OF RANDOM VARIABLES, WHICH DESCRIBE SEQUENCES GENERATION IN CRYPTOALGORITHMS

L.V. Kovalchuk, I.V. Koriakov, O.Yu. Bespalov

Èlektron. model. 2024, 46(3):22-38

https://doi.org/10.15407/emodel.46.03.022

ABSTRACT

When a crypto-primitive, whose functions include the generation of a random/pseudo-random gamma, is admitted to operation, a necessary part of its quality checking is a statistical testing of its output gamma and, often, intermediate gamma(s). Such requirement is applied, for example, to random/pseudo-random number generators (RNG/PRNG), stream ciphers, and block ciphers in different "stream" modes (such as OFB, CBC, etc). There exist widely used and well-known tools for checking the statistical properties of sequences and generators, which are based on a set of statistical tests, like NIST STS set, Diehard, etc.

At the same time, the other and very similar question, about independence of the sequences (more precisely — independence of the corresponding random variables, that the considered sequences are their realizations) generated in such cryptoalgorithms, usually doesn’t attract enough attention. Nevertheless, it is also of great importance, because the dependence of the sequences can lead to predictability of the output gamma, which makes the cryptoprimitive vulnerable to statistical attacks. Therefore, there are no adequate and suitable tools for checking independence of different sequences, generated in the algorithms. In this work we deve­loped and justified new set of three statistical tests for checking independence of random va­riables, which realizations are internal or output sequences in encryption algorithms or RNG/PRNG. We also calculated reference values for limit statistics for different parameters of sequences and different significance levels of tests. Results of tests applications for independent and dependent random variables are given, which confirm correctness of proposed tests.

KEYWORDS

Statistical tests, random (pseudorandom) number generator, stream ciphers, independent random variables (sequences).

REFERENCES

  1. International Organization for Standardization. (2017). Information technology — Security techniques — Modes of operation for an n-bit block cipher (reviewed and confirmed in 2023) — ISO/IEC Standard No. 10116:2017.
  2. Bassham L., Rukhin A., Soto J., Nechvatal J., Smid M., Leigh S., Levenson M., Vangel M., Heckert N. and Banks D. (2010), A statistical test suite for random and pseudorandom number generators for cryptographic applications, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD,
    https://doi.org/10.6028/NIST.SP.800-22r1a
  3. Marsaglia G. The Marsaglia random number CDROM. URL: https://github.com/jeff Thompson/DiehardCDROM (date of access: 27.04.2024).
  4. Robert G. B. DieHarder: a gnu public license random number tester, v. 3.31.2beta URL: https://rurban.github.io/dieharder/manual/dieharder.pdf (date of access: 27.04.2024).
  5. Luengo E.A., Villalba L.J.G. 2021. Recommendations on statistical randomness test batteries for cryptographic purposes. ACM Computing Surveys. Vol. 54, no. 4 , P. 1-34.
    https://doi.org/10.1145/3447773
  6. Kovalchuk L.V., Koriakov I.V., Alekseychuk A.N. Krip: high-speed hardware-oriented stream cipher based on a non-autonomous nonlinear shift register. 2023. Cybernetics and System Analysis 59, P. 16-26. URL: https://doi.org/10.1007/s10559-023-00538-6 (date of access: 27.04.2024).
  7. Anderson, T.W. (1958). An introduction to multivariate statistical analysis. John Wiley & Sons, New York.
  8. ДСТУ 9041:2020 Інформаційні технології. Криптографічний захист інформації. Алгоритм шифрування коротких повідомлень, що ґрунтується на скручених еліп­тичних кривих Едвардса. Чинний від 2020-11-01. Київ: УкрНДНЦ, 2020. IV, 36 с.
  9. Maurer U.M. A universal statistical test for random bit generators. 1992. Journal of Cryptology 5. P. 89-105.
    https://doi.org/10.1007/BF00193563
  10. Khintchine A. Über einen Satz der Wahrscheinlichkeitsrechnung.1924. Fundamenta Mathematicae. 6. Iss. 1. P. 9-20.
    https://doi.org/10.4064/fm-6-1-9-20
  11. Kolmogoroff A. Über das Gesetz des iterierten Logarithmus. 1929. Mathematische Annalen.101. P. 126-135.
    https://doi.org/10.1007/BF01454828
  12. Feller, W. (1968). An introduction to probability theory and its applications, 1. Wiley. URL: https://www.academia.edu/31507704/An_Introduction_to_probability_ Theory_ by_William_Feller (date of access: 27.04.2024).
  13. Kochana R., Kovalchuk L., Korchenko O., Kuchynska N. Statistical Tests Independence Verification Methods. 2021. Procedia Computer Science. Vol. 192. P. 2678-2688.
    https://doi.org/10.1016/j.procs.2021.09.038

Full text: PDF

 

MODERN METHODS OF USER AUTHENTICATION AND AUTHORIZATION IN DISTRIBUTED WEB-ORIENTED SYSTEMS

I.S. Zinovieva, O.M. Potapchuk

Èlektron. model. 2024, 46(3):39-56

https://doi.org/10.15407/emodel.46.03.039

ABSTRACT

The analysis was carried out and the results of a comparative review of the most common methods of authentication and authorization of users of web-oriented systems with a distributed architecture were presented. Considering the relevance of cybersecurity issues in the digital age, the research focuses on identifying effective strategies for protecting user data in the development of distributed web-oriented systems within the trade sector. The most likely threats to data access, characteristic of distributed web-based systems, have been studied, and the potential causes of these vulnerabilities have been determined. Particular attention in the publication is devoted to assessing the risks and benefits of various approaches, including basic authentication, session-based authentication, JWT tokens, and access and refresh tokens (OAuth 2.0 standard). Various aspects of each method have been analyzed, particularly their reliability and vulnerability to attacks. The work discusses real cases of vulnerabilities in distributed web-oriented systems and offer recommendations for their elimination to enhance the security of online trading platforms.

KEYWORDS

authentication, authorization, security, data protection.

REFERENCES

  1. Fruhlinger, J. (2020). Equifax data breach FAQ: What happened, who was affected, what was the impact? CSO Online. https://www.csoonline.com/article/567833/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html.
  2. Holmes, A., Leskin, P., Sonnemaker, T., & Davis, C. R. (2020). Hackers took over dozens of high-profile Twitter accounts including those of Barack Obama, Joe Biden, Elon Musk, Kim Kardashian, and Apple, and used them to post bitcoin scam links. Business Insider. https://w<span< a=""> style="letter-spacing: -.2pt;">businessinsider.com/hackers-bitcoin-crypto-cashapp-gates-ripple-coindesk-twitter- scam-links-2020-7</span<>.
  3. Karpinsky, M., Voit, S., & Alyashevych, Y. (2007). Algorithms and models for organizing access to web resources based on one-time user authentication systems. Bulletin of Ternopil State Technical University, 14, 115-126.
  4. Maznychenko, N. (2017). Increasing the security of information resources of computer systems based on user identification systems. Actual issues of modern science: materials of the All-Ukrainian scientific and practical Internet conference, 1, 236-246. https://dspace.nlu. ua/bitstream/123456789/14290/1/Maznichenko_236-246.pdf.
  5. Lyashenko, G.E., & Astrakhantsev, A.A. (2017). Study of the effectiveness of biometric authentication methods. Information processing systems, 2, 111-114. https://www.researchgate. net/publication/323728995_Doslidzenna_efektivnosti_metodiv_biometricnoi_avtentifikacii.
  6. Polishchuk, M., Semenyuk, O., Polishchuk, L., & Lomakin, M. (2023). Possibilities of authorization and protection of user data during the development of cloud web applications for IoT. Computer-integrated technologies: education, science, production, 52, 94-103.
    https://doi.org/10.36910/6775-2524-0560-2023-52-12
  7. Kosareva, A., & Regida, P. (2021). A tool for biometric authentication based on user behavioral characteristics. Technical sciences and technologies, 2, 114-122.
    https://doi.org/10.25140/2411-5363-2021-2(24)-114-122
  8. International Organization for Standardization. (2022). Information security, cybersecurity and privacy protection information security management systems requirements (ISO/IEC 27001:2022). https://www.iso.org/standard/27001.
  9. International Organization for Standardization. (2022). Information security, cybersecurity and privacy protection information security controls (ISO/IEC 27002:2022). https://www.iso.org/standard/75652.html.
  10. International Organization for Standardization. (2013). Information technology security techniques entity authentication assurance framework (ISO/IEC 29115:2013). https://www.iso.org/standard/45138.html.
  11. International Organization for Standardization. (2019). IT security and privacy a framework for identity management part 1: terminology and concepts (ISO/IEC 24760-1:2019).
    https://doi.org/10.55621/idpro.18
  12. International Organization for Standardization. (1996). Information technology open systems interconnection security frameworks for open systems: overview (ISO/IEC 10181-1:1996). https://www.iso.org/standard/24404.html.
  13. International Organization for Standardization. (1996). Information technology open systems interconnection security frameworks for open systems: authentication framework (ISO/IEC 10181-2:1996). https://www.iso.org/standard/18198.html.
  14. (No date). SQL Injection. https://www.w3schools.com/sql/sql_injection.asp.
  15. OWASP Foundation. (No date). Cross Site Scripting (XSS). https://owasp.org/www-community/attacks/xss.
  16. OWASP Foundation. (No date). Cross Site Request Forgery (CSRF). https://owasp.org/ www-community/attacks/csrf.
  17. OWASP Foundation. (No date). Cross-Site Request Forgery Prevention Cheat Sheet. https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html.
  18. Yasar, K. (2022). Man-in-the-middle attack (MitM). TechTarget. https://www.techtarget.com/ iotagenda/definition/man-in-the-middle-attack-MitM.
  19. (2024). The OWASP Top 10: Broken Authentication & Session Management. https://www.sitelock.com/blog/owasp-top-10-broken-authentication-session-management/.
  20. (No date). Basic Authentication. https://www.twilio.com/docs/glossary/what-is-basic-authentication.
  21. Kamran, A. (No date). Session Based Authentication. Roadmap. https://roadmap.sh/ guides/session-based-authentication.
  22. (No date). What is JWT (JSON Web Token)? How does JWT Authentication work? https://www.miniorange.com/blog/what-is-jwt-json-web-token-how-does-jwt-authen­tication-work.
  23. Sobers, R. (2022). What is OAuth? Definition and How it Works. Varonis. https://www. com/blog/what-is-oauth.
  24. (No date). Password Grant. https://www.oauth.com/oauth2-servers/access-tokens/ password-grant.
  25. Parecki, A. (2018). What is the OAuth 2.0 Authorization Code Grant Type? Okta. https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type.
  26. Silverman, M. (2019). Implement the OAuth 2.0 Authorization Code with PKCE Flow. Okta. https://developer.okta.com/blog/2019/08/22/okta-authjs-pkce.
  27. (No date). OAuth 2.0 Implicit Grant. https://oauth.net/2/grant-types/implicit.
  28. Okta. (No date). What is OpenID Connect? https://www.okta.com/openid-connect.

Full text: PDF

 

SOFTWARE DESIGN OF A DISTRIBUTED HIGH-LOAD POWER GRID SYSTEM BASED ON THE ACTOR MODEL WITH THE USE OF SMART CONTRACTS

A.M. Prymushko, T.V. Puchko, M.S. Yaroshynskyi, D.P. Sinko

Èlektron. model. 2024, 46(3):57-72

https://doi.org/10.15407/emodel.46.03.057

ABSTRACT

In the article, the authors provide an example of a high-level design of a distributed high-load power system based on the actor model using smart contracts in the form of a cluster topology, which allows for a unified description of the power grid in the context of the Ukrainian electricity market. Based on typical node loads in the cluster system, an expression is derived formalizing the relationships between cluster nodes, which can be utilized for managing individual cluster objects and the cluster as a whole.

KEYWORDS

power system, software design, architecture, actor model, high-load systems, smart contracts, cluster topology.

REFERENCES

  1. Hewitt C. Actor Model of Computation. https://arxiv.org/vc/arxiv/papers/1008/1008. pdf (date of access: 05.05.2024)
  2. Akka Documentation — Actors Intro. https://doc.akka.io/docs/akka/current/ typed/guide/actors-intro.html#:~:text=The%20actor%20model%20abstraction%20allows, encapsulation%20without%20resorting%20to%20locks (date of access: 05.05.2024)
  3. Akka Documentation — Cluster Concepts. https://doc.akka.io/docs/akka/ current/typed /cluster-concepts.html (date of access: 07.05.2024)
  4. Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/ pdf (date of access: 13.05.2024)
  5. Jooby MTX. (б. д.) https://jooby.eu/wp-content/uploads/2023/09/20230324_Jooby_ RDC_ Datasheet_ELECTRA_MTX3_EN_web-2.pdf (date of access: 07.05.2024)
  6. State Statistics Service of Ukraine. (2022). https://www.ukrstat.gov.ua/druk/publicat/kat_ u/2022/zb/07/sdhd_22.pdf (date of access: 07.05.2024)
  7. LoRa Alliance. LoRaWAN™ Specification v1.1. https://lora-alliance.org/wp-content/ uploads/2020/11/lorawantm_specification_-v1.1.pdf (date of access: 07.05.2024)
  8. Modbus Organization. Modbus Application Protocol V1.1b. https://modbus.org/docs/ Modbus_Application_Protocol_V1_1b.pdf (date of access: 07.05.2024)
  9. LTE Cat NB1 (NB-IoT) UE Category. https://www.4gltemall.com/ue-category/lte-cat-nb1.html (date of access: 07.05.2024)
  10. EM920. https://www.satec-global.com/products/em920/ (date of access: 05.05.2024)
  11. Can the PLC transfer small files via Modbus RTU or TCP, for example, firmware? Siemens Industry Online Support. https://support.industry.siemens.com/forum/ua/en/posts/ can-the-plc-transfer-small-files-via-modbus-rtu-or-tcp-for-example-firmware/215050 (date of access: 05.05.2024)
  12. SRS Group. PAC3220-FTP. https://www.srs-group.com/en/power/product/246/ pac3220_ftp (date of access: 05.05.2024)
  13. (б. д.) Power Network Meter with Ethernet Recording and Graphical Screen ND30. https://www.lumel.com.pl/en/catalogue/product/power-network-meter-with-ethernet- recording-and-graphical-screen-nd30 (date of access: 07.05.2024)
  14. Schneider Electric. PowerLogic PM8000 Standard Integrated Display 512 MB 256 S/C. https://www.se.com/nz/en/product/METSEPM8240/power-quality-meter-powerlogic-pm8000-standard-integrated-display-512-mb-256-s-c/ (date of access: 07.05.2024)
  15. Amazon Web Services. Amazon S3 Glacier — AWS Prescriptive Guidance. https://docs.aws.amazon.com/prescriptive-guidance/latest/backup-recovery/amazon-s3-glacier.html (date of access: 07.05.2024)

Full text: PDF