Group Authentication Scheme for Neighbourhood Area Networks(NANs) In Smart Grids

A Neighbourhood Area Network is a functional component of the Smart Grid that interconnects the end user domain with the Energy Services Provider (ESP) domain. It forms the “edge” of the provider network, interconnecting homes instrumented with Smart Meters (SM) with the ESP. The SM is a dual interface, wireless communication device through which information is transacted across the user (a home) and ESP domains. The security risk to the ESP increases since the components within the home, interconnected to the ESP via the SM, are not managed by the ESP. Secure operation of the SM is a necessary requirement. The SM should be resilient to attacks, which might be targeted either directly or via the network in the home. This paper presents and discusses a security scheme for groups of SMs in a Neighbourhood Area Network that enable entire groups to authenticate themselves, rather than one at a time. The results show that a significant improvement in terms of resilience against node capture attacks, replay attacks, confidentiality, authentication for groups of SMs in a NAN that enable entire groups to authenticate themselves, rather than one at a time

Secure and energy-efficient multicast routing in smart grids

A smart grid is a power system that uses information and communication technology to operate, monitor, and control data flows between the power generating source and the end user. It aims at high efficiency, reliability, and sustainability of the electricity supply process that is provided by the utility centre and is distributed from generation stations to clients. To this end, energy-efficient multicast communication is an important requirement to serve a group of residents in a neighbourhood. However, the multicast routing introduces new challenges in terms of secure operation of the smart grid and user privacy. In this paper, after having analysed the security threats for multicast-enabled smart grids, we propose a novel multicast routing protocol that is both sufficiently secure and energy efficient.We also evaluate the performance of the proposed protocol by means of computer simulations, in terms of its energy-efficient operation

Key Management Scheme for Smart Grid

A Smart Grid (SG) is a modern electricity supply system. It uses information and communication technology (ICT) to run, monitor and control data between the generation source and the end user. It comprises a set of technologies that uses sensing, embedded processing and digital communications to intelligently control and monitor an electricity grid with improved reliability, security, and efficiency. SGs are classified as Critical Infrastructures. In the recent past, there have been cyber-attacks on SGs causing substantial damage and loss of services. A recent cyber-attack on Ukraine's SG caused over 2.3 million homes to be without power for around six hours. Apart from the loss of services, some portions of the SG are yet to be operational, due to the damage caused. SGs also face security challenges such as confidentiality, availability, fault tolerance, privacy, and other security issues. Communication and networking technologies integrated into the SG require new and existing security vulnerabilities to be thoroughly investigated. Key management is one of the most important security requirements to achieve data confidentiality and integrity in a SG system. It is not practical to design a single key management scheme/framework for all systems, actors and segments in the smart grid, since the security requirements of various sub-systems in the SG vary. We address two specific sub-systems categorised by the network connectivity layer – the Home Area Network (HAN) and the Neighbourhood Area Network (NAN). Currently, several security schemes and key management solutions for SGs have been proposed. However, these solutions lack better security for preventing common cyber-attacks such as node capture attack, replay attack and Sybil attack. We propose a cryptographic key management scheme that takes into account the differences in the HAN and NAN segments of the SG with respect to topology, authentication and forwarding of data. The scheme complies with the overall performance requirements of the smart grid. The proposed scheme uses group key management and group authentication in order to address end-to-end security for the HAN and NAN scenarios in a smart grid, which fulfils data confidentiality, integrity and scalability requirements. The security scheme is implemented in a multi-hop sensor network using TelosB motes and ZigBee OPNET simulation model. In addition, replay attack, Sybil attack and node capture attack scenarios have been implemented and evaluated in a NAN scenario. Evaluation results show that the scheme is resilient against node capture attacks and replay attacks. Smart Meters in a NAN are able to authenticate themselves in a group rather than authenticating one at a time. This significant improvement over existing schemes is discussed with comparisons with other security schemes

Trusted Computing using Enhanced Manycore Architectures with Cryptoprocessors

International audienceManycore architectures correspond to a main evolution of computing systems due to their high processing power. Many applications can be executed in parallel which provides users with a very efficient technology. Cloud computing is one of the many domains where manycore architectures will play a major role. Thus, building secure manycore architectures is a critical issue. However a trusted platform based on manycore architectures is not available yet. In this paper we discuss the main challenges and some possible solutions to enhance manycore architectures with cryptoprocessor

Secure Network-on-Chip Against Black Hole and Tampering Attacks

The Network-on-Chip (NoC) has become the communication heart of Multiprocessors-System-on-Chip (MPSoC). Therefore, it has been subject to a plethora of security threats to degrade the system performance or steal sensitive information. Due to the globalization of the modern semiconductor industry, many different parties take part in the hardware design of the system. As a result, the NoC could be infected with a malicious circuit, known as a Hardware Trojan (HT), to leave a back door for security breach purposes. HTs are smartly designed to be too small to be uncovered by offline circuit-level testing, so the system requires an online monitoring to detect and prevent the HT in runtime. This dissertation focuses on HTs inside the router of a NoC designed by a third party. It explores two HT-based threat models for the MPSoC, where the NoC experiences packet-loss and packet-tampering once the HT in the infected router is activated and is in the attacking state. Extensive experiments for each proposed architecture were conducted using a cycle-accurate simulator to demonstrate its effectiveness on the performance of the NoC-based system. The first threat model is the Black Hole Router (BHR) attack, where it silently discards the packets that are passing through without further announcement. The effect of the BHR is presented and analyzed to show the potency of the attack on a NoC-based system. A countermeasure protocol is proposed to detect the BHR at runtime and counteract the deliberate packet-dropping attack with a 26.9% area overhead, an average 21.31% performance overhead and a 22% energy consumption overhead. The protocol is extended to provide an efficient and power-gated scheme to enhance the NoC throughput and reduce the energy consumption by using end-to-end (e2e) approach. The power-gated e2e technique locates the BHR and avoids it with a 1% performance overhead and a 2% energy consumption overhead. The second threat model is a packet-integrity attack, where the HT tampers with the packet to apply a denial-of-service attack, steal sensitive information, gain unauthorized access, or misroute the packet to an unintended node. An authentic and secure NoC platform is proposed to detect and countermeasure the packet-tampering attack to maintain data-integrity and authenticity while keeping its secrecy with a 24.21% area overhead. The proposed NoC architecture is not only able to detect the attack, but also locates the infected router and isolates it from the network

Secure data communication over mobile devices in health networks.

The continuous developments in the field of mobile computing have made it possible to use mobile devices for healthcare applications. These devices can be used by healthcare providers to collect and share patients' medical data. However, with increasing adoption of mobile devices that carry confidential data, organizations need to secure the data from unauthorized users and mobile device theft. When unencrypted data is transmitted from one device to another it faces various security threats from malicious code, unsecure networks, unauthorized access, and data theft. The objective of this research is to develop a secure data sharing solution customized for healthcare environments, which would allow authorized users to securely access and share patients' data over mobile devices. We identify the vulnerable locations in mobile communication network that can possibly be exploited by unauthorized users or malicious code to access the confidential data, and develop an efficient security protocol that provides end to end data protection without compromising device's performance. To demonstrate the feasibility of our proposed data sharing architecture, a prototype customized for Point-of-Care-Testing (POCT) scenarios was built in collaboration with Northern Health, Prince George. Simulations were performed to analyze and validate our solution against the pre-defined requirement criteria. --P. ii.The original print copy of this thesis may be available here: http://wizard.unbc.ca/record=b178382

Security of Electrical, Optical and Wireless On-Chip Interconnects: A Survey

The advancement of manufacturing technologies has enabled the integration of more intellectual property (IP) cores on the same system-on-chip (SoC). Scalable and high throughput on-chip communication architecture has become a vital component in today's SoCs. Diverse technologies such as electrical, wireless, optical, and hybrid are available for on-chip communication with different architectures supporting them. Security of the on-chip communication is crucial because exploiting any vulnerability would be a goldmine for an attacker. In this survey, we provide a comprehensive review of threat models, attacks, and countermeasures over diverse on-chip communication technologies as well as sophisticated architectures.Comment: 41 pages, 24 figures, 4 table

A Survey on Cryptography Key Management Schemes for Smart Grid

A Smart grid is a modern electricity delivery system. It is an integration of energy systems and other necessary elements including traditional upgrades and new grid technologies with renewable generation and increased consumer storage. It uses information and communication technology (ICT) to operate, monitor and control data between the generation source and the end user. Smart grids have duplex power flow and communication to achieve high efficiency, reliability, environmental, economics, security and safety standards. However, along with unique facilities, smart grids face security challenges such as access control, connectivity, fault tolerance, privacy, and other security issues. Cyber-attacks, in the recent past, on critical infrastructure including smart grids have highlighted security as a major requirement for smart grids. Therefore, cryptography and key management are necessary for smart grids to become secure and realizable. Key management schemes are processes of key organizational frameworks, distribution, generation, refresh and key storage policies. Currently, several secure schemes, related to key management for smart grid have been proposed to achieve end-to-end secure communication. This paper presents a comprehensive survey and discussion on the current state of the key management of smart grids

A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications

Cloud computing is significantly reshaping the computing industry built around core concepts such as virtualization, processing power, connectivity and elasticity to store and share IT resources via a broad network. It has emerged as the key technology that unleashes the potency of Big Data, Internet of Things, Mobile and Web Applications, and other related technologies, but it also comes with its challenges - such as governance, security, and privacy. This paper is focused on the security and privacy challenges of cloud computing with specific reference to user authentication and access management for cloud SaaS applications. The suggested model uses a framework that harnesses the stateless and secure nature of JWT for client authentication and session management. Furthermore, authorized access to protected cloud SaaS resources have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component and a Policy Activity Monitor (PAM) component have been introduced. In addition, other subcomponents such as a Policy Validation Unit (PVU) and a Policy Proxy DB (PPDB) have also been established for optimized service delivery. A theoretical analysis of the proposed model portrays a system that is secure, lightweight and highly scalable for improved cloud resource security and management.Comment: 6 Page