6,891 research outputs found
A taxonomy of cyber-physical threats and impact in the smart home
In the past, home automation was a small market for technology enthusiasts. Interconnectivity between devices was down to the owner’s technical skills and creativity, while security was non-existent or primitive, because cyber threats were also largely non-existent or primitive. This is not the case any more. The adoption of Internet of Things technologies, cloud computing, artificial intelligence and an increasingly wide range of sensing and actuation capabilities has led to smart homes that are more practical, but also genuinely attractive targets for cyber attacks. Here, we classify applicable cyber threats according to a novel taxonomy, focusing not only on the attack vectors that can be used, but also the potential impact on the systems and ultimately on the occupants and their domestic life. Utilising the taxonomy, we classify twenty five different smart home attacks, providing further examples of legitimate, yet vulnerable smart home configurations which can lead to second-order attack vectors. We then review existing smart home defence mechanisms and discuss open research problems
Software Defined Networks based Smart Grid Communication: A Comprehensive Survey
The current power grid is no longer a feasible solution due to
ever-increasing user demand of electricity, old infrastructure, and reliability
issues and thus require transformation to a better grid a.k.a., smart grid
(SG). The key features that distinguish SG from the conventional electrical
power grid are its capability to perform two-way communication, demand side
management, and real time pricing. Despite all these advantages that SG will
bring, there are certain issues which are specific to SG communication system.
For instance, network management of current SG systems is complex, time
consuming, and done manually. Moreover, SG communication (SGC) system is built
on different vendor specific devices and protocols. Therefore, the current SG
systems are not protocol independent, thus leading to interoperability issue.
Software defined network (SDN) has been proposed to monitor and manage the
communication networks globally. This article serves as a comprehensive survey
on SDN-based SGC. In this article, we first discuss taxonomy of advantages of
SDNbased SGC.We then discuss SDN-based SGC architectures, along with case
studies. Our article provides an in-depth discussion on routing schemes for
SDN-based SGC. We also provide detailed survey of security and privacy schemes
applied to SDN-based SGC. We furthermore present challenges, open issues, and
future research directions related to SDN-based SGC.Comment: Accepte
Investigating the tension between cloud-related actors and individual privacy rights
Historically, little more than lip service has been paid to the rights of individuals to act to preserve their own privacy. Personal information is frequently exploited for commercial gain, often without the person’s knowledge or permission. New legislation, such as the EU General Data Protection Regulation Act, has acknowledged the need for legislative protection. This Act places the onus on service providers to preserve the confidentiality of their users’ and customers’ personal information, on pain of punitive fines for lapses. It accords special privileges to users, such as the right to be forgotten. This regulation has global jurisdiction covering the rights of any EU resident, worldwide. Assuring this legislated privacy protection presents a serious challenge, which is exacerbated in the cloud environment. A considerable number of actors are stakeholders in cloud ecosystems. Each has their own agenda and these are not necessarily well aligned. Cloud service providers, especially those offering social media services, are interested in growing their businesses and maximising revenue. There is a strong incentive for them to capitalise on their users’ personal information and usage information. Privacy is often the first victim. Here, we examine the tensions between the various cloud actors and propose a framework that could be used to ensure that privacy is preserved and respected in cloud systems
Evaluation of Cybersecurity Threats on Smart Metering System
Smart metering has emerged as the next-generation of energy distribution, consumption, and monitoring systems via the convergence of power engineering and information and communication technology (ICT) integration otherwise known as smart grid systems. While the innovation is advancing the future power generation, distribution, consumption monitoring and information delivery, the success of the platform is positively correlated to the thriving integration of technologies upon which the system is built. Nonetheless, the rising trend of cybersecurity attacks on cyber infrastructure and its dependent systems coupled with the system’s inherent vulnerabilities present a source of concern not only to the vendors but also the consumers. These security concerns need to be addressed in order to increase consumer confidence so as to ensure greatest adoption and success of smart metering. In this paper, we present a functional communication architecture of the smart metering system. Following that, we demonstrate and discuss the taxonomy of smart metering common vulnerabilities exposure, upon which sophisticated threats can capitalize. We then introduce countermeasure techniques, whose integration is considered pivotal for achieving security protection against existing and future sophisticated attacks on smart metering systems
Recommended from our members
Social engineering in the internet of everything
The Internet of Everything is becoming a reality, with fridges, smart TVs, cars, medical monitoring equipment and industrial control systems all communicating via the Internet. There have already been cases where smart toys have been exploited by hackers to steal personal information. Social engineering attacks on these devices which have little or no security are already a reality with hackers being quick to exploit any weakness in cyber space. This article reviews past cases, gives three scenarios which could lead to the owner of an IoT device giving private information to hackers and then proposes defence recommendations
A critical review of cyber-physical security for building automation systems
Modern Building Automation Systems (BASs), as the brain that enables the
smartness of a smart building, often require increased connectivity both among
system components as well as with outside entities, such as optimized
automation via outsourced cloud analytics and increased building-grid
integrations. However, increased connectivity and accessibility come with
increased cyber security threats. BASs were historically developed as closed
environments with limited cyber-security considerations. As a result, BASs in
many buildings are vulnerable to cyber-attacks that may cause adverse
consequences, such as occupant discomfort, excessive energy usage, and
unexpected equipment downtime. Therefore, there is a strong need to advance the
state-of-the-art in cyber-physical security for BASs and provide practical
solutions for attack mitigation in buildings. However, an inclusive and
systematic review of BAS vulnerabilities, potential cyber-attacks with impact
assessment, detection & defense approaches, and cyber-secure resilient control
strategies is currently lacking in the literature. This review paper fills the
gap by providing a comprehensive up-to-date review of cyber-physical security
for BASs at three levels in commercial buildings: management level, automation
level, and field level. The general BASs vulnerabilities and protocol-specific
vulnerabilities for the four dominant BAS protocols are reviewed, followed by a
discussion on four attack targets and seven potential attack scenarios. The
impact of cyber-attacks on BASs is summarized as signal corruption, signal
delaying, and signal blocking. The typical cyber-attack detection and defense
approaches are identified at the three levels. Cyber-secure resilient control
strategies for BASs under attack are categorized into passive and active
resilient control schemes. Open challenges and future opportunities are finally
discussed.Comment: 38 pages, 7 figures, 6 tables, submitted to Annual Reviews in Contro
Evaluating Resilience of Cyber-Physical-Social Systems
Nowadays, protecting the network is not the only security concern. Still, in cyber security,
websites and servers are becoming more popular as targets due to the ease with which
they can be accessed when compared to communication networks. Another threat in
cyber physical social systems with human interactions is that they can be attacked and
manipulated not only by technical hacking through networks, but also by manipulating
people and stealing users’ credentials. Therefore, systems should be evaluated beyond cy-
ber security, which means measuring their resilience as a piece of evidence that a system
works properly under cyber-attacks or incidents. In that way, cyber resilience is increas-
ingly discussed and described as the capacity of a system to maintain state awareness for
detecting cyber-attacks. All the tasks for making a system resilient should proactively
maintain a safe level of operational normalcy through rapid system reconfiguration to
detect attacks that would impact system performance. In this work, we broadly studied
a new paradigm of cyber physical social systems and defined a uniform definition of it.
To overcome the complexity of evaluating cyber resilience, especially in these inhomo-
geneous systems, we proposed a framework including applying Attack Tree refinements
and Hierarchical Timed Coloured Petri Nets to model intruder and defender behaviors
and evaluate the impact of each action on the behavior and performance of the system.Hoje em dia, proteger a rede não é a única preocupação de segurança. Ainda assim, na
segurança cibernética, sites e servidores estão se tornando mais populares como alvos
devido à facilidade com que podem ser acessados quando comparados às redes de comu-
nicação. Outra ameaça em sistemas sociais ciberfisicos com interações humanas é que eles
podem ser atacados e manipulados não apenas por hackers técnicos através de redes, mas
também pela manipulação de pessoas e roubo de credenciais de utilizadores. Portanto, os
sistemas devem ser avaliados para além da segurança cibernética, o que significa medir
sua resiliência como uma evidência de que um sistema funciona adequadamente sob
ataques ou incidentes cibernéticos. Dessa forma, a resiliência cibernética é cada vez mais
discutida e descrita como a capacidade de um sistema manter a consciência do estado para
detectar ataques cibernéticos. Todas as tarefas para tornar um sistema resiliente devem
manter proativamente um nível seguro de normalidade operacional por meio da reconfi-
guração rápida do sistema para detectar ataques que afetariam o desempenho do sistema.
Neste trabalho, um novo paradigma de sistemas sociais ciberfisicos é amplamente estu-
dado e uma definição uniforme é proposta. Para superar a complexidade de avaliar a
resiliência cibernética, especialmente nesses sistemas não homogéneos, é proposta uma
estrutura que inclui a aplicação de refinamentos de Árvores de Ataque e Redes de Petri
Coloridas Temporizadas Hierárquicas para modelar comportamentos de invasores e de-
fensores e avaliar o impacto de cada ação no comportamento e desempenho do sistema
- …