A dependable model for attaining maximum authetication security procedure in a grid based environment

Grid computing is an emergent computing innovation which offers endless access to computing infrastructure across various organizations (academia and industry). Since this technology allows aggregation of various computer systems for usage by different users to run applications, the information stored on it which may be sensitive and private, remains vulnerable. According to related research on the attribute based access control for grid computing there is no adequate and appropriate security mechanism to authorize and authenticate users before accessing information on a grid system. The issue of security in grid technology has not been fully addressed even though it is a precondition for optimizing grid usability. Having realized the paucity of security guarantees, this research work focuses on developing a model for securing data and applications deployed on a grid on the basis of double identity authentication and public key. The implementation of the model has undoubtedly guaranteed the security of sensitive information on a grid vis-α-vis strict adherence to security policies and protocols

A Dependable Model for Attaining Maximum Authentication Security Procedure in a Grid Based Environment

Grid computing is an emergent computing innovation which offers endless access to computing infrastructure across various organizations (academia and industry). Since this technology allows aggregation of various computer systems for usage by different users to run applications, the information stored on it which may be sensitive and private, remains vulnerable. According to related research on the attribute based access control for grid computing there is no adequate and appropriate security mechanism to authorize and authenticate users before accessing information on a grid system. The issue of security in grid technology has not been fully addressed even though it is a precondition for optimizing grid usability. Having realized the paucity of security guarantees, this research work focuses on developing a model for securing data and applications deployed on a grid on the basis of double identity authentication and public key. The implementation of the model has undoubtedly guaranteed the security of sensitive information on a grid vis-a-vis strict adherence to security policies and protocols

An access control and authorization model with Open stack cloud for Smart Grid

In compare to Authentication for identification and relationship of an identity of a user with its task and process within the system, authorization in access control is much anxious about confirming that user and its task in the form of system process, access to the assets of any particular domain is only approved when proven obedient to the identified policies. Access control and authorization is always an area of interest for researchers for enhancing security of critical assets from many decades. Our prime focus and interest is in the field of access control model based on Attribute base access control (ABAC) and with this paper we tried to integrate ABAC with openstack cloud for achieving finer level of granularity in access policies for domain like smart grid. Technical advancement of current era demands that critical infrastructure like traditional electrical grid open ups to the modern information and communication technology to get the benefit in terms of efficiency, scalability, accessibility and transparency for better adaptability in real world. Incorporation of ICT with electric grid makes it possible to do greater level of bi-directional interaction among stake holders like customer, generation units, distribution units and administrations and these leads international organization to contribute for standardization of smart grid concepts and technology so that the realization of smart grid becomes reality. Smart grid is a distributed system of very large scale by its nature and needs to integrate available legacy systems with its own security requirements. Cloud computing proven to be most efficient approach for said requirements and we have identified openstack as our cloud platform. We have integrated ABAC approach with default RBAC approach of openstack and provide a frame work that supports and integrate multiple access control polices in making authorization decisions. Smart grid domain in considered as case study which requires support of multiple access policies (RBAC, ABAC or DAC etc) with our model for access control and authorization

Role-Based Access Control for the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI)

Grid has emerged recently as an integration infrastructure for the sharing and coordinated use of diverse resources in dynamic, distributed virtual organizations (VOs). A Data Grid is an architecture for the access, exchange, and sharing of data in the Grid environment. In this dissertation, role-based access control (RBAC) systems for heterogeneous data resources in Data Grid systems are proposed. The Open Grid Services Architecture - Data Access and Integration (OGSA-DAI) is a widely used framework for the integration of heterogeneous data resources in Grid systems. However, in the OGSA-DAI system, access control causes substantial administration overhead for resource providers in VOs because each of them has to manage the authorization information for individual Grid users. Its identity-based access control mechanisms are severely inefficient and too complicated to manage because the direct mapping between users and privileges is transitory. To solve this problem, (1) the Community Authorization Service (CAS), provided by the Globus toolkit, and (2) the Shibboleth, an attribute authorization service, are used to support RBAC in the OGSA-DAI system. The Globus Toolkit is widely used software for building Grid systems. Access control policies need to be specified and managed across multiple VOs. For this purpose, the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML) is used; and for distributed administration of those policies, the Object, Metadata and Artifacts Registry (OMAR) is used. OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories. The RBAC systems allow quick and easy deployments, privacy protection, and the centralized and distributed management of privileges. They support scalable, interoperable and fine-grain access control services; dynamic delegation of rights; and user-role assignments. They also reduce the administration overheads for resource providers because they need to maintain only the mapping information from VO roles to local database roles. Resource providers maintain the ultimate authority over their resources. Moreover, unnecessary mapping and connections can be avoided by denying invalid requests at the VO level. Performance analysis shows that our RBAC systems add only a small overhead to the existing security infrastructure of OGSA-DAI

A physical overlay framework for insider threat mitigation of power system devices

Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an afterthought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.M.S

Design and Implementation of Distributed Identity and Access Management Framework for Internet of Things (IoT) Enabled Distribution Automation

The smart grid and Internet of Things (IoT) technologies play vital roles in improving the quality of services offered in traditional electrical grid. They open a room for the introduction of new services like distribution automation (DA) that has a significant advantage to both utility companies and final consumers. DA integrates sensors, actuators, intelligent electrical devices (IED) and information and communication technologies to monitor and control electrical grid. However, the integration of these technologies poses security threats to the electrical grid like Denial of Service (DoS) attacks, false data injection attacks, and masquerading attacks like system node impersonation that can transmit wrong readings, resulting in false alarm reports and hence leading to incorrect node actuation. To overcome these challenges, researchers have proposed a centralized public key infrastructure (PKI) with bridged certificate authority (CA) which is prone to DoS attacks. Moreover, the proposed blockchain based distributed identity and access management (DIAM) in IoT domain at the global scale is adding communicational and computational overheads. Also. It is imposing new security threats to the DA system by integrating it with online services like IoTEX and IoTA. For those reasons, this study proposes a DIAM security scheme to secure IoT-enabled distribution automation. The scheme divides areas into clusters and each cluster has a device registry and a registry controller. The registry controller is a command line tool to access and manage a device registry. The results show that the scheme can prevent impersonated and non-legitimate system nodes and users from accessing the system by imposing role-based access control (RBAC) at the cluster level. Keywords: Distributed Identity and Access Management; Electrical Secondary Distribution Network; Internet of Things; IoT Enabled Distribution Automation; Smart Grid Securit

A Survey on Cryptography Key Management Schemes for Smart Grid

A Smart grid is a modern electricity delivery system. It is an integration of energy systems and other necessary elements including traditional upgrades and new grid technologies with renewable generation and increased consumer storage. It uses information and communication technology (ICT) to operate, monitor and control data between the generation source and the end user. Smart grids have duplex power flow and communication to achieve high efficiency, reliability, environmental, economics, security and safety standards. However, along with unique facilities, smart grids face security challenges such as access control, connectivity, fault tolerance, privacy, and other security issues. Cyber-attacks, in the recent past, on critical infrastructure including smart grids have highlighted security as a major requirement for smart grids. Therefore, cryptography and key management are necessary for smart grids to become secure and realizable. Key management schemes are processes of key organizational frameworks, distribution, generation, refresh and key storage policies. Currently, several secure schemes, related to key management for smart grid have been proposed to achieve end-to-end secure communication. This paper presents a comprehensive survey and discussion on the current state of the key management of smart grids

PolyOrBAC: a security framework for critical infrastructures

International audienceDue to physical and logical vulnerabilities, a critical infrastructure (CI) can encounter failures of various degrees of severity, and since there are many interdependencies between CIs, simple failures can have dramatic consequences on the users. In this paper, we mainly focus on malicious threats that might affect the information and communication system that controls the Critical Infrastructure, i.e., the Critical Information Infrastructure (CII). To address the security challenges that are specific of CIIs, we propose a collaborative access control framework called PolyOrBAC. This approach offers each organization taking part in the CII the capacity of collaborating with the other ones, while maintaining a control on its resources and on its internal security policy. The interactions between organizations participating in the CII are implemented through web services (WS), and for each WS a contract is signed between the service-provider organization and the service-user organization. The contract describes the WS functions and parameters, the liability of each party and the security rules controlling the interactions. At runtime, the compliance of all interactions with these security rules is checked. Every deviation from the signed contracts triggers an alarm, the concerned parties are notified and audits can be used as evidence for sanctioning the party responsible for the deviation. Our approach is illustrated by a practical scenario, based on real emergency actions in an electric power grid infrastructure, and a simulation test bed has been implemented to animate this scenario and experiment with its security issues

The Anatomy of a Grid portal

In this paper we introduce a new way to deal with Grid portals referring to our implementation. L-GRID is a light portal to access the EGEE/EGI Grid infrastructure via Web, allowing users to submit their jobs from a common Web browser in a few minutes, without any knowledge about the Grid infrastructure. It provides the control over the complete lifecycle of a Grid Job, from its submission and status monitoring, to the output retrieval. The system, implemented as client-server architecture, is based on the Globus Grid middleware. The client side application is based on a java applet; the server relies on a Globus User Interface. There is no need of user registration on the server side, and the user needs only his own X.509 personal certificate. The system is user-friendly, secure (it uses SSL protocol, mechanism for dynamic delegation and identity creation in public key infrastructures), highly customizable, open source, and easy to install. The X.509 personal certificate does not get out from the local machine. It allows to reduce the time spent for the job submission, granting at the same time a higher efficiency and a better security level in proxy delegation and management.Comment: 6 page

A Novel Approach to Determining Real-Time Risk Probabilities in Critical Infrastructure Industrial Control Systems

Critical Infrastructure Industrial Control Systems are substantially different from their more common and ubiquitous information technology system counterparts. Industrial control systems, such as distributed control systems and supervisory control and data acquisition systems that are used for controlling the power grid, were not originally designed with security in mind. Geographically dispersed distribution, an unfortunate reliance on legacy systems and stringent availability requirements raise significant cybersecurity concerns regarding electric reliability while constricting the feasibility of many security controls. Recent North American Electric Reliability Corporation Critical Infrastructure Protection standards heavily emphasize cybersecurity concerns and specifically require entities to categorize and identify their Bulk Electric System cyber systems; and, have periodic vulnerability assessments performed on those systems. These concerns have produced an increase in the need for more Critical Infrastructure Industrial Control Systems specific cybersecurity research. Industry stakeholders have embraced the development of a large-scale test environment through the Department of Energy’s National Supervisory Control and Data Acquisition Test-bed program; however, few individuals have access to this program. This research developed a physical industrial control system test-bed on a smaller-scale that provided an environment for modeling a simulated critical infrastructure sector performing a set of automated processes for the purpose of exploring solutions and studying concepts related to compromising control systems by way of process-tampering through code exploitation, as well as, the ability to passively and subsequently identify any risks resulting from such an event. Relative to the specific step being performed within a production cycle, at a moment in time when sensory data samples were captured and analyzed, it was possible to determine the probability of a real-time risk to a mock Critical Infrastructure Industrial Control System by comparing the sample values to those derived from a previously established baseline. This research achieved such a goal by implementing a passive, spatial and task-based segregated sensor network, running in parallel to the active control system process for monitoring and detecting risk, and effectively identified a real-time risk probability within a Critical Infrastructure Industrial Control System Test-bed. The practicality of this research ranges from determining on-demand real-time risk probabilities during an automated process, to employing baseline monitoring techniques for discovering systems, or components thereof, exploited along the supply chain