Security hardened remote terminal units for SCADA networks.

Remote terminal units (RTUs) are perimeter supervisory control and data acquisition (SCADA) devices that measure and control actual physical devices. Cyber security was largely ignored in SCADA for many years, and the cyber security issues that now face SCADA and DCS, specifically RTU security, are investigated in this research. This dissertation presents a new role based access control model designed specifically for RTUs and process control. The model is developed around the process control specific data element called a point, and point operations. The model includes: assignment constraints that limit the RTU operations that a specific role can be assigned and activation constraints that allow a security administrator to specify conditions when specific RTU roles or RTU permissions cannot be used. RTU enforcement of the new access control model depends on, and is supported by, the protection provided by an RTU\u27s operating system. This dissertation investigates two approaches for using minimal kernels to reduce potential vulnerabilities in RTU protection enforcement and create a security hardened RTU capable of supporting the new RTU access control model. The first approach is to reduce a commercial OS kernel to only those components needed by the RTU, removing any known or unknown vulnerabilities contained in the eliminated code and significantly reducing the size of the kernel. The second approach proposes using a microkernel that supports partitioning as the basis for an RTU specific operating system which isolates network related RTU software, the RTU attack surface, from critical RTU operational software such as control algorithms and analog and digital input and output. In experimental analysis of a prototype hardened RTU connected to real SCADA hardware, a reduction of over 50% was obtained in reducing a 2.4 Linux kernel to run on actual RTU hardware. Functional testing demonstrated that different users were able to carryout assigned tasks with the limited set of permissions provided by the security hardened RTU and a series of simulated insider attacks were prevented by the RTU role based access control system. Analysis of communication times indicated response times would be acceptable for many SCADA and DCS application areas. Investigation of a partitioning microkernel for an RTU identified the L4 microkernel as an excellent candidate. Experimental evaluation of L4 on real hardware found the IPC overhead for simulated critical RTU operations protected by L4 partitioning to be sufficiently small to warrant continued investigation of the approach

System-on-chip architecture for secure sub-microsecond synchronization systems

213 p.En esta tesis, se pretende abordar los problemas que conlleva la protección cibernética del Precision Time Protocol (PTP). Éste es uno de los protocolos de comunicación más sensibles de entre los considerados por los organismos de estandarización para su aplicación en las futuras Smart Grids o redes eléctricas inteligentes. PTP tiene como misión distribuir una referencia de tiempo desde un dispositivo maestro al resto de dispositivos esclavos, situados dentro de una misma red, de forma muy precisa. El protocolo es altamente vulnerable, ya que introduciendo tan sólo un error de tiempo de un microsegundo, pueden causarse graves problemas en las funciones de protección del equipamiento eléctrico, o incluso detener su funcionamiento. Para ello, se propone una nueva arquitectura System-on-Chip basada en dispositivos reconfigurables, con el objetivo de integrar el protocolo PTP y el conocido estándar de seguridad MACsec para redes Ethernet. La flexibilidad que los modernos dispositivos reconfigurables proporcionan, ha sido aprovechada para el diseño de una arquitectura en la que coexisten procesamiento hardware y software. Los resultados experimentales avalan la viabilidad de utilizar MACsec para proteger la sincronización en entornos industriales, sin degradar la precisión del protocolo

An experimental and analytical method for assessing the integration of electric vehicles into the bulk power system

In recent years, several trends are indicating a move towards a very different bulk power system. Increased integration of renewables, energy storage, synchrophasors, microgrids, Internet of Things devices, and electric vehicles are increasing the complexity of the system. While these changes have the potential to lead to significant reductions in environmental impact and peak demand growth, they also require significantly stronger, granular, and faster-moving controls to ensure reliability and resiliency. Previous research shows that electric vehicles have the potential to significantly reduce global (e.g., CO2), and regional (e.g., particulate) emissions associated with transportation. As fast-responding flexible loads, it was hypothesized that electric vehicles could participate in reliability-centric markets. To study the integration of these vehicles into the bulk power system, this project involved building an experimental charging system for electric vehicles with bulk modeling of the electric grid. This research test bed was developed in Taylor, Texas, to analyze real-world behavior of EVs in response to control signals. The diverse group of participating vehicles provided rapid response between 1/6 and 1/2 second, suggesting a strong capacity for providing grid reliability services. Successful real-world tests of primary frequency response and dispatched load control highlight the scalability of this approach. Vehicle charging patterns (as measured by load ramp and current waveform at peak) were observed to be clustered by vehicle make, indicating predictive value of high-resolution waveform measurement at the beginning of a charging session. Simulation of a network with intermittent renewables shows that inclusion of these rapidly responding EVs can strengthen system stability in normal, black start, and islanded situations. It shows that controlled EV charging can provide reliable means for improved renewables integration. The aggregation of electric vehicle charging can certainly provide fast-responding services that provide frequency support, congestion management, synthetic inertia, and many other useful services of significant value to the reliability of the bulk power systemElectrical and Computer Engineerin

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

System-on-chip architecture for secure sub-microsecond synchronization systems

213 p.En esta tesis, se pretende abordar los problemas que conlleva la protección cibernética del Precision Time Protocol (PTP). Éste es uno de los protocolos de comunicación más sensibles de entre los considerados por los organismos de estandarización para su aplicación en las futuras Smart Grids o redes eléctricas inteligentes. PTP tiene como misión distribuir una referencia de tiempo desde un dispositivo maestro al resto de dispositivos esclavos, situados dentro de una misma red, de forma muy precisa. El protocolo es altamente vulnerable, ya que introduciendo tan sólo un error de tiempo de un microsegundo, pueden causarse graves problemas en las funciones de protección del equipamiento eléctrico, o incluso detener su funcionamiento. Para ello, se propone una nueva arquitectura System-on-Chip basada en dispositivos reconfigurables, con el objetivo de integrar el protocolo PTP y el conocido estándar de seguridad MACsec para redes Ethernet. La flexibilidad que los modernos dispositivos reconfigurables proporcionan, ha sido aprovechada para el diseño de una arquitectura en la que coexisten procesamiento hardware y software. Los resultados experimentales avalan la viabilidad de utilizar MACsec para proteger la sincronización en entornos industriales, sin degradar la precisión del protocolo

System-on-chip architecture for secure sub-microsecond synchronization systems

213 p.En esta tesis, se pretende abordar los problemas que conlleva la protección cibernética del Precision Time Protocol (PTP). Éste es uno de los protocolos de comunicación más sensibles de entre los considerados por los organismos de estandarización para su aplicación en las futuras Smart Grids o redes eléctricas inteligentes. PTP tiene como misión distribuir una referencia de tiempo desde un dispositivo maestro al resto de dispositivos esclavos, situados dentro de una misma red, de forma muy precisa. El protocolo es altamente vulnerable, ya que introduciendo tan sólo un error de tiempo de un microsegundo, pueden causarse graves problemas en las funciones de protección del equipamiento eléctrico, o incluso detener su funcionamiento. Para ello, se propone una nueva arquitectura System-on-Chip basada en dispositivos reconfigurables, con el objetivo de integrar el protocolo PTP y el conocido estándar de seguridad MACsec para redes Ethernet. La flexibilidad que los modernos dispositivos reconfigurables proporcionan, ha sido aprovechada para el diseño de una arquitectura en la que coexisten procesamiento hardware y software. Los resultados experimentales avalan la viabilidad de utilizar MACsec para proteger la sincronización en entornos industriales, sin degradar la precisión del protocolo

Actas de la XIII Reunión Española sobre Criptología y Seguridad de la Información RECSI XIII : Alicante, 2-5 de septiembre de 2014

Si tuviéramos que elegir un conjunto de palabras clave para definir la sociedad actual, sin duda el término información sería uno de los más representativos. Vivimos en un mundo caracterizado por un continuo flujo de información en el que las Tecnologías de la Información y Comunicación (TIC) y las Redes Sociales desempeñan un papel relevante. En la Sociedad de la Información se generan gran variedad de datos en formato digital, siendo la protección de los mismos frente a accesos y usos no autorizados el objetivo principal de lo que conocemos como Seguridad de la Información. Si bien la Criptología es una herramienta tecnológica básica, dedicada al desarrollo y análisis de sistemas y protocolos que garanticen la seguridad de los datos, el espectro de tecnologías que intervienen en la protección de la información es amplio y abarca diferentes disciplinas. Una de las características de esta ciencia es su rápida y constante evolución, motivada en parte por los continuos avances que se producen en el terreno de la computación, especialmente en las últimas décadas. Sistemas, protocolos y herramientas en general considerados seguros en la actualidad dejarán de serlo en un futuro más o menos cercano, lo que hace imprescindible el desarrollo de nuevas herramientas que garanticen, de forma eficiente, los necesarios niveles de seguridad. La Reunión Española sobre Criptología y Seguridad de la Información (RECSI) es el congreso científico español de referencia en el ámbito de la Criptología y la Seguridad en las TIC, en el que se dan cita periódicamente los principales investigadores españoles y de otras nacionalidades en esta disciplina, con el fin de compartir los resultados más recientes de su investigación. Del 2 al 5 de septiembre de 2014 se celebrará la decimotercera edición en la ciudad de Alicante, organizada por el grupo de Criptología y Seguridad Computacional de la Universidad de Alicante. Las anteriores ediciones tuvieron lugar en Palma de Mallorca (1991), Madrid (1992), Barcelona (1994), Valladolid (1996), Torremolinos (1998), Santa Cruz de Tenerife (2000), Oviedo (2002), Leganés (2004), Barcelona (2006), Salamanca (2008), Tarragona (2010) y San Sebastián (2012)

A systematic design approach to IOT security for legacy production machinery

The Internet of Things (IoT) is an emerging topic of rapidly growing technical importance for the industry. The aim is to connect objects with unique identifiers and combine them with internet connectivity for data transfer. This advanced connectivity has significant potential in the workshop-level upgrade of existing legacy equipment to unlock new features and economic benefits especially for monitoring and control applications However, the introduction of the Industrial Internet of Things (IIoT) brings new additional security and integrity risks for the industrial environment in the form of network, communication, software and hardware security risks. This thesis addresses such fundamental new risks at their root by introducing a novel approach for IoT-enabled monitoring of legacy production machinery, which consist of five stages, incorporating security by design features. The first two phases of this novel approach aim to analyse current monitoring practices and security and vulnerability issues related to the application domain. The proposed approach applies three more stages which make the domain-relevant analysis to become application specific. These include a detailed model of the application context on legacy production machinery monitoring, together with its interfaces and functionality, implementing threat mitigations combined with a new modular IoT DAQ unit mechanism, validated by functional tests against Denial of Service (DoS) and clone attacks. Thus, to be effective, the design approach is further developed with application-specific functionality. This research demonstrates an instance of this innovative riskaverse design thinking through introducing an IoT device design which is applicable to a wide set of industrial scenarios. A practical showcase example of a specific implementation of the generic IoT design is given through a concrete industrial application that upgrades existing legacy machine tool equipment. The reported work establishes a novel viewpoint for the understanding of IoT security risks and their consequent mitigation, opening a new space of riskaverse designs that can bring significant confidence in data, safety, and security of IoT-enabled industry.Manufacturin

SECURE REAL-TIME SMART GRID COMMUNICATIONS: A MICROGRID PERSPECTIVE

Microgrids are a key component in the evolution of the power grid. Microgrids are required to operate in both grid connected and standalone island mode using local sources of power. A major challenge in implementing microgrids is the communications and control to support transition from grid connected mode and operation in island mode. In this dissertation we propose a distributed control architecture to govern the operation of a microgrid. The func- tional communication requirements of primary, secondary and tertiary microgrid controls are considered. Communication technology media and protocols are laid out and a worst-case availability and latency analysis is provided. Cyber Security challenges to microgrids are ex- amined and we propose a secure communication architecture to support microgrid operation and control. A security model, including network, data, and attack models, is defined and a security protocol to address the real-time communication needs of microgrids is proposed. We propose a novel security protocol that is custom tailored to meet those challenges. The chosen solution is discussed in the context of other security options available in the liter- ature. We build and develop a microgrid co-simulation model of both the power system and communication networks, that is used to simulate the two fundamental microgrid power transition functions - transition from island to grid connected mode, and grid connected to island mode. The proposed distributed control and security architectures are analyzed in terms of performance. We further characterize the response of the power and communication subsystems in emergency situations: forced islanding and forced grid modes. Based on our findings, we generalize the results to the smart grid