24,334 research outputs found
Multi-Layer Cyber-Physical Security and Resilience for Smart Grid
The smart grid is a large-scale complex system that integrates communication
technologies with the physical layer operation of the energy systems. Security
and resilience mechanisms by design are important to provide guarantee
operations for the system. This chapter provides a layered perspective of the
smart grid security and discusses game and decision theory as a tool to model
the interactions among system components and the interaction between attackers
and the system. We discuss game-theoretic applications and challenges in the
design of cross-layer robust and resilient controller, secure network routing
protocol at the data communication and networking layers, and the challenges of
the information security at the management layer of the grid. The chapter will
discuss the future directions of using game-theoretic tools in addressing
multi-layer security issues in the smart grid.Comment: 16 page
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
Recommended from our members
Secure communication using dynamic VPN provisioning in an Inter-Cloud environment
Most of the current cloud computing platforms offer Infrastructure as a Service (IaaS) model, which aims to provision basic virtualised computing resources as on-demand and dynamic services. Nevertheless, a single cloud does not have limitless resources to offer to its users, hence the notion of an Inter-Cloud enviroment where a cloud can use the infrastructure resources of other clouds. However, there is no common framework in existence that allows the srevice owners to seamlessly provision even some basic services across multiple cloud service providers, albeit not due to any inherent incompatibility or proprietary nature of the foundation technologies on which these cloud platforms are built. In this paper we present a novel solution which aims to cover a gap in a subsection of this problem domain. Our solution offer a security architecture that enables service owners to provision a dynamic and service-oriented secure virtual private network on top of multiple cloud IaaS providers. It does this by leveraging the scalability, robustness and flexibility of peer- to-peer overlay techniques to eliminate the manual configuration, key management and peer churn problems encountered in setting up the secure communication channels dynamically, between different components of a typical service that is deployed on multiple clouds. We present the implementation details of our solution as well as experimental results carried out on two commercial clouds
Software Defined Networks based Smart Grid Communication: A Comprehensive Survey
The current power grid is no longer a feasible solution due to
ever-increasing user demand of electricity, old infrastructure, and reliability
issues and thus require transformation to a better grid a.k.a., smart grid
(SG). The key features that distinguish SG from the conventional electrical
power grid are its capability to perform two-way communication, demand side
management, and real time pricing. Despite all these advantages that SG will
bring, there are certain issues which are specific to SG communication system.
For instance, network management of current SG systems is complex, time
consuming, and done manually. Moreover, SG communication (SGC) system is built
on different vendor specific devices and protocols. Therefore, the current SG
systems are not protocol independent, thus leading to interoperability issue.
Software defined network (SDN) has been proposed to monitor and manage the
communication networks globally. This article serves as a comprehensive survey
on SDN-based SGC. In this article, we first discuss taxonomy of advantages of
SDNbased SGC.We then discuss SDN-based SGC architectures, along with case
studies. Our article provides an in-depth discussion on routing schemes for
SDN-based SGC. We also provide detailed survey of security and privacy schemes
applied to SDN-based SGC. We furthermore present challenges, open issues, and
future research directions related to SDN-based SGC.Comment: Accepte
Enabling Disaster Resilient 4G Mobile Communication Networks
The 4G Long Term Evolution (LTE) is the cellular technology expected to
outperform the previous generations and to some extent revolutionize the
experience of the users by taking advantage of the most advanced radio access
techniques (i.e. OFDMA, SC-FDMA, MIMO). However, the strong dependencies
between user equipments (UEs), base stations (eNBs) and the Evolved Packet Core
(EPC) limit the flexibility, manageability and resiliency in such networks. In
case the communication links between UEs-eNB or eNB-EPC are disrupted, UEs are
in fact unable to communicate. In this article, we reshape the 4G mobile
network to move towards more virtual and distributed architectures for
improving disaster resilience, drastically reducing the dependency between UEs,
eNBs and EPC. The contribution of this work is twofold. We firstly present the
Flexible Management Entity (FME), a distributed entity which leverages on
virtualized EPC functionalities in 4G cellular systems. Second, we introduce a
simple and novel device-todevice (D2D) communication scheme allowing the UEs in
physical proximity to communicate directly without resorting to the
coordination with an eNB.Comment: Submitted to IEEE Communications Magazin
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Disaster-Resilient Control Plane Design and Mapping in Software-Defined Networks
Communication networks, such as core optical networks, heavily depend on
their physical infrastructure, and hence they are vulnerable to man-made
disasters, such as Electromagnetic Pulse (EMP) or Weapons of Mass Destruction
(WMD) attacks, as well as to natural disasters. Large-scale disasters may cause
huge data loss and connectivity disruption in these networks. As our dependence
on network services increases, the need for novel survivability methods to
mitigate the effects of disasters on communication networks becomes a major
concern. Software-Defined Networking (SDN), by centralizing control logic and
separating it from physical equipment, facilitates network programmability and
opens up new ways to design disaster-resilient networks. On the other hand, to
fully exploit the potential of SDN, along with data-plane survivability, we
also need to design the control plane to be resilient enough to survive network
failures caused by disasters. Several distributed SDN controller architectures
have been proposed to mitigate the risks of overload and failure, but they are
optimized for limited faults without addressing the extent of large-scale
disaster failures. For disaster resiliency of the control plane, we propose to
design it as a virtual network, which can be solved using Virtual Network
Mapping techniques. We select appropriate mapping of the controllers over the
physical network such that the connectivity among the controllers
(controller-to-controller) and between the switches to the controllers
(switch-to-controllers) is not compromised by physical infrastructure failures
caused by disasters. We formally model this disaster-aware control-plane design
and mapping problem, and demonstrate a significant reduction in the disruption
of controller-to-controller and switch-to-controller communication channels
using our approach.Comment: 6 page
- …