IMPROVING SMART GRID SECURITY USING MERKLE TREES

Abstract—Presently nations worldwide are starting to convert their aging electrical power infrastructures into modern, dynamic power grids. Smart Grid offers much in the way of efficiencies and robustness to the electrical power grid, however its heavy reliance on communication networks will leave it more vulnerable to attack than present day grids. This paper looks at the threat to public key cryptography systems from a fully realized quantum computer and how this could impact the Smart Grid. We argue for the use of Merkle Trees in place of public key cryptography for authentication of devices in wireless mesh networks that are used in Smart Grid applications

Authentication techniques in smart grid: a systematic review

Smart Grid (SG) provides enhancement to existing grids with two-way communication between the utility, sensors, and consumers, by deploying smart sensors to monitor and manage power consumption. However due to the vulnerability of SG, secure component authenticity necessitates robust authentication approaches relative to limited resource availability (i.e. in terms of memory and computational power). SG communication entails optimum efficiency of authentication approaches to avoid any extraneous burden. This systematic review analyses 27 papers on SG authentication techniques and their effectiveness in mitigating certain attacks. This provides a basis for the design and use of optimized SG authentication approaches

Contributions to the privacy provisioning for federated identity management platforms

Identity information, personal data and user’s profiles are key assets for organizations and companies by becoming the use of identity management (IdM) infrastructures a prerequisite for most companies, since IdM systems allow them to perform their business transactions by sharing information and customizing services for several purposes in more efficient and effective ways. Due to the importance of the identity management paradigm, a lot of work has been done so far resulting in a set of standards and specifications. According to them, under the umbrella of the IdM paradigm a person’s digital identity can be shared, linked and reused across different domains by allowing users simple session management, etc. In this way, users’ information is widely collected and distributed to offer new added value services and to enhance availability. Whereas these new services have a positive impact on users’ life, they also bring privacy problems. To manage users’ personal data, while protecting their privacy, IdM systems are the ideal target where to deploy privacy solutions, since they handle users’ attribute exchange. Nevertheless, current IdM models and specifications do not sufficiently address comprehensive privacy mechanisms or guidelines, which enable users to better control over the use, divulging and revocation of their online identities. These are essential aspects, specially in sensitive environments where incorrect and unsecured management of user’s data may lead to attacks, privacy breaches, identity misuse or frauds. Nowadays there are several approaches to IdM that have benefits and shortcomings, from the privacy perspective. In this thesis, the main goal is contributing to the privacy provisioning for federated identity management platforms. And for this purpose, we propose a generic architecture that extends current federation IdM systems. We have mainly focused our contributions on health care environments, given their particularly sensitive nature. The two main pillars of the proposed architecture, are the introduction of a selective privacy-enhanced user profile management model and flexibility in revocation consent by incorporating an event-based hybrid IdM approach, which enables to replace time constraints and explicit revocation by activating and deactivating authorization rights according to events. The combination of both models enables to deal with both online and offline scenarios, as well as to empower the user role, by letting her to bring together identity information from different sources. Regarding user’s consent revocation, we propose an implicit revocation consent mechanism based on events, that empowers a new concept, the sleepyhead credentials, which is issued only once and would be used any time. Moreover, we integrate this concept in IdM systems supporting a delegation protocol and we contribute with the definition of mathematical model to determine event arrivals to the IdM system and how they are managed to the corresponding entities, as well as its integration with the most widely deployed specification, i.e., Security Assertion Markup Language (SAML). In regard to user profile management, we define a privacy-awareness user profile management model to provide efficient selective information disclosure. With this contribution a service provider would be able to accesses the specific personal information without being able to inspect any other details and keeping user control of her data by controlling who can access. The structure that we consider for the user profile storage is based on extensions of Merkle trees allowing for hash combining that would minimize the need of individual verification of elements along a path. An algorithm for sorting the tree as we envision frequently accessed attributes to be closer to the root (minimizing the access’ time) is also provided. Formal validation of the above mentioned ideas has been carried out through simulations and the development of prototypes. Besides, dissemination activities were performed in projects, journals and conferences.Programa Oficial de Doctorado en Ingeniería TelemáticaPresidente: María Celeste Campo Vázquez.- Secretario: María Francisca Hinarejos Campos.- Vocal: Óscar Esparza Martí

Using Distributed Ledger Technologies in VANETs to Achieve Trusted Intelligent Transportation Systems

With the recent advancements in the networking realm of computers as well as achieving real-time communication between devices over the Internet, IoT (Internet of Things) devices have been on the rise; collecting, sharing, and exchanging data with other connected devices or databases online, enabling all sorts of communications and operations without the need for human intervention, oversight, or control. This has caused more computer-based systems to get integrated into the physical world, inching us closer towards developing smart cities. The automotive industry, alongside other software developers and technology companies have been at the forefront of this advancement towards achieving smart cities. Currently, transportation networks need to be revamped to utilize the massive amounts of data being generated by the public’s vehicle’s on-board devices, as well as other integrated sensors on public transit systems, local roads, and highways. This will create an interconnected ecosystem that can be leveraged to improve traffic efficiency and reliability. Currently, Vehicular Ad-hoc Networks (VANETs) such as vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-grid (V2G) communications, all play a major role in supporting road safety, traffic efficiency, and energy savings. To protect these devices and the networks they form from being targets of cyber-related attacks, this paper presents ideas on how to leverage distributed ledger technologies (DLT) to establish secure communication between vehicles that is decentralized, trustless, and immutable. Incorporating IOTA’s protocols, as well as utilizing Ethereum’s smart contracts functionality and application concepts with VANETs, all interoperating with Hyperledger’s Fabric framework, several novel ideas can be implemented to improve traffic safety and efficiency. Such a modular design also opens up the possibility to further investigate use cases of the blockchain and distributed ledger technologies in creating a decentralized intelligent transportation system (ITS)

Bringing data minimization to digital wallets at scale with general-purpose zero-knowledge proofs

Today, digital identity management for individuals is either inconvenient and error-prone or creates undesirable lock-in effects and violates privacy and security expectations. These shortcomings inhibit the digital transformation in general and seem particularly concerning in the context of novel applications such as access control for decentralized autonomous organizations and identification in the Metaverse. Decentralized or self-sovereign identity (SSI) aims to offer a solution to this dilemma by empowering individuals to manage their digital identity through machine-verifiable attestations stored in a "digital wallet" application on their edge devices. However, when presented to a relying party, these attestations typically reveal more attributes than required and allow tracking end users' activities. Several academic works and practical solutions exist to reduce or avoid such excessive information disclosure, from simple selective disclosure to data-minimizing anonymous credentials based on zero-knowledge proofs (ZKPs). We first demonstrate that the SSI solutions that are currently built with anonymous credentials still lack essential features such as scalable revocation, certificate chaining, and integration with secure elements. We then argue that general-purpose ZKPs in the form of zk-SNARKs can appropriately address these pressing challenges. We describe our implementation and conduct performance tests on different edge devices to illustrate that the performance of zk-SNARK-based anonymous credentials is already practical. We also discuss further advantages that general-purpose ZKPs can easily provide for digital wallets, for instance, to create "designated verifier presentations" that facilitate new design options for digital identity infrastructures that previously were not accessible because of the threat of man-in-the-middle attacks

THE PLACE OF INDUSTRIAL POLICY IN THE ADOPTION OF BLOCKCHAIN TECHNOLOGY IN NIGERIA

The world has metamorphosed to a higher realm due to current technological innovations and advancements in computer science by introducing blockchain technology. Hence, this paper reviews the place of industrial policy in the adoption of blockchain technology in the modern Nigerian society. The objectives of the paper included highlighting the application, the benefits as well as the challenges in the adoption of blockchain technology in Nigeria. By utilizing the Theory of Planned Behaviour, the paper revealed energy sector, fintech, trading business and media etc as areas where blockchain technology is applicable in Nigeria. It also revealed security problem, lack of data protection, technological know-how and lack of constant power supply among others as the challenges facing the adoption of blockchain technology in Nigeria. The paper equally highlighted job creation, increased efficiency, improved transparency and accountability and decentralised mode of transactions among others as the benefits. These benefits and challenges suggest the need for government and industries to regulate blockchain technology by drafting an adoption framework and policies that is consumer based and providing guidelines for service providers. The paper concluded that blockchain technology has come to stay with us and therefore recommended capacity building, public-private partnerships, incentives for blockchain businesses, monitoring and evaluation be put in place to enhance the adoption of blockchain technology amidst industrial policies in Nigeria