1,083 research outputs found
Smart Grid Security: Threats, Challenges, and Solutions
The cyber-physical nature of the smart grid has rendered it vulnerable to a
multitude of attacks that can occur at its communication, networking, and
physical entry points. Such cyber-physical attacks can have detrimental effects
on the operation of the grid as exemplified by the recent attack which caused a
blackout of the Ukranian power grid. Thus, to properly secure the smart grid,
it is of utmost importance to: a) understand its underlying vulnerabilities and
associated threats, b) quantify their effects, and c) devise appropriate
security solutions. In this paper, the key threats targeting the smart grid are
first exposed while assessing their effects on the operation and stability of
the grid. Then, the challenges involved in understanding these attacks and
devising defense strategies against them are identified. Potential solution
approaches that can help mitigate these threats are then discussed. Last, a
number of mathematical tools that can help in analyzing and implementing
security solutions are introduced. As such, this paper will provide the first
comprehensive overview on smart grid security
Recommended from our members
The stealth episome: suppression of gene expression on the excised genomic island PPHGI-1 from Pseudomonas syringae pv. phaseolicola
Pseudomonas syringae pv. phaseolicola is the causative agent of halo blight in the common bean, Phaseolus vulgaris. P. syringae pv. phaseolicola race 4 strain 1302A contains the avirulence gene avrPphB (syn. hopAR1), which resides on PPHGI-1, a 106 kb genomic island. Loss of PPHGI-1 from P. syringae pv. phaseolicola 1302A following exposure to the hypersensitive resistance response (HR) leads to the evolution of strains with altered virulence. Here we have used fluorescent protein reporter systems to gain insight into the mobility of PPHGI-1. Confocal imaging of dual-labelled P. syringae pv. phaseolicola 1302A strain, F532 (dsRFP in chromosome and eGFP in PPHGI-1), revealed loss of PPHGI-1::eGFP encoded fluorescence during plant infection and when grown in vitro on extracted leaf apoplastic fluids. Fluorescence-activated cell sorting (FACS) of fluorescent and non-fluorescent PPHGI-1::eGFP F532 populations showed that cells lost fluorescence not only when the GI was deleted, but also when it had excised and was present as a circular episome. In addition to reduced expression of eGFP, quantitative PCR on sub-populations separated by FACS showed that transcription of other genes on PPHGI-1 (avrPphB and xerC) was also greatly reduced in F532 cells harbouring the excised PPHGI-1::eGFP episome. Our results show how virulence determinants located on mobile pathogenicity islands may be hidden from detection by host surveillance systems through the suppression of gene expression in the episomal state
Secure Set-Based State Estimation for Linear Systems under Adversarial Attacks on Sensors
When a strategic adversary can attack multiple sensors of a system and freely
choose a different set of sensors at different times, how can we ensure that
the state estimate remains uncorrupted by the attacker? The existing literature
addressing this problem mandates that the adversary can only corrupt less than
half of the total number of sensors. This limitation is fundamental to all
point-based secure state estimators because of their dependence on algorithms
that rely on majority voting among sensors. However, in reality, an adversary
with ample resources may not be limited to attacking less than half of the
total number of sensors. This paper avoids the above-mentioned fundamental
limitation by proposing a set-based approach that allows attacks on all but one
sensor at any given time. We guarantee that the true state is always contained
in the estimated set, which is represented by a collection of constrained
zonotopes, provided that the system is bounded-input-bounded-state stable and
redundantly observable via every combination of sensor subsets with size equal
to the number of uncompromised sensors. Additionally, we show that the
estimated set is secure and stable irrespective of the attack signals if the
process and measurement noises are bounded. To detect the set of attacked
sensors at each time, we propose a simple attack detection technique. However,
we acknowledge that intelligently designed stealthy attacks may not be detected
and, in the worst-case scenario, could even result in exponential growth in the
algorithm's complexity. We alleviate this shortcoming by presenting a range of
strategies that offer different levels of trade-offs between estimation
performance and complexity
Know Your Enemy: Stealth Configuration-Information Gathering in SDN
Software Defined Networking (SDN) is a network architecture that aims at
providing high flexibility through the separation of the network logic from the
forwarding functions. The industry has already widely adopted SDN and
researchers thoroughly analyzed its vulnerabilities, proposing solutions to
improve its security. However, we believe important security aspects of SDN are
still left uninvestigated. In this paper, we raise the concern of the
possibility for an attacker to obtain knowledge about an SDN network. In
particular, we introduce a novel attack, named Know Your Enemy (KYE), by means
of which an attacker can gather vital information about the configuration of
the network. This information ranges from the configuration of security tools,
such as attack detection thresholds for network scanning, to general network
policies like QoS and network virtualization. Additionally, we show that an
attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk
of being detected. We underline that the vulnerability exploited by the KYE
attack is proper of SDN and is not present in legacy networks. To address the
KYE attack, we also propose an active defense countermeasure based on network
flows obfuscation, which considerably increases the complexity for a successful
attack. Our solution offers provable security guarantees that can be tailored
to the needs of the specific network under consideratio
Recommended from our members
Predictive policing management: a brief history of patrol automation
Predictive policing has attracted considerably scholarly attention. Extending the promise of being able to interdict crime prior to its commission, it seemingly promised forms of anticipatory policing that had previously existed only in the realms of science fiction. The aesthetic futurism that attended predictive policing did, however, obscure the important historical vectors from which it emerged. The adulation of technology as a tool for achieving efficiencies in policing was evident from the 1920s in the United States, reaching sustained momentum in the 1960s as the methods of Systems Analysis were applied to policing. Underpinning these efforts resided an imaginary of automated patrol facilitated by computerised command and control systems. The desire to automate police work has extended into the present, and is evident in an emergent platform policing – cloud-based technological architectures that increasingly enfold police work. Policing is consequently datafied, commodified and integrated into the circuits of contemporary digital capitalism
- …