Special Session on Industry 4.0

No abstract available

MARINE: Man-in-the-middle attack resistant trust model IN connEcted vehicles

Vehicular Ad-hoc NETwork (VANET), a novel technology holds a paramount importance within the transportation domain due to its abilities to increase traffic efficiency and safety. Connected vehicles propagate sensitive information which must be shared with the neighbors in a secure environment. However, VANET may also include dishonest nodes such as Man-in-the-Middle (MiTM) attackers aiming to distribute and share malicious content with the vehicles, thus polluting the network with compromised information. In this regard, establishing trust among connected vehicles can increase security as every participating vehicle will generate and propagate authentic, accurate and trusted content within the network. In this paper, we propose a novel trust model, namely, Man-in-the-middle Attack Resistance trust model IN connEcted vehicles (MARINE), which identifies dishonest nodes performing MiTM attacks in an efficient way as well as revokes their credentials. Every node running MARINE system first establishes trust for the sender by performing multi-dimensional plausibility checks. Once the receiver verifies the trustworthiness of the sender, the received data is then evaluated both directly and indirectly. Extensive simulations are carried out to evaluate the performance and accuracy of MARINE rigorously across three MiTM attacker models and the bench-marked trust model. Simulation results show that for a network containing 35% MiTM attackers, MARINE outperforms the state of the art trust model by 15%, 18%, and 17% improvements in precision, recall and F-score, respectively.N/A

A Capability-Centric Approach to Cyber Risk Assessment and Mitigation

Cyber-enabled systems are increasingly ubiquitous and interconnected, showing up in traditional enterprise settings as well as increasingly diverse contexts, including critical infrastructure, avionics, cars, smartphones, home automation, and medical devices. Meanwhile, the impact of cyber attacks against these systems on our missions, business objectives, and personal lives has never been greater. Despite these stakes, the analysis of cyber risk and mitigations to that risk tends to be a subjective, labor-intensive, and costly endeavor, with results that can be as suspect as they are perishable. We identified the following gaps in those risk results: concerns for (1) their repeatability/reproducibility, (2) the time required to obtain them, and (3) the completeness of the analysis per the degree of attack surface coverage. In this dissertation, we consider whether it is possible to make progress in addressing these gaps with the introduction of a new artifact called “BluGen.” BluGen is an automated platform for cyber risk assessment that employs a set of new risk analytics together with a highly-structured underlying cyber knowledge management repository. To help evaluate the hypotheses tied to the gaps identified, we conducted a study comparing BluGen to a cyber risk assessment methodology called EVRA. EVRA is representative of current practice and has been applied extensively over the past eight years to both fielded systems and systems under design. We used Design Science principles in the construction and investigation of BluGen, during which we considered each of the three gaps. The results of our investigation found support for the hypotheses tied to the gaps that BluGen is designed to address. Specifically, BluGen helps address the first gap by virtue of its methods/analytics executing as deterministic, automated processes. In the same way, BluGen helps address the second gap by producing its results at machine speeds in no worse than quadratic time complexity, seconds in this case. This result compares to the 25 hours that the EVRA team required to perform the same analysis. BluGen helps to address the third gap via its use of an underlying knowledge repository of cyber-related threats, mappings of those threats to cyber assets, and mappings of mitigations to the threats. The results show that manual analysis using EVRA covered about 12% of the attack surface considered by BluGen

Secure Data Management and Transmission Infrastructure for the Future Smart Grid

Power grid has played a crucial role since its inception in the Industrial Age. It has evolved from a wide network supplying energy for incorporated multiple areas to the largest cyber-physical system. Its security and reliability are crucial to any country’s economy and stability [1]. With the emergence of the new technologies and the growing pressure of the global warming, the aging power grid can no longer meet the requirements of the modern industry, which leads to the proposal of ‘smart grid’. In smart grid, both electricity and control information communicate in a massively distributed power network. It is essential for smart grid to deliver real-time data by communication network. By using smart meter, AMI can measure energy consumption, monitor loads, collect data and forward information to collectors. Smart grid is an intelligent network consists of many technologies in not only power but also information, telecommunications and control. The most famous structure of smart grid is the three-layer structure. It divides smart grid into three different layers, each layer has its own duty. All these three layers work together, providing us a smart grid that monitor and optimize the operations of all functional units from power generation to all the end-customers [2]. To enhance the security level of future smart grid, deploying a high secure level data transmission scheme on critical nodes is an effective and practical approach. A critical node is a communication node in a cyber-physical network which can be developed to meet certain requirements. It also has firewalls and capability of intrusion detection, so it is useful for a time-critical network system, in other words, it is suitable for future smart grid. The deployment of such a scheme can be tricky regarding to different network topologies. A simple and general way is to install it on every node in the network, that is to say all nodes in this network are critical nodes, but this way takes time, energy and money. Obviously, it is not the best way to do so. Thus, we propose a multi-objective evolutionary algorithm for the searching of critical nodes. A new scheme should be proposed for smart grid. Also, an optimal planning in power grid for embedding large system can effectively ensure every power station and substation to operate safely and detect anomalies in time. Using such a new method is a reliable method to meet increasing security challenges. The evolutionary frame helps in getting optimum without calculating the gradient of the objective function. In the meanwhile, a means of decomposition is useful for exploring solutions evenly in decision space. Furthermore, constraints handling technologies can place critical nodes on optimal locations so as to enhance system security even with several constraints of limited resources and/or hardware. The high-quality experimental results have validated the efficiency and applicability of the proposed approach. It has good reason to believe that the new algorithm has a promising space over the real-world multi-objective optimization problems extracted from power grid security domain. In this thesis, a cloud-based information infrastructure is proposed to deal with the big data storage and computation problems for the future smart grid, some challenges and limitations are addressed, and a new secure data management and transmission strategy regarding increasing security challenges of future smart grid are given as well