Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain

This article belongs to the Special Issue Advanced Cybersecurity Services DesignWith the transformation in smart grids, power grid companies are becoming increasingly dependent on data networks. Data networks are used to transport information and commands for optimizing power grid operations: Planning, generation, transportation, and distribution. Performing periodic security audits is one of the required tasks for securing networks, and we proposed in a previous work autoauditor, a system to achieve automatic auditing. It was designed according to the specific requirements of power grid companies, such as scaling with the huge number of heterogeneous equipment in power grid companies. Though pentesting and security audits are required for continuous monitoring, collaboration is of utmost importance to fight cyber threats. In this paper we work on the accountability of audit results and explore how the list of audit result records can be included in a blockchain, since blockchains are by design resistant to data modification. Moreover, blockchains endowed with smart contracts functionality boost the automation of both digital evidence gathering, audit, and controlled information exchange. To our knowledge, no such system exists. We perform throughput evaluation to assess the feasibility of the system and show that the system is viable for adaptation to the inventory systems of electrical companies.This work has been supported by National R&D Projects TEC2017-84197-C4-1-R, TIN2017-84844-C2-1-R, by the Comunidad de Madrid project CYNAMON P2018/TCS-4566 and co-financed by European Structural Funds (ESF and FEDER), and by the Consejo Superior de Investigaciones Científicas (CSIC) under the project LINKA20216 ("Advancing in cybersecurity technologies", i-LINK+ program)

Federation in dynamic environments: Can Blockchain be the solution?

Deploying multi-domain network services is be-coming a need for operators. However, achieving that in a real operational environment is not easy and requires the use of federation. Federation is a multi-domain concept that enables the use and orchestration of network services/resources to/from external administrative domains. In this article, we first characterize the federation concept, and involved procedures, to then dive into the challenges that emerge when federation is performed in dynamic environments. To tackle these challenges, we propose the application of Blockchain technology, identifying some associated high-level benefits. Last, we validate our proposed approach by conducting a small experimental scenario using Tendermint, an application-based Blockchain.This work has been partially supported by EC H2020 5GPPP 5Growth project (Grant 856709)

Selecting effective blockchain solutions

Distributed ledger technologies (DLT) are becoming increasingly popular and seen as a panacea for a wide range of applications. However, it is clear that many organisations, and even engineers, are selecting DLT solutions without fully understanding their power or limitations. Those that make the assessment that blockchain is the best solution are provided little guidance on the vast array of types of blockchain; whether permissioned, permissionless or federated; which consensus algorithm to use; and a range of other considerations. This paper aims to addresses this gap

Blockchain based End-to-end Tracking System for Distributed IoT Intelligence Application Security Enhancement

IoT devices provide a rich data source that is not available in the past, which is valuable for a wide range of intelligence applications, especially deep neural network (DNN) applications that are data-thirsty. An established DNN model in turn provides useful analysis results that can improve the operation of IoT systems. The progress in distributed/federated DNN training further unleashes the potential of integration of IoT and intelligence applications. When a large number of IoT devices deployed in different physical locations, distributed training allows training modules to be deployed to multiple edge data centers that are close to the IoT devices to reduce the latency and movement of large amounts of data. In practice, these IoT devices and edge data centers are usually owned and managed by different parties, who do not fully trust each other or have conflicting interests. It is hard to coordinate them to provide an end-to-end integrity protection of the DNN construction and application with classical security enhancement tools. For example, one party may share an incomplete data set with others, or contribute a modified sub DNN model to manipulate the aggregated model and affect the decision-making process. To mitigate this risk, we propose a novel blockchain based end-toend integrity protection scheme for DNN applications integrated with an IoT system in the edge computing environment. The protection system leverages a set of cryptography primitives to build a blockchain adapted for edge computing that is scalable to handle a large number of IoT devices. The customized blockchain is integrated with a distributed/federated DNN to offer integrity and authenticity protection services

Distributed Space Traffic Management Solutions with Emerging New Space Industry

Day-to-day services, from weather forecast to logistics, rely on space-based infrastructures whose integrity is crucial to stakeholders and end-users worldwide. Current trends point towards congestion of the near-Earth space environment increasing at a rate greater than existing systems support, and thus demand novel cost-efficient approaches to traffic detection, characterization, tracking, and management to ensure space remains a safe, integral part of societies and economies worldwide. Whereas machine-learning (ML) and artificial intelligence (AI) have been extensively proposed to address congestion and alleviate big-data problems of the future, little has been done so far to tackle the need for transnational coordination and conflict-resolution in the context of space traffic management (STM). In STM, there is an ever-growing need for distributing information and coordinating actions (e.g., avoidance manoeuvres) to reduce the operational costs borne by individual entities and to decrease the latencies of actionable responses taken upon the detection of hazardous conditions by one-to-two orders of magnitude. However, these needs are not exclusive to STM, as evidenced by the widespread adoption of solutions to distributing, coordinating, and automating actions in other industries such as air traffic management (ATM), where a short-range airborne collision avoidance system (ACAS) automatically coordinates evasive manoeuvres whenever a conjunction is detected. Within this context, this paper aims at establishing a roadmap of promising technologies (e.g., blockchain), protocols and processes that could be adapted from different domains (railway, automotive, aerial, and maritime) to build an integrated traffic coordination and communication architecture to simplify and harmonise stakeholders’ satellite operations. This paper is organised into seven sections. First, Section 1 introduces the problem of STM, highlighting its complexity. Following this introduction, Section 2 discusses needs and requirements of various stakeholders such as commercial operators, space situational awareness (SSA) service providers, launch-service providers, satellite and constellation owners, governmental agencies, regulators, and insurance companies. Then, Section 3 addresses existing gaps and challenges in STM, focusing on globally coordinated approaches. Next, Section 4 reviews technologies for distributed, secure, and persistent communications, and proposed solutions to address some of these challenges from non-space sectors. Thereafter, Section 5 briefly covers the history of STM proposals and presents the state-of-the-art solution being proposed for modern STM. Following this review, Section 6 devises a step-by-step plan for exploiting and deploying some of the identified technologies within a five-to-ten-year timeline to close several existing gaps. Finally, Section 7 concludes the paper

Distributed Ledger Technologies for Network Slicing: A Survey

Network slicing is one of the fundamental tenets of Fifth Generation (5G)/Sixth Generation (6G) networks. Deploying slices requires end-to-end (E2E) control of services and the underlying resources in a network substrate featuring an increasing number of stakeholders. Beyond the technical difficulties this entails, there is a long list of administrative negotiations among parties that do not necessarily trust each other, which often requires costly manual processes, including the legal construction of neutral entities. In this context, Blockchain comes to the rescue by bringing its decentralized yet immutable and auditable lemdger, which has a high potential in the telco arena. In this sense, it may help to automate some of the above costly processes. There have been some proposals in this direction that are applied to various problems among different stakeholders. This paper aims at structuring this field of knowledge by, first, providing introductions to network slicing and blockchain technologies. Then, state-of-the-art is presented through a global architecture that aggregates the various proposals into a coherent whole while showing the motivation behind applying Blockchain and smart contracts to network slicing. And finally, some limitations of current work, future challenges and research directions are also presented.This work was supported in part by the Spanish Formación Personal Investigador (FPI) under Grant PRE2018-086061, in part by the TRUE5G under Grant PID2019-108713RB-C52/AEI/10.13039/501100011033, and in part by the European Union (EU) H2020 The 5G Infrastructure Public Private Partnership (5GPPP) 5Growth Project 856709.Publicad

An Attestation Architecture for Blockchain Networks

If blockchain networks are to become the building blocks of the infrastructure for the future digital economy, then several challenges related to the resiliency and survivability of blockchain networks need to be addressed. The survivability of a blockchain network is influenced by the diversity of its nodes. Trustworthy device-level attestations permits nodes in a blockchain network to provide truthful evidence regarding their current configuration, operational state, keying material and other system attributes. In the current work we review the recent developments towards a standard attestation architecture and evidence conveyance protocols. We explore the applicability and benefits of a standard attestation architecture to blockchain networks. Finally, we discuss a number of open challenges related to node attestations that has arisen due to changing model of blockchain network deployments, such as the use virtualization and containerization technologies for nodes in cloud infrastructures.Comment: 33 pages, 10 figure