Secure and Privacy-Preserving Data Aggregation Protocols for Wireless Sensor Networks

This chapter discusses the need of security and privacy protection mechanisms in aggregation protocols used in wireless sensor networks (WSN). It presents a comprehensive state of the art discussion on the various privacy protection mechanisms used in WSNs and particularly focuses on the CPDA protocols proposed by He et al. (INFOCOM 2007). It identifies a security vulnerability in the CPDA protocol and proposes a mechanism to plug that vulnerability. To demonstrate the need of security in aggregation process, the chapter further presents various threats in WSN aggregation mechanisms. A large number of existing protocols for secure aggregation in WSN are discussed briefly and a protocol is proposed for secure aggregation which can detect false data injected by malicious nodes in a WSN. The performance of the protocol is also presented. The chapter concludes while highlighting some future directions of research in secure data aggregation in WSNs.Comment: 32 pages, 7 figures, 3 table

Image Based Attack and Protection on Secure-Aware Deep Learning

In the era of Deep Learning, users are enjoying remarkably based on image-related services from various providers. However, many security issues also arise along with the ubiquitous usage of image-related deep learning. Nowadays, people rely on image-related deep learning in work and business, thus there are more entries for attackers to wreck the image-related deep learning system. Although many works have been published for defending various attacks, lots of studies have shown that the defense cannot be perfect. In this thesis, one-pixel attack, a kind of extremely concealed attacking method toward deep learning, is analyzed first. Two novel detection methods are proposed for detecting the one-pixel attack. Considering that image tempering mostly happens in image sharing through an unreliable way, next, this dissertation extends the detection against single attack method to a platform for higher level protection. We propose a novel smart contract based image sharing system. The system keeps full track of the shared images and any potential alteration to images will be notified to users. From extensive experiment results, it is observed that the system can effectively detect the changes on the image server even in the circumstance that the attacker erases all the traces from the image-sharing server. Finally, we focus on the attack targeting blockchain-enhanced deep learning. Although blockchain-enhanced federated learning can defend against many attack methods that purely crack the deep learning part, it is still vulnerable to combined attack. A novel attack method that combines attacks on PoS blockchain and attacks on federated learning is proposed. The proposed attack method can bypass the protection from blockchain and poison federated learning. Real experiments are performed to evaluate the proposed methods

Security and Privacy in Smart Grid

Smart grid utilizes different communication technologies to enhance the reliability and efficiency of the power grid; it allows bi-directional flow of electricity and information, about grid status and customers requirements, among different parties in the grid, i.e., connect generation, distribution, transmission, and consumption subsystems together. Thus, smart grid reduces the power losses and increases the efficiency of electricity generation and distribution. Although smart grid improves the quality of grid's services, it exposes the grid to the cyber security threats that communication networks suffer from in addition to other novel threats because of power grid's nature. For instance, the electricity consumption messages sent from consumers to the utility company via wireless network may be captured, modified, or replayed by adversaries. As a consequent, security and privacy concerns are significant challenges in smart grid. Smart grid upgrade creates three main communication architectures: The first one is the communication between electricity customers and utility companies via various networks; i.e., home area networks (HANs), building area networks (BANs), and neighbour area networks (NANs), we refer to these networks as customer-side networks in our thesis. The second architecture is the communication between EVs and grid to charge/discharge their batteries via vehicle-to-grid (V2G) connection. The last network is the grid's connection with measurements units that spread all over the grid to monitor its status and send periodic reports to the main control center (CC) for state estimation and bad data detection purposes. This thesis addresses the security concerns for the three communication architectures. For customer-side networks, the privacy of consumers is the central concern for these networks; also, the transmitted messages integrity and confidentiality should be guaranteed. While the main security concerns for V2G networks are the privacy of vehicle's owners besides the authenticity of participated parties. In the grid's connection with measurements units, integrity attacks, such as false data injection (FDI) attacks, target the measurements' integrity and consequently mislead the main CC to make the wrong decisions for the grid. The thesis presents two solutions for the security problems in the first architecture; i.e., the customer-side networks. The first proposed solution is security and privacy-preserving scheme in BAN, which is a cluster of HANs. The proposed scheme is based on forecasting the future electricity demand for the whole BAN cluster. Thus, BAN connects to the electricity provider only if the total demand of the cluster is changed. The proposed scheme employs the lattice-based public key NTRU crypto-system to guarantee the confidentiality and authenticity of the exchanged messages and to further reduce the computation and communication load. The security analysis shows that our proposed scheme can achieve the privacy and security requirements. In addition, it efficiently reduces the communication and computation overhead. According to the second solution, it is lightweight privacy-preserving aggregation scheme that permits the smart household appliances to aggregate their readings without involving the connected smart meter. The scheme deploys a lightweight lattice-based homomorphic crypto-system that depends on simple addition and multiplication operations. Therefore, the proposed scheme guarantees the customers' privacy and message integrity with lightweight overhead. In addition, the thesis proposes lightweight secure and privacy-preserving V2G connection scheme, in which the power grid assures the confidentiality and integrity of exchanged information during (dis)charging electricity sessions and overcomes EVs' authentication problem. The proposed scheme guarantees the financial profits of the grid and prevents EVs from acting maliciously. Meanwhile, EVs preserve their private information by generating their own pseudonym identities. In addition, the scheme keeps the accountability for the electricity-exchange trade. Furthermore, the proposed scheme provides these security requirements by lightweight overhead; as it diminishes the number of exchanged messages during (dis)charging sessions. Simulation results demonstrate that the proposed scheme significantly reduces the total communication and computation load for V2G connection especially for EVs. FDI attack, which is one of the severe attacks that threatens the smart grid's efficiency and reliability, inserts fake measurements among the correct ones to mislead CC to make wrong decisions and consequently impact on the grid's performance. In the thesis, we have proposed an FDI attack prevention technique that protects the integrity and availability of the measurements at measurement units and during their transmission to the CC, even with the existence of compromised units. The proposed scheme alleviates the negative impacts of FDI attack on grid's performance. Security analysis and performance evaluation show that our scheme guarantees the integrity and availability of the measurements with lightweight overhead, especially on the restricted-capabilities measurement units. The proposed schemes are promising solutions for the security and privacy problems of the three main communication networks in smart grid. The novelty of these proposed schemes does not only because they are robust and efficient security solutions, but also due to their lightweight communication and computation overhead, which qualify them to be applicable on limited-capability devices in the grid. So, this work is considered important progress toward more reliable and authentic smart grid

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Can Automated Smart-Homes increase Energy Efficiency and Grid Flexibility? - A Case Study of Stavanger, Norway investigating barriers and justice implications -

Artificial intelligence (AI) advocates deem it essential for the energy transition. Such a complex and penetrative set of technologies that impact everyday lives must be implemented cautiously. This thesis examines barriers to the diffusion of AI-based, automated smart homes at the household and industry scales. It examines an AI system that acts as an intermediary between households, electricity distribution companies and energy producers for domestic energy efficiency and grid flexibility. The thesis focuses on the ethical and justice implications of AI. It draws on a case study of Stavanger in Norway to investigate how AI can fairly enable energy efficiency and grid flexibility. The methods used include a small questionnaire survey, semi-structured interviews, and secondary research. Grounded theory is used to theorise barriers for households, qualitative content analysis identifies barriers for industry, and findings are also interpreted through an energy justice lens. The findings reveal multi-layered barriers and justice concerns related to the diffusion of automated smart-homes. The main barriers for households include functionality, saturation, and data management. For industry, barriers relate to economic, technical, regulatory, and market aspects. Justice and ethical implications linked with AI in the energy context are identified in terms of distributive, procedural and recognition streams of energy justice. The thesis argues that economic incentives, supportive policies, and an enabling market to involve actors are necessary to enable complex AI systems feasible for smart grids. For consumers, technologies must target a wide range of lifestyles and preferences for sufficient market saturation to make AI systems viable. Moreover, ethical AI requires a combination of regulations anchored in energy policies and the development and operationalisation of internal guidelines. The thesis concludes that while AI can aid transitions to low-carbon societies, failure to account for the humans involved and affected by its roll-out risks doing more harm than good

Proposal and evaluation of authentication protocols for Smart Grid networks

Dissertação (mestrado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2018.Uma rede Smart Grid (ou rede elétrica inteligente) representa a evolução das redes elétricas tradicionais, tornada possível graças à integração das tecnologias da informação e das comunicações com a infraestrutura elétrica. Esta integração propicia o surgimento de novos serviços, tornando a rede elétrica mais eficiente, gerando também novos desafios a serem atendidos, dentre eles a segurança do sistema. A rede SG deve garantir a confiabilidade, a integridade e a privacidade dos dados armazenados ou em transito pelo sistema, o que leva à necessidade de autenticação e controle de acesso, obrigando a todo usuário ou dispositivo a se autenticar e a realizar somente operações autorizadas. A autenticação de usuários e dispositivos é um processo muito importante para a rede SG, e os protocolos usados para esse fim devem ser capazes de proteção contra possiveis ataques (por exemplo, Man-in-the-Middle - MITM, repetição, Denegação de Serviço - DoS). Por outro lado, a autorização é tratada em conjunto com a autenticação e relacionada com as politicas de controle de acesso do sistema. Uma parte essencial para criar os protocolos de autenticação seguros envolve os esquemas de ciframento. O uso de um ou a combinação de vários esquemas afeta diretamente o desempenho do protocolo. Cada dia novos esquemas são propostos, e seu emprego nos protocolos de autenticação melhora o desempenho do sistema em comparação aos protocolos já propostos no mesmo cenário. Neste trabalho são propostos 3 (três) protocolos de autenticação seguros e de custo adequado para os cenários descritos a seguir: - Autenticação dos empregados das empresas de fornecimento de energia que procuram acesso ao sistema de forma remota; - Autenticação de Smart Meters numa Infraestrutura de medição avançada (AMI, do inglês Advanced Metering Infrastructure) baseada em nuvem computacional; e - Autenticação de veículos elétricos em uma rede V2G (do inglês, Vehicle-to-Grid). Cada um dos cenários tem caraterísticas particulares que são refletidas no projeto dos protocolos propostos. Além disso, todos os protocolos propostos neste trabalho garantem a autenticação mutua entre todas as entidades e a proteção da privacidade, confidencialidade e integridade dos dados do sistema. Uma comparação dos custos de comunicação e computação é apresentada entre os protocolos propostos neste trabalho e protocolos desenvolvidos por outros autores para cada um dos cenários. Os resultados das comparações mostram que os protocolos propostos neste trabalho têm, na maioria dos casos, o melhor desempenho computacional e de comunicações, sendo assim uma ótima escolha para a sua implementação nas redes SG. A validação formal dos protocolos propostos por meio da ferramenta AVISPA é realizada, permitindo verificar o atendimento a requisitos de segurança.Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES).A Smart Grid network (or inteligent electrical network) represents the evolution of traditional electrical networks, made possible due to the integration of information and communication technologies with the electrical power grid. This integration generates new services and improves the efficiency of the electrical power grid, while new challenges appear and must be solved, including the security of the system. The SG network must assure reliability, integrity and privacy of the data stored or in trnsit in the system, leading to the need for authentication and access control, thus all users and devices must authenticate and accomplish only authorized operations. The authentication of users and devices is a very important process for the SG network, and the protocols used for this task must be able to protect against possible attacks (for example, Man- in-the-Middle - MITM, repetição, Denegação de Serviço – DoS). On the other hand, authorization is treated jointly with authentication and related to policies of access control to the system. An essential part of creating secure authentication protocols involves encryption schemes. The use of one or the combination of several schemes directly affects protocol performance. Each day new schemas are proposed, and their utilization in the authentication protocols improves the performance of the system compared to the protocols already proposed in the same scenario. In this work 3 (three) secure and cost-effective authentication protocols are proposed, for the following scenarios: - Authentication of employees of energy suply enterprises, looking for remote or local access to the system; - Authentication of Smart Meters in an Advanced Metering Infrastructure based on cloud computing; and - Authentication of electrical vehicles in a V2G (“Vehicle-to-Grid”) network. Each scenario has specific characteristics, that are reflected on the design of the proposed protocols. Moreover, such protocols assure mutual authentication among entities as well as the protection of privacy, confidentiality and integrity of system data. A comparison considering communication and computing costs is presented, involving proposed protocols and other previously published protocols, for each scenario. The results show that the proposed protocols have, in most cases, the best performance, thus constituting good choices for future implementation in SG networks. The formal validation of the proposed protocols by the use of AVISPA tool is realized, allowing to verify the compliance with security requirements

Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

Edge Learning for 6G-enabled Internet of Things: A Comprehensive Survey of Vulnerabilities, Datasets, and Defenses

The ongoing deployment of the fifth generation (5G) wireless networks constantly reveals limitations concerning its original concept as a key driver of Internet of Everything (IoE) applications. These 5G challenges are behind worldwide efforts to enable future networks, such as sixth generation (6G) networks, to efficiently support sophisticated applications ranging from autonomous driving capabilities to the Metaverse. Edge learning is a new and powerful approach to training models across distributed clients while protecting the privacy of their data. This approach is expected to be embedded within future network infrastructures, including 6G, to solve challenging problems such as resource management and behavior prediction. This survey article provides a holistic review of the most recent research focused on edge learning vulnerabilities and defenses for 6G-enabled IoT. We summarize the existing surveys on machine learning for 6G IoT security and machine learning-associated threats in three different learning modes: centralized, federated, and distributed. Then, we provide an overview of enabling emerging technologies for 6G IoT intelligence. Moreover, we provide a holistic survey of existing research on attacks against machine learning and classify threat models into eight categories, including backdoor attacks, adversarial examples, combined attacks, poisoning attacks, Sybil attacks, byzantine attacks, inference attacks, and dropping attacks. In addition, we provide a comprehensive and detailed taxonomy and a side-by-side comparison of the state-of-the-art defense methods against edge learning vulnerabilities. Finally, as new attacks and defense technologies are realized, new research and future overall prospects for 6G-enabled IoT are discussed