34 research outputs found
Towards Cyber Security for Low-Carbon Transportation: Overview, Challenges and Future Directions
In recent years, low-carbon transportation has become an indispensable part
as sustainable development strategies of various countries, and plays a very
important responsibility in promoting low-carbon cities. However, the security
of low-carbon transportation has been threatened from various ways. For
example, denial of service attacks pose a great threat to the electric vehicles
and vehicle-to-grid networks. To minimize these threats, several methods have
been proposed to defense against them. Yet, these methods are only for certain
types of scenarios or attacks. Therefore, this review addresses security aspect
from holistic view, provides the overview, challenges and future directions of
cyber security technologies in low-carbon transportation. Firstly, based on the
concept and importance of low-carbon transportation, this review positions the
low-carbon transportation services. Then, with the perspective of network
architecture and communication mode, this review classifies its typical attack
risks. The corresponding defense technologies and relevant security suggestions
are further reviewed from perspective of data security, network management
security and network application security. Finally, in view of the long term
development of low-carbon transportation, future research directions have been
concerned.Comment: 34 pages, 6 figures, accepted by journal Renewable and Sustainable
Energy Review
Fine-Grained Access Control with User Revocation in Smart Manufacturing
This research has been founded by the European Union’s Horizon 2020 Research and
Innovation program under grant agreement No. 871518, a project named COLLABS [19].Collaborative manufacturing is a key enabler of Industry 4.0 that requires secure data sharing among multiple parties. However, intercompany data-sharing raises important privacy and security concerns, particularly given intellectual property and business-sensitive information collected by many devices. In this paper, we propose a solution that combines four technologies to address these challenges: Attribute-Based Encryption for data access control, blockchain for data integrity and non-repudiation, Hardware Security Modules for authenticity, and the Interplanetary File System for data scalability. We also use OpenID for dynamic client identification and propose a new method for user revocation in Attribute-Based Encryption. Our evaluation shows that the solution can scale up to 2,000,000 clients while maintaining all security guarantees.European Union’s Horizon 2020, 87151
Experimental Comparison of Multicast Authentication for Wide Area Monitoring Systems
Multicast is proposed as a preferred communication mechanism for many power grid applications. One of the biggest challenges for multicast in smart grid is ensuring source authentication without violating the stringent time requirement. The research community and standardization bodies have proposed several authentication mechanisms for smart grid multicast applications. In this paper, we evaluate different authentication schemes and identify the best candidates for phasor data communication in wide area monitoring systems (WAMS). We first do an extensive literature review of existing solutions and establish a short list of schemes to evaluate. Second we make an experimental comparison of the chosen schemes in an operational smart grid pilot and evaluate the performance of these schemes by using the following metrics: computation, communication and key management overheads. The best candidates we consider are two variants of ECDSA, TV-HORS and three variants of Incomplete-key-set. We find ECDSA without pre-computed tokens and all the Incomplete-key-set variants are inapplicable for WAMS due to their high computation overhead. The ECDSA variant that uses pre-computed tokens and TV-HORS perform well in all metrics; however, TV-HORS has potential drawbacks due to a large key management overhead as a result of the frequent distribution of a large public key per source
Long term key management architecture for SCADA systems
Singapore National Research Foundatio
Harnessing Artificial Intelligence Capabilities to Improve Cybersecurity
Cybersecurity is a fast-evolving discipline that is always in the news over the last decade, as the number of threats rises and cybercriminals constantly endeavor to stay a step ahead of law enforcement. Over the years, although the original motives for carrying out cyberattacks largely remain unchanged, cybercriminals have become increasingly sophisticated with their techniques. Traditional cybersecurity solutions are becoming inadequate at detecting and mitigating emerging cyberattacks. Advances in cryptographic and Artificial Intelligence (AI) techniques (in particular, machine learning and deep learning) show promise in enabling cybersecurity experts to counter the ever-evolving threat posed by adversaries. Here, we explore AI\u27s potential in improving cybersecurity solutions, by identifying both its strengths and weaknesses. We also discuss future research opportunities associated with the development of AI techniques in the cybersecurity field across a range of application domains
Security of smart manufacturing systems
A revolution in manufacturing systems is underway: substantial recent investment has been directed towards the development of smart manufacturing systems that are able to respond in real time to changes in customer demands, as well as the conditions in the supply chain and in the factory itself. Smart manufacturing is a key component of the broader thrust towards Industry 4.0, and relies on the creation of a bridge between digital and physical environments through Internet of Things (IoT) technologies, coupled with enhancements to those digital environments through greater use of cloud systems, data analytics and machine learning. Whilst these individual technologies have been in development for some time, their integration with industrial systems leads to new challenges as well as potential benefits. In this paper, we explore the challenges faced by those wishing to secure smart manufacturing systems. Lessons from history suggest that where an attempt has been made to retrofit security on systems for which the primary driver was the development of functionality, there are inevitable and costly breaches. Indeed, today's manufacturing systems have started to experience this over the past few years; however, the integration of complex smart manufacturing technologies massively increases the scope for attack from adversaries aiming at industrial espionage and sabotage. The potential outcome of these attacks ranges from economic damage and lost production, through injury and loss of life, to catastrophic nation-wide effects. In this paper, we discuss the security of existing industrial and manufacturing systems, existing vulnerabilities, potential future cyber-attacks, the weaknesses of existing measures, the levels of awareness and preparedness for future security challenges, and why security must play a key role underpinning the development of future smart manufacturing systems
SECURE, POLICY-BASED, MULTI-RECIPIENT DATA SHARING
In distributed systems users often need to share sensitive data with other users
based on the latter's ability to satisfy various policies. In many cases the data owner
may not even know the identities of the data recipients, but deems it crucial that they
are legitimate; i.e., satisfy the policy. Enabling such data sharing over the Internet
faces the challenge of (1) securely associating access policies with data and enforcing
them, and (2) protecting data as it traverses untrusted proxies and intermediate
repositories. Furthermore, it is desirable to achieve properties such as: (1) flexibility
of access policies; (2) privacy of sensitive access policies; (3) minimal reliance on
trusted third parties; and (4) efficiency of access policy enforcement. Often schemes
enabling controlled data sharing need to trade one property for another. In this
dissertation, we propose two complimentary policy-based data sharing schemes that
achieve different subsets of the above desired properties.
In the first part of this dissertation, we focus on CiphertextPolicy Attribute-
Based Encryption (CP-ABE) schemes that specify and enforce access policies
cryptographically and eliminate trusted mediators. We motivate the need for flexible
attribute organization within user keys for efficient support of many practical
applications. We then propose Ciphertext-Policy Attribute-Set Based Encryption
(CP-ASBE) which is the first CP-ABE scheme to (1) efficiently support naturally
occurring compound attributes, (2) support multiple numerical assignments for a
given attribute in a single key and (3) provide efficient key management. While the
CP-ASBE scheme minimizes reliance on trusted mediators, it can support neither
context-based policies nor policy privacy. In the second part of this dissertation,
we propose Policy Based Encryption System (PBES), which employs mediated decryption
and supports both context-based policies and policy privacy. Finally, we integrate the
proposed schemes into practical applications (i.e., CP-ASBE scheme with Attribute-Based
Messaging (ABM) and PBES scheme with a conditional data sharing application in the Power Grid) and demonstrate their usefulness in practice
Cyber Security of Critical Infrastructures
Critical infrastructures are vital assets for public safety, economic welfare, and the national security of countries. The vulnerabilities of critical infrastructures have increased with the widespread use of information technologies. As Critical National Infrastructures are becoming more vulnerable to cyber-attacks, their protection becomes a significant issue for organizations as well as nations. The risks to continued operations, from failing to upgrade aging infrastructure or not meeting mandated regulatory regimes, are considered highly significant, given the demonstrable impact of such circumstances. Due to the rapid increase of sophisticated cyber threats targeting critical infrastructures with significant destructive effects, the cybersecurity of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. A holistic view which covers technical, policy, human, and behavioural aspects is essential to handle cyber security of critical infrastructures effectively. Moreover, the ability to attribute crimes to criminals is a vital element of avoiding impunity in cyberspace. In this book, both research and practical aspects of cyber security considerations in critical infrastructures are presented. Aligned with the interdisciplinary nature of cyber security, authors from academia, government, and industry have contributed 13 chapters. The issues that are discussed and analysed include cybersecurity training, maturity assessment frameworks, malware analysis techniques, ransomware attacks, security solutions for industrial control systems, and privacy preservation methods