Secure Communication Architecture for Dynamic Energy Management in Smart Grid

open access articleSmart grid takes advantage of communication technologies for efficient energy management and utilization. It entails sacrifice from consumers in terms of reducing load during peak hours by using a dynamic energy pricing model. To enable an active participation of consumers in load management, the concept of home energy gateway (HEG) has recently been proposed in the literature. However, the HEG concept is rather new, and the literature still lacks to address challenges related to data representation, seamless discovery, interoperability, security, and privacy. This paper presents the design of a communication framework that effectively copes with the interoperability and integration challenges between devices from different manufacturers. The proposed communication framework offers seamless auto-discovery and zero- con figuration-based networking between heterogeneous devices at consumer sites. It uses elliptic-curve-based security mechanism for protecting consumers' privacy and providing the best possible shield against different types of cyberattacks. Experiments in real networking environment validated that the proposed communication framework is lightweight, secure, portable with low-bandwidth requirement, and flexible to be adopted for dynamic energy management in smart grid

Securing openHAB Smart Home Through User Authentication and Authorization

Asjade Internet ehk värkvõrk on dünaamiline ja heterogeenne keskkond, kus asjad koguvad erinevate ülesannete täitmiseks keskkonnast andmeid. Värkvõrgu rakendusvaldkondades nagu näiteks tark kodu kasutatakse harilikult operatsioonide täitmisel kasutaja privaatandmeid. Kui sellised rakendused on turvamata võrkudele avatud, muutub turvalisus oluliseks probleemiks. OpenHAB on OSGi-põhine automatiseerimistarkvara, mis koondab kodukeskkonna seadmete andmeid. OpenHAB ei tee kasutajatele ligipääsu reguleerimismehhanismide kasutamist kohustuslikuks ning sõltub seega täielikult juhtmevaba võrgu turvalisusest. Käesolevas lõputöös uurisime ning arendasime JSON Web Token’i-põhist tõendi autenturit Eclipse SmartHome platvormile, millel põhineb ka openHAB. Tõendi autentur on baasiks ligipääsu reguleerimismehhanismile. Lisaks esitleme kasutatavat volitusmudelit, mis võimaldab hallata kasutajate ligipääsuõigusi asjadele. Saavutatud tulemused osutavad, et ligipääsu reguleerimismehhanismide rakendamine servlet-ide ja REST ressursside jaoks openHABi arhitektuuris on teostatav.The Internet of Things (IoT) is a dynamic and heterogenous environment where Things gather data from the real world to perform various tasks. Applications in IoT, such as the smart home, typically use private data derived from its users for its operations. Security becomes a concern when these applications are exposed to insecure networks. OpenHAB is an OSGi-based automation software that integrates the data from devices at home. OpenHAB does not enforce any access control mechanism for its users, and depends solely on the security of the wireless network. In this work, we studied and implemented a JSON Web Token-based authenticator for Eclipse SmartHome, the core of openHAB, as a base for access control mechanisms. Furthermore, we propose a fine-grained, yet usable authorization model to manage access permissions to things among legitimate users. The results obtained show that it is feasible to enforce access control mechanisms for servlet and REST resources in the architecture of openHAB

State of the art in privacy preservation in video data

Active and Assisted Living (AAL) technologies and services are a possible solution to address the crucial challenges regarding health and social care resulting from demographic changes and current economic conditions. AAL systems aim to improve quality of life and support independent and healthy living of older and frail people. AAL monitoring systems are composed of networks of sensors (worn by the users or embedded in their environment) processing elements and actuators that analyse the environment and its occupants to extract knowledge and to detect events, such as anomalous behaviours, launch alarms to tele-care centres, or support activities of daily living, among others. Therefore, innovation in AAL can address healthcare and social demands while generating economic opportunities. Recently, there has been far-reaching advancements in the development of video-based devices with improved processing capabilities, heightened quality, wireless data transfer, and increased interoperability with Internet of Things (IoT) devices. Computer vision gives the possibility to monitor an environment and report on visual information, which is commonly the most straightforward and human-like way of describing an event, a person, an object, interactions and actions. Therefore, cameras can offer more intelligent solutions for AAL but they may be considered intrusive by some end users. The General Data Protection Regulation (GDPR) establishes the obligation for technologies to meet the principles of data protection by design and by default. More specifically, Article 25 of the GDPR requires that organizations must "implement appropriate technical and organizational measures [...] which are designed to implement data protection principles [...] , in an effective manner and to integrate the necessary safeguards into [data] processing.” Thus, AAL solutions must consider privacy-by-design methodologies in order to protect the fundamental rights of those being monitored. Different methods have been proposed in the latest years to preserve visual privacy for identity protection. However, in many AAL applications, where mostly only one person would be present (e.g. an older person living alone), user identification might not be an issue; concerns are more related to the disclosure of appearance (e.g. if the person is dressed/naked) and behaviour, what we called bodily privacy. Visual obfuscation techniques, such as image filters, facial de-identification, body abstraction, and gait anonymization, can be employed to protect privacy and agreed upon by the users ensuring they feel comfortable. Moreover, it is difficult to ensure a high level of security and privacy during the transmission of video data. If data is transmitted over several network domains using different transmission technologies and protocols, and finally processed at a remote location and stored on a server in a data center, it becomes demanding to implement and guarantee the highest level of protection over the entire transmission and storage system and for the whole lifetime of the data. The development of video technologies, increase in data rates and processing speeds, wide use of the Internet and cloud computing as well as highly efficient video compression methods have made video encryption even more challenging. Consequently, efficient and robust encryption of multimedia data together with using efficient compression methods are important prerequisites in achieving secure and efficient video transmission and storage.This publication is based upon work from COST Action GoodBrother - Network on Privacy-Aware Audio- and Video-Based Applications for Active and Assisted Living (CA19121), supported by COST (European Cooperation in Science and Technology). COST (European Cooperation in Science and Technology) is a funding agency for research and innovation networks. Our Actions help connect research initiatives across Europe and enable scientists to grow their ideas by sharing them with their peers. This boosts their research, career and innovation. www.cost.e

Uranus: A Middleware Architecture for Dependable AAL and Vital Signs Monitoring Applications

The design and realization of health monitoring applications has attracted the interest of large communities both from industry and academia. Several research challenges have been faced and issues tackled in order to realize effective applications for the management and monitoring of people with chronic diseases, people with disabilities, elderly people. However, there is a lack of efficient tools that enable rapid and possibly cheap realization of reliable health monitoring applications. The paper presents Uranus, a service oriented middleware architecture, which provides basic functions for the integration of different kinds of biomedical sensors. Uranus has also distinguishing characteristics like services for the run-time verification of the correctness of running applications and mechanisms for the recovery from failures. The paper concludes with two case studies as proof of concept

Kyberuhat konttisataman automaatiojärjestelmässä

The rapid development in connectivity of Industrial Control Systems has created a new security threat in all industrial sectors, and the maritime sector is no exception. Therefore this thesis explores cyber threats in a container terminal automation system using two methods: literature review and attack tree analysis. In this thesis, cyber threats in Industrial Control Systems were first studied in general by the means of a literature review. Then, the identified threats were applied to a software component of a terminal automation system using attack trees. Attack trees are a tool that helps in visualizing different cyber attacks. Based on the results, threats were classified in risk categories and the most problematic areas were identified. Finally, suggestions were made on how to improve cyber security of the component assessed and of the terminal automation system in general. Based on the literature review, ten different risk categories were identified. The categories cover various attacks ranging from malware and Denial-of-Service attacks all the way to physical and social attacks. When assessing the software component, three problem areas were identified: susceptibility to Denial-of-Service attacks, weak protection of communication and vulnerability of a certain software sub-component. The suggested security improvements include changes to the network design, use of stronger authentication and better management of the process automation network

A Framework for Evaluating Model-Driven Self-adaptive Software Systems

In the last few years, Model Driven Development (MDD), Component-based Software Development (CBSD), and context-oriented software have become interesting alternatives for the design and construction of self-adaptive software systems. In general, the ultimate goal of these technologies is to be able to reduce development costs and effort, while improving the modularity, flexibility, adaptability, and reliability of software systems. An analysis of these technologies shows them all to include the principle of the separation of concerns, and their further integration is a key factor to obtaining high-quality and self-adaptable software systems. Each technology identifies different concerns and deals with them separately in order to specify the design of the self-adaptive applications, and, at the same time, support software with adaptability and context-awareness. This research studies the development methodologies that employ the principles of model-driven development in building self-adaptive software systems. To this aim, this article proposes an evaluation framework for analysing and evaluating the features of model-driven approaches and their ability to support software with self-adaptability and dependability in highly dynamic contextual environment. Such evaluation framework can facilitate the software developers on selecting a development methodology that suits their software requirements and reduces the development effort of building self-adaptive software systems. This study highlights the major drawbacks of the propped model-driven approaches in the related works, and emphasise on considering the volatile aspects of self-adaptive software in the analysis, design and implementation phases of the development methodologies. In addition, we argue that the development methodologies should leave the selection of modelling languages and modelling tools to the software developers.Comment: model-driven architecture, COP, AOP, component composition, self-adaptive application, context oriented software developmen

Kyberuhat konttisataman automaatiojärjestelmässä

The rapid development in connectivity of Industrial Control Systems has created a new security threat in all industrial sectors, and the maritime sector is no exception. Therefore this thesis explores cyber threats in a container terminal automation system using two methods: literature review and attack tree analysis. In this thesis, cyber threats in Industrial Control Systems were first studied in general by the means of a literature review. Then, the identified threats were applied to a software component of a terminal automation system using attack trees. Attack trees are a tool that helps in visualizing different cyber attacks. Based on the results, threats were classified in risk categories and the most problematic areas were identified. Finally, suggestions were made on how to improve cyber security of the component assessed and of the terminal automation system in general. Based on the literature review, ten different risk categories were identified. The categories cover various attacks ranging from malware and Denial-of-Service attacks all the way to physical and social attacks. When assessing the software component, three problem areas were identified: susceptibility to Denial-of-Service attacks, weak protection of communication and vulnerability of a certain software sub-component. The suggested security improvements include changes to the network design, use of stronger authentication and better management of the process automation network

Ubiquitous Computing

The aim of this book is to give a treatment of the actively developed domain of Ubiquitous computing. Originally proposed by Mark D. Weiser, the concept of Ubiquitous computing enables a real-time global sensing, context-aware informational retrieval, multi-modal interaction with the user and enhanced visualization capabilities. In effect, Ubiquitous computing environments give extremely new and futuristic abilities to look at and interact with our habitat at any time and from anywhere. In that domain, researchers are confronted with many foundational, technological and engineering issues which were not known before. Detailed cross-disciplinary coverage of these issues is really needed today for further progress and widening of application range. This book collects twelve original works of researchers from eleven countries, which are clustered into four sections: Foundations, Security and Privacy, Integration and Middleware, Practical Applications

Design and Implementation of UPnP-based Energy Gateway for Demand Side Management in Smart Grid

Legacy electrical grids are urged to evolve towards smart grids, the smarter power delivery system that relies heavily on ICT. Numerous smart grids applications are expected to be developed for efficient management and utilization of electricity at the demand side such as home automation, Advanced Metering Infrastructure (AMI), dynamic energy pricing, efficient load management, etc. For easing and boosting the development of new demand side services, the concept of Home Energy Gateway (HEG) has recently been proposed in literature. It involves communication with the utility as well as with devices at the consumer sites. The literature still lacks a comprehensive HEG design that could provide all essential features such as zero-configuration, auto-discovery, seamless plug & play communication, interoperability and integration, customers privacy and communication security.This paper addresses the HEG challenges in an effective way through the design of suitable communication frameworks and a security mechanism for enabling strong protection against cyber attacks. The proposed system effectively copes with the interoperability and integration issues between plethora of heterogeneous devices at the consumer sites. The devices in proposed system inherit plug & play features and support zero-configuration and seamless networking. Further, the proposed system design is technology-agnostic and flexible enough to be adopted for the implementation of any specific demand side service. This paper also evaluates the proposed system in real-networking environment and presents performance metrics