Securing Information-Centric Networking without negating Middleboxes

Information-Centric Networking is a promising networking paradigm that overcomes many of the limitations of current networking architectures. Various research efforts investigate solutions for securing ICN. Nevertheless, most of these solutions relax security requirements in favor of network performance. In particular, they weaken end-user privacy and the architecture's tolerance to security breaches in order to support middleboxes that offer services such as caching and content replication. In this paper, we adapt TLS, a widely used security standard, to an ICN context. We design solutions that allow session reuse and migration among multiple stakeholders and we propose an extension that allows authorized middleboxes to lawfully and transparently intercept secured communications.Comment: 8th IFIP International Conference on New Technologies, Mobility & Security, IFIP, 201

A down-to-earth integration of Named Data Networking in the real-world IoT

International audienceThe IEEE802.15.4 wireless technology is one of the enablers of the Internet of Things. It allows constrained devices to communicate with a satisfactory data rate, payload size and distance range, all with reduced energy consumption. To provide IoT devices with a global Internet identity, 6LoWPAN defines the IPv6 adaptation to communicate over IEEE802.15.4. However, this integration still needs additional protocols to support other IoT requirements, which makes the IP stack in IoT devices more complex and therefore shows the limitations of the IP model to support the needs of future Internet. Named Data Networking represents an alternative that can natively support IoT constraints including mobility, security and human readable data names. This paper is a synthesis of an ongoing work that investigates the integration of NDN with IEEE802.15.4 for constrained IoT devices. The proposed design has been implemented in a real-world smart agriculture scenario, and evaluated by simulation focusing on energy consumption and network overhead in comparison to IP-based protocols

Intelligent building systems: Security and facility professionals’ understanding of system threats,vulnerabilities and mitigation practice

Intelligent Buildings or Building Automation and Control Systems (BACS) are becoming common in buildings, driven by the commercial need for functionality, sharing of information, reduced costs and sustainable buildings. The facility manager often has BACS responsibility; however, their focus is generally not on BACS security. Nevertheless, if a BACS-manifested threat is realised, the impact to a building can be significant, through denial, loss or manipulation of the building and its services, resulting in loss of information or occupancy. Therefore, this study garnered a descriptive understanding of security and facility professionals’ knowledge of BACS, including vulnerabilities and mitigation practices. Results indicate that the majority of security and facility professionals hold a general awareness of BACS security issues, although they lacked a robust understanding to meet necessary protection. For instance, understanding of 23 BACS vulnerabilities were found to be equally critical with limited variance. Mitigation strategies were no better, with respondents indicating poor threat diagnosis. In contrast, cybersecurity and technical security professionals such as integrators or security engineering design professionals displayed a robust understanding of BACS vulnerabilities and resulting mitigation strategies. Findings support the need for greater awareness for both security management and facility professionals of BACS vulnerabilities and mitigation strategies

User centered neuro-fuzzy energy management through semantic-based optimization

This paper presents a cloud-based building energy management system, underpinned by semantic middleware, that integrates an enhanced sensor network with advanced analytics, accessible through an intuitive Web-based user interface. The proposed solution is described in terms of its three key layers: 1) user interface; 2) intelligence; and 3) interoperability. The system’s intelligence is derived from simulation-based optimized rules, historical sensor data mining, and a fuzzy reasoner. The solution enables interoperability through a semantic knowledge base, which also contributes intelligence through reasoning and inference abilities, and which are enhanced through intelligent rules. Finally, building energy performance monitoring is delivered alongside optimized rule suggestions and a negotiation process in a 3-D Web-based interface using WebGL. The solution has been validated in a real pilot building to illustrate the strength of the approach, where it has shown over 25% energy savings. The relevance of this paper in the field is discussed, and it is argued that the proposed solution is mature enough for testing across further buildings

An intelligent semantic system for real-time demand response management of a thermal grid

“Demand Response” energy management of thermal grids requires consideration of a wide range of factors at building and district level, supported by continuously calibrated simulation models that reflect real operation conditions. Moreover, cross-domain data interoperability between concepts used by the numerous hardware and software is essential, in terms of Terminology, Metadata, Meaning and Logic. This paper leverages domain ontology to map and align the semantic resources that underpin building and district energy management, with a focus on the optimization of a thermal grid informed by real-time energy demand. The intelligence of the system is derived from simulation-based optimization, informed by calibrated thermal models that predict the network’s energy demand to inform (near) real-time generation. The paper demonstrates that the use of semantics helps alleviate the endemic energy performance gap, as validated in a real district heating network where 36% reduction on operation cost and 43% reduction on CO2 emission were observed compared to baseline operational data

A critical review of cyber-physical security for building automation systems

Modern Building Automation Systems (BASs), as the brain that enables the smartness of a smart building, often require increased connectivity both among system components as well as with outside entities, such as optimized automation via outsourced cloud analytics and increased building-grid integrations. However, increased connectivity and accessibility come with increased cyber security threats. BASs were historically developed as closed environments with limited cyber-security considerations. As a result, BASs in many buildings are vulnerable to cyber-attacks that may cause adverse consequences, such as occupant discomfort, excessive energy usage, and unexpected equipment downtime. Therefore, there is a strong need to advance the state-of-the-art in cyber-physical security for BASs and provide practical solutions for attack mitigation in buildings. However, an inclusive and systematic review of BAS vulnerabilities, potential cyber-attacks with impact assessment, detection & defense approaches, and cyber-secure resilient control strategies is currently lacking in the literature. This review paper fills the gap by providing a comprehensive up-to-date review of cyber-physical security for BASs at three levels in commercial buildings: management level, automation level, and field level. The general BASs vulnerabilities and protocol-specific vulnerabilities for the four dominant BAS protocols are reviewed, followed by a discussion on four attack targets and seven potential attack scenarios. The impact of cyber-attacks on BASs is summarized as signal corruption, signal delaying, and signal blocking. The typical cyber-attack detection and defense approaches are identified at the three levels. Cyber-secure resilient control strategies for BASs under attack are categorized into passive and active resilient control schemes. Open challenges and future opportunities are finally discussed.Comment: 38 pages, 7 figures, 6 tables, submitted to Annual Reviews in Contro

Security Properties of Information-centric Networks

The IP network was built decades ago, and with today s use of Internet, a new network layer protocol is much needed. Named Data Networking (NDN) is a proposal for content-centric discovery and routing. Yet, the public key infrastructure issue has not been solved in NDN. Identity-based cryptography (IBC) seems to be applicable to wireless sensor networks, and even more applicable when deployed over NDN. In this paper I will explain the NDN architecture and the basics of IBC. Further, I will model and implement a trust model in a thought sensor network using IBC, running over NDN. Implementing and testing my proposal verifies the relevancy of IBC over wireless sensor network running over NDN, and the usability of developing applications over NDN. I formally and informally prove the security in the protocols suggested for device registration and data pull under deployment in the application

μGIM - Microgrid intelligent management system based on a multi-agent approach and the active participation of end-users

[ES] Los sistemas de potencia y energía están cambiando su paradigma tradicional, de sistemas centralizados a sistemas descentralizados. La aparición de redes inteligentes permite la integración de recursos energéticos descentralizados y promueve la gestión inclusiva que involucra a los usuarios finales, impulsada por la gestión del lado de la demanda, la energía transactiva y la respuesta a la demanda. Garantizar la escalabilidad y la estabilidad del servicio proporcionado por la red, en este nuevo paradigma de redes inteligentes, es más difícil porque no hay una única sala de operaciones centralizada donde se tomen todas las decisiones. Para implementar con éxito redes inteligentes, es necesario combinar esfuerzos entre la ingeniería eléctrica y la ingeniería informática. La ingeniería eléctrica debe garantizar el correcto funcionamiento físico de las redes inteligentes y de sus componentes, estableciendo las bases para un adecuado monitoreo, control, gestión, y métodos de operación. La ingeniería informática desempeña un papel importante al proporcionar los modelos y herramientas computacionales adecuados para administrar y operar la red inteligente y sus partes constituyentes, representando adecuadamente a todos los diferentes actores involucrados. Estos modelos deben considerar los objetivos individuales y comunes de los actores que proporcionan las bases para garantizar interacciones competitivas y cooperativas capaces de satisfacer a los actores individuales, así como cumplir con los requisitos comunes con respecto a la sostenibilidad técnica, ambiental y económica del Sistema. La naturaleza distribuida de las redes inteligentes permite, incentiva y beneficia enormemente la participación activa de los usuarios finales, desde actores grandes hasta actores más pequeños, como los consumidores residenciales. Uno de los principales problemas en la planificación y operación de redes eléctricas es la variación de la demanda de energía, que a menudo se duplica más que durante las horas pico en comparación con la demanda fuera de pico. Tradicionalmente, esta variación dio como resultado la construcción de plantas de generación de energía y grandes inversiones en líneas de red y subestaciones. El uso masivo de fuentes de energía renovables implica mayor volatilidad en lo relativo a la generación, lo que hace que sea más difícil equilibrar el consumo y la generación. La participación de los actores de la red inteligente, habilitada por la energía transactiva y la respuesta a la demanda, puede proporcionar flexibilidad en desde el punto de vista de la demanda, facilitando la operación del sistema y haciendo frente a la creciente participación de las energías renovables. En el ámbito de las redes inteligentes, es posible construir y operar redes más pequeñas, llamadas microrredes. Esas son redes geográficamente limitadas con gestión y operación local. Pueden verse como áreas geográficas restringidas para las cuales la red eléctrica generalmente opera físicamente conectada a la red principal, pero también puede operar en modo isla, lo que proporciona independencia de la red principal. Esta investigación de doctorado, realizada bajo el Programa de Doctorado en Ingeniería Informática de la Universidad de Salamanca, aborda el estudio y el análisis de la gestión de microrredes, considerando la participación activa de los usuarios finales y la gestión energética de lascarga eléctrica y los recursos energéticos de los usuarios finales. En este trabajo de investigación se ha analizado el uso de conceptos de ingeniería informática, particularmente del campo de la inteligencia artificial, para apoyar la gestión de las microrredes, proponiendo un sistema de gestión inteligente de microrredes (μGIM) basado en un enfoque de múltiples agentes y en la participación activa de usuarios. Esta solución se compone de tres sistemas que combinan hardware y software: el emulador de virtual a realidad (V2R), el enchufe inteligente de conciencia ambiental de Internet de las cosas (EnAPlug), y la computadora de placa única para energía basada en el agente (S4E) para permitir la gestión del lado de la demanda y la energía transactiva. Estos sistemas fueron concebidos, desarrollados y probados para permitir la validación de metodologías de gestión de microrredes, es decir, para la participación de los usuarios finales y para la optimización inteligente de los recursos. Este documento presenta todos los principales modelos y resultados obtenidos durante esta investigación de doctorado, con respecto a análisis de vanguardia, concepción de sistemas, desarrollo de sistemas, resultados de experimentación y descubrimientos principales. Los sistemas se han evaluado en escenarios reales, desde laboratorios hasta sitios piloto. En total, se han publicado veinte artículos científicos, de los cuales nueve se han hecho en revistas especializadas. Esta investigación de doctorado realizó contribuciones a dos proyectos H2020 (DOMINOES y DREAM-GO), dos proyectos ITEA (M2MGrids y SPEAR), tres proyectos portugueses (SIMOCE, NetEffiCity y AVIGAE) y un proyecto con financiación en cascada H2020 (Eco-Rural -IoT)

RESILIENZA DEL PATRIMONIO ARCHITETTONICO: STRUMENTI, SCENARI E PROCESSI DI VALUTAZIONE

L'abstract è presente nell'allegato / the abstract is in the attachmen