791 research outputs found
Towards a Low-Cost Remote Memory Attestation for the Smart Grid
In the smart grid, measurement devices may be compromised by adversaries, and their operations could be disrupted by attacks. A number of schemes to efficiently and accurately detect these compromised devices remotely have been proposed. Nonetheless, most of the existing schemes detecting compromised devices depend on the incremental response time in the attestation process, which are sensitive to data transmission delay and lead to high computation and network overhead. To address the issue, in this paper, we propose a low-cost remote memory attestation scheme (LRMA), which can efficiently and accurately detect compromised smart meters considering real-time network delay and achieve low computation and network overhead. In LRMA, the impact of real-time network delay on detecting compromised nodes can be eliminated via investigating the time differences reported from relay nodes. Furthermore, the attestation frequency in LRMA is dynamically adjusted with the compromised probability of each node, and then, the total number of attestations could be reduced while low computation and network overhead can be achieved. Through a combination of extensive theoretical analysis and evaluations, our data demonstrate that our proposed scheme can achieve better detection capacity and lower computation and network overhead in comparison to existing schemes
RADIS: Remote Attestation of Distributed IoT Services
Remote attestation is a security technique through which a remote trusted
party (i.e., Verifier) checks the trustworthiness of a potentially untrusted
device (i.e., Prover). In the Internet of Things (IoT) systems, the existing
remote attestation protocols propose various approaches to detect the modified
software and physical tampering attacks. However, in an interoperable IoT
system, in which IoT devices interact autonomously among themselves, an
additional problem arises: a compromised IoT service can influence the genuine
operation of other invoked service, without changing the software of the
latter. In this paper, we propose a protocol for Remote Attestation of
Distributed IoT Services (RADIS), which verifies the trustworthiness of
distributed IoT services. Instead of attesting the complete memory content of
the entire interoperable IoT devices, RADIS attests only the services involved
in performing a certain functionality. RADIS relies on a control-flow
attestation technique to detect IoT services that perform an unexpected
operation due to their interactions with a malicious remote service. Our
experiments show the effectiveness of our protocol in validating the integrity
status of a distributed IoT service.Comment: 21 pages, 10 figures, 2 table
A survey on cyber security for smart grid communications
A smart grid is a new form of electricity network with high fidelity power-flow control, self-healing, and energy reliability and energy security using digital communications and control technology. To upgrade an existing power grid into a smart grid, it requires significant dependence on intelligent and secure communication infrastructures. It requires security frameworks for distributed communications, pervasive computing and sensing technologies in smart grid. However, as many of the communication technologies currently recommended to use by a smart grid is vulnerable in cyber security, it could lead to unreliable system operations, causing unnecessary expenditure, even consequential disaster to both utilities and consumers. In this paper, we summarize the cyber security requirements and the possible vulnerabilities in smart grid communications and survey the current solutions on cyber security for smart grid communications. © 2012 IEEE
Distributed state verification in the smart grid using physical attestation
A cyber process in a distributed system can fabricate its internal state in its communications with its peers. These state fabrications can cause other processes in the distributed system to make incorrect control decisions. Cyber-physical systems have a unique advantage in the detection of falsified states because processes typically have observable effects on a shared physical infrastructure. This physical infrastructure acts as a high-integrity message channel that broadcasts changes in individual process states. The objective of this research is to demonstrate that there are cases where physical feedback from the shared infrastructure can be used to detect state fabrications. To that end, this work introduces a distributed security mechanism called physical attestation that detects state fabrications in the future smart grid. Graph theory is used to prove that physical attestation works in general smart grid topologies, and the theory is supported with experimental results obtained from a smart grid test bed --Abstract, page iii
Distributed IoT Attestation via Blockchain (Extended Version)
The growing number and nature of Internet of Things (IoT) devices makes these resource-constrained appliances particularly vulnerable and increasingly impactful in their exploitation. Current estimates for the number of connected things commonly reach the tens of billions. The low-cost and limited computational strength of these devices can preclude security features. Additionally, economic forces and a lack of industry expertise in security often contribute to a rush to market with minimal consideration for security implications. It is essential that users of these emerging technologies, from consumers to IT professionals, be able to establish and retain trust in the multitude of diverse and pervasive compute devices that are ever more responsible for our critical infrastructure and personal information. Remote attestation is a well-known technique for building such trust between devices. In standard implementations, a potentially untrustworthy prover attests, using public key infrastructure, to a verifier about its configuration or properties of its current state. Attestation is often performed on an ad hoc basis with little concern for historicity. However, controls and sensors manufactured for the Industrial IoT (IIoT) may be expected to operate for decades. Even in the consumer market, so-called smart things can be expected to outlive their manufacturers. This longevity combined with limited software or firmware patching creates an ideal environment for long-lived zero-day vulnerabilities. Knowing both if a device is vulnerable and if so when it became vulnerable is a management nightmare as IoT deployments scale. For network connected machines, with access to sensitive information and real-world physical controls, maintaining some sense of a device\u27s lifecycle would be insightful. In this paper, we propose a novel attestation architecture, DAN: a distributed attestation network, utilizing blockchain to store and share device information. We present the design of this new attestation architecture, and describe a virtualized simulation, as well as a prototype system chosen to emulate an IoT deployment with a network of Raspberry Pi, Infineon TPMs, and a Hyperledger Fabric blockchain. We discuss the implications and potential challenges of such a network for various applications such as identity management, intrusion detection, forensic audits, and regulatory certification
Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence (Full Version)
As many types of IoT devices worm their way into numerous settings and many
aspects of our daily lives, awareness of their presence and functionality
becomes a source of major concern. Hidden IoT devices can snoop (via sensing)
on nearby unsuspecting users, and impact the environment where unaware users
are present, via actuation. This prompts, respectively, privacy and
security/safety issues. The dangers of hidden IoT devices have been recognized
and prior research suggested some means of mitigation, mostly based on traffic
analysis or using specialized hardware to uncover devices. While such
approaches are partially effective, there is currently no comprehensive
approach to IoT device transparency. Prompted in part by recent privacy
regulations (GDPR and CCPA), this paper motivates and constructs a
privacy-agile Root-of-Trust architecture for IoT devices, called PAISA:
Privacy-Agile IoT Sensing and Actuation. It guarantees timely and secure
announcements about IoT devices' presence and their capabilities. PAISA has two
components: one on the IoT device that guarantees periodic announcements of its
presence even if all device software is compromised, and the other that runs on
the user device, which captures and processes announcements. Notably, PAISA
requires no hardware modifications; it uses a popular off-the-shelf Trusted
Execution Environment (TEE) -- ARM TrustZone. This work also comprises a fully
functional (open-sourced) prototype implementation of PAISA, which includes: an
IoT device that makes announcements via IEEE 802.11 WiFi beacons and an Android
smartphone-based app that captures and processes announcements. Both security
and performance of PAISA design and prototype are discussed.Comment: 17 pages, 11 figures. To appear at ACM CCS 202
- …