Secure Distributed Dynamic State Estimation in Wide-Area Smart Grids

Smart grid is a large complex network with a myriad of vulnerabilities, usually operated in adversarial settings and regulated based on estimated system states. In this study, we propose a novel highly secure distributed dynamic state estimation mechanism for wide-area (multi-area) smart grids, composed of geographically separated subregions, each supervised by a local control center. We firstly propose a distributed state estimator assuming regular system operation, that achieves near-optimal performance based on the local Kalman filters and with the exchange of necessary information between local centers. To enhance the security, we further propose to (i) protect the network database and the network communication channels against attacks and data manipulations via a blockchain (BC)-based system design, where the BC operates on the peer-to-peer network of local centers, (ii) locally detect the measurement anomalies in real-time to eliminate their effects on the state estimation process, and (iii) detect misbehaving (hacked/faulty) local centers in real-time via a distributed trust management scheme over the network. We provide theoretical guarantees regarding the false alarm rates of the proposed detection schemes, where the false alarms can be easily controlled. Numerical studies illustrate that the proposed mechanism offers reliable state estimation under regular system operation, timely and accurate detection of anomalies, and good state recovery performance in case of anomalies

PADS: Practical Attestation for Highly Dynamic Swarm Topologies

Remote attestation protocols are widely used to detect device configuration (e.g., software and/or data) compromise in Internet of Things (IoT) scenarios. Unfortunately, the performances of such protocols are unsatisfactory when dealing with thousands of smart devices. Recently, researchers are focusing on addressing this limitation. The approach is to run attestation in a collective way, with the goal of reducing computation and communication. Despite these advances, current solutions for attestation are still unsatisfactory because of their complex management and strict assumptions concerning the topology (e.g., being time invariant or maintaining a fixed topology). In this paper, we propose PADS, a secure, efficient, and practical protocol for attesting potentially large networks of smart devices with unstructured or dynamic topologies. PADS builds upon the recent concept of non-interactive attestation, by reducing the collective attestation problem into a minimum consensus one. We compare PADS with a state-of-the art collective attestation protocol and validate it by using realistic simulations that show practicality and efficiency. The results confirm the suitability of PADS for low-end devices, and highly unstructured networks.Comment: Submitted to ESORICS 201

Enabling individually entrusted routing security for open and decentralized community networks

Routing in open and decentralized networks relies on cooperation. However, the participation of unknown nodes and node administrators pursuing heterogeneous trust and security goals is a challenge. Community-mesh networks are good examples of such environments due to their open structure, decentralized management, and ownership. As a result, existing community networks are vulnerable to various attacks and are seriously challenged by the obligation to find consensus on the trustability of participants within an increasing user size and diversity. We propose a practical and novel solution enabling a secured but decentralized trust management. This work presents the design and analysis of securely-entrusted multi-topology routing (SEMTOR), a set of routing-protocol mechanisms that enable the cryptographically secured negotiation and establishment of concurrent and individually trusted routing topologies for infrastructure-less networks without relying on any central management. The proposed mechanisms have been implemented, tested, and evaluated for their correctness and performance to exclude non-trusted nodes from the network. Respective safety and liveness properties that are guaranteed by our protocol have been identified and proven with formal reasoning. Benchmarking results, based on our implementation as part of the BMX7 routing protocol and tested on real and minimal (OpenWRT, 10 Euro) routers, qualify the behaviour, performance, and scalability of our approach, supporting networks with hundreds of nodes despite the use of strong asymmetric cryptography.Peer ReviewedPostprint (author's final draft

Securing Internet Applications from Routing Attacks

Attacks on Internet routing are typically viewed through the lens of availability and confidentiality, assuming an adversary that either discards traffic or performs eavesdropping. Yet, a strategic adversary can use routing attacks to compromise the security of critical Internet applications like Tor, certificate authorities, and the bitcoin network. In this paper, we survey such application-specific routing attacks and argue that both application-layer and network-layer defenses are essential and urgently needed. While application-layer defenses are easier to deploy in the short term, we hope that our work serves to provide much needed momentum for the deployment of network-layer defenses

Blockchain-based DDoS attack mitigation protocol for device-to-device interaction in smart homes

Smart home devices are vulnerable to a variety of attacks. The matter gets more complicated when a number of devices collaborate to launch a colluding attack (e.g. Distributed-Denial-of-Service (DDoS)) in a network (e.g., Smart home). To handle these attacks, most studies have hitherto proposed authentication protocols that cannot necessarily be implemented in devices, especially during Device-to-Device (D2D) interactions. Tapping into the potential of Ethereum blockchain and smart contracts, this work proposes a lightweight authentication mechanism that enables safe D2D interactions in a smart home. The Ethereum blockchain enables the implementation of a decentralized prototype as well as a peer-to-peer distributed ledger system. The work also uses a single server queuing system model and the authentication mechanism to curtail DDoS attacks by controlling the number of service requests in the system. The simulation was conducted twenty times, each with varying number of devices chosen at random (ranging from 1 to 30). Each requester device sends an arbitrary request with a unique resource requirement at a time. This is done to measure the system’s consistency across a variety of device capabilities. The experimental results show that the proposed protocol not only prevents colluding attacks, but also outperforms the benchmark protocols in terms of computational cost, message processing, and response time