4,917 research outputs found
Secure Distributed Dynamic State Estimation in Wide-Area Smart Grids
Smart grid is a large complex network with a myriad of vulnerabilities,
usually operated in adversarial settings and regulated based on estimated
system states. In this study, we propose a novel highly secure distributed
dynamic state estimation mechanism for wide-area (multi-area) smart grids,
composed of geographically separated subregions, each supervised by a local
control center. We firstly propose a distributed state estimator assuming
regular system operation, that achieves near-optimal performance based on the
local Kalman filters and with the exchange of necessary information between
local centers. To enhance the security, we further propose to (i) protect the
network database and the network communication channels against attacks and
data manipulations via a blockchain (BC)-based system design, where the BC
operates on the peer-to-peer network of local centers, (ii) locally detect the
measurement anomalies in real-time to eliminate their effects on the state
estimation process, and (iii) detect misbehaving (hacked/faulty) local centers
in real-time via a distributed trust management scheme over the network. We
provide theoretical guarantees regarding the false alarm rates of the proposed
detection schemes, where the false alarms can be easily controlled. Numerical
studies illustrate that the proposed mechanism offers reliable state estimation
under regular system operation, timely and accurate detection of anomalies, and
good state recovery performance in case of anomalies
PADS: Practical Attestation for Highly Dynamic Swarm Topologies
Remote attestation protocols are widely used to detect device configuration
(e.g., software and/or data) compromise in Internet of Things (IoT) scenarios.
Unfortunately, the performances of such protocols are unsatisfactory when
dealing with thousands of smart devices. Recently, researchers are focusing on
addressing this limitation. The approach is to run attestation in a collective
way, with the goal of reducing computation and communication. Despite these
advances, current solutions for attestation are still unsatisfactory because of
their complex management and strict assumptions concerning the topology (e.g.,
being time invariant or maintaining a fixed topology). In this paper, we
propose PADS, a secure, efficient, and practical protocol for attesting
potentially large networks of smart devices with unstructured or dynamic
topologies. PADS builds upon the recent concept of non-interactive attestation,
by reducing the collective attestation problem into a minimum consensus one. We
compare PADS with a state-of-the art collective attestation protocol and
validate it by using realistic simulations that show practicality and
efficiency. The results confirm the suitability of PADS for low-end devices,
and highly unstructured networks.Comment: Submitted to ESORICS 201
Enabling individually entrusted routing security for open and decentralized community networks
Routing in open and decentralized networks relies on cooperation. However, the participation of unknown nodes and node administrators pursuing heterogeneous trust and security goals is a challenge. Community-mesh networks are good examples of such environments due to their open structure, decentralized management, and ownership. As a result, existing community networks are vulnerable to various attacks and are seriously challenged by the obligation to find consensus on the trustability of participants within an increasing user size and diversity. We propose a practical and novel solution enabling a secured but decentralized trust management. This work presents the design and analysis of securely-entrusted multi-topology routing (SEMTOR), a set of routing-protocol mechanisms that enable the cryptographically secured negotiation and establishment of concurrent and individually trusted routing topologies for infrastructure-less networks without relying on any central management. The proposed mechanisms have been implemented, tested, and evaluated for their correctness and performance to exclude non-trusted nodes from the network. Respective safety and liveness properties that are guaranteed by our protocol have been identified and proven with formal reasoning. Benchmarking results, based on our implementation as part of the BMX7 routing protocol and tested on real and minimal (OpenWRT, 10 Euro) routers, qualify the behaviour, performance, and scalability of our approach, supporting networks with hundreds of nodes despite the use of strong asymmetric cryptography.Peer ReviewedPostprint (author's final draft
Securing Internet Applications from Routing Attacks
Attacks on Internet routing are typically viewed through the lens of
availability and confidentiality, assuming an adversary that either discards
traffic or performs eavesdropping. Yet, a strategic adversary can use routing
attacks to compromise the security of critical Internet applications like Tor,
certificate authorities, and the bitcoin network. In this paper, we survey such
application-specific routing attacks and argue that both application-layer and
network-layer defenses are essential and urgently needed. While
application-layer defenses are easier to deploy in the short term, we hope that
our work serves to provide much needed momentum for the deployment of
network-layer defenses
Blockchain-based DDoS attack mitigation protocol for device-to-device interaction in smart homes
Smart home devices are vulnerable to a variety of attacks. The matter gets more complicated when a number of devices
collaborate to launch a colluding attack (e.g. Distributed-Denial-of-Service (DDoS)) in a network (e.g., Smart home). To
handle these attacks, most studies have hitherto proposed authentication protocols that cannot necessarily be implemented in devices, especially during Device-to-Device (D2D) interactions. Tapping into the potential of Ethereum blockchain and smart contracts, this work proposes a lightweight authentication mechanism that enables safe D2D interactions in a smart home. The Ethereum blockchain enables the implementation of a decentralized prototype as well as a peer-to-peer distributed ledger system. The work also uses a single server queuing system model and the authentication mechanism to curtail DDoS attacks by controlling the number of service requests in the system. The simulation was conducted twenty times, each with varying number of devices chosen at random (ranging from 1 to 30). Each requester device sends an arbitrary request with a unique resource requirement at a time. This is done to measure the system’s consistency across a variety of device capabilities. The
experimental results show that the proposed protocol not only prevents colluding attacks, but also outperforms the benchmark protocols in terms of computational cost, message processing, and response time
- …