A key management architecture and protocols for secure smart grid communications

Providing encrypted communications among power grid components is expected to be a basic requirement of smart grid systems in the future. Here, we propose a key management architecture and associated protocols tailored to support encrypted smart grid communications. The architecture consists of two levels structured around the grid control system hierarchy. At the top level, which consist of control centers and regional coordinators, a bottom-up key structure is adopted using hash chaining and a logical key hierarchy. The lower level of the architecture consists of the regional coordinators (i.e., substations and distribution systems) and remote ends (e.g., meters and pole-top sensors) and utilizes a top-down key management approach built on an inverse element method. The proposed key management schema supports the hierarchical structure of the smart grid control mechanisms, and it takes the resource and electronic/physical security differences of the control levels into account. We define a set of protocols utilizing the architecture to provide secure unicast, multicast, and broadcast communications. Furthermore, we illustrate how the architecture is flexible enough to easily handle power grid nodes joining and leaving the system at the different levels. Lastly, we compare the proposed schema with existing ones and show that our architecture can achieve efficient key management to provide secure communications. Copyright © 2016 John Wiley & Sons, Ltd

Scalable and Fault Tolerant Group Key Management

To address the group key management problem for modern networks this research proposes a lightweight group key management protocol with a gossip-based dissemination routine. Experiments show that by slightly increasing workload for the key update mechanism, this protocol is superior to currently available tree-based protocols with respect to reliability and fault tolerance, while remaining scalable to large groups. Java simulations show that the protocol efficiently distributes keys to large groups in the midst of up to 35 percent node failure rates. In addition, it eliminates the need for logical key hierarchy while preserving an overall reduction in rekey messages to rekey a group. The protocol provides a simple “pull” mechanism to ensure perfect rekeys in spite of the primary rekey mechanism’s probabilistic guarantees, without burdening key distribution facilities. Parameters for overlay management and gossip are improved to minimize rekey message traffic while remaining tolerant to node failure

A Survey on Wireless Sensor Network Security

Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed nature of these networks and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes is also very likely in real-life deployment scenarios. Due to resource constraints in the sensor nodes, traditional security mechanisms with large overhead of computation and communication are infeasible in WSNs. Security in sensor networks is, therefore, a particularly challenging task. This paper discusses the current state of the art in security mechanisms for WSNs. Various types of attacks are discussed and their countermeasures presented. A brief discussion on the future direction of research in WSN security is also included.Comment: 24 pages, 4 figures, 2 table

Link-Level Access Cloud Architecture Design Based on SDN for 5G Networks

The exponential growth of data traffic and connected devices, and the reduction of latency and costs, are considered major challenges for future mobile communication networks. The satisfaction of these challenges motivates revisiting the architecture of these networks. We propose an SDN-based design of a hierarchical architecture for the 5G packet core. In this article we focus on the design of its access cloud with the goal of providing low latency and scalable Ethernet-like support to terminals and MTC devices including mobility management. We examine and address its challenges in terms of network scalability and support for link-level mobility. We propose a link-level architecture that forwards frames from and to edge network elements (AP and routers) with a label that identifies the APs through which the terminal is reachable. An SDN local controller tracks and updates the users' location information at the edge network elements. Additionally, we propose to delegate in SDN local controllers the handling of non-scalable operations, such as broadcast and multicast messages, and network management procedures.This work is partially supported by the Spanish Ministry of Economy and Competitiveness (project TIN2013-46223-P), and the Granada Excellence Network of Innovation Laboratories (projects GENIL-PYR-2014-20 and GENIL-PYR-2014-18)

Co-design of Security Aware Power System Distribution Architecture as Cyber Physical System

The modern smart grid would involve deep integration between measurement nodes, communication systems, artificial intelligence, power electronics and distributed resources. On one hand, this type of integration can dramatically improve the grid performance and efficiency, but on the other, it can also introduce new types of vulnerabilities to the grid. To obtain the best performance, while minimizing the risk of vulnerabilities, the physical power system must be designed as a security aware system. In this dissertation, an interoperability and communication framework for microgrid control and Cyber Physical system enhancements is designed and implemented taking into account cyber and physical security aspects. The proposed data-centric interoperability layer provides a common data bus and a resilient control network for seamless integration of distributed energy resources. In addition, a synchronized measurement network and advanced metering infrastructure were developed to provide real-time monitoring for active distribution networks. A hybrid hardware/software testbed environment was developed to represent the smart grid as a cyber-physical system through hardware and software in the loop simulation methods. In addition it provides a flexible interface for remote integration and experimentation of attack scenarios. The work in this dissertation utilizes communication technologies to enhance the performance of the DC microgrids and distribution networks by extending the application of the GPS synchronization to the DC Networks. GPS synchronization allows the operation of distributed DC-DC converters as an interleaved converters system. Along with the GPS synchronization, carrier extraction synchronization technique was developed to improve the system’s security and reliability in the case of GPS signal spoofing or jamming. To improve the integration of the microgrid with the utility system, new synchronization and islanding detection algorithms were developed. The developed algorithms overcome the problem of SCADA and PMU based islanding detection methods such as communication failure and frequency stability. In addition, a real-time energy management system with online optimization was developed to manage the energy resources within the microgrid. The security and privacy were also addressed in both the cyber and physical levels. For the physical design, two techniques were developed to address the physical privacy issues by changing the current and electromagnetic signature. For the cyber level, a security mechanism for IEC 61850 GOOSE messages was developed to address the security shortcomings in the standard

Adaptive trust and reputation system as a security service in group communications

Group communications has been facilitating many emerging applications which require packet delivery from one or more sender(s) to multiple receivers. Owing to the multicasting and broadcasting nature, group communications are susceptible to various kinds of attacks. Though a number of proposals have been reported to secure group communications, provisioning security in group communications remains a critical and challenging issue. This work first presents a survey on recent advances in security requirements and services in group communications in wireless and wired networks, and discusses challenges in designing secure group communications in these networks. Effective security services to secure group communications are then proposed. This dissertation also introduces the taxonomy of security services, which can be applied to secure group communications, and evaluates existing secure group communications schemes. This dissertation work analyzes a number of vulnerabilities against trust and reputation systems, and proposes a threat model to predict attack behaviors. This work also considers scenarios in which multiple attacking agents actively and collaboratively attack the whole network as well as a specific individual node. The behaviors may be related to both performance issues and security issues. Finally, this work extensively examines and substantiates the security of the proposed trust and reputation system. This work next discusses the proposed trust and reputation system for an anonymous network, referred to as the Adaptive Trust-based Anonymous Network (ATAN). The distributed and decentralized network management in ATAN does not require a central authority so that ATAN alleviates the problem of a single point of failure. In ATAN, the trust and reputation system aims to enhance anonymity by establishing a trust and reputation relationship between the source and the forwarding members. The trust and reputation relationship of any two nodes is adaptive to new information learned by these two nodes or recommended from other trust nodes. Therefore, packets are anonymously routed from the \u27trusted\u27 source to the destination through \u27trusted\u27 intermediate nodes, thereby improving anonymity of communications. In the performance analysis, the ratio of the ATAN header and data payload is around 0.1, which is relatively small. This dissertation offers analysis on security services on group communications. It illustrates that these security services are needed to incorporate with each other such that group communications can be secure. Furthermore, the adaptive trust and reputation system is proposed to integrate the concept of trust and reputation into communications. Although deploying the trust and reputation system incurs some overheads in terms of storage spaces, bandwidth and computation cycles, it shows a very promising performance that enhance users\u27 confidence in using group communications, and concludes that the trust and reputation system should be deployed as another layer of security services to protect group communications against malicious adversaries and attacks