7,059 research outputs found
On the Role of Primary and Secondary Assets in Adaptive Security: An Application in Smart Grids
peer-reviewedAdaptive security aims to protect valuable assets
managed by a system, by applying a varying set of security
controls. Engineering adaptive security is not an easy task. A
set of effective security countermeasures should be identified.
These countermeasures should not only be applied to (primary)
assets that customers desire to protect, but also to other
(secondary) assets that can be exploited by attackers to harm
the primary assets. Another challenge arises when assets vary
dynamically at runtime. To accommodate these variabilities, it
is necessary to monitor changes in assets, and apply the most
appropriate countermeasures at runtime. The paper provides
three main contributions for engineering adaptive security.
First, it proposes a modeling notation to represent primary
and secondary assets, along with their variability. Second,
it describes how to use the extended models in engineering
security requirements and designing required monitoring functions.
Third, the paper illustrates our approach through a set
of adaptive security scenarios in the customer domain of a
smart grid. We suggest that modeling secondary assets aids
the deployment of countermeasures, and, in combination with
a representation of assets variability, facilitates the design of
monitoring function
Towards Baselines for Shoulder Surfing on Mobile Authentication
Given the nature of mobile devices and unlock procedures, unlock
authentication is a prime target for credential leaking via shoulder surfing, a
form of an observation attack. While the research community has investigated
solutions to minimize or prevent the threat of shoulder surfing, our
understanding of how the attack performs on current systems is less well
studied. In this paper, we describe a large online experiment (n=1173) that
works towards establishing a baseline of shoulder surfing vulnerability for
current unlock authentication systems. Using controlled video recordings of a
victim entering in a set of 4- and 6-length PINs and Android unlock patterns on
different phones from different angles, we asked participants to act as
attackers, trying to determine the authentication input based on the
observation. We find that 6-digit PINs are the most elusive attacking surface
where a single observation leads to just 10.8% successful attacks, improving to
26.5\% with multiple observations. As a comparison, 6-length Android patterns,
with one observation, suffered 64.2% attack rate and 79.9% with multiple
observations. Removing feedback lines for patterns improves security from
35.3\% and 52.1\% for single and multiple observations, respectively. This
evidence, as well as other results related to hand position, phone size, and
observation angle, suggests the best and worst case scenarios related to
shoulder surfing vulnerability which can both help inform users to improve
their security choices, as well as establish baselines for researchers.Comment: Will appear in Annual Computer Security Applications Conference
(ACSAC
IMPROVING SMART GRID SECURITY USING MERKLE TREES
Abstract—Presently nations worldwide are starting to convert their aging electrical power infrastructures into modern, dynamic power grids. Smart Grid offers much in the way of efficiencies and robustness to the electrical power grid, however its heavy reliance on communication networks will leave it more vulnerable to attack than present day grids. This paper looks at the threat to public key cryptography systems from a fully realized quantum computer and how this could impact the Smart Grid. We argue for the use of Merkle Trees in place of public key cryptography for authentication of devices in wireless mesh networks that are used in Smart Grid applications
Multipath Routing of Fragmented Data Transfer in a Smart Grid Environment
The purpose of this paper is to do a general survey on the existing
communication modes inside a smart grid, the existing security loopholes and
their countermeasures. Then we suggest a detailed countermeasure, building upon
the Jigsaw based secure data transfer [8] for enhanced security of the data
flow inside the communication system of a smart grid. The paper has been
written without the consideration of any factor of inoperability between the
various security techniques inside a smart gridComment: 5 pages, 2 figure
- …