A Multi-User, Single-Authentication Protocol for Smart Grid Architectures

open access articleIn a smart grid system, the utility server collects data from various smart grid devices. These data play an important role in the energy distribution and balancing between the energy providers and energy consumers. However, these data are prone to tampering attacks by an attacker, while traversing from the smart grid devices to the utility servers, which may result in energy disruption or imbalance. Thus, an authentication is mandatory to efficiently authenticate the devices and the utility servers and avoid tampering attacks. To this end, a group authentication algorithm is proposed for preserving demand–response security in a smart grid. The proposed mechanism also provides a fine-grained access control feature where the utility server can only access a limited number of smart grid devices. The initial authentication between the utility server and smart grid device in a group involves a single public key operation, while the subsequent authentications with the same device or other devices in the same group do not need a public key operation. This reduces the overall computation and communication overheads and takes less time to successfully establish a secret session key, which is used to exchange sensitive information over an unsecured wireless channel. The resilience of the proposed algorithm is tested against various attacks using formal and informal security analysis

Secure Communication Architecture for Dynamic Energy Management in Smart Grid

open access articleSmart grid takes advantage of communication technologies for efficient energy management and utilization. It entails sacrifice from consumers in terms of reducing load during peak hours by using a dynamic energy pricing model. To enable an active participation of consumers in load management, the concept of home energy gateway (HEG) has recently been proposed in the literature. However, the HEG concept is rather new, and the literature still lacks to address challenges related to data representation, seamless discovery, interoperability, security, and privacy. This paper presents the design of a communication framework that effectively copes with the interoperability and integration challenges between devices from different manufacturers. The proposed communication framework offers seamless auto-discovery and zero- con figuration-based networking between heterogeneous devices at consumer sites. It uses elliptic-curve-based security mechanism for protecting consumers' privacy and providing the best possible shield against different types of cyberattacks. Experiments in real networking environment validated that the proposed communication framework is lightweight, secure, portable with low-bandwidth requirement, and flexible to be adopted for dynamic energy management in smart grid

Security management for mobile ad hoc network of networks (MANoN

Mobile Ad hoc Network of Networks (MANoN) are a group of large autonomous wireless nodes communicating on a peer-to-peer basis in a heterogeneous environment with no pre-defined infrastructure. In fact, each node by itself is an ad hoc network with its own management. MANoNs are evolvable systems, which mean each ad hoc network has the ability to perform separately under its own policies and management without affecting the main system; therefore, new ad hoc networks can emerge and disconnect from the MANoN without conflicting with the policies of other networks. The unique characteristics of MANoN makes such networks highly vulnerable to security attacks compared with wired networks or even normal mobile ad hoc networks. This thesis presents a novel security-management system based upon the Recommendation ITU-T M.3400, which is used to evaluate, report on the behaviour of our MANoN and then support complex services our system might need to accomplish. Our security management will concentrate on three essential components: Security Administration, Prevention and Detection and Containment and Recovery. In any system, providing one of those components is a problem; consequently, dealing with an infrastructure-less MANoN will be a dilemma, yet we approached each set group of these essentials independently, providing unusual solutions for each one of them but concentrating mainly on the prevention and detection category. The contributions of this research are threefold. First, we defined MANoN Security Architecture based upon the ITU-T Recommendations: X.800 and X.805. This security architecture provides a comprehensive, end-to-end security solution for MANoN that could be applied to every wireless network that satisfies a similar scenario, using such networks in order to predict, detect and correct security vulnerabilities. The security architecture identifies the security requirements needed, their objectives and the means by which they could be applied to every part of the MANoN, taking into consideration the different security attacks it could face. Second, realising the prevention component by implementing some of the security requirements identified in the Security Architecture, such as authentication, authorisation, availability, data confidentiality, data integrity and non-repudiation has been proposed by means of defining a novel Security Access Control Mechanism based on Threshold Cryptography Digital Certificates in MANoN. Network Simulator (NS-2) is a real network environment simulator, which is used to test the performance of the proposed security mechanism and demonstrate its effectiveness. Our ACM-MANoN results provide a fully distributed security protocol that provides a high level of secure, available, scalable, flexible and efficient management services for MANoN. The third contribution is realising the detection component, which is represented by providing a Behavioural Detection Mechanism based on nodes behavioural observation engaged with policies. This behaviour mechanism will be used to detect malicious nodes acting to bring the system down. This approach has been validated using an attacks case study in an unknown military environment to cope with misbehaving nodes

Resource Efficient Authentication and Session Key Establishment Procedure for Low-Resource IoT Devices

open access journalThe Internet of Things (IoT) can includes many resource-constrained devices, with most usually needing to securely communicate with their network managers, which are more resource-rich devices in the IoT network. We propose a resource-efficient security scheme that includes authentication of devices with their network managers, authentication between devices on different networks, and an attack-resilient key establishment procedure. Using automated validation with internet security protocols and applications tool-set, we analyse several attack scenarios to determine the security soundness of the proposed solution, and then we evaluate its performance analytically and experimentally. The performance analysis shows that the proposed solution occupies little memory and consumes low energy during the authentication and key generation processes respectively. Moreover, it protects the network from well-known attacks (man-in-the-middle attacks, replay attacks, impersonation attacks, key compromission attacks and denial of service attacks)

Cooperative Volunteer Protocol to Detect Non-Line of Sight Nodes in Vehicular Ad hoc Networks

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link. CTIA vehicular Ad hoc Network (VANET) is a special type of Mobile Ad hoc Network (MANET) application that impacts wireless communications and Intelligent Transport Systems (ITSs). VANETs are employed to develop safety applications for vehicles to create a safer and less cluttered environment on the road. The many remaining challenges relating to VANETs have encouraged researchers to conduct further investigation in this field to meet these challenges. For example, issues pertaining to routing protocols, such as the delivery of warning messages to vehicles facing Non-Line of Sight (NLOS) situations without causing a broadcasting storm and channel contention are regarded as a serious dilemma, especially in congested environments. This prompted the design of an efficient mechanism for a routing protocol capable of broadcasting warning messages from emergency vehicles to vehicles under NLOS conditions to reduce the overhead and increase the packet delivery ratio with reduced time delay and channel utilisation. This work used the cooperative approach to develop the routing protocol named the Co-operative Volunteer Protocol (CVP), which uses volunteer vehicles to disseminate the warning message from the source to the target vehicle experiencing an NLOS situation. A novel architecture has been developed by utilising the concept of a Context-Aware System (CAS), which clarifies the OBU components and their interaction with each other to collect data and make decisions based on the sensed circumstances. The simulation results showed that the proposed protocol outperformed the GRANT protocol with regard to several metrics such as packet delivery ratio, neighbourhood awareness, channel utilisation, overhead, and latency. The results also showed that the proposed CVP could successfully detect NLOS situations and solve them effectively and efficiently for both the intersection scenario in urban areas and the highway scenario

Personal Learning Environment

Virtual Learning Environments (VLE) have become popular in higher education in recent years due to their ability to provide additional and flexible solutions for students and researchers. However, the limitations of VLEs have led to the development of a new generation of VLE – the Personal Learning Environment (PLE). PLEs avoid these limitations and have new features that allow students to control and develop new applications, such as Web 2.0 applications and social networks. Whilst PLEs have resolved some of the drawbacks of VLEs, it is argued that PLEs also have greater potential to cover a wider range of aspects. This paper presents a proactive context-aware architecture for PLE supporting two major objectives: lifelong access and learner-centric study, covering both traditional formal (institution-based) and informal (private, non-institution-based) academic learning. Bayesian Networks are graphical modeling tools that have been used for modeling uncertain knowledge. Moreover, BN has been used in this research to implement the proposed architecture

A Fuzzy-Logic Approach to Dynamic Bayesian Severity Level Classification of Driver Distraction Using Image Recognition

open access articleDetecting and classifying driver distractions is crucial in the prevention of road accidents. These distractions impact both driver behavior and vehicle dynamics. Knowing the degree of driver distraction can aid in accident prevention techniques, including transitioning of control to a level 4 semi- autonomous vehicle, when a high distraction severity level is reached. Thus, enhancement of Advanced Driving Assistance Systems (ADAS) is a critical component in the safety of vehicle drivers and other road users. In this paper, a new methodology is introduced, using an expert knowledge rule system to predict the severity of distraction in a contiguous set of video frames using the Naturalistic Driving American University of Cairo (AUC) Distraction Dataset. A multi-class distraction system comprises the face orientation, drivers’ activities, hands and previous driver distraction, a severity classification model is developed as a discrete dynamic Bayesian (DDB). Furthermore, a Mamdani-based fuzzy system was implemented to detect multi- class of distractions into a severity level of safe, careless or dangerous driving. Thus, if a high level of severity is reached the semi-autonomous vehicle will take control. The result further shows that some instances of driver’s distraction may quickly transition from a careless to dangerous driving in a multi-class distraction context

Routing management for DTN networks in VANET

Routing protocols in VANET are considered as one of the critical dilemmas that need to be tackled, especially in sparse environment. Thus designing an efficient routing mechanism has an impact on enhancing the network performance in terms of disseminating messages to their desired destinations. This paper proposes a novel routing protocol in VANET for sparse environment called Vehicle Second Heading Direction Routing Protocol (VSHDRP), which is designed to leverage the probability of delivering a data packet to its destination and to increase connectivity and route stability by utilizing the knowledge of the Second Heading Direction (SHD) in the process of selecting the next-hop node. This new routing protocol contains two modes; the highway straight mode and the roundabout\intersection mode. Moreover, the two modes of VSHDRP protocol are formalized in the Calculus of Context-aware Ambients (CCA) and simulated using the CCA interpreter ccaPL in order to analyse and validate the behaviour of the protocol

VANET Coverage Analysis for GPS Augmentation Data in Rural Area

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Enhanced position accuracy is key for modern navigation systems, location based services and applications based on Inter-Vehicle Communication (IVC). Position data are the foundation for deriving vehicle trajectories used for assessing a situation's criticality in vehicle safety. Thus, especially Advanced Driver Assistance Systems (ADASs) and integral safety applications bene t from nearby vehicles spreading their positions periodically with high accuracy. Positioning based on Global Navigation Satellite System (GNSS) measurements can be enhanced by established Cooperative Positioning (CP) methods like Real-Time Kinematic (RTK) and Di fferential GNSS (DGNSS). Conventional CP relies on positioning correction data from a third party, whereas this paper introduces a self-su fficient CP system based on Precise Point Positioning (PPP) and Vehicular Ad-Hoc Network (VANET) technology requiring no infrastructure. Furthermore, the data dissemination process and achievable coverage are analysed by a simulation study for a rural area in Bavaria, Germany. For this purpose, the simulation employs the European IVC protocol stack ITS-G5. While the general feasibility of this CP approach could be assured, some remaining issues regarding employed network protocols were discovered as well