Intrusion Detection in SCADA Systems

The protection of the national infrastructures from cyberattacks is one of the main issues for national and international security. The funded European Framework-7 (FP7) research project CockpitCI introduces intelligent intrusion detection, analysis and protection techniques for Critical Infrastructures (CI). The paradox is that CIs massively rely on the newest interconnected and vulnerable Information and Communication Technology (ICT), whilst the control equipment, legacy software/hardware, is typically old. Such a combination of factors may lead to very dangerous situations, exposing systems to a wide variety of attacks. To overcome such threats, the CockpitCI project combines machine learning techniques with ICT technologies to produce advanced intrusion detection, analysis and reaction tools to provide intelligence to field equipment. This will allow the field equipment to perform local decisions in order to self-identify and self-react to abnormal situations introduced by cyberattacks. In this paper, an intrusion detection module capable of detecting malicious network traffic in a Supervisory Control and Data Acquisition (SCADA) system is presented. Malicious data in a SCADA system disrupt its correct functioning and tamper with its normal operation. OCSVM is an intrusion detection mechanism that does not need any labeled data for training or any information about the kind of anomaly is expecting for the detection process. This feature makes it ideal for processing SCADA environment data and automates SCADA performance monitoring. The OCSVM module developed is trained by network traces off line and detects anomalies in the system real time. The module is part of an IDS (intrusion detection system) developed under CockpitCI project and communicates with the other parts of the system by the exchange of IDMEF messages that carry information about the source of the incident, the time and a classification of the alarm

Method of Controlling Corona Effects and Breakdown Voltage of Small Air Gaps Stressed by Impulse Voltages

This paper investigates the influence of a resistor on the dielectric behavior of an air gap. The resistor is connected in series with the air gap and the latter is stressed by impulse voltage. Air gap arrangements of different geometry with either the rod or the plate grounded are stressed with impulse voltages of both positive and negative polarity. The resistor is connected in series with the air gap in the return circuit connecting the gap with the impulse generator. The method followed involves the investigation of the graphs of the charging time concerning the air gaps capacitances, in connection to the value of the resistor, the geometry of the gap, the effect of grounding and the polarity effect. It is determined that the charging time of the air gap increases, as the value of the resistor increases. It is also determined that the peak voltage value of the fully charged air gap decreases as the value of the resistor increases. The results of the mathematical and simulation analysis are compared with the results of the oscillograms taken from experimental work. In addition and consequently to the above results it is concluded from the experimental work that the in series connection of the resistor in the circuit has significant influence on corona pulses (partial discharges) occurring in the gap and on the breakdown voltage of the gap. A new method of controlling the corona effects and consequently the breakdown voltage of small air gaps stressed by impulse voltage of short duration in connection to the ground effect and the polarity effect has arisen. Furthermore through mathematical analysis of the charging graphs obtained from simulation and experimental oscillograms there was a calculation of the values of the capacitance of the air gaps in relation to their geometry and the results were compared to the values calculated with mathematical analysis.Comment: 8 pages, 14 figure

Route Optimization of Electric Vehicles based on Dynamic Wireless Charging

open access articleOneofthebarriersfortheadoptionofelectricvehicles(EVs)istheanxietyaroundthelimited driving range. Recent proposals have explored charging EVs on the move, using dynamic wireless charging which enables power exchange between the vehicle and the grid while the vehicle is moving. In this paper, we focus on the intelligent routing of EVs in need of charging so that they can make most efficient use of the so-called mobile energy disseminators (MEDs) which operate as mobile charging stations. We present a methodforroutingEVsaroundMEDsontheroadnetwork,whichisbasedonconstraintlogicprogramming and optimization using a graph-based shortest path algorithm. The proposed method exploits inter-vehicle communications in order to eco-route electric vehicles. We argue that combining modern communications betweenvehiclesandstateofthearttechnologiesonenergytransfer,thedrivingrangeofEVscanbeextended without the need for larger batteries or overtly costly infrastructure. We present extensive simulations in city conditions that show the driving range and consequently the overall travel time of electric vehicles is improved with intelligent routing in the presence of MEDs

MIMO Techniques for Jamming Threat Suppression in Vehicular Networks

Vehicular ad hoc networks have emerged as a promising field of research and development, since they will be able to accommodate a variety of applications, ranging from infotainment to traffic management and road safety. A specific security-related concern that vehicular ad hoc networks face is how to keep communication alive in the presence of radio frequency jamming, especially during emergency situations. Multiple Input Multiple Output techniques are proven to be able to improve some crucial parameters of vehicular communications such as communication range and throughput. In this article, we investigate how Multiple Input Multiple Output techniques can be used in vehicular ad hoc networks as active defense mechanisms in order to avoid jamming threats. For this reason, a variation of spatial multiplexing is proposed, namely, vSP4, which achieves not only high throughput but also a stable diversity gain upon the interference of a malicious jammer

Authentication Protocols for Internet of Things: A Comprehensive Survey

In this paper, a comprehensive survey of authentication protocols for Internet of Things (IoT) is presented. Specifically more than forty authentication protocols developed for or applied in the context of the IoT are selected and examined in detail. These protocols are categorized based on the target environment: (1) Machine to Machine Communications (M2M), (2) Internet of Vehicles (IoV), (3) Internet of Energy (IoE), and (4) Internet of Sensors (IoS). Threat models, countermeasures, and formal security verification techniques used in authentication protocols for the IoT are presented. In addition a taxonomy and comparison of authentication protocols that are developed for the IoT in terms of network model, specific security goals, main processes, computation complexity, and communication overhead are provided. Based on the current survey, open issues are identified and future research directions are proposed

Employee Perspective on Information Security Related Human Error in Healthcare: Proactive Use of IS-CHEC in Questionnaire Form

The objective of the research was to establish data relating to underlying causes of human error which are the most common cause of information security incidents within a private sector healthcare organization. A survey questionnaire was designed to proactively apply the IS-CHEC information security human reliability analysis (HRA) technique. The IS-CHEC technique questionnaire identified the most likely core human error causes that could result in incidents, their likelihood, the most likely tasks that could be affected, suggested remedial and preventative measures, systems or processes that would be likely to be affected by human error and established the levels of risk exposure. The survey was operational from 15th November 2018 to 15th December 2018. It achieved a response rate of 65% which equated to 485 of 749 people targeted by the research. The research found that, in the case of this particular participating organization, the application of the IS-CHEC technique through a questionnaire added beneficial value as an enhancement to a standard approach of holistic risk assessment. The research confirmed that the IS-CHEC in questionnaire form can be successfully applied within a private sector healthcare organization and also that a distributed approach for information security human error assessment can be successfully undertaken in order to add beneficial value. The results of this paper indicate, from the questionnaire responses supplied by employees, that organizational focus on its people and their working environment can improve information security posture and reduce the likelihood of associated information security incidents through a reduction in human error

DSMAC: Privacy-Aware Decentralized Self-Management of Data Access Control Based on Blockchain for Health Data

In recent years, the interest in using wireless communication technologies and mobile devices in the healthcare environment has increased. However, despite increased attention to the security of electronic health records, patient privacy is still at risk for data breaches. Thus, it is quite a challenge to involve an access control system especially if the patient’s medical data are accessible by users who have diverse privileges in different situations. Blockchain is a new technology that can be adopted for decentralized access control management issues. Nevertheless, different scalability, security, and privacy challenges affect this technology. To address these issues, we suggest a novel Decentralized Self-Management of data Access Control (DSMAC) system using a blockchain-based Self-Sovereign Identity (SSI) model for privacy-preserving medical data, empowering patients with mechanisms to preserve control over their personal information and allowing them to self-grant access rights to their medical data. DSMAC leverages smart contracts to conduct Role-based Access Control policies and adopts the implementation of decentralized identifiers and verifiable credentials to describe advanced access control techniques for emergency cases. Finally, by evaluating performance and comparing analyses with other schemes, DSMAC can satisfy the privacy requirements of medical systems in terms of privacy, scalability, and sustainability, and offers a new approach for emergency cases

Using A One-Class Compound Classifier To Detect In-Vehicle Network Attacks

The Controller Area Network (CAN) in vehicles provides serial communication between electronic control units that manage en- gine, transmission, steering and braking. Researchers have recently demonstrated the vulnerability of the network to cyber-attacks which can manipulate the operation of the vehicle and compromise its safety. Some proposals for CAN intrusion detection systems, that identify attacks by detecting packet anomalies, have drawn on one-class classi cation, whereby the system builds a decision surface based on a large number of normal instances. The one-class approach is discussed in this paper, together with initial results and observations from implementing a classi er new to this eld. The Compound Classier has been used in image processing and medical analysis, and holds advantages that could be relevant to CAN intrusion detection.<br/

Security in Process: Detecting Attacks in Industrial Process Data

Due to the fourth industrial revolution, industrial applications make use of the progress in communication and embedded devices. This allows industrial users to increase efficiency and manageability while reducing cost and effort. Furthermore, the fourth industrial revolution, creating the so-called Industry 4.0, opens a variety of novel use and business cases in the industrial environment. However, this progress comes at the cost of an enlarged attack surface of industrial companies. Operational networks that have previously been phyiscally separated from public networks are now connected in order to make use of new communication capabilites. This motivates the need for industrial intrusion detection solutions that are compatible to the long-term operation machines in industry as well as the heterogeneous and fast-changing networks. In this work, process data is analysed. The data is created and monitored on real-world hardware. After a set up phase, attacks are introduced into the systems that influence the process behaviour. A time series-based anomaly detection approach, the Matrix Profiles, are adapted to the specific needs and applied to the intrusion detection. The results indicate an applicability of these methods to detect attacks in the process behaviour. Furthermore, they are easily integrated into existing process environments. Additionally, one-class classifiers One-Class Support Vector Machines and Isolation Forest are applied to the data without a notion of timing. While Matrix Profiles perform well in terms of creating and visualising results, the one-class classifiers perform poorly