Efficient Key Management Schemes for Smart Grid

With the increasing digitization of different components of Smart Grid by incorporating smart(er) devices, there is an ongoing effort to deploy them for various applications. However, if these devices are compromised, they can reveal sensitive information from such systems. Therefore, securing them against cyber-attacks may represent the first step towards the protection of the critical infrastructure. Nevertheless, realization of the desirable security features such as confidentiality, integrity and authentication relies entirely on cryptographic keys that can be either symmetric or asymmetric. A major need, along with this, is to deal with managing these keys for a large number of devices in Smart Grid. While such key management can be easily addressed by transferring the existing protocols to Smart Grid domain, this is not an easy task, as one needs to deal with the limitations of the current communication infrastructures and resource-constrained devices in Smart Grid. In general, effective mechanisms for Smart Grid security must guarantee the security of the applications by managing (1) key revocation; and (2) key exchange. Moreover, such management should be provided without compromising the general performance of the Smart Grid applications and thus needs to incur minimal overhead to Smart Grid systems. This dissertation aims to fill this gap by proposing specialized key management techniques for resource and communication constrained Smart Grid environments. Specifically, motivated by the need of reducing the revocation management overhead, we first present a distributed public key revocation management scheme for Advanced Metering Infrastructure (AMI) by utilizing distributed hash trees (DHTs). The basic idea is to enable sharing of the burden among smart meters to reduce the overall overhead. Second, we propose another revocation management scheme by utilizing cryptographic accumulators, which reduces the space requirements for revocation information significantly. Finally, we turn our attention to symmetric key exchange problem and propose a 0-Round Trip Time (RTT) message exchange scheme to minimize the message exchanges. This scheme enables a lightweight yet secure symmetric key-exchange between field devices and the control center in Smart Gird by utilizing a dynamic hash chain mechanism. The evaluation of the proposed approaches show that they significantly out-perform existing conventional approaches

A Cost-efficient IoT Forensics Framework with Blockchain

IoT devices have been adopted widely in the last decade which enabled collection of various data from different environments. The collected data is crucial in certain applications where IoT devices generate data for critical infrastructure or systems whose failure may result in catastrophic results. Specifically, for such critical applications, data storage poses challenges since the data may be compromised during the storage and the integrity might be violated without being noticed. In such cases, integrity and data provenance are required in order to be able to detect the source of any incident and prove it in legal cases if there is a dispute with the involved parties. To address these issues, blockchain provides excellent opportunities since it can protect the integrity of the data thanks to its distributed structure. However, it comes with certain costs as storing huge amount of data in a public blockchain will come with significant transaction fees. In this paper, we propose a highly cost effective and reliable digital forensics framework by exploiting multiple inexpensive blockchain networks as a temporary storage before the data is committed to Ethereum. To reduce Ethereum costs,we utilize Merkle trees which hierarchically stores hashes of the collected event data from IoT devices. We evaluated the approach on popular blockchains such as EOS, Stellar, and Ethereum by presenting a cost and security analysis. The results indicate that we can achieve significant cost savings without compromising the integrity of the data

Communication-efficient Certificate Revocation Management for Advanced Metering Infrastructure and IoT Integration

Advanced Metering Infrastructure forms a communication network for the collection of power data from smart meters in Smart Grid. As the communication between smart meters could be secured utilizing public-key cryptography, however, public-key cryptography still has certain challenges in terms of certificate revocation and management particularly related distribution and storage overhead of revoked certificates. To address this challenge, in this paper, we propose a novel revocation management approach by utilizing cryptographic accumulators which reduces the space requirements for revocation information significantly and thus enables efficient distribution of such information to all smart meters. We implemented the proposed approach on both ns-3 network simulator and a testbed. We demonstrated its superior performance with respect to traditional methods for revocation management

Exploring Post-Quantum Cryptographic Schemes for TLS in 5G Nb-IoT: Feasibility and Recommendations

Narrowband Internet of Things (NB-IoT) is a wireless communication technology that enables a wide range of applications, from smart cities to industrial automation. As a part of the 5G extension, NB-IoT promises to connect billions of devices with low-power and low-cost requirements. However, with the advent of quantum computers, the incoming NB-IoT era is already under threat by these devices, which might break the conventional cryptographic algorithms that can be adapted to secure NB-IoT devices on large scale. In this context, we investigate the feasibility of using post-quantum key exchange and signature algorithms for securing NB-IoT applications. We develop a realistic ns-3 environment to represent the characteristics of NB-IoT networks and analyze the usage of post-quantum algorithms to secure communication. Our findings suggest that using NIST-selected post-quantum key-exchange protocol Kyber does not introduce significant overhead, but post-quantum signature schemes can result in impractical latency times and lower throughput

A Scalable Private Bitcoin Payment Channel Network with Privacy Guarantees

While Bitcoin heavily dominates the cryptocurrency markets, its use in micropayments is still a challenge due to long transaction confirmation times and high fees. Recently, the concept of off-chain transactions is introduced that led to the idea of establishing a payment channel network called Lightning Network (LN), which utilizes multi-hop payments. Off-chain links provide the ability to make instant payments without a need to writing to Blockchain. However, LN\u27s design still favors fees, and it is creating hub nodes or relays that defeat the purpose of Blockchain. In addition, it is still not reliable, as not all transactions are guaranteed to be delivered to their destinations. These issues hinder its wide adoption by retailers. To address this issue, in this paper, we argue that the retailers could create a private payment channel network among them to serve their business needs, just like the concept of private Blockchains. The goal is to build a pure peer-to-peer topology that will prevent the formation of hub nodes while also eliminating the need for any relays to increase the robustness of the payments. Assuming off-chain links as edges and retailers as nodes, we formulate the problem as a multi-flow commodity problem where transactions represent the commodities from various sources to destinations. As the multi-flow commodity problem is NP-Complete, we propose a heuristic approach that utilizes Dijkstra\u27s shortest path algorithm for payments in a dynamic way by updating the edge weights when new paths need to be found. The order of transactions is randomized to provide fairness among the retailers. We further extend this approach to guarantee the privacy of payments by forcing all the payments to travel at least three hops. We utilized k-shortest path algorithm to choose from k options that will meet our criterion. The evaluations indicate that the proposed heuristic comes close to an optimal solution while providing scalability and guaranteeing user privacy