SMART grid is comprised of two main aspects - the
|
|
- Blanche Caldwell
- 5 years ago
- Views:
Transcription
1 EDIC RESEARCH PROPOSAL 1 Smart Grid Security: Challenges and Solutions Teklemariam Tsegay Tesfay I&C, EPFL Abstract State estimation is an important power system tool used to best estimate the system state through analysis of remotely collected sensor measurements and the power system topology. The reliability of the estimated output depends on the quality of the input measurements. Therefore, grid operators use Bad Data Detection (BDD) techniques to filter out grossly erroneous measurements from the state estimator s calculations. However, an attacker with knowledge of the power system model can corrupt a carefully selected set of measurements to introduce arbitrary errors into certain state variables while bypassing existing BDD techniques. A possible defense to such attacks is to ensure end-to-end secure delivery of the sensor measurements by enforcing message authentication and integrity check at the application layer. Implementing such defense mechanisms requires designing an efficient key management scheme that provides the foundation for the secure generation, storage, and distribution of cryptographic keys. The effectiveness of the defense mechanisms also depends on the level of protection afforded to the cryptographic keys. One solution to protect cryptographic keys is to adopt tamperproof hardware tokens such as the Trusted Platform Module (TPM). However, the security properties of a TPM can also be exploited by an attacker for malicious purposes unless the security credentials that are used to authorize TPM functionalities are safely handled. Index Terms Smart Grid, Substation Automation, Active Distribution Network, State Estimation, Bad Data Detection, Authentication, Integrity, Key Management, TPM Proposal submitted to committee: September 6 th, 2012; Candidacy exam date: September 13 th, 2012; Candidacy exam committee: Jean-Pierre Hubaux, Jean-Yves Le Boudec, Mario Paolone. This research plan has been approved: Date: Doctoral candidate: (name and signature) Thesis director: (name and signature) Thesis co-director: (if applicable) (name and signature) Doct. prog. director: (R. Urbanke) (signature) I. INTRODUCTION SMART grid is comprised of two main aspects - the power and the communication infrastructures. The latter plays a key role for a utility s Supervisory Control and Data Acquisition (SCADA) system to remotely collect vast amounts of real-time process measurements gathered at important grid locations such as substations. One of the main functions of a SCADA system is to remotely monitor the physical process of the grid using power system state estimation [3]. State estimation techniques provide a best estimate of the system state through analysis of the telemetered data and the power system model. A reliable and timely estimate of the power system state is used by many energy management applications to ensure proper system operation. Given an accurate system model (a system of equations relating the expected measurements to the power systems physical state), a system estimator is expected to give a good estimate of the actual system state. Unfortunately, if some of the measurements are corrupted with abnormally gross errors, the estimated system state is expected to deviate from the true state significantly. Therefore, grid operators use statistical tests, called Bad Data Detectors (BDD), to detect, identify and remove such erroneous measurements from the state estimator s calculations to provide the control center operator with the best possible state estimate. In order to ensure high system availability, a redundant set of measurement data is collected by the SCADA systems. Hence state estimation is usually possible even if a fraction of the measurements are found to be erroneous and are removed by the BDD. In spite of the presence of various bad data detection techniques, Liu et al. [9] have shown that an intelligent adversary with knowledge of the power system model can corrupt a carefully selected set of measurements to introduce arbitrary errors in the estimates of certain state variables without triggering an alarm from the BDD. Such an attack involves an adversary tampering with the measurements by compromising either the meters or the communication between the meters and the control center. The aforementioned attack scenario highlights the importance of deploying security mechanisms to ensure end-toend secure delivery of measurement data. A power system operator can prevent an attacker from compromising a meter by implementing security measures such as user access control, security logging and hardware hardening. Moreover, the operator can enforce message authentication and integrity check at the application layer to protect or identify any kind of modification on the measurement data while on transit. Although security solutions for message authentication and integrity check are available for most communication proto-
2 EDIC RESEARCH PROPOSAL 2 cols, implementing such solutions in smart grid is not straightforward because of the overhead of managing cryptographic keys [3]. Designing a secure and scalable key management solution for a smart grid network characterized by a large number of communicating devices is regarded as a challenging problem. NISTIR 7628, the foundation document for the architecture of the US Smart Grid, mentions key management as one of the most important research areas in smart grid security. Fuloria et al. [5] proposed symmetric-key and publickey protocols for key management to secure communications within a substation, and between substations and the network control center (master station). An important requirement for any efficient key management scheme is providing protection for keying materials. All cryptographic keys need to be protected against any modification by an adversary, and secret and private keys need to be protected against unauthorized disclosure. Within the context of the smart grid, this requirement becomes of great importance since a large number of field devices are physically exposed (e.g. IEDs deployed next to pole-mounted transformers). An efficient solution to provide the required level of protection for keying material within such devices is to use a FIPS140-validated tamper-resistant, special-purpose cryptographic module such as Trusted Platform Module (TPM). A Trusted Platform Module (TPM) is a secure crypto-processor that offers functionalities for secure generation and storage of cryptographic keys. TPM functionalities like the ability to load and use cryptographic keys stored in the TPM are authorized by entering secret credentials called AuthData. Dunn et al. [4] have shown that an attacker who has access to the AuthData can use a TPM, along with late launch processor mechanisms, to conceal sensitive sub-computations of a malware from an analyst. Therefore, AuthData for a TPM need to be protected from getting snooped in order for the TPM to server its intended purpose. The rest of this report is organized as follows. Section II, provides an overview of power system state estimation. It also demonstrates a vulnerability in current BDD techniques that can be exploited by an attacker who wishes to modify measurement data and introduce arbitrary errors in a state estimator s output without causing any bad data detection alarm. Section III discusses the communication architecture for substation automation systems. Different key management schemes for communications within a substation, and between a substation and a master station are also discussed here. In Section IV-A, we demonstrate how a malware developer can exploit TPM security functionalities for malicious purposes. Future research plans are discussed in Section V. Finally, Section VI concludes the paper. II. OVERVIEW OF STATE ESTIMATION The static state of a power system is defined as the voltage magnitudes and phases at all the system busses. Power system operators use state estimation to determine the most likely state of a power system through analysis of redundant remotely collected measurements and the power system model. A reliable estimate of the current state of a power system is used by utilities to plan for any contingencies and to take corrective control actions if necessary. The measurement model for system estimators is defined as [11]: z = h(x) + e (1) where z = (z 1, z 2,..., z m ) T is an m-dimensional measurement vector; x = (x 1, x 2,..., x n ) T is an n-dimensional (n < m) state vector; e = (e 1, e 1,..., e m ) T is an m-dimensional random measurement error vector. The measurement errors are assumed to be independent, zero-mean Gaussian variables with a known covariance matrix W. W is a diagonal matrix with values σi 2, where σ i is the standard deviation of the error associated with measurement i. h(x) = (h 1 (x), h 2 (x),..., h m (x)) T is a vector of functions relating error free measurements to the state variables. Given the imperfect set of measurements z, the purpose of a state estimator is to determine an optimal estimate ˆx of the system state that best fits the measurement model. A state estimator can be formulated as a weighted least squares (WLS) problem [11]. min J(x) = 1 x R n 2 (z h(x))t W(z h(x)) (2) An optimal estimate of the system state is a vector ˆx that minimizes the above objective function. Although state estimation using AC power flow model is more accurate, it can be computationally expensive and may not always converge to a solution. Therefore, power system engineers use DC power flow model which is a simplification and linearization of an AC power flow model. In the DC power flow model, the measurement model is represented by the following linear regression model [9]: z = Hx + e (3) where H is an mxn full rank matrix that reflects the configuration of the system. For the DC power flow model, the optimization problem in (2) admits the following solution for the estimates of the state variables ˆx = (H T WH) 1 H T Wz (4) given that G = H T WH is invertible, i.e., full rank. A. Bad data detection In addition to the small random errors in the measurement model, some meter measurements can be corrupted by gross errors due to reasons such as incorrect configuration or failure of meters, malfunction in the communication system or deliberate attacks. Given an accurate system model, measurements with only additive errors usually give a good estimate of the actual system state while measurements with abnormally gross errors are expected to force the estimated state away from the true system state. Therefore, grid operators use statistical tests, called bad data detectors (BDD), to detect, identify and remove measurements with gross errors from the estimator s calculations. The most commonly used approach to detect the presence of bad measurements in power systems is based on the L 2 -Norm
3 EDIC RESEARCH PROPOSAL 3 of measurement residuals [11], [2]. A measurement residual is defined as the difference between the vector of observed measurements and the vector of estimated measurements, i.e, z Hˆx. In this approach, presence of bad measurements is detected if the following condition is violated z Hˆx τ (5) where ˆx is the estimate of x, and τ is the detection threshold. B. False data injection attacks on state estimation [9] False data injection attacks on state estimation are those in which an attacker manipulates the meter measurements to induce an arbitrary change in the estimated value of state variables without being detected by the bad data detection algorithm [2]. Liu et al. [9] present this kind of attacks on state estimators that use DC power flow models. In what follows, we summarize the basic attack principle, attack scenarios and goals from an attackers perspective. 1) Basic attack principle: If we denote by a = (a 1, a 2,..., a m ) T a nonzero attack vector representing the malicious data added to the original measurement vector z = (z 1, z 2,..., z m ) T, then the resulting modified measurement vector can be represented as za = z + a. Let ˆx bad and ˆx represent the estimates of x when using the manipulated measurements za and the original measurements z, respectively. Then ˆx bad can be represented as ˆx + c, where c is the estimation error introduced by the attacker. If the original measurement z can pass the bad data detection condition described in (5), a manipulated measurement za = z + a can also pass it if an attacker systematically chooses an attack vector a which is a linear combination of the column vectors of H (i.e. a = Hc). This can be proven as follows: If a = Hc and z Hˆx τ, the L 2 -Norm of the measurement residual with the manipulated data is za Hˆx bad = z + a H(ˆx + c) = z Hˆx + (a Hc = z Hˆx τ 2) Attack scenarios and goals: The following assumptions are made while demonstrating the false data injection attacks: The attacker has access to the matrix H of the target system which is determined by the power network topology and line impedances. The attacker is able to manipulate the measurements by compromising either the meters or the communication between the meters and the control center. The capability of an attacker to manipulate a set of meter measurements is constrained by the following two realistic scenarios: Scenario I: An attacker is constrained to accessing only specific meters, i.e., some meters are beyond the reach of an attacker either due to physical protection or other reasons. Scenario II: An attacker can compromise any meters but has only limited resources to compromise only a limited number, say k, out of all meters. For both scenarios, an attacker can have the following two possible attack goals: i. Random attack: the attacker aims to find any attack vector as long as it can result in a wrong estimation of state variables. ii. Targeted Attack: the attacker aims to find an attack vector that can inject specific errors into certain state variables. Two cases are considered for the targeted attack case: constrained and unconstrained. In the constrained case, the attacker aims to find an attack vector that injects specific errors into the estimates of specific state variables but does not pollute the estimates of other state variables. In the unconstrained case, the adversary has no such concerns regarding polluting other state variables. In the following, we will discuss how an attacker can systematically and efficiently construct attack vectors in both scenarios with both attack goals. a. Scenario I - Random false data injection attack The conditions for this attack are to find an attack vector a = (a 1, a 2,..., a m ) T = Hc with a i = 0 for i / I m, where I m is the set of indices of the compromised meters and vector a 0. To build the attack vector a, the first step is to transform a = Hc to an equivalent form Ba = 0 such that B = H(H T H) 1 H T I) where I is the identity matrix. The next step is for the attacker to find a nonzero attack vector a such that Ba = 0 and a i = 0 for i / I m. It is possible that an attack vector may not exist if the number of meters to be compromised (k) is too small. However, if an attacker can compromise k specific meters, for k m n + 1, it can be shown that there always exist attack vectors a = Hc such that a 0 and a i = 0 for i / I m. b. Scenario I - Taregeted false data injection attack The conditions for this attack are to find a nonzero attack vector a = Hc with a i = 0 for i / I m, such that the resulting estimate ˆx bad = ˆx + c where c i for i I v is the specific error the attacker has chosen to inject to ˆx i and I v is the set of indices of the target state variables. In the constrained case, c i = 0 for i / I v. Hence the value for every element of the vector c is known. Therefore, an attacker can substitute c back to a = Hc, and check if a i = 0 for i / I m. If yes, the attacker succeeds in constructing the only attack vector a. Otherwise, the attack is impossible. For the unconstrained case, there is no restriction on the value of c i for i / I v. To generate an attack vector a, the attacker can first transform a = Hc into an equivalent form that does not contain c, and then solve a from the equivalent form. It can be shown that a = Hc B s a = y, where B s = H s (H T s H s ) 1 H T s I, H s is the submatrix of H containing columns whose indices are not in I v, b = j I v h j c j, and y = B s b. Once the transformation from a = Hc to B s a = y is made, an attacker can determine a nonzero attack vector a that satisfies the relation B s a = y. The existence of such a vector depends on how the attacker chooses the specific errors for c j for j I v. Details of how the specific values for c j should be selected so that an attack vector can be successfully constructed are discussed in [9]. c. Scenario II - Random false data injection attack There is no restriction on which meters to compromise in
4 EDIC RESEARCH PROPOSAL 4 this attack. The condition is to find any nonzero k-sparse attack vector a (i.e. a has at most k non-zero elements) which satisfies the relation a = Hc. An attacker can find an attack vector a using a brute force approach by trying all possible a s consisting of k unknown elements and m k zero elements. For each such candidate a, the attacker checks if there exists a nonzero solution of a such that Ba = 0. Since the brute force approach of finding an attack vector can be time consuming, a more efficient heuristic method based on column transformation on H is also proposed in [9]. d. Scenario II - Targeted false data injection attack In this attack the aim is to find a k-sparse, nonzero attack vector a = (a 1,..., a m ) T which satisfies the relation a = Hc, where c i for i I v is the specific error chosen by the attacker. In the constrained case, all elements of c are fixed. So the attacker can substitute c into the relation a = Hc. If the resulting a is a k-sparse vector, the attacker succeeds in constructing the only attack vector. Otherwise, the attacker fails. For the unconstrained case, in order to construct a k-spare attack vector, the first step is to transform the relation a = Hc to B s a = y (similar to the one discussed in Scenario I). After this transformation, the attacker has to find a k-sparse attack vector a that satisfies the relation B s a = y. This problem is the same as the Minimum Weight Solution for Linear Equations problem, which is NP-hard. Therefore, an attacker can use one of the many heuristic algorithms proposed for such problems to generate the attack vector. C. Protection against false data injection attacks Bobba et al. [2] have pointed out that protecting a carefully chosen subset of meter measurements (a minimum set of measurements which is sufficient to ensure full observability of the power system network) is a necessary and sufficient condition to thwart undetectable false data injection attacks. Protecting the measurements entails protecting meters from any unauthorized access and ensuring the authenticity and integrity of the received measurements at the control center. Although a utility can enforce message authentication and integrity check at the application layer to protect or identify any kind of modification on the measurement data while on transit, implementing such solutions is not straightforward because of the overhead of managing the cryptographic keys. Therefore, designing an efficient key management scheme that provides the foundation for the secure generation, storage, distribution, and destruction of cryptographic keys is important. There is a general consensus that Public Key Infrastructure (PKI) is a viable solution as a key management scheme for smart grid networks characterized by a large number of communicating devices [10], [1]. In what follows, we discuss symmetric and asymmetric cryptographic protocols for key management in substations, both for the communication within substations, and between substations and the network control center. III. KEY MANAGEMENT FOR SUBSTATION NETWORKS [5] Although the layout of substations can vary greatly depending on the functions they perform, most of them generally have equipment for switching, protection, control operations and voltage regulation [6]. A typical substation has two main levels - the station level (station room) as well as the bay-level. The station room consists of a substation controller, a workstation through which engineers access the controller and a Human- Machine Interface (HMI) comprised of displays. The baylevel contains several Intelligent Electronic Devices (IEDs) - microprocessor based power system equipment with the capability to receive data from sensors and to issue commands to actuators. The substation controller in the station room communicates with the Intelligent Electronic Devices (IEDs) at the bay level and uses the information it receives to monitor the processes and health of the substation. The substation controller also communicates with a higher level network control center (master station) and possibly with other substation controllers. In addition to communicating sensor data and status information with the substation controller, IEDs can issue control commands, such as tripping circuit breakers if they sense voltage, current, or frequency anomalies, or raise/lower voltage levels in order to maintain the desired voltage profile. Moreover, an IED can also multicast messages to other IEDs in the same VLAN to inform them about an important event, for example, a trip [6]. Fig. 1. Substation communication architecture Communication between the different devices in a substation in governed by a communication protocol. IEC is a new communication protocol which provides flexible and interpretable communication for substation automation systems. The IEC standard defines several kinds of messages for data exchange between nodes in the substation area. Sample Measured Value (SMV) and General Object Oriented Substation Event (GOOSE) are two types of messages defined in the IEC standard which have very stringent performance requirements. GOOSE and SMV are multicast messaging protocols designed to meet the ultra low latency requirements of 4ms peer-to-peer communication between intelligent controllers (IEDs) in a VLAN. A Sample Measured Value (SMV) message delivers sampled signals from transducers such as current transformers (CTs) and voltage transformers (VTs) to IEDs. GOOSE messages are used for fast transmission of substation events such as commands, alarms and indications. Upon detecting an event, an IED multicasts GOOSE messages to notify other IEDs of the event and causes an actuator to do protection action [8].
5 EDIC RESEARCH PROPOSAL 5 IEC does not come with security features of its own. The IEC series of technical specifications was the first step to design security mechanisms for IEC based substation communication. The IEC standard suggests that the wide area communication between the substation controller and the network control center (master station) should be secured by a public-key based standard protocol like TLS. IEC aims to build security into communications within the substation network, mandating that a digitally signed message authentication code (MAC) for GOOSE and SMV messages would be used for ensuring message integrity and authenticity. However, given the stringent time requirement of these messages, digitally signing the MAC is infeasible. Therefore, Fuloria et al. [5] suggested a message authentication code with a shared secret key as a solution for ensuring message integrity and authenticity within a substation. Designing authentication into the GOOSE and SMV messages is just one part of communication security. Much of the hard work lies in the key management. This can be achieved using either symmetric or asymmetric cryptography mechanisms. A. Using symmetric keys In this scheme, each IED to be installed to a substation network is assumed to be loaded with a symmetric key (ignition key) m at time of manufacture. The ignition key is also printed on the device s packaging. This key is then manually written to the substation controller s key database during installation of the IED so that it will serve as a shared secret between the IED and the substation controller. This shared secret serves to setup other secret keys as follows: Y C : E m (Y, N) C Y : Y C : E m (N, Y, KY, KN) E KN (N) where E k (msg) indicates a message msg encrypted using symmetric key k. Y and C represent the IED s and the controller s ID, respectively. N is a random challenge that lets the IED to verify that the controller s response is not a replay message. KY is a device specific secret key used to secure communication between the IED and the controller whereas KN is a network secret key shared by all IEDs in the same VLAN and the controller and is used to secure multicast messages (GOOSE and SMV) in the VLAN. Notice that security of this scheme depends on the unrealistic assumption that all installation engineers are trustworthy. Moreover, this scheme ignores the possibility of a rogue device getting installed in a substation network. The asymmetric key based scheme undermentioned is an alternative solution that can address these issues. B. Using asymmetric key mechanisms This scheme requires an IED and the substation controller to be provided with public-private key pairs and associated digital certificates signed by either the vendor or the utility. As stated above, digital signatures cannot be used for ensuring message authentication and integrity due to the stringent time requirements of substation multicast messages. Therefore, the IED and the controller use public-key based standard protocols such as TLS to transit from the public key domain to a symmetric key domain. During the handshake stage of the TLS protocol, the controller and the IED authenticate each other by verifying their certificates and establish a device specific shared session key KY. The network key KN is then sent to the IED as a data encrypted using the session key KY during the record stage of the TLS protocol. In this scheme, the installation engineer does not need to have any direct access to sensitive information such as the private key of the certified key pairs. Besides, the IED and the controller verify the authenticity of each other s certificates before any communication starts. Hence, a rogue device cannot be installed to the network since the certificate verification process will fail. C. Secure credential storage A major assumption in any key management scheme is that the cryptographic keys are stored in a secure location where an adversary cannot delete or modify them. However, the physical protection of IEDs at the bay-level or those deployed next to pole-mounted transformers in some remote location may not be secure enough. Unless there are very strong measures to protect sensitive data within these IED s from probing, one can assume that any cryptographic secret, that the devices contain, has been or could easily be compromised. Softwarebased protection mechanisms, such as file system permissions, can be bypassed, especially if an attacker has physical access to the device. An alternative and more efficient solution to protect sensitive information, like cryptographic keys, within such devices is to use tamper-proof, special-purpose hardware tokens such as the Trusted Platform Module (TPM). In the following section, we describe what functionalities a TPM consists of and how an attacker can utilize them for malicious purposes. IV. TRUSTED PLATFORUM MODULE (TPM) A Trusted Platform Module (TPM) is a secure hardware chip that stores cryptographic keys and other sensitive information in shielded location. Furthermore, a TPM also has a built-in cryptographic co-processor that performs asymmetric encryption/decryption, hashing, key generation, and random number generation [7]. The asymmetric cryptographic function can be used for both signing and encrypting sensitive data stored outside of the TPMs non-volatile memory. In addition to serving as tamper-proof storage to sensitive data, like cryptographic keys and digital certificates, [10] discusses additional security benefits of using TPMs for smart grid devices. The benefits include secure software upgrade, high assurance booting, dynamic attestation of running software and device attestation.
6 EDIC RESEARCH PROPOSAL 6 the infected machine in encrypted form. The Infection Program in the infected machine is capable of kernel-level exploitation and is responsible for coordinating the attack. Fig. 2. Trusted Platform Module (TPM) architecture A. Exploiting TPM for malicious purposes [4] The set of functionalities provided by a TPM in order to increase platform security can also be exploited by an attacker for malicious purposes. An attacker who wants to infect a TPM-fitted machine with a malware can exploit the security properties of a TPM to conceal a sensitive portion of the malware so that it cannot be observed or modified by a security analyst. This is achieved by combining late launch processor mechanisms and TPM security functionalities. Late launch is a hardware-enforced secure environment where a program runs without any other concurrently executing software, including the operating system. Therefore, late launch is an ideal environment for an attacker to run any sensitive sub-computation of a malware that the attacker wants to be unobservable to a security analyst. Late launch computation is privileged and can only be started by a code that runs at the OS privilege level. Thus, we assume that the attacker has found a compromise in the operating system that results in kernel-level privileges. The attacker uses this compromise to force the infected platform to run in a late launch environment when it executes the sensitive sub-computation. Further, the attacker is also assumed to know the security credentials (AuthData) that are required to authorize TPM capabilities, like the ability to read, write, and use objects stored in the TPM and execute TPM commands. 1) Attack protocol: Here we discuss how an attacker (a malware developers) can use a TPM along with late launch processor capabilities to implement cloaked (hidden) subcomputation of a malware. To this end, the attacker must first design the malware such that its computations are split into sensitive (cloaked) and nonsensitive (observable) subcomputations. The sensitive sub-computation may contain valuable information that a security analyst can utilize to stop widespread effects of the malware. Therefore, an attacker does not want this portion of the malware to appear unencrypted in the infected machine. In order to prevent a security analyst from having access to the sensitive sub-computation, the attacker splits the malware into two pieces - the Infection Program which contains the nonsensitive sub-computation and the payload which implements the sensitive sub-computation that needs to be protected. After splitting the malware, the attacker infects the target machine with the Infection Program and stores the payload in a secure location called Malware Distribution Platform (MDP) that is remote to the infected machine. The purpose of the Malware Distribution Platform (MDP) is to get the payload to Fig. 3. Overall flow of an attack that exploits TPM functionalities for concealing sensitive portions of a malware [4] As shown in Figure 3, the attack protocol runs between the Infection Program which is on the infected machine and the Malware Distribution Platform (MDP) which contains the payload. When the attack is launched, the Infection Program requests the MDP for the payload. The MDP transfers the payload to the infected platform in an encrypted form. The Infection Program decrypts and executes the payload in an environment that is not observable to an analyst. There are two important issues that need to be addressed to accomplish the attack protocol described above. The Infection Program needs to put the infected platform in some known non-analyzable state. The Infection Program has to restrict the payload decryption only to the non-analyzable state. Putting a platform in a non-analyzable state is accomplished by a processor mechanism known as late launch. The Infection Program uses late launch to suspend all system software and other software currently running in the infected platform to allow decryption and execution of the malicious payload without observation by an analyst. After suspending all system operations, late launch transfers control to a separate module called Infection Payload Loader (IPL) and records a hash of the IPL in a particular TPM Platform Configuration Register (PCR), specifically P CR18. Infection Payload Loader (IPL) is responsible for decryption and execution of the payload in a late launch environment. Restricting payload decryption to a non-analyzable environment is achieved by use of TPM s capability to securely store private keys. A TPM controls the usage of private keys for the key pairs it generates, i.e., a TPM can deny usage of a private key unless certain conditions are satisfied. In this case, the TPM releases the private key needed to decrypt the payload only if the value stored in P CR18 is equal to the hash of the IPL code. The complete attack protocol flow is depicted briefly in Figure 4. The protocol is a two phase procedure by which the Infection Program proves to an MDP that the key pair used to encrypt and decrypt the payload (also called binding key (P K, SK) bind ) is generated by a legitimate TPM and that the key is only usable and the payload only decryptable in the
7 EDIC RESEARCH PROPOSAL 7 late launch environment. In Phase I, the Infection Program establishes a proof to the MDP that it is using a legitimate TPM. Each TPM is shipped with a uniquely identifying public/private key pair built into the hardware, called the Endorsement Key (EK). The public part of the EK (P K EK ) is certified by the manufacturer. The MDP proves the legitimacy of the TPM by verifying the Endorsement Key s certificate using the manufacturer s public key P K manuf. Once the MDP proves the legitimacy of the TPM, the Infection Program can use the TPM s EK to sign messages that are sent to the MDP. However, anonymity of the TPM (the platform) can be breached by correlating different transactions signed by the same EK because every TPM has a unique EK. Therefore, the Infection Program cannot directly use the TPM s EK but can generate an Attestation Identity Key (AIK) that serves as alias for EK to provide anonymity. After generating the AIK (inside the TPM), the Infection Program informs the MDP about this mapping between the EK and the AIK. Note that, knowledge of owner AuthData is required to generate AIK. After receiving the mapping between the EK and the AIK, the MDP replies to the Infection Program with a challenge cred encrypted using the EK. This challenge is posed by the MDP to prove that the AIK and the EK are indeed linked to the same TPM. At the end of the first phase, the Infection Program produces the cred from the encrypted message with the help of the TPM. The AIK is also activated to be used for signing messages to be sent to the MDP. The second phase is executed to prove that the binding key (P K, SK) bind that is used to encrypt the malicious subcomputation (payload) is actually from the TPM that has the endorsement key EK. This is accomplished as follows. First, the Infection Program uses the TPM to generate the binding key and the key use constraint that restricts the private part of the binding key to be used for decryption only in the late launch environment. More specifically, the key use constraint is satisfied if the value of P CR18 is equal to the hash of the Infection Payload Loader (IPL) code. The encryption key P K bind and the key use constraint signed using the AIK and cred are then sent to the MDP. After the MDP verifies the cred, the key use constraint and the signature, it encrypts the malicious payload using P K bind and sends it to the Infection Program. Once, the Infection Program receives the encrypted payload, it initiates late launch by exploiting the the kernel-level compromise. Late launch transfers control to Infection Payload Loader (IPL) and records a hash of the IPL in P CR18. Now that the key use constraint for the binding key is satisfied, the TPM allows the Infection Payload Loader (IPL) to use the private part of the binding key SK bind to decrypt the payload and execute it. Fig. 4. The cloaked malware protocol B. Defense mechanisms A possible defense mechanism against the treat of using TPM for concealing malicious sub-computation of a malware is one that requires a TPM manufacturer s intervention. A manufacturer can generate and certify an Endorsement Key (EK), that is not assigned to any TPM, and give it to an analyst. The analyst can then use the EK to break any legitimate TPM protocols that a malware developer uses to protect the malicious sub-computation. However, leakage of such EK can compromise TPM security properties. Therefore, an alternative solution is for a manufacturer not to reveal the EK to an analyst but generate a fake AIK whenever an analyst requests and use the EK key to activate the fake AIK s and to produce the challenge credential cred in step (5) of Figure 4. The constraint with this scheme is that the manufacturer needs to be online to respond to requests by an analyst to activate a fake AIK. The manufacturer will also have to do some background check to verify if the requesting analyst is a legitimate analyst. V. RESEARCH PROPOSAL Conventional distribution networks are passive and are considered to be stable with unidirectional power flows that require minimum level of system monitoring and control strategies. However, the large-scale integration of renewable and distributed energy resources and the introduction of distributed energy storage is paving a way for the emergence of Active Distribution Networks (ADNs). An ADN is a subset of a distribution network with distributed energy generation capability, together with local storage devices and is characterized by bidirectional powers flow depending on the amount of local generation and local energy demand. ADNs are expected to have autonomous local monitoring and control systems to perform power flow control and voltage and frequency regulation. Local monitoring and control capabilities enable an ADN to perform intentional islanding in the presence of faults in the upstream network, and back-synchronization once
8 EDIC RESEARCH PROPOSAL 8 the faults are resolved. These sophisticated monitoring and control operations are realized by deploying a large number of various electronic automation and communication devices, such as Phasor Measurement Units (PMUs) or Intelligent Electronic Devices (IEDs), and a reliable two-way communication infrastructure that facilitates transfer of sensor data and control signals. However, the increasing reliance on networking and electronic automation for system monitoring and control comes with the risk of potential cyber attacks through the communication network. Therefore, the implementation of a secure and reliable communication network that is resilient to insider and outsider malicious attacks, natural disasters, and other failures is crucial. A utility can strive to implement perfect security solutions to thwart all kinds of anticipated attacks. However, such security solutions usually come at the cost of usability. Therefore, any security solution for an ADN should strike a balance between security and usability. As a first step towards building a secure communication network for ADNs, we intend to implement state of the art security solutions in a real microgrid facility which will be available at EPFL. The security solutions will include enforcing a centralized access control strategy to all devices in the network, and implementing a secure event logging mechanism to maintain a record of system events and user activities for each device in the network. Event logs will be used to hold malicious insiders accountability for security violations, to detect intrusions by outsiders and identify problems. We will also implement a PKI based key management scheme that provides the foundation for secure generation, storage, distribution, and destruction of the cryptographic keys which will be used to create a secure communication channel for all message exchanges, including measurement data and control signals. Furthermore, we plan to verify the effectiveness of the deployed security mechanisms to thwart attacks from a malicious insider. We will consider cases where an ADN is operating in an islanded mode and an operator wants to replace some failed devices or wants to install a software update to some devices in the network. we will look for vulnerabilities in the deployed security solutions that a malicious field engineer, taking advantage of the crisis situation, may exploit either to introduce a rogue device to the network or to install malicious software to some devices. Finally, we expect that advanced measurement and control devices, such as PMUs and IEDs, will be fitted with a hardware cryptographic module, such as TPM, during manufacturing. Field engineers (some potentially malicious) who install these devices will be entrusted with the security credentials (AuthData) that are required to authorize TPM security functionalities. [4] demonstrated that a malware developer who has access to the AuthData can use a TPM to cloak sensitive sub-computations of a malware from an analyst. Given that a malicious field engineer will also have access to the AuthData of the TPMs in the power system devices, we plan to investigate potential security attacks similar to those proposed in [4], but in the context of smart grid networks. VI. CONCLUSION This work highlighted the importance of deploying advanced security mechanisms adjusted to the needs of the emerging smart grid. A vulnerability in current bad data detection techniques was presented as an example to demonstrate a possible attack on power system state estimation. The vulnerability allows an attacker to corrupt a carefully selected set of sensor measurements to introduce arbitrary errors into the estimator s output without triggering any alarm from the bad data detector. Possible defense strategies that implement message authentication and integrity checking mechanisms are proposed to counter such attacks. Such defense mechanisms require designing a secure and scalable key management solution, which is particularly difficult for smart grid networks due to the large number of communicating devices. Adopting a tamper-resistant cryptographic module, such as Trusted Platform Module (TPM), is proposed as a solution to enhance protection to sensitive data such cryptographic keys for smart grid field devices which are physically exposed. However, the need for safe handling of TPM s authorization credentials is also highlighted by demonstrating a scenario where an attacker with knowledge of the security credentials can use a TPM for cloaking malicious sub-computation of a malware. REFERENCES [1] T. Baumeister. Adapting PKI for the smart grid. In Smart Grid Communications (SmartGridComm), 2011 IEEE International Conference on, pages , Oct [2] Rakesh B. Bobba, Katherine M. Rogers, Qiyan Wang, Himanshu Khurana, Klara Nahrstedt, and Thomas J. Overbye. Detecting false data injection attacks on DC state estimation. Proceedings of the First Workshop on Secure Control Systems (SCS 10), [3] Gyö andrgy Dá andn, Henrik Sandberg, Mathias Ekstedt, and Gunnar Bjö andrkman. Challenges in power system information security. Security Privacy, IEEE, 10(4):62 70, July-Aug [4] Alan M. Dunn, Owen S. Hofmann, Brent Waters, and Emmett Witchel. Cloaking malware with the trusted platform module. In Proceedings of the 20th USENIX conference on Security, SEC 11, pages 26 26, Berkeley, CA, USA, USENIX Association. citation.cfm?id= [5] S. Fuloria, R. Anderson, F. Alvarez, and K. McGrath. Key management for substations: Symmetric keys, public keys or no keys? In Power Systems Conference and Exposition (PSCE), 2011 IEEE/PES, pages 1 6, March [6] Shailendra Fuloria. Robust security for the electricity network, PhD Thesis. [7] David Grawrock. Dynamics of a Trusted Platform: A Building Block Approach. Intel Press, [8] Sugwon Hong, Dae-Yong Shin, and Myongho Lee. Evaluating security algorithms in the substation communication architecture. In Scalable Computing and Communications; Eighth International Conference on Embedded Computing, SCALCOM-EMBEDDEDCOM 09. International Conference on, pages , Sept [9] Yao Liu, Peng Ning, and Michael K. Reiter. False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur., 14(1):13:1 13:33, June [10] A.R. Metke and R.L. Ekl. Security technology for smart grid networks. Smart Grid, IEEE Transactions on, 1(1):99 107, June [11] A. Monticelli and A. Garcia. Reliable bad data processing for real-time state estimation. Power Apparatus and Systems, IEEE Transactions on, PAS-102(5): , May 1983.
A Survey on False Data Injection Attack and Detection in Smart Grid
A Survey on False Data Injection Attack and Detection in Smart Grid Presenter: Yessica Saez Submitted in Partial Fulfillment of the Course Requirements for ECEN 689: Cyber Security of the Smart Grid Instructor:
More informationCyber Security Analysis of State Estimators in Electric Power Systems
Cyber Security Analysis of State Estimators in Electric Power Systems H. Sandberg, G. Dán, A. Teixeira, K. C. Sou, O. Vukovic, K. H. Johansson ACCESS Linnaeus Center KTH Royal Institute of Technology,
More informationLecture Embedded System Security Trusted Platform Module
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2015 Roadmap: TPM Introduction to TPM TPM architecture
More informationA Remote Biometric Authentication Protocol for Online Banking
International Journal of Electrical Energy, Vol. 1, No. 4, December 2013 A Remote Biometric Authentication Protocol for Online Banking Anongporn Salaiwarakul Department of Computer Science and Information
More informationAtmel Trusted Platform Module June, 2014
Atmel Trusted Platform Module June, 2014 1 2014 Atmel Corporation What is a TPM? The TPM is a hardware-based secret key generation and storage device providing a secure vault for any embedded system Four
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Roadmap: TPM
More informationDmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices
Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices Against Cyber Attacks (CODEF) Cyber Security of the
More informationEXTERNALLY VERIFIABLE CODE EXECUTION
By ARVIND SESHADRI, MARK LUK, ADRIAN PERRIG, LEENDERT VAN DOORN, and PRADEEP KHOSLA EXTERNALLY VERIFIABLE CODE EXECUTION Using hardware- and software-based techniques to realize a primitive Cfor externally
More informationWhy Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG
Why Should You Care About Control System Cybersecurity Tim Conway ICS.SANS.ORG Events Example #1 Dec 23, 2015 Cyber attacks impacting Ukrainian Power Grid Targeted, synchronized, & multi faceted Three
More informationFalse Analog Data Injection Attack Towards Topology Errors: Formulation and Feasibility Analysis
False Analog Data Injection Attack Towards Topology Errors: Formulation and Feasibility Analysis Yuqi Zhou, Jorge Cisneros-Saldana, Le Xie Department of Electrical and Computer Engineering Texas A&M University
More informationMalicious Data Attacks on Smart Grid State Estimation: Attack Strategies and Countermeasures
Malicious Data Attacks on Smart Grid State Estimation: Attack Strategies and Countermeasures Authors: O. Kosut, J. Liyan, R. J. Thomas and L. Tong Presenter: Daehyun. Choi Submitted in Partial Fulfillment
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2017/18 Roadmap: TPM
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationImproved Protection Scheme for Data Attack on Strategic Buses in the Smart Grid
Improved Protection Scheme for Data Attack on Strategic Buses in the Smart Grid Charith Wickramaarachchi, Sanmukh R. Kuppannagari, Rajgopal Kannan and Viktor K. Prasanna Department of Computer Science
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationAuthenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009
Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Hermann Härtig Technische Universität Dresden Summer Semester 2009 Goals Understand principles of: authenticated booting the
More informationDistributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing
Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing 30/05/11 Goals Understand principles of: Authenticated booting The difference to (closed) secure
More informationExperimenting Security Algorithms for the IEC based Substation Communication
Experimenting Security Algorithms for the IEC 61850-based Substation Communication Sugwon Hong 1, Dae-Yong Shin 1, and Seung-Jae Lee 2 1 Department of Computer Software, 2 Electrical Engineering Myongji
More informationSecurityFirst DataKeep
A Report on the Technical and Usability Advantages of SecurityFirst DataKeep 2017 September 23 Prepared by Avi Rubin, Ph.D. and Paul D. Martin, Ph.D. Page 2 Table of Contents I. Introduction... 3 II. Security
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationSecurity and Privacy Issues In Smart Grid
Security and Privacy Issues In Smart Grid J. Liu and Y. Xiao, S. Li, W. Liang, C. Chen IEEE COMMUNICATIONS SURVEYS & TUTORIALS, to appear Wednesday, September 26, 2012 Mohamed M. E. A. Mahmoud PhD, PDF,
More informationReliable Broadcast Message Authentication in Wireless Sensor Networks
Reliable Broadcast Message Authentication in Wireless Sensor Networks Taketsugu Yao, Shigeru Fukunaga, and Toshihisa Nakai Ubiquitous System Laboratories, Corporate Research & Development Center, Oki Electric
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationCyber Security and Privacy Issues in Smart Grids
Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from Univ. of Waterloo References Main Reference Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber
More informationSENETAS ENCRYPTION KEY MANAGEMENT STATE-OF-THE-ART KEY MANAGEMENT FOR ROBUST NETWORK SECURITY
SENETAS ENCRYPTION KEY MANAGEMENT STATE-OF-THE-ART KEY MANAGEMENT FOR ROBUST NETWORK SECURITY WHO SHOULD READ THIS DOCUMENT System Integrators, Cloud and Data Centre Service Providers, Layer 2 Data Networks
More informationAuthenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007
Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Hermann Härtig Technische Universität Dresden Summer Semester 2007 Goals Understand: authenticated booting the difference
More informationIMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP
IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP North America Latin America Europe 877.224.8077 info@coalfire.com coalfire.com Coalfire sm and CoalfireOne sm are registered service
More informationDistributed Agent-Based Intrusion Detection for the Smart Grid
Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen January 19, 2018 Introduction The smart-grid can be viewed as a Large-Scale Networked Control System (LSNCS).
More informationUnicorn: Two- Factor Attestation for Data Security
ACM CCS - Oct. 18, 2011 Unicorn: Two- Factor Attestation for Data Security M. Mannan Concordia University, Canada B. Kim, A. Ganjali & D. Lie University of Toronto, Canada 1 Unicorn target systems q High
More informationUNDERSTANDING SENETAS LAYER 2 ENCRYPTION TECHNICAL-PAPER
1 UNDERSTANDING SENETAS LAYER 2 ENCRYPTION TECHNICAL-PAPER CN encryption devices are purpose built hardware appliances that have been designed and developed in Australia by Senetas Corporation since 1997.
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationKey Protection for Endpoint, Cloud and Data Center
Key Protection for Endpoint, Cloud and Data Center ENCRYPTION IS ONLY AS SECURE AS ITS LEAST SECURE KEY Encryption is undoubtedly one of the pillars of information security. It is used everywhere today:
More informationIntelligent Terminal System Based on Trusted Platform Module
American Journal of Mobile Systems, Applications and Services Vol. 4, No. 3, 2018, pp. 13-18 http://www.aiscience.org/journal/ajmsas ISSN: 2471-7282 (Print); ISSN: 2471-7290 (Online) Intelligent Terminal
More informationDetecting Data Tampering Attacks in Synchrophasor Networks using Time Hopping
Detecting Data Tampering Attacks in Synchrophasor Networks using Time Hopping Muhammad Naveed Aman, Kashif Javed, Biplab Sikdar, and Kee Chaing Chua Department of Electrical & Computer Engineering National
More informationAn Introduction to Trusted Platform Technology
An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK Siani_Pearson@hp.com Content What is Trusted Platform technology and TCPA? Why is Trusted Platform technology
More informationDevelopment Of Water Meter For Secure Communication In The Advanced Metering Infrastructure
City University of New York (CUNY) CUNY Academic Works International Conference on Hydroinformatics 8-1-2014 Development Of Water Meter For Secure Communication In The Advanced Metering Infrastructure
More informationEasy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications
Infineon Network Use Case Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications Providing Infineon customers with an easy path to integrating TPM support into their products and systems
More informationCovert Identity Information in Direct Anonymous Attestation (DAA)
Covert Identity Information in Direct Anonymous Attestation (DAA) Carsten Rudolph Fraunhofer Institute for Secure Information Technology - SIT, Rheinstrasse 75, Darmstadt, Germany, Carsten.Rudolph@sit.fraunhofer.de
More informationFeatured Articles II Security Research and Development Research and Development of Advanced Security Technology
364 Hitachi Review Vol. 65 (2016), No. 8 Featured Articles II Security Research and Development Research and Development of Advanced Security Technology Tadashi Kaji, Ph.D. OVERVIEW: The damage done by
More informationDistributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing
Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing 02/06/14 Goals Understand principles of: Authenticated booting, diference to (closed) secure
More informationLessons Learned Implementing an IEC based Microgrid Power- Management System. K.A. GRAY, J.J. MRAZ* POWER Engineers, Inc.
21, rue d Artois, F-75008 PARIS CIGRE US National Committee http : //www.cigre.org 2015 Grid of the Future Symposium Lessons Learned Implementing an IEC 61850-based Microgrid Power- Management System K.A.
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationWHITEPAPER. Vulnerability Analysis of Certificate Validation Systems
WHITEPAPER Vulnerability Analysis of Certificate Validation Systems The US Department of Defense (DoD) has deployed one of the largest Public Key Infrastructure (PKI) in the world. It serves the Public
More informationWHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System
AirGap The Technology That Makes Isla a Powerful Web Malware Isolation System Introduction Web browsers have become a primary target for cyber attacks on the enterprise. If you think about it, it makes
More informationSmart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability
Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability Communications and Embedded Systems Department Southwest Research Institute Gary Ragsdale, Ph.D., P.E. August 24 25,
More informationTrusted Mobile Platform Technology for Secure Terminals
Trusted Mobile Platform Technology for Secure Terminals Yu Inamura, Takehiro Nakayama and Atsushi Takeshita Trusted Mobile Platform is a key technology for increasing the trust of mobile terminals such
More informationChapter 2 Communication for Control in Heterogeneous Power Supply
Chapter 2 Communication for Control in Heterogeneous Power Supply The need to modernize the power grid infrastructure, and governments commitment for a cleaner environment, is driving the move towards
More informationCreating Trust in a Highly Mobile World
Creating Trust in a Highly Mobile World Technical White Paper Oct, 2014 MobileCrypt with Hardware Strength Security MobileCrypt s solution leverages an Android based mobile application and a Hardware Security
More informationSEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9
SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9 Schweitzer Engineering Laboratories, Inc. May 21, 2007 Copyright 2005-2007 Schweitzer Engineering Laboratories, Inc. May be reproduced
More informationHow to Break and Repair Leighton and Micali s Key Agreement Protocol
How to Break and Repair Leighton and Micali s Key Agreement Protocol Yuliang Zheng Department of Computer Science, University of Wollongong Wollongong, NSW 2522, AUSTRALIA yuliang@cs.uow.edu.au Abstract.
More informationOpenWay by Itron Security Overview
Itron White Paper OpenWay by Itron OpenWay by Itron Security Overview Kip Gering / R. Eric Robinson Itron Marketing / Itron Engineering 2009, Itron Inc. All rights reserved. 1 Executive Summary 3 Intent
More informationM2MD Communications Gateway: fast, secure and efficient
Solution Brief M2MD Communications Gateway: fast, secure and efficient Key Benefits G+D Mobile Security and M2MD enable automakers to improve user experience through fast, secure and efficient cellular
More informationSoftware Vulnerability Assessment & Secure Storage
Software Vulnerability Assessment & Secure Storage 1 Software Vulnerability Assessment Vulnerability assessment is the process of identifying flaws that reside in an OS, application software or devices
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationUnderstanding Layer 2 Encryption
Understanding Layer 2 Encryption TECHNICAL WHITEPAPER Benefits of Layer 2 Encryption Lowest cost of ownership Better bandwith efficiency (up to 50%) Minimal ongoing maintenance routing updates transparent
More informationA Review on Security in Smart Grids
International Journal of Allied Practice, Research and Review Website: www.ijaprr.com (ISSN 2350-1294) A Review on Security in Smart Grids Jeetu Sharma, Partha Pratim Bhattacharya and V K Jain College
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationOVAL + The Trusted Platform Module
OVAL + The Trusted Platform Module Charles Schmidt June 14, 2010 Overview OVAL Can assess a vast diversity of system state Usually software based software attacks can compromise Trusted Platform Module
More informationDeploying Digital Substations: Experience with a Digital Substation Pilot in North America. Harsh Vardhan, R Ramlachan GE Grid Solutions, USA
Deploying Digital Substations: Experience with a Digital Substation Pilot in North America Harsh Vardhan, R Ramlachan GE Grid Solutions, USA Wojciech Szela, Edward Gdowik PECO, USA SUMMARY Though IEC 61850
More informationDetecting Insider Attacks on Databases using Blockchains
Detecting Insider Attacks on Databases using Blockchains Shubham Sharma, Rahul Gupta, Shubham Sahai Srivastava and Sandeep K. Shukla Department of Computer Science and Engineering Indian Institute of Technology,
More informationChapter X Security Performance Metrics
DRAFT February 19, 15 BES Security s Working Group Page 1 of 7 Chapter X Security Performance s 1 3 3 3 3 0 Background The State of Reliability 1 report noted that the NERC PAS was collaborating with the
More informationTRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE
SESSION ID: TECH-F03 TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE Tom Dodson Supply Chain Security Architect Intel Corporation/Business Client Products Monty Wiseman Security
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationSecuring IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
More informationA Security Infrastructure for Trusted Devices
Infrastructure () A Security Infrastructure for Trusted Devices Mahalingam Ramkumar Mississippi State University, MS Nasir Memon Polytechnic University, Brooklyn, NY January 31, 2005 Infrastructure ()
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationM2MD Communications Gateway: fast, secure, efficient
Solution Brief M2MD Communications Gateway: fast, secure, efficient G+D Mobile Security and M2MD enable automakers to improve user experience through fast, secure and efficient cellular automotive connectivity.
More informationXerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers
Xerox FreeFlow Print Server Security White Paper Secure solutions for you and your customers Executive Summary Why is security more important than ever? New government regulations have been implemented
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationDistributed ID-based Signature Using Tamper-Resistant Module
, pp.13-18 http://dx.doi.org/10.14257/astl.2013.29.03 Distributed ID-based Signature Using Tamper-Resistant Module Shinsaku Kiyomoto, Tsukasa Ishiguro, and Yutaka Miyake KDDI R & D Laboratories Inc., 2-1-15,
More informationTrusted Computing: Introduction & Applications
Trusted Computing: Introduction & Applications Lecture 5: Remote Attestation, Direct Anonymous Attestation Dr. Andreas U. Schmidt Fraunhofer Institute for Secure Information Technology SIT, Darmstadt,
More informationSecuring the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.
Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationWhite Paper for Wacom: Cryptography in the STU-541 Tablet
Issue 0.2 Commercial In Confidence 1 White Paper for Wacom: Cryptography in the STU-541 Tablet Matthew Dodd matthew@cryptocraft.co.uk Cryptocraft Ltd. Chapel Cottage Broadchalke Salisbury Wiltshire SP5
More informationSecuring Smart Meters with MULTOS Technical Overview
Securing Smart Meters with MULTOS Technical Overview Introduction This paper is written for those involved in the specification, procuring and design of smart metering infrastructure at a technical level.
More informationCryptographic Component Identification: Enabler for Secure Vehicles
Cryptographic Component Identification: Enabler for Secure Vehicles André Weimerskirch, Christof Paar and Marko Wolf escrypt Embedded Security GmbH D-44801 Bochum, Germany {aweimerskirch, cpaar, mwolf}@escrypt.com
More informationKey establishment in sensor networks
Security and Cooperation in Wireless Networks http://secowinet.epfl.ch/ key types; establishment of link keys using a shortterm master key; random key predistribution: - the basic scheme, and - some improvements;
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationAli Abur Northeastern University Department of Electrical and Computer Engineering Boston, MA 02115
Enhanced State t Estimation Ali Abur Northeastern University Department of Electrical and Computer Engineering Boston, MA 02115 GCEP Workshop: Advanced Electricity Infrastructure Frances Arriallaga Alumni
More informationMarch 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices
March 6, 2019 Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices On July 21, 2016, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability
More informationResilient Smart Grids
Resilient Smart Grids André Teixeira Kaveh Paridari, Henrik Sandberg KTH Royal Institute of Technology, Sweden SPARKS 2nd Stakeholder Workshop Cork, Ireland March 25th, 2015 Legacy Distribution Grids Main
More informationFlicker: An Execution Infrastructure for TCB Minimization
Flicker: An Execution Infrastructure for TCB Minimization Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Hiroshi Isozaki (EuroSys 08) Presented by: Tianyuan Liu Oct 31, 2017 Outline Motivation
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationPREEMPTIVE PREventivE Methodology and Tools to protect utilities
PREEMPTIVE PREventivE Methodology and Tools to protect utilities 2014 2017 1 With the financial support of FP7 Seventh Framework Programme Grant agreement no: 607093 Preemptive goal The main goal of PREEMPTIVE
More informationCyberFence Protection for DNP3
CyberFence Protection for DNP3 August 2015 Ultra Electronics, 3eTI 2015 DNP3 Issues and Vulnerabilities DNP3 is one of the most widely used communications protocols within the utility space for the purpose
More informationSECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationIntroduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.
Trusted Intermediaries CSC/ECE 574 Computer and Network Security Topic 7. Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center () Representative solution:
More informationAn Improved Measurement Placement Algorithm for Network Observability
IEEE TRANSACTIONS ON POWER SYSTEMS, VOL. 16, NO. 4, NOVEMBER 2001 819 An Improved Measurement Placement Algorithm for Network Observability Bei Gou and Ali Abur, Senior Member, IEEE Abstract This paper
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationFalse Data Injection Attacks against State Estimation in Electric Power Grids
False Data Injection Attacks against State Estimation in Electric Power Grids Yao Liu, Peng Ning Department of Computer Science North Carolina State University yliu20@ncsu.edu, pning@ncsu.edu Michael K.
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationIntroduction and Statement of the Problem
Chapter 1 Introduction and Statement of the Problem 1.1 Introduction Unlike conventional cellular wireless mobile networks that rely on centralized infrastructure to support mobility. An Adhoc network
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage
More information