Himanshu Khurana

Smart-grid security issues

This article has given a broadbrush description of issues related to smart-grid security. Designing solutions in at this stage, before widespread deployment, would be beneficial; in some cases solutions exist, whereas in others research investments will be needed. Several open questions about goals still require discussion, especially around such topics as how (and how much) privacy can be supported.

Intrusion Detection for Advanced Metering Infrastructures: Requirements and Architectural Directions

The security of Advanced Metering Infrastructures (AMIs) is of critical importance. The use of secure protocols and the enforcement of strong security properties have the potential to prevent vulnerabilities from being exploited and from having costly consequences. However, as learned from experiences in IT security, prevention is one aspect of a comprehensive approach that must also include the development of a complete monitoring solution. In this paper, we explore the practical needs for monitoring and intrusion detection through a thorough analysis of the different threats targeting an AMI.

An Authenticated Control Framework for Distributed Voltage Support on the Smart Grid

Existing and forthcoming devices at the residential level have the ability to provide reactive power support. Inverters which connect distributed generation such as solar panels and pluggable hybrid electric vehicles (PHEVs) to the grid are an example. Such devices are not currently utilized by the power system. We investigate the integration of these end-user reactive-power-capable devices to provide voltage support to the grid via a secure communications infrastructure. We determine effective locations in the transmission system and show how reactive power resources connected at those buses can be controlled. Buses belong to reactive support groups which parallel the regions of the secure communications architecture that is presented. Ultimately, our goal is to present how the smart grid can enable the utilization of available end-user devices as a resource to mitigate power system problems such as voltage collapse.

RRE: A game-theoretic intrusion Response and Recovery Engine

Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection algorithms, but also in automated response techniques. In this paper, we propose a new approach to automated response called the response and recovery engine (RRE). Our engine employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game. The RRE applies attack-response trees (ART) to analyze undesired system-level security events within host computers and their countermeasures using Boolean logic to combine lower level attack consequences. In addition, the RRE accounts for uncertainties in intrusion detection alert notifications. The RRE then chooses optimal response actions by solving a partially observable competitive Markov decision process that is automatically derived from attack-response trees. To support network-level multiobjective response selection and consider possibly conflicting network security properties, we employ fuzzy logic theory to calculate the network-level security metric values, i.e., security levels of the systems current and potentially future states in each stage of the game. In particular, inputs to the network-level game-theoretic response selection engine, are first fed into the fuzzy system that is in charge of a nonlinear inference and quantitative ranking of the possible actions using its previously defined fuzzy rule set. Consequently, the optimal network-level response actions are chosen through a game-theoretic optimization process. Experimental results show that the RRE, using Snorts alerts, can protect large networks for which attack-response trees have more than 500 nodes.

Design Principles for Power Grid Cyber-Infrastructure Authentication Protocols

Recently, there has been an increased focus and a sense of urgency in developing standards for Power Grid systems centered on the need for interoperability. Given the threat against these systems an important goal is the development of effective cyber security standards. However, past experience shows that security protocols are prone to design errors. Focusing on authentication protocols, in this work we discuss key design principles and engineering practices that we believe can help ensure the correctness and effectiveness of standards for authentication in Power Grid protocols; e.g., DNP3. This work builds on past work in the area of principles of authentication in Internet protocols but focuses the discussion on the constraints of the Power Grid; in particular, the need for efficient and highly available systems.

Using Attribute-Based Access Control to Enable Attribute-Based Messaging

Attribute based messaging (ABM) enables message senders to dynamically create a list of recipients based on their attributes as inferred from an enterprise database. Such targeted messaging can reduce unnecessary communications and enhance privacy, but faces challenges in access control. In this paper, we explore an approach to ABM based on deriving access control information from the same attribute database exploited by the addressing scheme. We show how to address three key challenges. First, we demonstrate a manageable access control system based on attributes. Second we show how this can be used with existing messaging systems to provide a practical deployment strategy. Third, we show that such a system can be efficient enough to support ABM for mid-size enterprises. Our implementation can dispatch ABM messages approved by XACML review for an enterprise of at least 60,000 users with only seconds of latency

Scalable security and accounting services for content-based publish/subscribe systems

Content-based publish/subscribe systems offer an interaction scheme that is appropriate for a variety of large scale dynamic applications. However, widespread use of these systems is hindered by a lack of suitable security services. In this paper we present scalable solutions for confidentiality, integrity, and authentication for these systems. We also provide usage-based accounting services, which are required for e-commerce and e-business applications that use publish/subscribe systems. Our solutions are applicable in a setting where publishers and subscribers may not trust the publish/subscribe infrastructure.

Scalable Security and Accounting Services for Content-Based Publish/Subscribe Systems

Content-based publish/subscribe systems offer an interaction scheme that is appropriate for a variety of large-scale dynamic applications. However, widespread use of these systems is hindered by a lack of suitable security services. In this paper, we present scalable solutions for confidentiality, integrity, and authentication for these systems. We also provide verifiable usage-based accounting services, which are required for e-commerce and e-business applications that use publish/subscribe systems. Our solutions are applicable in a setting where publishers and subscribers may not trust the publish/subscribe infrastructure.

TOWARDS A TAXONOMY OF ATTACKS AGAINST ENERGY CONTROL SYSTEMS

Control systems for energy such as Supervisory Control And Data Ac- quisition (SCADA) involve a hierarchy of sensing, monitoring, and con- trol devices connected to centralized control stations/centers. With in- creasing connectivity to commercial o-the-shelf technologies these sys- tems have become vulnerable to cyber attacks. To assist the energy sector in dealing with these cyber attacks, we propose the development of a taxonomy. In this work we take a first step towards a taxonomy by developing a comprehensive model of attacks, vulnerabilities, and damages in control systems. We populate the model with a survey of available literature from industry, academia, and national laboratories.

PBES: a policy based encryption system with application to data sharing in the power grid

In distributed systems users need the ability to share sensitive content with multiple other recipients based on their ability to satisfy arbitrary policies. One such system is electricity grids where finegrained sensor data sharing holds the potential for increased reliability and efficiency. However, effective data sharing requires technical solutions that support flexible access policies, for example, sharing more data when the grid is unstable. In such systems, both the messages and policies are sensitive and, therefore, they need to kept be secret. Furthermore, to allow for such a system to be secure and usable in the presence of untrusted object stores and relays it must be resilient in the presence of active adversaries and provide efficient key management. While several of these properties have been studied in the past we address a new problem in the area of policy based encryption in that we develop a solution with all of these capabilities. We develop a Policy and Key Encapsulation Mechanism -- Data Encapsulation Mechanism (PKEM-DEM) encryption scheme that is a generic construction secure against adaptive chosen ciphertext attacks and develop a Policy Based Encryption System (PBES) using this scheme that provides these capabilities. We provide an implementation of PBES and measure its performance.