Mohamed M. E. A. Mahmoud

Stimulating Cooperation in Multi-hop Wireless Networks Using Cheating Detection System

In multi-hop wireless networks, the mobile nodes usually act as routers to relay packets generated from other nodes. However, selfish nodes do not cooperate but make use of the honest ones to relay their packets, which has negative effect on fairness, security, and performance of the network. In this paper, we propose a novel incentive mechanism to stimulate cooperation in multi-hop wireless networks. Fairness can be achieved by using credits to reward the cooperative nodes. The overhead can be significantly reduced by using a cheating detection system (CDS) to secure the payment. Extensive security analysis demonstrates that the CDS can identify the cheating nodes effectively under different cheating strategies. Simulation results show that the overhead of the proposed incentive mechanism is incomparable with the existing ones.

Scalable Certificate Revocation Schemes for Smart Grid AMI Networks Using Bloom Filters

Given the scalability of the advanced metering infrastructure (AMI) networks, maintenance and access of certificate revocation lists (CRLs) pose new challenges. It is inefficient to create one large CRL for all the smart meters (SMs) or create a customized CRL for each SM since too many CRLs will be required. In order to tackle the scalability of the AMI network, we divide the network into clusters of SMs, but there is a tradeoff between the overhead at the certificate authority (CA) and the overhead at the clusters. We use Bloom filters to reduce the size of the CRLs in order to alleviate this tradeoff by increasing the clusters’ size with acceptable overhead. However, since Bloom filters suffer from false positives, there is a need to handle this problem so that SMs will not discard important messages due to falsely identifying the certificate of a sender as invalid. To this end, we propose two certificate revocation schemes that can identify and nullify the false positives. While the first scheme requires contacting the gateway to resolve them, the second scheme requires the CA additionally distribute the list of certificates that trigger false positives. Using mathematical models, we have demonstrated that the probability of contacting the gateway in the first scheme and the overhead of the second scheme can be very low by properly designing the Bloom filters. In order to assess the scalability and validate the mathematical formulas, we have implemented the proposed schemes using Visual C. The results indicate that our schemes are much more scalable than the conventional CRL and the mathematical and simulation results are almost identical. Moreover, we simulated the distribution of the CRLs in a wireless mesh-based AMI network using ns-3 network simulator and assessed its distribution overhead.

Investigating Public-Key Certificate Revocation in Smart Grid

The public key cryptography (PKC) is essential for securing many applications in smart grid. For the secure use of the PKC, certificate revocation schemes tailored to smart grid applications should be adopted. However, little work has been done to study certificate revocation in smart grid. In this paper, we first explain different motivations that necessitate revoking certificates in smart grid. We also identify the applications that can be secured by PKC and thus need certificate revocation. Then, we explain existing certificate revocation schemes and define several metrics to assess them. Based on this assessment, we identify the applications that are proper for each scheme and discuss how the schemes can be modified to fully satisfy the requirements of its potential applications. Finally, we study certificate revocation in pseudonymous public key infrastructure (PPKI), where a large number of certified public/private keys are assigned for each node to preserve privacy. We target vehicles-to-grid communications as a potential application. Certificate revocation in this application is a challenge because of the large number of certificates. We discuss an efficient certificate revocation scheme for PPKI, named compressed certificate revocation lists (CRLs). Our analytical results demonstrate that one revocation scheme cannot satisfy the overhead/security requirements of all smart grid applications. Rather, different schemes should be employed for different applications. Moreover, we used simulations to measure the overhead of the schemes.

Customized Certificate Revocation Lists for IEEE 802.11s-Based Smart Grid AMI Networks

Public-key cryptography (PKC) is widely used in smart grid (SG) communications to reduce the overhead of key management. However, PKC comes with its own problems in terms of certificate management. Specifically, certificate revocation lists (CRLs) need to be maintained and distributed to the smart meters (SMs) in order to ensure security of the communications. The size of CRLs may grow over time and eventually may introduce additional delay, bandwidth, and storage overhead when various applications are run on SG. In this paper, we propose novel algorithms for creating customized CRLs with reduced size for IEEE 802.11s-based advanced metering infrastructure (AMI) networks. Rather than maintaining a huge-size single CRL that introduces unnecessary search time and storage, the idea is to cluster/group SMs within the AMI network and create CRLs based on these groups. The grouping is mainly done in such a way that they bring together the SMs that will be very likely to communicate so that the CRLs will be kept local to that group. To this end, we propose two novel grouping algorithms. The first algorithm is a bottom-up approach, which is based on the existing routes from the SMs to the gateway. Since the SMs will be sending their data to the gateway through the nodes on the route, this forms a natural grouping. The second approach is a top-down recursive approach, which considers the minimum spanning tree of the network and then divides it into smaller subtrees. Via grouping, the length of the CRL for each SM and the corresponding distribution overhead can be reduced significantly. Simulation results have shown that our approach can maintain a balance between the size of the CRL and the number of signatures generated by CAs while guaranteeing security of the communications.

An efficient certificate revocation scheme for large-scale AMI networks

Given the large geographic deployment and scalability of the Advanced Metering Infrastructure (AMI) networks, it is inefficient to create one large certificate revocation list (CRL) for all the networks. It is also inefficient to create a CRL for each meter having the certificates it needs because too many CRLs will be required. It is beneficial to balance the size of the CRLs and the overhead of forming and distributing them. In this paper, the certificate authority (CA) groups the AMI networks and composes one CRL for each group. We use Bloom filter to reduce the number of CRLs by increasing the groups size with acceptable overhead on the meters. However, Bloom filters suffer from false positives which is not acceptable in AMI networks because meters may miss important messages. We propose a novel scheme to identify and mitigate the false positives by making use of the fact that Bloom filters are free of false negatives. The meters should contact the gateway to resolve the false positives. We use Merkle tree to enable the gateway to provide efficient proof for certificate revocation without contacting the CA. We derive a mathematical formula to the probability of contacting the gateway as a function of the filters parameters. We will show that this probability can be low by properly designing the Bloom filter. In order to assess the performance and the applicability of the proposed scheme, we use ns-3 network simulator to implement the scheme in a IEEE 802.11s-based mesh AMI networks. The results demonstrate that our scheme can be used efficiently for AMI networks.

Efficient public-key certificate revocation schemes for smart grid

The public key cryptography will play an essential role in securing the smart grid communications. For the secure use of the public key cryptography, an efficient and secure certificate revocation scheme specially tailored to smart grid architecture should be adopted. In this paper, we study certificate revocation in smart grid and design efficient and scalable certificate revocation schemes. The schemes have different security strengths and require different overhead levels. We also propose an efficient certificate revocation scheme for pseudonymous public key infrastructure using compressed certificate revocation lists. Analytical results demonstrate that using revocation schemes is essential for securing smart grid, and the proposed schemes are secure. Moreover, simulation results demonstrate that the proposed schemes require low overhead.

A scalable public key infrastructure for smart grid communications

The public-key cryptography is indispensable for securing the smart grid communications. In this paper, we propose a hierarchical and fully-connected public key infrastructure that considers the smart grid characteristics. In the proposed public key infrastructure, each certificate authority is responsible for managing the public-key certificates for a geo-bounded small area. We also propose a novel format for the certificates that does not only bind a nodes identity to its public key but also to its privileges and permissions. Finally we propose efficient and scalable certificate- renewing scheme that can much reduce the overhead of renewing certificates. Our verifications and evaluations demonstrate that using public key cryptography is essential for securing the smart grid and our proposals are scalable. Moreover, the simulation results demonstrate that the certificate-renewing scheme can significantly reduce the overhead of certificate renewals.

A secure and privacy-preserving event reporting scheme for vehicular Ad Hoc networks

In vehicular ad hoc networks, vehicles should report events to warn the drivers of unexpected hazards on the roads. While these reports can contribute to safer driving, vehicular ad hoc networks suffer from various security threats; a major one is Sybil attacks. In these attacks, an individual attacker can pretend as several vehicles that report a false event. In this paper, we propose a secure event-reporting scheme that is resilient to Sybil attacks and preserves the privacy of drivers. Instead of using asymmetric key cryptography, we use symmetric key cryptography to decrease the computation overhead. We propose an efficient pseudonym generation technique. The vehicles receive a small number of long-term secrets to compute pseudonyms/keys to be used in reporting the events without leaking private information about the drivers. In addition, we propose a scheme to identify the vehicles that use their pool of pseudonyms to launch Sybil attacks without leaking private information to road side units. We also study a strong adversary model assuming that attackers can share their pool of pseudonyms to launch colluding Sybil attacks. Our security analysis and simulation results demonstrate that our scheme can detect Sybil attackers effectively with low communication and computation overhead. Copyright

Efficient generation and distribution of CRLs for IEEE 802.11s-based Smart Grid AMI networks

In this paper, we propose a novel algorithm for reducing the size of certificate revocation lists (CRLs) created and distributed for IEEE 802.11s-based Smart Grid Advanced Metering Infrastructure (AMI) networks. Rather than maintaining a huge-size single CRL that introduces unnecessary search time and storage, the idea is to generate groups of smart meters (SMs) within the AMI network and create CRLs based on these groups. Creating groups is appropriate in AMI networks since the SMs are stationary in contrary to traditional mobile wireless networks. Our proposed grouping algorithm is based on the created paths from leaf SMs to the gateway as well as the immediate neighborhood of each SM. Via grouping, the length of the CRL for each SM and the corresponding distribution overhead can be reduced significantly. Simulation results have shown that our approach can maintain a balance between the size of the CRL and the number of signatures generated by certification authorities (CAs) while guaranteeing security of the communications.

Privacy-Preserving Power Injection Over a Hybrid AMI/LTE Smart Grid Network

The future smart grid will enable homes to have energy storage units that can store the excess power generated from renewable energy sources and sell it to the grid during the peak hours. Realization of this process, however, requires the utility company to be able to communicate with the storage units whenever needed. Nonetheless, the security and the privacy of this communication is essential to not only ensure a fair energy selling market but also eliminate any privacy concerns of the users due to potential exposure of their energy levels. In this paper, we propose a secure and privacy-preserving power injection querying scheme by exploiting the already available advanced metering infrastructure (AMI) and long-term evolution (LTE) cellular networks. The idea is based on collecting power injection bids from storage units and sending their aggregated value to the utility rather than the individual bids in order to preserve user privacy. We also develop a bilinear pairing-based technique to enable the utility company to ensure the integrity and authenticity of the aggregated bid without accessing the individual bids. In this way, no party will have access to the storage units’ individual bids and use them to achieve unfair financial gains. We implemented the proposed scheme in an integrated AMI/LTE network using the ns-3 network simulator. Our evaluations have demonstrated that the proposed scheme is secure and can protect user privacy with acceptable communication and computation overhead.