Salvatore D’Antonio

Exposing vulnerabilities in electric power grids: An experimental approach

Abstract During the past few years, coordinated and targeted cyber attacks of unprecedented levels of sophistication have been conducted against critical infrastructures. Simple experiments and probes are now turning into concerted cyber operations, carried out for profit or political reasons. Examples of critical infrastructures include airports, railway networks, hospitals, energy plants and networks and dams. Among these, electric power grids are possibly the most critical assets, since virtually all the critical infrastructures strongly depend on power distribution networks for their operation. To improve the accuracy and coherence of supervisory control and data acquisition/energy management systems (SCADA/EMSs), utility operators are increasingly integrating emerging technologies for power data collection. This paper presents the results of a thorough security analysis of two key enabling technologies used for data collection in power grids: (i) phasor measurement units (PMUs) also known as synchrophasors and (ii) phasor data concentrators (PDCs). Evidence is provided to demonstrate that these technologies are vulnerable to traditional cyber attacks (due to weaknesses such as the lack of encrypted communications channels and weak password policies), as well as to emerging cyber attacks (due to the lack of input validation and sanitization).

Enhancing SIEM Technology to Protect Critical Infrastructures

Coordinated and targeted cyber-attacks on Critical Infrastructures (CIs) and Supervisory Control And Data Acquisition (SCADA) systems are increasing and becoming more sophisticated. Typically, SCADA has been designed without having security in mind, which is indeed approached by reusing solutions to protect solely Information Technology (IT) based infrastructures, such as the Security Information and Events Management (SIEM) systems. According to the National Institute of Standards and Technology (NIST), these systems are often ineffective for CIs protection. In this paper we analyze limits of current SIEMs and propose a framework developed in the MASSIF Project to enhance services for data treatment. Particularly, the Generic Event Translation (GET) module collects security data from heterogeneous sources, by providing intelligence at the edge of the SIEM; the Resilient Storage (RS), reliably stores data related to relevant security breaches. We illustrate a prototypal deployment for the dam monitoring and control case study.

Cloud security: Emerging threats and current solutions

Abstract Many organizations are stuck in the cloudify or not to cloudify limbo, mainly due to concerns related to the security of enterprise sensitive data. Removing this barrier is a key pre-condition to fully unleash the tremendous potential of cloud computing. In this paper, we provide a comprehensive analysis of the main threats that hamper cloud computing adoption on a wide scale, and a right to the point review of the solutions that are currently being provided by the major vendors. The paper also presents the (near) future directions of cloud security research, by taking a snapshot of the main research trends and most accredited approaches. The study is done on a best of breed selection of proprietary and Open Source cloud offerings. The paper is thus a useful navigation tool, that can be used by the IT personnel to gain more insight into the security risks related to the use of cloud computing, as well as to quickly weigh the pros and cons of state of the art solutions.

The human role in tools for improving robustness and resilience of critical infrastructures

This paper presents a project dedicated to the development of means for improving the resilience of Critical Infrastructures (CIs) with respect to cyber attacks. The ability to sustain and protect the flow of information and data and the possibility to early detect, isolate and eliminate cyber hazards have become issues of paramount importance when developing the Supervisory Control And Data Acquisition (SCADA) systems of such a CI. The majority of tools dedicated to these goals are based on fully automatic autonomous self-reconfigurable systems that operate within the network, or online. However, the possibility to enable also human intervention for the further reduction in the vulnerability of CIs is equally possible. In this case, the intervention is considered offline and requires the active co-operation between a decision aid tool and a human operator. This paper presents a project aimed at improving robustness and resilience of CIs and discusses in particular the human interfaces associated with the offline tools. In essence, it is found that while the guidelines of the usability principle must be preserved, special account must be given to the type of issues involved and high professionalism of their users. This implies that certain basic criteria of the usability principle may be less relevant and their limitations may not be respected without loosing effectiveness and strength of the tools.

A GPS Spoofing Resilient WAMS for Smart Grid

Smart grids provide efficiency in energy distribution, easy identification of disturbance sources, and fault prediction. To achieve these benefits a continuous monitoring of voltage and current phasors must be performed. Phasor Measurement Units (PMUs) allow measurements of the phasors. A Wide Area Measurement System uses PMUs placed in different locations to assess the status of the power grid. To correctly analyze the phasors provided by PMUs, phasors must refer to the same time. For this reason each PMU uses the clock provided by a GPS receiver. GPS receiver is vulnerable to spoofing attack and it is a single point of failure. In this context we examined Network Time Protocol (NTP) as an alternative time source when the GPS receiver is compromised. In this paper a resilient architecture is proposed that is able to detect and react to the GPS spoofing attack. Experimental tests have shown the effectiveness of our solution.

Use of the Dempster–Shafer theory to detect account takeovers in mobile money transfer services

Advanced cyber-threats, specifically targeted to financial institutions, are growing in frequency and sophistication, both globally and in individual countries. To counter this trend, effective solutions are needed that are able to reliably and timely detect frauds across multiple channels that process millions of transactions per day. These security solutions are required to process logs produced by different systems and correlate massive amounts of information in real-time. In this paper, we propose an approach based on the Dempster–Shafer (DS) theory, that results in high performance of the detection process, i.e. high detection rates and low false positive rates. The approach is based on combining multiple (and heterogeneous) data feeds to get to a degree of belief that takes into account all the available evidence. The proposed approach has been validated with respect to a challenging demonstration case, specifically the detection of frauds performed against a mobile money transfer (MMT) service. An extensive experimental campaign has been conducted, using synthetic data generated by a simulator which closely mimics the behavior of a real system, from a major MMT service operator.

Use of the Dempster-Shafer Theory for Fraud Detection: The Mobile Money Transfer Case Study

Security Information and Event Management (SIEM) systems are largely used to process logs generated by both hardware and software devices to assess the security level of service infrastructures. This log-based security analysis consists in correlating massive amounts of information in order to detect attacks and intrusions. In order to make this analysis more accurate and effective we propose an approach based on the Dempster-Shafer theory, that allows for combining evidence from multiple and heterogeneous data sources and get to a degree of belief that takes into account all the available evidence. The proposed approach has been validated with the respect to a challenging demonstration case, namely the detection of frauds performed against a Mobile Money Transfer service. An extensive simulation campaign has been executed to assess the performance of the proposed approach and the experimental results are presented in this paper.

Effective QoS Monitoring in Large Scale Social Networks

Social Networking activities are still occupying the majority of the time that Internet users are spending in the Web. The generated content and social dynamics represent precious resources that everybody wishes to control. This scenario poses several challenges including the fact that different implementations, technologies, and formats are used to manage web content and social dynamics in heterogeneous, often antagonistic, Social Networking Sites. In order to master this heterogeneity the SocIoS project has defined an API that enables the aggregation of data and functionality made available by different Social Networking Sites APIs and their combination into complex and novel application workflows. However, the dependency on Social Networking Sites does not allow users of the SocIoS API to control the Quality of Service provided by the underlying platforms. In this paper we show how the QoSMONaaS (QoSMONitoring as a Service) component can be used to monitor and evaluate relevant metrics, such as availability and response time of the API calls, that are specified in the Service Level Agreement document. QoSMONaaS has been developed within the context of the SRT-15 project to implement a dependable (i.e. unbiased, reliable, and timely) monitoring of Quality of Service.

Assessing the Impact of Cyber Attacks on Wireless Sensor Nodes That Monitor Interdependent Physical Systems

This paper describes a next-generation security information and event management (SIEM) platform that performs real-time impact assessment of cyber attacks that target monitoring and control systems in interdependent critical infrastructures. To assess the effects of cyber attacks on the services provided by critical infrastructures, the platform combines security analysis with simulations produced by the Infrastructure Interdependencies Simulator (i2Sim). The approach is based on the mixed holistic reductionist (MHR) methodology that models the relationships between functional components of critical infrastructures and the provided services. The effectiveness of the approach is demonstrated using a scenario involving a dam that feeds a hydroelectric power plant. The scenario considers an attack on a legacy SCADA system and wireless sensor network that reduces electricity production and degrades the services provided by the interdependent systems. The results demonstrate that the attack is detected in a timely manner, risk assessment is performed effectively and service level variations can be predicted. The paper also shows how the impact of attacks on services can be estimated when limits are imposed on information sharing.

SIL2 assessment of an Active/Standby COTS-based Safety-Related system

Abstract The need of reducing costs and shortening development time is resulting in a more and more pervasive use of Commercial-Off-The-Shelf components also for the development of Safety-Related systems, which traditionally relied on ad-hoc design. This technology trend exacerbates the inherent difficulty of satisfying – and certifying – the challenging safety requirements imposed by safety certification standards, since the complexity of individual components (and consequently of the overall system) has increased by orders of magnitude. To bridge this gap, this paper proposes an approach to safety certification that is rigorous while also practical. The approach is hybrid, meaning that it effectively combines analytical modeling and field measurements. The techniques are presented and the results validated with respect to an Active/Standby COTS-Based industrial system, namely the Train Management System of Hitachi-Ansaldo STS, which has to satisfy Safety Integrity Level 2 requirements. A modeling phase is first used to identify COTS safety bottlenecks. For these components, a mitigation strategy is proposed, and then validated in an experimental phase that is conducted on the real system. The study demonstrates that with a relatively little effort we are able to configure the target system in such a way that it achieves SIL2.