Biblio

As the traditional inverters are transforming toward more intelligent inverters with advanced information and communication technologies, the cyber-attack surface has been remarkably expanded. Specifically, securing firmware of smart inverters from cyber-attacks is crucial. This paper provides expanded firmware attack surface targeting smart inverters. Moreover, this paper proposes a security module for transforming a conventional inverter to a firmware security built-in smart inverter by preventing potential malware and unauthorized firmware update attacks as well as fast automated inverter recovery from zero-day attacks. Furthermore, the proposed security module as a client of blockchain is connected to blockchain severs to fully utilize blockchain technologies such as membership service, ledgers, and smart contracts to detect and mitigate the firmware attacks. The proposed security module framework is implemented in an Internet-of-Thing (IoT) device and validated by experiments.

Advanced Persistent Threat (APT) is a professional stealthy threat actor who uses continuous and sophisticated attack techniques which have not been well mitigated by existing defense strategies. This paper proposes an APT-style cyber-attack tested for distributed energy resources (DER) in cyber-physical environments. The proposed security testbed consists of: 1) a real-time DER simulator; 2) a real-time cyber system using real network systems and a server; and 3) penetration testing tools generating APT-style attacks as cyber events. Moreover, this paper provides a cyber kill chain model for a DER system based on a latest MITRE’s cyber kill chain model to model possible attack stages. Several real cyber-attacks are created and their impacts in a DER system are provided to validate the feasibility of the proposed security testbed for DER systems.

Biometric verification systems have security issues regarding the storage of biometric data in that a user's biometric features cannot be changed into other ones even when a system is compromised. To address this issue, it may be safe to store the biometrics data on a reliable remote server instead of storing them in a local device. However, this approach may raise a privacy issue. In this paper, we propose a biometric verification system where the biometric data are stored in a remote server in an encrypted form and the similarity of the user input to the registered biometric data is computed in an encrypted domain using a homomorphic encryption. We evaluated the performance of the proposed system through an implementation on an Android-based smartphone and an i7-based server.