Biblio

Inter-substation Generic Object Oriented Substation Events (GOOSE) communications that are used for critical protection functions have several cyber-security vulnerabilities. GOOSE messages are directly mapped to the Layer 2 Ethernet without network and transport layer headers that provide data encapsulation. The high-status-number attack is a malicious attack on GOOSE messages that allows hackers to completely take over intelligent electronic devices (IEDs) subscribing to GOOSE communications. The status-number parameter of GOOSE messages, stNum is tampered with in these attacks. Given the strict delivery time requirement of 3 ms for GOOSE messaging, it is infeasible to encrypt the GOOSE payload. This work proposes to secure the sensitive stNum parameter of the GOOSE payload using systematically encoded polynomial codes. Exploiting linear codes allows for the security features to be encoded in linear time, in contrast to complex hashing algorithms. At the subscribing IED, the security feature is used to verify that the stNum parameter has not been tampered with during transmission in the insecure medium. The decoding and verification using syndrome computation at the subscriber IED is also accomplished in linear time.

The Energy Internet is an advanced smart grid solution to increase energy efficiency by jointly operating multiple energy resources via the Internet. However, such an increasing integration of energy resources requires secure and efficient communication in the Energy Internet. To address such a requirement, we propose a new secure key bootstrapping protocol to support the integration and operation of energy resources. By using a universal composability model that provides a strong security notion for designing and analyzing cryptographic protocols, we define an ideal functionality that supports several cryptographic primitives used in this paper. Furthermore, we provide an ideal functionality for key bootstrapping and secure communication, which allows exchanged session keys to be used for secure communication in an ideal manner. We propose the first secure key bootstrapping protocol that enables a user to verify the identities of other users before key bootstrapping. We also present a secure communication protocol for unicast and multicast communications. The ideal functionalities help in the design and analysis of the proposed protocols. We perform some experiments to validate the performance of our protocols, and the results show that our protocols are superior to the existing related protocols and are suitable for the Energy Internet. As a proof of concept, we apply our functionalities to a practical key bootstrapping protocol, namely generic bootstrapping architecture.

The Named-Data Networking (NDN) has emerged as a clean-slate Internet proposal on the wave of Information-Centric Networking. Although the NDN's data-plane seems to offer many advantages, e.g., native support for multicast communications and flow balance, it also makes the network infrastructure vulnerable to a specific DDoS attack, the Interest Flooding Attack (IFA). In IFAs, a botnet issuing unsatisfiable content requests can be set up effortlessly to exhaust routers' resources and cause a severe performance drop to legitimate users. So far several countermeasures have addressed this security threat, however, their efficacy was proved by means of simplistic assumptions on the attack model. Therefore, we propose a more complete attack model and design an advanced IFA. We show the efficiency of our novel attack scheme by extensively assessing some of the state-of-the-art countermeasures. Further, we release the software to perform this attack as open source tool to help design future more robust defense mechanisms.