Biblio

In this paper, we focus on versatile and scalable key management for Advanced Metering Infrastructure (AMI) in Smart Grid (SG). We show that a recently proposed key graph based scheme for AMI systems (VerSAMI) suffers from efficiency flaws in its broadcast key management protocol. Then, we propose a new key management scheme (iVerSAMI) by modifying VerSAMI's key graph structure and proposing a new broadcast key update process. We analyze security and performance of the proposed broadcast key management in details to show that iVerSAMI is secure and efficient in terms of storage and communication overheads.

Cryptographic channels aim to enable authenticated and confidential communication over the Internet. The general understanding seems to be that providing security in the sense of authenticated encryption for every (unidirectional) point-to-point link suffices to achieve this goal. As recently shown (in FSE17/ToSC17), however, the security properties of the unidirectional links do not extend, in general, to the bidirectional channel as a whole. Intuitively, the reason for this is that the increased interaction in bidirectional communication can be exploited by an adversary. The same applies, a fortiori, in a multi-party setting where several users operate concurrently and the communication develops in more directions. In the cryptographic literature, however, the targeted goals for group communication in terms of channel security are still unexplored. Applying the methodology of provable security, we fill this gap by defining exact (game-based) authenticity and confidentiality goals for broadcast communication, and showing how to achieve them. Importantly, our security notions also account for the causal dependencies between exchanged messages, thus naturally extending the bidirectional case where causal relationships are automatically captured by preserving the sending order. On the constructive side we propose a modular and yet efficient protocol that, assuming only point-to-point links between users, leverages (non-cryptographic) broadcast and standard cryptographic primitives to a full-fledged broadcast channel that provably meets the security notions we put forth.

The Controller Area Network (CAN) is a broadcast communications network invented by Robert Bosch GmbH in 1986. CAN is the standard communication network found in automobiles, industry equipment, and many space applications. To be used in these environments, CAN is designed for efficiency and reliability, rather than security. This research paper closely examines the security risks within the CAN protocol and proposes a feasible solution. In this research, we investigate the problems with implementing certain security features in the CAN protocol, such as message authentication and protections against replay and denial-of-service (DoS) attacks. We identify the restrictions of the CAN bus, and we demonstrate how our proposed implementation meets these restrictions. Many previously proposed solutions lack security, feasibility, and/or efficiency; however, a solution must not drastically hinder the real-time operation speed of the network. The solution proposed in this research is tested with a simulative CAN environment. This paper proposes an alteration to the standard CAN bus nodes and the CAN protocol to better protect automobiles and other CAN-related systems from attacks.