Biblio

Smart metering is a mechanism through which fine-grained electricity usage data of consumers is collected periodically in a smart grid. However, a growing concern in this regard is that the leakage of consumers' consumption data may reveal their daily life patterns as the state-of-the-art metering strategies lack adequate security and privacy measures. Many proposed solutions have demonstrated how the aggregated metering information can be transformed to obscure individual consumption patterns without affecting the intended semantics of smart grid operations. In this paper, we expose a complete break of such an existing privacy preserving metering scheme [10] by determining individual consumption patterns efficiently, thus compromising its privacy guarantees. The underlying methodol-ogy of this scheme allows us to - i) retrieve the lower bounds of the privacy parameters and ii) establish a relationship between the privacy preserved output readings and the initial input readings. Subsequently, we present a rigorous experimental validation of our proposed attacking methodology using real-life dataset to highlight its efficacy. In summary, the present paper queries: Is the Whole lesser than its Parts? for such privacy aware metering algorithms which attempt to reduce the information leakage of aggregated consumption patterns of the individuals.

Cyber-Physical Systems (CPS) suffer from extendable vulnerabilities due to the convergence of the physical world with the cyber world, which makes it victim to a number of sophisticated cyber-attacks. The motives behind such attacks range from criminal enterprises to military, economic, espionage, political, and terrorism-related activities. Many governments are more concerned than ever with securing their critical infrastructure. One of the effective means of detecting threats and securing their infrastructure is the use of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). A number of studies have been conducted and proposed to assess the efficacy and effectiveness of IDS through the use of self-learning techniques, especially in the Industrial Control Systems (ICS) era. This paper investigates and analyzes the utilization of IDS systems and their proposed solutions used to enhance the effectiveness of such systems for CPS. The targeted data extraction was from 2011 to 2021 from five selected sources: IEEE, ACM, Springer, Wiley, and ScienceDirect. After applying the inclusion and exclusion criteria, 20 primary studies were selected from a total of 51 studies in the field of threat detection in CPS, ICS, SCADA systems, and the IoT. The outcome revealed the trends in recent research in this area and identified essential techniques to improve detection performance, accuracy, reliability, and robustness. In addition, this study also identified the most vulnerable target layer for cyber-attacks in CPS. Various challenges, opportunities, and solutions were identified. The findings can help scholars in the field learn about how machine learning (ML) methods are used in intrusion detection systems. As a future direction, more research should explore the benefits of ML to safeguard cyber-physical systems.

Cloud based cyber physical system (CPS) enables individuals to store and share data collected from both cyberspace and the physical world. This leads to the proliferation of massive data at a user's local site. Since local storage systems can't store and maintain huge data, it is a wise and practical way to outsource such huge data to the cloud. Cloud storage provides scalable storage space to manage data economically and flexibly. However, the integrity of outsourced data is a critical challenge because user's lose control of their data once it's transferred to cloud servers. Several auditing schemes have been put forward based on public key infrastructure (PKI) or identity-based cryptography to verify data integrity. However, “the PKI-based schemes suffer from certificate management problem and identity-based schemes face the key escrow” problem. Therefore, to address these problems, certificateless public auditing schemes have been introduced on the basis of bilinear pairing, which incur high computation overhead, and thus it is not suitable for CPS. To reduce the computation overhead, in this paper, Using elliptic curve cryptography, we propose an efficient pairing-free certificateless public auditing scheme for cloud-based CPS. The proposed scheme is more secure against type I/II/III adversaries and efficient compared to other certificateless based schemes.

The smart electricity grids have been evolving to a more complex cyber-physical ecosystem of infrastructures with integrated communication networks, new carbon-free sources of power generation, advanced monitoring and control systems, and a myriad of emerging modern physical hardware technologies. With the unprecedented complexity and heterogeneity in dynamic smart grid networks comes additional vulnerability to emerging threats such as cyber attacks. Rapid development and deployment of advanced network monitoring and communication systems on one hand, and the growing interdependence of the electric power grids to a multitude of lifeline critical infrastructures on the other, calls for holistic defense strategies to safeguard the power grids against cyber adversaries. In order to improve the resilience of the power grid against adversarial attacks and cyber intrusions, advancements should be sought on detection techniques, protection plans, and mitigation practices in all electricity generation, transmission, and distribution sectors. This survey discusses such major directions and recent advancements from a lens of different detection techniques, equipment protection plans, and mitigation strategies to enhance the energy delivery infrastructure resilience and operational endurance against cyber attacks. This undertaking is essential since even modest improvements in resilience of the power grid against cyber threats could lead to sizeable monetary savings and an enriched overall social welfare.

Being the most important critical infrastructure in Cyber-Physical Systems (CPSs), a smart grid exhibits the complicated nature of large scale, distributed, and dynamic environment. Taxonomy of attacks is an effective tool in systematically classifying attacks and it has been placed as a top research topic in CPS by a National Science Foundation (NSG) Workshop. Most existing taxonomy of attacks in CPS are inadequate in addressing the tight coupling of cyber-physical process or/and lack systematical construction. This paper attempts to introduce taxonomy of attacks of agent-based smart grids as an effective tool to provide a structured framework. The proposed idea of introducing the structure of space-time and information flow direction, security feature, and cyber-physical causality is innovative, and it can establish a taxonomy design mechanism that can systematically construct the taxonomy of cyber attacks, which could have a potential impact on the normal operation of the agent-based smart grids. Based on the cyber-physical relationship revealed in the taxonomy, a concrete physical process based cyber attack detection scheme has been proposed. A numerical illustrative example has been provided to validate the proposed physical process based cyber detection scheme.