TOWARDS AN ANONYMOUS INCIDENT COMMUNICATION CHANNEL FOR ELECTRIC SMART GRIDS
- Details
- Hits: 2547
Volume 2 (1), June 2019, Pages 7-28
Anna Triantafyllou1, Panagiotis Sarigiannidis1, Antonios Sarigiannidis2, Erkuden Rios3, Eider Iturbe3
1Department of Informatics and Telecommunications Engineering, University of Western Macedonia, Kozani 50100, Greece, This email address is being protected from spambots. You need JavaScript enabled to view it., This email address is being protected from spambots. You need JavaScript enabled to view it.
2Sidroco Holdings Ltd, Limassol, Cyprus 3113, This email address is being protected from spambots. You need JavaScript enabled to view it.
3Fundacion Tecnalia Research and Innovation, Derio, Spain E-20009, This email address is being protected from spambots. You need JavaScript enabled to view it., This email address is being protected from spambots. You need JavaScript enabled to view it.
Abstract
The Electric Smart Grid (ESG) is referred to as the next generation electricity power network. It is an intelligent critical infrastructure aiming to create an automated and distributed advanced energy delivery network while preserving information privacy and offering protection against intrusions. This study proposes the implementation of an Anonymous Incident Communication Channel (AICC) amongst smart grids across Europe to improve situational awareness and enhance the security of the new electric intelligent infrastructures. All participating organizations will have the ability to broadcast sensitive information, stored anonymously in a repository, without exposing the reputation of the organization. However, the technical details of the attack will be available for everyone to take appropriate countermeasures. The advantages of the AICC are the exchange of real-time security data and analysis, the circulation of best countermeasures practices, the comparison of various security solutions both from a technical and operational viewpoint and the ability to establish an open dialogue amongst anonymous peers who represent smart grid organizations (e.g., power plants) across Europe. This work focuses on the requirements of establishment, the possible obstacles, and proposed data protection techniques to be applied in the AICC. Furthermore, were explained some details of the documentation of cyber-incidents Last but not least, were also provided the benefits and the potential risks of this AICC concept.
Keywords:
Smart Grid; anonymity; group signature; anonymous repository of incidents.
DOI: https://doi.org/10.32010/26166127.2019.2.1.7.28
Reference
[1] Grasberg, L., & Osterlund, L. A. (2001). SCADA EMS DMS-a part of the corporate IT system. In PICA 2001. Innovative Computing for Power-Electric Energy Meets the Market. 22nd IEEE Power Engineering Society. International Conference on Power Industry Computer Applications (Cat. No. 01CH37195) (pp. 141-147). IEEE.
[2] Anwar, A., & Mahmood, A. N. (2014). Cyber security of smart grid infrastructure. arXiv preprint arXiv:1401.3936.
[3] Marmol, F. G., Sorge, C., Ugus, O., & Pérez, G. M. (2012). Do not snoop my habits: preserving privacy in the smart grid. IEEE Communications Magazine, 50(5), 166-172.
[4] Eder-Neuhauser, P., Zseby, T., Fabini, J., & Vormayr, G. (2017). Cyber attack models for smart grid environments. Sustainable Energy, Grids and Networks, 12, 10-29.
[5] L. Ponemon, “Cost of data breaches rising globally, “2015 cost of a data breach study: Global analysis,” Security Intelligence
[6] Serrano, O., Dandurand, L., & Brown, S. (2014, November). On the design of a cyber security data sharing system. In Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security (pp. 61-69). ACM.
[7] EE-ISAC, “European energy - information sharing and analysis center home page,” accessed: 2018-06-19. [Online]. Available: http://www.ee-isac.eu/
[8] ESMIG, “Esmig - whom we are page,” accessed: 2018-06-19. [Online]. Available: http://esmig.eu/
[9] Triantafyllou, A., Sarigiannidis, P., Sarigiannidis, A., Rios, E., & Iturbe, E. (2018, November). Towards an anonymous incident communication channel for electric smart grids. In Proceedings of the 22nd Pan-Hellenic Conference on Informatics (pp. 34-39). ACM.
[10] U.S. Department of Homeland Security, “Homeland security information network (hsin),” accessed: 2018-06-19. [Online]. Available: https: //www.dhs.gov/homeland-security-information-network-hsin
[11] Kampanakis, P. (2014). Security automation and threat information-sharing options. IEEE Security & Privacy, 12(5), 42-51.
[12] U.S. CERT - United States Computer Emergency Readiness Team, “About us page,” accessed: 2018-06-19. [Online]. Available: https://www.us-cert.gov/about-us
[13] Department of Energy, “Energy security,” accessed: 2018-06-19. [On- line]. Available: https://www.energy.gov/ceser/activities/energy-security
[14] E. Byres, D. Leversage, and N. Kube, “Security incidents and trends in the scada and process industries - a statistical review of the industrial security incident database (isid),” accessed: 2018-06-19. [Online]. Available: https://www.controlglobal.com/assets/Media/MediaManager/ wp 07 010 semantic security.pdf
[15] VERIS - Vocabulary for Event Recording and Incident Sharing, “Veris home page,” accessed: 2018-06-19”. [Online]. Available: http://veriscommunity.net/index.html
[16] Joyce, A. L., Evans, N., Tanzman, E. A., & Israeli, D. (2016, October). International cyber incident repository system: Information sharing on a global scale. In 2016 International Conference on Cyber Conflict (CyCon US) (pp. 1-6). IEEE.
[17] CERT-Australia, “Frequently asked questions,” 2016, accessed: 2018- 06-19. [Online]. Available: https://www.cert.gov.au/faq
[18] National Intelligence Service Korea, “Nis home page,” 2016, accessed: 2018-06-19. [Online]. Available: http://www.nis.go.kr/AF/1 7.do
[19] National Information Security Center, “National Center of incident readiness and strategy for cybersecurity home page,” 2015, accessed: 2018-06-19. [Online]. Available: http://www.nisc.go.jp/eng/index.html
[20] State Security Agency-Republic of South Africa, “Computer security incident response team (csirt),” 2015, accessed: 2018-06-19. [Online]. Available: http://www.ssa.gov.za/CSIRT.aspx
[21] ICIC (Programa Nacional de Infraestructuras Crticas de Informacin y Ciberseguridad), “Qu hacemos,” accessed: 2018-06-19. [Online]. Available: http://www.icic.gob.ar/
[22] “Enhancing resilience through cyber incident data sharing and analysis: Overcoming perceived obstacles to sharing into a cyber incident data repository,” 12 2015. [Online]. Available: https: //www.hsdl.org/?view&did=788824
[23] C. S. Johnson, M. L. Badger, D. A. Waltermire, J. Snyder, and C. Skorupka, “Guide to cyber threat information sharing,” October 2016. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/ SpecialPublications/NIST.SP.800-150.pdf
[24] Yan, Y., Qian, Y., Sharif, H., & Tipper, D. (2012). A survey on cyber security for smart grid communications. IEEE Communications Surveys & Tutorials, 14(4), 998-1010.
[25] A. Hahn, “Cybersecurity of the smart grid: Attack exposure analysis, detection algorithms, and testbed evaluation,” 2013. [Online]. Available: https://lib.dr.iastate.edu/etd/13098
[26] “Enhancing resilience through cyber incident data sharing and analysis: Establishing community-relevant data categories in support of a cyber incident data repository,” 9 2015. [Online]. Available: https://www.hsdl.org/?view&did=788825
[27] M. Kuypers and E. Pat-Cornell, “Documenting cybersecurity incidents,” December 2015.
[28] J. J Tom, B. Alese, F. Aderonke, T., P. Nlerum, and A. D, “Performance and security of group signature in wireless networks,” 05 2018.
[29] Chaum, D., & Van Heyst, E. (1991, April). Group signatures. In Workshop on the Theory and Application of of Cryptographic Techniques (pp. 257-265). Springer, Berlin, Heidelberg.
[30] Agarwal, A., & Saraswat, R. (2013). A survey of group signature technique, its applications and attacks. International Journal of Engineering and Innovative Technology (IJEIT), 2(10).
[31] Boneh, D., Boyen, X., & Shacham, H. (2004, August). Short group signatures. In Annual International Cryptology Conference (pp. 41-55). Springer, Berlin, Heidelberg.
[32] Camenisch, J., & Groth, J. (2004, September). Group signatures: Better efficiency and new theoretical aspects. In International Conference on Security in Communication Networks (pp. 120-133). Springer, Berlin, Heidelberg.
[33] Harn, L. (1994). Group-oriented (t, n) threshold digital signature scheme and digital multisignature. IEE Proceedings-Computers and Digital Techniques, 141(5), 307-313.
[34] Wang, C. T., Lin, C. H., & Chang, C. C. (1998). Threshold signature schemes with traceable signers in group communications. Computer Communications, 21(8), 771-776.
[35] Harn, L., & Wang, F. (2016). Threshold Signature Scheme without Using Polynomial Interpolation. IJ Network Security, 18(4), 710-717.
[36] Yu, Y. L., & Chen, T. S. (2005). An efficient threshold group signature scheme. Applied Mathematics and Computation, 167(1), 362-371.
[37] Mante, G., & Joshi, S. D. (2011). Discrete logarithm based (t, n) threshold group signature scheme. International Journal of Computer Applications, 21(2), 23-27.
[38] Michels, M., & Horster, P. (1996, November). On the risk of disruption in several multiparty signature schemes. In International Conference on the Theory and Application of Cryptology and Information Security (pp. 334-345). Springer, Berlin, Heidelberg.
[39] Tseng, Y. M., & Jan, J. K. (1999). Attacks on threshold signature schemes with traceable signers. Information Processing Letters, 71(1), 1-4.
[40] Shao, Z. (2008). Repairing efficient threshold group signature scheme. International Journal of Network Security, 7(9), 2008.
[41] Zhao, L. S., & Liu, J. M. (2013, September). (t, n) Threshold Digital Signature Scheme with Traceable Signers against Conspiracy Attacks. In 2013 5th International Conference on Intelligent Networking and Collaborative Systems (pp. 649-651). IEEE.
[42] Bozkurt, I. N., Kaya, K., & Selçuk, A. A. (2009, June). Practical threshold signatures with linear secret sharing schemes. In International Conference on Cryptology in Africa (pp. 167-178). Springer, Berlin, Heidelberg.
[43] Tuan, H. D., Nguyen, H. M., Tran, C. M., Nguyen, H. N., & Adreevich, M. N. (2016, December). Integrating Multisignature Scheme into the Group Signature Protocol. In International Conference on Advances in Information and Communication Technology (pp. 294-301). Springer, Cham.
[44] Eom, S., & Huh, J. H. (2018). Group signature with restrictive linkability: minimizing privacy exposure in ubiquitous environment. Journal of Ambient Intelligence and Humanized Computing, 1-11.
[45] Hung, D. T., Minh, N. H., & Hai, N. N. (2018). A Hybrid Threshold Group Signature Scheme with Distinguished Signing Authority. In Information Systems Design and Intelligent Applications (pp. 64-72). Springer, Singapore.
[46] Saeed, R., & Rauf, A. (2018, March). Anatomization through generalization (AG): A hybrid privacy-preserving approach to prevent membership, identity and semantic similarity disclosure attacks. In 2018 International Conference on Computing, Mathematics and Engineering Technologies (iCoMET) (pp. 1-7). IEEE.
[47] Li, N., Li, T., & Venkatasubramanian, S. (2007, April). t-closeness: Privacy beyond k-anonymity and l-diversity. In 2007 IEEE 23rd International Conference on Data Engineering (pp. 106-115). IEEE.
[48] Cormode, G., & Srivastava, D. (2009, June). Anonymized data: generation, models, usage. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of data (pp. 1015-1018). ACM.
[49] Zhou, B., Pei, J., & Luk, W. (2008). A brief survey on anonymization techniques for privacy preserving publishing of social network data. ACM Sigkdd Explorations Newsletter, 10(2), 12-22.
[50] Samarati, P., & Sweeney, L. (1998). Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression (pp. 101-132). technical report, SRI International.
[51] Sweeney, L. (2002). Achieving k-anonymity privacy protection using generalization and suppression. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05), 571-588.
[52] Dalenius, T. (1986). Finding a needle in a haystack or identifying anonymous census records. Journal of official statistics, 2(3), 329.
[53] P. Samarati, P. (2001). Protecting respondents identities in microdata release. IEEE transactions on Knowledge and Data Engineering, 13(6), 1010-1027.
[54] El Emam, K., & Dankar, F. K. (2008). Protecting privacy using k-anonymity. Journal of the American Medical Informatics Association, 15(5), 627-637.
[55] Athiramol, S., & Sarju, S. (2017, July). A scalable approach for anonymization using top down specialization and randomization for security. In 2017 International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT) (pp. 280-283). IEEE.
[56] Meyerson, A., & Williams, R. (2004, June). On the complexity of optimal k-anonymity. In Proceedings of the twenty-third ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems (pp. 223-228). ACM.
[57] Bayardo, R. J., & Agrawal, R. (2005, April). Data privacy through optimal k-anonymization. In 21st International conference on data engineering (ICDE’05) (pp. 217-228). IEEE.
[58] Machanavajjhala, A., Gehrke, J., Kifer, D., & Venkitasubramaniam, M. (2006, April). l-diversity: Privacy beyond k-anonymity. In 22nd International Conference on Data Engineering (ICDE’06) (pp. 24-24). IEEE.
[59] Xiao, X., & Tao, Y. (2006, September). Anatomy: Simple and effective privacy preservation. In Proceedings of the 32nd international conference on Very large data bases (pp. 139-150). VLDB Endowment.
[60] Prakash, B., Reddy, S. K., Singh, D., Yeshwanth, V. P. S., & Kumar, M. S. (2018). B-Anonymization: Privacy beyond k-Anonymization and l-Diversity. International Journal for Research in Applied Science and Engineering Technology (IJRASET), 6(03), 2018.
[61] Xiao, Y. (2007). Security in distributed, grid, mobile, and pervasive computing. CRC Press.
[62] DATA, C. I. (2015). ENHANCING RESILIENCE THROUGH CYBER INCIDENT DATA SHARING AND ANALYSIS.