Measurable Security, Privacy and Dependability in Smart Grids

Authors

  • Josef Noll University of Oslo, Oslo, Norway, UNIK, Kjeller, Norway
  • Iñaki Garitano UNIK, Kjeller, Norway
  • Seraj Fayyad University of Oslo, Oslo, Norway, UNIK, Kjeller, Norway
  • Erik Åsberg eSmartSystems, Halden, Norway
  • Habtamu Abie Norwegian Computing Centre (NR), Oslo, Norway

DOI:

https://doi.org/10.13052/jcsm2245-1439.342

Keywords:

Smart Grid, Security, Privacy, Dependability, Embedded Systems, Internet of Things, Measurable Security, Advanced Metering Infrastructure, AMI

Abstract

This paper presents a methodology for assessing security, privacy and dependability (SPD) of embedded systems. The methodology, developed through the European collaboration SHIELD, is applied for the smart grid network as deployed in the South of Norway. Three Smart Grid use cases are analysed in detail, being billing, home control and alarm.

The SHIELD methodology uses a Multi-Metrics approach to evaluate the system SPD level during running processes and compares it with use case goals for S, P, and D. The simplicity, applicability, and scalability of the suggested Multi-Metrics approach is demonstrated in this paper. It shows that a single configuration is not sufficient to satisfy the given goals for all use cases.

Downloads

Download data is not yet available.

Author Biographies

Josef Noll, University of Oslo, Oslo, Norway, UNIK, Kjeller, Norway

J. Noll is professor at the University of Oslo in the area of Wireless Network and Security. His work concentrates on personalised and context-aware service provisioning, and measurable security for the Internet of Things (IoT). He is also Head of Research in Movation, Norway’s open innovation company. He is founding member of the Center for Wireless Innovation, the collaboration of 7 Universities/University colleges in Norway. He is involved in several international projects, including nSHIELD for measurable security in IoT systems, Citi-Sense-MOB for mobile air quality measurements, GravidPluss for mobile diabetes advise, and Ka-band propagation for polar regions. In the area of Internet of Things he was project leader of the Artemis pSHIELD project. Previously he was Senior Advisor at Telenor R & I in the Products and Markets group, and project leader of Eurescom’s ‘Broadband services in the Intelligent Home’ and use-case leader in the EU FP6 ‘Adaptive Services rid (ASG)’ projects, and has initiated a.o. the EU’s 6th FP ePerSpace and several Eurescom projects. In 2008 he received the IARIA fellow award. He is editorial board member of four International Journals, as well as reviewer and evaluator for several national and European projects and programs.

Iñaki Garitano, UNIK, Kjeller, Norway

I. Garitano is currently working as a postdoctoral fellow at UNIK-University Graduate Centre, Norway. He received the Ph.D. degree from the Department of Electronics and Computer Science, University of Mondragon in 2014 in the area of industrial control systems security. Prior to that he received the M.Sc. degree in Telecommunication Engineering from University of Mondragon. His current research interests include measurable Security, Privacy and Dependability (SPD), Intrusion Detection Systems (IDS) and Internet of Things (IoT). He participated, and currently is involved, in research projects funded by the Norwegian Research Council, the Basque Government, the Spanish Government and the European Union.

Seraj Fayyad, University of Oslo, Oslo, Norway, UNIK, Kjeller, Norway

S. Fayyad, PhD researcher at Movation AS and the University of Oslo/UNIK, he received his M.Sc. degree in computer engineering in the area of «reliable systems» from the University Duisburg-Essen, Germany. His research interests include IT security with concentration on measurable security for sensors in the Internet of People, Things and Services (IoPTS). He is involved in several international projects, including nSHIELD for measurable security in IoT systems, Citi-Sense-MOB for mobile air quality measurements.

Erik Åsberg, eSmartSystems, Halden, Norway

E. Åsberg is currently Head of Development and Product Architect at eSmart Systems. He received his degree in Software Design from Østfold University College. He started his career at Institute for Energy Technology as a systems developer, continuing at Hand-El Scandinavia working with Customer Information Systems and at Nasdaq OMX working with Risk Management Systems. At Navita Systems (later Brady Plc.) he continued as team lead for software development on their risk management system for mitigating risk in the financial energy and commodity markets. At eSmart Systems he is responsible for system development and overall system architecture. He is heavily involved in system specification working closely with the customers. eSmart base their architecture on Azure, Microsoft’s cloud solution, and Erik has extensive knowledge of the services available on the platform and works closely with Microsoft to optimize eSmart’s cloud based solutions.

Habtamu Abie, Norwegian Computing Centre (NR), Oslo, Norway

Dr. H. Abie is currently a senior research scientist at the Norwegian Computing Center. He received his B.Sc., M.Sc. and Ph.D. from the University of Oslo. He has previously been a scientific associate and fellow at CERN, researcher at ABB Corporate Research, Norway, software development engineer at Nera-AS, Norway, Alcatel Telecom Norway AS, Oslo, Norway, and senior engineer and research scientist at Telenor R & D, Norway. He has a solid and extensive background in the design and development of real-time systems, and the design, modelling and development of security for critical systems. He participates as a reviewer and member of the technical program committee in international conferences and workshops and reviews scientific papers in books and international journals. He co-organizes international workshops in conjunction with highly reputed international conferences, and serves as a project proposal reviewer for research and higher academic institutions. His past and present research interests encompass adaptive security, privacy and trust in distributed and communications systems, architecture and methodology, formal methods and tools, hard real-time systems, and mobile, ubiquitous, Internet of Things (IoT), and ambient intelligent computing, and adaptive and evolving algorithms.

References

Sarfraz Alam, Mohammad M. R. Chowdhury, and Josef Noll. Interoperability of Security-Enabled Internet of Things. Wireless Personal Communications, 61(3):567–586, 2011.

Alexandre Bartel, Jacques Klein, Yves Le Traon, and Martin Monperrus. Automatically securing permission-based software by reducing the attack surface: an application to android. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, pages 274–277. ACM, 2012.

Nasim Beigi Mohammadi, Jelena Mišić, Vojislav B Mišić, and Hamzeh Khazaei. A framework for intrusion detection system in advanced metering infrastructure. Security and Communication Networks, 7(1):195–205, 2014.

Ann Cavoukian, Jules Polonetsky, and Christopher Wolf. Smartprivacy for the smart grid: embedding privacy into the design of electricity conservation. Identity in the Information Society, 3(2):275–294, 2010.

Min Chen, Shiwen Mao, and Yunhao Liu. Big data: A survey. Mobile Networks and Applications, 19(2):171–209, 2014.

Iñaki Garitano, Seraj Fayyad, and Josef Noll. Multi-Metrics Approach for Security, Privacy and Dependability in Embedded Systems. Wireless Personal Communications, accepted for publication, 2015.

V.C. Gungor, Bin Lu, and G.P. Hancke. Opportunities and challenges of wireless sensor networks in smart grid. Industrial Electronics, IEEE Transactions on, 57(10):3557–3564, Oct 2010.

V.C. Gungor, D. Sahin, T. Kocak, S. Ergut, C. Buccella, C. Cecati, and G.P. Hancke. A survey on smart grid potential applications and communication requirements. Industrial Informatics, IEEE Transactions on, 9(1):28–42, Feb 2013.

Michael Howard. Fending off future attacks by reducing attack surface. http://msdn.microsoft.com/en-us/library/ms972812.aspx. [Online] Accessed: 2014-09-27.

Michael Howard, Jon Pincus, and Jeannette M Wing. Measuring relative attack surfaces. In D. T. Lee, S. P. Shieh, and J. D. Tygar, editors, Computer Security in the 21st Century, pages 109–137. Springer US, 2005.

G. Kalogridis, C. Efthymiou, S.Z. Denic, T.A. Lewis, and R. Cepeda. Privacy for smart meters: Towards undetectable appliance load signatures. In Smart Grid Communications (SmartGridComm), 2010 First IEEE International Conference on, pages 232–237, Oct 2010.

Stamatis Karnouskos, Orestis Terzidis, and Panagiotis Karnouskos. An advanced metering infrastructure for future energy networks. In New Technologies, Mobility and Security, pages 597–606. Springer, 2007.

Anil Kurmus, Alessandro Sorniotti, and Rüdiger Kapitza. Attack surface reduction for commodity os kernels: trimmed garden plants may attract less bugs. In Proceedings of the Fourth European Workshop on System Security, page 6. ACM, 2011.

M.G. Lauby. Reliability considerations for application of smart grid technologies. In Power and Energy Society General Meeting, 2010 IEEE, pages 1–4, July 2010.

C. Laughman, Kwangduk Lee, R. Cox, S. Shaw, S. Leeb, L. Norford, and P. Armstrong. Power signature analysis. Power and Energy Magazine, IEEE, 1(2):56–63, Mar 2003.

Husheng Li and Weiyi Zhang. Qos routing in smart grid. In Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE, pages 1–6, Dec 2010.

Zhuo Lu, Xiang Lu, Wenye Wang, and C. Wang. Review and evaluation of security threats on the communication networks in the smart grid. In MILITARY COMMUNICATIONS CONFERENCE, 2010 – MILCOM 2010, pages 1830–1835, Oct 2010.

Pratyusa Manadhata, Jeannette Wing, Mark Flynn, and Miles McQueen. Measuring the attack surfaces of two ftp daemons. In Proceedings of the 2nd ACM workshop on Quality of protection, pages 3–10. ACM, 2006.

Pratyusa Manadhata and Jeannette M. Wing. Measuring a system’s attack surface. Technical report, DTIC Document, 2004.

Pratyusa K. Manadhata, Kymie M. Tan, Roy A. Maxion, and Jeannette M. Wing. An approach to measuring a system’s attack surface. Technical report, DTIC Document, 2007.

Pratyusa K. Manadhata and Jeannette M. Wing. An attack surface metric. Technical report, DTIC Document, 2005.

Pratyusa K Manadhata and Jeannette M Wing. An attack surface metric. Software Engineering, IEEE Transactions on, 37(3):371–386, 2011.

Pratyusa K. Manadhata and Jeannette M. Wing. A formal model for a system’s attack surface. In Moving Target Defense, volume 54, chapter Creating Asymmetric Uncertainty for Cyber Threats, pages 1–28. Springer New York, 2011.

Yilin Mo, T. H. -H. Kim, K. Brancik, D. Dickinson, Heejo Lee, A. Perrig, and B. Sinopoli. Cyber-physical security of a smart grid infrastructure. Proceedings of the IEEE, 100(1):195–209, Jan 2012.

nSHIELD. New embedded Systems arcHItecturE for multi-Layer Dependable solutions. http://www.newshield.eu. [Online] Accessed: 2014-09-30.

Elias Leake Quinn. Privacy and the new energy infrastructure. Available at SSRN 1370731, 2009.

Nico Saputro and Kemal Akkaya. On preserving user privacy in smart grid advanced metering infrastructure applications. Security and Communication Networks, 7(1):206–220, 2014.

Jeffrey Stuckman and James Purtilo. Comparing and applying attack surface metrics. In Proceedings of the 4th international workshop on Security measurements and metrics, pages 3–6. ACM, 2012.

Jakub Szefer, Eric Keller, Ruby B Lee, and Jennifer Rexford. Eliminating the hypervisor attack surface for a more secure cloud. In Proceedings of the 18th ACM conference on Computer and communications security, pages 401–412. ACM, 2011.

Jeffrey Voas, Anup Ghosh, Gary McGraw, FACF Charron, and Keith W Miller. Defning an adaptive software security metric from a dynamic software failure tolerance measure. In Computer Assurance, 1996. COMPASS’96, Systems Integrity. Software Safety. Process Security. Proceedings of the Eleventh Annual Conference on, pages 250–263. IEEE, 1996.

Jeffrey Voas and Keith W Miller. Predicting software’s minimum-time-to-hazard and mean-time-to-hazard for rare input events. In Software Reliability Engineering, 1995. Proceedings., Sixth International Symposium on, pages 229–238. IEEE, 1995.

Wenye Wang and Zhuo Lu. Cyber security in the smart grid: Survey and challenges. Computer Networks, 57(5):1344–1371, 2013.

I.A. Whyte. Distribution network powerline carrier communication system, March 2 1976. US Patent 3,942,170.

Downloads

Published

2015-04-10

How to Cite

1.
Noll J, Garitano I, Fayyad S, Åsberg E, Abie H. Measurable Security, Privacy and Dependability in Smart Grids. JCSANDM [Internet]. 2015 Apr. 10 [cited 2024 Nov. 4];3(4):371-98. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/6201

Issue

2014: Vol 3 Iss 4

Section

Articles