1.
Cengiz Kaygusuz, Leonardo Babun, Hidayet Aksu, A. Selcuk Uluagac
Detection of Compromised Smart Grid Devices with Machine Learning and Convolution Techniques Conference Paper
In the Proceedings of the IEEE International Conference on Communications (ICC), 2018.
Abstract | Links | BibTeX | Tags: Smart-grid Security
@conference{Kaygusuz2018SmartGridMLb,
title = {Detection of Compromised Smart Grid Devices with Machine Learning and Convolution Techniques},
author = {Cengiz Kaygusuz and Leonardo Babun and Hidayet Aksu and A. Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/8423022},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
booktitle = {In the Proceedings of the IEEE International Conference on Communications (ICC)},
abstract = {The smart grid concept has transformed the traditional power grid into a massive cyber- physical system that depends on advanced two-way communication infrastructure to integrate a myriad of different smart devices. While the introduction of the cyber component has made the grid much more flexible and efficient with so many smart devices, it also broadened the attack surface of the power grid. Particularly, compromised devices pose great danger to the healthy operations of the smart-grid. For instance, the attackers can control the devices to change the behaviour of the grid and can impact the measurements. In this paper, to detect such misbehaving malicious smart grid devices, we propose a machine learning and convolution-based classification framework. Our framework specifically utilizes system and library call lists at the kernel level of the operating system on both resource-limited and resource-rich smart grid devices such as RTUs, PLCs, PMUs, and IEDs. Focusing on the types and other valuable features extracted from the system calls, the framework can successfully identify malicious smart-grid devices. In order to test the efficacy of the proposed framework, we built a representative testbed conforming to the IEC-61850 protocol suite and evaluated its performance with different system calls. The proposed framework in different evaluation scenarios yields very high accuracy (avg. 91%) which reveals that the framework is effective to overcome compromised smart grid devices problem.},
keywords = {Smart-grid Security},
pubstate = {published},
tppubtype = {conference}
}
The smart grid concept has transformed the traditional power grid into a massive cyber- physical system that depends on advanced two-way communication infrastructure to integrate a myriad of different smart devices. While the introduction of the cyber component has made the grid much more flexible and efficient with so many smart devices, it also broadened the attack surface of the power grid. Particularly, compromised devices pose great danger to the healthy operations of the smart-grid. For instance, the attackers can control the devices to change the behaviour of the grid and can impact the measurements. In this paper, to detect such misbehaving malicious smart grid devices, we propose a machine learning and convolution-based classification framework. Our framework specifically utilizes system and library call lists at the kernel level of the operating system on both resource-limited and resource-rich smart grid devices such as RTUs, PLCs, PMUs, and IEDs. Focusing on the types and other valuable features extracted from the system calls, the framework can successfully identify malicious smart-grid devices. In order to test the efficacy of the proposed framework, we built a representative testbed conforming to the IEC-61850 protocol suite and evaluated its performance with different system calls. The proposed framework in different evaluation scenarios yields very high accuracy (avg. 91%) which reveals that the framework is effective to overcome compromised smart grid devices problem.
2.
Samet Tonyali, Kemal Akkaya, Nico Saputro, A. Selcuk Uluagac, Mehrdad Nojoumian
Privacy-preserving protocols for secure and reliable data aggregation in IoT-enabled Smart Metering systems Journal Article
Future Generation Computer Systems journal, 2018.
Abstract | Links | BibTeX | Tags: IoT Security, Smart-grid Security
@article{TONYALI2018IoTdataAgreb,
title = {Privacy-preserving protocols for secure and reliable data aggregation in IoT-enabled Smart Metering systems},
author = {Samet Tonyali and Kemal Akkaya and Nico Saputro and A. Selcuk Uluagac and Mehrdad Nojoumian},
url = {https://www.sciencedirect.com/science/article/pii/S0167739X17306945},
doi = {https://doi.org/10.1016/j.future.2017.04.031},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {Future Generation Computer Systems journal},
abstract = {As the Internet of Things (IoT) gets more pervasive, its areas of usage expands. Smart Metering systems is such an IoT-enabled technology that enables convenient and high frequency data collection compared to existing metering systems. However, such a frequent data collection puts the consumers’ privacy in risk as it helps expose the consumers’ daily habits. Secure in-network data aggregation can be used to both preserve consumers’ privacy and reduce the packet traffic due to high frequency metering data. The privacy can be provided by performing the aggregation on concealed metering data. Fully homomorphic encryption (FHE) and secure multiparty computation (secure MPC) are the systems that enable performing multiple operations on concealed data. However, both FHE and secure MPC systems have some overhead in terms of data size or message complexity. The overhead is compounded in the IoT-enabled networks such as Smart Grid (SG) Advanced Metering Infrastructure (AMI). In this paper, we propose new protocols to adapt FHE and secure MPC to be deployed in SG AMI networks that are formed using wireless mesh networks. The proposed protocols conceal the smart meters’ (SMs) reading data by encrypting it (FHE) or computing its shares on a randomly generated polynomial (secure MPC). The encrypted data/computed shares are aggregated at some certain aggregator SM(s) up to the gateway of the network in a hierarchical manner without revealing the readings’ actual value. To assess their performance, we conducted extensive experiments using the ns-3 network simulator. The simulation results indicate that the secure MPC-based protocol can be a viable privacy-preserving data aggregation mechanism since it not only reduces the overhead with respect to FHE but also almost matches the performance of the Paillier cryptosystem when it is used within a proper sized AMI network.},
keywords = {IoT Security, Smart-grid Security},
pubstate = {published},
tppubtype = {article}
}
As the Internet of Things (IoT) gets more pervasive, its areas of usage expands. Smart Metering systems is such an IoT-enabled technology that enables convenient and high frequency data collection compared to existing metering systems. However, such a frequent data collection puts the consumers’ privacy in risk as it helps expose the consumers’ daily habits. Secure in-network data aggregation can be used to both preserve consumers’ privacy and reduce the packet traffic due to high frequency metering data. The privacy can be provided by performing the aggregation on concealed metering data. Fully homomorphic encryption (FHE) and secure multiparty computation (secure MPC) are the systems that enable performing multiple operations on concealed data. However, both FHE and secure MPC systems have some overhead in terms of data size or message complexity. The overhead is compounded in the IoT-enabled networks such as Smart Grid (SG) Advanced Metering Infrastructure (AMI). In this paper, we propose new protocols to adapt FHE and secure MPC to be deployed in SG AMI networks that are formed using wireless mesh networks. The proposed protocols conceal the smart meters’ (SMs) reading data by encrypting it (FHE) or computing its shares on a randomly generated polynomial (secure MPC). The encrypted data/computed shares are aggregated at some certain aggregator SM(s) up to the gateway of the network in a hierarchical manner without revealing the readings’ actual value. To assess their performance, we conducted extensive experiments using the ns-3 network simulator. The simulation results indicate that the secure MPC-based protocol can be a viable privacy-preserving data aggregation mechanism since it not only reduces the overhead with respect to FHE but also almost matches the performance of the Paillier cryptosystem when it is used within a proper sized AMI network.
3.
Leonardo Babun, Hidayet Aksu, A. Selcuk Uluagac
Detection of counterfeit and compromised devices using system and function call tracing techniques Patent
US Patent, 2017.
Abstract | Links | BibTeX | Tags: Fingerprinting, Smart-grid Security
@patent{Babun2018SyscallTraceb,
title = {Detection of counterfeit and compromised devices using system and function call tracing techniques},
author = {Leonardo Babun and Hidayet Aksu and A. Selcuk Uluagac},
url = {https://www.osti.gov/biblio/1463864},
year = {2017},
date = {2017-07-17},
urldate = {2017-07-17},
abstract = {Frameworks, methods, and systems for securing a smart grid are provided. A framework can include data collection, call tracing techniques, and preparing call lists to detect counterfeit or compromised devices. The call tracing techniques can include call tracing and compiling all system and function calls over a time interval. The framework can further include data processing, in which a genuine device is identified and compared to unknown devices. A first statistical correlation can be used for resource-rich systems, and a second statistical correlation can be used for resource-limited systems. Threats of information leakage, measurement poisoning and store-and-send-later can be considered.},
howpublished = {US Patent},
keywords = {Fingerprinting, Smart-grid Security},
pubstate = {published},
tppubtype = {patent}
}
Frameworks, methods, and systems for securing a smart grid are provided. A framework can include data collection, call tracing techniques, and preparing call lists to detect counterfeit or compromised devices. The call tracing techniques can include call tracing and compiling all system and function calls over a time interval. The framework can further include data processing, in which a genuine device is identified and compared to unknown devices. A first statistical correlation can be used for resource-rich systems, and a second statistical correlation can be used for resource-limited systems. Threats of information leakage, measurement poisoning and store-and-send-later can be considered.
Citations: 8413
h-index: 44
i10-index: 107
