ABSTRACT
Compromises attributable to the Advanced Persistent Threat (APT) highlight the necessity for constant vigilance. The APT provides a new perspective on security metrics (e.g., statistics based cyber security) and quantitative risk assessments. We consider design principles and models/tools that provide high assurance for energy delivery systems (EDS) operations regardless of the state of compromise. Cryptographic keys must be securely exchanged, then held and protected on either end of a communications link. This is challenging for a utility with numerous substations that must secure the intelligent electronic devices (IEDs) that may comprise complex control system of systems. For example, distribution and management of keys among the millions of intelligent meters within the Advanced Metering Infrastructure (AMI) is being implemented as part of the National Smart Grid initiative. Without a means for a secure cryptographic key management system (CKMS) no cryptographic solution can be widely deployed to protect the EDS infrastructure from cyber-attack.
We consider 1) how security modeling is applied to key management and cyber security concerns on a continuous basis from design through operation, 2) how trusted models and key management architectures greatly impact failure scenarios, and 3) how hardware-enabled trust is a critical element to detecting, surviving, and recovering from attack.
- F. T. Sheldon, R. K. Abercrombie, and A. Mili, "Methodology for Evaluating Security Controls Based on Key Performance indicators and Stakeholder Mission," IEEE HICSS, Jan. '09Google Scholar
- A. Ben Aissa, R. K. Abercrombie, F. T. Sheldon, and A. Mili, "Quantifying Security Threats and Their Potential Impacts: A Case Study," Innovations in Systems and Software Engineering, Volume 6, Number 4, pp. 269--281, Springer London: December 2010 (DOI 10.1007/s11334-010-0123-2) Google ScholarDigital Library
- "RSA to replace millions of SecurID tokens -- IT should take notice", http://www.thetechherald.com/article.php/201123/7248/RSA-to-replace-millions-of-SecurID-tokens-IT-should-take-notice, Jun 2007Google Scholar
- "EMC Unit RSA to Replace Security Tokens After Data Breach", http://www.businessweek.com/news/2011-06-07/emc-unit-rsa-to-replace-security-tokens-after-data-breach.htmlGoogle Scholar
- "Comodo Hacker Claims Credit for DigiNotar Attack", http://www.pcworld.com/businesscenter/article/239534/comodo_hacker_claims_credit_for_diginotar_attack.htmlGoogle Scholar
- "Google tells Iranians: Change your Gmail password", http://www.theregister.co.uk/2011/09/09/gmail_diginotar_se curity_alert/Google Scholar
- "Google, Skype, Yahoo Targeted by Rogue Comodo SSL Certificates",http://www.pcworld.com/businesscenter/article/223147/google_skype_yahoo_targeted_by_rogue_comodo_s sl_certificates.html, Mar 2011Google Scholar
Index Terms
- Designing and operating through compromise: architectural analysis of CKMS for the advanced metering infrastructure
Recommendations
Prevention of DoS Attacks Based on Light Weight Dynamic Key Mechanism in Hierarchical Wireless Sensor Networks
FGCN '08: Proceedings of the 2008 Second International Conference on Future Generation Communication and Networking - Volume 01Denial of service (DoS) attack is an impelling inside attack in the form of interference or collision at the receiver side, which can causes serious damage to the functions of wireless sensor networks (WSNs). In this paper, we propose a solution using ...
A framework for intrusion detection system in advanced metering infrastructure
Advanced metering infrastructure AMI is one of the key elements in smart grid, which facilitates the communication of metering data to a substation in one direction and control messages in the reverse direction. Using wireless technologies and ...
The Smarter Grid
In the US, tens of millions of "smart meters," which are vulnerable to remote exploitation, viruses, worms, malicious upgrades, and all manner of other attacks, have been deployed. Attackers can and already have used these meters, on a small scale, to ...
Comments