Trusted neighborhood discovery in critical infrastructures

Norman Gottert, Nicolai Kuntze, Carsten Rudolph, Khan Ferdous Wahid

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

Abstract

In today's Industrial Control Systems (ICSs) interconnection and reliable communication are valuable properties that enable the controlling and monitoring of various processes-even remotely. Cyber attacks or attacks via local digital interfaces break security requirements by altering software, configurations or control sequences. In such cases, safety requirements can no longer be guaranteed. Further, forged information such as wrong load measurements in power grid scenarios can lead to faulty decisions in the control center and has the potential to cause substantial damage with potentially catastrophic results. To detect and mitigate such kinds of attacks, the Trusted Neighborhood Discovery (TND) protocol introduces a decentralized, hardware-based approach for distributed peer-to-peer security monitoring. It uses hardware-based mutual attestation of the current state of adjacent devices. TND enables efficient monitoring, detection, and location of attacks in distributed infrastructures. The TND protocol is complemented by a Zero-Touch configuration solution for efficient and economic integration of new devices and secure configuration. Both protocols are realized in a proof-of-concept implementation running on commercially available hardware components. By implementing security in hardware roots of trust, the TND solution achieves a higher level of security than software-only based solutions. Even exchanging the entire firmware will be reliably reported.
Original languageEnglish
Title of host publicationProceedings - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
Subtitle of host publication3-6 November 2014 Venice, Italy
EditorsVincent Wong, John McDonald, Lars Nordstrom
Place of PublicationNew York NY USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages976-981
Number of pages6
ISBN (Print)9781479949342
DOIs
Publication statusPublished - 2014
Externally publishedYes
EventInternational Conference on Smart Grid Communications 2014 - Hilton Molino Stucky, Venice, Italy
Duration: 3 Nov 20146 Nov 2014

Conference

ConferenceInternational Conference on Smart Grid Communications 2014
Abbreviated titleSmartGridComm 2014
CountryItaly
CityVenice
Period3/11/146/11/14

Cite this

Gottert, N., Kuntze, N., Rudolph, C., & Wahid, K. F. (2014). Trusted neighborhood discovery in critical infrastructures. In V. Wong, J. McDonald, & L. Nordstrom (Eds.), Proceedings - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014: 3-6 November 2014 Venice, Italy (pp. 976-981). [7007775] New York NY USA: IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/SmartGridComm.2014.7007775
Gottert, Norman ; Kuntze, Nicolai ; Rudolph, Carsten ; Wahid, Khan Ferdous. / Trusted neighborhood discovery in critical infrastructures. Proceedings - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014: 3-6 November 2014 Venice, Italy. editor / Vincent Wong ; John McDonald ; Lars Nordstrom. New York NY USA : IEEE, Institute of Electrical and Electronics Engineers, 2014. pp. 976-981
@inproceedings{e0c7ae2042f746a0893a21e7a38667bf,
title = "Trusted neighborhood discovery in critical infrastructures",
abstract = "In today's Industrial Control Systems (ICSs) interconnection and reliable communication are valuable properties that enable the controlling and monitoring of various processes-even remotely. Cyber attacks or attacks via local digital interfaces break security requirements by altering software, configurations or control sequences. In such cases, safety requirements can no longer be guaranteed. Further, forged information such as wrong load measurements in power grid scenarios can lead to faulty decisions in the control center and has the potential to cause substantial damage with potentially catastrophic results. To detect and mitigate such kinds of attacks, the Trusted Neighborhood Discovery (TND) protocol introduces a decentralized, hardware-based approach for distributed peer-to-peer security monitoring. It uses hardware-based mutual attestation of the current state of adjacent devices. TND enables efficient monitoring, detection, and location of attacks in distributed infrastructures. The TND protocol is complemented by a Zero-Touch configuration solution for efficient and economic integration of new devices and secure configuration. Both protocols are realized in a proof-of-concept implementation running on commercially available hardware components. By implementing security in hardware roots of trust, the TND solution achieves a higher level of security than software-only based solutions. Even exchanging the entire firmware will be reliably reported.",
author = "Norman Gottert and Nicolai Kuntze and Carsten Rudolph and Wahid, {Khan Ferdous}",
year = "2014",
doi = "10.1109/SmartGridComm.2014.7007775",
language = "English",
isbn = "9781479949342",
pages = "976--981",
editor = "Vincent Wong and John McDonald and Lars Nordstrom",
booktitle = "Proceedings - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
address = "United States of America",

}

Gottert, N, Kuntze, N, Rudolph, C & Wahid, KF 2014, Trusted neighborhood discovery in critical infrastructures. in V Wong, J McDonald & L Nordstrom (eds), Proceedings - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014: 3-6 November 2014 Venice, Italy., 7007775, IEEE, Institute of Electrical and Electronics Engineers, New York NY USA, pp. 976-981, International Conference on Smart Grid Communications 2014, Venice, Italy, 3/11/14. https://doi.org/10.1109/SmartGridComm.2014.7007775

Trusted neighborhood discovery in critical infrastructures. / Gottert, Norman; Kuntze, Nicolai; Rudolph, Carsten; Wahid, Khan Ferdous.

Proceedings - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014: 3-6 November 2014 Venice, Italy. ed. / Vincent Wong; John McDonald; Lars Nordstrom. New York NY USA : IEEE, Institute of Electrical and Electronics Engineers, 2014. p. 976-981 7007775.

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

TY - GEN

T1 - Trusted neighborhood discovery in critical infrastructures

AU - Gottert, Norman

AU - Kuntze, Nicolai

AU - Rudolph, Carsten

AU - Wahid, Khan Ferdous

PY - 2014

Y1 - 2014

N2 - In today's Industrial Control Systems (ICSs) interconnection and reliable communication are valuable properties that enable the controlling and monitoring of various processes-even remotely. Cyber attacks or attacks via local digital interfaces break security requirements by altering software, configurations or control sequences. In such cases, safety requirements can no longer be guaranteed. Further, forged information such as wrong load measurements in power grid scenarios can lead to faulty decisions in the control center and has the potential to cause substantial damage with potentially catastrophic results. To detect and mitigate such kinds of attacks, the Trusted Neighborhood Discovery (TND) protocol introduces a decentralized, hardware-based approach for distributed peer-to-peer security monitoring. It uses hardware-based mutual attestation of the current state of adjacent devices. TND enables efficient monitoring, detection, and location of attacks in distributed infrastructures. The TND protocol is complemented by a Zero-Touch configuration solution for efficient and economic integration of new devices and secure configuration. Both protocols are realized in a proof-of-concept implementation running on commercially available hardware components. By implementing security in hardware roots of trust, the TND solution achieves a higher level of security than software-only based solutions. Even exchanging the entire firmware will be reliably reported.

AB - In today's Industrial Control Systems (ICSs) interconnection and reliable communication are valuable properties that enable the controlling and monitoring of various processes-even remotely. Cyber attacks or attacks via local digital interfaces break security requirements by altering software, configurations or control sequences. In such cases, safety requirements can no longer be guaranteed. Further, forged information such as wrong load measurements in power grid scenarios can lead to faulty decisions in the control center and has the potential to cause substantial damage with potentially catastrophic results. To detect and mitigate such kinds of attacks, the Trusted Neighborhood Discovery (TND) protocol introduces a decentralized, hardware-based approach for distributed peer-to-peer security monitoring. It uses hardware-based mutual attestation of the current state of adjacent devices. TND enables efficient monitoring, detection, and location of attacks in distributed infrastructures. The TND protocol is complemented by a Zero-Touch configuration solution for efficient and economic integration of new devices and secure configuration. Both protocols are realized in a proof-of-concept implementation running on commercially available hardware components. By implementing security in hardware roots of trust, the TND solution achieves a higher level of security than software-only based solutions. Even exchanging the entire firmware will be reliably reported.

U2 - 10.1109/SmartGridComm.2014.7007775

DO - 10.1109/SmartGridComm.2014.7007775

M3 - Conference Paper

SN - 9781479949342

SP - 976

EP - 981

BT - Proceedings - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014

A2 - Wong, Vincent

A2 - McDonald, John

A2 - Nordstrom, Lars

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - New York NY USA

ER -

Gottert N, Kuntze N, Rudolph C, Wahid KF. Trusted neighborhood discovery in critical infrastructures. In Wong V, McDonald J, Nordstrom L, editors, Proceedings - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014: 3-6 November 2014 Venice, Italy. New York NY USA: IEEE, Institute of Electrical and Electronics Engineers. 2014. p. 976-981. 7007775 https://doi.org/10.1109/SmartGridComm.2014.7007775