The Experts below are selected from a list of 79881 Experts worldwide ranked by ideXlab platform
Taeshik Shon - One of the best experts on this subject based on the ideXlab platform.
-
user privacy enhanced Security Architecture for home area network of smartgrid
Multimedia Tools and Applications, 2016Co-Authors: Taeshik ShonAbstract:Smartgrid is a next-generation intelligent electrical grid that enables a two-way information exchange between a customer and an electricity provider by integrating ICT (information and communications technology) into the existing electrical grid. As ICT is applied to the electrical grid, the Security vulnerabilities of the existing ICT are inherited into the Smartgrid environment. These vulnerabilities could also apply to the electrical grid features. Therefore, a Security technology to cope with such vulnerabilities should be investigated. In this paper, in order to study a HAN (Home Area Network) of Smartgrid that primarily handles customers' personal information, we propose a HAN-centric Smartgrid logical Architecture, based on the analysis of existing reference models. Further, we propose a Security Architecture that was made by applying Security functions to the HAN logical Architecture to prevent Security threats, which can happen because of the Security vulnerabilities in a Smartgrid environment. Finally, by conducting a scenario-based verification, we demonstrate that the Security effects of the proposed Security Architecture can protect the HAN users' personal information and smoothly provide services for users.
-
A novel Security Architecture of electronic vehicle system for smart grid communication
The Journal of Supercomputing, 2015Co-Authors: Taeshik ShonAbstract:As ICT is incorporated into the existing electrical grid, Security threats can also be unintentionally introduced to the Smart Grid, as has happened with conventional information and communication networks. To avoid this, a new Security Architecture design addressing the particular characteristics of ICT is required. This paper proposes a logical Architecture considering the case of electric vehicle telecommunication, which is one of the core Smart Grid services and one closely related to actual users. Based on that Architecture, we analyzed the Security threats and the respective Security measures required to respond to them. By analyzing the Security techniques and algorithms applicable to the Smart Grid environment and applying them to address its Security requirements and threats we proposed a new Security Architecture for Smart Grid.
-
ICITCS - Security Architecture Model for Smart Grid Communication Systems
2013 International Conference on IT Convergence and Security (ICITCS), 2013Co-Authors: Hyunwoo Lim, Mijoo Kim, Jongbin Ko, Seokjun Lee, Jongwan Kim, Taeshik ShonAbstract:Because most existing smart grid models are conceptual, it is difficult to analyze in detail communication relationship between each component, such as advanced metering infrastructure, demand response, and distributed energy resources domain. Thus, in this paper, we identify more concrete services in smart grid communication with Security threats and Security requirements. Finally, we suggest a new Security Architecture model that focuses on the communication aspect using each component.
Vijay Varadharajan - One of the best experts on this subject based on the ideXlab platform.
-
A Policy-Based Security Architecture for Software-Defined Networks
IEEE Transactions on Information Forensics and Security, 2019Co-Authors: Vijay Varadharajan, Udaya Tupakula, Kallol Karmakar, Michael HitchensAbstract:As networks expand in size and complexity, they pose greater administrative and management challenges. Software-defined networks (SDNs) offer a promising approach to meeting some of these challenges. In this paper, we propose a policy-driven Security Architecture for securing end-to-end services across multiple SDN domains. We develop a language-based approach to design Security policies that are relevant for securing SDN services and communications. We describe the policy language and its use in specifying Security policies to control the flow of information in a multi-domain SDN. We demonstrate the specification of fine-grained Security policies based on a variety of attributes, such as parameters associated with users and devices/switches, context information, such as location and routing information, and services accessed in SDN as well as Security attributes associated with the switches and controllers in different domains. An important feature of our Architecture is its ability to specify path- and flow-based Security policies that are significant for securing end-to-end services in SDNs. We describe the design and the implementation of our proposed policy-based Security Architecture and demonstrate its use in scenarios involving both intra- and inter-domain communications with multiple SDN controllers. We analyze the performance characteristics of our Architecture as well as discuss how our Architecture is able to counteract various Security attacks. The dynamic Security policy-based approach and the distribution of corresponding Security capabilities intelligently as a service layer that enables flow-based Security enforcement and protection of multitude of network devices against attacks are important contributions of this paper.
-
TrustLite: A Security Architecture for Tiny Embedded Devices
Proceedings of the European Conference on Computer Systems (EuroSys), 2014Co-Authors: Patrick Koeberl, Ahmad-reza R Sadeghi, Steffen Schulz, Ahmad-reza Sadeghi, Vijay VaradharajanAbstract:Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every day life and safety. Tiny devices that cannot afford sophisticated hardware Security mechanisms are embedded in complex control infrastructures, medical support systems and entertainment products [51]. As such devices are increasingly subject to attacks, new hardware protection mechanisms are needed to provide the required resilience and dependency at low cost. In this work, we present the TrustLite Security Architecture for flexible, hardware-enforced isolation of software modules. We describe mechanisms for secure exception handling and communication between protected modules, enabling seamless interoperability with untrusted operating systems and tasks. TrustLite scales from providing a simple protected firmware runtime to advanced functionality such as attestation and trusted execution of userspace tasks. Our FPGA prototype shows that these capabilities are achievable even on low-cost embedded systems.
-
SecureComm - Integrated Security Architecture for Virtual Machines
Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering, 2013Co-Authors: Vijay Varadharajan, Udaya TupakulaAbstract:Currently virtualisation technology is being deployed widely and there is an increasing interest on virtualisation based Security techniques. There is a need for securing the life cycle of the virtual machine based systems. In this paper, we propose an integrated Security Architecture that combines access control, intrusion detection and trust management. We demonstrate how this integrated Security Architecture can be used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation aspects of the proposed Architecture and show how the Architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks.
-
A Security Architecture for mobile agent based applications
World Wide Web, 2003Co-Authors: Vijay Varadharajan, D. FosterAbstract:This paper describes a Security Architecture for mobile agent based systems. It defines the notion of a Security-enhanced agent and outlines Security management components in agent platform bases and considers secure migration of agents from one base to another. The Security enhanced agent carries a passport that contains its Security credentials and some related Security code. Then we describe how authentication, integrity and confidentiality, and access control are achieved using the agent's passport and the Security infrastructure in the agent bases. We then discuss the application of the Security model in roaming mobile agents and consider the types of access control policies that can be specified using the Security enhanced agents and the policy base in the agent platforms. Finally we describe the Security infrastructure that implements the proposed Security services and outline the development of a secure agent based application using the proposed Architecture.
Mario Gerla - One of the best experts on this subject based on the ideXlab platform.
-
WCNC - Distributed multicast group Security Architecture for mobile ad hoc networks
IEEE Wireless Communications and Networking Conference 2006. WCNC 2006., 2006Co-Authors: Jiejun Kong, Yeng-zhong Lee, Mario GerlaAbstract:Multicast communication is an efficient means to support key network applications such as real-time teleconferencing and data dissemination. In this paper we devise a Security Architecture for multicast communications in mobile ad hoc networks (MANETs). Our design is both suitable in MANET environment and compliant to the IETF standard multicast group Security Architecture (MGSA). Because centralized servers are vulnerable to network dynamics and Security attacks in a distributed MANET, we distribute the function of MGSA's group control key server (GCKS) to a dedicated subset of mobile backbone nodes in MANET. Unlike distributed GCKS nodes in stationary infrastructure networks, our GCKS backbone nodes are mobile, fully distributed and adaptive to network dynamics, in particular the constant and instant changes in network topology, node density and node mobility. We study the characteristics of our GCKS backbone design and its impacts on ad-hoc multicast Security research. Our simulation study and Linux implementation confirm the effectiveness of the new MANET MGSA design
Yoshihiro Ohba - One of the best experts on this subject based on the ideXlab platform.
-
SmartGridComm - A Security Architecture for communication between smart meters and HAN devices
2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm), 2012Co-Authors: Yasuyuki Tanaka, Yoshiki Terashima, Mitsuru Kanda, Yoshihiro OhbaAbstract:ECHONET Lite is recognized as a promising HAN protocol in Japan to be used as the standard interface for HEMS. On the other hand, detailed Security Architecture for HEMS based on ECHONET Lite has been missing. We propose and evaluate a Security Architecture for communications between HAN devices and smart meters. The proposed Security Architecture integrates HAN device registration and enrollment processes into a single network access authentication procedure using a tunneling EAP method. As a result of the evaluation, our Security Architecture is realized with less implementation effort to smart meters.
Michael Hitchens - One of the best experts on this subject based on the ideXlab platform.
-
A Policy-Based Security Architecture for Software-Defined Networks
IEEE Transactions on Information Forensics and Security, 2019Co-Authors: Vijay Varadharajan, Udaya Tupakula, Kallol Karmakar, Michael HitchensAbstract:As networks expand in size and complexity, they pose greater administrative and management challenges. Software-defined networks (SDNs) offer a promising approach to meeting some of these challenges. In this paper, we propose a policy-driven Security Architecture for securing end-to-end services across multiple SDN domains. We develop a language-based approach to design Security policies that are relevant for securing SDN services and communications. We describe the policy language and its use in specifying Security policies to control the flow of information in a multi-domain SDN. We demonstrate the specification of fine-grained Security policies based on a variety of attributes, such as parameters associated with users and devices/switches, context information, such as location and routing information, and services accessed in SDN as well as Security attributes associated with the switches and controllers in different domains. An important feature of our Architecture is its ability to specify path- and flow-based Security policies that are significant for securing end-to-end services in SDNs. We describe the design and the implementation of our proposed policy-based Security Architecture and demonstrate its use in scenarios involving both intra- and inter-domain communications with multiple SDN controllers. We analyze the performance characteristics of our Architecture as well as discuss how our Architecture is able to counteract various Security attacks. The dynamic Security policy-based approach and the distribution of corresponding Security capabilities intelligently as a service layer that enables flow-based Security enforcement and protection of multitude of network devices against attacks are important contributions of this paper.
