December 2023
·
11 Reads
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
December 2023
·
11 Reads
July 2023
·
27 Reads
·
1 Citation
Communications in Computer and Information Science
During the pandemic, the Internet of Medical Things (IoMT) has played a key role in reducing unnecessary hospital visits and the burden on health care systems by providing home-based hospital services and ambulatory nursing services. As IoMT devices handle patient data and are connected over the Internet to the complex hospital Information and Communication Technology (ICT) infrastructure, their role in the transformation of healthcare services will introduce a range of new potential risks. Over the past years, several demonstrated attacks in the healthcare domain have indicated cyber security challenges for integrating IoMT devices.In this paper, we experimentally evaluate the potential risks that accompany the integration of a given IoMT device, here a connected pacemaker, from a hardware and network security perspective. We take a black box testing approach to the pacemaker ecosystem and find key shortcomings that enable several practical and low-cost attacks that impact a patient’s safety and privacy. In particular, we demonstrate the ability to gain control over the home monitoring device and to perform man-in-the-middle attacks. We find that it is possible to bypass hardware security protection mechanisms, to perform remote denial of service attacks, and other attacks. Lastly, we discuss the potential trade-offs in security protection choices and mitigation techniques.KeywordsIoMTIoT securityPacemakerMedical deviceCyber security
January 2022
·
4 Reads
·
3 Citations
October 2021
·
8 Reads
·
5 Citations
July 2021
·
283 Reads
·
71 Citations
Concurrency and Computation Practice and Experience
This article investigates and analyzes the security aspects of 5G specifications from the perspective of IoT-based smart grids. As the smart grid requires high-speed and reliable communication to enable real-time grid monitoring via Internet of Things (IoT) devices, 5G can be considered a catalyst to transform the current power grid infrastructure into a smart grid. Thus, an understanding of what 5G can bring in terms of cyber security in IoT-based smart grids is important for design decisions and future risk analysis efforts. In this article, we explore a smart grid use case on automatic voltage control—a use case utilizing 5G as a wireless communication infrastructure with edge support. We identify the benefits 5G brings to several security aspects, and show how 5G security techniques are applicable to the smart grid, thus providing a foundation for future security analysis of 5G enabled smart grid systems. Future research should extend this work to additional smart grid use cases.
June 2021
·
210 Reads
·
12 Citations
Threat modeling is about identifying architectural flaws and weaknesses in a system in order to mitigate them and avoid unwanted incidents caused by an attacker. Tool-assisted threat modeling has seen limited use in complex cyberphysical systems involving both Information Technology (IT) and Operational Technology (OT) systems. In this paper, we investigate the applicability of tool-assisted threat modeling to the complex cyber-physical system that is the smart grid, and present a new Smart Grid template for the Microsoft Threat Modeling Tool. We demonstrate benefits of our smart grid threat modeling template on a use-case, and discuss limitations.
March 2021
·
138 Reads
·
5 Citations
Lecture Notes in Computer Science
Maritime shipping is currently undergoing rapid digitalization, but with increasing exposure to cyber threats, there is a need to improve the security of the ship communication technology used during operations across international waters, as well as close to local shores and in ports. To this aid, there are ongoing standardization efforts for an international maritime Public Key Infrastructure, but the inherent properties of limited connectivity and bandwidth make certificate revocation a problematic affair compared to traditional Internet systems. The main contribution of this paper is an analysis of certificate revocation techniques based on how they fulfil fundamental maritime requirements and simulated usage over time. Our results identify CRLs (with Delta CRLs) and CRLite as the two most promising candidates. Finally, we outline the pros and cons with these two different solutions.
June 2020
·
115 Reads
·
1 Citation
The modernisation of the power grid is ongoing,and the level of digitalisation of the power grid in, say, ten yearsmay be quite different than today. Cyber security needs willchange correspondingly. In this paper we utilise a qualitativeresearch approach to explore misuse cases related to three mainareas of modernisation that we envision for the next ten yearperiod: 1) managing flexibility in the TSO-DSO relation, 2) smartdistribution grids, and 3) microgrids. The misuse cases representpotential security challenges to be considered when working onmodernising the grid, however they are not exhaustive. Themisuse cases presented in this paper can contribute to identifyingsecurity requirements, thus reducing associated cyber risks, andassist in development of new cyber security mechanisms for thenext-generation power grid employing digitally-connected, self-healing, and automation characteristics.
November 2019
·
605 Reads
·
34 Citations
IMSI catchers threaten the privacy of mobile phone users by identifying and tracking them. Commercial IMSI catcher products exploit vulnerabilities in cellular network security standards to lure nearby mobile devices. Commercial IMSI catcher's technical capabilities and operational details are still kept as a secret and unclearly presented due to the lack of access to these products from the research perspective. On the other hand, there are several solutions to detect such IMSI catchers to protect the privacy of mobile subscribers. However, detecting IMSI catchers effectively on commercial smartphones is still a challenge. In this paper, we present a systematic study of IMSI catchers, especially commercially available ones. Starting from publicly available product brochures, we analyze information from the international patent databases, attacking techniques used by them and vulnerabilities exploited in cellular networks (2G, 3G, and 4G). To this end, we survey IMSI catcher detection techniques and their limitations. Finally, we provide insights that we believe help guide the development of more effective and efficient IMSI catcher detection techniques.
September 2019
·
244 Reads
·
16 Citations
The use of IoT devices in the future electricity domain (known as the smart grid) has numerous benefits, such as improved reliability of the power system, enhanced functions of SCADA (Supervisory Control and Data Acquisition), improved monitoring and management of operational power grid assets, and advanced metering infrastructure. The smart grid concept relies on the integration of high-speed and reliable communication networking technologies in order to provide twofold benefits - one for the interconnection between the existing power grid and intelligent information systems, and another for enabling real-time grid monitoring via IoT devices. However, the security of IoT devices themselves is a challenge due to the trade-off between device cost and secure communication requirements. Further, current electricity grids require robust and secure wireless communication infrastructure to realize transformation to smart grids. 5G networks are considered an enabler for digitalization of power grids and facilitating IoT connectivity for future smart grids with several benefits, such as low latency, ultra high speed, and improved reliability. However, the use of public 5G networks may introduce new types of security risks to the IoT-based smart grid infrastructure. In this paper, we analyze the security aspects of 5G security specifications released by the 3GPP standards organization from the perspective of IoT-based smart grids.In particular, we consider a smart grid scenario utilizing 5G as a wireless communication infrastructure, and present 5G benefits to several security aspects such as authentication, confidentiality, integrity, resiliency, and availability. Further, we outline security risks to IoT-based smart grids originating from compromised 5G network-related infrastructure.
... Ensuring privacy and security in the wireless connection of in-body devices, for instance Pacemakers, is of utmost importance due to their vulnerability to hacking [75]. Hackers can exploit this vulnerability such as manipulating the Pacemaker's operations, creating severe threats to patients [76]. Using sophisticated cryptographic techniques becomes necessary to ensure the security and privacy of these devices and safe to the patients. ...
July 2023
Communications in Computer and Information Science
... The importance of technological support and security measures in resolving the worldwide health emergency is emphasized in [19], where novel smart and connected health solutions to fight COVID-19 are proposed. The security protection of data transmitted for monitoring with connected pacemakers is tested in [20], where the authors aim to prove that patients and healthcare infrastructure can suffer the consequences of new cybersecurity threats when medical devices are connected to the Internet. In [21], we proposed an authentication protocol to protect communications between the resource-constrained Internet of Medical Things (IoMT) nodes that collect health data and the controllers in charge of receiving data from them, intending to introduce a solution for secure and lightweight 6G digital health (eHealth) systems. ...
January 2022
... Also based on the use case, the sufficiency of the IEC 61970 Common Information Model (CIM) standard and the Common Grid Model Exchange Specification (CGMES) profile are evaluated for real-time TSO-DSO data exchange. A cyber-physical test system is built upon an existing testbed for advance distribution managment system (ADMS) to include the TSO-DSO inter-control center communication platform [14]. ...
October 2021
... As a result, Table 13 gives further details on R.A. identification methods. These methods include the support vector model, the ML -based approach, and the strategy for locating the R.A.'s closest neighbor [123]. Table 13. ...
June 2021
... Many eSIM card manufacturers have developed remote code management systems based on eSIM. In order to establish a more compatible remote code writing system among more operators worldwide, international standards are also being developed one after another [3]. ...
July 2021
Concurrency and Computation Practice and Experience
... Grigoriadis, et al. [126] presented a series of solutions for improving maritime cybersecurity, including the novel secure communication algorithms based on SHA256 and public infrastructure certificates. Similar concepts related to public communication certificates were presented in [127][128][129], where different certificate types were analysed and discussed. Freire, et al. [130] proposed the use of blockchain in the maritime cybersecurity monitoring system. ...
March 2021
Lecture Notes in Computer Science
... For further work, we would like to perform a laboratory implementation of our use case which would allow us to implement specific misuse cases 49 to validate identification and mitigation methods, as part of a broader study of controller architecture and resilience. Furthermore, though we have presented a threat model for our use case, a natural next step is to develop a threat model for the entire smart grid ecosystem. ...
June 2020
... This technology offers extensive communication coverage, crucial for effective supply control and management in both urban and remote areas. Moreover, a robust communication infrastructure fortifies the grid against cyber-attacks through secure message authentication, system analysis, data integrity, and state monitoring, while also improving scalability and situational awareness [129][130][131][132][133][134][135][136][137]. ...
September 2019
... 4.1.1 IMSI Catching: In this section, we refer to attacks that aim to steal the IMSI of the UE, known as IMSI catching attacks [42,67,74,84]. Indeed, the attacker uses a device called IMSI Catcher consisting of a fake base station, thus being easily deployable and affordable [34,78,79]. ...
November 2019
... 5.1.1 of [7] describes some important security characteristics that should be met by cellular networks. In fact, as previous works [28,38,54,55] considered them, the following properties are necessary for the protection of the user identity confidentiality: ...
July 2019
Proceedings on Privacy Enhancing Technologies