Publications - Pervasive Computing Laboratory

 Access control anotacionsemantica authentication Cloud computing coap compromise cryptography cynamon emadrid emrisco home network I-Shaper identity management inrisco inteligenciafuentesabiertas Internet of Things IoT lz magos Pervasive computing privacy Protocols Qursa raudo2 Security Smart Card Trust management Ubisec VANETs 
Show all
2020
 Marín-López, Andrés;  Chica-Manjarrez, Sergio;  Arroyo, David;  Almenares-Mendoza, Florina;  Díaz-Sánchez, Daniel
Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain Journal Article 
In: Electronics, vol. 9, pp. 1865, 2020, ISSN: 2079-9292.
Abstract | Links | BibTeX | Tags: cynamon, inteligenciafuentesabiertas, permissioned blockchain, scalability, security auditing, smart grid security
@article{marin002,

title = {Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain},

author = {Andrés Marín-López and Sergio Chica-Manjarrez and David Arroyo and Florina Almenares-Mendoza and Daniel Díaz-Sánchez },

url = {https://www.mdpi.com/2079-9292/9/11/1865

},

doi = {https://doi.org/10.3390/electronics9111865},

issn = {2079-9292},

year  = {2020},

date = {2020-11-06},

urldate = {2020-11-06},

journal = {Electronics},

volume = {9},

pages = {1865},

abstract = {With the transformation in smart grids, power grid companies are becoming increasingly

dependent on data networks. Data networks are used to transport information and commands for

optimizing power grid operations: Planning, generation, transportation, and distribution. Performing

periodic security audits is one of the required tasks for securing networks, and we proposed in a

previous work AUTOAUDITOR, a system to achieve automatic auditing. It was designed according

to the specific requirements of power grid companies, such as scaling with the huge number of

heterogeneous equipment in power grid companies. Though pentesting and security audits are

required for continuous monitoring, collaboration is of utmost importance to fight cyber threats.

In this paper we work on the accountability of audit results and explore how the list of audit result

records can be included in a blockchain, since blockchains are by design resistant to data modification.

Moreover, blockchains endowed with smart contracts functionality boost the automation of both

digital evidence gathering, audit, and controlled information exchange. To our knowledge, no such

system exists. We perform throughput evaluation to assess the feasibility of the system and show

that the system is viable for adaptation to the inventory systems of electrical companies.},

keywords = {cynamon, inteligenciafuentesabiertas, permissioned blockchain, scalability, security auditing, smart grid security},

pubstate = {published},

tppubtype = {article}

}

Close
With the transformation in smart grids, power grid companies are becoming increasingly

dependent on data networks. Data networks are used to transport information and commands for

optimizing power grid operations: Planning, generation, transportation, and distribution. Performing

periodic security audits is one of the required tasks for securing networks, and we proposed in a

previous work AUTOAUDITOR, a system to achieve automatic auditing. It was designed according

to the specific requirements of power grid companies, such as scaling with the huge number of

heterogeneous equipment in power grid companies. Though pentesting and security audits are

required for continuous monitoring, collaboration is of utmost importance to fight cyber threats.

In this paper we work on the accountability of audit results and explore how the list of audit result

records can be included in a blockchain, since blockchains are by design resistant to data modification.

Moreover, blockchains endowed with smart contracts functionality boost the automation of both

digital evidence gathering, audit, and controlled information exchange. To our knowledge, no such

system exists. We perform throughput evaluation to assess the feasibility of the system and show

that the system is viable for adaptation to the inventory systems of electrical companies.
Close
https://www.mdpi.com/2079-9292/9/11/1865
doi:https://doi.org/10.3390/electronics9111865
Close
 Chica-Manjarrez, Sergio;  Marín-López, Andrés;  Díaz-Sánchez, Daniel;  Almenares-Mendoza, Florina
On the Automation of Auditing in Power Grid Companies Proceedings Article 
In: Actas de congreso internacional, Citas Google 2, CORE C, pp. 331 - 340, 2020, ISBN: ISSN/ISBN) 978-1-4503-5988-7.
Abstract | Links | BibTeX | Tags: auditing, containers, cynamon, inteligenciafuentesabiertas, privacy, scalability, Security
@inproceedings{pa054,

title = {On the Automation of Auditing in Power Grid Companies},

author = {Sergio Chica-Manjarrez and Andrés Marín-López and Daniel Díaz-Sánchez and Florina Almenares-Mendoza},

doi = {10.3233/AISE200057},

isbn = {ISSN/ISBN) 978-1-4503-5988-7},

year  = {2020},

date = {2020-07-23},

urldate = {2020-07-23},

booktitle = {Actas de congreso internacional, Citas Google 2, CORE C},

pages = {331 - 340},

abstract = {Auditing is a common task required to secure networks. This becomes of utter importance in power grid companies, the authorities of electricity supply. An increasing number of connected devices makes the use of semi automatic or fully automated auditing imperative. The inventory system has to incorporate the auditing results and subsequently integrate them in the security assessment of the company. The risk metrics incorporate the severity of exposures and facilitate the selection of vulnerabilities that have to be mitigated, according to the risk appetite of the company. This automatic approach has to address scale and privacy issues of large companies. In addition, connections from foreign domains that carry out the auditing involve additional risks that must be considered to effectively test the likelihood and depth of the found vulnerabilities.



In this paper we discuss the requirements of an automatic auditing system and present AUTOAUDITOR, a highly configurable module which allow companies to automatically perform pentesting in specific assets.},

keywords = {auditing, containers, cynamon, inteligenciafuentesabiertas, privacy, scalability, Security},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Auditing is a common task required to secure networks. This becomes of utter importance in power grid companies, the authorities of electricity supply. An increasing number of connected devices makes the use of semi automatic or fully automated auditing imperative. The inventory system has to incorporate the auditing results and subsequently integrate them in the security assessment of the company. The risk metrics incorporate the severity of exposures and facilitate the selection of vulnerabilities that have to be mitigated, according to the risk appetite of the company. This automatic approach has to address scale and privacy issues of large companies. In addition, connections from foreign domains that carry out the auditing involve additional risks that must be considered to effectively test the likelihood and depth of the found vulnerabilities.



In this paper we discuss the requirements of an automatic auditing system and present AUTOAUDITOR, a highly configurable module which allow companies to automatically perform pentesting in specific assets.
Close
doi:10.3233/AISE200057
Close