Enhanced authentication and device integrity protection for GDOI using blockchain

IF 2.5 4区 计算机科学 Q3 TELECOMMUNICATIONS
Munkenyi Mukhandi, Eduardo Andrade, Jorge Granjal, João P. Vilela
{"title":"Enhanced authentication and device integrity protection for GDOI using blockchain","authors":"Munkenyi Mukhandi,&nbsp;Eduardo Andrade,&nbsp;Jorge Granjal,&nbsp;João P. Vilela","doi":"10.1002/ett.4986","DOIUrl":null,"url":null,"abstract":"<p>Recent device-level cyber-attacks have targeted IoT critical applications in power distribution systems integrated with the Internet communications infrastructure. These systems utilize group domain of interpretation (GDOI) as designated by International Electrotechnical Commission (IEC) power utility standards IEC 61850 and IEC 62351. However, GDOI cannot protect against novel threats, such as IoT device-level attacks that can modify device firmware and configuration files to create command and control malicious communication. As a consequence, the attacks can compromise substations with potentially catastrophic consequences. With this in mind, this article proposes a permissioned/private blockchain-based authentication framework that provides a solution to current security threats such as the IoT device-level attacks. Our work improves the GDOI protocol applied in critical IoT applications by achieving decentralized and distributed device authentication. The security of our proposal is demonstrated against known attacks as well as through formal mechanisms via the joint use of the AVISPA and SPAN tools. The proposed approach adds negligible authentication latency, thus ensuring appropriate scalability as the number of nodes increases.</p>","PeriodicalId":23282,"journal":{"name":"Transactions on Emerging Telecommunications Technologies","volume":"35 5","pages":""},"PeriodicalIF":2.5000,"publicationDate":"2024-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/ett.4986","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Transactions on Emerging Telecommunications Technologies","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/ett.4986","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0

Abstract

Recent device-level cyber-attacks have targeted IoT critical applications in power distribution systems integrated with the Internet communications infrastructure. These systems utilize group domain of interpretation (GDOI) as designated by International Electrotechnical Commission (IEC) power utility standards IEC 61850 and IEC 62351. However, GDOI cannot protect against novel threats, such as IoT device-level attacks that can modify device firmware and configuration files to create command and control malicious communication. As a consequence, the attacks can compromise substations with potentially catastrophic consequences. With this in mind, this article proposes a permissioned/private blockchain-based authentication framework that provides a solution to current security threats such as the IoT device-level attacks. Our work improves the GDOI protocol applied in critical IoT applications by achieving decentralized and distributed device authentication. The security of our proposal is demonstrated against known attacks as well as through formal mechanisms via the joint use of the AVISPA and SPAN tools. The proposed approach adds negligible authentication latency, thus ensuring appropriate scalability as the number of nodes increases.

Abstract Image

利用区块链为 GDOI 提供增强型身份验证和设备完整性保护
最近的设备级网络攻击针对的是与互联网通信基础设施集成的配电系统中的物联网关键应用。这些系统利用国际电工委员会(IEC)电力公用事业标准 IEC 61850 和 IEC 62351 指定的组解释域(GDOI)。然而,GDOI 无法抵御新的威胁,例如物联网设备级攻击,这种攻击可以修改设备固件和配置文件,以创建命令和控制恶意通信。因此,这些攻击可能会危及变电站,造成潜在的灾难性后果。有鉴于此,本文提出了一种基于许可/私有区块链的身份验证框架,为当前的安全威胁(如物联网设备级攻击)提供了一种解决方案。我们的工作通过实现去中心化和分布式设备身份验证,改进了关键物联网应用中的 GDOI 协议。通过联合使用 AVISPA 和 SPAN 工具,我们针对已知攻击以及通过正式机制证明了我们建议的安全性。所提出的方法增加的认证延迟可以忽略不计,从而确保了随着节点数量的增加而具有适当的可扩展性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
8.90
自引率
13.90%
发文量
249
期刊介绍: ransactions on Emerging Telecommunications Technologies (ETT), formerly known as European Transactions on Telecommunications (ETT), has the following aims: - to attract cutting-edge publications from leading researchers and research groups around the world - to become a highly cited source of timely research findings in emerging fields of telecommunications - to limit revision and publication cycles to a few months and thus significantly increase attractiveness to publish - to become the leading journal for publishing the latest developments in telecommunications
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信