Cristina Alcaraz
Associate professor
Computer Science Department, University of Malaga
Campus de Teatinos s/n, 29071 – Málaga (Spain)
Phone: +34 952 139 313 / +34 951 952 915
E-mail: alcaraz@uma.es
previous Positions and Fellowships
- BBVA Leonardo fellowship, 2019.
- Ramón y Cajal postdoctoral fellowship, Economy and Competitiveness Ministry Spain, 2015.
- Marie-Curie Cofund postdoctoral fellowship at Royal Holloway, University of London (RHUL), Department of Information Security, U.K., August 2012 – August 2014
- Guest Researcher at National Institute of Standards and Technology (NIST), Computer Security Division, Washington D.C., United States, November 2011 – August 2012.
Education
- Ph.D. in Computer Science with European Doctorate mention, University of Malaga (Spain), September, 2011.
- Title of PhD thesis: “Interconnected Sensor Networks for Critical Information Infrastructure Protection”.
- Advisor: Prof. Javier Lopez
- M.Sc. in Computer Science, University of Malaga, Malaga, 2006.
- B.Sc. in Computer Science, University of Malaga, 2003.
Scope of Research
- Critical infrastructure protection and use cases:
- Control and interconnection of critical systems: PISCIS, CRISIS, ATENEA, PROTECT-IC, CAIN, eCID;
- Manufacturing: SecTwin 5.0, SEGRES, Digital Aero, emapa 4.0 (+ II), NERV, SADCIP, SADECEI-4.0, DISS-IIoT;
- Supply chain: CyberSec4Europe;
- Energy: CyberSecPro, DUCA, SealedGRID, CAIN, PERSIST, TIGRIS, SECRET, PROTECT-IC;
- Charging stations: Smart Secure II, Smart Secure I;
- Water: FACIES;
- Healthcare: CYBSEC-TECH;
- Mobility: DUCA, 5G+TACTILE;
- Communication: 5G+TACTILE;
- Research and technologies
- Security in Digital Twins
- Security in Industry 4.0/5.0
- Security in Industrial Internet of Things
- Security in Cyber-Physical Systems
- Blockchain
- Research areas and interest:
- Cyber threat hunting and traceability
- Advanced detection and situational awareness
- Resilience (response and recovery)
Scientific Activities
- Editorial Board Member:
- IEEE Transactions on Industrial Informatics (TII), IEEE
- IEEE Transactions on Dependable and Secure Computing (TDSC), IEEE
- Distributed Ledger Technologies (DLT), ACM
- International Journal of Critical Infrastructure Protection (IJCIP), Elsevier
- International Journal of Information Security (IJIS), Springer
- IEEE Networking Letters, IEEE
- Security and Communication Networks (SCN), John Wiley & Sons
- Telecommunication Systems (TELS), Springer
- Annals of Telecommunications (AT), Springer
- International Journal of Critical Infrastructures (IJCIS), Inderscience Publishers
- Transactions on Emerging Telecomunications Technologies (ETT), John Wiley & Sons
- European CIIP Member Newsletter (ECN)
- Ad Hoc Networks, Elsevier (2015-2017)
- Computers & Electrical Engineering (CAEE), Elsevier Science (2013-2016)
- IEEE Department Editor:
- IEEE Security and Privacy, Operational Technology
- IEEE Technical Committees:
- IEEE SMC Systems, Man, and Cybernetics Society (Enterprise Information Systems)
- IEEE SMC Systems, Man, and Cybernetics Society (Homeland Security)
- Member of the RENIC Board of Directors
- Member of the PESI Board of Directors and Working Group Management Committee (Cybersecurity WG)
- Vice-Chair of IEEE ComSoc SIG on Green Digital Twin Network
- IEEE Senior Member
Recognition
- Women in Homeland Security Award, IEEE SMC TC on Homeland Security, July 27th 2021.
PhD Thesis (co)Advisor
- Andrew Syrmakesis (2024)
- Ioannis Stellios (2022)
- Juan E. Rubio (2022), RENIC Cybersecurity PhD Awards and ERCIM STM PhD Award 2023
- Lorena Cazorla (2017)
Relevant Publications
Cristina Alcaraz, Javier Lopez
Digital Twin Security: A Perspective on Efforts From Standardization Bodies
In: IEEE Security & Privacy, vol. 23, iss. 1, pp. 83-90, 2025, ISSN: 1558-4046.
@article{Alcaraz2025a,
title = {Digital Twin Security: A Perspective on Efforts From Standardization Bodies},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2025a.pdf
https://www.computer.org/csdl/magazine/sp/2025/01/10871233/2448764c2l2},
doi = {10.1109/MSEC.2024.3504193},
issn = {1558-4046},
year = {2025},
date = {2025-01-01},
urldate = {2025-01-01},
journal = {IEEE Security \& Privacy},
volume = {23},
issue = {1},
pages = {83-90},
abstract = {This article assesses the contributions of standardization bodies to digital twin (DT) protection and analyzes whether and how the organizations prioritize security. It identifies standardization work that better covers different security requirements, hence offering higher guarantees of DT protection.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This article assesses the contributions of standardization bodies to digital twin (DT) protection and analyzes whether and how the organizations prioritize security. It identifies standardization work that better covers different security requirements, hence offering higher guarantees of DT protection.
Cristina Alcaraz, Javier Lopez
Digital Twin-assisted anomaly detection for industrial scenarios
In: International Journal of Critical Infrastructure Protection, vol. 47, pp. 100721, 2024, ISSN: 1874-5482.
@article{Alcaraz2024c,
title = {Digital Twin-assisted anomaly detection for industrial scenarios},
author = {Cristina Alcaraz and Javier Lopez},
url = {https://www.sciencedirect.com/science/article/pii/S1874548224000623},
doi = {https://doi.org/10.1016/j.ijcip.2024.100721},
issn = {1874-5482},
year = {2024},
date = {2024-12-01},
urldate = {2024-12-01},
journal = {International Journal of Critical Infrastructure Protection},
volume = {47},
pages = {100721},
abstract = {Industry 5.0 is the current industrial paradigm that inherits the technological diversity of its predecessor, Industry 4.0, but includes three priority goals: (i) resilience, (ii) sustainability and (iii) human-centeredness. Through these three goals, Industry 5.0 pursues a more far-reaching digital transformation in industrial ecosystems with high protection guarantees. However, the deployment of innovative information technologies for this new digital transformation also requires considering their implicit vulnerabilities and threats in order to avoid any negative impacts on the three Industry 5.0 goals, and to prioritize cybersecurity aspects so as to ensure acceptable protection levels. This paper, therefore, proposes a detection framework composed of a Digital Twin (DT) and machine learning algorithms for online protection, supporting the resilience that Industry 5.0 seeks. To validate the approach, this work includes several practical studies on a real industrial control testbed to demonstrate the feasibility and accuracy of the framework, taking into account a set of malicious perturbations in several critical sections of the system. The results highlight the effectiveness of the DT in complementing the anomaly detection processes, especially for advanced and stealthy threats.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Industry 5.0 is the current industrial paradigm that inherits the technological diversity of its predecessor, Industry 4.0, but includes three priority goals: (i) resilience, (ii) sustainability and (iii) human-centeredness. Through these three goals, Industry 5.0 pursues a more far-reaching digital transformation in industrial ecosystems with high protection guarantees. However, the deployment of innovative information technologies for this new digital transformation also requires considering their implicit vulnerabilities and threats in order to avoid any negative impacts on the three Industry 5.0 goals, and to prioritize cybersecurity aspects so as to ensure acceptable protection levels. This paper, therefore, proposes a detection framework composed of a Digital Twin (DT) and machine learning algorithms for online protection, supporting the resilience that Industry 5.0 seeks. To validate the approach, this work includes several practical studies on a real industrial control testbed to demonstrate the feasibility and accuracy of the framework, taking into account a set of malicious perturbations in several critical sections of the system. The results highlight the effectiveness of the DT in complementing the anomaly detection processes, especially for advanced and stealthy threats.
Cristina Alcaraz, Iman Hasnaouia Meskini, Javier Lopez
Digital twin communities: an approach for secure DT data sharing
In: International Journal of Information Security, vol. 24, no. 17, 2024, ISSN: 1615-5270.
@article{AlcarazMeskiniLopez2024,
title = {Digital twin communities: an approach for secure DT data sharing},
author = {Cristina Alcaraz and Iman Hasnaouia Meskini and Javier Lopez},
url = {https://link.springer.com/article/10.1007/s10207-024-00912-1#citeas},
doi = {https://doi.org/10.1007/s10207-024-00912-1},
issn = {1615-5270},
year = {2024},
date = {2024-11-07},
urldate = {2024-11-07},
journal = {International Journal of Information Security},
volume = {24},
number = {17},
abstract = {Digital Twin (DT) technology empowers organizations to create virtual counterparts of their physical assets, thereby magnifying their analytical, optimization and decision-making capabilities. More specifically, the simulation capabilities of a DT generate high-quality data that not only benefit the DT owner organization, but also increase the potential of similar organizations by leveraging the DT’s capabilities when sharing its simulation results This collaborative sharing boosts the capabilities of each participating organization, fostering a collective intelligence that amplifies their competitive advantage. Nonetheless, data exchange must rigorously safeguard each organization’s data confidentiality, and access to this data must be thoroughly controlled. Thus, this paper introduces the novel concept of DT communities and proposes a hybrid access control architecture. This architecture seamlessly integrates the strengths of both Role Based Access Control (RBAC) and Organizational Based Access Control (OrBAC), facilitating secure, authorized intra- and inter-organizational information sharing in the context of Industry 5.0, combining the strengths of local DT communication and other organization’s DTs as well. Moreover, in order to show the feasibility of the approach for critical corporate organizations and their systems, in this paper we provide a proof-of-concept implementation of this architecture. To validate its functionality and efficiency, we perform a number of experimental studies showing how various entities can benefit from securely sharing DT models based on the concept of “community".},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Digital Twin (DT) technology empowers organizations to create virtual counterparts of their physical assets, thereby magnifying their analytical, optimization and decision-making capabilities. More specifically, the simulation capabilities of a DT generate high-quality data that not only benefit the DT owner organization, but also increase the potential of similar organizations by leveraging the DT’s capabilities when sharing its simulation results This collaborative sharing boosts the capabilities of each participating organization, fostering a collective intelligence that amplifies their competitive advantage. Nonetheless, data exchange must rigorously safeguard each organization’s data confidentiality, and access to this data must be thoroughly controlled. Thus, this paper introduces the novel concept of DT communities and proposes a hybrid access control architecture. This architecture seamlessly integrates the strengths of both Role Based Access Control (RBAC) and Organizational Based Access Control (OrBAC), facilitating secure, authorized intra- and inter-organizational information sharing in the context of Industry 5.0, combining the strengths of local DT communication and other organization’s DTs as well. Moreover, in order to show the feasibility of the approach for critical corporate organizations and their systems, in this paper we provide a proof-of-concept implementation of this architecture. To validate its functionality and efficiency, we perform a number of experimental studies showing how various entities can benefit from securely sharing DT models based on the concept of “community".
Andrew D. Syrmakesis, Cristina Alcaraz, Nikos D. Hatziargyriou
DAR-LFC: A data-driven attack recovery mechanism for Load Frequency Control
In: International Journal of Critical Infrastructure Protection, vol. 45, iss. 100678, pp. 100678, 2024, ISSN: 1874-5482.
@article{SYRMAKESIS2024100678,
title = {DAR-LFC: A data-driven attack recovery mechanism for Load Frequency Control},
author = {Andrew D. Syrmakesis and Cristina Alcaraz and Nikos D. Hatziargyriou},
url = {https://www.sciencedirect.com/science/article/pii/S1874548224000192?dgcid=rss_sd_all},
doi = {https://doi.org/10.1016/j.ijcip.2024.100678},
issn = {1874-5482},
year = {2024},
date = {2024-07-01},
urldate = {2024-07-01},
journal = {International Journal of Critical Infrastructure Protection},
volume = {45},
issue = {100678},
pages = {100678},
abstract = {In power systems, generation must be maintained in constant equilibrium with consumption. A key indicator for this balance is the frequency of the power grid. The load frequency control (LFC) system is responsible for maintaining the frequency close to its nominal value and the power deviation of tie-lines at their scheduled levels. However, the remote communication system of LFC exposes it to several cyber threats. A successful cyberattack against LFC attempts to affect the field measurements that are transferred though its remote control loop. In this work, a data-driven, attack recovery method is proposed against denial of service and false data injection attacks, called DAR-LFC. For this purpose, a deep neural network is developed that generates estimations of the area control error (ACE) signal. When a cyberattack against the LFC occurs, the proposed estimator can temporarily compute and replace the affected ACE, mitigating the effects of the cyberattacks. The effectiveness and the scalability of the DAR-LFC is verified on a single and a two area LFC simulations in MATLAB/Simulink.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In power systems, generation must be maintained in constant equilibrium with consumption. A key indicator for this balance is the frequency of the power grid. The load frequency control (LFC) system is responsible for maintaining the frequency close to its nominal value and the power deviation of tie-lines at their scheduled levels. However, the remote communication system of LFC exposes it to several cyber threats. A successful cyberattack against LFC attempts to affect the field measurements that are transferred though its remote control loop. In this work, a data-driven, attack recovery method is proposed against denial of service and false data injection attacks, called DAR-LFC. For this purpose, a deep neural network is developed that generates estimations of the area control error (ACE) signal. When a cyberattack against the LFC occurs, the proposed estimator can temporarily compute and replace the affected ACE, mitigating the effects of the cyberattacks. The effectiveness and the scalability of the DAR-LFC is verified on a single and a two area LFC simulations in MATLAB/Simulink.
Cristina Alcaraz, Javier Lopez
Protecting Digital Twin Networks for 6G-enabled Industry 5.0 Ecosystems
In: IEEE Network Magazine, vol. 37, no. 2, pp. 302-308, 2023, ISSN: 0890-8044.
@article{Alcaraz2023a,
title = {Protecting Digital Twin Networks for 6G-enabled Industry 5.0 Ecosystems},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2023a.pdf
https://ieeexplore.ieee.org/abstract/document/10239369},
doi = {10.1109/MNET.004.2200529},
issn = {0890-8044},
year = {2023},
date = {2023-12-31},
urldate = {2023-12-31},
journal = {IEEE Network Magazine},
volume = {37},
number = {2},
pages = {302-308},
publisher = {IEEE},
abstract = {New industrial paradigms, such as the Industrial Internet of Things (IIoT) and Industry 5.0, are emerging in industrial contexts with the aim of fostering quality in operational processes. With the expected launch of 6G in the coming years, IIoT networks in Industry 5.0 ecosystems can leverage 6G technology and its support for training machine learning models using Digital Twins (DTs), embedded in DT Networks (DTNs), to transparently and continuously optimize their communications. Unfortunately, the use of these technologies, in turn, intensifies the attack surface and poses a serious threat to the new goals of Industry 5.0, such as improving the user experience, sustainability and resilience. This article therefore proposes a layered protection framework for 6G-enabled IIoT environments, where not only DTs and DTNs are fully protected, but also the whole 6G ecosystem, complying with the expected goals of Industry 5.0. To achieve this, the framework identifies for each protection layer a set of security and privacy services to subsequently relate them to existing computing infrastructures (cloud, edge, edge-cloud) and provide the best approach for future IIoT deployments.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
New industrial paradigms, such as the Industrial Internet of Things (IIoT) and Industry 5.0, are emerging in industrial contexts with the aim of fostering quality in operational processes. With the expected launch of 6G in the coming years, IIoT networks in Industry 5.0 ecosystems can leverage 6G technology and its support for training machine learning models using Digital Twins (DTs), embedded in DT Networks (DTNs), to transparently and continuously optimize their communications. Unfortunately, the use of these technologies, in turn, intensifies the attack surface and poses a serious threat to the new goals of Industry 5.0, such as improving the user experience, sustainability and resilience. This article therefore proposes a layered protection framework for 6G-enabled IIoT environments, where not only DTs and DTNs are fully protected, but also the whole 6G ecosystem, complying with the expected goals of Industry 5.0. To achieve this, the framework identifies for each protection layer a set of security and privacy services to subsequently relate them to existing computing infrastructures (cloud, edge, edge-cloud) and provide the best approach for future IIoT deployments.
Cristina Alcaraz, Jesus Cumplido, Alicia Triviño
OCPP in the spotlight: threats and countermeasures for electric vehicle charging infrastructures 4.0
In: International Journal of Information Security, 2023, ISSN: 1615-5262.
@article{Alcaraz2023b,
title = {OCPP in the spotlight: threats and countermeasures for electric vehicle charging infrastructures 4.0},
author = {Cristina Alcaraz and Jesus Cumplido and Alicia Trivi\~{n}o},
url = {/wp-content/papers/Alcaraz2023b.pdf
https://link.springer.com/article/10.1007/s10207-023-00698-8},
doi = {10.1007/s10207-023-00698-8},
issn = {1615-5262},
year = {2023},
date = {2023-05-05},
urldate = {2023-05-05},
journal = {International Journal of Information Security},
publisher = {Springer},
address = {Springer Verlag},
abstract = {Undoubtedly, Industry 4.0 in the energy sector improves the conditions for automation, generation and distribution of energy, increasing the rate of electric vehicle manufacturing in recent years. As a result, more grid-connected charging infrastructures are being installed, whose charging stations (CSs) can follow standardized architectures, such as the one proposed by the open charge point protocol (OCPP). The most recent version of this protocol is v.2.0.1, which includes new security measures at device and communication level to cover those security issues identified in previous versions. Therefore, this paper analyzes OCPP-v2.0.1 to determine whether the new functions may still be susceptible to specific cyber and physical threats, and especially when CSs may be connected to microgrids. To formalize the study, we first adapted the well-known threat analysis methodology, STRIDE, to identify and classify threats in terms of control and energy, and subsequently we combine it with DREAD for risk assessment. The analyses indicate that, although OCPP-v2.0.1 has evolved, potential security risks still remain, requiring greater protection in the future.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Undoubtedly, Industry 4.0 in the energy sector improves the conditions for automation, generation and distribution of energy, increasing the rate of electric vehicle manufacturing in recent years. As a result, more grid-connected charging infrastructures are being installed, whose charging stations (CSs) can follow standardized architectures, such as the one proposed by the open charge point protocol (OCPP). The most recent version of this protocol is v.2.0.1, which includes new security measures at device and communication level to cover those security issues identified in previous versions. Therefore, this paper analyzes OCPP-v2.0.1 to determine whether the new functions may still be susceptible to specific cyber and physical threats, and especially when CSs may be connected to microgrids. To formalize the study, we first adapted the well-known threat analysis methodology, STRIDE, to identify and classify threats in terms of control and energy, and subsequently we combine it with DREAD for risk assessment. The analyses indicate that, although OCPP-v2.0.1 has evolved, potential security risks still remain, requiring greater protection in the future.
Rodrigo Roman, Cristina Alcaraz, Javier Lopez, Kouichi Sakurai
Current Perspectives on Securing Critical Infrastructures’ Supply Chains
In: IEEE Security & Privacy, vol. 21, no. 4, pp. 29-38, 2023, ISSN: 1540-7993.
BibTeX | Links:
@article{Roman2023a,
title = {Current Perspectives on Securing Critical Infrastructures’ Supply Chains},
author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez and Kouichi Sakurai},
url = {/wp-content/papers/Roman2023a.pdf},
doi = {10.1109/MSEC.2023.3247946},
issn = {1540-7993},
year = {2023},
date = {2023-03-08},
urldate = {2023-03-08},
journal = {IEEE Security \& Privacy},
volume = {21},
number = {4},
pages = {29-38},
publisher = {IEEE},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Jesus Cumplido, Cristina Alcaraz, Javier Lopez
Collaborative anomaly detection system for charging stations
In: The 27th European Symposium on Research in Computer Security (ESORICS 2022), pp. 716–736, Springer, Cham Springer, Cham, 2022.
@inproceedings{Alcaraz2022c,
title = {Collaborative anomaly detection system for charging stations},
author = {Jesus Cumplido and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2022c.pdf},
doi = {10.1007/978-3-031-17146-8_35},
year = {2022},
date = {2022-09-01},
urldate = {2022-09-01},
booktitle = {The 27th European Symposium on Research in Computer Security (ESORICS 2022)},
volume = {13555},
pages = {716\textendash736},
publisher = {Springer, Cham},
organization = {Springer, Cham},
abstract = {In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.
Andrew D. Syrmakesis, Cristina Alcaraz, Nikos D. Hatziargyriou
Classifying resilience approaches for protecting smart grids against cyber threats
In: International Journal of Information Security, vol. 21, pp. 1189–1210, 2022, ISSN: 1615-5262.
@article{Syrmakesis2022,
title = {Classifying resilience approaches for protecting smart grids against cyber threats},
author = {Andrew D. Syrmakesis and Cristina Alcaraz and Nikos D. Hatziargyriou},
url = {/wp-content/papers/Syrmakesis2022.pdf
https://link.springer.com/content/pdf/10.1007/s10207-022-00594-7.pdf},
doi = {https://doi.org/10.1007/s10207-022-00594-7},
issn = {1615-5262},
year = {2022},
date = {2022-05-01},
urldate = {2022-05-01},
journal = {International Journal of Information Security},
volume = {21},
pages = {1189\textendash1210},
publisher = {Springer},
address = {Springer Verlag},
abstract = {Smart grids (SG) draw the attention of cyber attackers due to their vulnerabilities, which are caused by the usage of heterogeneous communication technologies and their distributed nature. While preventing or detecting cyber attacks is a well-studied field of research, making SG more resilient against such threats is a challenging task. This paper provides a classification of the proposed cyber resilience methods against cyber attacks for SG. This classification includes a set of studies that propose cyber-resilient approaches to protect SG and related cyber-physical systems against unforeseen anomalies or deliberate attacks. Each study is briefly analyzed and is associated with the proper cyber resilience technique which is given by the National Institute of Standards and Technology in the Special Publication 800-160. These techniques are also linked to the different states of the typical resilience curve. Consequently, this paper highlights the most critical challenges for achieving cyber resilience, reveals significant cyber resilience aspects that have not been sufficiently considered yet and, finally, proposes scientific areas that should be further researched in order to enhance the cyber resilience of SG.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Smart grids (SG) draw the attention of cyber attackers due to their vulnerabilities, which are caused by the usage of heterogeneous communication technologies and their distributed nature. While preventing or detecting cyber attacks is a well-studied field of research, making SG more resilient against such threats is a challenging task. This paper provides a classification of the proposed cyber resilience methods against cyber attacks for SG. This classification includes a set of studies that propose cyber-resilient approaches to protect SG and related cyber-physical systems against unforeseen anomalies or deliberate attacks. Each study is briefly analyzed and is associated with the proper cyber resilience technique which is given by the National Institute of Standards and Technology in the Special Publication 800-160. These techniques are also linked to the different states of the typical resilience curve. Consequently, this paper highlights the most critical challenges for achieving cyber resilience, reveals significant cyber resilience aspects that have not been sufficiently considered yet and, finally, proposes scientific areas that should be further researched in order to enhance the cyber resilience of SG.
Cristina Alcaraz, Javier Lopez
Digital Twin: A Comprehensive Survey of Security Threats
In: IEEE Communications Surveys & Tutorials, vol. 24, no. thirdquarter 2022, pp. 1475 – 1503, 2022, ISSN: 1553-877X.
@article{Alcaraz2022b,
title = {Digital Twin: A Comprehensive Survey of Security Threats},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2022b.pdf
https://ieeexplore.ieee.org/document/9765576},
doi = {10.1109/COMST.2022.3171465},
issn = {1553-877X},
year = {2022},
date = {2022-04-01},
urldate = {2022-04-01},
journal = {IEEE Communications Surveys \& Tutorials},
volume = {24},
number = {thirdquarter 2022},
pages = {1475 - 1503},
publisher = {IEEE},
address = {IEEE},
abstract = {Industry 4.0 is having an increasingly positive impact on the value chain by modernizing and optimizing the production and distribution processes. In this streamline, the digital twin (DT) is one of the most cutting-edge technologies of Industry 4.0, providing simulation capabilities to forecast, optimize and estimate states and configurations. In turn, these technological capabilities are encouraging industrial stakeholders to invest in the new paradigm, though an increased focus on the risks involved is really needed. More precisely, the deployment of a DT is based on the composition of technologies such as cyber-physical systems, the Industrial Internet of Things, edge computing, virtualization infrastructures, artificial intelligence and big data. However, the confluence of all these technologies and the implicit interaction with the physical counterpart of the DT in the real world generate multiple security threats that have not yet been sufficiently studied. In that context, this paper analyzes the current state of the DT paradigm and classifies the potential threats associated with it, taking into consideration its functionality layers and the operational requirements in order to achieve a more complete and useful classification. We also provide a preliminary set of security recommendations and approaches that can help to ensure the appropriate and trustworthy use of a DT.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Industry 4.0 is having an increasingly positive impact on the value chain by modernizing and optimizing the production and distribution processes. In this streamline, the digital twin (DT) is one of the most cutting-edge technologies of Industry 4.0, providing simulation capabilities to forecast, optimize and estimate states and configurations. In turn, these technological capabilities are encouraging industrial stakeholders to invest in the new paradigm, though an increased focus on the risks involved is really needed. More precisely, the deployment of a DT is based on the composition of technologies such as cyber-physical systems, the Industrial Internet of Things, edge computing, virtualization infrastructures, artificial intelligence and big data. However, the confluence of all these technologies and the implicit interaction with the physical counterpart of the DT in the real world generate multiple security threats that have not yet been sufficiently studied. In that context, this paper analyzes the current state of the DT paradigm and classifies the potential threats associated with it, taking into consideration its functionality layers and the operational requirements in order to achieve a more complete and useful classification. We also provide a preliminary set of security recommendations and approaches that can help to ensure the appropriate and trustworthy use of a DT.
Francesco Flammini, Cristina Alcaraz, Emanuele Bellini, Stefano Marrone, Javier Lopez, Andrea Bondavalli
Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives
In: IEEE Transactions on Emerging Topics in Computing, 2022, ISSN: 2168-6750.
@article{Flamini2022,
title = {Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives},
author = {Francesco Flammini and Cristina Alcaraz and Emanuele Bellini and Stefano Marrone and Javier Lopez and Andrea Bondavalli},
url = {/wp-content/papers/Flamini2022.pdf
https://ieeexplore.ieee.org/abstract/document/9979717/authors$#$authors},
doi = {10.1109/TETC.2022.3227113},
issn = {2168-6750},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
journal = {IEEE Transactions on Emerging Topics in Computing},
publisher = {IEEE},
abstract = {The class of Trustworthy Autonomous Systems (TAS) includes cyber-physical systems leveraging on self-x technologies that make them capable to learn, adapt to changes, and reason under uncertainties in possibly critical applications and evolving environments. In the last decade, there has been a growing interest in enabling artificial intelligence technologies, such as advanced machine learning, new threats, such as adversarial attacks, and certification challenges, due to the lack of sufficient explainability. However, in order to be trustworthy, those systems also need to be dependable, secure, and resilient according to well-established taxonomies, methodologies, and tools. Therefore, several aspects need to be addressed for TAS, ranging from proper taxonomic classification to the identification of research opportunities and challenges. Given such a context, in this paper address relevant taxonomies and research perspectives in the field of TAS. We start from basic definitions and move towards future perspectives, regulations, and emerging technologies supporting development and operation of TAS.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The class of Trustworthy Autonomous Systems (TAS) includes cyber-physical systems leveraging on self-x technologies that make them capable to learn, adapt to changes, and reason under uncertainties in possibly critical applications and evolving environments. In the last decade, there has been a growing interest in enabling artificial intelligence technologies, such as advanced machine learning, new threats, such as adversarial attacks, and certification challenges, due to the lack of sufficient explainability. However, in order to be trustworthy, those systems also need to be dependable, secure, and resilient according to well-established taxonomies, methodologies, and tools. Therefore, several aspects need to be addressed for TAS, ranging from proper taxonomic classification to the identification of research opportunities and challenges. Given such a context, in this paper address relevant taxonomies and research perspectives in the field of TAS. We start from basic definitions and move towards future perspectives, regulations, and emerging technologies supporting development and operation of TAS.
Simone Fischer-Hübner, Cristina Alcaraz, Afonso Ferreira, Carmen Fernandez-Gago, Javier Lopez, Evangelos Markatos, Lejla Islami, Mahdi Akil
Stakeholder Perspectives and Requirements on Cybersecurity in Europe
In: Journal of Information Security and Applications, vol. 61, no. 102916, 2021, ISSN: 2214-2126.
BibTeX | Links:
@article{Alcaraz2021a,
title = {Stakeholder Perspectives and Requirements on Cybersecurity in Europe},
author = {Simone Fischer-H\"{u}bner and Cristina Alcaraz and Afonso Ferreira and Carmen Fernandez-Gago and Javier Lopez and Evangelos Markatos and Lejla Islami and Mahdi Akil},
url = {/wp-content/papers/Alcaraz2021a.pdf
https://www.sciencedirect.com/science/article/pii/S2214212621001381},
doi = {10.1016/j.jisa.2021.102916},
issn = {2214-2126},
year = {2021},
date = {2021-09-01},
urldate = {2021-09-01},
journal = {Journal of Information Security and Applications},
volume = {61},
number = {102916},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cristina Alcaraz, Jesus Cumplido, Alicia Triviño
Monitorización Segura en Infraestructuras de Carga de Vehículos Eléctricos Frente a Ciber-Ataques
In: Actas del XII International Greencities Congress, Greencities, Inteligencia y Sostenibilidad Urbana, & S-Moving, Movilidad Inteligente y Sostenible, pp. 17-30, FYCMA – Palacio de Ferias y Congresos de Málaga, 2021, ISBN: 978-84-09-19596-1.
@inproceedings{Alcaraz2021m,
title = {Monitorizaci\'{o}n Segura en Infraestructuras de Carga de Veh\'{i}culos El\'{e}ctricos Frente a Ciber-Ataques},
author = {Cristina Alcaraz and Jesus Cumplido and Alicia Trivi\~{n}o},
isbn = {978-84-09-19596-1},
year = {2021},
date = {2021-09-01},
urldate = {2021-09-01},
booktitle = {Actas del XII International Greencities Congress, Greencities, Inteligencia y Sostenibilidad Urbana, \& S-Moving, Movilidad Inteligente y Sostenible},
pages = {17-30},
publisher = {FYCMA - Palacio de Ferias y Congresos de M\'{a}laga},
abstract = {Para alcanzar los objetivos de reducci\'{o}n de emisiones contaminantes, se est\'{a} fomentando en la actualidad la inclusi\'{o}n de nuevas t\'{e}cnicas de generaci\'{o}n, producci\'{o}n y consumo de energ\'{i}a renovable junto con el despliegue eficaz de nuevas t\'{e}cnicas en las redes el\'{e}ctricas inteligentes. Entre estas t\'{e}cnicas, nos encontramos con la gesti\'{o}n de Veh\'{i}culos El\'{e}ctricos (VE) e infraestructuras de Puntos de Carga (PC), que impulsan la movilidad sostenible y act\'{u}an como cargas controlables o como generadores potenciales. Aunque existe mucho inter\'{e}s por desplegar estos tipos de infraestructuras debido a los motivos anteriores, \'{e}stas son muy susceptibles a m\'{u}ltiples tipos de amenazas, especialmente las infraestructuras de PC al ser sistemas que se despliegan en zonas abiertas y accesibles por el p\'{u}blico en general, lo que conlleva a diversos riesgos de seguridad. En la literatura, ya hay varios estudios realizados que demuestran c\'{o}mo las infraestructuras de carga y sus modos de control pueden ser susceptibles a m\'{u}ltiples tipos de ataques, la mayor\'{i}a de ellos causados por el modo de configuraci\'{o}n y el despliegue de los PC y sus infraestructuras de comunicaci\'{o}n para el control.
Dado este escenario, este art\'{i}culo presenta los objetivos de “Urban Lab II”, un proyecto de la Universidad de M\'{a}laga (UMA) que aborda todos estos problemas de seguridad, teniendo en cuenta los beneficios que las nuevas tecnolog\'{i}as de informaci\'{o}n pueden aportar para anticipar anomal\'{i}as o el mal uso de los recursos. Dentro de este proyecto, se han identificado como dos amenazas relevantes relacionadas con las infraestructuras de carga, que son: (i) sobrecalentamiento de componentes por alteraciones maliciosas en los flujos de potencia y (ii) robo de energ\'{i}a y fraude econ\'{o}mico. Para hacer frente a estas amenazas, el presente art\'{i}culo tambi\'{e}n identifica, por un lado, los requisitos de seguridad m\'{a}s representativos que prevengan estas dos amenazas. Adem\'{a}s, se completa este estudio detallando las tecnolog\'{i}as habilitadoras que faciliten no solo la gesti\'{o}n y la monitorizaci\'{o}n eficiente de la energ\'{i}a, sino los objetivos primordiales de estos desaf\'{i}os de seguridad.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Para alcanzar los objetivos de reducción de emisiones contaminantes, se está fomentando en la actualidad la inclusión de nuevas técnicas de generación, producción y consumo de energía renovable junto con el despliegue eficaz de nuevas técnicas en las redes eléctricas inteligentes. Entre estas técnicas, nos encontramos con la gestión de Vehículos Eléctricos (VE) e infraestructuras de Puntos de Carga (PC), que impulsan la movilidad sostenible y actúan como cargas controlables o como generadores potenciales. Aunque existe mucho interés por desplegar estos tipos de infraestructuras debido a los motivos anteriores, éstas son muy susceptibles a múltiples tipos de amenazas, especialmente las infraestructuras de PC al ser sistemas que se despliegan en zonas abiertas y accesibles por el público en general, lo que conlleva a diversos riesgos de seguridad. En la literatura, ya hay varios estudios realizados que demuestran cómo las infraestructuras de carga y sus modos de control pueden ser susceptibles a múltiples tipos de ataques, la mayoría de ellos causados por el modo de configuración y el despliegue de los PC y sus infraestructuras de comunicación para el control.
Dado este escenario, este artículo presenta los objetivos de “Urban Lab II”, un proyecto de la Universidad de Málaga (UMA) que aborda todos estos problemas de seguridad, teniendo en cuenta los beneficios que las nuevas tecnologías de información pueden aportar para anticipar anomalías o el mal uso de los recursos. Dentro de este proyecto, se han identificado como dos amenazas relevantes relacionadas con las infraestructuras de carga, que son: (i) sobrecalentamiento de componentes por alteraciones maliciosas en los flujos de potencia y (ii) robo de energía y fraude económico. Para hacer frente a estas amenazas, el presente artículo también identifica, por un lado, los requisitos de seguridad más representativos que prevengan estas dos amenazas. Además, se completa este estudio detallando las tecnologías habilitadoras que faciliten no solo la gestión y la monitorización eficiente de la energía, sino los objetivos primordiales de estos desafíos de seguridad.
Dado este escenario, este artículo presenta los objetivos de “Urban Lab II”, un proyecto de la Universidad de Málaga (UMA) que aborda todos estos problemas de seguridad, teniendo en cuenta los beneficios que las nuevas tecnologías de información pueden aportar para anticipar anomalías o el mal uso de los recursos. Dentro de este proyecto, se han identificado como dos amenazas relevantes relacionadas con las infraestructuras de carga, que son: (i) sobrecalentamiento de componentes por alteraciones maliciosas en los flujos de potencia y (ii) robo de energía y fraude económico. Para hacer frente a estas amenazas, el presente artículo también identifica, por un lado, los requisitos de seguridad más representativos que prevengan estas dos amenazas. Además, se completa este estudio detallando las tecnologías habilitadoras que faciliten no solo la gestión y la monitorización eficiente de la energía, sino los objetivos primordiales de estos desafíos de seguridad.
Javier Lopez, Juan E. Rubio, Cristina Alcaraz
Digital Twins for Intelligent Authorization in the B5G-enabled Smart Grid
In: IEEE Wireless Communications, vol. 28, pp. 48-55, 2021, ISSN: 1536-1284.
@article{lopez2020,
title = {Digital Twins for Intelligent Authorization in the B5G-enabled Smart Grid},
author = {Javier Lopez and Juan E. Rubio and Cristina Alcaraz},
url = {/wp-content/papers/lopez2020.pdf
https://ieeexplore.ieee.org/document/9430900},
doi = {10.1109/MWC.001.2000336},
issn = {1536-1284},
year = {2021},
date = {2021-04-01},
urldate = {2021-04-01},
journal = {IEEE Wireless Communications},
volume = {28},
pages = {48-55},
publisher = {IEEE},
abstract = {Beyond fifth generation (B5G) communication networks and computation paradigms in the edge are expected to be integrated into power grid infrastructures over the coming years. In this sense, AI technologies will play a fundamental role to efficiently manage dynamic information flows of future applications, which impacts the authorization policies applied in such a complex scenario. This article studies how digital twins can evolve their context awareness capabilities and simulation technologies to anticipate faults or to detect cyber-security issues in real time, and update access control policies accordingly. Our study analyzes the evolution of monitoring platforms and architecture decentralization, including the application of machine learning and blockchain technologies in the smart grid, toward the goal of implementing autonomous and self-learning agents in the medium and long term. We conclude this study with future challenges on applying digital twins to B5G-based smart grid deployments.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Beyond fifth generation (B5G) communication networks and computation paradigms in the edge are expected to be integrated into power grid infrastructures over the coming years. In this sense, AI technologies will play a fundamental role to efficiently manage dynamic information flows of future applications, which impacts the authorization policies applied in such a complex scenario. This article studies how digital twins can evolve their context awareness capabilities and simulation technologies to anticipate faults or to detect cyber-security issues in real time, and update access control policies accordingly. Our study analyzes the evolution of monitoring platforms and architecture decentralization, including the application of machine learning and blockchain technologies in the smart grid, toward the goal of implementing autonomous and self-learning agents in the medium and long term. We conclude this study with future challenges on applying digital twins to B5G-based smart grid deployments.
Juan E. Rubio, Cristina Alcaraz, Javier Lopez
Game Theory-Based Approach for Defense against APTs
In: 18th International Conference on Applied Cryptography and Network Security (ACNS’20), pp. 297-320, Springer Springer, 2020, ISBN: 978-3-030-57878-7.
BibTeX | Links:
@inproceedings{1840,
title = {Game Theory-Based Approach for Defense against APTs},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1840.pdf},
doi = {10.1007/978-3-030-57878-7_15},
isbn = {978-3-030-57878-7},
year = {2020},
date = {2020-10-01},
urldate = {2020-10-01},
booktitle = {18th International Conference on Applied Cryptography and Network Security (ACNS’20)},
volume = {12147},
pages = {297-320},
publisher = {Springer},
organization = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Juan E. Rubio, Cristina Alcaraz, Ruben Rios, Rodrigo Roman, Javier Lopez
Distributed Detection of APTs: Consensus vs. Clustering
In: 25th European Symposium on Research in Computer Security (ESORICS 2020), pp. 174-192, 2020, ISBN: 978-3-030-58951-6.
BibTeX | Links:
@inproceedings{1846,
title = {Distributed Detection of APTs: Consensus vs. Clustering},
author = {Juan E. Rubio and Cristina Alcaraz and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1846.pdf},
doi = {10.1007/978-3-030-58951-6_9},
isbn = {978-3-030-58951-6},
year = {2020},
date = {2020-09-01},
urldate = {2020-09-01},
booktitle = {25th European Symposium on Research in Computer Security (ESORICS 2020)},
volume = {12308},
pages = {174-192},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cristina Alcaraz, Juan E. Rubio, Javier Lopez
Blockchain-Assisted Access for Federated Smart Grid Domains: Coupling and Features
In: Journal of Parallel and Distributed Computing, vol. 144, pp. 124-135, 2020, ISSN: 0743-7315.
BibTeX | Links:
@article{Alcaraz2020a,
title = {Blockchain-Assisted Access for Federated Smart Grid Domains: Coupling and Features},
author = {Cristina Alcaraz and Juan E. Rubio and Javier Lopez},
url = {/wp-content/papers/Alcaraz2020a.pdf},
issn = {0743-7315},
year = {2020},
date = {2020-06-01},
urldate = {2020-06-01},
journal = {Journal of Parallel and Distributed Computing},
volume = {144},
pages = {124-135},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cristina Alcaraz, Giuseppe Bernieri, Federica Pascucci, Javier Lopez, Roberto Setola
Covert Channels-based Stealth Attacks in Industry 4.0
In: IEEE Systems Journal., vol. 13, pp. 3980-3988, 2019, ISSN: 1932-8184.
@article{alcaraz2019a,
title = {Covert Channels-based Stealth Attacks in Industry 4.0},
author = {Cristina Alcaraz and Giuseppe Bernieri and Federica Pascucci and Javier Lopez and Roberto Setola},
url = {/wp-content/papers/alcaraz2019a.pdf
https://ieeexplore.ieee.org/document/8715420?source=authoralert},
doi = {10.1109/JSYST.2019.2912308},
issn = {1932-8184},
year = {2019},
date = {2019-12-01},
urldate = {2019-12-01},
journal = {IEEE Systems Journal.},
volume = {13},
pages = {3980-3988},
publisher = {IEEE},
abstract = {Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to the serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive attacks (i.e. data exfiltration and command an control, respectively) are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats, and the easy extrapolation of the attacks to other types of channels in order to show the new risks for Industry 4.0. Related to this, we discuss some countermeasures to offer an overview of possible mitigation and defense measures.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to the serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive attacks (i.e. data exfiltration and command an control, respectively) are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats, and the easy extrapolation of the attacks to other types of channels in order to show the new risks for Industry 4.0. Related to this, we discuss some countermeasures to offer an overview of possible mitigation and defense measures.
Juan E. Rubio, Cristina Alcaraz, Rodrigo Roman, Javier Lopez
Current Cyber-Defense Trends in Industrial Control Systems
In: Computers & Security Journal, vol. 87, 2019, ISSN: 0167-4048.
@article{rub2019cose,
title = {Current Cyber-Defense Trends in Industrial Control Systems},
author = {Juan E. Rubio and Cristina Alcaraz and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/rub2019cose.pdf},
doi = {10.1016/j.cose.2019.06.015},
issn = {0167-4048},
year = {2019},
date = {2019-11-01},
urldate = {2019-11-01},
journal = {Computers \& Security Journal},
volume = {87},
publisher = {Elsevier},
abstract = {Advanced Persistent Threats (APTs) have become a serious hazard for any critical infrastructure, as a single solution to protect all industrial assets from these complex attacks does not exist. It is then essential to understand what are the defense mechanisms that can be used as a first line of defense. For this purpose, this article will firstly study the spectrum of attack vectors that APTs can use against existing and novel elements of an industrial ecosystem. Afterwards, this article will provide an analysis of the evolution and applicability of Intrusion Detection Systems (IDS) that have been proposed in both the industry and academia.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Advanced Persistent Threats (APTs) have become a serious hazard for any critical infrastructure, as a single solution to protect all industrial assets from these complex attacks does not exist. It is then essential to understand what are the defense mechanisms that can be used as a first line of defense. For this purpose, this article will firstly study the spectrum of attack vectors that APTs can use against existing and novel elements of an industrial ecosystem. Afterwards, this article will provide an analysis of the evolution and applicability of Intrusion Detection Systems (IDS) that have been proposed in both the industry and academia.
Juan E. Rubio, Mark Manulis, Cristina Alcaraz, Javier Lopez
Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics
In: European Symposium on Research in Computer Security (ESORICS2019), pp. 263-280, 2019.
BibTeX | Links:
@inproceedings{RubioESORICS2019,
title = {Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics},
author = {Juan E. Rubio and Mark Manulis and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/RubioESORICS2019.pdf},
doi = {10.1007/978-3-030-29962-0_13},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
booktitle = {European Symposium on Research in Computer Security (ESORICS2019)},
volume = {11736},
pages = {263-280},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Juan E. Rubio, Rodrigo Roman, Cristina Alcaraz, Yan Zhang
Tracking APTs in Industrial Ecosystems: A Proof of Concept
In: Journal of Computer Security, vol. 27, pp. 521-546, 2019, ISSN: 0167-4048.
BibTeX | Links:
@article{RubioSIJCS19,
title = {Tracking APTs in Industrial Ecosystems: A Proof of Concept},
author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang},
url = {/wp-content/papers/RubioSIJCS19.pdf},
issn = {0167-4048},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
journal = {Journal of Computer Security},
volume = {27},
pages = {521-546},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cristina Alcaraz
Security and Privacy Trends in the Industrial Internet of Things
Springer, 2019, ISBN: 978-3-030-12330-7.
BibTeX | Links:
@book{1776,
title = {Security and Privacy Trends in the Industrial Internet of Things},
author = {Cristina Alcaraz},
url = {https://www.springer.com/gp/book/9783030123291},
isbn = {978-3-030-12330-7},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
publisher = {Springer},
organization = {Springer},
series = {Advanced Sciences and Technologies for Security Applications},
keywords = {},
pubstate = {published},
tppubtype = {book}
}
Cristina Alcaraz, Javier Lopez
A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability
In: IEEE Systems Journal, vol. 12, pp. 3543-3554, 2018, ISSN: 1932-8184.
@article{alcarazlopez-IEEESystems-2017,
title = {A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcarazlopez-IEEESystems-2017.pdf
http://ieeexplore.ieee.org/document/8057984/},
doi = {10.1109/JSYST.2017.2740719},
issn = {1932-8184},
year = {2018},
date = {2018-12-01},
urldate = {2018-12-01},
journal = {IEEE Systems Journal},
volume = {12},
pages = {3543-3554},
publisher = {IEEE},
abstract = {The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.
Juan E. Rubio, Rodrigo Roman, Cristina Alcaraz, Yan Zhang
Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics
In: European Symposium on Research in Computer Security (ESORICS 2018), pp. 555-574, Springer Springer, Barcelona, Spain, 2018.
@inproceedings{RubioRomanAlcarazZhang2018,
title = {Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics},
author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang},
url = {/wp-content/papers/RubioRomanAlcarazZhang2018.pdf
https://link.springer.com/chapter/10.1007/978-3-319-99073-6_27, },
doi = {10.1007/978-3-319-99073-6_27},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
booktitle = {European Symposium on Research in Computer Security (ESORICS 2018)},
volume = {11098},
pages = {555-574},
publisher = {Springer},
address = {Barcelona, Spain},
organization = {Springer},
abstract = {Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.
Javier Lopez, Juan E. Rubio, Cristina Alcaraz
A Resilient Architecture for the Smart Grid
In: IEEE Transactions on Industrial Informatics, vol. 14, pp. 3745-3753, 2018, ISSN: 1551-3203.
@article{transactionInformaticsSG2018,
title = {A Resilient Architecture for the Smart Grid},
author = {Javier Lopez and Juan E. Rubio and Cristina Alcaraz},
url = {/wp-content/papers/transactionInformaticsSG2018.pdf},
doi = {10.1109/TII.2018.2826226},
issn = {1551-3203},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
journal = {IEEE Transactions on Industrial Informatics},
volume = {14},
pages = {3745-3753},
publisher = {IEEE},
abstract = {The Smart Grid offers many benefits due to the bidirectional communication between the users and the utility company, which makes it possible to perform a fine-grain consumption metering. This can be used for Demand Response purposes with the generation and delivery of electricity in real time. It is essential to rapidly anticipate high peaks of demand or potential attacks, so as to avoid power outages and denial of service, while effectively supplying consumption areas. In this paper, we propose a novel architecture where cloud computing resources are leveraged (and tested in practice) to enable, on the one hand, the consumption prediction through time series forecasting, as well as load balancing to uniformly distribute the demand over a set of available generators. On the other and, it also allows the detection of connectivity losses and intrusions within the control network by using controllability concepts.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Smart Grid offers many benefits due to the bidirectional communication between the users and the utility company, which makes it possible to perform a fine-grain consumption metering. This can be used for Demand Response purposes with the generation and delivery of electricity in real time. It is essential to rapidly anticipate high peaks of demand or potential attacks, so as to avoid power outages and denial of service, while effectively supplying consumption areas. In this paper, we propose a novel architecture where cloud computing resources are leveraged (and tested in practice) to enable, on the one hand, the consumption prediction through time series forecasting, as well as load balancing to uniformly distribute the demand over a set of available generators. On the other and, it also allows the detection of connectivity losses and intrusions within the control network by using controllability concepts.
Ioannis Stellios, Panayiotis Kotzanikolaou, Mihalis Psarakis, Cristina Alcaraz, Javier Lopez
Survey of IoT-enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services
In: IEEE Communications Surveys and Tutorials, vol. 20, pp. 3453-3495, 2018, ISSN: 1553-877X.
@article{IonnaisPanosMihalisAlcarazLopez2018,
title = {Survey of IoT-enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services},
author = {Ioannis Stellios and Panayiotis Kotzanikolaou and Mihalis Psarakis and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/IonnaisPanosMihalisAlcarazLopez2018.pdf
https://ieeexplore.ieee.org/document/8410404},
doi = {10.1109/COMST.2018.2855563},
issn = {1553-877X},
year = {2018},
date = {2018-07-01},
urldate = {2018-07-01},
journal = {IEEE Communications Surveys and Tutorials},
volume = {20},
pages = {3453-3495},
publisher = {IEEE},
abstract = {As the deployment of Internet of Things (IoT) is experiencing an exponential growth, it is no surprise that many recent cyber attacks are IoT-enabled: The attacker initially exploits some vulnerable IoT technology as a first step towards compromising a critical system that is connected, in some way, with the IoT. For some sectors, like industry, smart grids, transportation and medical services, the significance of such attacks is obvious, since IoT technologies are part of critical backend systems. However, in sectors where IoT is usually at the enduser side, like smart homes, such attacks can be underestimated, since not all possible attack paths are examined. In this paper we survey IoT-enabled cyber attacks, found in all application domains since 2010. For each sector, we emphasize on the latest, verified IoT-enabled attacks, based on known real-world incidents and published proof-of-concept attacks. We methodologically analyze representative attacks that demonstrate direct, indirect and subliminal attack paths against critical targets. Our goal is threefold: (i) To assess IoT-enabled cyber attacks in a risk-like approach, in order to demonstrate their current threat landscape; (ii) To identify hidden and subliminal IoT-enabled attack paths against critical infrastructures and services, and (iii) To examine mitigation strategies for all application domains.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
As the deployment of Internet of Things (IoT) is experiencing an exponential growth, it is no surprise that many recent cyber attacks are IoT-enabled: The attacker initially exploits some vulnerable IoT technology as a first step towards compromising a critical system that is connected, in some way, with the IoT. For some sectors, like industry, smart grids, transportation and medical services, the significance of such attacks is obvious, since IoT technologies are part of critical backend systems. However, in sectors where IoT is usually at the enduser side, like smart homes, such attacks can be underestimated, since not all possible attack paths are examined. In this paper we survey IoT-enabled cyber attacks, found in all application domains since 2010. For each sector, we emphasize on the latest, verified IoT-enabled attacks, based on known real-world incidents and published proof-of-concept attacks. We methodologically analyze representative attacks that demonstrate direct, indirect and subliminal attack paths against critical targets. Our goal is threefold: (i) To assess IoT-enabled cyber attacks in a risk-like approach, in order to demonstrate their current threat landscape; (ii) To identify hidden and subliminal IoT-enabled attack paths against critical infrastructures and services, and (iii) To examine mitigation strategies for all application domains.
Lorena Cazorla, Cristina Alcaraz, Javier Lopez
Cyber Stealth Attacks in Critical Information Infrastructures
In: IEEE Systems Journal, vol. 12, pp. 1778-1792, 2018, ISSN: 1932-8184.
@article{cazorla2016cyber,
title = {Cyber Stealth Attacks in Critical Information Infrastructures},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/cazorla2016cyber.pdf
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=7445136\&isnumber=8350419},
doi = {10.1109/JSYST.2015.2487684},
issn = {1932-8184},
year = {2018},
date = {2018-06-01},
urldate = {2018-06-01},
journal = {IEEE Systems Journal},
volume = {12},
pages = {1778-1792},
publisher = {IEEE},
abstract = {Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.
Cristina Alcaraz
Cloud-Assisted Dynamic Resilience for Cyber-Physical Control Systems
In: IEEE Wireless Communications, vol. 25, no. 1, pp. 76-82, 2018, ISSN: 1536-1284.
BibTeX | Links:
@article{Alcaraz2018a,
title = {Cloud-Assisted Dynamic Resilience for Cyber-Physical Control Systems},
author = {Cristina Alcaraz},
url = {/wp-content/papers/Alcaraz2018a.pdf
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=8304395\&isnumber=8304374},
doi = {10.1109/MWC.2018.1700231},
issn = {1536-1284},
year = {2018},
date = {2018-02-01},
urldate = {2018-02-01},
journal = {IEEE Wireless Communications},
volume = {25},
number = {1},
pages = {76-82},
publisher = {IEEE},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cristina Alcaraz
Resilient Industrial Control Systems based on Multiple Redundancy
In: International Journal of Critical Infrastructures (IJCIS), vol. 13, no. 2/3, pp. 278 – 295, 2017, ISSN: 1741-8038.
@article{Alcaraz_2017_IJCIS,
title = {Resilient Industrial Control Systems based on Multiple Redundancy},
author = {Cristina Alcaraz},
doi = {10.1504/IJCIS.2017.10009287},
issn = {1741-8038},
year = {2017},
date = {2017-11-01},
urldate = {2017-11-01},
journal = {International Journal of Critical Infrastructures (IJCIS)},
volume = {13},
number = {2/3},
pages = {278 - 295},
publisher = {Inderscience Publisher},
address = {London, UK},
abstract = {The incessant search for cost-effective recovery solutions for structural controllability has led to one of the most challenging research areas within the field of critical infrastructure protection. The resilience of large heterogeneous distributions, like industrial control scenarios, is proving to be a complicated mission due to the inherent non-locality problems of structural controllability and its susceptibility to advanced threats. To address these issues, this paper proposes a new repair approach based on multiple redundant pathways and the lessons learnt from the work presented in [1]. From [1], we have adapted the local measures, to combine them with each of the five strategies of remote reconnection described in this paper. To validate the sustainability of the combined approaches, two practical case studies are presented here, showing that a local dependence on a brother driver node together with remote dependence is enough to reach optimal states in linear times.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The incessant search for cost-effective recovery solutions for structural controllability has led to one of the most challenging research areas within the field of critical infrastructure protection. The resilience of large heterogeneous distributions, like industrial control scenarios, is proving to be a complicated mission due to the inherent non-locality problems of structural controllability and its susceptibility to advanced threats. To address these issues, this paper proposes a new repair approach based on multiple redundant pathways and the lessons learnt from the work presented in [1]. From [1], we have adapted the local measures, to combine them with each of the five strategies of remote reconnection described in this paper. To validate the sustainability of the combined approaches, two practical case studies are presented here, showing that a local dependence on a brother driver node together with remote dependence is enough to reach optimal states in linear times.
Cristina Alcaraz, Javier Lopez, Kim-Kwang Raymond Choo
Resilient Interconnection in Cyber-Physical Control Systems
In: Computers & Security, vol. 71, pp. 2-14, 2017, ISSN: 0167-4048.
@article{Alcaraz2017COSE,
title = {Resilient Interconnection in Cyber-Physical Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo},
url = {/wp-content/papers/Alcaraz2017COSE.pdf
http://www.sciencedirect.com/science/article/pii/S0167404817300573},
doi = {10.1016/j.cose.2017.03.004},
issn = {0167-4048},
year = {2017},
date = {2017-11-01},
urldate = {2017-11-01},
journal = {Computers \& Security},
volume = {71},
pages = {2-14},
publisher = {Elsevier},
abstract = {Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.
Juan E. Rubio, Cristina Alcaraz, Javier Lopez
Recommender System for Privacy-Preserving Solutions in Smart Metering
In: Pervasive and Mobile Computing, vol. 41, pp. 205-218, 2017, ISSN: 1574-1192.
@article{rubiorecommender17,
title = {Recommender System for Privacy-Preserving Solutions in Smart Metering},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/rubiorecommender17.pdf},
issn = {1574-1192},
year = {2017},
date = {2017-10-01},
urldate = {2017-10-01},
journal = {Pervasive and Mobile Computing},
volume = {41},
pages = {205-218},
publisher = {Pervasive and Mobile Computing},
abstract = {Nowadays, Smart Grid is envisaged to provide several benefits to both customers and grid operators. However, Smart Meters introduce many privacy issues if consumption data is analysed. In this paper we analyse the main techniques that address privacy when collecting electricity readings. In addition to privacy, it is equally important to preserve efficiency to carry on with monitoring operations, so further control requirements and communication protocols are also studied. Our aim is to provide guidance to installers who intend to integrate such mechanisms on the grid, presenting an expert system to recommend an appropriate deployment strategy.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nowadays, Smart Grid is envisaged to provide several benefits to both customers and grid operators. However, Smart Meters introduce many privacy issues if consumption data is analysed. In this paper we analyse the main techniques that address privacy when collecting electricity readings. In addition to privacy, it is equally important to preserve efficiency to carry on with monitoring operations, so further control requirements and communication protocols are also studied. Our aim is to provide guidance to installers who intend to integrate such mechanisms on the grid, presenting an expert system to recommend an appropriate deployment strategy.
Juan E. Rubio, Cristina Alcaraz, Javier Lopez
Preventing Advanced Persistent Threats in Complex Control Networks
In: European Symposium on Research in Computer Security, pp. 402-418, 22nd European Symposium on Research in Computer Security (ESORICS 2017) 22nd European Symposium on Research in Computer Security (ESORICS 2017), 2017.
BibTeX | Links:
@inproceedings{RubioAlcarazLopez2017ESORICS,
title = {Preventing Advanced Persistent Threats in Complex Control Networks},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/RubioAlcarazLopez2017ESORICS.pdf},
year = {2017},
date = {2017-09-01},
urldate = {2017-09-01},
booktitle = {European Symposium on Research in Computer Security},
volume = {10493},
pages = {402-418},
publisher = {22nd European Symposium on Research in Computer Security (ESORICS 2017)},
organization = {22nd European Symposium on Research in Computer Security (ESORICS 2017)},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cristina Alcaraz, Javier Lopez, Stephen Wolthusen
OCPP Protocol: Security Threats and Challenges
In: IEEE Transactions on Smart Grid, vol. 8, pp. 2452 – 2459, 2017, ISSN: 1949-3053.
@article{AlcarazLopezWolthusen2017,
title = {OCPP Protocol: Security Threats and Challenges},
author = {Cristina Alcaraz and Javier Lopez and Stephen Wolthusen},
url = {/wp-content/papers/AlcarazLopezWolthusen2017.pdf},
doi = {10.1109/TSG.2017.2669647},
issn = {1949-3053},
year = {2017},
date = {2017-02-01},
urldate = {2017-02-01},
journal = {IEEE Transactions on Smart Grid},
volume = {8},
pages = {2452 - 2459},
publisher = {IEEE},
abstract = {One benefit postulated for the adoption of Electric Vehicles (EVs) is their ability to act as stabilizing entities in smart grids through bi-directional charging, allowing local or global smoothing of peaks and imbalances. This benefit, however, hinges indirectly on the reliability and security of the power flows thus achieved. Therefore this paper studies key security properties of the alreadydeployed Open Charge Point Protocol (OCPP) specifying communication between charging points and energy management systems. It is argued that possible subversion or malicious endpoints in the protocol can also lead to destabilization of power networks. Whilst reviewing these aspects, we focus, from a theoretical and practical standpoint, on attacks that interfere with resource reservation originating with the EV, which may also be initiated by a man in the middle, energy theft or fraud. Such attacks may even be replicated widely, resulting in over- or undershooting of power network provisioning, or the (total/partial) disintegration of the integrity and stability of power networks.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
One benefit postulated for the adoption of Electric Vehicles (EVs) is their ability to act as stabilizing entities in smart grids through bi-directional charging, allowing local or global smoothing of peaks and imbalances. This benefit, however, hinges indirectly on the reliability and security of the power flows thus achieved. Therefore this paper studies key security properties of the alreadydeployed Open Charge Point Protocol (OCPP) specifying communication between charging points and energy management systems. It is argued that possible subversion or malicious endpoints in the protocol can also lead to destabilization of power networks. Whilst reviewing these aspects, we focus, from a theoretical and practical standpoint, on attacks that interfere with resource reservation originating with the EV, which may also be initiated by a man in the middle, energy theft or fraud. Such attacks may even be replicated widely, resulting in over- or undershooting of power network provisioning, or the (total/partial) disintegration of the integrity and stability of power networks.
Juan E. Rubio, Cristina Alcaraz, Rodrigo Roman, Javier Lopez
Analysis of Intrusion Detection Systems in Industrial Ecosystems
In: 14th International Conference on Security and Cryptography (SECRYPT 2017), pp. 116-128, SciTePress SciTePress, 2017, ISBN: 978-989-758-259-2.
BibTeX | Links:
@inproceedings{1662,
title = {Analysis of Intrusion Detection Systems in Industrial Ecosystems},
author = {Juan E. Rubio and Cristina Alcaraz and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1662.pdf},
doi = {10.5220/0006426301160128},
isbn = {978-989-758-259-2},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {14th International Conference on Security and Cryptography (SECRYPT 2017)},
volume = {6},
pages = {116-128},
publisher = {SciTePress},
organization = {SciTePress},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cristina Alcaraz, Lorena Cazorla, Javier Lopez
Cyber-Physical Systems for Wide-Area Situational Awareness
In: Cyber-Physical Systems: Foundations, Principles and Applications, pp. 305 – 317, Academic Press, Boston, 2017, ISBN: 978-0-12-803801-7.
@incollection{1590,
title = {Cyber-Physical Systems for Wide-Area Situational Awareness},
author = {Cristina Alcaraz and Lorena Cazorla and Javier Lopez},
url = {/wp-content/papers/1590.pdf},
doi = {10.1016/B978-0-12-803801-7.00020-1},
isbn = {978-0-12-803801-7},
year = {2017},
date = {2017-00-01},
urldate = {2017-00-01},
booktitle = {Cyber-Physical Systems: Foundations, Principles and Applications},
pages = {305 - 317},
publisher = {Academic Press},
address = {Boston},
chapter = {20},
organization = {Academic Press},
series = {Intelligent Data-Centric Systems},
abstract = {Abstract Cyber-physical systems (CPSs), integrated in critical infrastructures, could provide the minimal services that traditional situational awareness (SA) systems demand. However, their application in SA solutions for the protection of large control distributions against unforeseen faults may be insufficient. Dynamic protection measures have to be provided not only to locally detect unplanned deviations but also to prevent, respond, and restore from these deviations. The provision of these services as an integral part of the SA brings about a new research field known as wide-area situational awareness (WASA), highly dependent on CPSs for control from anywhere across multiple interconnections, and at any time. Thus, we review the state-of-the art of this new paradigm, exploring the different preventive and corrective measures considering the heterogeneity of CPSs, resulting in a guideline for the construction of automated WASA systems.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Abstract Cyber-physical systems (CPSs), integrated in critical infrastructures, could provide the minimal services that traditional situational awareness (SA) systems demand. However, their application in SA solutions for the protection of large control distributions against unforeseen faults may be insufficient. Dynamic protection measures have to be provided not only to locally detect unplanned deviations but also to prevent, respond, and restore from these deviations. The provision of these services as an integral part of the SA brings about a new research field known as wide-area situational awareness (WASA), highly dependent on CPSs for control from anywhere across multiple interconnections, and at any time. Thus, we review the state-of-the art of this new paradigm, exploring the different preventive and corrective measures considering the heterogeneity of CPSs, resulting in a guideline for the construction of automated WASA systems.
Cristina Alcaraz, Javier Lopez
Safeguarding Structural Controllability in Cyber-Physical Control Systems
In: The 21st European Symposium on Research in Computer Security (ESORICS 2016), pp. 471-489, Springer Springer, Crete, Greece, 2016, ISBN: 978-3-319-45741-3.
@inproceedings{1598,
title = {Safeguarding Structural Controllability in Cyber-Physical Control Systems},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1598.pdf},
isbn = {978-3-319-45741-3},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
booktitle = {The 21st European Symposium on Research in Computer Security (ESORICS 2016)},
volume = {9879},
pages = {471-489},
publisher = {Springer},
address = {Crete, Greece},
organization = {Springer},
abstract = {Automatic restoration of control wireless networks based on dynamic cyber-physical systems has become a hot topic in recent years, since most of their elements tend to have serious vulnerabilities that may be exploited by attackers. In fact, any exploitation may rapidly extend to the entire control network due to its problem of non-locality, where control properties of a system and its structural controllability can disintegrate over time. Unfortunately, automated self-healing processes may become costly procedures in which the reliability of the strategies and the time-critical of any recovery of the control can become key factors to re-establish the control properties in due time. This operational need is precisely the aim of this paper, in which four reachability-based recovery strategies from a thereotical point of view are proposed so as to find the best option/s in terms of optimization, robustness and complexity. To do this, new definitions related to structural controllability in relation to the type of distribution of the network and its control load capacity are given in this paper, resulting in an interesting practical study.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Automatic restoration of control wireless networks based on dynamic cyber-physical systems has become a hot topic in recent years, since most of their elements tend to have serious vulnerabilities that may be exploited by attackers. In fact, any exploitation may rapidly extend to the entire control network due to its problem of non-locality, where control properties of a system and its structural controllability can disintegrate over time. Unfortunately, automated self-healing processes may become costly procedures in which the reliability of the strategies and the time-critical of any recovery of the control can become key factors to re-establish the control properties in due time. This operational need is precisely the aim of this paper, in which four reachability-based recovery strategies from a thereotical point of view are proposed so as to find the best option/s in terms of optimization, robustness and complexity. To do this, new definitions related to structural controllability in relation to the type of distribution of the network and its control load capacity are given in this paper, resulting in an interesting practical study.
Cristina Alcaraz, Javier Lopez, Stephen Wolthusen
Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems
In: Journal of Network and Computer Applications, vol. 59, pp. 301–314, 2016, ISSN: 1084-8045.
@article{alcaraz2016POL,
title = {Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems},
author = {Cristina Alcaraz and Javier Lopez and Stephen Wolthusen},
url = {/wp-content/papers/alcaraz2016POL.pdf},
issn = {1084-8045},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
journal = {Journal of Network and Computer Applications},
volume = {59},
pages = {301\textendash314},
publisher = {Elsevier},
abstract = {Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the emphrole-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on emphstructural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the emphsupernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the emphinteroperability.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the emphrole-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on emphstructural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the emphsupernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the emphinteroperability.
Cristina Alcaraz, Javier Lopez, Kim-Kwang Raymond Choo
Dynamic Restoration in Interconnected RBAC-based Cyber-Physical Control Systems
In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (SECRYPT 2016), pp. 19-27, Lisboa, 2016, ISBN: 978-989-758-196-0.
@inproceedings{1585,
title = {Dynamic Restoration in Interconnected RBAC-based Cyber-Physical Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo},
url = {/wp-content/papers/1585.pdf},
doi = {10.5220/0005942000190027},
isbn = {978-989-758-196-0},
year = {2016},
date = {2016-00-01},
urldate = {2016-00-01},
booktitle = {Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (SECRYPT 2016)},
pages = {19-27},
address = {Lisboa},
abstract = {Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).
Cristina Alcaraz, Lorena Cazorla, Gerardo Fernandez
Context-Awareness using Anomaly-based Detectors for Smart Grid Domains
In: 9th International Conference on Risks and Security of Internet and Systems, pp. 17-34, Springer International Publishing Springer International Publishing, Trento, 2015, ISBN: 978-3-319-17126-5.
@inproceedings{931,
title = {Context-Awareness using Anomaly-based Detectors for Smart Grid Domains},
author = {Cristina Alcaraz and Lorena Cazorla and Gerardo Fernandez},
url = {/wp-content/papers/931.pdf
http://link.springer.com/chapter/10.1007%2F978-3-319-17127-2_2$#$},
doi = {10.1007/978-3-319-17127-2_2},
isbn = {978-3-319-17126-5},
year = {2015},
date = {2015-04-01},
urldate = {2015-04-01},
booktitle = {9th International Conference on Risks and Security of Internet and Systems},
volume = {8924},
pages = {17-34},
publisher = {Springer International Publishing},
address = {Trento},
organization = {Springer International Publishing},
abstract = {Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.
Lorena Cazorla, Cristina Alcaraz, Javier Lopez
Awareness and Reaction Strategies for Critical Infrastructure Protection
In: Computers and Electrical Engineering, vol. 47, pp. 299-317, 2015, ISSN: 0045-7906.
@article{cazorla2015b,
title = {Awareness and Reaction Strategies for Critical Infrastructure Protection},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/cazorla2015b.pdf},
doi = {10.1016/j.compeleceng.2015.08.010},
issn = {0045-7906},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
journal = {Computers and Electrical Engineering},
volume = {47},
pages = {299-317},
publisher = {Elsevier},
abstract = {Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.
Cristina Alcaraz, Sherali Zeadally
Critical Infrastructure Protection: Requirements and Challenges for the 21st Century
In: International Journal of Critical Infrastructure Protection (IJCIP), vol. 8, pp. 53–66, 2015, ISSN: 1874-5482.
@article{alcaraz2015CRI,
title = {Critical Infrastructure Protection: Requirements and Challenges for the 21st Century},
author = {Cristina Alcaraz and Sherali Zeadally},
url = {/wp-content/papers/alcaraz2015CRI.pdf
http://www.sciencedirect.com/science/article/pii/S1874548214000791},
doi = {10.1016/j.ijcip.2014.12.002},
issn = {1874-5482},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
journal = {International Journal of Critical Infrastructure Protection (IJCIP)},
volume = {8},
pages = {53\textendash66},
publisher = {Elsevier Science},
abstract = {Critical infrastructures play a vital role in supporting modern society. The reliability, performance, continuous operation, safety, maintenance and protection of critical infrastructures are national priorities for countries around the world. This paper explores the vulnerabilities and threats facing modern critical infrastructures with special emphasis on industrial control systems, and describes a number of protection measures. The paper also discusses some of the challenging areas related to critical infrastructure protection such as governance and security management, secure network architectures, self-healing, modeling and simulation, wide-area situational awareness, forensics and learning, and trust management and privacy.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Critical infrastructures play a vital role in supporting modern society. The reliability, performance, continuous operation, safety, maintenance and protection of critical infrastructures are national priorities for countries around the world. This paper explores the vulnerabilities and threats facing modern critical infrastructures with special emphasis on industrial control systems, and describes a number of protection measures. The paper also discusses some of the challenging areas related to critical infrastructure protection such as governance and security management, secure network architectures, self-healing, modeling and simulation, wide-area situational awareness, forensics and learning, and trust management and privacy.
Cristina Alcaraz, Javier Lopez
Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection
In: Computer Standards & Interfaces, vol. 36, pp. 501-512, 2014, ISSN: 0920-5489.
@article{alcaraz2013a,
title = {Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcaraz2013a.pdf},
doi = {10.1016/j.csi.2013.10.002},
issn = {0920-5489},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {Computer Standards \& Interfaces},
volume = {36},
pages = {501-512},
publisher = {Elsevier},
abstract = {Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.
Cristina Alcaraz, Javier Lopez
WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids
In: Future Generation Computer Systems, vol. 30, pp. 146-154, 2014, ISSN: 0167-739X.
@article{alcaraz2013b,
title = {WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcaraz2013b.pdf},
doi = {10.1016/j.future.2013.06.030},
issn = {0167-739X},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {Future Generation Computer Systems},
volume = {30},
pages = {146-154},
publisher = {Elsevier},
abstract = {Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.
Javier Lopez, Cristina Alcaraz, Rodrigo Roman
Smart Control of Operational Threats in Control Substations
In: Computers & Security, vol. 38, pp. 14-27, 2013, ISSN: 0167-4048.
@article{1770,
title = {Smart Control of Operational Threats in Control Substations},
author = {Javier Lopez and Cristina Alcaraz and Rodrigo Roman},
url = {/wp-content/papers/1770.pdf
http://www.sciencedirect.com/science/article/pii/S0167404813000588},
doi = {10.1016/j.cose.2013.03.013},
issn = {0167-4048},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
journal = {Computers \& Security},
volume = {38},
pages = {14-27},
publisher = {Elsevier},
abstract = {Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.
Cristina Alcaraz, Sherali Zeadally
Critical Control System Protection in the 21st Century: Threats and Solutions
In: IEEE Computer, vol. 46, no. 10, pp. 74 – 83, 2013, ISSN: 0018-9162.
@article{1762,
title = {Critical Control System Protection in the 21st Century: Threats and Solutions},
author = {Cristina Alcaraz and Sherali Zeadally},
doi = {10.1109/MC.2013.69},
issn = {0018-9162},
year = {2013},
date = {2013-00-01},
urldate = {2013-00-01},
journal = {IEEE Computer},
volume = {46},
number = {10},
pages = {74 - 83},
publisher = {IEEE Computer Society},
abstract = {Information systems, networks, and technologies have become an integral part of modern critical control systems that manage many of today\&$#$x2019;s critical infrastructures. The continuous operation, maintenance, and protection of critical infrastructures have become a high national priority for governments around the world because our society heavily depends on them for most of our daily activities (travel, power usage, banking transactions, telecommunications, etc) and safety. It is therefore critical that these infrastructures have to be protected from potential accidental incidents or cyberattacks. We present the fundamental architectural components of critical control systems which manage most critical infrastructures. We identify some of the vulnerabilities and threats to modern critical control systems followed by protection solutions that can be deployed to mitigate attacks exploiting these vulnerabilities.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Information systems, networks, and technologies have become an integral part of modern critical control systems that manage many of today&$#$x2019;s critical infrastructures. The continuous operation, maintenance, and protection of critical infrastructures have become a high national priority for governments around the world because our society heavily depends on them for most of our daily activities (travel, power usage, banking transactions, telecommunications, etc) and safety. It is therefore critical that these infrastructures have to be protected from potential accidental incidents or cyberattacks. We present the fundamental architectural components of critical control systems which manage most critical infrastructures. We identify some of the vulnerabilities and threats to modern critical control systems followed by protection solutions that can be deployed to mitigate attacks exploiting these vulnerabilities.
Cristina Alcaraz, Rodrigo Roman, Pablo Najera, Javier Lopez
Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things
In: Ad Hoc Networks, vol. 11, pp. 1091–1104, 2013, ISSN: 1570-8705.
@article{1752,
title = {Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things},
author = {Cristina Alcaraz and Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/1752.pdf},
doi = {10.1016/j.adhoc.2012.12.001},
issn = {1570-8705},
year = {2013},
date = {2013-00-01},
urldate = {2013-00-01},
journal = {Ad Hoc Networks},
volume = {11},
pages = {1091\textendash1104},
publisher = {Elsevier},
abstract = {The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.
Cristina Alcaraz, Javier Lopez
Wide-Area Situational Awareness for Critical Infrastructure Protection
In: IEEE Computer, vol. 46, no. 4, pp. 30-37, 2013, ISSN: 0018-9162.
@article{1761,
title = {Wide-Area Situational Awareness for Critical Infrastructure Protection},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1761.pdf
http://doi.ieeecomputersociety.org/10.1109/MC.2013.72},
doi = {10.1109/MC.2013.72},
issn = {0018-9162},
year = {2013},
date = {2013-00-01},
urldate = {2013-00-01},
journal = {IEEE Computer},
volume = {46},
number = {4},
pages = {30-37},
publisher = {IEEE Computer Society},
abstract = {Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions
Sherali Zeadally, Al-Sakib Khan Pathan, Cristina Alcaraz, Mohamad Badra
Towards Privacy Protection in Smart Grid
In: Wireless Personal Communications, vol. 73, pp. 23-50, 2012, ISSN: 0929-6212.
@article{1750,
title = {Towards Privacy Protection in Smart Grid},
author = {Sherali Zeadally and Al-Sakib Khan Pathan and Cristina Alcaraz and Mohamad Badra},
url = {/wp-content/papers/1750.pdf},
doi = {10.1007/s11277-012-0939-1},
issn = {0929-6212},
year = {2012},
date = {2012-11-01},
urldate = {2012-11-01},
journal = {Wireless Personal Communications},
volume = {73},
pages = {23-50},
publisher = {Springer},
abstract = {The smart grid is an electronically controlled electrical grid that connects power generation, transmission, distribution, and consumers using information communication technologies. One of the key characteristics of the smart grid is its support for bi-directional information flow between the consumer of electricity and the utility provider. This two-way interaction allows electricity to be generated in real-time based on consumers’ demands and power requests. As a result, consumer privacy becomes an important concern when collecting energy usage data with the deployment and adoption of smart grid technologies. To protect such sensitive information it is imperative that privacy protection mechanisms be used to protect the privacy of smart grid users. We present an analysis of recently proposed smart grid privacy solutions and identify their strengths and weaknesses in terms of their implementation complexity, efficiency, robustness, and simplicity.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The smart grid is an electronically controlled electrical grid that connects power generation, transmission, distribution, and consumers using information communication technologies. One of the key characteristics of the smart grid is its support for bi-directional information flow between the consumer of electricity and the utility provider. This two-way interaction allows electricity to be generated in real-time based on consumers’ demands and power requests. As a result, consumer privacy becomes an important concern when collecting energy usage data with the deployment and adoption of smart grid technologies. To protect such sensitive information it is imperative that privacy protection mechanisms be used to protect the privacy of smart grid users. We present an analysis of recently proposed smart grid privacy solutions and identify their strengths and weaknesses in terms of their implementation complexity, efficiency, robustness, and simplicity.
Cristina Alcaraz, Javier Lopez, Rodrigo Roman, Hsiao-Hwa Chen
Selecting key management schemes for WSN applications
In: Computers & Security, vol. 31, no. 38, pp. 956–966, 2012, ISSN: 0167-4048.
@article{AlcarazR2012,
title = {Selecting key management schemes for WSN applications},
author = {Cristina Alcaraz and Javier Lopez and Rodrigo Roman and Hsiao-Hwa Chen},
url = {/wp-content/papers/AlcarazR2012.pdf
http://www.sciencedirect.com/science/article/pii/S0167404812001034},
doi = {10.1016/j.cose.2012.07.002},
issn = {0167-4048},
year = {2012},
date = {2012-11-01},
urldate = {2012-11-01},
journal = {Computers \& Security},
volume = {31},
number = {38},
pages = {956\textendash966},
publisher = {Elsevier},
abstract = {Key management in wireless sensor networks (WSN) is an active research topic. Due to the fact that a large number of key management schemes (KMS) have been proposed in the literature, it is not easy for a sensor network designer to know exactly which KMS best fits in a particular WSN application. In this article, we offer a comprehensive review on how the application requirements and the properties of various key management schemes influence each other. Based on this review, we show that the KMS plays a critical role in determining the security performance of a WSN network with given application requirements. We also develop a method that allows the network designers to select the most suitable KMS for a specific WSN network setting. In addition, the article also addresses the issues on the current state-of-the-art research on the KMS for homogeneous (i.e. non-hierarchical) networks to provide solutions for establishing link-layer keys in various WSN applications and scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Key management in wireless sensor networks (WSN) is an active research topic. Due to the fact that a large number of key management schemes (KMS) have been proposed in the literature, it is not easy for a sensor network designer to know exactly which KMS best fits in a particular WSN application. In this article, we offer a comprehensive review on how the application requirements and the properties of various key management schemes influence each other. Based on this review, we show that the KMS plays a critical role in determining the security performance of a WSN network with given application requirements. We also develop a method that allows the network designers to select the most suitable KMS for a specific WSN network setting. In addition, the article also addresses the issues on the current state-of-the-art research on the KMS for homogeneous (i.e. non-hierarchical) networks to provide solutions for establishing link-layer keys in various WSN applications and scenarios.
Cristina Alcaraz, Carmen Fernandez-Gago, Javier Lopez
An Early Warning System based on Reputation for Energy Control Systems
In: IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 827-834, 2011, ISSN: 1949-3053.
@article{Alcaraz2011,
title = {An Early Warning System based on Reputation for Energy Control Systems},
author = {Cristina Alcaraz and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Alcaraz2011.pdf},
doi = {10.1109/TSG.2011.2161498},
issn = {1949-3053},
year = {2011},
date = {2011-11-01},
urldate = {2011-11-01},
journal = {IEEE Transactions on Smart Grid},
volume = {2},
number = {4},
pages = {827-834},
publisher = {IEEE},
abstract = {Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario. keywords = Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario. keywords = Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.