@article {1752, title = {Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things}, journal = {Ad Hoc Networks}, volume = {11}, year = {2013}, month = {2013}, pages = {1091{\textendash}1104}, publisher = {Elsevier}, abstract = {

The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.

}, keywords = {Industrial Control Networks, Internet of Things, Supervisory Control and Data Acquisition (SCADA) Systems, The Internet, wireless sensor networks}, issn = {1570-8705}, doi = {http://dx.doi.org/10.1016/j.adhoc.2012.12.001}, author = {Cristina Alcaraz and Rodrigo Roman and Pablo Najera and Javier Lopez} } @article {1770, title = {Smart Control of Operational Threats in Control Substations}, journal = {Computers \& Security}, volume = {38}, year = {2013}, month = {OCT 2013}, pages = {14-27}, publisher = {Elsevier}, abstract = {

Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in\ this paper we propose a smart response mechanism that controls human operators{\textquoteright} operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical\ infrastructures, on reputation for controlling human operators{\textquoteright} actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.

}, keywords = {Digital Economy, Energy Control Systems, Reputation, security, Smart grids, wireless sensor networks}, issn = {0167-4048}, doi = {https://doi.org/10.1016/j.cose.2013.03.013}, url = {http://www.sciencedirect.com/science/article/pii/S0167404813000588}, author = {Javier Lopez and Cristina Alcaraz and Rodrigo Roman} } @article {Galindo2010, title = {On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks}, journal = {Wireless Communications and Mobile Computing}, volume = {12}, year = {2012}, month = {Jan 2012}, pages = {133-143}, publisher = {Wiley}, abstract = {

Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).

}, keywords = {identity-based key agreement, key distribution, pairings, underwater wireless sensor networks, wireless sensor networks}, issn = {1530-8669}, doi = {10.1002/wcm.894}, url = {http://dx.doi.org/10.1002/wcm.894}, author = {David Galindo and Rodrigo Roman and Javier Lopez} } @inproceedings {Roman2008b, title = {KeyLED - Transmitting Sensitive Data over out-of-band Channels in Wireless Sensor Networks}, booktitle = {5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS{\textquoteright}08)}, year = {2008}, month = {September}, pages = {796-801}, publisher = {IEEE}, organization = {IEEE}, address = {Atlanta (USA)}, abstract = {

An out-of-band (OoB) channel can be defined as an extra channel, different from the main wireless channel, that has additional security properties. They are specially suitable for protecting spontaneous interactions and exchanging sensitive data between previously unknown devices. Due to the vulnerable nature of wireless sensor networks (WSN), these kind of channels might be useful for protecting certain sensor network operations. In this paper we analyze the applicability of out-of-band channels to wireless sensor networks, and specify why an optical channel should be a good candidate for implementing an extra channel in sensor nodes. Also, we analyze how the existing security threats may affect this type of channel. Finally, the suitability and usability of optical channels for sensor networks is demonstrated by means of a prototype.

}, keywords = {Out-of-Band Channel, security, wireless sensor networks}, isbn = {978-1-4244-2574-7}, doi = {10.1109/MAHSS.2008.4660128}, author = {Rodrigo Roman and Javier Lopez} } @inproceedings {Roman2007b, title = {Applicability of Public Key Infrastructures in Wireless Sensor Networks}, booktitle = {European PKI Workshop: Theory and Practice (EuroPKI{\textquoteright}07)}, series = {LNCS}, volume = {4582}, year = {2007}, month = {June}, pages = {313-320}, publisher = {Springer}, organization = {Springer}, address = {Mallorca (Spain)}, abstract = {

Wireless Sensor Networks (WSN) are becoming a key technology in the support of pervasive and ubiquitous services. The previous notion of PKC is too expensive for WSN has changed partially due to the existence of new hardware and software prototypes based on Elliptic Curve Cryptography and other PKC primitives. Then, it is necessary to analyze whether it is both feasible and convenient to have a Public Key Infrastructure for sensor networks that would allow the creation of PKC-based services like Digital Signatures.

}, keywords = {Public Key Cryptography, Public Key Infrastructure, wireless sensor networks}, isbn = {978-3-540-73407-9}, issn = {0302-9743 (Print) 1611-3349 (Online)}, doi = {10.1007/978-3-540-73408-6_22}, url = {http://www.springerlink.com/content/q4l10ww348010131/}, author = {Rodrigo Roman and Cristina Alcaraz} } @incollection {Lopez2007, title = {On the Protection and Technologies of Critical Information Infrastructures.}, booktitle = {On Foundations of Security Analysis and Design IV, FOSAD 2006/2007, Springer}, series = {LNCS}, volume = {4677}, year = {2007}, note = {

10.1007/978-3-540-74810-6_6

}, pages = {160-182}, abstract = {

Critical Infrastructures are complex and highly interconnected systems that are crucial for the well-being of the society. Any type of failure can cause significant damage, affecting one or more sectors due to their inherent interdependency. Not only the infrastructures are critical, but also the information infrastructures that manage, control and supervise them. Due to the seriousness of the consequences, the protection of these critical (information) infrastructures must have the highest priority. It is the purpose of this book chapter to review and discuss about these infrastructures, to explain their elements, and to highlight their research and development issues. This chapter will also discuss the role of Wireless Sensor Network (WSN) technology in the protection of these infrastructures.

}, keywords = {Critical Information Infrastructure Protection, wireless sensor networks}, issn = {0302-9743}, doi = {10.1007/978-3-540-74810-6_6}, url = {http://dx.doi.org/10.1007/978-3-540-74810-6_6}, author = {Javier Lopez and Cristina Alcaraz and Rodrigo Roman} } @article {Roman2007a, title = {The Role of Wireless Sensor Networks in the Area of Critical Information Infrastructure}, journal = {Information Security Technical Report}, volume = {12}, number = {1}, year = {2007}, pages = {24-31}, publisher = {Elsevier}, abstract = {

Critical Infrastructures, such as energy, banking, and transport, are an essential pillar to the well-being of the national and international economy, security and quality of life. These infrastructures are dependent on a spectrum of highly interconnected information infrastructures for their smooth, reliable and continuous operation. The field of protecting such Critical Information Infrastructures, or CIIP, faces numerous challenges, such as managing the secure interaction between peers, assuring the resilience and robustness of the overall system, and deploying warning and alert systems, amongst others. In this tapestry of CIIP, Wireless Sensor Networks can be used as an invaluable tool due to their intelligent distributed control capabilities, alongside with their capability to work under severe conditions. In this paper, we justify why Wireless Sensor Networks technology is suitable for providing security for these scenarios, describing both their advantages and research issues and their role in the overall scheme of protecting the Critical Information Infrastructures.

}, keywords = {Critical Information Infrastructure Protection, Network Security, wireless sensor networks}, issn = {1363-4127}, doi = {10.1016/j.istr.2007.02.003}, url = {http://www.sciencedirect.com/science/article/B6VJC-4N6NK24-1/2/b1462973afe70af30a10b955d96ccbb6}, author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez} }