• Save
North American collaborations via INSPIRE/MASSIF
Upcoming SlideShare
Loading in...5
×
 

North American collaborations via INSPIRE/MASSIF

on

  • 886 views

INSPIRE INCO was supported via a complex funding scheme across funding bodies (NSF, EU) but made possible e.g. to have access to critical power data from the US and compare with EU. It led to a ...

INSPIRE INCO was supported via a complex funding scheme across funding bodies (NSF, EU) but made possible e.g. to have access to critical power data from the US and compare with EU. It led to a follow-up project MASSIF, where representatives attended the Canada-EU Future Internet Workshop and Bell Canada has now officially joined MASSIF Advisory Board, and is actively contributing to the project.

Statistics

Views

Total Views
886
Views on SlideShare
703
Embed Views
183

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 183

http://sofi-project.eu 182
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    North American collaborations via INSPIRE/MASSIF North American collaborations via INSPIRE/MASSIF Presentation Transcript

    • North American collaborations viaINSPIRE/MASSIFLuigi RomanoCINI (Consorzio Interuniversitario Nazionale perl’Informatica)luigi.romano@uniparthenope.it Internet of Services 2011: Collaboration meeting for FP7 projects International Collaboration session Brussels September 29, 2011
    • Roadmap Evidence that Critical Infrastructures (CIs) are vulnerable to cyber-attacks Focus on Power Grids, but true in general How we combined detection, diagnosis, and remediation for protecting CIs from cyber-attacks The INSPIRE project Our experience with International cooperation initiatives The INSPIRE INCO project Collaboration objectives The MASSIF project Contact Info
    • Evidencethat Critical Infrastructuresare vulnerable to cyber-attacks
    • Basic Concepts Power Grid (tentative definition): an interconnected network for delivering electricity from suppliers to consumers, which is synchronous with a given phase Phasor: complex number that represents both the magnitude and the phase angle of the sine waves found in electricity Synchro-Phasors: phasor measurements that occur at the same time Phasor Measurement Unit (PMU): device which collects Synchro-Phasors to determine the health of the power grid (using a GPS radio clock)
    • Results in a nutshell 1 Administrator 2 4 LANPower Synchro Phasor Phasor Grid device 3 Data Concentrator 1) Password Eavesdropping 2) Weak Policies on Password selection/maintenance, device fingerprinting possible (and relatively easy) 3) Unreliable channels (wrt both integrity and availability) 4) Poor input validation
    • Security Analysis of a commercial Synchro-Phasor - Passwords Password Management Multilevel Security: 0, 1, B, P, A, O, 2, C After a pre-defined time, security level is downgraded to 0 (def. 5 min) Security evaluation results Default passwords are simple and can be found in most common dictionaries No constraints for password selection All levels can share the same password No aging mechanism All passwords can be manually reset
    • Security Analysis of a commercial Synchro-Phasor - Communication Communications are in clear: ftp, telnet, IEEE C37.118, proprietary protocols Passwords can be easily intercepted Data can be easily intercepted Data can be altered 0000 00 30 a7 02 1c 52 00 1d 92 9c 23 7c 08 00 45 00 .0...R....#|..E. 0010 00 29 15 2b 40 00 80 06 62 50 c0 a8 01 01 c0 a8 .).+@...bP...... 0020 01 02 04 76 00 17 a8 64 9c b4 11 74 59 af 50 18 ...v...d...tY.P. 0030 00 fe 22 b0 00 00 54 .."...T 0000 00 30 a7 02 1c 52 00 1d 92 9c 23 7c 08 00 45 00 .0...R....#|..E. 0010 00 29 15 2e 40 00 80 06 62 4d c0 a8 01 01 c0 a8 .)..@...bM...... 0020 01 02 04 76 00 17 a8 64 9c b5 11 74 59 b0 50 18 ...v...d...tY.P. 0030 00 fe 35 ae 00 00 41 ..5...A 0000 00 30 a7 02 1c 52 00 1d 92 9c 23 7c 08 00 45 00 .0...R....#|..E. 0010 00 29 15 2f 40 00 80 06 62 4c c0 a8 01 01 c0 a8 .)./@...bL...... 0020 01 02 04 76 00 17 a8 64 9c b6 11 74 59 b1 50 18 ...v...d...tY.P. 0030 00 fe 2d ac 00 00 49 ..-...I 0000 00 30 a7 02 1c 52 00 1d 92 9c 23 7c 08 00 45 00 .0...R....#|..E. 0010 00 29 15 31 40 00 80 06 62 4a c0 a8 01 01 c0 a8 .).1@...bJ...... 0020 01 02 04 76 00 17 a8 64 9c b7 11 74 59 b2 50 18 ...v...d...tY.P. 0030 00 fe 2a aa 00 00 4c ..*...L
    • SQL Injection attack to an Open Source PDCprotected override void ProcessMeasurements(IMeasurement[] measurement { foreach (IMeasurement measurement in measurements) { // Create the command string to insert the measurement as a record in the table. StringBuilder commandString = new StringBuilder ("INSERT INTO Measurement VALUES ("); commandString.Append (measurement.SignalID); commandString.Append (","); commandString.Append ((long)measurement.Timestamp); commandString.Append (","); commandString.Append (measurement.AdjustedValue); commandString.Append ()); MySqlCommand command = new MySqlCommand (commandString.ToString(), m_connection); command.ExecuteNonQuery(); } m_measurementCount += measurements.Length; }
    • If you don’t trust me ... then trust them
    • How we combined detection,diagnosis, and remediation forprotecting CIs from cyber-attacks
    • Typical architecture of aSCADA system
    • A bird’s eye view of INSPIRE Peer-to-peer overlays P2P MPLS Wireless Sensor Networks Offline Security Framework
    • INSPIRE main results Analyzed vulnerabilities which affect SCADA systems Analyzed dependencies between CIs and the underlying communication networks Designed a self-reconfigurable architecture, suited for SCADA systems Developed diagnosis and recovery techniques, suited for SCADA systems Provided SCADA traffic with Quality of Service (QoS) guarantees
    • Our experience withInternational cooperationinitiatives
    • INSPIRE-INCO in a nutshell Proposal: 248737 Acronym: INSPIRE-International (Cooperation) Program: FP7 Call: FP7-ICT-2009-4 Funding scheme: Small or medium-scale focused research project -STREP - CP-FP-INFSO Duration: 12 months (October 1, 2009 - September 30, 2010) Activity: ICT-4-9.2 - Supplements to support International Cooperation between ongoing projects
    • The Consortium Europe (INSPIRE): CINI, Consorzio Interuniversitario Nazionale per l’Informatica - Coordinator (Italy) TUD, Technical University of Darmstadt (Germany) ITTI, ITTI Sp.zo.o. (Poland) http://www.inspire-strep.eu/ US (GridStat): WSU, Washington State University (USA) http://www.gridstat.net/
    • The Funding Scheme Funding for International Funding for Research:Funding for Research: Cooperation: EC Grant 225553 NSF Grant 0326006 Extension to NSF Grant 0326006 Funding for Mobility: EC Grant 248737
    • Mutual Benefits – Sharing Data INSPIRE Experimental Testbed
    • Mutual Benefits – SharingExperiences
    • Mutual Benefits – Sharing Ideas
    • The MASSIF project Multi-domainparallel-running Alert and reaction processes Highly-scalable, dependable and Predictive security analysis generation multi-level event collection Actions and Counter- measuresOlympic Games Trustworthy event collection Multi-level security event modeling Languages Security analysis and EVENTS POLICIES notification Mobile moneytransfer service RELATIONS REACTIONS Multi-level event Process and attack correlation simulation Resilient framework CI Process architecture Control (Dam) Security-aware processes ManagedEnterprise Service Event and Event, Process Models and Infrastructures Information Collection Attack Models Resilient event processing and integration Scenarios Prototypes Advanced SIEM Framework
    • Collaboration Status Luigi Romano and Salvatore DAntonio, participated in the "Trustworthy Networks and Services" session on March 24th with two talks, titled "Detection, Diagnosis, and Remediation: Three Pillars for Protecting Critical Infrastructures from Cyber- Attacks" and "Effective Countermeasures Against Emerging Threats in the Future Internet" . Bell Canada has shown great interest in the MASSIF Project and Craig Gibson (Senior Security Advisor) joined the MASSIF Technical Advisory Board
    • Collaboration Status Craig Gibson Proposed potential use cases for the MASSIF project: Craig Gibson participated MASSIF EB Meeting in Naples 14-15 September providing early feedbacks about the project and proposing to extend the scope of MASSIF to wireless, wireline, video and mobile applications.
    • Collaborations Plan Among the scenarios proposed by Bell Canada we plan to investigate the consequences of GPS spoofing against Synchrophasor devices. GPS satelliteGPS spoofer GPS receiver Internet SyncroPhasor DB
    • Contact Info
    • More InfoLuigi Romano luigi.romano@uniparthenope.it The Fault and Intrusion Tolerant Networked SystemS (FITNESS) research group Web site:http://www.dit.uniparthenope.it/FITNESS/The INSPIRE and INSPIRE INCO project Web sites: http://www.inspire-strep.eu http://www.inspire-inco.eu/ The MASSIF project Web site: http://www.massif-project.eu