1,721,010 research outputs found
EVExchange: A Relay Attack on Electric Vehicle Charging System
Full text linkTo support the increasing spread of Electric Vehicles (EVs), Charging
Stations (CSs) are being installed worldwide. The new generation of CSs employs
the Vehicle-To-Grid (V2G) paradigm by implementing novel standards such as the
ISO 15118. This standard enables high-level communication between the vehicle
and the charging column, helps manage the charge smartly, and simplifies the
payment phase. This novel charging paradigm, which connects the Smart Grid to
external networks (e.g., EVs and CSs), has not been thoroughly examined yet.
Therefore, it may lead to dangerous vulnerability surfaces and new research
challenges.
In this paper, we present EVExchange, the first attack to steal energy during
a charging session in a V2G communication: i.e., charging the attacker's car
while letting the victim pay for it. Furthermore, if reverse charging flow is
enabled, the attacker can even sell the energy available on the victim's car!
Thus, getting the economic profit of this selling, and leaving the victim with
a completely discharged battery. We developed a virtual and a physical testbed
in which we validate the attack and prove its effectiveness in stealing the
energy. To prevent the attack, we propose a lightweight modification of the ISO
15118 protocol to include a distance bounding algorithm. Finally, we validated
the countermeasure on our testbeds. Our results show that the proposed
countermeasure can identify all the relay attack attempts while being
transparent to the user.Comment: 20 pages, 6 figure
Identity-Based Authentication for On-Demand Charging of Electric Vehicles
No full textDynamic wireless power transfer provides a means for charging Electric Vehicles (EVs) while driving, avoiding stopping to charge and hence fostering their widespread adoption. Researchers have devoted much effort over the last decade to providing a reliable infrastructure for potential users to improve their comfort and time management. Due to the severe security and performance system requirements, the different schemes proposed in the last years lack a unified protocol involving the modern architecture model with merged authentication and billing processes. Furthermore, they require the continuous interaction of the trusted entity during the process, increasing the delay in communication and reducing security due to a large number of message exchanges. This article proposes a secure, computationally lightweight, unified protocol for fast authentication and billing that provides on-demand dynamic charging to deal with all the computational and security comprehensively with additional usability for the customers. The protocol employs an ID-based public encryption scheme to manage mutual authentication and pseudonyms to preserve the user's identity across multiple charging processes. Compared to state-of-the-art authentication protocols, our proposal provides on-demand service and public critical infrastructure security without impacting performances with around 7 ms, close to the most straightforward scheme available
BARON: Base-Station Authentication Through Core Network for Mobility Management in 5G Networks
Full text linkFifth-generation (5G) cellular communication networks are being deployed on applications beyond mobile devices, including vehicular networks and industry automation. Despite their increasing popularity, 5G networks, as defined by the Third Generation Partnership Project (3GPP), have been shown to be vulnerable against fake base station (FBS) attacks. An adversary carrying out an FBS attack emulates a legitimate base station by setting up a rogue base station. This enables the adversary to control the connection of any user equipment that (inadvertently) connects with the rogue base station. Such an adversary can gather sensitive information belonging to the user. While there is a large body of work focused on the development of tools to detect FBSs, the user equipment will continue to remain vulnerable to an FBS attack. In this paper, we propose BARON, a defense methodology to enable user equipment to determine whether a target base station that it is connecting to is legitimate or rogue. BARON accomplishes this by ensuring that the user receives an authentication token from the target base station which can be computed only by a legitimate and trusted entity. As a consequence, receiving such an authentication token from a base station ensures legitimacy of the base station. We evaluate BARON through extensive experiments on the handover process between base stations in 5G networks. Our experimental results show that BARON introduces an overhead of less than 1% during handover completion, which is 10000× lower than the overhead reported by a state-of-the-art method. BARON is also effective in thwarting an FBS attack and quickly recovering connection to a legitimate base station. Cyber Securit
Despicable Me(ter): Anonymous and Fine-grained Metering Data Reporting with Dishonest Meters
No full text
QEVSEC: Quick Electric Vehicle SEcure Charging via Dynamic Wireless Power Transfer
Full text linkDynamic Wireless Power Transfer (DWPT) can be used for on-demand recharging
of Electric Vehicles (EV) while driving. However, DWPT raises numerous security
and privacy concerns. Recently, researchers demonstrated that DWPT systems are
vulnerable to adversarial attacks. In an EV charging scenario, an attacker can
prevent the authorized customer from charging, obtain a free charge by billing
a victim user and track a target vehicle. State-of-the-art authentication
schemes relying on centralized solutions are either vulnerable to various
attacks or have high computational complexity, making them unsuitable for a
dynamic scenario. In this paper, we propose Quick Electric Vehicle SEcure
Charging (QEVSEC), a novel, secure, and efficient authentication protocol for
the dynamic charging of EVs. Our idea for QEVSEC originates from multiple
vulnerabilities we found in the state-of-the-art protocol that allows tracking
of user activity and is susceptible to replay attacks. Based on these
observations, the proposed protocol solves these issues and achieves lower
computational complexity by using only primitive cryptographic operations in a
very short message exchange. QEVSEC provides scalability and a reduced cost in
each iteration, thus lowering the impact on the power needed from the grid.Comment: 6 pages, conferenc
LineSwitch: Tackling Control Plane Saturation Attacks in Software-Defined Networking.
No full textSoftware defined networking (SDN) is a new networking paradigm that in recent years has revolutionized network architectures. At its core, SDN separates the data plane, which provides data forwarding functionalities, and the control plane, which implements the network control logic. The separation of these two components provides a virtually centralized point of control in the network, and at the same time abstracts the complexity of the underlying physical infrastructure. Unfortunately, while promising, the SDN approach also introduces new attacks and vulnerabilities. Indeed, previous research shows that, under certain traffic conditions, the required communication between the control and data plane can result in a bottleneck. An attacker can exploit this limitation to mount a new, network-wide, type of denial of service attack, known as the control plane saturation attack. This paper presents LineSwitch, an efficient and effective data plane solution to tackle the control plane saturation attack. LineSwitch employs probabilistic proxying and blacklisting of network traffic to prevent the attack from reaching the control plane, and thus preserve network functionality. We implemented LineSwitch as an extension of the reference SDN implementation, OpenFlow, and run a thorough set of experiments under different traffic and attack scenarios. We compared LineSwitch to the state of the art, and we show that it provides at the same time, the same level of protection against the control plane saturation attack, and a reduced time overhead by up to 30%
LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks.
No full textSoftware Defined Networking (SDN) is a new networking architecture that aims to provide better decoupling between network control (control plane) and data forwarding functionalities (data plane). This separation introduces several benefits, such as a directly programmable and (virtually) centralized network control. However, researchers showed that the required communication channel between the control and data plane of SDN creates a potential bottleneck in the system, introducing new vulnerabilities. Indeed, this behavior could be exploited to mount powerful attacks, such as the control plane saturation attack, that can severely hinder the performance of the whole network. In this paper we present LineSwitch, an efficient and effective solution against control plane saturation attack. LineSwitch combines SYN proxy techniques and probabilistic blacklisting of network traffic. We implemented LineSwitch as an extension of OpenFlow, the current reference implementation of SDN, and evaluate our solution considering different traffic scenarios (with and without attack). The results of our preliminary experiments confirm that, compared to the state-of-the-art, LineSwitch reduces the time overhead up to 30%, while ensuring the same level of protection. Copyright © 2015 ACM
Analysis of Reward Strategy and Transaction Selection in Bitcoin Block Generation
Full text linkThesis (Master's)--University of Washington, 2015Bitcoin was introduced back in 2009 and since then, much investment and research have focused on it. Key topics such as system vulnerabilities or the economic implications of leveraging an electronic currency have been widely examined. Other investigations have centered in analyzing specific parts of the system. Specifically, some work has focused on one of the key entities of the system, namely the miners, their activity and profitability. We extend this line of work to include transaction fees chosen by clients by presenting a complete analysis of the transaction fees and the implications for both the users of the system and the miners. In order to do so, we define specific models for clients, miners and the underlying peer-to-peer network based on observations made after analyzing historical data. Given this information, we examine the problem of choosing fees to pay for issuing a transaction and the selection of transactions added to a block by miners. We conclude that current strategies should be refined to address the expected growth in use in order to protect the long term sustainability of the system
- …
