Wide Area Measurement Systems (WAMS) use an underlying communication network to collect and analyze data from devices in the power grid, aimed to improve grid operations. For WAMS to be effective, the communication network needs to support low packet latency and low packet losses. Internet Protocol (IP), the pervasive technology used in today’s communication networks uses loop-free best-paths for data forwarding, which increases the load on these paths causing delays and losses in delivery. Information-Centric Networking (ICN), a new networking paradigm, designed to enable a data-centric information sharing, natively supports the concurrent use of multiple transmission interfaces, in-networking caching, as well as per-packet security and can provide better application support. In this paper, we present , an ICN-based network architecture for wide area smart grid communications. We demonstrate through simulations that achieves low latency and 100% data delivery even during network congestion by leveraging multiple available paths; thus significantly improving communication resiliency in comparison to an IP-based approach. can be used immediately on today’s Internet as an overlay.
more »
« less
Security, Privacy, and Access Control in Information-Centric Networking: A Survey
Information-centric networking (ICN) replaces the widely used host-centric networking paradigm in communication networks (e.g., Internet and mobile ad hoc networks) with an information-centric paradigm, which prioritizes the delivery of named content, oblivious of the contents' origin. Content and client security, provenance, and identity privacy are intrinsic by design in the ICN paradigm as opposed to the current host centric paradigm where they have been instrumented as an afterthought. However, given its nascency, the ICN paradigm has several open security and privacy concerns. In this paper, we survey the existing literature in security and privacy in ICN and present open questions. More specifically, we explore three broad areas: 1) security threats; 2) privacy risks; and 3) access control enforcement mechanisms. We present the underlying principle of the existing works, discuss the drawbacks of the proposed approaches, and explore potential future research directions. In security, we review attack scenarios, such as denial of service, cache pollution, and content poisoning. In privacy, we discuss user privacy and anonymity, name and signature privacy, and content privacy. ICN's feature of ubiquitous caching introduces a major challenge for access control enforcement that requires special attention. We review existing access control mechanisms including encryption-based, attribute-based, session-based, and proxy re-encryption-based access control schemes. We conclude the survey with lessons learned and scope for future work.
more »
« less
- Award ID(s):
- 1719342
- NSF-PAR ID:
- 10075603
- Date Published:
- Journal Name:
- IEEE Communications surveys and tutorials
- Volume:
- 20
- Issue:
- 1
- ISSN:
- 1553-877X
- Page Range / eLocation ID:
- 566 - 600
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Pervasive IoT applications enable us to perceive, analyze, control, and optimize the traditional physical systems. Recently, security breaches in many IoT applications have indicated that IoT applications may put the physical systems at risk. Severe resource constraints and insufficient security design are two major causes of many security problems in IoT applications. As an extension of the cloud, the emerging edge computing with rich resources provides us a new venue to design and deploy novel security solutions for IoT applications. Although there are some research efforts in this area, edge-based security designs for IoT applications are still in its infancy. This paper aims to present a comprehensive survey of existing IoT security solutions at the edge layer as well as to inspire more edge-based IoT security designs. We first present an edge-centric IoT architecture. Then, we extensively review the edge-based IoT security research efforts in the context of security architecture designs, firewalls, intrusion detection systems, authentication and authorization protocols, and privacy-preserving mechanisms. Finally, we propose our insight into future research directions and open research issues.more » « less
-
Named Data Networking (NDN) is a prominent realization of the vision of Information-Centric Networking. The NDN architecture adopts name-based routing and location-independent data retrieval. Among other important features, NDN integrates security mechanisms and focuses on protecting the content rather than the communications channels. Along with a new architecture come new threats and NDN is no exception. NDN is a potential target for new network attacks such as Interest Flooding Attacks (IFAs). Attackers take advantage of IFA to launch (D)DoS attacks in NDN. Many IFA detection and mitigation solutions have been proposed in the literature. However, there is no comprehensive review study of these solutions that has been proposed so far. Therefore, in this paper, we propose a survey of the various IFAs with a detailed comparative study of all the relevant proposed solutions as counter-measures against IFAs. We also review the requirements for a complete and efficient IFA solution and pinpoint the various issues encountered by IFA detection and mitigation mechanisms through a series of attack scenarios. Finally, in this survey, we offer an analysis of the open issues and future research directions regarding IFAs.more » « less
-
Abstract—Internet of Things (IoT) has become a pervasive and diverse concept in recent years. IoT applications and services have given rise to a number of sub-fields in the IoT space. Wearable technology, with its particular set of characteristics and application domains, has formed a rapidly growing subfield of IoT, viz., Wearable Internet of Things (WIoT). While numerous wearable devices are available in the market today, security and privacy are key factors for wide adoption of WIoT. Wearable devices are resource constrained by nature with limited storage, power, and computation. A Cloud-Enabled IoT (CEIoT) architecture, a dominant paradigm currently shaping the industry and suggested by many researchers, needs to be adopted for WIoT. In this paper, we develop an access control framework for cloud-enabled WIoT (CEWIoT) based on the Access Control Oriented (ACO) architecture recently developed for CEIoT in general. We first enhance the ACO architecture from the perspective of WIoT by adding an Object Abstraction Layer, and then develop our framework based on interactions between different layers of this enhanced ACO architecture. We present a general classification and taxonomy of IoT devices, along with brief introduction to various application domains of IoT and WIoT. We then present a remote health and fitness monitoring use case to illustrate different access control aspects of our framework and outline its possible enforcement in a commercial CEIoT platform, viz., AWS IoT. Finally, we discuss the objectives of our access control framework and relevant open problems.more » « less
-
more » « less
Abstract Mobile social network (MSN) offers a new perspective on mobile ad hoc communication since its routing principle is based on the human social relations. Although social‐based routing can improve routing efficiency considerably, obtaining such social information is difficult to be achieved. In information‐centric networking (ICN), content names reveal useful social information among users. In addition, each node stores and caches the received content to satisfy the forthcoming content requests in ICN due to in‐network caching. In this work, the proposed MSN routing relies on named data networking, which is a well‐known ICN paradigm. By the communities, which are detected based on users' interest preferences, an interest packet is delivered to the content provider based on the interest similarities among mobile users. Then, by communities, which are detected based on the nodes' encounter regularities, a data packet is returned to the interest requester according to the social relationships among mobile users. The content is cached at nodes according to both social and interest communities. Experiments and performance evaluations show that the proposed scheme has better message delivery ratio and lower network overhead than the other existing ones.
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1109/COMST.2017.2749508
