Search for: All records

The current centralized model of the electricity market is not efficient in performing distributed energy transactions required for the transactive smart grid. One of the prominent solutions to this issue is to integrate blockchain technologies, which promise transparent, tamper-proof, and secure transaction systems specifically suitable for the decentralized and distributed energy markets. Blockchain has already been shown to successfully operate in a microgrid peer-to-peer (P2P) energy market. The prime determinant of different blockchain implementations is the consensus algorithm they use to reach consensus on which blocks/transactions to accept as valid in a distributed environment. Although different blockchain implementations have been proposed independently for P2P energy market in the microgrid, quantitative experimental analyses and comparison of the consensus algorithms that the different blockchains may use for energy markets, has not been studied. Identifying the right consensus algorithm to use is essential for scalability and operation of the energy market. To this end, we evaluate three popular consensus algorithms: (i) proof of work (PoW), (ii) proof of authority (PoA), and (iii) Istanbul Byzantine fault tolerance (IBFT), running them on a network of nodes set up using a network of docker nodes to form a microgrid energy market. Using a series of double auctions, we assess each algorithm’s viability using different metrics, such as time to reach consensus and scalability. The results indicate that PoA is the most efficient and scalable consensus algorithm to hold double auctions in the smart grid. We also identified the minimum hardware specification necessary for devices such as smart meters, which may run these consensus algorithms. 

With the proliferation of smart and connected mobile, wireless devices at the edge, Distributed Denial of Service (DDoS) attacks are increasing. Weak security, improper commissioning, and the fast, non-standardized growth of the IoT industry are the major contributors to the recent DDoS attacks, e.g., Mirai Botnet attack on Dyn and Memcached attack on GitHub. Similar to UDP/TCP flooding (common DDoS attack vector), request flooding attack is the primary DDoS vulnerability in the Named-Data Networking (NDN) architecture.In this paper, we propose PERSIA, a distributed request flooding prevention and mitigation framework for NDN-enabled ISPs, to ward-off attacks at the edge. PERSIA's edge-centric attack prevention mechanism eliminates the possibility of successful attacks from malicious end hosts. In the presence of compromised infrastructure (routers), PERSIA dynamically deploys an in-network mitigation strategy to minimize the attack's magnitude. Our experimentation demonstrates PERSIA's resiliency and effectiveness in preventing and mitigating DDoS attacks while maintaining legitimate users' quality of experience (> 99.92% successful packet delivery rate). 

Reputation systems, designed to remedy the lack of information quality and assess credibility of information sources, have become an indispensable component of many online systems. A typical reputation system works by tracking all information originating from a source, and the feedback to the information with its attribution to the source. The tracking of information and the feedback, though essential, could violate the privacy of users who provide the information and/or the feedback, which could both cause harm to the users' online well-being, and discourage them from participation. Anonymous reputation systems have been designed to protect user privacy by ensuring anonymity of the users. Yet, current anonymous reputation systems suffer from several limitations, including but not limited to a)lack of support for core functionalities such as feedback update, b) lack of protocol efficiency for practical deployment, and c) reliance on a fully trusted authority. This paper proposes EARS, an anonymous reputation system that ensures user anonymity while supporting all core functionalities (including feedback update) of a reputation system both efficiently and practically, and without the need of a fully trusted central authority. We present security analysis of EARS against multiple types of attacks that could potentially violate user anonymity, such as feedback duplication, bad mouthing, and ballot stuffing. We also present evaluation of the efficiency and scalability of our system based on implementations. 

Information-centric networking (ICN) replaces the widely used host-centric networking paradigm in communication networks (e.g., Internet and mobile ad hoc networks) with an information-centric paradigm, which prioritizes the delivery of named content, oblivious of the contents' origin. Content and client security, provenance, and identity privacy are intrinsic by design in the ICN paradigm as opposed to the current host centric paradigm where they have been instrumented as an afterthought. However, given its nascency, the ICN paradigm has several open security and privacy concerns. In this paper, we survey the existing literature in security and privacy in ICN and present open questions. More specifically, we explore three broad areas: 1) security threats; 2) privacy risks; and 3) access control enforcement mechanisms. We present the underlying principle of the existing works, discuss the drawbacks of the proposed approaches, and explore potential future research directions. In security, we review attack scenarios, such as denial of service, cache pollution, and content poisoning. In privacy, we discuss user privacy and anonymity, name and signature privacy, and content privacy. ICN's feature of ubiquitous caching introduces a major challenge for access control enforcement that requires special attention. We review existing access control mechanisms including encryption-based, attribute-based, session-based, and proxy re-encryption-based access control schemes. We conclude the survey with lessons learned and scope for future work.