Munkenyi Mukhandi, Eduardo Andrade, Jorge Granjal, João P. Vilela
{"title":"利用区块链为 GDOI 提供增强型身份验证和设备完整性保护","authors":"Munkenyi Mukhandi, Eduardo Andrade, Jorge Granjal, João P. Vilela","doi":"10.1002/ett.4986","DOIUrl":null,"url":null,"abstract":"<p>Recent device-level cyber-attacks have targeted IoT critical applications in power distribution systems integrated with the Internet communications infrastructure. These systems utilize group domain of interpretation (GDOI) as designated by International Electrotechnical Commission (IEC) power utility standards IEC 61850 and IEC 62351. However, GDOI cannot protect against novel threats, such as IoT device-level attacks that can modify device firmware and configuration files to create command and control malicious communication. As a consequence, the attacks can compromise substations with potentially catastrophic consequences. With this in mind, this article proposes a permissioned/private blockchain-based authentication framework that provides a solution to current security threats such as the IoT device-level attacks. Our work improves the GDOI protocol applied in critical IoT applications by achieving decentralized and distributed device authentication. The security of our proposal is demonstrated against known attacks as well as through formal mechanisms via the joint use of the AVISPA and SPAN tools. The proposed approach adds negligible authentication latency, thus ensuring appropriate scalability as the number of nodes increases.</p>","PeriodicalId":23282,"journal":{"name":"Transactions on Emerging Telecommunications Technologies","volume":"35 5","pages":""},"PeriodicalIF":2.5000,"publicationDate":"2024-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/ett.4986","citationCount":"0","resultStr":"{\"title\":\"Enhanced authentication and device integrity protection for GDOI using blockchain\",\"authors\":\"Munkenyi Mukhandi, Eduardo Andrade, Jorge Granjal, João P. Vilela\",\"doi\":\"10.1002/ett.4986\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Recent device-level cyber-attacks have targeted IoT critical applications in power distribution systems integrated with the Internet communications infrastructure. These systems utilize group domain of interpretation (GDOI) as designated by International Electrotechnical Commission (IEC) power utility standards IEC 61850 and IEC 62351. However, GDOI cannot protect against novel threats, such as IoT device-level attacks that can modify device firmware and configuration files to create command and control malicious communication. As a consequence, the attacks can compromise substations with potentially catastrophic consequences. With this in mind, this article proposes a permissioned/private blockchain-based authentication framework that provides a solution to current security threats such as the IoT device-level attacks. Our work improves the GDOI protocol applied in critical IoT applications by achieving decentralized and distributed device authentication. The security of our proposal is demonstrated against known attacks as well as through formal mechanisms via the joint use of the AVISPA and SPAN tools. The proposed approach adds negligible authentication latency, thus ensuring appropriate scalability as the number of nodes increases.</p>\",\"PeriodicalId\":23282,\"journal\":{\"name\":\"Transactions on Emerging Telecommunications Technologies\",\"volume\":\"35 5\",\"pages\":\"\"},\"PeriodicalIF\":2.5000,\"publicationDate\":\"2024-05-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1002/ett.4986\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Transactions on Emerging Telecommunications Technologies\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/ett.4986\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"TELECOMMUNICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Transactions on Emerging Telecommunications Technologies","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/ett.4986","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
Enhanced authentication and device integrity protection for GDOI using blockchain
Recent device-level cyber-attacks have targeted IoT critical applications in power distribution systems integrated with the Internet communications infrastructure. These systems utilize group domain of interpretation (GDOI) as designated by International Electrotechnical Commission (IEC) power utility standards IEC 61850 and IEC 62351. However, GDOI cannot protect against novel threats, such as IoT device-level attacks that can modify device firmware and configuration files to create command and control malicious communication. As a consequence, the attacks can compromise substations with potentially catastrophic consequences. With this in mind, this article proposes a permissioned/private blockchain-based authentication framework that provides a solution to current security threats such as the IoT device-level attacks. Our work improves the GDOI protocol applied in critical IoT applications by achieving decentralized and distributed device authentication. The security of our proposal is demonstrated against known attacks as well as through formal mechanisms via the joint use of the AVISPA and SPAN tools. The proposed approach adds negligible authentication latency, thus ensuring appropriate scalability as the number of nodes increases.
期刊介绍:
ransactions on Emerging Telecommunications Technologies (ETT), formerly known as European Transactions on Telecommunications (ETT), has the following aims:
- to attract cutting-edge publications from leading researchers and research groups around the world
- to become a highly cited source of timely research findings in emerging fields of telecommunications
- to limit revision and publication cycles to a few months and thus significantly increase attractiveness to publish
- to become the leading journal for publishing the latest developments in telecommunications