Research
CRITICAL ICS INFRASTRUCTURE SECURITY
Our research is mainly around the critical cyber-physical ICS infrastructure security and resilience.
CRITICAL INFRASTRUCTURE SECURITY- SMART GRID
This includes the security and privacy in the smart grid systems, and cyber-physical smart grid security.
RESEARCH PROJECTS
Integrated Distributed Authentication Protocol for Smart Grid Communications
Brief Description: Two-way communications in the SG enable instant interaction between different SG entities and help to improve the overall efficiency of the SG system. According to the NIST report, one of the main security issues in the SG system is that existing authentication mechanisms do not sufficiently authenticate devices or exposes authentication keys. Without proper authentications, the system resources and entities can be compromised that may result in financial losses and performance degradation. Centrally control authentications in a decentralized environment are required for the centralized security management in terms of event logging/analysis and authentication. A fast and lightweight protocol is needed to support frequent authentications repeated many times among billions of devices. In sum, an integrated, distributed, fast, and lightweight authentication protocol will provide mutual authentication between the various entities of the SG system. An integrated distributed protocol can help to maximize the utilization of shared resources with low overhead. Furthermore, the security protocol of the SG system must defend against the known security attacks, including man-in-the-middle (MITM) and denial-of-service (DoS) attacks.State of the Art Authentication, Access Control, and Secure Integration in Smart Grid
Brief Description: The smart grid is a promising platform for providing more reliable, efficient, and cost-effective electricity to the consumers in a secure manner. Numerous initiatives across the globe are taken by both industry and academia in order to compile various security issues in the smart grid network. Unfortunately, there is no impactful survey paper available in the literature on authentications in the smart grid network that addresses the required objectives of an authentication protocol in the smart grid network along with the focus on mutual authentication, access control, and secure integration among different SG components. We review the existing authentication protocols and analyze mutual authentication, privacy, trust, integrity, and confidentiality of communicating information in the smart grid network. We review authentications between the communicated entities in the smart grid, such as smart appliance, smart meter, energy provider, control center, and home/building/neighborhood area network gateways.Authentication and Authorization Scheme for Various User-Roles and Devices in Smart Grid
Brief Description: The smart grid, as the next generation of the power grid, is characterized by employing many different types of intelligent devices, such as intelligent electronic devices located at substations, smart meters positioned in the home area network, and outdoor field equipment deployed in the fields. Also, there are various users in the smart grid network, including customers, operators, maintenance personnel, and etc., who use these devices for various purposes. According to the NIST report, one of the crucial challenges in the future smart grid is to authenticate and authorize users (such as maintenance personnel) whenever they access IED/SM/OFE located at substations/homes/fields in such a way that the resource access is specific to a user, the user-specific authentication information is not shared among users, e.g., identity and password, and the control of authentication and authorization is hierarchically managed by substations and the utility’s central station. This ensures that only authenticated users can perform the assigned authorized actions onto the intended devices in a controlled and scalable manner. Therefore, mutual authentications between the user and the substation’s server to access different devices with a specific user-role authorization are needed to mitigate insider attacks in the SG network.
CRITICAL INFRASTRUCTURE SECURITY- Vehicle-to-Grid (V2G)
This includes security and privacy in the vehicle-to-grid networks.
RESEARCH PROJECTS
Network Security and Privacy Challenges in Smart Vehicle-to-Grid
Brief Description: Smart V2G involves intelligent charge and discharge decisions based on user operational energy requirements, such as desired levels of charging and waiting time. V2G is also supported by information management capabilities enabled by a secure network, such as a reliable privacy-preserving payment system. V2G communication systems are different from other existing communication systems in several ways, such as vehicle mobility, the geographical location of the vehicle, charge and discharge operations, driving pattern, and limited communication range. In terms of security, authentication in the V2G network needs to be fast and efficient in order to support a large number of EVs expected to participate in dynamic charging/ discharging. Confidential information, such as the vehicle identity, vehicle type, charging and discharging time, and Charging Station Identity needs to be protected. There exist security and privacy challenges in the V2G system that can massively affect the practical usage of this next-generation technology. The information shared by the EVs and other V2G entities, such as the Local aggregator, communication and authentication servers, billing center, and control center must be secured over the network. Privacy of personal and confidential information must be maintained.Authentication Scheme for Flexible Charging and Discharging of Mobile Vehicles in the V2G Networks
Brief Description: Navigating security and privacy challenges are one of the crucial requirements in the V2G network. Since electric vehicles (EVs) need to provide their private information to aggregators/servers when charging/discharging at different charging stations, the privacy of the vehicle owners can be compromised if the information is misused, traced, or revealed. In a wide V2G network, where vehicles can move outside of their home network to visiting networks, security and privacy become even more challenging due to untrusted entities in the visiting networks. Although some privacy-preserving solutions were proposed in the literature to tackle this problem, they do not protect against well-known security attacks and generate a huge overhead. Therefore, we need a mutual authentication scheme for preserving the privacy of the EV’s information from aggregators/servers in the home as well as distributed visiting V2G networks.
COMMUNICATIONS (CELLULAR NETWORKS) SECURITY IN CRITICAL INFRASTRUCTURE
This includes the Cellular Networks Security and Secure SMS based mobile applications.
RESEARCH PROJECTS
Analysis of Attacks on GSM Phone using Open Source Software: OsmocomBB, OpenBSC, and OpenBTS
Brief Description: In this project work, I tried to explore various services and functionalities provided by these open sources software namely OsmocomBB, OpenBSC, and OpenBTS, observed the outcomes of different applications (like mobile, ccch_scan etc.) with these software and Wireshark, and analyzed the GSM protocol stack more closely for possibilities of attacks in GSM networks.Design of Authentication Protocols and Message Security Algorithms in Cellular Networks
Brief Description: Cellular and mobile communications have become an important part of our daily life. Besides using cell phones for voice communication, people are now able to use cell phones to access the Internet, conduct monetary transactions, send text messages for value-added services, and many other services. It is important to provide end-users with a secure channel to communicate information among them. Various security and performance issues of 2G, 3G, and 4G cellular networks need to be considered in order to develop a complete security system for the communication of information over the network. End-to-end security of SMS in cellular networks can lead to many advantages and opens the door for new creative and innovative applications. Applications of cellular networks include secure mobile-commerce, mobile-banking, delivering value-added services, health care applications, payment reminders, military applications, stock and news alert, etc. Presently, the SMS is not secure, as it is not transmitted in encrypted form.
The efficient and secure authentication and key agreement (AKA) protocols are proposed and analyzed in order to overcome various security and performance issues of cellular networks. Further, secure and efficient AKA protocols for the secure delivery of value-added services using SMS and end-to-end secure transmission of SMS for mobile users, are proposed and simulated which are maintained by providing the security services like authentication, confidentiality, integrity, and non-repudiation. These AKA protocols are extended to provide secure delivery of value-added services using SMS and end-to-end SMS security to multiple recipients simultaneously where the authentication server is able to handle multiple requests in a batch.Enhancing Security System of Short Message Service
Brief Description: The message generated from a mobile phone is in plain text which can be easily read and modified before it reaches SMSC. Any wrong information received by the recipient can prove fatal for the user. To exploit the popularity of SMS in M-commerce and mobile banking, it is necessary to provide the proper security to SMS so that it could reach to the receiver’s mobile safely to provide data confidentiality, integrity, authentication, and non-repudiation. However, such requirements are not provided by traditional SMS messaging. It is very necessary to secure the SMS by encryption techniques and prevent it from the various attacks applied on SMS like man-in-middle attack, replay attack, non-repudiation, etc. so that it could provide the data security like confidentiality, authentication, integrity, and non-repudiation. The main concept of the proposal of this work is that do the ciphering on SMS first, and then the digital signature is imposed. This signed encrypted SMS is finally transmitted.
OTHER RESEARCH
FINTECH SECURITY: FINANCIAL INSTITUTIONS SECURITY
This includes the cyber security aspects of the financial institutions and banking.
RESEARCH PROJECTS
Cyber Security and Recommendations for Financial Institutions
Brief Description: Extension of the previous work.
Cyber-Attack Analysis and Recommendations in Banking
Brief Description: In the recent years, Banks and other financial institutions have been targeted by the cyber criminals across the world, including UK and Singapore. Very recently, a British man is accused of infecting the computer networks (through a malware known as “Mirai”) and making blackmail attempts to the banks and asked for £75,000 in bitcoins (30 Aug. 2017). Another malware named “Carbanak” was targeted by the cyber criminals in 2015 to the banking industry, which was ended up by compromising 100 banks in 30 countries with attackers making off with $1 billion (2015). This work will lead in understanding the nature of cyber-attacks and weaknesses in the existing systems and networks of banks and other financial institutions. Following are the objectives to be achieved in this work: 1) Understanding the nature of all three types of cyber-attacks, their behaviour and impact, the techniques used by attackers to target these attacks. 2) Analyse (compare and contrast) the existing solutions available in the market and are being used by banks and other financial institutions at present. 3) Suggest solution recommendations, security best practices for future banking system, and key points for cyber security awareness training.