Filters

2014 - 201922020 - 20222

More filters

20224
Reset filters

Settings

Author: Henze, Martin × DDC: 004 × Type: Article × Type: Text ×

Search Results

Now showing 1 - 4 of 4
  • Thumbnail Image
    Item
    On specification-based cyber-attack detection in smart grids
    (2022) Sen, Ömer; van der Velde, Dennis; Lühman, Maik; Sprünken, Florian; Hacker, Immanuel; Ulbig, Andreas; Andres, Michael; Henze, Martin
    The transformation of power grids into intelligent cyber-physical systems brings numerous benefits, but also significantly increases the surface for cyber-attacks, demanding appropriate countermeasures. However, the development, validation, and testing of data-driven countermeasures against cyber-attacks, such as machine learning-based detection approaches, lack important data from real-world cyber incidents. Unlike attack data from real-world cyber incidents, infrastructure knowledge and standards are accessible through expert and domain knowledge. Our proposed approach uses domain knowledge to define the behavior of a smart grid under non-attack conditions and detect attack patterns and anomalies. Using a graph-based specification formalism, we combine cross-domain knowledge that enables the generation of whitelisting rules not only for statically defined protocol fields but also for communication flows and technical operation boundaries. Finally, we evaluate our specification-based intrusion detection system against various attack scenarios and assess detection quality and performance. In particular, we investigate a data manipulation attack in a future-orientated use case of an IEC 60870-based SCADA system that controls distributed energy resources in the distribution grid. Our approach can detect severe data manipulation attacks with high accuracy in a timely and reliable manner.
  • Thumbnail Image
    Item
    BLOOM: BLoom filter based oblivious outsourced matchings
    (2017) Ziegeldorf, Jan Henrik; Pennekamp, Jan; Hellmanns, David; Schwinger, Felix; Kunze, Ike; Henze, Martin; Hiller, Jens; Matzutt, Roman; Wehrle, Klaus
    Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations.
  • Thumbnail Image
    Item
    Cybersecurity in Power Grids: Challenges and Opportunities
    (2021) Krause, Tim; Ernst, Raphael; Klaer, Benedikt; Hacker, Immanuel; Henze, Martin
    Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, and (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, as well as identify further opportunities to strengthen cybersecurity in interconnected power grids.
  • Thumbnail Image
    Item
    SCSlib: Transparently Accessing Protected Sensor Data in the Cloud
    (Amsterdam [u.a.] : Elsevier, 2014) Henze, Martin; Bereda, Sebastian; Hummen, René; Wehrle, Klaus
    As sensor networks get increasingly deployed in real-world scenarios such as home and industrial automation, there is a similarly growing demand in analyzing, consolidating, and storing the data collected by these networks. The dynamic, on-demand resources offered by today’s cloud computing environments promise to satisfy this demand. However, prevalent security concerns still hinder the integration of sensor networks and cloud computing. In this paper, we show how recent progress in standardization can provide the basis for protecting data from diverse sensor devices when outsourcing data processing and storage to the cloud. To this end, we present our Sensor Cloud Security Library (SCSlib) that enables cloud service developers to transparently access cryptographically protected sensor data in the cloud. SCSlib specifically allows domain specialists who are not security experts to build secure cloud services. Our evaluation proves the feasibility and applicability of SCSlib for commodity cloud computing environments.