Presentation is loading. Please wait.

Presentation is loading. Please wait.

J. Bryan Lyles Jason Carter ORNL/Cyber and Information Security

Published byDamon Chase Modified over 6 years ago

Similar presentations

Presentation on theme: "J. Bryan Lyles Jason Carter ORNL/Cyber and Information Security"— Presentation transcript:

1 J. Bryan Lyles Jason Carter ORNL/Cyber and Information Security
Research Cliques – CRL-less Revocation and (Anonymous) Authentication for the Smart Grid Cybersecurity for Energy Delivery Systems Peer Review December 7-9, 2016

2 Summary: Project Title
Objective Fast revocation of certificate- based authorizations in pub/sub - Open Field Message Bus (OpenFMB) - controlled micro-grids Schedule June 2016 to Sept 30, 2017 Design approach document Dec 31, 2016 TBD demonstration developed in conjunction with Duke Energy August 2017 Insert Image Performer: ORNL Partners: Duke Energy, Infineon Federal Cost: $385K Cost Share: Total Value of Award: $ $385K Funds Expended to Date: % 13

3 Advancing the State of the Art (SOA)
Current state of the art is single certificate combining both identity and authorization. Revocation is via Certificate Revocation Lists (CRL/rfc2459/rfc5280) or the Online Certificate Status Protocol (OCSP/rfc2560/rfc6960) Certificate revocation via these mechanisms imposes high network overheads, is poorly supported, and is subject to denial of service attacks. Cliques separates node identity (“serial number”) from the attestation of a node’s authorized actions. This allows long-lived identity certificates to be installed at depot while ensuring that authorizations can be rapidly changed. Cliques is investigating the use of two techniques for authorization and authorization revocation: very short lived certificates and short group signatures. The research questions are related to assessment of these established technologies against network overhead, latency and application domain constraints.

4 Advancing the State of the Art (SOA)
Asset owners will be able to securely and rapidly revoke authorizations of multiple devices in short time windows. They will also be able to rapidly and securely provision service changes requiring modification of authorizations. Assessment of approaches is being done in the context of bandwidth constraints associated with cellular backhaul. Cryptography is one of the foundations of cybersecurity. Whether in the Internet, the data center, or in the electrical grid managing the keys is the subject of ongoing research. See the discussions at conferences such as USENIX Enigma for illustrations.

5 Challenges to Success OpenFMB standard security proposals are evolving with the IIoT and control system requirements Coordination with Duke Energy’s team interfacing with standards community. ORNL’s ongoing effort in Grid Modernization has OpenFMB contact. Various proposals exist regarding the appropriate layer to standardize security Use emphasis on interoperability of vendor products and on the ability to evolve installations to inform discussions. Required cryptography may be too computationally intensive for embedded processor Use partnership to ensure that it is possible to build cheap, secure cryptographic chips capable of handing computational load.

6 Progress to Date Major Accomplishments Project started June 2016
Engagement with partners during summer and fall. Currently engaged in technology review and selection of candidate approaches in preparation for end of December milestone.

7 Collaboration/Technology Transfer
Plans to transfer technology/knowledge to end user Duke Energy, Emerging Technology Office is providing grounding in use cases and is deeply involved in the OpenFMB standard. We will provide the technical material needed for Duke Energy to evaluate the proposed approach and present it to relevant standards bodies. Infineon is a leading manufacturer of highly secure cryptographic chips. They provide the cryptographic hardware for most of the set top boxes in the world – a market where a security breach would cost content owners 100s of millions of dollars. Given project budget constraints and standards committee reality, we expect that our partners will utilize their existing activities and contacts to drive incorporation into industrial practice. Demonstration of technology approach on Duke Energy Mt Holly microgrid simulator.

8 Next Steps for this Project
Approach for the next year or to the end of project Complete study of potential cryptographic approaches, gain Duke Energy agreement on approach, verify longer term implementation considerations with Infineon, and document concept of operation by end of December 2016. Develop plan for concept demonstration on Duke Energy Mt. Holly facility breadboard by end of February 2017. Complete and demonstrate concept August 2017. Document project Sept 2017. Provide documentation to Duke Energy for potential standards engagement as requested.

9 Problem Statement Duke Energy and others are basing grid and microgrid management system architectures on a publish/subscribe paradigm, a many-to-many architecture. In these architectures keys for symmetrical cryptography are deeply vulnerable due to potentially wide distribution. Public key systems are significantly less vulnerable but require that invalid or compromised keys be revoked, a technical and implementation area that is of deep concern in the current Internet. Nodes in a microgrid could potentially have multiple roles and authorizations. Moreover, while node mobility is rare to non- existent, roles and authorization may change and node compromise is always a possibility. Field provisioning of certificates by technicians is undesirable. Within these constraints, how do we “quickly” and securely provision and revoke public key based authorizations.

Download ppt "J. Bryan Lyles Jason Carter ORNL/Cyber and Information Security"

Similar presentations

Securing Emerging Mobile Technology JOHN G. LEVINE PH.D. D/CHIEF ARCHITECTURE GROUP 13 SEP 2012 1.

Securing Emerging Mobile Technology JOHN G. LEVINE PH.D. D/CHIEF ARCHITECTURE GROUP 13 SEP
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Warren County Middle School Business and Information Technology Program IC 3 Certification Program 2 Year Progress Report.

Warren County Middle School Business and Information Technology Program IC 3 Certification Program 2 Year Progress Report.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
OpenFMB Specification Development Plan

OpenFMB Specification Development Plan
OpenFMB Specification Development Plan

OpenFMB Specification Development Plan
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Doc.: IEEE 802.24-13/0047r1 Submission SGIP Liaison Report to IEEE 802.24 Following the SGIP (2.0) Inaugural Conference Nov 5-7, 2013 Date: 2013-11-13.

Doc.: IEEE /0047r1 Submission SGIP Liaison Report to IEEE Following the SGIP (2.0) Inaugural Conference Nov 5-7, 2013 Date:
Certification and Accreditation CS-7493-01 Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Summary Report Project Name : Advancing an Open Source Service Oriented Architecture (SOA) Ecosystem Brief Project Description : This Charter project aims.

Summary Report Project Name : Advancing an Open Source Service Oriented Architecture (SOA) Ecosystem Brief Project Description : This Charter project aims.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.

Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
State of Georgia Release Management Training

State of Georgia Release Management Training
Illuminating Britelite’s Internal Services for Success Strategy for Process Improvement.

Illuminating Britelite’s Internal Services for Success Strategy for Process Improvement.
Slide 1 A Practical Guide to Issuing a Request for Proposals Notes.

Slide 1 A Practical Guide to Issuing a Request for Proposals Notes.
Sourcing Evaluation Life Cycle Go/No Go decision points Competition Alignment Discovery Con tract Modification Project Initiation Vendor Capabilities Contract.

Sourcing Evaluation Life Cycle Go/No Go decision points Competition Alignment Discovery Con tract Modification Project Initiation Vendor Capabilities Contract.
TAG Presentation 18th May 2004 Paul Butler

TAG Presentation 18th May 2004 Paul Butler
CS457 Introduction to Information Security Systems

CS457 Introduction to Information Security Systems
Broadband Challenges 2017 Christopher Tamarin

Broadband Challenges 2017 Christopher Tamarin

Similar presentations

Ads by Google