A Survey of Security in Software Defined Networks

The proposition of increased innovation in network applications and reduced cost for network operators has won over the networking world to the vision of Software-Defined Networking (SDN). With the excitement of holistic visibility across the network and the ability to program network devices, developers have rushed to present a range of new SDN-compliant hardware, software and services. However, amidst this frenzy of activity, one key element has only recently entered the debate: Network Security. In this article, security in SDN is surveyed presenting both the research community and industry advances in this area. The challenges to securing the network from the persistent attacker are discussed and the holistic approach to the security architecture that is required for SDN is described. Future research directions that will be key to providing network security in SDN are identified.

SDN Security: A Survey

The pull of Software-Defined Networking (SDN) is magnetic. There are few in the networking community who have escaped its impact. As the benefits of network visibility and network device programmability are discussed, the question could be asked as to who exactly will benefit? Will it be the network operator or will it, in fact, be the network intruder? As SDN devices and systems hit the market, security in SDN must be raised on the agenda. This paper presents a comprehensive survey of the research relating to security in software-defined networking that has been carried out to date. Both the security enhancements to be derived from using the SDN framework and the security challenges introduced by the framework are discussed. By categorizing the existing work, a set of conclusions and proposals for future research directions are presented.

The significance of interconnector counter-trading in a security constrained electricity market

Throughout the European Union there is an increasing amount of wind generation being dispatched-down due to the binding of power system operating constraints from high levels of wind generation. This paper examines the impact a system non-synchronous penetration limit has on the dispatch-down of wind and quantifies the significance of interconnector counter-trading to the priority dispatching of wind power. A fully coupled economic dispatch and security constrained unit commitment model of the Single Electricity Market of the Republic of Ireland and Northern Ireland and the British Electricity Trading and Transmission Arrangement was used in this study. The key finding was interconnector counter-trading reduces the impact the system non-synchronous penetration limit has on the dispatch-down of wind. The capability to counter-trade on the interconnectors and an increase in system non-synchronous penetration limit from 50% to 55% reduces the dispatch-down of wind by 311 GW h and decreases total electricity payments to the consumer by €1.72/MW h. In terms of the European Union electricity market integration, the results show the importance of developing individual electricity markets that allow system operators to counter-trade on interconnectors to ensure the priority dispatch of the increasing levels of wind generation.

Who Knows What's Going On? Mapping New Security Landscapes in Contemporary Espionage Fiction

This article explores whether or to what extent the contemporary espionage novel is able to map and interrogate transformations in the post-9/11security environment. It asks how well a form or genre of writing, typically handcuffed to the machinations and demands of the Cold War and state sovereignty, is able to adapt to a new security environment characterized by strategies of “risk assessment” and “resilience-building” and by modes or regimes of power not reducible to, or wholly controlled by, the state. In doing so, it thinks about the capacities of this type of fiction for “resisting” the formations of power it wants to make visible and is partly complicit with.

Status and security: how Russian media is spinning airstrikes in Syria

Even before the Russian air force launched its first strikes over Syria, there was already a Russian presence on the battleground. These were not the spetsnaz, Kremlin’s special forces, but war correspondents from the leading Russian media outlets. This was as clear a sign as any that the Russia’s priority has shifted from Ukraine, where these reporters spent most of the past 18 months, to Syria.

There is, however, no unanimity on Russia’s latest escalation in Syria. As Russian state TV stations report successes of Russia’s high-precision weapons projecting an image of a high-tech Russian military equal to the US, doubts persist about the latest adventure in the Middle East.

Cooperative Beamforming and User Selection for Improving the Security of Relay-aided Systems

A relay network in which a source wishes to convey a confidential message to a legitimate destination with the assistance of trusted relays is considered. In particular, cooperative beamforming and user selection techniques are applied to protect the confidential message. The secrecy rate (SR) and secrecy outage probability (SOP) of the network are investigated first, and a tight upper bound for the SR and an exact formula for the SOP are derived. Next, asymptotic approximations for the SR and SOP in the high signal-to-noise ratio (SNR) regime are derived for two different schemes: i) cooperative beamforming and ii) multiuser selection. Further, a new concept of cooperative diversity gain, namely, adapted cooperative diversity gain (ACDG), which can be used to evaluate security level of a cooperative relaying network, is investigated. It is shown that the ACDG of cooperative beamforming is equal to the conventional cooperative diversity gain of traditional multiple-input single-output networks, while the ACDG of the multiuser scenario is equal to that of traditional single-input multiple-output networks.

Cybersecurity Test-Bed for IEC 61850 based Smart Substations

With the development and deployment of IEC 61850 based smart substations, cybersecurity vulnerabilities of supervisory control and data acquisition (SCADA) systems are increasingly emerging. In response to the emergence of cybersecurity vulnerabilities in smart substations, a test-bed is indispensable to enable cybersecurity experimentation. In this paper, a comprehensive and realistic cyber-physical test-bed has been built to investigate potential cybersecurity vulnerabilities and the impact of cyber-attacks on IEC 61850 based smart substations. This test-bed is close to a real production type environment, and has the ability to carry out end-to-end testing of cyber-attacks and physical consequences. A fuzz testing approach is proposed for detecting IEC 61850 based intelligent electronic devices (IEDs) and validated in the proposed test-bed.

On the Security of Balanced Encoding Countermeasures

Most cryptographic devices should inevitably have a resistance against the threat of side channel attacks. For this, masking and hiding schemes have been proposed since 1999. The security validation of these countermeasures is an ongoing research topic, as a wider range of new and existing attack techniques are tested against these countermeasures. This paper examines the side channel security of the balanced encoding countermeasure, whose aim is to process the secret key-related data under a constant Hamming weight and/or Hamming distance leakage. Unlike previous works, we assume that the leakage model coefficients conform to a normal distribution, producing a model with closer fidelity to real-world implementations. We perform analysis on the balanced encoded PRINCE block cipher with simulated leakage model and also an implementation on an AVR board. We consider both standard correlation power analysis (CPA) and bit-wise CPA. We confirm the resistance of the countermeasure against standard CPA, however, we find with a bit-wise CPA that we can reveal the key with only a few thousands traces.

IEEE C37.118-2 Synchrophasor Communication Framework

Synchrophasors have become an important part of the modern power system and numerous applications have been developed covering wide-area monitoring, protection and control. Most applications demand continuous transmission of synchrophasor data across large geographical areas and require an efficient communication framework. IEEE C37.118-2 evolved as one of the most successful synchrophasor communication standards and is widely adopted. However, it lacks a predefined security mechanism and is highly vulnerable to cyber attacks. This paper analyzes different types of cyber attacks on IEEE C37.118-2 communication system and evaluates their possible impact on any developed synchrophasor application. Further, the paper also recommends an efficent security mechanism that can provide strong protection against cyber attacks. Although, IEEE C37.118-2 has been widely adopted, there is no clear understanding of the requirements and limitations. To this aim, the paper also presents detailed performance evaluation of IEEE C37.118-2 implementations which could help determine required resources and network characteristics before designing any synchrophasor application.