Fraunhofer-Institut für Angewandte Informationstechnik FIT

Filters
Reset filters

Settings
Now showing 1 - 10 of 13
  • Publication
    Towards Improving Accountability in Sensitive-Disclosure Scenarios
    ( 2024-06)
    Matzutt, Roman
    ;
    Wagner, Eric
    Public transparency has become increasingly important to uphold trust in government agencies and private companies alike, e.g., by establishing police accountability and proving abiding to ethical supply chain practices. Oftentimes, however, this public interest conflicts with the need for confidentiality of ongoing processes. In this paper, we investigate these sensitive-disclosure scenarios and the requirements for technical solutions to support the data dissemination in these scenarios. We identify translucent blockchains as a promising building block to provide transparency in sensitive-disclosure scenarios with fine-granular access control.
  • Publication
    Investigation of Multi-Stage Attack and Defense Simulation for Data Synthesis
    ( 2023-09)
    Sen, Ömer
    ;
    Ivanov, Bozhidar
    ;
    Henze, Martin
    ;
    Ulbig, Andreas
    The power grid is a critical infrastructure that plays a vital role in modern society. Its availability is of utmost importance, as a loss can endanger human lives. However, with the increasing digitalization of the power grid, it also becomes vulnerable to new cyberattacks that can compromise its availability. To counter these threats, intrusion detection systems are developed and deployed to detect cyberattacks targeting the power grid. Among intrusion detection systems, anomaly detection models based on machine learning have shown potential in detecting unknown attack vectors. However, the scarcity of data for training these models remains a challenge due to confidentiality concerns. To overcome this challenge, this study proposes a model for generating synthetic data of multi-stage cyber attacks in the power grid, using attack trees to model the attacker's sequence of steps and a game-theoretic approach to incorporate the defender's actions. This model aims to create diverse attack data on which machine learning algorithms can be trained.
  • Publication
    Designing Secure and Privacy-Preserving Information Systems for Industry Benchmarking
    ( 2023)
    Pennekamp, Jan
    ;
    Lohmöller, Johannes
    ;
    Vlad, Eduard
    ;
    Loos, Joscha
    ;
    Rodemann, Niklas
    ;
    Sapel, Patrick
    ;
    Fink, Ina Berenice
    ;
    Schmitz, Seth
    ;
    Hopmann, Christian
    ;
    Jarke, Matthias
    ;
    Schuh, Günther
    ;
    Wehrle, Klaus
    ;
    Henze, Martin
    Benchmarking is an essential tool for industrial organizations to identify potentials that allows them to improve their competitive position through operational and strategic means. However, the handling of sensitive information, in terms of (i) internal company data and (ii) the underlying algorithm to compute the benchmark, demands strict (technical) confidentiality guarantees - an aspect that existing approaches fail to address adequately. Still, advances in private computing provide us with building blocks to reliably secure even complex computations and their inputs, as present in industry benchmarks. In this paper, we thus compare two promising and fundamentally different concepts (hardware- and software-based) to realize privacy-preserving benchmarks. Thereby, we provide detailed insights into the concept-specific benefits. Our evaluation of two real-world use cases from different industries underlines that realizing and deploying secure information systems for industry benchmarking is possible with today’s building blocks from private computing.
  • Publication
    An Approach to Abstract Multi-stage Cyberattack Data Generation for ML-Based IDS in Smart Grids
    ( 2023)
    Sen, Ömer
    ;
    Malskorn, Philipp
    ;
    Glomb, Simon
    ;
    Hacker, Immanuel
    ;
    Henze, Martin
    ;
    Ulbig, Andreas
    Power grids are becoming more digitized, resulting in new opportunities for the grid operation but also new chal-lenges, such as new threats from the cyber-domain. To address these challenges, cybersecurity solutions are being considered in the form of preventive, detective, and reactive measures. Machine learning-based intrusion detection systems are used as part of detection efforts to detect and defend against cyberattacks. However, training and testing data for these systems are often not available or suitable for use in machine learning models for detecting multi-stage cyberattacks in smart grids. In this paper, we propose a method to generate synthetic data using a graph-based approach for training machine learning models in smart grids. We use an abstract form of multi-stage cyberattacks defined via graph formulations and simulate the propagation behavior of attacks in the network. Within the selected scenarios, we observed promising results, but a larger number of scenarios need to be studied to draw a more informed conclusion about the suitability of synthesized data.
  • Publication
    A cyber-physical digital twin approach to replicating realistic multi-stage cyberattacks on smart grids
    ( 2023)
    Sen, Ömer
    ;
    Bleser, N.
    ;
    Henze, Martin
    ;
    Ulbig, Andreas
    The integration of information and communication technology in distribution grids presents opportunities for active grid operation management, but also increases the need for security against power outages and cyberattacks. This paper examines the impact of cyberattacks on smart grids by replicating the power grid in a secure laboratory environment as a cyber-physical digital twin. A simulation is used to study communication infrastructures for secure operation of smart grids. The cyber-physical digital twin approach combines communication network emulation and power grid simulation in a common modular environment, and is demonstrated through laboratory tests and attack replications.
  • Publication
    PowerDuck: A GOOSE Data Set of Cyberattacks in Substations
    ( 2022)
    Zemanek, Sven
    ;
    Hacker, Immanuel
    ;
    Wolsing, Konrad
    ;
    Wagner, Eric
    ;
    Henze, Martin
    ;
    Serror, Martin
    Power grids worldwide are increasingly victims of cyberattacks, where attackers can cause immense damage to critical infrastructure. The growing digitalization and networking in power grids combined with insufficient protection against cyberattacks further exacerbate this trend. Hence, security engineers and researchers must counter these new risks by continuously improving security measures. Data sets of real network traffic during cyberattacks play a decisive role in analyzing and understanding such attacks. Therefore, this paper presents PowerDuck, a publicly available security data set containing network traces of GOOSE communication in a physical substation testbed. The data set includes recordings of various scenarios with and without the presence of attacks. Furthermore, all network packets originating from the attacker are clearly labeled to facilitate their identification. We thus envision PowerDuck improving and complementing existing data sets of substations, which are often generated synthetically, thus enhancing the security of power grids.
  • Publication
    Towards an approach to contextual detection of multi-stage cyber attacks in smart grids
    ( 2021)
    Sen, O.
    ;
    Velde, D. van der
    ;
    Wehrmeister, K.A.
    ;
    Hacker, I.
    ;
    Henze, M.
    ;
    Andres, M.
    Electric power grids are at risk of being compromised by high-impact cyber-security threats such as coordinated, timed attacks. Navigating this new threat landscape requires a deep understanding of the potential risks and complex attack processes in energy information systems, which in turn demands an unmanageable manual effort to timely process a large amount of cross-domain information. To provide an adequate basis to contextually assess and understand the situation of smart grids in case of coordinated cyber-attacks, we need a systematic and coherent approach to identify cyber incidents. In this paper, we present an approach that collects and correlates cross-domain cyber threat information to detect multi-stage cyber-attacks in energy information systems. We investigate the applicability and performance of the presented correlation approach and discuss the results to highlight challenges in domain-specific detection mechanisms.
  • Publication
    Investigating Man-in-the-Middle-based False Data Injection in a Smart Grid Laboratory Environment
    ( 2021)
    Sen, Ömer
    ;
    Veldc, Dennis van der
    ;
    Linnartz, Philipp
    ;
    Hacker, Immanuel
    ;
    Henze, Martin
    ;
    Andres, Michael
    ;
    Ulbig, Andreas
    With the increasing use of information and communication technology in electrical power grids, the security of energy supply is increasingly threatened by cyber-attacks. Traditional cyber-security measures, such as firewalls or intrusion detection/prevention systems, can be used as mitigation and prevention measures, but their effective use requires a deep understanding of the potential threat landscape and complex attack processes in energy information systems. Given the complexity and lack of detailed knowledge of coordinated, timed attacks in smart grid applications, we need information and insight into realistic attack scenarios in an appropriate and practical setting. In this paper, we present a man-in-the-middle-based attack scenario that intercepts process communication between control systems and field devices, employs false data injection techniques, and performs data corruption such as sending false commands to field devices. We demonstrate the applicability of the presented attack scenario in a physical smart grid laboratory environment and analyze the generated data under normal and attack conditions to extract domain-specific knowledge for detection mechanisms.
  • Publication
    An Approach of Replicating Multi-Staged Cyber-Attacks and Countermeasures in a Smart Grid Co-Simulation Environment
    ( 2021)
    Sen, Ömer
    ;
    Velde, Dennis van der
    ;
    Peters, Sebastian N.
    ;
    Henze, Martin
    While the digitization of power distribution grids brings many benefits, it also introduces new vulnerabilities for cyber-attacks. To maintain secure operations in the emerging threat landscape, detecting and implementing countermeasures against cyberattacks are paramount. However, due to the lack of publicly available attack data against Smart Grids (SGs) for countermeasure development, simulation-based data generation approaches offer the potential to provide the needed data foundation. Therefore, our proposed approach provides flexible and scalable replication of multi-staged cyber-attacks in an SG Co-Simulation Environment (COSE). The COSE consists of an energy grid simulator, simulators for Operation Technology (OT) devices, and a network emulator for realistic IT process networks. Focusing on defensive and offensive use cases in COSE, our simulated attacker can perform network scans, find vulnerabilities, exploit them, gain administrative privileges, and execute malicious commands on OT devices. As an exemplary countermeasure, we present a built-in Intrusion Detection System (IDS) that analyzes generated network traffic using anomaly detection with Machine Learning (ML) approaches. In this work, we provide an overview of the SG COSE, present a multi-stage attack model with the potential to disrupt grid operations, and show exemplary performance evaluations of the IDS in specific scenarios.
  • Publication
    Graph-based model of smart grid architectures
    ( 2020)
    Klaer, B.
    ;
    Sen, O.
    ;
    Velde, D. van der
    ;
    Hacker, I.
    ;
    Andres, M.
    ;
    Henze, M.
    The rising use of information and communication technology in smart grids likewise increases the risk of failures that endanger the security of power supply, e.g., due to errors in the communication configuration, faulty control algorithms, or cyber-attacks. Co-simulations can be used to investigate such effects, but require precise modeling of the energy, communication, and information domain within an integrated smart grid infrastructure model. Given the complexity and lack of detailed publicly available communication network models for smart grid scenarios, there is a need for an automated and systematic approach to creating such coupled models. In this paper, we present an approach to automatically generate smart grid infrastructure models based on an arbitrary electrical distribution grid model using a generic architectural template. We demonstrate the applicability and unique features of our approach alongside examples concerning network planning, co-simulation se tup, and specification of domain-specific intrusion detection systems.