Geri Dön

A secure and reliable communication platform for the smart grid

Başlık çevirisi mevcut değil.

PDF İndir

  1. Tez No: 508170
  2. Yazar: KUBİLAY DEMİR
  3. Danışmanlar: Prof. NEERAJ SURI
  4. Tez Türü: Doktora
  5. Konular: Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol, Computer Engineering and Computer Science and Control
  6. Anahtar Kelimeler: Belirtilmemiş.
  7. Yıl: 2017
  8. Dil: İngilizce
  9. Üniversite: Technische Universität Darmstadt
  10. Enstitü: Yurtdışı Enstitü
  11. Ana Bilim Dalı: Belirtilmemiş.
  12. Bilim Dalı: Belirtilmemiş.
  13. Sayfa Sayısı: 137

Özet

Özet yok.

Özet (Çeviri)

The increasing penetration of distributed power generation into the power distribution domain necessitates reliable and QoS-aware communication in order to safely manage the grid. The management of this complex cyber-physical system, called the Smart Grid (SG), requires responsive, scalable and high-bandwidth communication, which is often beyond the capabilities of the classical closed communication networks of the power grid. Consequently, the use of scalable public IP-based networks is increasingly being advocated. However, a direct consequence of the use of public networks is the exposure of the SG to varied reliability/security risks. In particular, the current Internet infrastructure does not support end-to-end (E2E) QoS-guaranteed communication. Furthermore, public networks' more open structure versus proprietary networks potentially exposes the SG to cyberattacks such as Denial-of-Service (DoS) and Distributed DoS (DDoS) which can compromise the high availability and responsiveness of the SG applications. Thus, there is need for new lightweight mechanisms that can provide both E2E communication guarantees along with strong DoS/DDoS attack protection. To address this requirement, we first propose an overlay network based approach. This approach provides a QoS guarantee across the network with a dedicated QoS routing mechanism taking into account three parameters: reliability, latency and bandwidth for SG applications. To achieve the QoS guarantee, we also develop two additional mechanisms: (a) a multipath routing scheme that satisfies the critical applications' high reliability requirements by employing E2E physically-disjoint paths, and (b) an altruistic resource allocation scheme with the QoS routing mechanism targeting QoS-guaranteed communication for applications having strict QoS requirements. Second, we propose a novel DDoS defense mechanism which leverages: (1) a semitrusted P2P-based publish-subscribe (pub-sub) system providing a proactive countermeasure for DoS/DDoS attacks and secure group communications by aid of a group key management system, (2) a data diffusion mechanism that spreads the data packets over all the servers versus a single server to provide a robust protection against volume-based DDoS attacks that would affect some of the servers, and (3) a multi-homing-based fast recovery mechanism for detecting and requesting the dropped packets, thus paving the way for meeting the stringent latency requirements of SG applications. Third, we develop a cloud-assisted DDoS attack resilient communication platform, built on the proposed defense mechanism discussed above. To prevent transport or application layer DDoS attacks, this platform implements a port hopping approach, switching the open port of a server over a function of both time and a secret (shared between authorized clients and server), thus efficiently dropping packets with invalid port number. By leveraging the rapid-elasticity characteristic of the cloud, we can instantiate replica servers to take over the attacked servers without blocking the all traffic due to the data diffusion mechanism. Moreover, we propose a shuffling-based containment mechanism in order to quarantine malicious clients, which can mount a DDoS attack, exploiting the shared secret in a remarkably short time. Accordingly, the effect of a DDoS attack based on the compromised secret of the malicious clients is minimized. Finally, to counter the transport and application layer DoS/DDoS attacks which are launched by compromised SG devices, we propose a proactive and robust extension of the Multipath-TCP (MPTCP) that mitigates such attacks by using a novel stream hopping MPTCP mechanism, termed MPTCP-H. Unlike the port hopping mechanism, MPTCP-H does not need a shared secret and time-sync between the clients. The proposed MPTCP-H hides the open port numbers of the connection from an attacker by renewing (over time) the subflows over new port numbers without perturbing the SG data traffic. Our results demonstrate that both in the attack and attack-free scenarios, the proposed mechanisms provide a significant availability degree. The results also indicate a reasonable overhead in terms of additional latency and message for the proposed approaches.

Benzer Tezler

  1. Tez No

    856926

    Otomotiv yedek parça tedarik zincirinde orijinallik denetlemesi ve yeniden kullanım/geri dönüşüm süreçleri için blok zincir tabanlı takip sistemi

    Blockchain-based tracking system for originality verification and recycling processes in the automotive spare parts supply chain

    TUĞBA BEKMAN

    Yüksek Lisans

    Türkçe

    Türkçe

    2024

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik Üniversitesi

    Bilişim Uygulamaları Ana Bilim Dalı

    PROF. DR. ENVER ÖZDEMİR

  2. Tez No

    863774

    Çevresel gürültü kontrolüne yönelik gerçek zamanlı izleme sistemi tasarımı ve uygulaması

    Real-time monitoring system design and implementation for environmental noise control

    SAMET FEYYAZ HAMAMCI

    Doktora

    Türkçe

    Türkçe

    2024

    Bilim ve Teknolojiİstanbul Teknik Üniversitesi

    Bilişim Uygulamaları Ana Bilim Dalı

    DOÇ. DR. AHMET ÖZGÜR DOĞRU

  3. Tez No

    244739

    Güvenilir bilişim ile elektronik oylama

    Electronic voting with trusted computing

    BAHADIR İSMAİL AYDIN

    Yüksek Lisans

    Türkçe

    Türkçe

    2009

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolTOBB Ekonomi ve Teknoloji Üniversitesi

    Bilgisayar Mühendisliği Bölümü

    DOÇ. DR. KEMAL BIÇAKCI

    YRD. DOÇ. DR. BÜLENT TAVLI

  4. Tez No

    864157

    A support vector machine-based approach for southbound communication detection in SDN using openflow

    Openflow kullanarak SDN'de güney yönlü iletişim tespiti için destek vektör makinesi tabanlı bir yaklaşım

    ALİ GÖKHAN AVRAN

    Yüksek Lisans

    İngilizce

    İngilizce

    2024

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik Üniversitesi

    Bilgisayar Mühendisliği Ana Bilim Dalı

    DR. ÖĞR. ÜYESİ GÖKHAN SEÇİNTİ

  5. Tez No

    688518

    Resolving security and low mobility issues in mobile AD-HOC networks

    Başlık çevirisi yok

    AMMAR ABDULRAHMAN M.SAEED

    Yüksek Lisans

    İngilizce

    İngilizce

    2021

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolAltınbaş Üniversitesi

    Bilgi Teknolojileri Ana Bilim Dalı

    DR. ÖĞR. ÜYESİ SEFER KURNAZ

Geri Dön