Title: Securing group communication in critical Infrastructures
Language: English
Authors: Annessi, Robert 
Qualification level: Doctoral
Advisor: Zseby, Tanja 
Assisting Advisor: Fabini, Joachim  
Issue Date: 2019
Number of Pages: 181
Qualification level: Doctoral
Communication networks have become an essential part of increasingly interconnected modern societies. Group communication is a ubiquitous concept in todays communication networks, and comprises broadcast, multicast, and anycast communication. Since group communication facilitates efficient data transmission to numerous receivers, it is more and more needed generally and specifically in critical infrastructures such as sensor data collection in Smart Grids, clock synchronization, and 5G networks. Surprisingly, no generally applicable method exists as yet to secure group communication from adversarial attacks. For this reason, group communication is often times either not secured at all or application-specific security measures are deployed that are not generally applicable and whose security is hard to assess. In this thesis, we tackle a fundamental challenge in securing group communication: data origin authentication. We evaluate various data origin authentication schemes that were proposed during the last twenty-five years for their suitability to secure group communication for critical infrastructures in general and suggest a new classification for data origin authentication schemes that covers developments in recent years. With the advent of novel high-speed signature schemes, we furthermore suggest a new class of data origin authentication schemes: unrestricted-time highspeed signing. In this way, we revise the common assumption that signing every packet individually is computationally unfeasible. To validate the unrestricted-time high-speed signing class suggested in this thesis, we evaluate it for a set of applications in critical infrastructures: sensor data collection in Smart Grids, group communication in 5G networks, and clock synchronization. For clock synchronization we additionally propose a novel set of security measures against a wealth of attacks including delay attacks and discover a fundamental limitation in clock synchronization protocols: they can either be precise or secure. An additional challenge may become prevalent when data origin authentication schemes are used on a large scale or in high-speed environments: subliminal channels in signatures. We analyze several high-speed signature schemes for their susceptibility to subliminal channels and find all of them to be susceptible. As a proof of concept, we introduce a method that exploits such subliminal channel for private botnet command and control communication over public blockchains. Given the results on data origin authentication, subliminal channels, and clock synchronization, we are" "confident that this thesis contributes to the foundation of secure group communication in critical infrastructures."
Keywords: Gruppenkommunikation; Netzwerksicherheit; Digitale Signaturen
group communication; network security; digital signatures
URI: https://resolver.obvsg.at/urn:nbn:at:at-ubtuw:1-122630
Library ID: AC15332105
Organisation: E389 - Telecommunications 
Publication Type: Thesis
Appears in Collections:Thesis

Files in this item:

Page view(s)

checked on Sep 23, 2021


checked on Sep 23, 2021

Google ScholarTM


Items in reposiTUm are protected by copyright, with all rights reserved, unless otherwise indicated.