SAMGRID: Security Authorization and Monitoring Module Based on SealedGRID Platform.

IoT devices present an ever-growing domain with multiple applicability. This technology has favored and still favors many areas by creating critical infrastructures that are as profitable as possible. This paper presents a hierarchical architecture composed of different licensing entities that manage access to different resources within a network infrastructure. They are conducted on the basis of well-drawn policy rules. At the same time, the security side of these resources is also placed through a context awareness module. Together with this technology, IoT is used and Blockchain is enabled (for network consolidation, as well as the transparency with which to monitor the platform). The ultimate goal is to implement a secure and scalable security platform for the Smart Grid. The paper presents the work undertaken in the SealedGRID project and the steps taken for implementing security policies specifically tailored to the Smart Grid, based on advanced concepts such as Opinion Dynamics and Smart Grid-related Attribute-based Access Control.

Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZone.

TrustZone-based Trusted Execution Environments (TEEs) have been utilized extensively for the implementation of security-oriented solutions for several smart intra and inter-connected devices. Although TEEs have been promoted as the starting point for establishing a device root of trust, a number of published attacks against the most broadly utilized TEE implementations request a second view on their security. The aim of this research is to provide an analytical and educational exploration of TrustZone-based TEE vulnerabilities with the goal of pinpointing design and implementation flaws. To this end, we provide a taxonomy of TrustZone attacks, analyze them, and more importantly derive a set of critical observations regarding their nature. We perform a critical appraisal of the vulnerabilities to shed light on their underlying causes and we deduce that their manifestation is the joint effect of several parameters that lead to this situation. The most important ones are the closed implementations, the lack of security mechanisms, the shared resource architecture, and the absence of tools to audit trusted applications. Finally, given the severity of the identified issues, we propose possible improvements that could be adopted by TEE implementers to remedy and improve the security posture of TrustZone and future research directions.

P4G2Go: A Privacy-Preserving Scheme for Roaming Energy Consumers of the Smart Grid-to-Go.

Due to its flexibility in terms of charging and billing, the smart grid is an enabler of many innovative energy consumption scenarios. One such example is when a landlord rents their property for a specific period to tenants. Then the electricity bill could be redirected from the landlord's utility to the tenant's utility. This novel scenario of the smart grid ecosystem, defined in this paper as Grid-to-Go (G2Go), promotes a green economy and can drive rent reductions. However, it also creates critical privacy issues, since utilities may be able to track the tenant's activities. This paper presents P4G2Go, a novel privacy-preserving scheme that provides strong security and privacy assertions for roaming consumers against honest but curious entities of the smart grid. At the heart of P4G2Go lies the Idemix cryptographic protocol suite, which utilizes anonymous credentials and provides unlinkability of the consumer activities. Our scheme is complemented by the MASKER protocol, used to protect the consumption readings, and the FIDO2 protocol for strong and passwordless authentication. We have implemented the main components of P4G2Go, to quantitatively assess its performance. Finally, we reason about its security and privacy properties, proving that P4G2Go achieves to fulfill the relevant objectives.

SealedGRID: Secure and Interoperable Platform for Smart GRID Applications.

Recent advancements in information and communication technologies (ICT) have improved the power grid, leading to what is known as the smart grid, which, as part of a critical economic and social infrastructure, is vulnerable to security threats from the use of ICT and new emerging vulnerabilities and privacy issues. Access control is a fundamental element of a security infrastructure, and security is based on the principles of less privilege, zero-trust, and segregation of duties. This work addresses how access control can be applied without disrupting the power grid's functioning while also properly maintaining the security, scalability, and interoperability of the smart grid. The authentication in the platform presumes digital certificates using a web of trust. This paper presents the findings of the SealedGRID project, and the steps taken for implementing Attribute-based access control policies specifically customized to the smart grid. The outcome is to develop a novel, hierarchical architecture composed of different licensing entities that manages access to resources within the network infrastructure. They are based on well-drawn policy rules and the security side of these resources is placed through a context awareness module. Together with this technology, the IoT is used with Big Data (facilitating easy handling of large databases). Another goal of this paper is to present implementation and evaluations details of a secure and scalable security platform for the smart grid.

Automated Cyber and Privacy Risk Management Toolkit.

Addressing cyber and privacy risks has never been more critical for organisations. While a number of risk assessment methodologies and software tools are available, it is most often the case that one must, at least, integrate them into a holistic approach that combines several appropriate risk sources as input to risk mitigation tools. In addition, cyber risk assessment primarily investigates cyber risks as the consequence of vulnerabilities and threats that threaten assets of the investigated infrastructure. In fact, cyber risk assessment is decoupled from privacy impact assessment, which aims to detect privacy-specific threats and assess the degree of compliance with data protection legislation. Furthermore, a Privacy Impact Assessment (PIA) is conducted in a proactive manner during the design phase of a system, combining processing activities and their inter-dependencies with assets, vulnerabilities, real-time threats and Personally Identifiable Information (PII) that may occur during the dynamic life-cycle of systems. In this paper, we propose a cyber and privacy risk management toolkit, called AMBIENT (Automated Cyber and Privacy Risk Management Toolkit) that addresses the above challenges by implementing and integrating three distinct software tools. AMBIENT not only assesses cyber and privacy risks in a thorough and automated manner but it also offers decision-support capabilities, to recommend optimal safeguards using the well-known repository of the Center for Internet Security (CIS) Controls. To the best of our knowledge, AMBIENT is the first toolkit in the academic literature that brings together the aforementioned capabilities. To demonstrate its use, we have created a case scenario based on information about cyber attacks we have received from a healthcare organisation, as a reference sector that faces critical cyber and privacy threats.

Towards building a Self-Sovereign Identity Framework for Healthcare.

Drifted by the hype of new and efficient machine learning and artificial intelligence models aiming to unlock the information wealth hidden inside heterogeneous datasets across different markets and disciplines, healthcare data are in the center of novel technological advancements in predictive health diagnostics, remote healthcare, assistive leaving and wellbeing. Nevertheless, this emerging market has underlined the necessity of developing new methods and updating existing ones for preserving the privacy of the data and their owners, as well as, ensuring confidentiality and trust throughout the health care data processing pipelines. This paper presents one of the key innovations of a Horizon Europe funded project named "TRUSTEE", which focuses on building a trust and privacy framework for cross-European data exchange by employing a secure and private federated framework to empower companies, organizations, and individuals to securely access data across different disciplines, use and re-use data and metadata to extract knowledge with trust. In particular we present our work on implementing strong authentication and continuous authorization schemes based on the duality of eIDAS trust framework and Self Sovereign Identity (SSI) management to ensure security and trust over authentication, authorization and accounting processes for healthcare.

The Integrated Holistic Security and Privacy Framework Deployed in CrowdHEALTH Project.

INTRODUCTION: Individuals and healthcare providers need to trust that the EHRs are protected and that the confidentiality of their personal information is not at stake. AIM: Within CrowdHEALTH project, a security and privacy framework that ensures confidentiality, integrity, and availability of the data was developed. METHODS: The CrowdHEALTH Security and Privacy framework includes Privacy Enhancing Technologies (PETs) in order to comply with the GDPR EU laws of data protection. CrowdHEALTH deploys OpenID Connect, an authentication protocol to provide flexibility, scalability, and lightweight user authentication as well as the attribute-base access control (ABAC) mechanism which supports creating efficient access control policies. RESULTS: CrowdHEALTH integrates ABAC with OpenID Connect to build an effective and scalable base for end-users' authorization. CrowdHEALTH's security and privacy framework interacts with other CrowdHEALTH's components, for instance the Big Data Platform, that depends on user authentication and authorization. CrowdHEALTH users are able to access the CrowdHEALTH's database based on the result of an ABAC request. Moreover, due to the fact that the CrowdHEALTH system requires proofs during the interactions with data producers of low trust or low reputation level, the requirements for the Trust and Reputation Model have been identified. CONCLUSION: The CrowdHEALTH Integrated Holistic Security and Privacy framework meets the security criteria for an e-health cross-border system, due to the adoption of security mechanisms, such as user authentication, user authorization, access control, data anonymization, trust management and reputation modelling. The implemented framework remains to be tested to ensure its robustness and to evaluate its performance. The holistic security and privacy framework might be adapted during the project's life circle according to new legislations.