Bernhard M. Hämmerli Nils Kalstad Svendsen Javier Lopez (Eds.) 2 2 Critical Information 7 7 S C Infrastructures Security N L 7th International Workshop, CRITIS 2012 Lillehammer, Norway, September 2012 Revised Selected Papers 123 Lecture Notes in Computer Science 7722 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum MaxPlanckInstituteforInformatics,Saarbruecken,Germany Bernhard M. Hämmerli Nils Kalstad Svendsen Javier Lopez (Eds.) Critical Information Infrastructures Security 7th International Workshop, CRITIS 2012 Lillehammer, Norway, September 17-18, 2012 Revised Selected Papers 1 3 VolumeEditors BernhardM.Hämmerli HochschuleLuzern-TechnikundArchitektur,CEOAcrisGmbH Bodenhofstrasse29,6005Luzern,Switzerland and GjøvikUniversityCollege Teknologivegen22,2815Gjøvik,Norway E-mail:[email protected] NilsKalstadSvendsen GjøvikUniversityCollege,FacultyofComputerScienceandMediaTechnology Teknologivegen22,2815Gjøvik,Norway E-mail:[email protected] JavierLopez UniversityofMalaga,DepartmentofComputerScience E.T.S.IngenieriaInformatica CampusdeTeatinoss/n,29071Malaga,Spain E-mail:[email protected] ISSN0302-9743 e-ISSN1611-3349 ISBN978-3-642-41484-8 e-ISBN978-3-642-41485-5 DOI10.1007/978-3-642-41485-5 SpringerHeidelbergNewYorkDordrechtLondon LibraryofCongressControlNumber:2013951247 CRSubjectClassification(1998):K.6.5,K.4,C.2,C.4,E.3,J.1 LNCSSublibrary:SL4–SecurityandCryptology ©Springer-VerlagBerlinHeidelberg2013 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection withreviewsorscholarlyanalysisormaterialsuppliedspecificallyforthepurposeofbeingenteredand executedonacomputersystem,forexclusiveusebythepurchaserofthework.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheCopyrightLawofthePublisher’slocation, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Permissionsforuse maybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violationsareliabletoprosecution undertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpublication, neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforanyerrorsor omissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespecttothe materialcontainedherein. Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface This volume contains the post-proceedings of the 7th International Workshop on Critical Information Infrastructures Security (CRITIS 2012), that was held duringSeptember17–182012inLillehammer,Norway,andwashostedbyGjøvik University College. In response to the 2007 call for papers, 67 papers were submitted. Each paper was reviewed by three members of the ProgramCommittee, on the basis ofsignificance,novelty,technicalquality,andcriticalinfrastructuresrelevanceof the work reported therein. At the end of the reviewing process, only 23 papers wereselectedforpresentation;hence,acceptanceratewas34%.Allthosepapers are included in these proceedings, though revisions were not checked and the authors bear full responsibility for the content of their papers. Additionally, 10 short papers and 9 industry papers were presented at the event, but those are not included in these proceedings. CRITIS 2012 was very fortunate to have four exceptional invited speakers: RoarSundseth,MajorGeneralfromtheNorwegianCyberDefence;Konstantinos Moulinos,expertinnetwork&informationsecurityfromENISA;AlainDesausoi, Chief Security Officer from SWIFT; and, Alfonso Valdes, Managing Director Smart Grid Technologies from University of Illinois. The four of them provided ahighaddedvaluetothe qualityoftheconferencewithverysignificanttalkson different and interesting aspects of critical information infrastructures. Other persons deserve many thanks for their contribution to the success of the conference. Special thanks to Nils Kalstad Svendsen, who as general chair provided an impressive support in the local organization of the workshop. Also thanks to Dimitris Gritzalis, general co-chair, for his highly valuable ideas and suggestionsduring the organizationof the event. Local co-chairs,Asbjørn Lund and Tore Orderløkken greatly contributed to the success of CRITIS 2012, as wellashonoraryco-chairsRoarSundsethandEvangelosOuzounis,andpublicity chair Cristina Alcaraz. Without the hard work of these colleagues and the rest of the local organizationteam, this conference would not have been possible. CRITIS2012thanksthemembersoftheProgramCommitteewhoperformed an excellent job during the review process, which is the essence of the quality of the event, and last but not least, the authors who submitted papers as well as the participants from all over the world who chose to honor us with their attendance. August 2013 Bernhard H¨ammerli Nils Kalstad Svendsen Javier Lopez Organization Program Committee Co-chairs Bernhard M. H¨ammerli University of Applied Sciences Lucerne, GUC Gjøvik and CEO Acris GmbH Javier Lopez University of Malaga, Spain General Co-chairs Nils Kalstad Svendsen Gjøvik University College, Norway Dimitris Gritzalis Athens University of Economics & Business, Greece Local Co-chairs Asbjørn Lund Oppland County Governor, Norway Tore Orderløkken NorSIS, Norway Publicity Chair Cristina Alcaraz University of Malaga, Spain and NIST, USA Program Committee Eirik Albrechtsen SINTEF and NorwegianUniversity of Science and Technology, Norway Cristina Alcaraz University Malaga, Spain Jan Audestad Gjøvik University College, Norway Robin Bloomfield City University London, UK Sandro Bologna AIIC, Italy Stefan Brem Federal Office for Civil Protection, Switzerland Matt Broda Microsoft, UK Arslan Br¨omme Vattenfall, Germany Jo˜ao Batista Camargo University of Sa˜o Paulo, Brazil Genseric Cantournet Telecom Italia, Italy Emiliano Casalicchio Universit`a di Tor Vergata, Italy Jorge Cuellar Siemens, Germany Peter Daniel Selex Communication Ltd., UK Gregorio D’Agostino ENEA, Italy Geert Deconinck K.U. Leuven, Belgium Giovanna Dondossola RSE, Italy VIII Organization Stelios Dritsas Athens University of Economics & Business, Greece Myriam Dunn ETH Centre for Security Studies, Switzerland Claudia Eckert Fraunhofer AISEC, Germany Igor Nai Fovino EU Joint Research Centre Ispra, E.C. Steven Furnell University of Plymouth, UK Katrin Franke Gjøvik University Collage, Norway Richard Garber DRDC Centre for Security Science, Canada Robert Ghanea-Hercock British Telecom, UK Adrian Gheorghe Old Dominion University, USA Janusz Gorski Gdansk University of Technology, Poland Stefanos Gritzalis University of the Aegean, Greece Jorge L. Hernandez-Ardieta INDRA, Spain Jan Hovden Norwegian University of Science and Technology, Norway Chris Johnson Glasgow University, UK Floor Koornneef Delft University of Technology, The Netherlands Panos Kotzanikolaou University of Piraeus, Greece Christoph Krauss Fraunhofer AISEC, Germany Eric Luiijf TNO, The Netherlands Paulo Maciel Federal University of Pernambuco, Brazil Fabio Martinelli CNR, Italy Marcelo Masera EU Joint Research Centre Petten, The Netherlands Amin Massoud University of Minnesota, USA Tom McCutcheon Defence Science and Technology Laboratory, UK Doug Montgomery U.S. National Institutes of Standards and Technolog, USA Igor Nai Fovino EU Joint Research Centre Ispra, E.C. Janne Hagen Proactima, Norway Eiji Okamoto University of Tsukuba, Japan Cirian Osborn Centre for the Protectionof National Infrastructure, UK Evangelos Ouzounis European Network and Information Security Agency, Greece Stefano Panzieri University Roma Tre, Italy Stefan Pickl Universit¨at der Bundeswehr Mu¨nchen, Germany Margrete Raaum CERT University of Oslo, Norway Dirk Reinermann German Information Security Agency, Germany Arturo Ribagorda Universidad Carlos III, Spain Andrea Rigoni Global CyberSecurity Center, Italy Organization IX Steven M. Rinaldi Sandia National Laboratories,USA Erich Rome Fraunhofer IAIS, Germany Andre Samberg Sec-Control, Finland, and IMG-S TA2, E.U Michael Samsa Argonne National Laboratories, USA William H. Sanders University of Illinois, USA Roberto Setola Universit`a CAMPUS Bio-Medico, Italy Sujeet Shenoi University of Tulsa, USA James P. Smith Los Alamos National Laboratories, USA Angelos Stavrou George Mason University, USA Ketil Stølen SINTEF and University of Oslo, Norway Neeraj Suri TU Darmstadt, Germany Nils Kalstad Svendsen Gjøvik University College, Norway Barend Taute Council for Scientific and Industrial Research, South Africa Marianthi Theoharidou Athens University of Economics & Business, Greece Paul Theron Thales Information Systems Security, France Panagiotis Trimintzios Network Resilience, ENISA, EU Greece Paul Trushell Attorney General’s Department, Australia Rita A. Wells Idaho National Lab., USA Paolo Verissimo Universidad de Lisboa, Portugal Rhys Williams Centre for the Protectionof N. Infrastructure, UK Stephen Wolthusen G.U.C., Norway and Royal Holloway, UK Christos Xenakis University of Piraeus, Greece Annemarie Zielstra Centre for the Protectionof National Infrastructure, The Netherlands Table of Contents Session 1: Intrusion Management Approach to Enhance the Efficiency of Security Operation Centers to Heterogeneous IDS Landscapes.................................. 1 Bj¨orn-C. B¨osch Enhancing SIEM Technology to Protect Critical Infrastructures........ 10 Luigi Coppolino, Salvatore D’Antonio, Valerio Formicola, and Luigi Romano PDR: A Prevention,Detection and Response Mechanismfor Anomalies in Energy Control Systems ........................................ 22 Cristina Alcaraz and Meltem S¨onmez Turan Session 2: Smart Metering and Grid Embedded Cyber-Physical Anomaly Detection in Smart Meters........ 34 Massimiliano Raciti and Simin Nadjm-Tehrani ImprovingControlSystemCyber-StateAwarenessUsingKnownSecure Sensor Measurements............................................. 46 Ondrej Linda, Milos Manic, and Miles McQueen TheEffectsofNetworkLinkUnreliabilityforLeaderElectionAlgorithm in a Smart Grid System........................................... 59 Stephen Jackson and Bruce M. McMillin Distributed Generation and Resilience in Power Grids ................ 71 Antonio Scala, Mario Mureddu, Alessandro Chessa, Guido Caldarelli, and Alfonso Damiano Breaking Nondeducible Attacks on the Smart Grid ................... 80 Thomas Roth and Bruce M. McMillin Session 3: Analysis and Modeling CPS-CSH Cyber-Physical Analysis and Design....................... 92 Dale Fitch, Sahra Sedigh, Bruce M. McMillin, and Ravi Akella Modeling Emergency Response Plans with Coloured Petri Nets ........ 106 Manuel Cheminod, Ivan Cibrario Bertolotti, Luca Durante, and Adriano Valenzano XII Table of Contents Session 4: SCADA Distributed Identity Based Private Key Generation for SCADA Systems ........................................................ 118 G¨orkem Kılınc¸ and Igor Nai Fovino A Trusted Computing Architecture for Secure Substation Automation ..................................................... 130 David Guidry, Mike Burmester, Xiuwen Liu, Jonathan Jenkins, Sean Easton, and Xin Yuan Session 5: Cyber Issues Probabilistic Model Checking of CAPTCHA Admission Control for DoS Resistant Anti-SPIT Protection ............................ 143 Emmanouela Stachtiari, Yannis Soupionis, Panagiotis Katsaros, Anakreontas Mentis, and Dimitris Gritzalis Reasoning about Vulnerabilities in Dependent Information Infrastructures: A Cyber Range Experiment......................... 155 Adedayo O. Adetoye, Sadie Creese, and Michael H. Goldsmith Session 6: CI Analysis Algebraic Analysis of Attack Impacts and Countermeasures in Critical Infrastructures................................................... 168 Thomas Richard McEvoy and Stephen D. Wolthusen Evaluation of Resilience of Interconnected Systems Based on Stability Analysis ........................................................ 180 Angelo Alessandri and Roberto Filippini Session 7: CIP Sectors System Dynamics for Railway Infrastructure Protection............... 191 Maria Carla De Maggio and Roberto Setola Contaminant Detection in Urban Water Distribution Networks Using Chlorine Measurements ........................................... 203 Demetrios G. Eliades and Marios M. Polycarpou Collaboration between Competing Mobile Network Operators to Improve CIIP ................................................. 215 Peter Schoo, Manfred Sch¨afer, Andr´e Egners, Hans Hofinger, Sascha Wessel, Marian Kuehnel, Sascha Todt, and Michael Montag