Towards a Threat Model for Vehicular Fog Computing

The report is delivered as DOE-NE Cybersecurity Program Milestone M2CT-22IN1104014-Industry cybersecurity guidance adoption status. The milestone is specifically to document the process and the status of the efforts towards developing guidance in support of industry's adoption of wireless communication technologies. To transform the operation of nuclear power plants, including domestic light-water reactors, advanced reactors, microreactors, and fission battery, for grid and non-grid applications, secure and resilient wireless capabilities are required. In addition, to realize new operational concepts such as autonomous operation and remote monitoring, advanced sensor, and instrumentation, wireless technology is essential. However, industry implementation is low, and there is no technical basis for how to understand and address potential risks for wireless communications for critical plant functions. A methodology with a technical basis for implementing secure wireless communication is crucial. This wireless adoption methodology is intended to assist a licensee in identifying an appropriate technological approach for securing wireless communications in nuclear power plant. However, this methodology does not provide guidance for addressing wireless design criteria or for addressing all the cybersecurity commitments in licensees' cybersecurity plans (CSPs) including addressing security impact analysis that a licensee must perform before an update to a Critical Digital Asset (CDA). This methodology guides a licensee through a process of evaluating a proposed wireless implementation and drafting a plant change notification for an example use case. The example is a generic/nonproprietary version of the first test case of the methodology, which, if successfully implemented, is part of the consideration for protecting other functions' use of wireless in a cybersecure manner.Disclaimer: Neither INL, NRC, nor any of its employees, members, supporting organizations, contractors, or consultants make any warranty, expressed or implied, or assume any legal responsibility that the method provided in this document meets the NRC cyber or completeness of NRC requirements. Blanc for coordinating important critical reviews of the methodology within the DOE-NE Cybersecurity team. The team of researchers that provided comments that contributed to this report during the program reviews are listed below. Idaho National Laboratory had multiple technical exchanges with the NRC staff through the Office of Nuclear Regulatory Research under the DOE-NRC Memorandum of Understanding (MOU) on Nuclear Energy Innovation, Amendment 4, Research Related to Light Water Reactor Sustainability (ML21083A072). We are grateful to the NRC staff colleagues who provided their insights and expertise under the LWRS MOU as part of this effort. However, these exchanges should not be interpreted as NRC endorsement, acceptance, or concurrence with this report. This work would not have been possible without the commitment of the Nuclear Energy Institute (NEI) Cybers...

show abstract

“…• Sequence Number [1]: The data in a wireless network are transmitted as packet/frame. Each packet/frame will have a sequence number.…”

Section: Plan and Implement Cybersecurity Controlsmentioning

confidence: 99%

“…• Encryption [1]: Encryption provides data confidentiality by scrambling the data, and it can only be unscrambled with the knowledge of the key and the algorithm used to scramble. Encryption can be employed in two ways:…”

Section: Plan and Implement Cybersecurity Controlsmentioning

confidence: 99%

Draft Methodology for Cybersecurity Analysis for Adoption of Wireless Technology in Nuclear Power Plants

Manjunatha

McJunkin

Chwasz

2022

View full text Add to dashboard Cite

show abstract

“…Five processes or components make up threat modelling, each of which is essential and functions in concert to provide a full security assessment of the system. The following are the components of threat modelling [6]:  Assets: At all times, the attacker will make an effort to get access to some of the system's assets. Before creating a security solution, it is essential to identify the system's most valuable assets and how they may attract an attacker [6].…”

Section: Threat Modelmentioning

confidence: 99%

“…The following are the components of threat modelling [6]:  Assets: At all times, the attacker will make an effort to get access to some of the system's assets. Before creating a security solution, it is essential to identify the system's most valuable assets and how they may attract an attacker [6].  Entry points: Entry points are vulnerable or suspicious points where attackers can access a system [6].…”

Section: Threat Modelmentioning

confidence: 99%

See 1 more Smart Citation

Multimedia Data Secure Transmission: A Review

Elkamchouchi

Anton

Abouelseoud

2022

int.jour.sci.res.mana.

View full text Add to dashboard Cite

Encryption is a technique of encoding data so that they can only be recognized by authorized receivers. More interactive media information is communicated in the medical, business, and military fields because of the rapid advances in various multimedia transmission and networking technologies, which may contain sensitive information that must be kept hidden from public users. Advanced encryption standards (AES) and data encryption standards (DES) are widely used encryption algorithms for text data. However, they are not appropriate for video data. To ensure that this information cannot be accessed by attackers, the demand for efficient video-protection techniques has been raised. This article provides multimedia design requirements to maintain a secure multimedia system occupied with a threat model for detecting and ranking the potential risks facing a multimedia system. the risks exposed to multimedia security and their impacts on users are typically described according to the textual description and also an overview of the current state-of-the-art video-encryption schemes are presented and their performance parameters have been examined. The relationship between encryption algorithms and compression techniques is also discussed and various multimedia applications have been presented in this paper; Additionally, as the synchronisation of real-time continuous streams is necessary for the interchange of these streams in multimedia conferencing services, multiple synchronisation strategies have been given in this study along with video synchronisation challenges.

show abstract