Remote attestation enables centralized entities to assess the trustworthiness of remote devices. However, despite its utility, existing approaches often lack explicit support for secure software updates, which are essential for maintaining long-term security in embedded systems. This paper presents RASUES, a remote-attestation-based scheme specifically designed to integrate software update mechanisms into embedded systems. To achieve this, we extend the RATS (Remote ATtestation procedureS) RFC 9334 specification with an update procedure that accounts for both the expected state before and after the update. We implement the core functionality of RASUES on a TPM-based embedded hardware platform to demonstrate its feasibility. We evaluate the latency of the prototype and analyze its security properties, revealing that RASUES introduces minimal performance overhead while significantly enhancing security under defined assumptions. Furthermore, we conduct a comprehensive security analysis to identify potential threats and demonstrate how RASUES mitigates them. We also highlight areas in which the protocol must be complemented with additional security mechanisms, ensuring a transparent evaluation of RASUES’s capabilities and limitations.

Flexible energy resources are increasingly becoming common in smart grids. These resources are typically managed and controlled by aggregators that coordinate many resources to provide flexibility services. However, these aggregators and flexible energy resources are vulnerable, which could allow attackers to remotely control flexible energy resources to launch large-scale attacks on the grid. This paper investigates and evaluates the potential attack strategies that can be used to manipulate flexible energy resources to challenge the effectiveness of traditional grid stability measures and disrupt the first-swing stability of the power grid. Our work shows that although a large amount of power is required, the current flexibility capacities could potentially be sufficient to disrupt the grid on a national level.

In this paper, we present a methodology for performing thorough analysis of TLS protocol implementations using dynamic symbolic execution. This method explores all possible inputs by treating entire messages as symbolic using KLEE. We are able to analyse the message parsing logic in detail, showing fulfilment of requirements from the protocol specification. This has previously not been performed for whole messages in complex protocols such as TLS. We tackle several problems that cause state space explosion by providing appropriate abstractions of implementation primitives. Additionally, we explore how protocol design choices impact the feasibility of analysis and argue for a strict TLS specification. We have applied our method to the ServerHello message parsing in several versions of the WolfSSL TLS 1.3 implementation. Our analysis revealed two vulnerabilities in the client implementation which were both assigned CVEs, one of them marked as high severity.

Battery energy storage systems are an important part of modern power systems as a solution to maintain grid balance. However, such systems are often remotely managed using cloud-based control systems. This exposes them to cyberattacks that could result in catastrophic consequences for the electrical grid and the connected infrastructure. This paper takes a step towards advancing understanding of these systems and investigates the effects of cyberattacks targeting them. We propose a reference model for an electrical grid cloud-controlled load-balancing system connected to remote battery energy storage systems. The reference model is evaluated from a cybersecurity perspective by implementing and simulating various cyberattacks. The results reveal the system’s attack surface and demonstrate the impact of cyberattacks that can critically threaten the security and stability of the electrical grid.

Energy communities consist of decentralized energy production, storage, consumption, and distribution and are gaining traction in modern power systems. However, these communities may increase the vulnerability of the grid to cyber threats. We propose an anomaly-based intrusion detection system to enhance the security of energy communities. The system leverages LSTM autoencoders to detect deviations from normal operational patterns in order to identify anomalies induced by attacks or faults. Operational data for training and evaluation are derived from a Simulink-based model of an energy community. The results show that the autoencoder-based intrusion detection system achieves good detection performance across multiple attack scenarios, up to 0.9270 and 0.9735 in precision and recall respectively. We also demonstrate potential for real-world application of the system by training a federated model that enables distributed intrusion detection while preserving data privacy.

This paper presents an empirical analysis of software and firmware update vulnerabilities in computing systems, resulting in a set of recommendations for implementing more secure update mechanisms. Using a Common Vulnerabilities and Exposures (CVE) dataset, we analyze trends over the past eight years, focusing on the frequency and impact of these vulnerabilities on confidentiality, integrity, and availability, as well as their associated attack vectors and severity levels. We identify distinctive patterns compared to the broader vulnerability dataset, offering insights for risk assessment and management. Our findings reveal that vulnerabilities in software and firmware update (and upgrade) processes have a greater impact than the average disclosed vulnerability. Our results also indicate that the primary attack vector for update-related vulnerabilities is local, whereas for overall vulnerabilities, exploitation typically occurs over the network. Furthermore, we investigate the most common weakness classifications associated with these vulnerabilities, identifying scenarios that illustrate their adverse effects on systems and what they enable an attacker to achieve. Common weaknesses among update-related vulnerabilities include improper verification of cryptographic signatures, improper certificate validation, and improper input validation. From the top most prevalent weaknesses, we systematically derive a set of recommendations to help mitigate or eliminate attacks and breaches that occur during the update process.

Remote Attestation is emerging as a promising technique to ensure that some remote device is in a trustworthy state. This can for example be an IoT device that is attested by a cloud service before allowing the device to connect. However, flaws in the communication protocols associated with the remote attestation mechanism can introduce vulnerabilities into the system design and potentially nullify the added security. Formal verification of protocol security can help to prevent such flaws. In this work we provide a detailed analysis of the necessary security properties for remote attestation focusing on the authenticity of the involved agents. We extend beyond existing work by considering the possibility of an attestation server (making the attestation process involve three parties) as well as requiring verifier authentication. We demonstrate that some security properties are not met by a state-of-the-art commercial protocol for remote attestation for our strong adversary model. Moreover, we design two new communication protocols for remote attestation that we formally prove fulfil all of the considered authentication properties.

This paper presents RASUES, a remote-attestation-based scheme designed to incorporate software updates in embedded systems. Our approach has two primary aims: to extend remote attestation specifications to account for software updates, and to leverage Remote Attestation (RA) to validate the integrity of the update process itself. We extend the RATS RFC 9334 specification with an update procedure that accounts for the expected state before and after the update. We demonstrate the feasibility of our design by implementing the main functionality of RASUES on a TPM-based hardware platform. We evaluate the latency of our prototype and analyze its security properties, showing that the approach has acceptable overhead and can provide added security under the stated assumptions.

Purpose: The information technology (IT) sector has been seen as central to society's transformation to a more just and sustainable society, which underlines teachers’ responsibility to foster engineers who can contribute specifically to such ends. This study aims to report an effort to significantly update an existing engineering programme in IT with this ambition and to analyse the effects and challenges associated with the transformation.

Design/methodology/approach: This study is based on a combination of action-oriented research based on implementing key changes to the curriculum; empirical investigations including surveys and interviews with students and teachers, and analysis of these; and a science and technology studies-inspired analysis.

Findings: Respondents were generally positive towards adding topics relating to sustainability. However, in the unmaking of traditional engineering subjects, changes created a conflict between core versus soft subjects in which the core subjects tended to gain the upper hand. This conflict can be turned into productive discussions by focusing on what kinds of engineers the authors’ educate and how students can be introduced to societal problems as an integrated part of their education.

Practical implications: This study can be helpful for educators in the engineering domain to support them in their efforts to transition from a (narrow) focus on traditional disciplines to one where the bettering of society is at the core.

Originality/value: This study provides a novel approach to the transformation of engineering education through a theoretical analysis seldom used in studies of higher education on a novel case study.

Providing authenticated interactions is a key responsibility of most cryptographic protocols. When designing new protocols with strict security requirements it is therefore essential to formally verify that they fulfil appropriate authentication properties. We identify a gap in the case of protocols with unilateral (one-way) authentication, where existing properties are poorly adapted. In existing work, there is a preference for defining strong authentication properties, which is good in many cases but not universally applicable. In this work we make the case for weaker authentication properties. In particular, we investigate one-way authentication and extend Lowe's authentication hierarchy with two such properties. We formally prove the relationship between the added and existing properties. Moreover, we demonstrate the usefulness of the added properties in a case study on remote attestation protocols. This work complements earlier work with additional generic properties that support formal verification of a wider set of protocol types.