cyber security for smart grids prof. biplab sikdar department of electrical, computer and systems...
TRANSCRIPT
![Page 1: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/1.jpg)
Cyber Security for Smart Grids
Prof. Biplab Sikdar
Department of Electrical, Computer and Systems Engineering
Rensselaer Polytechnic Institute
Troy NY 12180
![Page 2: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/2.jpg)
Outline
• Introduction to computer networks• Network vulnerabilities• Cyber security threats for smart grids• Defense strategies
1-2
![Page 3: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/3.jpg)
Motivation
1-3
Transmission
TOP1 – Operational Information
Distribution
DIST1 - Operational Information
DISTx – Operational Information
CustomersGeneration
GEN1 - Operational Information
GENx - Operational Information TOPx – Operational Information
Source: n-Dimension solutions
![Page 4: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/4.jpg)
Motivation
1-4
Transmission Distribution CustomersGeneration
System
Operators
Conservation
Authorities
End-to-End Communications and Intelligence
AMI DSM
Source: n-Dimension solutions
![Page 5: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/5.jpg)
What is a Computer Network?
• A collection of computers (PCs, workstations) and other devices (e.g. printers, smart meters) that are all interconnected
• Goal: provide connectivity and ubiquitous access to resources (e.g., database servers, Web), allow remote users to communicate (e.g., email)
• Components:• Hosts (computers)• Links (coaxial cable, twisted pair, optical fiber, radio,
satellite)• Switches/routers (intermediate systems)
1-5
![Page 6: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/6.jpg)
What is a Computer Network?
Client
Mobile Client Server
Server
Hosts are computersand other devices
such as cellphones and PDAs
Packet
![Page 7: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/7.jpg)
What is a Computer Network?
Application Application
Networks connect applicationson different stations
Packet
![Page 8: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/8.jpg)
What is a Computer Network?
Client
Mobile Client Server
Server
Hosts communicate bysending messages called
packets
Packet
![Page 9: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/9.jpg)
What is a Computer Network?
PacketRouter
Router
Router
Router
Packets may passthrough multiple routers;
Each switch reads the packetand passes it on
![Page 10: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/10.jpg)
What is a Computer Network?
• In summary, a network is a system of hardware, software and transmission components that collectively allow two application programs on two different stations connected to the network to communicate well
![Page 11: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/11.jpg)
Networking Issues
• Resource sharing (i.e., accommodate many users over the same link or through the same router)
• Addressing and routing (i.e., how does an email message find its way to the receiver)
• Reliability and recovery: guarantee end-to-end delivery
• Traffic management: monitoring and regulating the traffic in the network
![Page 12: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/12.jpg)
Solution: Layering
• Layering to deal with complex systems:• Conceptual simplicity• modularization eases maintenance, updating of
system• change of implementation of layer’s service
transparent to rest of system
1-12
Application
Transport
InternetworkHost to Network
FTP
TCP
IPEthernet
Telnet HTTP
UDP
WiFiPoint-to-
Point
TCP/IP Model TCP/IP Protocols
![Page 13: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/13.jpg)
Network Performance
• There are a number of measures that characterize and capture the performance of a network
• It is not enough that networks work• They must work well
• Quality of service (QoS) defines quantitative measures of service quality• Data rate or throughput• Delay (Latency)• Reliability
• Security (not a QoS measure but crucial)
![Page 14: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/14.jpg)
Network Security
• Confidentiality: only sender, intended receiver should “understand” message contents
• Authentication: sender, receiver want to confirm identity of each other
• Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
• Access and availability: services must be accessible and available to users
1-14
![Page 15: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/15.jpg)
Security for Smart Grids: Example 1
1-15
Example from AMRA Webinar, Nov ’06 “The Active Attacker”, Source: n-dimension solutions
U N I V E R S I T YU N I V E R S I T Y
AMI WAN AMI WAN AMI WAN
Communications Network(WAN)
Communications Network(WAN)
Data Management Systems(MDM/R)
Retailers3rd Parties
AMCC (Advanced Metering Control Computer)
Attacker
Cyber Penetration
Attacker Controls the Head End
Attacker Performs Remote
Disconnect
![Page 16: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/16.jpg)
Security for Smart Grids: Example 2
1-16
Example from 2006 SANS SCADA Security Summit, Source: n-dimension solutions
Internet
Internet
Admin
Acct
Opens Email with Malware
Admin
Send e-mail with malware
1. Hacker sends an e-mail with malware
2. E-mail recipient opens the e-mail and the malware gets installed quietly
3. Using the information that malware gets, hacker is able to take control of the e-mail recipient’s PC!
4. Hacker performs an ARP (Address Resolution Protocol) Scan
5. Once the Slave Database is found, hacker sends an SQL EXEC command
6. Performs another ARP Scan
7. Takes control of RTU
Slave Database
Operator
Operator
MasterDB
RTU
PerformARP Scan
SQLEXEC
PerformARP Scan
Take
s Contro
l of R
TU
![Page 17: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/17.jpg)
Network Security: Introduction
• Bob and Alice want to communicate “securely”• Trudy (intruder) may intercept, delete, add
messages
1-17
securesender
securereceiver
channel data
data data
Alice Bob
Trudy
![Page 18: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/18.jpg)
Who might Bob, Alice be?
• well, real-life Bobs and Alices!• Web browser/server for electronic transactions (e.g.,
on-line purchases)• Phasor measurement units sending synchrophasor
data • Information exchange between power distribution
networks and power generators• on-line banking client/server• routers exchanging routing table updates
1-18
![Page 19: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/19.jpg)
Impact of Security Breach
Q: What can a “bad guy” do?A: A lot
• eavesdrop: intercept messages• actively insert messages into connection• impersonation: can fake (spoof) source address
in packet (or any field in packet)• hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in place
• denial of service: prevent service from being used by others (e.g., by overloading resources)
1-19
![Page 20: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/20.jpg)
Network Security (Recap)
• Confidentiality: only sender, intended receiver should “understand” message contents
• Authentication: sender, receiver want to confirm identity of each other
• Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
• Access and availability: services must be accessible and available to users
1-20
![Page 21: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/21.jpg)
The language of cryptography
m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))
plaintext plaintextciphertext
KA
encryptionalgorithm
decryption algorithm
Alice’s encryptionkey
Bob’s decryptionkey
KB
1-21
![Page 22: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/22.jpg)
Simple encryption scheme
substitution cipher: substituting one thing for another monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. how are you. aliceciphertext: nkn. akr moc wky. mgsbc
E.g.:
Key: the mapping from the set of 26 letters to the set of 26 letters
1-22
![Page 23: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/23.jpg)
Message Integrity
• allows communicating parties to verify that received messages are authentic.• Content of message has not been altered• Source of message is who/what you think it
is• Sequence of messages is maintained
• let’s first talk about message digests
1-23
![Page 24: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/24.jpg)
Message Digests
• function H( ) that takes as input an arbitrary length message and outputs a fixed-length string: “message signature”
• note that H( ) is a many-to-1 function• H( ) is often called a “hash function”• Example: H(SIKDAR)= 19+13+11+4+1+18=66desirable properties:
• easy to calculate• irreversibility: Can’t
determine m from H(m)• collision resistance:
computationally difficult to produce m and m’ such that H(m) = H(m’)
• seemingly random output
large message
m
H: HashFunction
H(m)
1-24
![Page 25: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/25.jpg)
Message Authentication Code (MAC)
mess
ag
e
H( )
s
mess
ag
e
mess
ag
e
s
H( )
compare
s = shared secret
• Authenticates sender• Verifies message integrity• Also called “keyed hash”• Notation: MDm = H(s||m) ; send m||MDm
1-25
![Page 26: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/26.jpg)
Hash Function Algorithms
• MD5 hash function widely used (RFC 1321) computes 128-bit message digest in 4-step
process. • SHA-1 is also used.
US standard [NIST, FIPS PUB 180-1]
160-bit message digest
1-26
![Page 27: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/27.jpg)
Common Security Attacks
• Finding a way into the network• Firewalls
• Exploiting software bugs, buffer overflows• Intrusion Detection Systems
• Denial of Service• Ingress filtering, IDS
• TCP hijacking• IPSec
• Packet sniffing• Encryption (SSH, SSL, HTTPS)
• Social problems• Education
Source: J. Weisz, CMU
1-27
![Page 28: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/28.jpg)
Firewalls
• Basic problem – many network applications and protocols have security problems that are fixed over time• Difficult for users to keep up with changes and keep host
secure• Solution
• Administrators limit access to end hosts by using a firewall• Firewall is kept up-to-date by administrators
• Can be hardware or software• Ex. Some routers come with firewall functionality• ipfw, ipchains, pf on Unix systems, Windows XP and Mac
OS X have built in firewalls
Source: J. Weisz, CMU
1-28
![Page 29: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/29.jpg)
Firewalls
Intranet
DMZInternet
Firew
all
Firew
allWeb server, email server, web proxy, etc
Source: J. Weisz, CMU
1-29
![Page 30: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/30.jpg)
Firewalls
• Used to filter packets based on a combination of features• These are called packet filtering firewalls• Ex. Drop packets with destination port of 23 (Telnet)• Can use any combination of IP/UDP/TCP header
information
Source: J. Weisz, CMU
1-30
![Page 31: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/31.jpg)
Intrusion Detection
• Used to monitor for “suspicious activity” on a network• Can protect against known software exploits, like
buffer overflows• Uses “intrusion signatures”
• Well known patterns of behavior
• Example• IRIX vulnerability in webdist.cgi• Can make a rule to drop packets containing the line
• “/cgi-bin/webdist.cgi?distloc=?;cat%20/etc/passwd”
• However, IDS is only useful if contingency plans are in place to curb attacks as they are occurring
Source: J. Weisz, CMU
1-31
![Page 32: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/32.jpg)
Denial of Service
• Purpose: Make a network service unusable, usually by overloading the server or network
• Many different kinds of DoS attacks• SYN flooding
• Large number of TCP connection requests with fake source address
• Server accepts connection request• Eventually server memory is exhausted
• Smurf• Distributed attacks
Source: J. Weisz, CMU
1-32
![Page 33: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/33.jpg)
Packet Sniffing
• Local area networks: Ethernet, WiFi• Source: put data packet on wire with destination’s
address• All other hosts listen
• Anything in plaintext is easily eavesdropped (example: passwords in telnet)
• Solution:• encryption
Source: J. Weisz, CMU
1-33
![Page 34: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/34.jpg)
Social Problems
• People can be just as dangerous as unprotected computer systems People can be lied to, manipulated, bribed, threatened, harmed,
tortured, etc. to give up valuable information May use infected hardware (e.g. USB drives) inside a secure
network Disgruntled employees
• There aren’t always solutions to all of these problems Humans will continue to be tricked into giving out information they
shouldn’t Educating them may help
• The best that can be done is to implement a wide variety of solutions and more closely monitor who has access to what network resources and information
Source: J. Weisz, CMU
1-34
![Page 35: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/35.jpg)
Cyber Solutions - Defense in Depth
• Perimeter Protection• Firewall, IPS, VPN, AV• Host IDS, Host AV• Physical Security
• Interior Security• Firewall, IDS, VPN, AV• Host IDS, Host AV• IEEE P1711 (Serial Connections)• Network admission control• Scanning
• Monitoring• Management
Cyber Security Solutions for Smart Grids
![Page 36: Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d215503460f949f64b9/html5/thumbnails/36.jpg)
Questions?
1-36