1

Security in Smart Grid

Ning ZhangApr. 5.2012

2

outline

• Part I:– Introduction to smart grid– Cyber security – Physical security

• Part II:– A authenticate scheme in smart grid

• Summary

3

Cyber–Physical Security of a Smart Grid Infrastructure [1]

[1] Y. Mo, T.H.-J. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, and B. Sinopoli, "Cyber-physical security of a smart grid infrastructure," Proceedings of the IEEE, vol. 100, no. 1, pp. 195-209, Jan. 2012.

PART I

4

Electric grid

TransmissionGeneration ConsumptionDistribution

produces electric energy in differentmanners, i.e.,burning fossil fuels, inducing nuclearreaction, wind,solar forces;

moves electricity viaa very high voltage infrastructure.

steps down current and spreads out for consumption.

industrial,commercial, and residential,uses the electric energy in different ways.

5

Electric grid

Shortcomings of Electric grid

1) Matching generation to demand is very challenging because utilities do not have clear cut methods to predict demand and to request demand reduction (load shedding).

As a consequence, they need to over-generate power for peak demand, which is expensive and contributes to Green-house Gas (GhG) emissions.

2) There is a dearth of information available for consumers to determine how and when to use energy.

The smart grid uses communications and information technologies to provide better situational awareness to utilities regarding the state of the grid.

6

Smart grid

• Using intelligent communications, load shedding can be implemented so that peak demand can be flattened, which reduces the need to bring additional (expensive) generation plants online.

• Using information systems to perform predictive analysis, including when wind and solar resources will produce less power, the utilities can keep power appropriately balanced.

• Dynamic pricing and distributed generation with local generators can significantly reduce the electricity bill.

• With these approaches, the smart grid enables a drastic cost reduction for both power generation and consumption.

7

Smart grid

During off-peak time periods, inexpensive electric power can be used without restrictions (e.g., diverted to energy storage). During peak time periods, some appliances will be temporarily turned off, andstored energy is used.

(a) Power usage during off-peak time period. (b) Power usage during peak time period.

8

Smart grid

9

Cyber Security Requirements

Three main security properties: Confidentiality, integrity and availability.

Confidentiality: Confidentiality of meter data is important, because power usage data provides information about the usage patterns for individual appliances, which can reveal personal activities. Confidentiality of price information and control commands are not important in cases where it is public knowledge.

10

Cyber Security Requirements• Integrity : Integrity of price information is critical, because negative prices injected by an

attacker can cause an electricity utilization spike as numerous devices would simultaneously turn on to take advantage of the low price.

Integrity of meter data and commands is important, their impact is mostly limited to revenue loss.

• Availability against DoS/DDoS attacks: Availability of price information is critical due to serious financial and possibly legal

implications. Moreover, outdated price information can adversely affect demand. Availability of commands is also important.

Availability of meter data (e.g., power usage) may not be as critical because the data can usually be read at a later point.

11

Cyber Security in SG

• An adversary must first exploit entry points, and upon successful entry, it can launch attacks on the smart grid infrastructure.

12

Cyber Security in SG

Send e-mail with malware

InternetInternet

Admin

Acct

Slave Database

Operator

Operator

MasterDB

RTU

Opens Email with Malware

Admin

1. Hacker sends an e-mail with malware

2. E-mail recipient opens the e-mail and the malware gets installed quietly

3. Using the information that malware gets, hacker is able to take control of the e-mail recipient’s PC!

4. Hacker performs an ARP (Address Resolution Protocol) Scan

5. Once the Slave Database is found, hacker sends an SQL EXEC command

6. Performs another ARP Scan

7. Takes control of Remote Terminal Unit (RTU)

PerformARP Scan

SQLEXEC

PerformARP Scan

Takes Contro

l of RTU

13

Cyber Security in SG

• Malicious actions– Malware spreading and controlling devices– Access through database links– Compromising communication equipments– Injecting false information on price and meter data– Eavesdropping– Malware targeting industrial control systems– DoS/DDoS attacks on networks and servers– Sending fake commands to smart meters in a region

14

Cyber Security in SG

• Countermeasures 1) Key Management A fundamental approach for information security

2) Secure Communication Architecture Secure routing protocol Secure forwarding End-to-end communication

3) System and Device Security Software-based attacks: inject malicious code into the system Design prevention and detection mechanisms against malware.

15

Physical Security

• Physical security: the stability and safety of the physical systems.

• System theoretic approaches (control theory or automation field)– detect the attacks or abnormalities on physical systems and helps the system operator

actively mitigate the damage.– It focuses on the physical interactions between each component in the grid, while the

cyber view focuses on the modeling of IT infrastructures.

• System-theoretic approaches encompasses two main parts: – Contingency analysis (CA) and system monitoring.

• Countermeasures– 1) Contingency Analysis :

checks if the steady-state system is outside operating region.– 2) Bad Data Detection: detects the corruption in measurement.

detects compromised sensors

16

Comparison Between Cyber and System-Theoretic Security

In smart grid, cyber attacks can cause disruptions that transcend the cyber realm and affect the physical world. e.g., DoS attacks can cause drops ofmeasurements data and control command, which leads to instability of the grid.Physical attacks can affect the cyber system, e.g, the integrity of a meter can be compromised by using a shunt to bypass it. Secrecy can be broken by placing a compromised sensor beside a legitimate one.

17

The Need For Cyber–Physical Security

A new approach to security, bringing together cyber security and system theory under the name of cyber–physical security (CPS), is needed to address the requirements of complex, large-scale infrastructures like the smart grid.

1) The system and attack models of both approaches are incomplete.

2)The security requirements of both approaches are incomplete and the security of the smart grid requiresboth of them.

3) The countermeasures of both approaches have drawbacks.

18

Cyber–Physical Security

• In the paper, two examples are represented to show how the combination of cyber and system-theoretic approaches together can provide better security level than traditional methods.

• In the first example, they show how system theoretic countermeasures can be used to defend against a replay attack,

which is a cyber attack on the integrity of the measurement data.

• In the second example, they show how system theory can guide and reduce cyber security investments.

19

An Authenticate Scheme for Smart Grid Communications [2]

[2] M. Fouda, Z. Md. Fadlullah, N. Kato, R. Lu, and X. Shen, "A light-weight message authentication scheme for smart grid communications," IEEE Trans. on Smart Grid, vol. 2, no. 4, pp. 675-685, Dec. 2011.

PART II

20

NAN :Neighborhood Area Network BAN :Building Area NetworkHAN: Home Area Network

Smart meters in the SG enable an automated, two-way communication between the utility provider and consumers.

Transmission Substation(DS) delivers power from the power plant over highvoltage transmission lines to the distribution substations.Distribution substations (TS) transform the electric power into medium voltage level and then distribute it to the consumers.

21

• Assume that HAN GW i and BAN GW j have their private and

public key pairs

Let be a group of large prime order q such that the Computational Diffie-Hellman (CDH) assumption holds, i.e., given , for unknown , it is hard to compute

For integrity , Hash-based Message Authentication Code (MAC). is generated using key Ki , message Mi and time stamp T.

Authenticate scheme

22

Security analysis

• The proposed scheme can provide mutual authentication.

• The proposed scheme can establish a semantic-secure shared key.

• late transmission can achieve not only the confidentiality but also the integrity. Meanwhile, the embedded timestamp Ti can also thwart the possible replay attacks

23

Summary

• Cyber-physical security in SG.– Cyber security – physical security – The need for cyber-physical security

• Authenticate scheme in SG.

24

Thank you !