Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smart Grid Security By Ajinkya Thorve Dnyanada Arjunwadkar University at Buffalo University at Buffalo Under the guidance of Prof. Shambhu Upadhyaya.

Published byMyron Stanley Modified over 8 years ago

Similar presentations

Presentation on theme: "Smart Grid Security By Ajinkya Thorve Dnyanada Arjunwadkar University at Buffalo University at Buffalo Under the guidance of Prof. Shambhu Upadhyaya."— Presentation transcript:

1 Smart Grid Security By Ajinkya Thorve Dnyanada Arjunwadkar University at Buffalo University at Buffalo Under the guidance of Prof. Shambhu Upadhyaya

2 Legacy Power System

3 Issues/Challenges Aging system  high failure rates, interruptions, affects the economy; leads to higher inspection and maintenance costs. Need to efficiently manage a variety of energy resources  traditional fossil fuel sources (e.g. coal, petroleum, and natural gas)  renewable energy sources (e.g. solar and hydro)

4 What is a Smart Grid? The smart grid is an attempt to modernize the existing antiquated electricity grid system. Smart grid integrates the traditional electrical power grid with information and communication technologies (ICT). This next-generation electric power system fully integrates two-way communication technologies into millions of power equipments to establish a dynamic and interactive infrastructure with new energy management capabilities.

5 What is a Smart Grid? (contd.)

6 Advantages of Smart Grid Reliability  Fault detection and self-healing Efficiency  Load adjustment/Load balancing Sustainability  Greater penetration of highly variable renewable energy sources Market-enabling  Minimize energy cost

7 Security Concerns The use of ICT in a Smart Grid inevitably surrenders the Smart Grid to potential vulnerabilities associated with communications and networking systems. Some malicious attacker can exploit these vulnerabilities and steal confidential personal information or prohibit the availability of essential services, causing a widespread power outage, resulting in chaos and adverse economic costs.

8 Security Objectives 1) Confidentiality of user’s data 2) Integrity of communicated information 3) Availability of uninterrupted power supply

9 Types of Attackers 1) Non-malicious attackers  View the security and operation of the system as a puzzle to be cracked.  Normally driven by intellectual challenge and curiosity. 2) Consumers  Driven by vengeance and vindictiveness towards other consumers.  Figure out ways to shut down other consumers’ power.

10 Types of Attackers (contd.) 3) Terrorists  View the smart grid as an attractive target as it affects millions of people making the terrorists’ cause more visible. 4) Employees  Employees disgruntled on the utility/customers.  Ill-trained employees causing unintentional errors. 5) Competitors  Attack each other for the sake of financial gain.

11 Types of Attacks 1. Attacks targeting Availability Denial-of-Service (DoS) attacks Can happen at a variety of communication layers in the Smart Grid:  Physical layer: Channel jamming  Network and transport layers: Traffic flooding  Application layer: Exhaust resources of a computer such as CPU or I/O bandwidth

12 Types of Attacks (contd.) 2. Attacks targeting Integrity Sophisticated attack, attempt to stealthily modify data in order to corrupt critical information exchange in the Smart Grid. The target can be customers’ information or status values of power systems. Example: False data injection attack, attacker can successfully inject falsified data and at the same time pass the data integrity check.

13 Types of Attacks (contd.) 3. Attacks targeting Confidentiality Have no intent to modify information. Eavesdrop on communication channels to acquire desired information. Have negligible effects on the functionality of communication networks in the Smart Grid. However, with the increasing awareness and importance of customer privacy, the social impacts due to confidentiality attacks have received more and more attentions in recent years.

14 Smart Grid Use Cases with Critical Security Requirements 1.Distribution and Transmission operation  The distribution and transmission system in general features more time-critical yet less confidential communications.  Such critical timing requirements further limit the use of strong, but time-consuming security solutions (e.g. public key based communication) in such a system.

15 Smart Grid Use Cases with Critical Security Requirements (contd.) 2. Advanced metering infrastructure and home-area networks  The AMI network is used to connect customers’ homes, the utility center and the electricity market.  In the AMI network, message delivery becomes non-time critical, integrity and confidentiality are very important.  Thus, network security solutions for the AMI network should focus primarily on providing integrity and confidentiality.

16 Network countermeasures for the Smart Grid Attack Detection 1.Signal-based detection  At the physical layer, a DoS attack detector can measure the received signal strength information (RSSI) to detect the presence of an attack. 2.Packet-based detection  Discover potential attacks by identifying a significant increase of packet transmission failures.

17 Network countermeasures for the Smart Grid (contd.) 3.Proactive method  Attempt to identify DoS attacks at an early stage by proactively sending probing packets to test or measure the status of potential attackers. 4.Hybrid method  Combines different ideas to improve attack detection accuracy. For example, use both signal- based and packet-based detection.

18 Network countermeasures for the Smart Grid (contd.) Attack Mitigation 1.Rate-limiting Impose a rate limit on a set of packets that have been characterized as possibly malicious by the detection mechanism. 2. Filtering Compare the source addresses of packets with the blacklist provided by the detection mechanism to filter out all suspicious packets.

19 Network countermeasures for the Smart Grid (contd.) 3. Reconfiguration In order to mitigate the impact of DoS attacks, one solution is to reconfigure network architecture, such as changing the topology of the victim or the intermediate network to either add more resources to the victim or to isolate the attack machines.

20 Network countermeasures for the Smart Grid (contd.) 4.Jamming-resilient wireless communication Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS). Uncoordinated protocols, do not need the transmitter and the receiver to share a pre- known secret. Examples: UFHSS and UDSSS.

21 Cryptographic countermeasures for the Smart Grid Why? Network approaches are primary countermeasures to detect, mitigate and eliminate DoS attacks that actively lead to network traffic dynamics. However, they are much less effective to deal with attacks targeting integrity and confidentiality that cause negligible effect on the network performance. Cryptography based approaches become major countermeasures against such attacks.

22 Cryptographic countermeasures for the Smart Grid (contd.) 1.Encryption Encryption schemes can be based on symmetric key cryptography (e.g. AES) or asymmetric key cryptography (e.g. RSA). Asymmetric: Strong encryption, but requires more computational resources. Symmetric: Requires approx. constant computational resources, but requires secure exchange and update of secret keys. Most electronic devices are expected to have at least basic cryptographic capabilities.

23 Cryptographic countermeasures for the Smart Grid (contd.) Case study: Proved via quantitative results that symmetric key cryptography is a better choice for real-time IED communications in power distribution and transmission systems. Asymmetric key cryptography has wide applications to protect customers’ sensitive information in the AMI and home-area networks, where communication traffic is non-time critical.

24 Cryptographic countermeasures for the Smart Grid (contd.) 2.Authentication A crucial identification process to eliminate attacks targeting data integrity.  Secret-information asymmetry (scalability issues)  Time asymmetry (time-critical applications)  Hybrid asymmetry

25 Cryptographic countermeasures for the Smart Grid (contd.) 3.Key Management May need to manage millions of credentials and keys. Improper key management can result in possible key disclosure to attackers. The Smart Grid consists of heterogeneous communication networks, such as time-critical and non-real time, small-scale and large-scale, wireless and wired networks.

26 Cryptographic countermeasures for the Smart Grid (contd.) Therefore, key management schemes should be carefully chosen to meet the network and security requirements of various systems in the Smart Grid. Example: SKMA  A key distribution center (KDC) is used. A node must maintain two types of long terms keys: node-to-KDC and node-to-node. The former is manually installed on a node; and the latter is obtained from the KDC. A session key is generated using the node-to-node key when two nodes communicate with each other.

27 Challenges 1.Security solutions developed for traditional IT networks are not effective in grid networks.  Security in IT networks aims to enforce the three security principles (confidentiality, integrity, and availability).  Security in grid networks aims to provide human safety, equipment protection, and system operation.

28 Challenges (contd.) 2.Their underlying topology is different.  IT networks use a well defined set of operating systems and protocols.  Grid networks use multiple proprietary operating systems and protocols specific to vendors.

29 Challenges (contd.) 3. Their Quality of Service (QoS) metrics are different.  It is acceptable in IT networks to reboot devices in case of failure or upgrade.  This is not acceptable in grid networks since services must be available at all times.

30 Proposed Solutions Strong authentication mechanisms (explicit access permissions). Malware protection through up-to-date and frequently updated antivirus. Intrusion Prevention System (IPS) and Intrusion Detection System (IDS).

31 Proposed Solutions (contd.) Vulnerability assessments must be performed atleast annually. Utilities should only collect the data needed to achieve their goals. Control system and IT engineers should be equally involved in securing the smart grid network.

32 Proposed Solutions (contd.) Since the life cycle of the smart grid is longer than that of the IT systems involved, all IT technologies should have the ability to be upgraded. Security must be part of the smart grid design. Otherwise, security of devices becomes vendor specific; the fact that might produce many vulnerabilities because of incompatibility issues.

33 Design of secure network protocols and architectures DNP3 is currently extensively-used for both intra- substation and inter-substation communications in US power systems. DNP3 was originally designed without any security mechanism. Since it is not very practical to upgrade all legacy DNP3- based power systems into new ones in one single day, it is essential to modify DNP3 to adopt more security functionalities to make a large number of legacy power devices keep pace with security requirements in the Smart Grid. Solution: Insert a security layer between the TCP/IP layer and the application layer.

34 Design of secure network protocols and architectures (contd.)

35 IEC 61850, a recent standard for substation communication, comes without its own security mechanisms. The security of IEC 61850 relies on IEC 62351, which is a standard proposed to handle the security. IEC 62351 defines both authentication and encryption mechanisms for IEC 61850 communication by including two essential security layers.

36 Design of secure network protocols and architectures (contd.)

37 References Wenye Wang, Zhuo Lu, "Cyber security in the Smart Grid: Survey and challenges", Computer Networks, vol. 57, issue 5, pp. 1344–1371, Apr 2013 Fadi Aloula et al., “Smart Grid Security: Threats, Vulnerabilities and Solutions”, International Journal of Smart Grid and Clean Energy, vol. 1, no. 1, Sep 2012

38 Thank You!

Download ppt "Smart Grid Security By Ajinkya Thorve Dnyanada Arjunwadkar University at Buffalo University at Buffalo Under the guidance of Prof. Shambhu Upadhyaya."

Similar presentations

Security in Mobile Ad Hoc Networks

Security in Mobile Ad Hoc Networks
David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Vendor Briefing May 26, 2006 AMI Overview & Communications TCM.

Vendor Briefing May 26, 2006 AMI Overview & Communications TCM.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Xanthus Consulting International Smart Grid Cyber Security: Support from Power System SCADA and EMS Frances Cleveland

Xanthus Consulting International Smart Grid Cyber Security: Support from Power System SCADA and EMS Frances Cleveland
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Smart Grid Cyber Security Framework

Smart Grid Cyber Security Framework
CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine

CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine
FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.

FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Wireless Sensor Network Security Anuj Nagar CS 590.

Wireless Sensor Network Security Anuj Nagar CS 590.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
What is Smart Grid/Metering for electric distribution? Should they be implemented in the US? Presented by: Jeffrey Grodzki, April Romanishan, Cameron Hinkel,

What is Smart Grid/Metering for electric distribution? Should they be implemented in the US? Presented by: Jeffrey Grodzki, April Romanishan, Cameron Hinkel,

Similar presentations

Ads by Google