Smart Grid Security

advertisement
Smart Grid Security
By
Ajinkya Thorve
University at Buffalo
Dnyanada Arjunwadkar
University at Buffalo
Under the guidance of
Prof. Shambhu Upadhyaya
Legacy Power System
Issues/Challenges
• Aging system
 high failure rates, interruptions, affects the
economy;
leads
to
higher
inspection
and maintenance costs.
• Need to efficiently manage a variety of energy
resources
 traditional fossil fuel sources (e.g. coal,
petroleum, and natural gas)
 renewable energy sources (e.g. solar and hydro)
What is a Smart Grid?
• The smart grid is an attempt to modernize the
existing antiquated electricity grid system.
• Smart grid integrates the traditional electrical
power grid with information and communication
technologies (ICT).
• This next-generation electric power system fully
integrates two-way communication technologies
into millions of power equipments to establish a
dynamic and interactive infrastructure with new
energy management capabilities.
What is a Smart Grid? (contd.)
Advantages of Smart Grid
• Reliability
 Fault detection and self-healing
• Efficiency
 Load adjustment/Load balancing
• Sustainability
 Greater penetration of highly variable renewable
energy sources
• Market-enabling
 Minimize energy cost
Security Concerns
• The use of ICT in a Smart Grid inevitably
surrenders the Smart Grid to potential
vulnerabilities associated with communications
and networking systems.
• Some malicious attacker can exploit these
vulnerabilities and steal confidential personal
information or prohibit the availability of
essential services, causing a widespread power
outage, resulting in chaos and adverse economic
costs.
Security Objectives
1) Confidentiality of user’s data
2) Integrity of communicated information
3) Availability of uninterrupted power
supply
Types of Attackers
1) Non-malicious attackers
View the security and operation of the system as a
puzzle to be cracked.
Normally driven by intellectual challenge and
curiosity.
2) Consumers
Driven by vengeance and vindictiveness towards
other consumers.
Figure out ways to shut down other consumers’
power.
Types of Attackers (contd.)
3) Terrorists
View the smart grid as an attractive target as it
affects millions of people making the terrorists’
cause more visible.
4) Employees
Employees disgruntled on the utility/customers.
Ill-trained employees causing unintentional errors.
5) Competitors
Attack each other for the sake of financial gain.
Types of Attacks
1. Attacks targeting Availability
• Denial-of-Service (DoS) attacks
• Can happen at a variety of communication layers
in the Smart Grid:
 Physical layer: Channel jamming
 Network and transport layers: Traffic flooding
 Application layer: Exhaust resources of a
computer such as CPU or I/O bandwidth
Types of Attacks (contd.)
2. Attacks targeting Integrity
• Sophisticated attack, attempt to stealthily modify
data in order to corrupt critical information exchange
in the Smart Grid.
• The target can be customers’ information or status
values of power systems.
• Example: False data injection attack, attacker can
successfully inject falsified data and at the same time
pass the data integrity check.
Types of Attacks (contd.)
3. Attacks targeting Confidentiality
• Have no intent to modify information.
• Eavesdrop on communication channels to acquire
desired information.
• Have negligible effects on the functionality of
communication networks in the Smart Grid.
• However, with the increasing awareness and
importance of customer privacy, the social impacts
due to confidentiality attacks have received more
and more attentions in recent years.
Smart Grid Use Cases with Critical
Security Requirements
1. Distribution and Transmission operation
The distribution and transmission system in
general features more time-critical yet less
confidential communications.
Such critical timing requirements further limit
the use of strong, but time-consuming
security solutions (e.g. public key based
communication) in such a system.
Smart Grid Use Cases with Critical
Security Requirements (contd.)
2. Advanced metering infrastructure and home-area
networks
 The AMI network is used to connect customers’
homes, the utility center and the electricity
market.
 In the AMI network, message delivery becomes
non-time critical, integrity and confidentiality are
very important.
 Thus, network security solutions for the AMI
network should focus primarily on providing
integrity and confidentiality.
Network countermeasures for the
Smart Grid
Attack Detection
1. Signal-based detection
 At the physical layer, a DoS attack detector can
measure the received signal strength information
(RSSI) to detect the presence of an attack.
2. Packet-based detection
Discover potential attacks by identifying a
significant increase of packet transmission failures.
Network countermeasures for the
Smart Grid (contd.)
3. Proactive method
Attempt to identify DoS attacks at an early stage
by proactively sending probing packets to test or
measure the status of potential attackers.
4. Hybrid method
Combines different ideas to improve attack
detection accuracy. For example, use both signalbased and packet-based detection.
Network countermeasures for the
Smart Grid (contd.)
Attack Mitigation
1. Rate-limiting
•
Impose a rate limit on a set of packets that have
been characterized as possibly malicious by the
detection mechanism.
2. Filtering
• Compare the source addresses of packets with the
blacklist provided by the detection mechanism to
filter out all suspicious packets.
Network countermeasures for the
Smart Grid (contd.)
3. Reconfiguration
• In order to mitigate the impact of DoS attacks, one
solution is to reconfigure network architecture,
such as changing the topology of the victim or the
intermediate network to either add more
resources to the victim or to isolate the attack
machines.
Network countermeasures for the
Smart Grid (contd.)
4. Jamming-resilient wireless communication
• Frequency Hopping Spread Spectrum (FHSS),
Direct Sequence Spread Spectrum (DSSS).
• Uncoordinated protocols, do not need the
transmitter and the receiver to share a preknown secret. Examples: UFHSS and UDSSS.
Cryptographic countermeasures for
the Smart Grid
• Why?
• Network
approaches
are
primary
countermeasures to detect, mitigate and
eliminate DoS attacks that actively lead to
network traffic dynamics.
• However, they are much less effective to deal
with attacks targeting integrity and confidentiality
that cause negligible effect on the network
performance.
• Cryptography based approaches become major
countermeasures against such attacks.
Cryptographic countermeasures for
the Smart Grid (contd.)
1. Encryption
• Encryption schemes can be based on symmetric
key cryptography (e.g. AES) or asymmetric key
cryptography (e.g. RSA).
• Asymmetric: Strong encryption, but requires
more computational resources.
• Symmetric:
Requires
approx.
constant
computational resources, but requires secure
exchange and update of secret keys.
• Most electronic devices are expected to have at
least basic cryptographic capabilities.
Cryptographic countermeasures for
the Smart Grid (contd.)
• Case study:
• Proved via quantitative results that symmetric
key cryptography is a better choice for real-time
IED communications in power distribution and
transmission systems.
• Asymmetric key cryptography has wide
applications to protect customers’ sensitive
information in the AMI and home-area networks,
where communication traffic is non-time critical.
Cryptographic countermeasures for
the Smart Grid (contd.)
2. Authentication
• A crucial identification process to eliminate
attacks targeting data integrity.
Secret-information asymmetry (scalability
issues)
Time asymmetry (time-critical applications)
Hybrid asymmetry
Cryptographic countermeasures for
the Smart Grid (contd.)
3. Key Management
• May need to manage millions of credentials
and keys.
• Improper key management can result in
possible key disclosure to attackers.
• The Smart Grid consists of heterogeneous
communication networks, such as time-critical
and non-real time, small-scale and large-scale,
wireless and wired networks.
Cryptographic countermeasures for
the Smart Grid (contd.)
• Therefore, key management schemes should be
carefully chosen to meet the network and
security requirements of various systems in the
Smart Grid.
• Example: SKMA
A key distribution center (KDC) is used. A node must
maintain two types of long terms keys: node-to-KDC
and node-to-node. The former is manually installed on
a node; and the latter is obtained from the KDC. A
session key is generated using the node-to-node key
when two nodes communicate with each other.
Challenges
1. Security solutions developed for traditional IT
networks are not effective in grid networks.
Security in IT networks aims to enforce the
three security principles (confidentiality,
integrity, and availability).
Security in grid networks aims to provide
human safety, equipment protection, and
system operation.
Challenges (contd.)
2. Their underlying topology is different.
IT networks use a well defined set of operating
systems and protocols.
Grid networks use multiple proprietary
operating systems and protocols specific to
vendors.
Challenges (contd.)
3. Their Quality of Service (QoS) metrics are
different.
It is acceptable in IT networks to reboot
devices in case of failure or upgrade.
This is not acceptable in grid networks since
services must be available at all times.
Proposed Solutions
• Strong authentication mechanisms (explicit
access permissions).
• Malware protection through up-to-date and
frequently updated antivirus.
• Intrusion Prevention System (IPS) and
Intrusion Detection System (IDS).
Proposed Solutions (contd.)
• Vulnerability assessments must be performed
atleast annually.
• Utilities should only collect the data needed to
achieve their goals.
• Control system and IT engineers should be
equally involved in securing the smart grid
network.
Proposed Solutions (contd.)
• Since the life cycle of the smart grid is longer
than that of the IT systems involved, all IT
technologies should have the ability to be
upgraded.
• Security must be part of the smart grid design.
Otherwise, security of devices becomes
vendor specific; the fact that might produce
many
vulnerabilities
because
of
incompatibility issues.
Design of secure network protocols
and architectures
• DNP3 is currently extensively-used for both intrasubstation and inter-substation communications in US
power systems.
• DNP3 was originally designed without any security
mechanism.
• Since it is not very practical to upgrade all legacy DNP3based power systems into new ones in one single day,
it is essential to modify DNP3 to adopt more security
functionalities to make a large number of legacy power
devices keep pace with security requirements in the
Smart Grid.
• Solution: Insert a security layer between the TCP/IP
layer and the application layer.
Design of secure network protocols
and architectures (contd.)
Design of secure network protocols
and architectures (contd.)
• IEC 61850, a recent standard for substation
communication, comes without its own security
mechanisms.
• The security of IEC 61850 relies on IEC 62351,
which is a standard proposed to handle the
security.
• IEC 62351 defines both authentication and
encryption mechanisms for IEC 61850
communication by including two essential
security layers.
Design of secure network protocols
and architectures (contd.)
References
• Wenye Wang, Zhuo Lu, "Cyber security in the
Smart Grid: Survey and challenges", Computer
Networks, vol. 57, issue 5, pp. 1344–1371, Apr
2013
• Fadi Aloula et al., “Smart Grid Security:
Threats, Vulnerabilities and Solutions”,
International Journal of Smart Grid and Clean
Energy, vol. 1, no. 1, Sep 2012
Thank You!
Download