Smart Grid Security By Ajinkya Thorve University at Buffalo Dnyanada Arjunwadkar University at Buffalo Under the guidance of Prof. Shambhu Upadhyaya Legacy Power System Issues/Challenges • Aging system high failure rates, interruptions, affects the economy; leads to higher inspection and maintenance costs. • Need to efficiently manage a variety of energy resources traditional fossil fuel sources (e.g. coal, petroleum, and natural gas) renewable energy sources (e.g. solar and hydro) What is a Smart Grid? • The smart grid is an attempt to modernize the existing antiquated electricity grid system. • Smart grid integrates the traditional electrical power grid with information and communication technologies (ICT). • This next-generation electric power system fully integrates two-way communication technologies into millions of power equipments to establish a dynamic and interactive infrastructure with new energy management capabilities. What is a Smart Grid? (contd.) Advantages of Smart Grid • Reliability Fault detection and self-healing • Efficiency Load adjustment/Load balancing • Sustainability Greater penetration of highly variable renewable energy sources • Market-enabling Minimize energy cost Security Concerns • The use of ICT in a Smart Grid inevitably surrenders the Smart Grid to potential vulnerabilities associated with communications and networking systems. • Some malicious attacker can exploit these vulnerabilities and steal confidential personal information or prohibit the availability of essential services, causing a widespread power outage, resulting in chaos and adverse economic costs. Security Objectives 1) Confidentiality of user’s data 2) Integrity of communicated information 3) Availability of uninterrupted power supply Types of Attackers 1) Non-malicious attackers View the security and operation of the system as a puzzle to be cracked. Normally driven by intellectual challenge and curiosity. 2) Consumers Driven by vengeance and vindictiveness towards other consumers. Figure out ways to shut down other consumers’ power. Types of Attackers (contd.) 3) Terrorists View the smart grid as an attractive target as it affects millions of people making the terrorists’ cause more visible. 4) Employees Employees disgruntled on the utility/customers. Ill-trained employees causing unintentional errors. 5) Competitors Attack each other for the sake of financial gain. Types of Attacks 1. Attacks targeting Availability • Denial-of-Service (DoS) attacks • Can happen at a variety of communication layers in the Smart Grid: Physical layer: Channel jamming Network and transport layers: Traffic flooding Application layer: Exhaust resources of a computer such as CPU or I/O bandwidth Types of Attacks (contd.) 2. Attacks targeting Integrity • Sophisticated attack, attempt to stealthily modify data in order to corrupt critical information exchange in the Smart Grid. • The target can be customers’ information or status values of power systems. • Example: False data injection attack, attacker can successfully inject falsified data and at the same time pass the data integrity check. Types of Attacks (contd.) 3. Attacks targeting Confidentiality • Have no intent to modify information. • Eavesdrop on communication channels to acquire desired information. • Have negligible effects on the functionality of communication networks in the Smart Grid. • However, with the increasing awareness and importance of customer privacy, the social impacts due to confidentiality attacks have received more and more attentions in recent years. Smart Grid Use Cases with Critical Security Requirements 1. Distribution and Transmission operation The distribution and transmission system in general features more time-critical yet less confidential communications. Such critical timing requirements further limit the use of strong, but time-consuming security solutions (e.g. public key based communication) in such a system. Smart Grid Use Cases with Critical Security Requirements (contd.) 2. Advanced metering infrastructure and home-area networks The AMI network is used to connect customers’ homes, the utility center and the electricity market. In the AMI network, message delivery becomes non-time critical, integrity and confidentiality are very important. Thus, network security solutions for the AMI network should focus primarily on providing integrity and confidentiality. Network countermeasures for the Smart Grid Attack Detection 1. Signal-based detection At the physical layer, a DoS attack detector can measure the received signal strength information (RSSI) to detect the presence of an attack. 2. Packet-based detection Discover potential attacks by identifying a significant increase of packet transmission failures. Network countermeasures for the Smart Grid (contd.) 3. Proactive method Attempt to identify DoS attacks at an early stage by proactively sending probing packets to test or measure the status of potential attackers. 4. Hybrid method Combines different ideas to improve attack detection accuracy. For example, use both signalbased and packet-based detection. Network countermeasures for the Smart Grid (contd.) Attack Mitigation 1. Rate-limiting • Impose a rate limit on a set of packets that have been characterized as possibly malicious by the detection mechanism. 2. Filtering • Compare the source addresses of packets with the blacklist provided by the detection mechanism to filter out all suspicious packets. Network countermeasures for the Smart Grid (contd.) 3. Reconfiguration • In order to mitigate the impact of DoS attacks, one solution is to reconfigure network architecture, such as changing the topology of the victim or the intermediate network to either add more resources to the victim or to isolate the attack machines. Network countermeasures for the Smart Grid (contd.) 4. Jamming-resilient wireless communication • Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS). • Uncoordinated protocols, do not need the transmitter and the receiver to share a preknown secret. Examples: UFHSS and UDSSS. Cryptographic countermeasures for the Smart Grid • Why? • Network approaches are primary countermeasures to detect, mitigate and eliminate DoS attacks that actively lead to network traffic dynamics. • However, they are much less effective to deal with attacks targeting integrity and confidentiality that cause negligible effect on the network performance. • Cryptography based approaches become major countermeasures against such attacks. Cryptographic countermeasures for the Smart Grid (contd.) 1. Encryption • Encryption schemes can be based on symmetric key cryptography (e.g. AES) or asymmetric key cryptography (e.g. RSA). • Asymmetric: Strong encryption, but requires more computational resources. • Symmetric: Requires approx. constant computational resources, but requires secure exchange and update of secret keys. • Most electronic devices are expected to have at least basic cryptographic capabilities. Cryptographic countermeasures for the Smart Grid (contd.) • Case study: • Proved via quantitative results that symmetric key cryptography is a better choice for real-time IED communications in power distribution and transmission systems. • Asymmetric key cryptography has wide applications to protect customers’ sensitive information in the AMI and home-area networks, where communication traffic is non-time critical. Cryptographic countermeasures for the Smart Grid (contd.) 2. Authentication • A crucial identification process to eliminate attacks targeting data integrity. Secret-information asymmetry (scalability issues) Time asymmetry (time-critical applications) Hybrid asymmetry Cryptographic countermeasures for the Smart Grid (contd.) 3. Key Management • May need to manage millions of credentials and keys. • Improper key management can result in possible key disclosure to attackers. • The Smart Grid consists of heterogeneous communication networks, such as time-critical and non-real time, small-scale and large-scale, wireless and wired networks. Cryptographic countermeasures for the Smart Grid (contd.) • Therefore, key management schemes should be carefully chosen to meet the network and security requirements of various systems in the Smart Grid. • Example: SKMA A key distribution center (KDC) is used. A node must maintain two types of long terms keys: node-to-KDC and node-to-node. The former is manually installed on a node; and the latter is obtained from the KDC. A session key is generated using the node-to-node key when two nodes communicate with each other. Challenges 1. Security solutions developed for traditional IT networks are not effective in grid networks. Security in IT networks aims to enforce the three security principles (confidentiality, integrity, and availability). Security in grid networks aims to provide human safety, equipment protection, and system operation. Challenges (contd.) 2. Their underlying topology is different. IT networks use a well defined set of operating systems and protocols. Grid networks use multiple proprietary operating systems and protocols specific to vendors. Challenges (contd.) 3. Their Quality of Service (QoS) metrics are different. It is acceptable in IT networks to reboot devices in case of failure or upgrade. This is not acceptable in grid networks since services must be available at all times. Proposed Solutions • Strong authentication mechanisms (explicit access permissions). • Malware protection through up-to-date and frequently updated antivirus. • Intrusion Prevention System (IPS) and Intrusion Detection System (IDS). Proposed Solutions (contd.) • Vulnerability assessments must be performed atleast annually. • Utilities should only collect the data needed to achieve their goals. • Control system and IT engineers should be equally involved in securing the smart grid network. Proposed Solutions (contd.) • Since the life cycle of the smart grid is longer than that of the IT systems involved, all IT technologies should have the ability to be upgraded. • Security must be part of the smart grid design. Otherwise, security of devices becomes vendor specific; the fact that might produce many vulnerabilities because of incompatibility issues. Design of secure network protocols and architectures • DNP3 is currently extensively-used for both intrasubstation and inter-substation communications in US power systems. • DNP3 was originally designed without any security mechanism. • Since it is not very practical to upgrade all legacy DNP3based power systems into new ones in one single day, it is essential to modify DNP3 to adopt more security functionalities to make a large number of legacy power devices keep pace with security requirements in the Smart Grid. • Solution: Insert a security layer between the TCP/IP layer and the application layer. Design of secure network protocols and architectures (contd.) Design of secure network protocols and architectures (contd.) • IEC 61850, a recent standard for substation communication, comes without its own security mechanisms. • The security of IEC 61850 relies on IEC 62351, which is a standard proposed to handle the security. • IEC 62351 defines both authentication and encryption mechanisms for IEC 61850 communication by including two essential security layers. Design of secure network protocols and architectures (contd.) References • Wenye Wang, Zhuo Lu, "Cyber security in the Smart Grid: Survey and challenges", Computer Networks, vol. 57, issue 5, pp. 1344–1371, Apr 2013 • Fadi Aloula et al., “Smart Grid Security: Threats, Vulnerabilities and Solutions”, International Journal of Smart Grid and Clean Energy, vol. 1, no. 1, Sep 2012 Thank You!