Network Layer Security for the Smart Grid 2015

The primary value of published research in smart grid technologies—the use of cyber-physical systems to coordinate the generation, transmission, and use of electrical power and its sources—is because of its strategic importance and the consequences of intrusion. Smart grid is of particular importance to the Science of Security. Its problems embrace several of the hard problems, notably resiliency and metrics. The work cited here was published in 2015.

V. Delgado-Gomes, J. F. Martins, C. Lima and P. N. Borza, “Smart Grid Security Issues,” 2015 9th International Conference on Compatibility and Power Electronics (CPE), Costa da Caparica, 2015, pp. 534-538. doi: 10.1109/CPE.2015.7231132

Abstract: The smart grid concept is being fostered due to required evolution of the power network to incorporate distributed energy sources (DES), renewable energy sources (RES), and electric vehicles (EVs). The inclusion of these components on the smart grid requires an information and communication technology (ICT) layer in order to exchange information, control, and monitor the electrical components of the smart grid. The two-way communication flows brings cyber security issues to the smart grid. Different cyber security countermeasures need to be applied to the heterogeneous smart grid according to the computational resources availability, time communication constraints, and sensitive information data. This paper presents the main security issues and challenges of a cyber secure smart grid, whose main objectives are confidentiality, integrity, authorization, and authentication of the exchanged data.

Keywords: authorisation; data integrity; distributed power generation; power engineering computing; power system security; renewable energy sources; smart power grids; DES; ICT; RES; computational resources availability; cyber secure smart grid; cyber security; data authentication; data authorization; data confidentiality; distributed energy sources; electric vehicles; information and communication technology; power network evolution; smart grid security; time communication constraints; two-way communication flow; Computer security; Monitoring; NIST; Privacy; Smart grids; Smart grid; challenges; cyber security; information and communication technology (ICT) (ID#: 16-9897)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7231132&isnumber=7231036

N. Saputro, K. Akkaya and I. Guvenc, “Privacy-Aware Communication Protocol for Hybrid IEEE 802.11s/LTE Smart Grid Architectures,” Local Computer Networks Conference Workshops (LCN Workshops), 2015 IEEE 40th, Clearwater Beach, FL, 2015, pp. 905-911. doi: 10.1109/LCNW.2015.7365945

Abstract: Smart Grid (SG) is expected to use a variety of communications technologies as the underlying communications infrastructures. The interworking between heterogeneous communications network is crucial to support reliability and end-to-end features. In this paper, we consider a hybrid SG communications architecture that consists of a IEEE 802.11s mesh-based smart meter network and an LTE-based wide area network for collecting smart meter data. While a gateway can be used to bridge these networks, it will still not possible to pin point a smart meter directly from the utility control center nor running a TCP-based application that requires a connection establishment phase. We propose a gateway address translation based approach to enable execution of end-to-end protocols without making any changes to LTE and 802.11s mesh networks. Specifically, we introduce a new layer at the gateway which will perform the network address translation by using unique pseudonyms for the smart meters. In this way, we also ensure privacy of the consumer since the IP addresses of the smart meters are not exposed to utility company. We implemented the proposed mechanism under ns-3 network simulator which have libraries to support both IEEE 802.11s and LTE communications. The results indicate that we can achieve our goals without introducing any additional overhead.

Keywords: Long Term Evolution; power engineering computing; power system reliability; power system security; smart meters; smart power grids; transport protocols; wireless LAN; wireless mesh networks; IEEE 802.11s mesh-based smart meter network; LTE-based wide area network; TCP-based application; communication infrastructure; connection establishment phase; end-to-end features; end-to-end protocols; gateway address translation-based approach; heterogeneous communication network; hybrid IEEE 802.11s-LTE smart grid architectures; hybrid SG communication architecture; network address translation; ns-3 network simulator; privacy-aware communication protocol; reliability; smart meter data; utility control center; Communication networks; Companies; IEEE 802.11 Standard; IP networks; Logic gates; Protocols; Smart meters (ID#: 16-9898)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7365945&isnumber=7365758

F. A. A. Alseiari and Z. Aung, “Real-Time Anomaly-Based Distributed Intrusion Detection Systems for Advanced Metering Infrastructure Utilizing Stream Data Mining,” 2015 International Conference on Smart Grid and Clean Energy Technologies (ICSGCE), Offenburg, Germany, 2015, pp. 148-153. doi: 10.1109/ICSGCE.2015.7454287

Abstract: The advanced Metering Infrastructure (AMI) is one of the core components of smart grids' architecture. As AMI components are connected through mesh networks in a distributed mechanism, new vulnerabilities will be exploited by grid's attackers who intentionally interfere with network's communication system and steal customer data. As a result, identifying distributed security solutions to maintain the confidentiality, integrity, and availability of AMI devices' traffic is an essential requirement that needs to be taken into account. This paper proposes a real-time distributed intrusion detection system (DIDS) for the AMI infrastructure that utilizes stream data mining techniques and a multi-layer implementation approach. Using unsupervised online clustering techniques, the anomaly-based DIDS monitors the data flow in the AMI and distinguish if there are anomalous traffics. By comparing between online and offline clustering techniques, the experimental results showed that online clustering  “Mini-Batch K-means” were successfully able to suit the architecture requirements by giving high detection rate and low false positive rates.

Keywords: Monitoring; Object recognition; Reliability; TCPIP; Testing; Training; advanced metering infrastructure; distributed intrusion detection system; mini-batch k-means; online clustering; smart grids; stream mining (ID#: 16-9899)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7454287&isnumber=7454254

M. Popovic, M. Mohiuddin, D. C. Tomozei and J. Y. Le Boudec, “iPRP: Parallel Redundancy Protocol for IP Networks,” Factory Communication Systems (WFCS), 2015 IEEE World Conference on, Palma de Mallorca, 2015, pp. 1-4. doi: 10.1109/WFCS.2015.7160549

Abstract: Reliable packet delivery within stringent delay constraints is of primal importance to industrial processes with hard real-time constraints, such as electrical grid monitoring. Because retransmission and coding techniques counteract the delay requirements, reliability is achieved through replication over multiple fail-independent paths. Existing solutions such as parallel redundancy protocol (PRP) replicate all packets at the MAC layer over parallel paths. PRP works best in local area networks, e.g., sub-station networks. However, it is not viable for IP layer wide area networks which are a part of emerging smart grids. Such a limitation on scalability, coupled with lack of security, and diagnostic inability, renders it unsuitable for reliable data delivery in smart grids. To address this issue, we present a transport-layer design: IP parallel redundancy protocol (iPRP). Designing iPRP poses non-trivial challenges in the form of selective packet replication, soft-state and multicast support. Besides unicast, iPRP supports multicast, which is widely using in smart grid networks. It duplicates only time-critical UDP traffic. iPRP only requires a simple software installation on the end-devices. No other modification to the existing monitoring application, end-device operating system or intermediate network devices is needed. iPRP has a set of diagnostic tools for network debugging. With our implementation of iPRP in Linux, we show that iPRP supports multiple flows with minimal processing and delay overhead. It is being installed in our campus smart grid network and is publicly available.

Keywords: IP networks; Linux; access protocols; computer network performance evaluation; local area networks; smart power grids; substations; telecommunication network reliability; transport protocols; IP parallel redundancy protocol; MAC layer; campus smart grid network; coding technique; delay overhead; delay requirements; device operating system; diagnostic inability; electrical grid monitoring; hard real-time constraints; iPRP; industrial processes; intermediate network devices; minimal processing; multicast support; multiple fail-independent paths; network debugging; packet delivery reliability; retransmission technique; security laxness; selective packet replication; soft-state; software installation; stringent delay constraints; substation networks; time-critical UDP traffic; transport-layer design; Delays; Monitoring; Ports (Computers); Receivers; Redundancy; Smart grids (ID#: 16-9900)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7160549&isnumber=7160536

H. Senyondo, P. Sun, R. Berthier and S. Zonouz, “PLCloud: Comprehensive Power Grid PLC Security Monitoring with Zero Safety Disruption,” 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm), Miami, FL, 2015,

pp. 809-816. doi: 10.1109/SmartGridComm.2015.7436401

Abstract: Recent security threats against cyber-physical critical power grid infrastructures have further distinguished the differences and complex interdependencies between optimal plant control and infrastructural safety topics. In this paper, we reflect upon few real-world scenarios and threats to understand how those two topics meet. We then propose a practical architectural solutions to address the corresponding concerns. As a first concrete step, we focus on networked industrial control systems in smart grid where several sensing-processing-actuation embedded nodes receive information, make control decisions, and carry out optimal actions. Traditionally, global safety maintenance, e.g., transient stability, is embedded into control and taken into account by the decision making modules. With recent cyber security-induced safety incidents, we believe that the safety-handling modules should also be considered as a part of global trusted computing base (attack surface) for security purposes. Generally, maximizing the system's overall security requires the designers to minimize its trusted computing base. Consequently, we argue that the traditional combined safety-control system architecture is not anymore the optimal design paradigm to follow given existing threats. Instead, we propose PLCLOUD, a new cloud-based safety-preserving architecture that places a minimal trusted safety verifier layer between the physical world and the cyber-based supervisory control and data acquisition (SCADA) infrastructure, specifically programmable logic controllers (PLCs). PLCLOUD's main objective is to take care of infrastructural safety and separate it from optimal plant control that SCADA is responsible for.

Keywords: SCADA systems; industrial control; monitoring; optimal control; programmable controllers; trusted computing; PLCLOUD; PLCloud; SCADA infrastructure; architectural solutions; attack surface; cloud-based safety-preserving architecture; combined safety-control system architecture; complex interdependencies; comprehensive power grid PLC security monitoring; control decisions; cyber security-induced safety incidents; cyber-based supervisory control; cyber-physical critical power grid infrastructures; data acquisition; decision making modules; global safety maintenance; global trusted computing base; infrastructural safety topics; minimal trusted safety verifier layer; networked industrial control systems; optimal actions; optimal design paradigm; optimal plant control; programmable logic controllers; safety-handling modules; security threats; sensing-processing-actuation embedded nodes; smart grid; transient stability; zero safety disruption; Computer architecture; Malware; Monitoring; Real-time systems; Safety; Smart grids (ID#: 16-9901)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7436401&isnumber=7436263

G. Xiong, T. R. Nyberg, P. Hämäläinen, X. Dong, Y. Liu and J. Hou, “To Enhance Power Distribution Network Management of Local Power Service Enterprise by Using Cloud Platform,” 2015 5th International Conference on Information Science and Technology (ICIST), Changsha, 2015, pp. 487-491. doi: 10.1109/ICIST.2015.7289021

Abstract: The availability of new technologies in the areas of digital electronics, communications, internet, and computer technologies opens a door to build a smart grid, which can increase significantly the capacity, services and intelligence of power systems. This paper proposes a power distribution network management cloud platform based on Tekla Xpower. Proposed system can support the implementation of current power grid and/or the coming smart grid. Utilizing the existing computing and storage installations, cloud platform can integrate the existing resources to improve the computation and storage capacities, the data security of the entire system, and can increase application intelligence, service quality and decision-making capability as well. The four layer architecture of cloud platform is designed, and a pilot case study for DMS is provided.

Keywords: cloud computing; distribution networks; power engineering computing; security of data; smart power grids; Tekla Xpower; cloud platform; data security; decision-making capability; local power service enterprise; power distribution network management; service quality; smart grid; storage installations; Business; Computer network reliability; Databases; Electronic mail; Handheld computers; Reliability (ID#: 16-9902)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7289021&isnumber=7288906

X. Bao, G. Wang, Z. Hou, M. Xu, L. Peng and H. Han, “WDM Switch Technology Application in Smart Substation Communication Network,” 2015 5th International Conference on Electric Utility Deregulation and Restructuring and Power Technologies (DRPT), Changsha, 2015, pp. 2373-2376. doi: 10.1109/DRPT.2015.7432643

Abstract: By analyzing the typical communication networking method of Process Layer in Smart Substation, this paper proposes the problems of current widely used Process Layer communication isolation network by using VLAN Technology. This paper expounds the basic principle and advantage of using WDM technology to realize the Switch, proposes the Security isolation communication networking method of using WDM Switch in Smart Substation Process Layer. This method has obvious advantages than the current VLAN logic isolation method in theory, truly meets the “Three Networks In One“ needs of Smart Substation Process Layer communication network.

Keywords: smart power grids; substations; wavelength division multiplexing; VLAN technology; WDM switch technology application; process layer communication isolation network; smart substation communication network; Communication networks; Decision support systems; Power industry; Security; Substations; Switches; Wavelength division multiplexing; Isolation; Smart Substation; Switch; VLAN; WDM (ID#: 16-9903)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7432643&isnumber=7432193

G. Peretti, V. Lakkundi and M. Zorzi, “BlinkToSCoAP: An End-to-End Security Framework for the Internet of Things,” 2015 7th International Conference on Communication Systems and Networks (COMSNETS), Bangalore, 2015, pp. 1-6. doi: 10.1109/COMSNETS.2015.7098708

Abstract: The emergence of Internet of Things and the availability of inexpensive sensor devices and platforms capable of wireless communications enable a wide range of applications such as intelligent home and building automation, mobile healthcare, smart logistics, distributed monitoring, smart grids, energy management, asset tracking to name a few. These devices are expected to employ Constrained Application Protocol for the integration of such applications with the Internet, which includes User Datagram Protocol binding with Datagram Transport Layer Security protocol to provide end-to-end security. This paper presents a framework called BlinkToSCoAP, obtained through the integration of three software libraries implementing lightweight versions of DTLS, CoAP and 6LoWPAN protocols over TinyOS. Furthermore, a detailed experimental campaign is presented that evaluates the performance of DTLS security blocks. The experiments analyze BlinkToSCoAP messages exchanged between two Zolertia Z1 devices, allowing evaluations in terms of memory footprint, energy consumption, latency and packet overhead. The results obtained indicate that securing CoAP with DTLS in Internet of Things is certainly feasible without incurring much overhead.

Keywords: Internet; Internet of Things; computer network reliability; computer network security; protocols; 6LoWPAN protocol; BlinkToSCoAP; CoAP protocol; DTLS protocol; TinyOS; Zolertia Zl device; asset tracking; availability; building automation; constrained application protocol; datagram transport layer security protocol; distributed monitoring; end-to-end security framework; energy consumption; energy management; intelligent home; latency overhead; memory footprint; message exchange; mobile healthcare; packet overhead; sensor device; smart grid; smart logistics; user datagram protocol; wireless communication; Computer languages; Logic gates; Payloads; Performance evaluation; Random access memory; Security; Servers; 6LoWPAN; CoAP; DTLS; M2M; end-to-end security (ID#: 16-9904)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098708&isnumber=7098633

A. Mihaita, C. Dobre, B. Mocanu, F. Pop and V. Cristea, “Analysis of Security Approaches for Vehicular Ad-Hoc Networks,” 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, 2015, pp. 304-309. doi: 10.1109/3PGCIC.2015.184

Abstract: In the last years, the number of vehicles has increased up to a point where the road infrastructure cannot easily cope anymore, and congestion in cities becomes the norm rather then exception. Smart technologies are vastly employed to cope with advanced scheduling mechanisms -- from intelligent traffic lights designed to control traffic, up to applications running inside the car to provide updated information to the driver, or simply keep him socially connected. The time for such smart technologies is right: the power of computation along with the memory size of microprocessors have increased, while price per computation, storage and networking power decreased. What few years ago might have sounded rather futuristic, like technologies designed to facilitate communication between cars and automate the exchange of data about traffic, accidents or congestion, is now becoming reality. But the implications of these ideas have only recently become relevant; in particular, security and trust-related implications are just now arising as critical topics for such new applications. The reason is that drivers face new challenges, from their personal data being stolen or applications being fed with false information about traffic conditions, to technology being exposed to all kind of hijacking attacks. A practitioner developing a smart traffic application is faced with an important problem: what security technology or algorithm to use to better cope with these challenges. In this paper, we first present an analysis of various cryptographic algorithms in the context of vehicular scenarios. Our scope is to analyze the designs and approaches for securing networks formed between vehicles. In particular, we are interested in the security layers able to provide strong cryptographic algorithms implementation that can guarantee high levels of trust and security for vehicular applications. The analysis exploits the realistic simulator being developed at the University Polytechnica of Bucharest.

Keywords: cryptography; electronic data interchange; telecommunication security; vehicular ad hoc networks; advanced scheduling mechanisms; cryptographic algorithms; data exchange; security layers; smart technologies; smart traffic application; vehicular ad-hoc networks; Algorithm design and analysis; Authentication; Cryptography; Roads; Routing; Vehicles (ID#: 16-9905)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7424580&isnumber=7424499

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.