Cyber Security in Smart Grids BY ADITYA KANDULA DEVASIA THOMAS
Quick Recap Advanced Metering Infrastructure (AMI) ANSI C12.22 Security Levels(L0 to L5) Tables in Meter Board
Cont’d.. Zigbee Zigbee Security Key Management Key Establishment Schemes
The New Stuff!
Cyber Security Requirements Availability Integrity Confidentiality
Cyber Security Requirements
Network Security threats in the Smart Grid
Network security threats: Attack Classification Attacks targeting availability, also called denial-of-service(DoS) attacks, attempt to delay, block or corrupt the communication in the Smart Grid. Attacks targeting integrity aim at deliberately and illegally modifying or disrupting data exchange in the Smart Grid. Attacks targeting confidentiality intend to acquire unauthorized information from network resources in the Smart Grid.
Network Security threats: D-o-S
Network Security threats: Attacks on Integrity and Availability Different from DoS, these attacks occur at the application layer. Usually done with false data injection attacks. Load redistribution attacks are another attack on Integrity Wiretapping and traffic analyzers are attacks on confidentiality
Smart Grid Use Cases with Critical Security Requirements
Distribution and transmission operation in which communication is time- critical for monitoring, control, and protection AMI and home-area networks in which communication is primarily for interactions between customers and utilities
Distribution and transmission operation Mission critical components Hence Availability is a must
Distribution and transmission operation
Case 1 Potential Attacks: DOS Integrity targeting attacks
Distribution and transmission operation
Case 2 Potential Attacks: DOS Integrity targeting attacks
Distribution and transmission operation
Case 3 Potential Attacks: DOS Integrity targeting attacks
AMI and home area networks
Cases 4 & 5 Potential Attacks: DOS Integrity targeting attacks Eavesdroppers and Traffic Analyzers
Summary: Smart Grid Threats The distribution and transmission system in general features more time- critical yet less confidential communications.
Risk assessment of large-scale DoS attacks Probabilistic risk assessment Graph based assessment Security metric based
Network countermeasures for the Smart Grid
Attack detection for power networks Signal based detection Packet based detection Proactive detection Hybrid detection
Attack detection for power networks
Applications of Attack Mitigation Mechanisms to Power Networks Network-layer mitigation Physical-layer mitigation
Network Layer Mitigation Rate Limiting Filtering Reconfiguration
Physical Layer Mitigation Coordinated Protocols Frequency Hopping Spread Spectrum (FHSS) Direct Sequence Spread Spectrum (DSSS) Chirp Spread Spectrum (CSS) Uncoordinated protocols UFHSS UDSSS
Network countermeasures for the Smart Grid
Encryption Asymmetric Key Cryptography Symmetric Key Cryptography D. R.L. Brown, M. J. Campagna, S. A. Vanstone, “Security of ECQV-Certified ECDSA Against Passive Adversaries”, Cryptology ePrint Archive: Report 2009/620.
Authentication High Efficiency Tolerance to faults and attacks Multicast Support
Key Management Refer to previous presentation
Design of secure network protocols and architectures
Protocols and standards for secure power system communication Secure DNP3 IEC and IEC 62351
Secure data aggregation protocols More efficient than end to end protocols But requires more computing resources Homomorphic encryption used
Secure network architecture Trust computing based architecture Role-based network architecture
Discussions and remaining challenges
Conclusion THANKYOU
Reference Cyber security in the Smart Grid: Survey and challenges Wenye Wang Zhuo Lu Department of Electrical and Computer Engineering, North Carolina State University, Raleigh, NC 27606, USA Elsevier Computer Networks 57 (2013) 1344–1371 Elsevier Computer Networks 57 (2013) 1344–1371