Energy Big Data Security Threats in IoT-Based Smart Grid Communications Wen-Long Chin, Wan Li, and Hsiao-Hwa Chen IEEE Communications Magazine - October 2017 Presented by: David Cyphert CS 3720 – Internet of Things April 24, 2018 University of Pittsburgh
Overview Many benefits of utilizing IoT in Smart Grids, but vulnerabilities exist. Energy Big Data should be thoughtfully stored and processed to extract critical information. Highlights research challenges and issues with IoT-based smart grids. Demonstrates that a stealthy and blind energy big data attack can be launched using a replay scheme.
What is a “Smart Grid”? Traditional – one-way interaction between utility companies and consumers Smart Grid – 2-way dialog where electricity and information can be exchanged IoT enables improved efficiency and economic benefits in Smart Grids Traditional grids only allow for limited 1-way communication – designed to deliver electricity to consumers and bill them once a month. Smart grid enables 2 way communication and exchange of both electricity and information. Efficiency Benefits: Improved fault location (Find out exactly where an outage is occurring) and isolation (reduce # of consumers impacted by an outage, reroute or cordon off parts of the grid to limit the amount of people impacted)
Current Events “Russia has attempted to attack targets that include "energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors" since March 2016” - CNN, March 17, 2018 (Source) “U.S. investigators have found evidence to confirm what is believed to be the first-of-its-kind cyberattack on a power grid that caused a blackout for hundreds of thousands of people in Ukraine in December [2015]” - CNN, February 3, 2016 (Source) Most recently in the U.S. - we’re already starting to encounter cyber attacks with potential to cause major disruption or significant damage to our power grid. A new front in cyberwarfare – According to the article, U.S. systems aren't any more protected than those breached in Ukraine. An attacker could create huge financial losses and damages to the utility. #2 the malware used in this attack has Russian ties – but did not blame this attack on the Russians “publicly”
IoT-Based Smart Grid Security Issues The Smart Grid will be made up of billions of objects via IoT networks. Security threats that are major factors impeding the wide and rapid deployment of IoT-based Smart Grids: Impersonation The attacker acts on behalf of a legitimate user in an unauthorized way. Eavesdropping The attacker can intercept the energy consumption information of Households. Smart meters, smart appliances, etc.
IoT-Based Smart Grid Security Issues (cont.) Data manipulation * The attacker modifies (falsifies) exchanged data, bypassing the Bad Data Detection (BDD) system. Access and authorization Gaining access to smart meters via malicious software. Opens the door for other threats. Availability The more IoT devices connected to the smart grid, the bigger the attack surface. Data manipulation: Create an imbalance between energy consumption and generation
Energy Big Data Analytics Issues in IoT-Based Smart Grid Scalable, interoperable, and distributed computing infrastructure It’s difficult to store, share, and process the massive amount of data. Real-time big data intelligence Challenging to design new algorithms that can provide intelligence for processing such big data in real time. Big data knowledge representation and processing Generating knowledge based on the big data collected will be difficult. Upgrading utility networks provides access to more data than ever before – but we need ways to process this data: 3 V’s of Big Data: Volume, Velocity, Variety
Energy Big Data Analytics Issues in IoT-Based Smart Grid (cont.) Big data security and privacy Attacks that make inferences directly from the energy big data. Big data may also contain sensitive information. Cyber-physical coupling modeling Hosted on dedicated communication infrastructures comprising wide-area networks, field area networks, and local area networks. Q: Can we maintain this level of security with the increase use of IoT devices in Smart Grids? Can mislead the BDD so that fake data are unable to be detected
Energy Big Data Replay Attack Power grid operators rely on state estimation algorithms to obtain estimated values of the state variables, through the values of measurements that come from meter readings. Goal: To send fabricated readings from a compromised smart grid device or communication channel that is able to bypass Bad Data Detection mechanisms. State variables – in electrical systems, the voltages of the nodes and the currents through components in the circuit are usually the state variables. GOAL: Eavesdropping or intercepting metering data or steal big data from distributed databases via malware
Attack against AC State Estimation Attack vector: a = h(xa) – h(x) where: h is a general AC power flow model. x and xa are original and targeted state vectors. Compromised measurement: za = z + a = h(x) + a = h(xa) where: z is the original measurment vector Power flow model - describes the energy flow through each transmission line Describe phase angle in terms of a sine wave Phase is the position of a point in time (an instant) on a waveform cycle Tolerable residue - I think utilizing the stolen big data might make it easier to estimate a value that will fall within this area, which bypasses the bad data detection mechanisms
Performance Evaluation Simulations were conducted to assess performance Monte Carlo simulation method was used – computational algorithms Ideal: Measurement without attacks Random: Randomly guessing measurements Big Data: Utilizing big data either by intercepting metering data or steal big data from utility companies DC Conventional : Used on AC power flow model…so of course it wont work that great.. the DC conventional and random attacks using a wrong power flow model have the lowest Pmiss. The performance of the proposed big data attack is almost the same as that of the Ideal condition; therefore, it is still considered to be stealthy under the AC state estimation.