Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY.

Slides:



Advertisements
Similar presentations
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Advertisements

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Firewalls and Intrusion Detection Systems
IS Network and Telecommunications Risks
Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Network Security understand principles of network security:
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
K. Salah1 Security Protocols in the Internet IPSec.
University of Calgary – CPSC 441.  The field of network security is about:  how bad guys can attack computer networks  how we can defend networks against.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
CPSC 441 TUTORIAL TA: FANG WANG NETWORK SECURITY.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
I-4 security.
22-1 Last time □ SMTP ( ) □ DNS This time □ P2P □ Security.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Network Security 2 nd Lec. BSIT 4C - Finals. The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Cryptography, Authentication and Digital Signatures
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Network Security David Lazăr.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Network Security Part III: Security Appliances Firewalls.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Network Security 1. Overview What is security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures Firewalls & Intrusion.
CPSC 441 TUTORIAL – APRIL 4, 2012 TA: MARYAM ELAHI NETWORK SECURITY.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
 Last Class  Chapter 7 on Data Presentation Formatting and Compression  This Class  Chapter 8.1. and 8.2.
Lecture 22 Network Security (cont) CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger slides are modified from Jim Kurose,
K. Salah1 Security Protocols in the Internet IPSec.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Network Security 1. Overview What is security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures Firewalls & Intrusion.
Network Security SUBMITTED BY:- HARENDRA KUMAR IT-3 RD YR. 1.
Network security 1. Security taxonomy Physical security Resource exhaustion - DDoS system/network vulnerabilities Key-based security.
Network security Vlasov Illia
IT443 – Network Security Administration Instructor: Bo Sheng
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
What is network security?
Security in Networking
1DT057 Distributed Information System Chapter 8 Network Security
Review and Announcement
Presentation transcript:

Cyber Security for Smart Grids Prof. Biplab Sikdar Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute Troy NY 12180

Outline Introduction to computer networks Network vulnerabilities Cyber security threats for smart grids Defense strategies 1-2

Motivation 1-3 Transmission TOP1 – Operational Information Distribution DIST1 - Operational Information DISTx – Operational Information Customers Generation GEN1 - Operational Information GENx - Operational InformationTOPx – Operational Information Source: n-Dimension solutions

Motivation 1-4 TransmissionDistributionCustomers Generation System Operators Conservation Authorities End-to-End Communications and Intelligence AMIDSM Source: n-Dimension solutions

What is a Computer Network? A collection of computers (PCs, workstations) and other devices (e.g. printers, smart meters) that are all interconnected Goal: provide connectivity and ubiquitous access to resources (e.g., database servers, Web), allow remote users to communicate (e.g., ) Components: Hosts (computers) Links (coaxial cable, twisted pair, optical fiber, radio, satellite) Switches/routers (intermediate systems) 1-5

What is a Computer Network? Client Mobile Client Server Hosts are computers and other devices such as cellphones and PDAs Packet

What is a Computer Network? Application Networks connect applications on different stations Packet

What is a Computer Network? Client Mobile Client Server Hosts communicate by sending messages called packets Hosts communicate by sending messages called packets Packet

What is a Computer Network? Packet Router Packets may pass through multiple routers; Each switch reads the packet and passes it on

What is a Computer Network? In summary, a network is a system of hardware, software and transmission components that collectively allow two application programs on two different stations connected to the network to communicate well

Networking Issues Resource sharing (i.e., accommodate many users over the same link or through the same router) Addressing and routing (i.e., how does an message find its way to the receiver) Reliability and recovery: guarantee end- to-end delivery Traffic management: monitoring and regulating the traffic in the network

Solution: Layering Layering to deal with complex systems: Conceptual simplicity modularization eases maintenance, updating of system change of implementation of layer’s service transparent to rest of system 1-12 Application Transport Internetwork Host to Network FTP TCP IP Ether net TelnetHTTP UDP WiFi Point-to- Point TCP/IP ModelTCP/IP Protocols

Network Performance There are a number of measures that characterize and capture the performance of a network It is not enough that networks work They must work well Quality of service (QoS) defines quantitative measures of service quality Data rate or throughput Delay (Latency) Reliability Security (not a QoS measure but crucial)

Network Security Confidentiality: only sender, intended receiver should “understand” message contents Authentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and availability: services must be accessible and available to users 1-14

Security for Smart Grids: Example Example from AMRA Webinar, Nov ’06 “The Active Attacker”, Source: n-dimension solutions AMI WAN Communications Network (WAN) Data Management Systems (MDM/R) Retailers 3 rd Parties AMCC (Advanced Metering Control Computer) Attacker Cyber Penetration Attacker Controls the Head End Attacker Performs Remote Disconnect

Security for Smart Grids: Example Example from 2006 SANS SCADA Security Summit, Source: n-dimension solutions Internet AdminAcct Opens with Malware Admin Send with malware 1.Hacker sends an with malware 2. recipient opens the and the malware gets installed quietly 3.Using the information that malware gets, hacker is able to take control of the recipient’s PC! 4.Hacker performs an ARP (Address Resolution Protocol) Scan 5.Once the Slave Database is found, hacker sends an SQL EXEC command 6.Performs another ARP Scan 7.Takes control of RTU Slave Database Operator Master DB RTU Perform ARP Scan SQL EXEC Perform ARP Scan Takes Control of RTU

Network Security: Introduction Bob and Alice want to communicate “securely” Trudy (intruder) may intercept, delete, add messages 1-17 secure sender secure receiver channel data Alice Bob Trudy

Who might Bob, Alice be? well, real-life Bobs and Alices! Web browser/server for electronic transactions (e.g., on-line purchases) Phasor measurement units sending synchrophasor data Information exchange between power distribution networks and power generators on-line banking client/server routers exchanging routing table updates 1-18

Impact of Security Breach Q: What can a “bad guy” do? A: A lot eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources) 1-19

Network Security (Recap) Confidentiality: only sender, intended receiver should “understand” message contents Authentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and availability: services must be accessible and available to users 1-20

The language of cryptography m plaintext message K A (m) ciphertext, encrypted with key K A m = K B (K A (m)) plaintext ciphertext K A encryption algorithm decryption algorithm Alice’s encryption key Bob’s decryption key K B 1-21

Simple encryption scheme substitution cipher: substituting one thing for another  monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. how are you. alice ciphertext: nkn. akr moc wky. mgsbc E.g.: Key: the mapping from the set of 26 letters to the set of 26 letters 1-22

Message Integrity allows communicating parties to verify that received messages are authentic. Content of message has not been altered Source of message is who/what you think it is Sequence of messages is maintained let’s first talk about message digests 1-23

Message Digests function H( ) that takes as input an arbitrary length message and outputs a fixed-length string: “message signature” note that H( ) is a many- to-1 function H( ) is often called a “hash function” Example: H(SIKDAR)= =66 desirable properties: easy to calculate irreversibility: Can’t determine m from H(m) collision resistance: computationally difficult to produce m and m’ such that H(m) = H(m’) seemingly random output large message m H: Hash Function H(m) 1-24

Message Authentication Code (MAC) message H( ) s message s H( ) compare s = shared secret Authenticates sender Verifies message integrity Also called “keyed hash” Notation: MD m = H(s||m) ; send m||MD m 1-25

Hash Function Algorithms MD5 hash function widely used (RFC 1321)  computes 128-bit message digest in 4-step process. SHA-1 is also used.  US standard [ NIST, FIPS PUB 180-1]  160-bit message digest 1-26

Common Security Attacks Finding a way into the network Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems Denial of Service Ingress filtering, IDS TCP hijacking IPSec Packet sniffing Encryption (SSH, SSL, HTTPS) Social problems Education Source: J. Weisz, CMU 1-27

Firewalls Basic problem – many network applications and protocols have security problems that are fixed over time Difficult for users to keep up with changes and keep host secure Solution Administrators limit access to end hosts by using a firewall Firewall is kept up-to-date by administrators Can be hardware or software Ex. Some routers come with firewall functionality ipfw, ipchains, pf on Unix systems, Windows XP and Mac OS X have built in firewalls Source: J. Weisz, CMU 1-28

Firewalls Intranet DMZ Internet Firewall Web server, server, web proxy, etc Source: J. Weisz, CMU 1-29

Firewalls Used to filter packets based on a combination of features These are called packet filtering firewalls Ex. Drop packets with destination port of 23 (Telnet) Can use any combination of IP/UDP/TCP header information Source: J. Weisz, CMU 1-30

Intrusion Detection Used to monitor for “suspicious activity” on a network Can protect against known software exploits, like buffer overflows Uses “intrusion signatures” Well known patterns of behavior Example IRIX vulnerability in webdist.cgi Can make a rule to drop packets containing the line “/cgi-bin/webdist.cgi?distloc=?;cat%20/etc/passwd” However, IDS is only useful if contingency plans are in place to curb attacks as they are occurring Source: J. Weisz, CMU 1-31

Denial of Service Purpose: Make a network service unusable, usually by overloading the server or network Many different kinds of DoS attacks SYN flooding Large number of TCP connection requests with fake source address Server accepts connection request Eventually server memory is exhausted Smurf Distributed attacks Source: J. Weisz, CMU 1-32

Packet Sniffing Local area networks: Ethernet, WiFi Source: put data packet on wire with destination’s address All other hosts listen Anything in plaintext is easily eavesdropped (example: passwords in telnet) Solution: encryption Source: J. Weisz, CMU 1-33

Social Problems People can be just as dangerous as unprotected computer systems  People can be lied to, manipulated, bribed, threatened, harmed, tortured, etc. to give up valuable information  May use infected hardware (e.g. USB drives) inside a secure network  Disgruntled employees There aren’t always solutions to all of these problems  Humans will continue to be tricked into giving out information they shouldn’t  Educating them may help The best that can be done is to implement a wide variety of solutions and more closely monitor who has access to what network resources and information Source: J. Weisz, CMU 1-34

Cyber Solutions - Defense in Depth Perimeter Protection Firewall, IPS, VPN, AV Host IDS, Host AV Physical Security Interior Security Firewall, IDS, VPN, AV Host IDS, Host AV IEEE P1711 (Serial Connections) Network admission control Scanning Monitoring Management Cyber Security Solutions for Smart Grids

Questions? 1-36