AuthenticationandIntegrityintheSmartGrid ... substation for the smart grid, by taking a 220kV-132kV...

download AuthenticationandIntegrityintheSmartGrid ... substation for the smart grid, by taking a 220kV-132kV transmission substation as an example. Then, we present the architecture of the

of 13

  • date post

    08-Apr-2018
  • Category

    Documents

  • view

    215
  • download

    2

Embed Size (px)

Transcript of AuthenticationandIntegrityintheSmartGrid ... substation for the smart grid, by taking a 220kV-132kV...

  • Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2012, Article ID 175262, 13 pagesdoi:10.1155/2012/175262

    Research Article

    Authentication and Integrity in the Smart Grid:An Empirical Study in Substation Automation Systems

    Xiang Lu,1, 2 Wenye Wang,2 and Jianfeng Ma1

    1 Department of Computer Science, Xidian University, Xian 710071, China2 Department of Electrical and Computer Engineering, North Carolina State University, Raleigh, NC 27606, USA

    Correspondence should be addressed to Xiang Lu, xlu6@ncsu.edu

    Received 8 March 2012; Accepted 3 April 2012

    Academic Editor: Qun Li

    Copyright 2012 Xiang Lu et al. This is an open access article distributed under the Creative Commons Attribution License,which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

    The smart grid is an emerging technology that integrates power infrastructures with information technologies to enableintelligent energy managements. As one of the most important facilities of power infrastructures, electrical substations undertakeresponsibilities of energy transmissions and distributions by operating interconnected electrical devices in a coordinated manner.Accordingly, it imposes a great challenge on information security, since any falsifications may trigger mal-operations, and result indamages to power usage. In this paper, we aim at authentication and integrity protections in substation automation systems (SAS),by an experimental approach on a small scale SAS prototype, in which messages are transmitted with commonly-used data originauthentication schemes, such as RSA, Message Authentication Code, and One-Time Signature. Through experimental results, wefind that, current security solutions cannot be applied directly into the SAS due to insufficient performance considerations inresponse to application constraints, including limited device computation capabilities, stringent timing requirements and highdata sampling rates. Moreover, intrinsic limitations of security schemes, such as complicated computations, shorter key valid timeand limited key supplies, can easily be hijacked by malicious attackers, to undermine message deliveries, thus becoming securityvulnerabilities. Our experimental results demonstrate guidelines in design of novel security schemes for the smart grid.

    1. Introduction

    The smart grid envisions a revolutionary regime of energymanagements by integrating information technologies withpower systems to make energy generation and consumptionefficient and intelligent [1]. Towards such a promisingparadigm, the crux lies in timely and accurate informationexchanges for synergistic coordinations among a variety ofelectric power devices [2], in order that intelligent powermanagement applications, such as relay protection [3] anddemand response [4], can be readily implemented forubiquitous system supervisory and efficient device controls.

    As the most critical facility in power systems, widelydeployed substations are engaged in crucial functions ofenergy transmissions and distributions, including voltagetransformation and regulation, power quality measure-ments, and interconnections of multiple electric systems[5]. Towards such important and diversified functions, avariety of power devices are installed in substations, such as

    transformers, breakers, and insulators. Furthermore, a largenumber of power devices in the substation result in extensivecontrol and system information exchanges and deliveries,serving for collaborative system operations. For example, toameliorate power qualities and avoid potential energy losses,the capacitor bank, which is made up of groups of individualcapacitors, requires real-time power factor measures ofphasor measurement units (PMUs) as references of powerfactor tuning in distribution substations [6]. Also, an elec-trical regulator resorts to electronic voltage transformers forinformation of real-time voltage measures to automaticallymaintain a constant voltage level on distribution feeders[7]. Hence, timely and accurate information exchanges arevital to device and system operations towards efficient powermanagements.

    To enable substantial information exchanges, powerdevices in a substation are organized to form a substa-tion automation system (SAS) via microprocessor-basedequipment controllers, which are also known as intelligent

  • 2 International Journal of Distributed Sensor Networks

    electronic devices (IEDs) [8, 9]. In this way, equipmentinformation and system events are able to be transmitted andresponded elegantly, thereby effectively preventing potentialsystem failures.

    Nevertheless, since the SAS encompasses all criticalsystem information, it is prone to be the primary target ofmalicious attacks [10], even terrorist attacks. Through theSAS, attackers can readily invade the substation to launchattacks by unauthorized operating equipments or tamperingsystem parameters. For example, an attacker can counterfeitdevice failures by modifying real-time device data, likecurrent and voltage, to trigger inappropriate protectionoperations, for example, tripping relays to cut off feeders.Even worse, such an incorrect operation may spread quicklyto neighbor substations due to interconnections betweensubstations, thereby deriving cascading failures in a large area[11]. Thus, how to protect the integrity and authenticity of SASmessages between interconnected power equipments is a crucialchallenge not only for the reliability of the smart grid, but forthe national security and public safety [12].

    Prior works have identified potential threats faced bythe SAS [13] and recommended to leverage data originauthentication schemes [1416] to protect the authenticityand integrity of SAS messages by corroborating that entityis the one that is claimed and validating that the message isunmodified [17, 18]. Intuitively, these solutions appear to beeffective in countering against malicious message forgeries,because underlying cryptographic schemes are sensitive tofalsifications. However, in this paper, we find that theseschemes are not applicable when practically deployed inthe SAS due to application and setup constraints in sub-stations, including limited device computation capabilities,multicasted device messages, stringent timing requirements,and high-rate data sampling. For example, in a substationteleprotection scenario, the most critical trip message mustbe securely delivered in 3 milliseconds (ms) [9] betweencoordinated relays. Otherwise, the message will becomestale and discarded by the destination, which may inducefailures of protection operations and force entire systemsto endure a fault current that is much higher than therating value. Unfortunately, our results show that thoseproposed solutions cannot handle such a scenario withsatisfactory performance. Moreover, limitations of securityschemes can be hijacked by attackers and further resultin significant performance degradation, thereby becomingsecurity vulnerabilities.

    To understand such potential vulnerabilities of currentsecurity schemes, we establish an SAS prototype withessential applications regarding relay protection and IEDdata sampling according to IEC61850 [9], the most dom-inant communication standard for substations. Then, wemeasure message delivery performance with three extensivelyrecommended data origin authentication schemes, includingRSA [14], message authentication code (MAC) [15], andone-time signature (OTS) [16, 19, 20]. Our results arethreefold. Firstly, due to complicated computations, RSAis restricted only to applications that are not time critical,that is, without rigorous timing requirements. Secondly,MAC-based schemes can be potential solutions, yet need

    special configurations to reduce the waiting time of messagevalidations and to resist collusion attacks. Finally, despite thefact that OTS-based schemes show better performance in ourexperiments in terms of efficient signing and verifications,the shorter key validation time is a fatal vulnerability thatderives two new attacks, including delay compression attacksand key depletion attacks. Both may largely impede theapplicability of OTS-based schemes. Based on the aboveanalysis, we remark that the fundamental cause of theseunsatisfactory results lies in that current security solutionsare not designed to achieve both security and time-criticalperformance as required by the SAS. Therefore, there is anacute need for novel data origin authentication schemes thatcan address such issues jointly, that is, security requirements,as well as timing requirements, in the smart grid.

    The remainder of this paper is organized as follows.In Section 2, we briefly introduce the electrical substation,including the one-line diagram and the communicationarchitecture. In Section 3, we present a brief descriptionof existing data origin authentication schemes, which isfollowed by system implementations of our testbed inSection 4. Measurements and analysis of security schemes arediscussed in Section 5. Finally, we conclude in Section 6.

    2. Preliminary of Substation AutomationSystems in the Smart Grid

    In this section, we firstly introduce the single-line diagram ofa substation for the smart grid, by taking a 220 kV-132 kVtransmission substation as an example. Then, we presentthe architecture of the corresponding substation automationsystem. Based on the system architecture, we summarize per-formance and security requirements in SAS applications andidentify two critical messages for subsequent experimentalstudies, including protection messages and data samplingmessages.

    2.1. Single-Line Diagram of a Substation. First of all, weexamine the single-line diagram of a substation to investigatehow power devices are wired in substations towards effectivepower managements.