Toward unified security and privacy protection for smart meter networks

The management of security and privacy protection mechanisms is one fundamental issue of future smart grid and metering networks. Designing effective and economic measures is a non-trivial task due to a) the large number of system requirements and b) the uncertainty over how the system functionalities are going to be specified and evolve. The paper explores a unified approach for addressing security and privacy of smart metering systems. In the process, we present a unified framework that entails the analysis and synthesis of security solutions associated with closely interrelated components of a typical smart metering system. Ultimately, the proposed framework can be used as a guideline for embedding cross-domain security and privacy solutions into smart grid communication systems

LYNXTUN.

Lynxtun is a VPN solution that allows the creation of a secure tunnel between two hosts over an insecure network. The Lynxtun Protocol transmits fully encrypted datagrams with a fixed size and at a fixed interval using UDP/IP. Our custom authenticated encryption scheme uses the AES-256 block cipher and modified version of GCM mode in order to decrypt and authenticate datagrams efficiently. It ensures traffic flow confidentiality by maintaining a constant bitrate that does not depend on underlying communication. In this sense, it provides unobservable communication. This constitutes a difficult engineering problem. The protocol design allows implementations to fulfill this requirement. We analyze factors that influence realtime behavior and propose solutions to mitigate this. We developed a full implementation for the GNU/Linux operating system in the C programming language. Our implementation succeeds in performing dispatch operations at the correct time, with a tolerance on the order of microseconds, as we have verified empirically.M.S. - Master of Scienc

Smart Grid Communications: Overview of Research Challenges, Solutions, and Standardization Activities

Optimization of energy consumption in future intelligent energy networks (or Smart Grids) will be based on grid-integrated near-real-time communications between various grid elements in generation, transmission, distribution and loads. This paper discusses some of the challenges and opportunities of communications research in the areas of smart grid and smart metering. In particular, we focus on some of the key communications challenges for realizing interoperable and future-proof smart grid/metering networks, smart grid security and privacy, and how some of the existing networking technologies can be applied to energy management. Finally, we also discuss the coordinated standardization efforts in Europe to harmonize communications standards and protocols.Comment: To be published in IEEE Communications Surveys and Tutorial

Bloom Filter Based Intrusion Detection for Smart Grid

This thesis addresses the problem of local intrusion detection for SCADA (Supervisory Control and Data Acquisition) field devices in the smart grid. A methodology is proposed to detect anomalies in the communication patterns using a combination of n-gram analysis and Bloom Filter. The predictable and regular nature of the SCADA communication patterns is exploited to train the intrusion detection system. The protocol considered to test the proposed approach is MODBUS which is used for communication between a SCADA server and field devices in power system. The approach is tested for attacks like HMI compromise and Man-in-the-Middle. Bloom Filter is chosen because of its strong space advantage over other data structures like hash tables, linked lists etc. for representing sets. The advantage comes from its probabilistic nature and compact array structure. The false positive rates are found to be minimal with careful choice of parameters for Bloom Filter design. Also the memory-efficient property of Bloom Filter makes it suitable for implementation in resource constrained SCADA components. It is also established that the knowledge of physical state of the power system i.e., normal, emergency or restorative state can help in improving the accuracy of the proposed approach

Smart grid

Tese de mestrado integrado em Engenharia da Energia e do Ambiente, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2016The SG concept arises from the fact that there is an increase in global energy consumption. One of the factors delaying an energetic paradigm change worldwide is the electric grids. Even though there is no specific definition for the SG concept there are several characteristics that describe it. Those features represent several advantages relating to reliability and efficiency. The most important one is the two way flow of energy and information between utilities and consumers. The infrastructures in standard grids and the SG can classified the same way but the second one has several components contributing for monitoring and management improvement. The SG’s management system allows peak reduction, using several techniques underlining many advantages like controlling costs and emissions. Furthermore, it presents a new concept called demand response that allows consumers to play an important role in the electric systems. This factor brings benefits for utilities, consumers and the whole grid but it increases problems in security and that is why the SG relies in a good protection system. There are many schemes and components to create it. The MG can be considered has an electric grid in small scale which can connect to the whole grid. To implement a MG it is necessary economic and technical studies. For that, software like HOMER can be used. However, the economic study can be complex because there are factors that are difficult to evaluate beyond energy selling. On top of that, there are legislation and incentive programs that should be considered. Two case studies prove that MG can be profitable. In the first study, recurring to HOMER, and a scenario with energy selling only, it was obtained a 106% reduction on production cost and 32% in emissions. The installer would have an $8 000 000 profit in the MG’s lifetime. In the second case, it was considered economic services related to peak load reduction, reliability, emission reduction and power quality. The DNO had a profit of$41,386, the MG owner had $29,319 profit and the consumers had a$196,125 profit. We can conclude that the MG with SG concepts can be profitable in many cases

Security Hazards when Law is Code.

As software continues to eat the world, there is an increasing pressure to automate every aspect of society, from self-driving cars, to algorithmic trading on the stock market. As this pressure manifests into software implementations of everything, there are security concerns to be addressed across many areas. But are there some domains and fields that are distinctly susceptible to attacks, making them difficult to secure? My dissertation argues that one domain in particular—public policy and law— is inherently difficult to automate securely using computers. This is in large part because law and policy are written in a manner that expects them to be flexibly interpreted to be fair or just. Traditionally, this interpreting is done by judges and regulators who are capable of understanding the intent of the laws they are enforcing. However, when these laws are instead written in code, and interpreted by a machine, this capability to understand goes away. Because they blindly fol- low written rules, computers can be tricked to perform actions counter to their intended behavior. This dissertation covers three case studies of law and policy being implemented in code and security vulnerabilities that they introduce in practice. The first study analyzes the security of a previously deployed Internet voting system, showing how attackers could change the outcome of elections carried out online. The second study looks at airport security, investigating how full-body scanners can be defeated in practice, allowing attackers to conceal contraband such as weapons or high explosives past airport checkpoints. Finally, this dissertation also studies how an Internet censorship system such as China’s Great Firewall can be circumvented by techniques that exploit the methods employed by the censors themselves. To address these concerns of securing software implementations of law, a hybrid human-computer approach can be used. In addition, systems should be designed to allow for attacks or mistakes to be retroactively undone or inspected by human auditors. By combining the strengths of computers (speed and cost) and humans (ability to interpret and understand), systems can be made more secure and more efficient than a method employing either alone.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120795/1/ewust_1.pd

Атака на анонімність користувача в системі Tor та способи протидії ним

Дипломна робота має обсяг 90 сторінок, містить 4 таблиці та 10 рисунків, а також 45 бібліографічних джерел. Актуальною науковою тенденцією є розробка та впровадження нових механізмів забезпечення анонімності в мережі Інтернет. Механізм, що використовується у даній роботі, дозволяє забезпечити збільшення анонімності в системі Tor. Тому це актуально для користувачів, які використовують систему Tor, щоб забезпечити збільшення анонімності проти атак типу аналізу трафіку й часу. Об’єктом дослідження є система Tor. Предметом дослідження є атаки на систему Tor і способи протидії ним: з теоретичної та технічної точки зору. Метою роботи є дослідження принципів цибулевої маршрутизації, механізмів системи Tor, атак на анонімність користувача в системі та способів протидії ним та розробка рішень, які допоможуть запобігти найбільш популярним з цих атак. Дана робота містить опис цибулевої маршрутизації та системи Tor, огляд чинних атак та способи протидії ним. У ході роботи отримано програмне рішення для додавання затримок при посиланні та прийнятті пакетів, яке відрізняється використанням криптографічного генератора псевдовипадкових чисел при формуванні величин затримок. Надалі, отриманий результат у вигляді програмного рішення можна використовувати забезпечення підвищення анонімності в мережі Tor.The thesis contains 90 pages, 4 tables and 10 figures as well as 45 names of bibliographic sources. The actual scientific trend is the development and implementation of new mechanisms for ensuring anonymity on the Internet. The mechanism used in this work allows to increase the anonymity in the Tor system. There is why it is important for users who use the Tor system to increase the anonymity against of attacks such as traffic analysis and time analysis. The object of the study is the Tor system. The subject of the study is the attacks on the Tor system and countermeasures: from a theoretical and technical point of view. The aim of the work is to study the principles of onion routing, the mechanisms of the Tor system, and attacks on the anonymity of the user in the system and methods to counteract it, and develop solutions that will help prevent the most popular of these attacks. This work contains a description of onion routing and Tor systems, an overview of existing attacks, and methods to counteract it. In the course of work, a software solution obtained to add delays in the sending and acceptance of packets, what differs in use cryptographic pseudorandom number generator in the formation of delays values. In the future, the resulting result in the form of a software solution can be using to increase the anonymity of the Tor network