Vulnerability analysis of satellite-based synchronized smart grids monitoring systems

The large-scale deployment of wide-area monitoring systems could play a strategic role in supporting the evolution of traditional power systems toward smarter and self-healing grids. The correct operation of these synchronized monitoring systems requires a common and accurate timing reference usually provided by a satellite-based global positioning system. Although these satellites signals provide timing accuracy that easily exceeds the needs of the power industry, they are extremely vulnerable to radio frequency interference. Consequently, a comprehensive analysis aimed at identifying their potential vulnerabilities is of paramount importance for correct and safe wide-area monitoring system operation. Armed with such a vision, this article presents and discusses the results of an experimental analysis aimed at characterizing the vulnerability of global positioning system based wide-area monitoring systems to external interferences. The article outlines the potential strategies that could be adopted to protect global positioning system receivers from external cyber-attacks and proposes decentralized defense strategies based on self-organizing sensor networks aimed at assuring correct time synchronization in the presence of external attacks

False Data Injection Attacks on Phasor Measurements That Bypass Low-rank Decomposition

This paper studies the vulnerability of phasor measurement units (PMUs) to false data injection (FDI) attacks. Prior work demonstrated that unobservable FDI attacks that can bypass traditional bad data detectors based on measurement residuals can be identified by detector based on low-rank decomposition (LD). In this work, a class of more sophisticated FDI attacks that captures the temporal correlation of PMU data is introduced. Such attacks are designed with a convex optimization problem and can always bypass the LD detector. The vulnerability of this attack model is illustrated on both the IEEE 24-bus RTS and the IEEE 118-bus systems.Comment: 6 pages, 4 figures, submitted to 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm

Electric Power Synchrophasor Network Cyber Security Vulnerabilities

Smart grid technologies such as synchrophasor devices (Phasor Measurement Units (PMUs)), make real-time monitoring, control, and analysis of the electric power grid possible. PMUs measure voltage and current phasors across the electrical power grid, add a GPS time stamps to measurements, and sends reports to the Phasor Data Concentrators (PDCs) in the control centers. Reports are used to make decisions about the condition and state of the power grid. Since this approach relies on Internet Protocol (IP) network infrastructure, possible cybersecurity vulnerabilities have to be addressed to ensure that it is stable, secure, and reliable. In literature, attacks that are relevant to PMUs, are discussed. The system modeled is the benchmark IEEE 68 bus (New England/New York) power system. This document details vulnerability testing performed on a network implemented with a real-time grid simulator, the Real Time Digital Simulator (RTDS), with SEL PMU devices monitoring several bases. The first set of security vulnerabilities were found when running traffic analysis of the network. In using this approach it was found that the system was susceptible to Address Resolution Protocol (ARP) poisoning. This allowed the switch to be tricked so that all network traffic was rerouted through the attack computer. This technique allowed for packet analysis, man-in-the-middle, and denial of service (DOS) attacks. Side channel analysis was used to distinguish PMU traffic across the virtual private network (VPN) established by the security gateways. After the traffic was collected, the inter-packet delays were used to construct a Hidden Markov Model. This model was used to distinguish measurement packets being transported across the VPN. Once the measurements are identified, a DOS attack can be performed on the network. While this document unveils certain security vulnerabilities within the PMU network, further testing is needed to provide a full security vulnerability analysis. A future security agenda is proposed

Cyber Physical System Security — DoS Attacks on Synchrophasor Networks in the Smart Grid

With the rapid increase of network-enabled sensors, switches, and relays, cyber-physical system security in the smart grid has become important. The smart grid operation demands reliable communication. Existing encryption technologies ensures the authenticity of delivered messages. However, commonly applied technologies are not able to prevent the delay or drop of smart grid communication messages. In this dissertation, the author focuses on the network security vulnerabilities in synchrophasor network and their mitigation methods. Side-channel vulnerabilities of the synchrophasor network are identified. Synchrophasor network is one of the most important technologies in the smart grid transmission system. Experiments presented in this dissertation shows that a DoS attack that exploits the side-channel vulnerability against the synchrophasor network can lead to the power system in stability. Side-channel analysis extracts information by observing implementation artifacts without knowing the actual meaning of the information. Synchrophasor network consist of Phasor Measurement Units (PMUs) use synchrophasor protocol to transmit measurement data. Two side-channels are discovered in the synchrophasor protocol. Side-channel analysis based Denial of Service (DoS) attacks differentiate the source of multiple PMU data streams within an encrypted tunnel and only drop selected PMU data streams. Simulations on a power system shows that, without any countermeasure, a power system can be subverted after an attack. Then, mitigation methods from both the network and power grid perspectives are carried out. From the perspective of network security study, side-channel analysis, and protocol transformation has the potential to assist the PMU communication to evade attacks lead with protocol identifications. From the perspective of power grid control study, to mitigate PMU DoS attacks, Cellular Computational Network (CCN) prediction of PMU data is studied and used to implement a Virtual Synchrophasor Network (VSN), which learns and mimics the behaviors of an objective power grid. The data from VSN is used by the Automatic Generation Controllers (AGCs) when the PMU packets are disrupted by DoS attacks. Real-time experimental results show the CCN based VSN effectively inferred the missing data and mitigated the negative impacts of DoS attacks. In this study, industry-standard hardware PMUs and Real-Time Digital Power System Simulator (RTDS) are used to build experimental environments that are as close to actual production as possible for this research. The above-mentioned attack and mitigation methods are also tested on the Internet. Man-In-The-Middle (MITM) attack of PMU traffic is performed with Border Gateway Protocol (BGP) hijacking. A side-channel analysis based MITM attack detection method is also investigated. A game theory analysis is performed to give a broade

Security Analysis of Phasor Measurement Units in Smart Grid Communication Infrastructures

Phasor Measurement Units (PMUs), or synchrophasors, are rapidly being deployed in the smart grid with the goal of measuring phasor quantities concurrently from wide area distribution substations. By utilizing GPS receivers, PMUs can take a wide area snapshot of power systems. Thus, the possibility of blackouts in the smart grid, the next generation power grid, will be reduced. As the main enabler of Wide Area Measurement Systems (WAMS), PMUs transmit measured values to Phasor Data Concentrators (PDCs) by the synchrophasor standard IEEE C37.118. IEC 61850 and IEC 62351 are the communication protocols for the substation automation system and the security standard for the communication protocol of IEC 61850, respectively. According to the aforementioned communication and security protocols, as well as the implementation constraints of different platforms, HMAC-SHA1 was suggested by the TC 57 WG group in October 2009. The hash-based Message Authentication Code (MAC) is an algorithm for verifying both message integrity and authentication by using an iterative hash function and a supplied secret key. There are a variety of security attacks on the PMU communications infrastructure. Timing Side Channel Attack (SCA) is one of these possible attacks. In this thesis, timing side channel vulnerability against execution time of the HMAC-SHA1 authentication algorithm is studied. Both linear and negative binomial regression are used to model some security features of the stored key, e.g., its length and Hamming weight. The goal is to reveal secret-related information based on leakage models. The results would mitigate the cryptanalysis process of an attacker. Adviser: Yi Qia