Secure data sharing and analysis in cloud-based energy management systems

Analysing data acquired from one or more buildings (through specialist sensors, energy generation capability such as PV panels or smart meters) via a cloud-based Local Energy Management System (LEMS) is increasingly gaining in popularity. In a LEMS, various smart devices within a building are monitored and/or controlled to either investigate energy usage trends within a building, or to investigate mechanisms to reduce total energy demand. However, whenever we are connecting externally monitored/controlled smart devices there are security and privacy concerns. We describe the architecture and components of a LEMS and provide a survey of security and privacy concerns associated with data acquisition and control within a LEMS. Our scenarios specifically focus on the integration of Electric Vehicles (EV) and Energy Storage Units (ESU) at the building premises, to identify how EVs/ESUs can be used to store energy and reduce the electricity costs of the building. We review security strategies and identify potential security attacks that could be carried out on such a system, while exploring vulnerable points in the system. Additionally, we will systematically categorize each vulnerability and look at potential attacks exploiting that vulnerability for LEMS. Finally, we will evaluate current counter measures used against these attacks and suggest possible mitigation strategies

A Multi-Agent System Simulation Model for Trusted Local Energy Markets

The energy market and electric grid play a major role in everyday life. Most areas in modern society, such as: communication, health, transportation, the financial system and many others; require electrical energy to operate properly. Traditionally energy grids operate in a centralized manner. Consumers are connected to centralized utilities in the grid and energy flows from producers to Consumers. However, the rising in popularity in Renewable Energy Sources (RES) such as photovoltaic panels installed in households, small commerce and small industry wide spread the use of distributed energy generation, which the main energy grid was not designed to support. One of the possible solutions for this problem is the creation of a Local Energy Market (LeM). A LeM is a market that operates in a small physical area such as a neighborhood. Traditional consumers can become active market participants under a LeM. That is possible because the LeM is structured in such a way as to enable small-scale negotiations and energy exchanges between participants, who traditionally would only be final consumers. The LeM is capable of dealing with distributed energy generation from RES because negotiations and distribution happen at a local level, thus reducing problems with the main grid. Furthermore, the participation in the local market can reduce energy costs or even create profits for consumers, while contributing to easy the management of the grid and associated technical losses. This work explores the concept of LeM and is focused on two main objectives: designing and developing a system that allows the simulation of LeM, and designing and developing a mechanism that allows trusted negotiations in this market. To accomplish these objectives a Multi-Agent System (MAS) architecture is proposed to model and allow the simulation of LeM. Furthermore to support the market it is also proposed a trust model used to evaluate the behavior of participants and detecting faulty or malicious activities. The developed MAS models a LeM based on a Smart Grid, that is an energy grid with a cyber-physical system with smart meters and communications mechanisms. The MAS was developed with agents to model sensors, market participants and a Market Interaction Manager (MIM) agent that is responsible for managing the negotiations and for applying trust mechanisms. The trust mechanism was designed to attribute a dynamic trust value to each participant, which is reviewed during the all negotiation period. This evaluation of the participant’s trust is based on the analysis of historical data, contextual data, such as weather conditions, and by using forecasting methods to predict the participant expected behavior, allowing to penalize the ones that are exhibiting a questionable behavior in the market. A case study simulation was made with the objective of understanding how the proposed trust mechanism performed, and how the use of different forecasting methods can interfere with it. The results obtained allowed us to conclude that the trust methodology is able to update the trust of each participant, during the negotiation period, and when paired with a well performing forecasting mechanism it is able to achieve a trusted evaluation of the participants behavior. Taking into consideration these results we believe that the proposed trust methodology is capable of providing a valuable trust assessment when used by the MIM agent. This Master Thesis is developed within the scope of a project called Secure interactions and trusted Participation in local Electricity Trading (SPET), a FCT-SAICT2017 funded Research & Development project. SPET project envisions the development of a MAS that is designed to model and simulate the operations of a LeM, taking a focus on security and market trust necessary in this negotiation environment.O mercado de energia e a rede elétrica desempenham um papel importante na vida quotidiana da população. Grande parte das áreas da sociedade moderna, como é o caso da comunicação, transportes, saúde, sistema financeiro, entre outras; requer energia elétrica para funcionar corretamente. Tradicionalmente, as redes de energia operam de forma centralizada. Os consumidores estão conectados a fornecedores centralizados na rede e a energia é transferida dos produtores para os consumidores. No entanto, o aumento da popularidade das Fontes de Energia Renováveis (FER), como painéis fotovoltaicos instalados nas residências, pequeno comércio e pequena indústria, difundiu o uso da geração distribuída de energia, que a rede principal de energia não foi projetada para suportar. Uma das possíveis soluções para esse problema é a criação de um Mercado Local de Energia (MLe). Um MLe é um mercado que opera numa pequena área física, como uma vizinhança. Num MLe, os consumidores tradicionais têm a possibilidade de ser participantes ativos no mercado. Isto é possível porque o MLe está estruturado de forma a permitir negociações em pequena escala e trocas de energia entre os participantes, que tradicionalmente seriam apenas consumidores finais. O MLe é capaz de lidar com a geração de energia distribuída proveniente das FER, porque as negociações e a distribuição ocorrem a um nível local, reduzindo assim os problemas com a rede principal. Para além disso, a participação no mercado local pode reduzir os custos de energia ou até gerar lucros para os consumidores, contribuindo ainda para facilitar a gestão da rede e reduzir as perdas técnicas a ela associadas. Este trabalho explora o conceito de MLe e está focado em dois objetivos principais: projetar e desenvolver um sistema que permita a simulação de MLe, bem como um mecanismo que permita negociações confiáveis neste mercado. Para atingir estes objetivos, é proposta uma arquitetura de Sistema Multi-Agente (SMA) para modelar e permitir a simulação do MLe. Para além disso, para apoiar o mercado, também é proposto um modelo de confiança utilizado para avaliar o comportamento dos participantes e detetar falhas ou atividades maliciosas. O SMA desenvolvido modela um MLe com base numa Smart Grid, que é uma rede de energia com um sistema ciber-físico, com sensores inteligentes e mecanismos de comunicação. O SMA foi desenvolvido com agentes para modelar sensores, participantes do mercado e um agente Market Interaction Manager (MIM), responsável pela gestão das negociações e pela aplicação de mecanismos de confiança. O mecanismo de confiança foi projetado para atribuir um valor de confiança dinâmico a cada participante, que é adaptado durante todo o período de negociação. Essa avaliação da confiança do participante é baseada na análise de dados históricos, contextuais, como condições climatéricas, e no uso de métodos de previsão para antever o comportamento esperado do participante, permitindo penalizar aqueles que exibem um comportamento questionável no mercado. Foi realizada uma simulação de caso de estudo, com o objetivo de avaliar o desempenho do mecanismo de confiança proposto e de que forma é que o uso de diferentes métodos de previsão interfere neste desempenho. Os resultados obtidos permitiram concluir que a metodologia de confiança é capaz de atualizar a confiança de cada participante, durante o período de negociação e, quando combinada com um mecanismo de previsão com bom desempenho, é capaz de obter uma avaliação confiável do comportamento dos participantes. Tendo em consideração estes resultados, acreditamos que a metodologia de confiança proposta é capaz de fornecer uma avaliação de confiança valiosa quando usada pelo agente MIM. Esta tese de mestrado é desenvolvida no âmbito de um projeto chamado Secure interactions and trusted Participation in local Electricity Trading (SPET), um projeto de Investigação e Desenvolvimento (I&D) financiado pela FCT-SAICT2017. O projeto SPET tem como objetivo o desenvolvimento de um MAS para a modelação e simulação de MLe, tendo como foco a segurança e confiança necessárias neste ambiente de negociação

Robust and cheating-resilient power auctioning on Resource Constrained Smart Micro-Grids

The principle of Continuous Double Auctioning (CDA) is known to provide an efficient way of matching supply and demand among distributed selfish participants with limited information. However, the literature indicates that the classic CDA algorithms developed for grid-like applications are centralised and insensitive to the processing resources capacity, which poses a hindrance for their application on resource constrained, smart micro-grids (RCSMG). A RCSMG loosely describes a micro-grid with distributed generators and demand controlled by selfish participants with limited information, power storage capacity and low literacy, communicate over an unreliable infrastructure burdened by limited bandwidth and low computational power of devices. In this thesis, we design and evaluate a CDA algorithm for power allocation in a RCSMG. Specifically, we offer the following contributions towards power auctioning on RCSMGs. First, we extend the original CDA scheme to enable decentralised auctioning. We do this by integrating a token-based, mutual-exclusion (MUTEX) distributive primitive, that ensures the CDA operates at a reasonably efficient time and message complexity of O(N) and O(logN) respectively, per critical section invocation (auction market execution). Our CDA algorithm scales better and avoids the single point of failure problem associated with centralised CDAs (which could be used to adversarially provoke a break-down of the grid marketing mechanism). In addition, the decentralised approach in our algorithm can help eliminate privacy and security concerns associated with centralised CDAs. Second, to handle CDA performance issues due to malfunctioning devices on an unreliable network (such as a lossy network), we extend our proposed CDA scheme to ensure robustness to failure. Using node redundancy, we modify the MUTEX protocol supporting our CDA algorithm to handle fail-stop and some Byzantine type faults of sites. This yields a time complexity of O(N), where N is number of cluster-head nodes; and message complexity of O((logN)+W) time, where W is the number of check-pointing messages. These results indicate that it is possible to add fault tolerance to a decentralised CDA, which guarantees continued participation in the auction while retaining reasonable performance overheads. In addition, we propose a decentralised consumption scheduling scheme that complements the auctioning scheme in guaranteeing successful power allocation within the RCSMG. Third, since grid participants are self-interested we must consider the issue of power theft that is provoked when participants cheat. We propose threat models centred on cheating attacks aimed at foiling the extended CDA scheme. More specifically, we focus on the Victim Strategy Downgrade; Collusion by Dynamic Strategy Change, Profiling with Market Prediction; and Strategy Manipulation cheating attacks, which are carried out by internal adversaries (auction participants). Internal adversaries are participants who want to get more benefits but have no interest in provoking a breakdown of the grid. However, their behaviour is dangerous because it could result in a breakdown of the grid. Fourth, to mitigate these cheating attacks, we propose an exception handling (EH) scheme, where sentinel agents use allocative efficiency and message overheads to detect and mitigate cheating forms. Sentinel agents are tasked to monitor trading agents to detect cheating and reprimand the misbehaving participant. Overall, message complexity expected in light demand is O(nLogN). The detection and resolution algorithm is expected to run in linear time complexity O(M). Overall, the main aim of our study is achieved by designing a resilient and cheating-free CDA algorithm that is scalable and performs well on resource constrained micro-grids. With the growing popularity of the CDA and its resource allocation applications, specifically to low resourced micro-grids, this thesis highlights further avenues for future research. First, we intend to extend the decentralised CDA algorithm to allow for participants’ mobile phones to connect (reconnect) at different shared smart meters. Such mobility should guarantee the desired CDA properties, the reliability and adequate security. Secondly, we seek to develop a simulation of the decentralised CDA based on the formal proofs presented in this thesis. Such a simulation platform can be used for future studies that involve decentralised CDAs. Third, we seek to find an optimal and efficient way in which the decentralised CDA and the scheduling algorithm can be integrated and deployed in a low resourced, smart micro-grid. Such an integration is important for system developers interested in exploiting the benefits of the two schemes while maintaining system efficiency. Forth, we aim to improve on the cheating detection and mitigation mechanism by developing an intrusion tolerance protocol. Such a scheme will allow continued auctioning in the presence of cheating attacks while incurring low performance overheads for applicability in a RCSMG

Vulnerability and resilience of cyber-physical power systems: results from an empirical-based study

Power systems are undergoing a profound transformation towards cyber-physical systems. Disruptive changes due to energy system transition and the complexity of the interconnected systems expose the power system to new, unknown and unpredictable risks. To identify the critical points, a vulnerability assessment was conducted, involving experts from power as well as information and communication technologies (ICT) sectors. Weaknesses were identified e.g.,the lack of policy enforcement worsened by the unreadiness of involved actors. The complex dynamics of ICT makes it infeasible to keep a complete inventory of potential stressors to define appropriate preparation and prevention mechanisms. Therefore, we suggest applying a resilience management approach to increase the resilience of the system. It aims at a better ride through failures rather than building higher walls. We conclude that building resilience in cyber-physical power systems is feasible and helps in preparing for the unexpected

Data-driven cyber attack detection and mitigation for decentralized wide-area protection and control in smart grids

Modern power systems have already evolved into complicated cyber physical systems (CPS), often referred to as smart grids, due to the continuous expansion of the electrical infrastructure, the augmentation of the number of heterogeneous system components and players, and the consequential application of a diversity of information and telecommunication technologies to facilitate the Wide Area Monitoring, Protection and Control (WAMPAC) of the day-to-day power system operation. Because of the reliance on cyber technologies, WAMPAC, among other critical functions, is prone to various malicious cyber attacks. Successful cyber attacks, especially those sabotage the operation of Bulk Electric System (BES), can cause great financial losses and social panics. Application of conventional IT security solutions is indispensable, but it often turns out to be insufficient to mitigate sophisticated attacks that deploy zero-day vulnerabilities or social engineering tactics. To further improve the resilience of the operation of smart grids when facing cyber attacks, it is desirable to make the WAMPAC functions per se capable of detecting various anomalies automatically, carrying out adaptive activity adjustments in time and thus staying unimpaired even under attack. Most of the existing research efforts attempt to achieve this by adding novel functional modules, such as model-based anomaly detectors, to the legacy centralized WAMPAC functions. In contrast, this dissertation investigates the application of data-driven algorithms in cyber attack detection and mitigation within a decentralized architecture aiming at improving the situational awareness and self-adaptiveness of WAMPAC. First part of the research focuses on the decentralization of System Integrity Protection Scheme (SIPS) with Multi-Agent System (MAS), within which the data-driven anomaly detection and optimal adaptive load shedding are further explored. An algorithm named as Support Vector Machine embedded Layered Decision Tree (SVMLDT) is proposed for the anomaly detection, which provides satisfactory detection accuracy as well as decision-making interpretability. The adaptive load shedding is carried out by every agent individually with dynamic programming. The load shedding relies on the load profile propagation among peer agents and the attack adaptiveness is accomplished by maintaining the historical mean of load shedding proportion. Load shedding only takes place after the consensus pertaining to the anomaly detection is achieved among all interconnected agents and it serves the purpose of mitigating certain cyber attacks. The attack resilience of the decentralized SIPS is evaluated using IEEE 39 bus model. It is shown that, unlike the traditional centralized SIPS, the proposed solution is able to carry out the remedial actions under most Denial of Service (DoS) attacks. The second part investigates the clustering based anomalous behavior detection and peer-assisted mitigation for power system generation control. To reduce the dimensionality of the data, three metrics are designed to interpret the behavior conformity of generator within the same balancing area. Semi-supervised K-means clustering and a density sensitive clustering algorithm based on Hieararchical DBSCAN (HDBSCAN) are both applied in clustering in the 3D feature space. Aiming to mitigate the cyber attacks targeting the generation control commands, a peer-assisted strategy is proposed. When the control commands from control center is detected as anomalous, i.e. either missing or the payload of which have been manipulated, the generating unit utilizes the peer data to infer and estimate a new generation adjustment value as replacement. Linear regression is utilized to obtain the relation of control values received by different generating units, Moving Target Defense (MTD) is adopted during the peer selection and 1-dimensional clustering is performed with the inferred control values, which are followed by the final control value estimation. The mitigation strategy proposed requires that generating units can communicate with each other in a peer-to-peer manner. Evaluation results suggest the efficacy of the proposed solution in counteracting data availability and data integrity attacks targeting the generation controls. However, the strategy stays effective only if less than half of the generating units are compromised and it is not able to mitigate cyber attacks targeting the measurements involved in the generation control

Convergence of Blockchain and Edge Computing for Secure and Scalable IIoT Critical Infrastructures in Industry 4.0

This is the author accepted manuscript. The final version is available from IEEE via the DOI in this recordCritical infrastructure systems are vital to underpin the functioning of a society and economy. Due to ever-increasing number of Internet-connected Internet-of-Things (IoTs) / Industrial IoT (IIoT), and high volume of data generated and collected, security and scalability are becoming burning concerns for critical infrastructures in industry 4.0. The blockchain technology is essentially a distributed and secure ledger that records all the transactions into a hierarchically expanding chain of blocks. Edge computing brings the cloud capabilities closer to the computation tasks. The convergence of blockchain and edge computing paradigms can overcome the existing security and scalability issues. In this paper, we first introduce the IoT/IIoT critical infrastructure in industry 4.0, and then we briefly present the blockchain and edge computing paradigms. After that, we show how the convergence of these two paradigms can enable secure and scalable critical infrastructures. Then, we provide a survey on state-of-the-art for security and privacy, and scalability of IoT/IIoT critical infrastructures. A list of potential research challenges and open issues in this area is also provided, which can be used as useful resources to guide future research.Engineering and Physical Sciences Research Council (EPSRC

Innovation in Energy Systems

It has been a little over a century since the inception of interconnected networks and little has changed in the way that they are operated. Demand-supply balance methods, protection schemes, business models for electric power companies, and future development considerations have remained the same until very recently. Distributed generators, storage devices, and electric vehicles have become widespread and disrupted century-old bulk generation - bulk transmission operation. Distribution networks are no longer passive networks and now contribute to power generation. Old billing and energy trading schemes cannot accommodate this change and need revision. Furthermore, bidirectional power flow is an unprecedented phenomenon in distribution networks and traditional protection schemes require a thorough fix for proper operation. This book aims to cover new technologies, methods, and approaches developed to meet the needs of this changing field

Enhancing energy efficiency with a dynamic trust measurement scheme in power distribution network

The application of Intelligent Internet of Things (IIoT) in constructing distribution station areas strongly supports platform transformation, upgrade, and intelligent integration. The sensing layer of IIoT comprises the edge convergence layer and the end sensing layer, with the former using intelligent fusion terminals for real-time data collection and processing. However, the influx of multiple low-voltage in the smart grid raises higher demands for the performance, energy efficiency, and response speed of the substation fusion terminals. Simultaneously, it brings significant security risks to the entire distribution substation, posing a major challenge to the smart grid. In response to these challenges, a proposed dynamic and energy-efficient trust measurement scheme for smart grids aims to address these issues. The scheme begins by establishing a hierarchical trust measurement model, elucidating the trust relationships among smart IoT terminals. It then incorporates multidimensional measurement factors, encompassing static environmental factors, dynamic behaviors, and energy states. This comprehensive approach reduces the impact of subjective factors on trust measurements. Additionally, the scheme incorporates a detection process designed for identifying malicious low-voltage end sensing units, ensuring the prompt identification and elimination of any malicious terminals. This, in turn, enhances the security and reliability of the smart grid environment. The effectiveness of the proposed scheme in pinpointing malicious nodes has been demonstrated through simulation experiments. Notably, the scheme outperforms established trust metric models in terms of energy efficiency, showcasing its significant contribution to the field

Internet of Things Applications - From Research and Innovation to Market Deployment

The book aims to provide a broad overview of various topics of Internet of Things from the research, innovation and development priorities to enabling technologies, nanoelectronics, cyber physical systems, architecture, interoperability and industrial applications. It is intended to be a standalone book in a series that covers the Internet of Things activities of the IERC – Internet of Things European Research Cluster from technology to international cooperation and the global "state of play".The book builds on the ideas put forward by the European research Cluster on the Internet of Things Strategic Research Agenda and presents global views and state of the art results on the challenges facing the research, development and deployment of IoT at the global level. Internet of Things is creating a revolutionary new paradigm, with opportunities in every industry from Health Care, Pharmaceuticals, Food and Beverage, Agriculture, Computer, Electronics Telecommunications, Automotive, Aeronautics, Transportation Energy and Retail to apply the massive potential of the IoT to achieving real-world solutions. The beneficiaries will include as well semiconductor companies, device and product companies, infrastructure software companies, application software companies, consulting companies, telecommunication and cloud service providers. IoT will create new revenues annually for these stakeholders, and potentially create substantial market share shakeups due to increased technology competition. The IoT will fuel technology innovation by creating the means for machines to communicate many different types of information with one another while contributing in the increased value of information created by the number of interconnections among things and the transformation of the processed information into knowledge shared into the Internet of Everything. The success of IoT depends strongly on enabling technology development, market acceptance and standardization, which provides interoperability, compatibility, reliability, and effective operations on a global scale. The connected devices are part of ecosystems connecting people, processes, data, and things which are communicating in the cloud using the increased storage and computing power and pushing for standardization of communication and metadata. In this context security, privacy, safety, trust have to be address by the product manufacturers through the life cycle of their products from design to the support processes. The IoT developments address the whole IoT spectrum - from devices at the edge to cloud and datacentres on the backend and everything in between, through ecosystems are created by industry, research and application stakeholders that enable real-world use cases to accelerate the Internet of Things and establish open interoperability standards and common architectures for IoT solutions. Enabling technologies such as nanoelectronics, sensors/actuators, cyber-physical systems, intelligent device management, smart gateways, telematics, smart network infrastructure, cloud computing and software technologies will create new products, new services, new interfaces by creating smart environments and smart spaces with applications ranging from Smart Cities, smart transport, buildings, energy, grid, to smart health and life. Technical topics discussed in the book include: • Introduction• Internet of Things Strategic Research and Innovation Agenda• Internet of Things in the industrial context: Time for deployment.• Integration of heterogeneous smart objects, applications and services• Evolution from device to semantic and business interoperability• Software define and virtualization of network resources• Innovation through interoperability and standardisation when everything is connected anytime at anyplace• Dynamic context-aware scalable and trust-based IoT Security, Privacy framework• Federated Cloud service management and the Internet of Things• Internet of Things Application