communications and security in (smart) power …. communications and security in (smart) power...
TRANSCRIPT
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 1
Communications and Security in (Smart) Power Systems
György DánLaboratory for Communication Networks
School of Electrical EngineeringKTH, Royal Institute of Technology
Stockholm, Sweden
EIT ICTLabs SES Summer SchoolParis, 26 August 2013
1
Who wants to be a millionaire?
The greatest engineering achievement of the 20th century is
– Automobile– Electrification
– Internet– Computers
2
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 2
Who wants to be a millionaire?
The greatest engineering achievement of the 20th century is
1. Electrification2. Automobile3. Airplane4. Water supply5. Electronics6. Radio and Television7. Agricult. mechanization8. Computers9. Telephone10. Air conditioning and refr.
11. Highways12. Spacecraft13. Internet14. Imaging15. Household appliances16. Health technologies17. Petrochemical techn.18. Laser and fiber optics19. Nuclear techn.20. High perf. materials
National Academy of Engineering (http://www.greatachievements.org/)3
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Society is dependent on electricity
4
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 3
Power systemsdepend on
Communications
5
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Society is dependent on electricity
Communications in Power Systems
6
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
G. Björkman, ABB
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 4
Intra-substation Communication
Facilitate substation automation– Protection and fault recording– Power quality monitoring (harmonics)– High resolution oscillography (tr. fault)– Instrumentation
Decrease O&M costs– Minimize equipment asset– Configuration and management
Interoperability Standardization…
– Naming and data– Architecture, protocols
7
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
IEC 61850 Architecture Reference communication model
– Process bus: Data to/from merging units (unicast, multicast) - subscription– Station bus: Control between IEDs for protection,…
Naming, hierarchical device model, data classes– Measurement, status, analog set point– Substation configuration language
Mapping to protocols (MMS over TCP/IP, GOOSE/GSSE/SV over Ethernet)
8
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Station bus
Process bus
Fault recorder
Protection relay IED n
Fast/Gb EthernetMerging unit 1
80-256/cycle
10/Fast/Gb Ethernet
PT CTI/O
Merging unit k
PT CTI/O
Clk1 Clk2
RTUBay controller
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 5
Logical Device ModelStation bus
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
9
Physical device
Logical device 1 Logical device N
Logical Node 1
Logical Node K
Logical Node 1
Logical Node K
Process bus
Data objects
Data objects
Data objects
Data objects
Data object name example:MMXU1$MX$PhV(phase-to-ground voltage in measurement device 1)
SV
GOOSE/GSSE
Intra-substation Communication Requirements
High availability Data integrity (errors/attacks) Bounded and low delay Low computational complexity and overhead
– Limited computational power
Loss resilience Cheap deployment
– Wireless?
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
10
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 6
Communications in Power Systems
11
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
G. Björkman, ABB
Transmission Line Protection– Line current differential (<1 cycle)– Line phase comparison
Characteristics– Moderate bitrate ~ 60kbps– Distance ~ 10-50kms– Low delay (<10ms)
Requirements– Integrity– High availability /Failover
Inter-substation Communication
12
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Substation 2
Substation 1
RelayRelay Primary
Hot standby
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 7
Communications in Power Systems
13
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
G. Björkman, ABB
National Transmission Grid (RTE) Peak demand
– ~89 GW
Yearly production– ~550 TWh
Network stats– ~100.000 km lines– ~2500 substations
National CC 7 Regional CCs
~900km
14
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 8
Supervisory Control and Data Acquisition(SCADA)
Transmission system operation and management– 1950-…
Pure Data Acquisition andControl System
Energy information system, decision
support based on reliable process information
System with topology and
specific applications e.g. EMS, DMS
- Monitoring and remote control
- Reduce personnel cost
- Secure and stable operation
- Black out prevention- Economical, efficient
and secure operationG. Björkman, ABB15
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
MonitoringStatus & Analog Retrieval(SAR)Network Model Builder (NMB)Scheduler Function (SF)State Estimation (SE)Network Sensitivity (NS)
AnalysisDispatcher Power Flow (DPF)Security Analysis (SA)Short Circuit Analysis (SCA)
Optimal Power Flow (OPF)Security Constrained Dispatch (SCD)Voltage Stability Analysis (VSA)Thermal Security Analysis (TSA)Available Transmission Capacity (ATC=VSA+TSA)Equipment Outage Scheduler (EOS)
Operations Enhancement
Interlocking with LF & SAStudy Data BaseNetwork Save Cases
Decision Support
Bad Topology Detection (BTD)Network Parameter Update (NPU)Network Modeling Assistant (NMA)
Network Applications
G. Björkman, ABB
16
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 9
SCADA Telemetry Data collected
– Real-time measurements (P,Q)– Status information (Breakers,
relays )
Characteristics– 1-10 metering/minute– 500-1000 kms– Large aggregate rates
• 200K I/O• 5K events/sec
– ~1s delivery delay
Requirements– Integrity
• Data corruption
– Availability• Failure, black-out
http://www.OSHA.gov
Substation
Communication Network (WAN)
17
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
SCADA Telemetry
Communication Network (WAN)
Substation
L. Vanfretti, KTH18
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Data collected– Real-time measurements (P,Q)– Status information (Breakers,
relays )
Characteristics– 1-10 metering/minute– 500-1000 kms– Large aggregate rates
• 200K I/O• 5K events/sec
– ~1s delivery delay
Requirements– Integrity
• Data corruption
– Availability• Failure, black-out
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 10
SCADA Control
Remote operation of– Circuit breakers– Relays, switches
Characteristics– 500-1000 kms– Low bitrate– <1s delay
Requirements– Integrity, reliability,
correctness• Data corruption
– Availability• Failure, blackout
http://www.OSHA.gov
Substation
Communication Network (WAN)
19
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
SCADA Communication Primitives
Reporting– Polling– Unsolicited response
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
20
Control Select before operate
DNP3, IEEE Std 1815™-2012
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 11
SCADA Communication Architectures
Various PHY technologies– Serial/PLC/Microwave – OPGW - SDH Ethernet vs. MPLS-TP
Communication availability– Redundant communication channels– Fast failover (in meshed networks)
Multi vs. single service infrastructure– Voice/data/surveillance
Loop
21
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Voice
Video
Control
Mesh
Point-to-point
SCADA Communication Protocols
Key design objectives– Efficiency (fixed binary format, compact representations)– Integrity, Availability
Common functionalities (L2-L5)– Addressing (Link)– Addressing (“Object”)– Data structures, encoding– Error checking (CRC16-DNP3)– (Medium access control, prioritization)
22
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Loop
Mesh
Point-to-point
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 12
Evolution of SCADA Protocols
Proprietary– Vendor specific
• Closed
– De-facto standard• Open• Modbus, Profibus, RP-570, …
Standardized– DNP3 (US)– IEC 60870-5 (EME)
Operation over TCP/IP– IEC 60870-5-104, …
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
23
DN
P3 frame
Networks of Transmission Systems
4+2 synchronous grids ENTSO-E
– 42 TSOs– 34 countries
European Network of Transmission System Operators for Electricity 24
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 13
Networks of Transmission Systems
4+2 synchronous grids ENTSO-E
– 42 TSOs– 34 countries
European Network of Transmission System Operators for Electricity 25
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Inter-Control Center Communication
Purpose– Control center integration– Inter-utility communication– Power plant dispatching– Information to/from DSOs
Exchange of– Measurement data– Control commands– Operational data
Wide area network (WAN)
26
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
TSO1 TSO2
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 14
Inter-Control Center Communication Protocol
Exchange of– Measurement data– Control commands– Operational data
Inter-control Center Communication Protocol (ICCP/IEC 60870-6/TASE.2)– Application layer
• Bilateral associations• Data profiles• Data structures, encoding (object models)• Access control• Availability (relaying)
– Transport layer (provided by TCP/IP)• Connectionless/Conn. oriented
Wide area network (WAN)
27
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
TSO1 TSO2
ICCP
Example: Italian ICCP Network
22 communication nodes 3 regional, 1 national CC Power generation control centers
IEC 60870-6 Tase.2 (ICCP)Frame Relay
System OperatorRegional CC 1
Communication Node C
ISONational CC
System OperatorRegional CC 3
UCTESwitzerland
ICCP
IEC 60870-5-104RTU
RTU
RTU IEC 60870-5-104
RTU
RTU
RTU
ISORegional CC 1
ISORegional CC 3
Communication Node 1
Communication Node N
H. Mueller, “Outage analysis: Italy,” Network Manager News, News and Information for Users of Network Manager Worldwide, vol. 2, no. 1, pp. 1–3, 2004.Dán et al. “Challenges in power system information security”, IEEE S&P Mag., vol. 10, no. 4, Jul.-Aug. 2012
28
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 15
Wide Area Monitoring Systems
Phasor Measurement Units (PMUs)– Voltage and current phasors, frequency, drift– Improved accuracy– High sampling rate
Potential uses– Assist state estimation– Validation of system models– Dynamic visibility – frequency swings
Requirements– Delay – application dependent…– Rate – application dependent…– Continuous delivery– Synchronization – GPS!!!
'2z
L. Vanfretti, KTH29
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
PMU Data Communications• Synchrophasor protocol (IEEE C37.118)
– Configuration, data types, encoding– Data synchronization, rate (10/s to f), measurement accuracy– Error checking (CRC)
• Basic primitives– Data on/off, request configuration (ch names, rate, data format)
• Does not specify – Below application layer (e.g., link layer)– Information management architecture
• Hierarchical, Pub-sub
30
Data rate incl. overhead [bytes/sec]
Sampling [1/s] 5 phasors 10 phasors
10 400 600
25 1000 1500
50 2000 3000
Data rate incl. overhead [bytes/sec], 25/s
Digital Analog 5 phasors 10 phasors
0 0 1650 2650
0 2 1850 2850
2 2 1950 2950
C37.118 – Integer phasor data C37.118 – Floating point phasor data
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 16
Hierarchical PMU Data Aggregation
• Hierarchical aggregation and storage• Open source implementation: OpenPDC• Integration with other data sources
–protective and controllable devices, –weather, traffic, . . .
31L. Vanfretti, KTH http://openpdc.codeplex.com
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
NASPInet – Conceptual Architecture
http://www.naspi.org32
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 17
PMU Communication Challenges
• Deterministic delay and throughput– Static routing and fixed rates waste network resources– Dynamic routing and varying rates very restrictive
• Rate controlled priority queuing (RCPQ)
• High rate regime ts<<de
• Multi-domain QoS… 33
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Dán et al, “Utility-based PMU data rate allocation under end-to-end delay constraints”, IEEE COMSOC MMTC E-Letter, Nov 2012
Bakken et al, “ Smart Generation and Transmission With Coherent, Real-Time Data,” Proc . of IEEE, 99(6), 2011
Security in Power Systems
34VIKING
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 18
Security in Power Systems
Challenges– Application requirements– Legacy systems - compatibility– Industry best practices and processes
Approaches– Security by obscurity
• Integration…
– Information security (retrofits)• Cryptography, …
– Operational security• Firewalls, policies,…• Phyiscal access restrictions
– Cyber-physical security
Performance
Cost
Security
35
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
G. Björkman, ABBDán et al. “Challenges in Power System Information Security”, in IEEE Security&Privacy Mag., vol. 10, no. 4, 2012
Operational Security
Critical Infrastructure Protection (CIP) guidelines– NERC CIP-002-3 through CIP-009-3 - http://www.nerc.com (2009)
Smart grid security guidelines– NIST IR 7628, Guidelines for Smart Grid Cyber Security, vol. 1-3
http://www.nist.gov, Aug. 2010.
G. Björkman, ABB36
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 19
NIST IR 7628 Reference DiagramCommunications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
37
Operational Security
Isolation of an “integrated” control system– Firewall
– Diode (air gap)
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
38
Server proxy
Web/ Enterprise server
Enterprise network
Client proxy
SCADA Master
Control network
Gateway router/ Firewall
ICCP Server
DMZGateway router/ Firewall
ICCP Server
DMZ
Control networkControl network
IPsec tunnel
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 20
Information Security
Cryptographic security– Confidentiality
• Encryption
– Authentication, integrity• MAC, digital signature
Availability– Path failover, relaying, ...
Practical considerations– Equipment
• Bump-in-the-wire, Device hardening• Self-attestation, interoperability
– Protocols• Application layer: DNPSec • Session layer: SecureICCP (TLS/SSL)
– Key management
RTU CC
RTU CCBITW BITW
RTU CC
large messagem
H: hashfunction H(m)
digitalsignature(encrypt)
Alice’s private
key K A-
+ KA(H(m))-
encrypted msg digest
KA(H(m))-
encrypted msg digest
large messagem
H: hashfunction
H(m)
digitalsignature(decrypt)
H(m)
Alice’s public
key K A+
equal?
39
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Some Cryptographic Primitives
Asymmetric key cryptography (e.g., RSA)– Prime n, private key e, public key d
Symmetric key cryptography (e.g., AES)– Diffie-Hellman to establish symmetric key
• Prime p, Generator g• Private secrets: a,b• Shared secret: gab
Cryptographic hash function H (e.g., SHA-256)– Block of data -> fixed size string– Preimage resistant
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
40
pgg abba mod)()(
A Bga
gb
nxx de mod)(
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 21
IPSec tunnel between substation and CC
DNPSec – protocol extension– Application layer only– Provides
• Authentication• Key management (SKC,AKC)
– Security model• Authority/Master/Outstation• Challenge-response protocol
SCADA Communication SecurityCommunications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
41
RTUCCGW GWSubstation
Scada
IEEE Std 1815™-2012
Example: Key management
1 update key per user (and outstation)
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
42IEEE Std 1815™-2012
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 22
Normal vs. Aggressive mode
Aggressive mode decreases overhead
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
43IEEE Std 1815™-2012
Beyond SCADA Security
Devices outside of the security perimeter– Easily compromised– Low BW/computational power– Potentially many devices
Security requirements– Low complexity/overhead– Allow non-trusted intermediaries
• e.g., community-aided data collection
– Perfect forward secrecy
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
44
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 23
SELINDA: Light-weight data collection
DH– Single c,e– Can reuse d
Computation– 1 verification– 2/3 DH operations– 1 signature
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
45Dán et al, ``SELINDA: A Secure, Scalable and Light-Weight Data Collection Protocol for Smart Grids,'‘ in Proc. of IEEE SmartGridComm, Oct. 2013
SELINDA Characteristics
Lightweight for MD– Need not regenerate secret d if c is new
Lightweight for PO Need one c for arbitrary many MDs
Resilient to MD compromise– Cannot compromise c – resists small subgroup attack– Cannot compromise other MDs’ data
Resilient to DC compromise– Cannot eavesdrop collected data– Cannot modify collected data
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
46
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 24
Multicast data authentication
Example scenarios– PMU data delivery (NASPI?) – Intra-substation communication (SV, GOOSE)
Challenge– One sender, many receivers, – Lossy network– Low delay
• No buffering• Low complexity
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
47Wang et al, “Time Valid One-Time Signature for Time-Critical Multicast Data Authentication,” in Proc of IEEE Infocom, 2009
Another Cryptographic Primitive
One Time Signature (OTS)– Hash to Obtain Random Subsets (HORS)
• Private key: (x1,…xN), Public key: (y1=f(x1),…,yN=f(xN))• Signature:
– H(M) split into t substrings, – each substring used as index into the private key list– send t-element list (xi1,…,xit) to receiver
• Verification: – H(M) split into t substrings– each substring used as index into the public key list– verify f(xij)=yij
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
48Reyzin et al, “Better than BiBa: Short One-time Signatures with Fast Signing and Verifying”, in Proc. of ACISP’02
x y
H(M
) H(M
)
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 25
TV-HORS: Multicast data authentication
Time-valid OTS: truncated signature– Less overhead – Easier to find collision– Limit validity of key
Hash chain to update keys– xi=Hi(x0)
Combined: TV-HORS
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
49Wang et al, “Time Valid One-Time Signature for Time-Critical
Multicast Data Authentication,” in Proc of IEEE Infocom, 2009
xP xP-1 x1 x0
Cyber-Physical Security Cyber Security
– Infrastructure elements subject to attack
– Infrastructure elements can be protected
Physical security– Secure operation– Efficient operation
Example– Tamper with SCADA telemetry– Mislead SCADA state estimator– Affect OPF and generation
„Stealth” false data injections6
s1 s2
s3
s4
s5 scc
s7
Communication link Communication switching equipment
RTU
Substation with tamper-proof authentications i
Substation with non tamper-proof authentications iSubstations i
Substation with protections i
Transmission line Control Center
RTU with tamper-proof authentication Bump in the wire (BITW)
50
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Vuković et al., “Network-layer Protection Schemes against Stealth Attacks on State Estimators in Power Systems”, in Proc. of IEEE SmartGridComm, Oct. 2011Vuković et al., ``Network-aware Mitigation of Data Integrity Attacks on Power System State Estimation,‘’ in IEEE Journal on Selected Areas in Communications (JSAC), vol. 30, no. 6, July 2012
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 26
z1• Steady-state power model
•Estimation of phase angles (i, vector ) based on (z)– Weighted Least Squares (WLS) estimation– Gauss-Newton algorithm
Model-based State EstimationX12
z2
51
X13
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Bad Data Detector (BDD)
Measurement residual
Hypothesis testing H0: Random measurement noise Various methods
test (Normal distribution) Maximum normalized residual
BDD alarm
)ˆ()(ˆ: xhexhzzr
2State
estimatorBad Data Detector
Contingency Analysis
Optimal Power Flow
x
z=h(x)+e zzr ˆx̂
zx ˆ,ˆ
Operator1u 2u
u
Alarm
52
'2z
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 27
Naïve Attack on the State Estimator
State estimator
Bad Data Detector
Contingency Analysis
Optimal Power Flow
za=h(x)+a+e aaa zzr ˆax̂
aa zx ˆ,ˆ
Operator1u 2u
u
+
Attackera
Alarm!
x
53
z=h(x)+e
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Stealth Attack on the State Estimator
State estimator
Bad Data Detector
Contingency Analysis
Optimal Power Flow
za=h(x)+a+e zzr ˆcx ˆ
azcx ˆ,ˆ
Operator1u 2u
u
+
Attackera=Hc
Noalarm…
x
54Y. Liu, P. Ning, and M. Reiter, “False data injection attacks against state estimation in electric power grids,” in Proc. ACM CCS, 2009, pp. 21–32.
0
)(
xx
xhH
z=h(x)+e
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 28
• WLS phase angle (i) estimation( vector )
• Linear approximation
• Bad data detection (BDD)
zzKaKzazKzzrazz
aKHcKaHHca
aa
a
ˆ)(
)(
SE Stealth Attacks
0
)(
xx
xhH
KzzRHHRHHxHz TT 111 )(ˆˆ
55
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Kzzr
Experiment: „Stealthy” vs „Naive” Attack
• SCADA/EMS system• Complete state estimator (active and reactive power)• Attacked data written in SCADA database
Bad data detected & removed
Target bias
(MW)
Estimated value (MW)
# BDD Alarms
0 -14.8 0
50 36.2 0
100 86.7 0
150 137.5 0
200 Non convergent
-
Transmission line nom. rat.: 260 MVA
56
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Teixeira et al., „A Cyber Security Study of a SCADA Energy Management System: Stealthy Deception Attacks on the State Estimator”, in Proc. of IFAC World Congress, Aug. 2011
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 29
Stealth Attack Cost and Impact Metrics
• Effort to perform an attack– Number of measurements
• “Least effort” k
– Number of infrastructure elements• Communication links/channels• Network equipment
• Impact of compromise– Number of stealth attacks 57
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
IEC 60870-5/PSTN
4
1
2
3
IEC 60870-5/OPGW
4
1
2
3
Illustration - IEEE 118 Bus Network
Topology– Star– Mesh
Baseline scenario– Single path routing– Shortest path
58
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 30
Measurement Attack CostStar vs. OPGW Topology
Num
ber o
f mea
sure
men
ts
Attack cost (m)
59
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Vuković et al., “Network-layer Protection Schemes against Stealth Attacks on State Estimators in Power Systems”, in Proc. of IEEE SmartGridComm, Oct. 2011Vuković et al., ``Network-aware Mitigation of Data Integrity Attacks on Power System State Estimation,‘’ in IEEE Journal on Selected Areas in Communications (JSAC), vol. 30, no. 6, July 2012
Substation Attack Impact
„Stealth” attack against 40% of the measurements60
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 31
Protection against „Stealth” Attacks
Calculate the effort needed for attack Increase the effort needed for attack
– Maximize attack cost for budget
– Make attacks impossible• What infrastructure elements should be protected?
1
61
: ( )arg max min
M
MMkkC P
Dán et al, “Stealth Attacks and Protection Schemes for State Estimators in Power Systems,” in Proc. of IEEE SmartGridComm, Oct. 2010
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Protection: Maximizing attack cost
Multi-path routing Authentication (tamper-proof)
o Decreases by 50%
o for most measurements
sISsmax
2m o mm ,1
62
o Dominating set to mitigate attacks (<< n) !!!
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 32
Multi-area State-Estimation
63
Vuković et al. `` On the Security of Distributed Power System State Estimation under Targeted Attacks,‘’ ACM Symposium on Applied Computing, Mar. 2013Vuković et al., ``Detection and Localization of Targeted Attacks on Fully Distributed Power System State Estimation,'‘ in Proc. of IEEE SmartGridComm, Oct. 2013,
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
• Interconnected systems- No central authority
• Distributed state estimation- Protect sensitive data- Fully distributed- Inter CC communication
• ICCP over TCP/IP
• Data integrity attack- Compromise CC - Manipulate data to disturb
estimation• Avoid or delay convergence
Multi-area State-Estimation
64
Wide area network (WAN)
TSO3 TSO4
Wide area network
TSO2TSO1
• Interconnected systems- No central authority
• Distributed state estimation- Protect sensitive data- Fully distributed- Inter CC communication
• ICCP over TCP/IP
• Data integrity attack- Compromise CC - Manipulate data to disturb
estimation• Avoid or delay convergence
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Vuković et al. `` On the Security of Distributed Power System State Estimation under Targeted Attacks,‘’ ACM Symposium on Applied Computing, Mar. 2013Vuković et al., ``Detection and Localization of Targeted Attacks on Fully Distributed Power System State Estimation,'‘ in Proc. of IEEE SmartGridComm, Oct. 2013,
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 33
Distributed State Estimation
State estimator
Bad Data Detector
Contingency Analysis
Optimal Power Flow
z=h(x1,x2)+e
zzr ˆ
x̂
zx ˆ,ˆ
Operator 1
x1
State estimator
Bad Data Detector
Contingency Analysis
Optimal Power Flow
zzr ˆ
x̂
zx ˆ,ˆ
Operator 2
x2
z=h(x1,x2)+
e
x12x21
)(kx65
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Periodic exchange of border state variables Distributed algorithm for convergence to consistent state estimate
– Various algorithms available
Iterative algorithm
Border Bus Phase Angle Attack
Iteration under attack
Attacker chooses δa,2 to maximize – Under constraint on ||δa,2||
First singular vector attack (model/state-aware)
– δa=u1 (First singular vector of A) Attacker needs information
– H matrix and system state – Power flow measurements – direction ()
CC1 CC2x1,b + δa,1
ak
bTkkTkkk HWHHWHxx )(1)(1)(1)()()( ][~
x2,b
x1,b
x2,b + δa,2
A
||~|| )(kx
)(kx
1Au1Au
)(~ kx
)()()()()1( ~ kkkkk xxxxx
66
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 34
DSE Attack Impact: Convergence Time
67
IEEE 118 bus system 6 regions Attacker compromises different areas FSV attack strategy
• Attack strategy crucial• Field measurement data
important for powerful attack (FSV+MEAS)
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
Attack Detection and Localization
Mean Squared Disagreement– Iteration k
Belief of Attack Location
Common belief of Attack location– Random walk based consensus– Left eigenvector of belief matrix
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
68
||
2/)()(',
2
2
)(,'
)(',)(
', krr
krr
krrk
rr x
xxd
)1(',
)(',
)(',
~)1(
~ krr
krr
krr ddd
)('
)(',
)(',)(
', ~~
rNr
krr
krrk
rr dd
B
)()()( kkk B
Vuković et al, ``Detection and Localization of Targeted Attacks on Fully Distributed Power System State Estimation,'‘ in Proc. of IEEE SmartGridComm, Oct. 2013
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 35
Cloud Computing for Power Systems
Cost Savings Elastic/Scalable/On-demand resources
– Improved Reliability/Performance• N-x criterion -> large number of high-fidelity
simulations/analysis;
New open market for data analytics Security
– Dedicated talent, wider view etc.
Dán et al, ``Cloud Computing for the Power Grid: From Service Composition to Assured Clouds,'‘ in Proc. of USENIX HotCloud'13, Jun. 2013
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
69
Power System Operations & Time Scales
Real-Time Operations (msec – 10s of minutes) Examples:– Protection (msec)– Frequency Governors (sec)– Automatic Generation Control (AGC) (seconds)– State Estimation and Contingency Analysis (minutes)– Economic Dispatch (~15 minutes)
Operation Planning Examples:– Load Forecasting – days (short term) to years (long term)– Unit Commitment (day ahead markets)– Maintenance Planning (weeks - year)– Generation and Transmission Planning ( up to 25 years)
70
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 36
Power Applications in the Cloud: Today
Cloud computing already present– Meter Data Management Services– Demand Response Solutions
• e.g., Honeywell’s Akuacom, GE’s Grid IQ, AutoGrid
CIGRE working group “outsourcing managed security services using cloud Technologies”
Characteristics:– Internet centered non-critical applications / customer facing– SaaS with a community deployment model
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
71
Power Applications in the Cloud: Future Markets?
– e.g., Locational Marginal Pricing– Optimal power flow with congestion constraints and uncertain load
Operational Planning?– e.g., renewable energy source integration– High-fidelity simulations with varying weather, load and system parameters
Operations?– e.g., contingency analysis or pre-screening for CA– undertaken every few minutes but computational load may vary based on
system state
Data storage?– e.g., phasor measurement unit data – typically not retrieved often
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
72
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 37
Cloud Computing for Power Operations: Concerns
Real-time Computations– Variable performance
Reliability / Fault Tolerance– Clouds are best effort
Regulation / Compliance– NERC CIP
Security– No hard guarantees; increased exposure
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
73
Cloud Security Concerns
Confidentiality– Measured data (leveraged for market advantage)– System information (leveraged for attacks)
Integrity– Computations and data
Availability– Computations and data
Compliance
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
74
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 38
Cloud as Black-box: Assured Service Composition
What properties can be achieved at what cost?
Approaches to Confidentiality – Computing on homomorphically encrypted data
• Expensive, not very practical– Problem transformation
• Linear transformation of OPF (Borden et al, Allerton’12) • Perturbation of CA (Vukovic et al, SmartGridComm ’13)
– Problem splitting• Chunk the problem and compute in different clouds
Approaches to Integrity– Multiple independent executions– Verification using low-fidelity/approximate executions
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
75
Assured Cloud Computing
Improved Isolation – e.g., HyperSafe (Oakland ’10), self service clouds
(CCS ‘12), NoHype (CCS ‘11)
Fault-tolerant infrastructure– e.g., ISIS2 or GridCloud
Multi-tenant support in hardware
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
76
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 39
Benefits, Risks, Challenges
Are cost savings enough to motivate utilities to look into or adopt (public or community) clouds?– At what point ($ savings) might a utility consider using cloud - $5, 10,
15 or 20 M/year?
Are security and reliability provided by clouds today sufficient to meet power utility requirements?– What properties/guarantees are needed?
• Perfect isolation vs. Weak isolation?• Best effort vs. Real-time?
Can sufficient level of availability be guaranteed? How should regulations be changed to enable the secure use
of cloud infrastructures?
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
77Dán et al, ``Cloud Computing for the Power Grid: From Service Composition to Assured Clouds,'‘ in Proc. of USENIX HotCloud'13, Jun. 2013
Summary Diverse application requirements
– Delay, throughput, availability, integrity, confidentiality
Diverse protocols/technologies Increasing focus on security
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
78
Dán et al. “Challenges in Power System Information Security”, in IEEE Security&Privacy Mag., vol. 10, no. 4, 2012
Performance
Cost
Security
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 40
Literature on Standards Ralph Mackiewicz, “Overview of IEC 61850 and Benefits”, IEEE PES Transmission and Distribution
Conference and Exhibition, May 2006 North American Synchrophasor Initiative (NASPI), http://www.naspi.org NERC CIP, http://www.nerc.com NIST, NIST IR 7628, Guidelines for Smart Grid Cyber Security, vol. 1-3, http://www.nist.gov A DNP3 protocol primer, http://www.dnp.org IEC 60870-5 standard on “Telecontrol equipment and systems” Inter Control center Communication Protocol (ICCP/IEC 60870-6/TASE.2) IEEE Std. 1815-2012 “IEEE Standard for Electric Power Systems Communications -- Distributed
Network Protocol (DNP3)” IEEE Std. C37.118-2005 “IEEE Std for Synchrophasors for Power Systems”
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
79
Literature beyond Standards H. Mueller, “Outage analysis: Italy,” Network Manager News, News and Information for Users of Network Manager Worldwide, vol. 2, no. 1,
pp. 1–3, 2004. O. Vuković, K-C. Sou, G. Dán, H. Sandberg, “Network-layer Protection Schemes against Stealth Attacks on State Estimators in Power
Systems”, in Proc. of IEEE SmartGridComm, Oct. 2011 O. Vuković, K-C. Sou, G. Dán, H. Sandberg, ``Network-aware Mitigation of Data Integrity Attacks on Power System State Estimation,‘’ in IEEE
Journal on Selected Areas in Communications (JSAC), vol. 30, no. 6, Jul. 2012 G. Dán, H. Sandberg, G. Björkmann, M. Ekstedt, “Challenges in Power System Information Security”, in IEEE Security and Privacy Magazine,
vol. 10, no. 4, 2012 G. Dán, R.B. Bobba, G. Gross, R.H. Campbell, ``Cloud Computing for the Power Grid: From Service Composition to Assured Clouds,'‘ in Proc. of
USENIX HotCloud'13, Jun. 2013 O. Vuković, G. Dán, ``Detection and Localization of Targeted Attacks on Fully Distributed Power System State Estimation,'‘ in Proc. of IEEE
SmartGridComm, Oct. 2013, O. Vuković, G. Dán,`` On the Security of Distributed Power System State Estimation under Targeted Attacks,‘’ ACM Symposium on Applied
Computing (SAC), Mar. 2013 O. Vuković, G. Dán, R.B. Bobba, ``Confidentiality-preserving Obfuscation for Cloud-based Power System Contingency Analysis,'' in Proc. of
IEEE SmartGridComm, Oct. 2013 G. Dán, K-S. Lui, R. Tabassum, Q. Zhu, K. Nahrstedt, “SELINDA: A Secure, Scalable and Light-Weight Data Collection Protocol for Smart Grids,'‘
in Proc. of IEEE SmartGridComm, Oct. 2013 K. Maheshwari, M. Lim, L. Wang, K. Birman, and R. van Renesse, “Toward a reliable, secure and fault tolerant smart grid state estimation in
the cloud,” IEEE PES Innovative Smart Grid Technologies, 2013. A. R. Borden, D. K. Molzahn, P. Ramanathan, and B. C. Lesieutre,“Confidentiality-preserving optimal power flow for cloud computing,” in
Allerton Control Conference, 2012 Reyzin , Reyzin, “Better than BiBa: Short One-time Signatures with Fast Signing and Verifying”, in Proc. of ACISP’02 A. Teixeira, G. Dán, H. Sandberg, K.H. Johansson, “A Cyber Security Study of a SCADA Energy Management System: Stealthy Deception
Attacks on the State Estimator”, in Proc. of IFAC World Congress, Aug. 2011 Q. Wang , H. Kurana, Y. Huang, K. Nahrstedt, “Time Valid One-Time Signature for Time-Critical Multicast Data Authentication,” in Proc of IEEE
Infocom, 2009
Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri
80
2013.08.28.
Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 41
Communications and Security in (Smart) Power Systems
György DánLaboratory for Communication Networks
School of Electrical EngineeringKTH, Royal Institute of Technology
Stockholm, Sweden
EIT ICTLabs SES Summer SchoolParis, 26 August 2013
81