Professional Documents
Culture Documents
Malaysia
Abstract— In this century, the demand for energy is increasing effective, because of the efficiency enhancing features [2].
daily, and the need for energy resources has become urgent Currently, the electrical network is made up of many
and inevitable. New ways of generating energy, such as generating units (about 9,200) with over a million
renewable resources that depend on many sources, including megawatts of generating capacity that are connected with
the sun and wind energy will contribute to the future of
over three thousand miles of transmission lines [3]. In the
humankind largely and effectively. These renewable sources
are facing major challenges that cannot be ignored which also 21st century Brazil, China, India, are leaders in the
require more researches on appropriate solutions . This has led deployment of smart grids [4]. A smart grid provides a
to the emergence of a new type of network user called modern and convenient chance to take the energy industry
prosumer, which causes new challenges such as the to a perfect stage characterized by a high degree of
intermittent nature of renewable. Smart grids have emerged as reliability, availability, and efficiency. It makes the
a solution to integrate these distributed energy sources. It also electricity grid as a more flexible grid that can deal with
provides a mechanism to maintain safety and security for emergencies that include dangerous storms, sudden
power supply networks. The main idea of smart grids is to earthquakes, and terrorist attacks. Smart grids provides more
facilitate local production and consumption By customers and
active carriage of electricity between suppliers and
consumers.
consumers. It reduces electricity rates by reducing the peak
Distributed ledger technology (DLT) or Block-chain demand. When we face a power outage problem, the smart
technology has evolved dramatically since 2008 that coincided grid does the recovery process for electricity faster. It
with the birth of its first application Bitcoin, which is the first provides the ability to reduce both the operating and
cryptocurrency. This innovation led to sparked in the digital management costs of utilities and also reduce energy costs
revolution, which provides decentralization, security, and for consumers and it provides better integration between all
democratization of information storage and transfer systems power generation systems, and this also includes renewable
across numerous sectors/industries. Block-chain can be applied
energy systems and a mechanism to improve security.
for the sake of the durability and safety of energy systems. In
this paper, we will propose a new distributed framework that The smart grid also provides a mechanism to benefit more
provides protection based on block-chain technology for from energy generators owned by customers to produce
energy systems to enhance self-defense capability against those energy when it is not available from the facilities [3]. It also
cyber-attacks. contributes to a mechanism to address the old energy
infrastructure that needs maintenance, upgrade, or
Keywords— Block-chain; Bitcoin; Cryptocurrency;
Distributed energy sources; Cyber-attacks. replacement [3].
The main concept of the smart grid is not only related to
I. INTRODUCTION facilities and technologies, but it includes a bigger concept
Electrical network consists of transmission lines, a group of than that in terms of giving and collecting information and
substations, and some transformers and other components providing tools that we need it to make quick and necessary
[1]. This network is responsible for the process of delivering decisions about your energy use. If you are running your
the electricity from the energy resources to your home or business remotely through a computer like banking, the
office, which you get when you turn on the light switch or smart grid enables you to manage electricity and energy
when you turn on the TV or Computer. In 1886 in Great resources. The smart grid will provide services more
Barrington, Massachusetts, the first alternating current intelligent and unprecedented to share data with the
power grid system was created at that time [7]. consumer. For example, the consumer can know the amount
In 1960, electrical networks in some countries had expanded of electricity consumed at any time without waiting for the
very dramatically and became much interconnected with monthly statement where through smart meters, the
each other to provide the power to centers through power consumer can get a clear picture of the amount of
lines[2]. The network topology remained in the range of 1 consumption and the amount of cost [3].
gigabyte (1,000 megawatts) to 3 giga-watts still cost-
Authorized licensed use limited to: University College London. Downloaded on November 02,2020 at 01:41:39 UTC from IEEE Xplore. Restrictions apply.
2020 11th IEEE Control and System Graduate Research Colloquium (ICSGRC 2020), 8 August 2020, Shah Alam, Malaysia
The main feature of smart grid is the use of smart counters A. Black Energy Malware
or meters. These meters are used to monitor and manage Kyivoblenergo claimed that they had been infected with
energy consumption for electronic devices to transfer them Black Energy, a Trojan used to initially conduct cyber
to the closer layer. However, the mechanism of data espionage, setting forth the path for denial-of-service (DoS)
exchange and the use of the Internet have led to the and information destruction attacks. The cyber espionage
emergence of multiple problems as weaknesses in cyber allowed hackers to illicitly acquire login credentials that
security, which can lead to many problems such as power enabled them to remotely manipulate the power grid. The
outages, power theft, and violation of energy consumer hackers targeted electric company employees who serve
privacy. In addition to that, the communication protocols Ukraine’s 24 geographical regions with a variety of
adopted by the smart grid are contained several security administrative accesses using an email spoofing tactic called
holes. Those protocols do not include authentication and
access control mechanisms. With these security gaps spear-phishing [13]. However, the codes were used to attack
emerging, hackers can exploit them to launch various cyber- and delay restoration efforts, respectively [14].
attacks [5]. The hackers also use their expertise to conduct
attacks that lead to losses or damage to other countries. B. Backdoor.Droshel and Backdoor.Cooder Malware
With the illegally acquired credentials, hackers were able to
In this paper we focused on developing work with certain
conduct follow-up attacks against targeted organizations.
modifications like building a smart grids security system
They used a variety of techniques to install
based on block-chain technology, and then we will
Backdoor.Dorshel or Backdoor. Goodor malware that
implement it on smart grids systems. The most important
allowed remote access to computer terminals [15]. Attackers
thing in this model or system is to achieve security and
with unrestricted remote access were able to chart their
efficiency in the network environment against all possible
targeted domain and systems as well as increase their
risks.
administrative rights, which allowed them to connect to
II. ANALYSIS OF THE CYBER-ATTACKS ON THE UKRAINIAN industrial control systems that potentially operate the
ENERGY SECTORS electrical grid [15].
On December 23, 2015, Ukrainian Kyivoblenergo, an C. Plan of Attack - Techniques and Procedure
electricity distribution company specializing in electrical The attack against Ukraine power grid started simple with
transmission and supply, announced service disruptions to company employees commonly receiving strings of
its customers [6].In this case, what was happening was phishing emails containing an attachment disguised with
something exceptional. Where the supply of electricity to malware. This case is no different than a hacker tapping into
customers was not interrupted due to weather, infrastructure, a personal home network, except that it was performed on a
or equipment malfunctions this was due to illegal third-party grander scale. The key goal with the Black Energy malware
penetration of Kyivoblenergo mainframe and remote was to steal user credentials for use them in next month’s
networks through the Internet. For approximately three later to control breakers and manipulate the grid [16]. The
hours, seven 110 kV and 23 35 kV substations were attackers then used stolen credentials to reach the industrial
remotely disengaged. The cyber-attack stopped other parts control systems, networks, and remote access tools to
of the distribution network, which forced Kyivoblenergo control the human-machine interface (HMI) [17].
staff to switch to manual mode, and restore power by using Additionally, the hackers waged a telephone denial-of-
Soviet-era manual controls [7]. Kyivoblenergo’s initial service attack against customer call centers, thwarting the
estimate put the total affected customers at about 80,000, ability for customers to report the outage and providing the
but after realizing that two other companies were also hackers with another smokescreen to go undetected [18].
attacked, the updated estimate raised the total affected to
225,000 customers who lost energy across the region [8]. III. SMART GRID REFERENCE MODEL
The hackers initiated the Kill Disk wiper malware on
network drives that hindered or permanently disabled In [19], mentioned that SG reference model consists of
Ukrainian power grid equipment that is essential to run the many functional areas. These areas are:
facilities that serve its customers [9]. The Kill Disk software • Bulk Generation: Conventional sources of power
is a type of malware that deletes particular files on target generation use a source such as coal and gas, and these
systems as well as corrupts the master boot record, the first sources are non-renewable and expensive. The smart
sector of any hard disk that identifies where and how an grid uses other renewable resources for power generation
operating system is located for it to load, thus incapacitating such as wind turbines and solar panels.
the system it hijacks. Additionally, the hackers maliciously • Transmission: To transfer energy from power generators
corrupted the firmware of certain Serial-to-Ethernet to consumers.
converters at select substations, making them inoperable • Distribution: The distribution field spreads electricity to
[10]. These tiny boxes in the substations have the job of individuals and transports suppliers and users.
translating internet protocols to communicate with older • Operation: To monitor and control of all transmission
equipment [11]. The hackers remotely disconnected and distribution areas.
uninterruptable power supplies (UPS) to two of the • Market: Mechanism to balance supply and demand with
electrical companies control centers that provide emergency all parties involved in the supply and trade of
backup power in the event primary power is lost [12]. electricity.
101
Authorized licensed use limited to: University College London. Downloaded on November 02,2020 at 01:41:39 UTC from IEEE Xplore. Restrictions apply.
2020 11th IEEE Control and System Graduate Research Colloquium (ICSGRC 2020), 8 August 2020, Shah Alam, Malaysia
rate higher than the rate of 100 Kbps per second to 10 Mbps Substation -Protective relaying. C-Low (KillDisk software)
-Packet injection
and provides a coverage range of 10 km. The appropriate attacks.-Reply attacks.
102
Authorized licensed use limited to: University College London. Downloaded on November 02,2020 at 01:41:39 UTC from IEEE Xplore. Restrictions apply.
2020 11th IEEE Control and System Graduate Research Colloquium (ICSGRC 2020), 8 August 2020, Shah Alam, Malaysia
handle original communications for access. Eavesdropping transmitted to all Distributed Energy Resources (DERs)
is the process that an attacker surreptitiously eavesdropping which refers to the multiple agents or nodes(meters).
on the communication that takes place between the different
components without their consent.
SG Misconfigurations: One of the most important security
flaws (vulnerabilities) is those that are formed due to errors
that occur through initialization operations. Where firewalls
in smart grid components define both the trusted and
untrusted parts of the network [24].
V. CYBER-ATTACKS AGAINST SG SYSTEMS AND
Devices Fig. 4. Proposed System infrastructure.
Smart grid systems and their hardware components(devices)
are vulnerable to several forms of cyber-attacks. There are a VII. PROPOSED WORK- METHODOLOGY
lot of software vulnerabilities that can provide the ability to In the proposed Block-chain architecture in the distributed
the attacker from doing bypassing the authentication process network we consider the measurements of the meter as
so that he can control the system such as buffer overflow, nodes that can be presented in blocks. Each node has a
Structured Query Language Injection (SQL) and integer unique address and number. For every node, two keys the
Overflow. In [24, 25], Studies have shown that there are first is a public key that shares with the others while private
Many program gaps in smart networks. Devices in the smart key cannot be shared. These nodes have the ability to
grid systems use weak or virtual passwords without strong communicate with each other wireless and wired. The
encryption that can provide a strong and secure permission is only given to the nodes for data collection.
authentication mechanism for users. Also, authentication The operations that take place between this node can be
mechanisms may be completely absent from many of the made according to a certain consensus mechanism
system’s features [26]. Malware, through the process of automatically, contrary to what is known in bitcoin where
injecting malicious control communications, can affect transactions are done manually by humans.
SCADA systems. Stuxnet is the first multi-part worm that
infected the devices through the storage devices or the A. The description of the problem:
networks and it makes a lot of damages in the devices [27]. When an attacker obtains the basic credentials and powers
Attacking the supply chain will put the entire system at risk. that give him full control of the substations or any node over
Because the majority of network devices contain back doors the network, how can we detect this, prevent him, withdraw
as those doors are exploited by unauthorized attackers to those permissions from him, and limit its potential threats. If
access the system and its resources [28]. False Data an attacker could obtain the consumer, producer, or control
Injection Attack (FDIA) is a cyber-attack that can lead to authority credentials then he can launch the FDIA attack.
misleading the control system and in turn [29], it causes We suggest a new proposed method to detect these kinds of
great damage to the network due to making decisions based attacks to prevent the attackers and withdraw the
on misleading data. permissions from them which will reduce the limit of the
harms. Block chain technology will significantly reduce the
VI. SCADA SYSTEM INFRASTRUCTURE possibility of penetration, but if that penetration occurs, we
Most modern SCADA systems contain two layers physical have proposed a secondary defense mechanism. The second
layers and communication layer, figure(3) [30]. SCADA line of defense will reveal the hackers and their knowledge
network provides real-time data collection this data includes through their behavior based on their old activity records
the amount of current and voltage, the amount of real and the actions they perform, and thus they can be classified
energy, the status of transformers and much more . into groups of the contract. These classifications include
trusted nodes, malicious nodes, and semi-honest nodes.
B. Reputation Score
We will rely on giving each node a credit or reputation score
(RS) which is a great advantage to use in the second line of
defense. Where this value is not known to the attackers
because it is related to several things and variables that
cannot be predicted and cannot be accessed and calculated
Fig. 3. SCADA Network.
in an easy way . An attacker could steal the basic identifiers
Sensors and meters are distributed in this network according to gain access to the system impersonation and use of all
to a specific distance, according to the geographical range, user IDs and keys. But through the degree of reputation and
to provide a path for communication between the nodes. In based on the hacker’s actions if that degree is less than a
the proposed system that we would like to suggest there are specific value (threshold), then more safety measures will be
two scenarios as shown in figure(4). For scenario(a), it indicate requested and if he does not provide them, the powers will
that an attacker can manipulations data before transmission be removed from him immediately and all requests sent by
data. For scenario (b), shows that our proposed work the him will be ignored. For each event to be validated, that
blockchain technology can protect that when these data value has been added. High detection performance:
103
Authorized licensed use limited to: University College London. Downloaded on November 02,2020 at 01:41:39 UTC from IEEE Xplore. Restrictions apply.
2020 11th IEEE Control and System Graduate Research Colloquium (ICSGRC 2020), 8 August 2020, Shah Alam, Malaysia
depending on an algorithm to make correct classifications to make a decision. Each LEM has a reputation score, which
that recognized malicious activities as unmoral behavior. was calculated by using a certain algorithm (It uses many
Detection rate, sensitivity, or probability of detection is a instantaneous variables and it will be added to each
major factor in classification to malicious or benign transaction). These reputation score will lead to give the
behavior. We consider the node as a malicious if the LEM more reward (credit) or reduce the credit value and
reliability ratio is mall while, if this ratio is large the node sometimes receive penalties. Figure(6), shows the results of
will be trusted one. User history and stored cookies the proposed implementation, which illustrates the rates of
indicating his past activities can play also a role in this. wrong events by attackers without using the reputation ratio.
C. Block-Chain Technology and Smart Contracts
In Home Energy Management (HEM) both consumers and
prosumers can trade energy without the need for a third
party[30]. This will give both of them the capability for
optimization the management for energy loads and reduce
the costs. The use of smart contracts in the energy trade
process will provide a safe and error-free mechanism and
provide a defense mechanism against electronic attacks.
This new technology enables programming logic through
solidity (Ethereum) programming language to create smart
contracts. Each LEM will has a blockchain local copy which
will be updates through the network, figure(5). Fig. 6. False Events vs Percentage of Attackers.
104
Authorized licensed use limited to: University College London. Downloaded on November 02,2020 at 01:41:39 UTC from IEEE Xplore. Restrictions apply.
2020 11th IEEE Control and System Graduate Research Colloquium (ICSGRC 2020), 8 August 2020, Shah Alam, Malaysia
105
Authorized licensed use limited to: University College London. Downloaded on November 02,2020 at 01:41:39 UTC from IEEE Xplore. Restrictions apply.