Professional Documents
Culture Documents
net/publication/260670185
CITATIONS READS
245 1,355
6 authors, including:
Xu Li Xiaohui Liang
Taiyuan University of Technology University of Massachusetts Boston
326 PUBLICATIONS 12,768 CITATIONS 127 PUBLICATIONS 5,946 CITATIONS
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Xuemin Sherman Shen on 18 December 2017.
Factory
Farm
Commercial Electric
building vehicle
Control center Residence
+ –
Stocked
electricity
High-voltage Alternative power sources
lines Substation Medium-/low- Feeder
voltage lines
decisions.
Figure 2. Smart grid network architecture with a single regional network.
be effortlessly integrated and managed in a uni- ent location, in peak time. These distributed
fied way. Furthermore, control centers, commu- power sources will cause reverse power flows
nity gateways, and smart meters are connected and voltage variations in the grid, resulting in
to the Internet. Through the Internet connec- more severe power distribution reliability issues.
tions, customers may access their own electricity Solving these reliability issues requires realiza-
use and cost information, utilities may obtain tion of wide-area measurement and control as
electricity usage information at different granu- well as improvement of real-time communica-
larities, and control centers may share data and tion, diagnosis, and response mechanisms.
coordinate to make interregional decisions. Since smart grid is a combination of the
power grid and a communication network, secu-
rity attacks may take place in both the physical
SECURITY CHALLENGES IN space, as in the conventional power grid, and
cyber space as in any communication network. A
SMART GRID power device is traditionally located at a protect-
With the elaborate smart grid architecture and ed place (e.g,. substation) and controlled through
composition as well as real-time grid operation physical contact or following proprietary proto-
status information, control centers may easily cols via dedicated wired communication links. In
ensure power efficiency by applying optimization smart grid, a power device is often microproces-
techniques to find the best power generation, sor-based and running public protocols, the
transmission, and delivery strategies with respect specifications of which can be obtained readily
to given constraints. In smart grid development, (e.g., from the Internet) by anyone interested.
major challenges lie in the delivery of reliability Also, it may have a human-machine interface
and security. and very likely support wireless connection for
Conventional power grid employs dedicated easy access. The increased openness conve-
power devices, which are usually integrated with niences adversaries and brings additional securi-
control and communication functionalities, and ty vulnerabilities to the grid. In conventional
uses closed networks composed of reliable, pre- power grid, there is normally only one access
dictable serial communication links. In contrast, point to the grid management system in a neigh-
smart grid will decouple the communication and borhood. In smart grid, smart meters are mas-
control functionalities from power devices, and sively deployed as access points, one per
be modularized from the expendability and customer, in order to engage customers in utility
maintenance perspectives. Its components will management. They are connected to the Inter-
largely be commercial off-the-shelf products net for ease of management. These access points
from different companies that may have are ideal portals for intrusions and malicious
unknown incompatibilities, and adopt broadband attacks. As computer communications is exten-
communications and IP-like technologies which sively used in the grid for implementing
are error-prone and have nondeterministic advanced monitoring and control, the grid
behaviors. This transformation inevitably becomes increasingly like a computer network,
decreases system operation reliability. Faults and as a result, all kinds of cyber attacks present
caused by component incompatibility and com- in computer networks will have their analogs in
munication failure will occur. In order to reduce smart grid, with the purpose of jeopardizing the
greenhouse gas emissions, renewable but unsta- grid system.
ble power generation by, for example, photo- To conquer the above reliability and security
voltaic cells and wind turbines will be challenges and realize the ambitious vision of
accommodated in smart grid. Besides, to flatten smart grid, innovative research is expected in all
load in the grid, power may be stocked during aspects of smart grid, from high-level architec-
off-peak time and released, possibly at a differ- ture design to low-level implementation detail.
x 104
4 400
TRAD TRAD
x 106 EPPA EPPA
14 350
3.5 TRAD DN=2 TRAD
communication overhead
computational overhead
12 TRAD DN=4 350 EPPA
TRAD DN=6 300
Customer-to-GW
GW-to-CC communication overhead
10 EPPA
3
Customer
CC computational overhead
8 300 250
2.5 6 200
4 250
150
2 2
0 100
200 1 2 3 4 5 6 7 8 9 10
100
200
300
400
500
600
700
800
900
1000
1.5 Number of dimensions
Number of customers
150
1
0.5 100
0 50
1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10
Number of dimensions Number of dimensions
(a) (b)
Figure 4. Performance comparison: EPPA [13] vs. TARD. GW stands for community gateway; CC for control center. Communication
overhead is measured in bits; computational overhead is measured by time in milliseconds.
escrow forwards them to the control center. A was, and so on. When multiple dimensions are
random time interval is suggested between the present, these schemes will have to process every
two steps for breaking the correlation. Since the dimension separately and impose overwhelming
utility is not involved in the second step, the processing load on smart meters and control cen-
HFID remains unknown to the utility. ters, becoming less efficient in communication
For simplicity, in the following we refer to and in time. Under these circumstances, we pro-
high-frequency metering data (containing elec- posed a novel Efficient and Privacy-Preserving
tricity usage patterns) as metering data. In [13], Aggregation (EPPA) scheme [13] for smart grid
we noticed that metering data is often small in communication based on homomorphic Paillier
size, smaller than the plain text space of the cryptosystem [14]. This scheme processes all the
encryption algorithm used. Each time when the dimension data as a whole rather than separately,
data is encrypted, its size is increased to occupy thus saving both computational overhead and
the entire plain text space. As such information communication cost, reducing data latency and
is transmitted by a massive number of smart improving real-time response capability. Below,
meters, a large portion of the communication we briefly describe EPPA and present its perfor-
bandwidth is wasted, and transmission delay is mance in comparison with the traditional scheme
increased as a result. Since in a regional net- (referred to as TRAD) where no data aggrega-
work, smart metering data flows to the control tion is engaged. Detailed algorithm design and
center through community gateways, we reason- performance evaluation can be found in [13].
ably suggested that community gateways aggre- Assume that smart metering data has l dimen-
gate received raw smart metering data and sions. The control center obtains a public key (n,
forward them in an integrated compact form to g) and a private key (λ, μ) using the input securi-
the control center. Each smart meter encrypts its ty parameters. According to the security parame-
readings using a secret key shared with the con- ters and the public key, it selects a proper super
trol center. Community gateways are not be able increasing sequence → a = (a 1, a 2, ⋅⋅⋅, a l) con-
to access the content of metering data. To enable tains l primes. Further, it computes a sequence
→
community gateways to perform data aggrega- g = (g1, g2, ⋅⋅⋅, gl), where gi = gai. It publishes
tion in this case, we further suggested that smart (n, →g) and some other necessary information to
meters apply a homomorphic encryption tech- smart meters, while keeping (λ, μ, → a) and the
nique. In this technique, a specific linear alge- other remaining information secretly. A smart
→
braic manipulation toward the plaintext is meter i obtains (n, g) by registering itself with
equivalent to another one conducted on the the smart grid. Each time when it transmits →
a
ciphertext. This unique feature allows communi- piece of l-dimensional metering
→
data d i = (d i1,
ty gateways to perform summation and multipli- di2, ⋅⋅⋅, dil), it encrypts di into to a piece of one-
cation based aggregation on received metering dimensional cyphertext and transmits the cypher-
data without decrypting them. text. During the encryption, it computes Ci = (rin
Existing homomorphic encryption based data Πj=1
l gj
di j ) mod n2 as the cyphertext, where ri is a
aggregation schemes consider one-dimensional random integer.The cyphertext is delivered to
data only. In smart grid, metering data is howev- the gateway of the community network that the
er multi-dimensional, for example, including the smart meter belongs to. Let w represent the
amount of energy consumed, and in which time number of smart meters in the community net-
period and for what purpose the consumption work. The community gateway performs data
aggregation on received cyphertext {C1, C2, ⋅⋅⋅, on. It uses the collected reports as observations
Cw} as C = (Π i=1 Ci) mod n2. It forwards C to
w
Each IDS module has to form the prior beliefs of the Gaussian pro-
the control center. At the control center, the cess. Using the prior beliefs and observations, it
two components: aggregated cypher text C is decrypted with the computes the posterior probability distributions
a classifier (for attack private key (λ, μ) to obtain a mixture data M = of the Gaussian process through Gaussian pro-
(Σj=1 aiΣi=1dij) mod n. Through simple calculus,
l w
classification) and a cess regression. The optimal parameters of the
the control center easily
→
recovers each original Gaussian process are obtained by maximizing
recorder (for logging piece of metering data dj from M. Figure 4 shows the log likelihood of the training data with
and accuracy that EPPA indeed has significantly less overhead respect to the parameters. Then it is able to pre-
than TRAD. dict whether a DoS attack is going to happen,
evaluation). As in and to send early warning and instructions to the
convention, either INTRUSION DETECTION respective device so that the later can take
machine learning The above security techniques are for smart grid appropriate actions (e.g. drop the data or
to defend against attacks launched by an adver- authentication request) in advance to mitigate
techniques or sary outside the grid. If the adversary attacks the the forthcoming DoS attack.
artificial immune grid through some compromised devices, these
techniques will lose their effectiveness. Intrusion
systems may be detection mechanisms are necessary for identify- CONCLUSIONS AND
applied for realizing ing compromised devices. While existing net-
work intrusion detection techniques may be
FUTURE DIRECTIONS
the classifier.
applied to the smart grid network directly or In this article, we have studied the smart grid
with minor modification, below we introduce a network architecture and discussed major chal-
generic IDS (intrusion detection system) frame- lenges in smart grid development. We have also
work and a DoS attack (i.e. network availability addressed the basic cyber attack behaviors in
attack) detection technique, both designed par- smart grid and offered several fundamental
ticularly for smart grid communications. approaches to resist these behaviors. Below, we
Zhang et al. [2] proposed a hierarchical IDS conclude the article by discussing several open
framework, where an IDS module is installed problems and possible solutions, in accordance
distributedly along the network hierarchy, that with the fundamental security techniques intro-
is, on control centers, community gateways and duced previously. Our objective is to shed more
smart meters, as shown in Fig. 2. The IDS mod- light on the smart grid security and privacy
ule at the bottom layer accepts raw input from issues and to trigger more research efforts along
smart meters; the module at a higher layer this emerging research line.
accepts input only from the IDS module at the The role-based access control scheme [8]
immediate lower layer. If an attack is detected requires a pre-defined fixed role hierarchy. From
by an IDS module, an alarm will be invoked at flexibility and sustainability points of view, it is
the corresponding layer. If a detection decision desirable to allow automatic access control poli-
cannot be made at certain layer, it will be left for cy generation to allow dynamic role addition and
the upper layer to make, since the upper layer removal. One possible solution is to apply
has a wider scope of knowledge. Each IDS mod- attribute-based, rather than role-based, access
ule has two components: a classifier (for attack control. In such scheme, there is a pre-defined
classification) and a recorder (for logging and universal attribute sets, and each attribute is
accuracy evaluation). As in convention, either associate with certain access privileges. A social
machine learning techniques or artificial immune role is assigned with a number of attributes such
systems may be applied for realizing the classifi- that it obtains the corresponding access privi-
er. Zhang et al. suggested to apply Support Vec- leges. By combining attributes in different ways,
tor Machine or clonal selection to build the different roles and therefore different access
classifier. In either case, the classifier needs to policies are created on the fly.
be trained before put in use. Considering the The authentication schemes [9, 10] both
difference of attacks likely happening at differ- adopt public key cryptography without specifying
ent layers, the training data will have a different how public keys are managed. Public key infra-
concentration of attack types at each layer for a structure (PKI) is a classic public key manage-
tradeoff of accuracy and time. ment system, where users obtain certificates
Authentication is performed between grid (including public keys) from pre-defined certifi-
devices to ensure authenticity. It is a computa- cate authorities (CAs) and CAs form a hierar-
tion-intensive procedure generating noticeable chical structure. When PKI is used, each grid
delay and can become the target of DoS attack. device obtains a certificate from a local CA. Two
Fadlullah et al. [3] proposed a predication based devices belonging to the same regional network
DoS attack defense mechanism. They assumed may have certificates issued by different CAs
that some compromised grid devices launch DoS and do not recognize each other’s certificate. In
attack distributedly by frequently sending false this case, they have to consult with the common
data or authentication requests along the net- ancestor of the two CAs in the PKI hierarchy,
work hierarchy. Unusual activities such as device leading to increased authentication delay. Fast
failures and authentication failures are moni- authentication is an open problem. One possible
tored at every layer and reported to the control solution is to use a cryptographic technique,
center. The control center models each mali- known as re-signature. This technique enables
cious event as a Gaussian process, realized by a two CAs to together initialize a computing
collection of random variables representing device in the regional network, which can quick-
event features such as number of defective ly translate a certificate issued by one of them to
devices, malicious authentication ratio, and so a certificate issued by the other.
For the sake of privacy preservation, each [14] P. Paillier, “Public-Key Cryptosystems based on Com-
posite Degree Residuosity Classes,” Proc. EUROCRYPT,
smart meter transmits two types of data, privacy- 1999, pp. 223–38. It is an interesting
sensitive raw metering data (to the control cen- [15] D. Wu and C. Zhou, “Fault-Tolerant and Scalable Key
ter) and privacy-insensitive metering data Management for Smart Grid,” IEEE Trans. Smart Grid,
open problem to
summary (to the utility), both going through com- vol. 2, no. 2, 2011, pp. 375–81. enable a community
munity gateways [12, 13]. Since summary data can gateway to compute
be computed from raw data, its transmission is BIOGRAPHIES
redundant. It is an interesting open problem to the summary with-
XU LI (xu.li@inria.fr) received a Ph.D. (2008) degree from
enable a community gateway to compute the Carleton University, Canada, an M.Sc. (2005) degree from out knowing the
summary without knowing the content of the raw the University of Ottawa, Canada, and a B.Sc. (1998) degree
data, and generate the result that is accessible by from Jilin University, China, all in computer science. Prior to content of the raw
joining Inria, France, as a research scientist, he held post-
the utility. Solutions will reduce smart grid com- doctoral fellow positions at the University of Waterloo, data, and generate
munication overhead, shorten data latency, and Canada, Inria/CNRS, France, and the University of Ottawa, the result that is
eventually improve smart grid reliability. Canada. He is on the editorial boards of the Wiley Transac-
Compromised grid devices are severe security tions on Emerging Telecommunications Technologies, Ad accessible by the util-
Hoc & Sensor Wireless Networks, and Parallel and Distribut-
threats to the smart grid operation. They are to ed Computing and Networks. He is/was a guest editor of a ity. Solutions will
be detected by the installed intrusion detection few journal special issues. His current research focuses on
systems [2, 3]. However, normal devices may machine-to-machine communications and mobile social net- reduce smart grid
behave selfishly and damage the grid operation works, along with over 50 different works published in ref- communication over-
ereed journals, conference proceedings, and books.
as well. For example, customer-owned renewable head, shorten data
power sources may suddenly stop providing elec- Xiaohui Liang [S’10] (x27liang@bbcr.uwaterloo.ca) is cur-
tricity for its own benefit and lead to voltage rently working toward a Ph.D. degree with the Department latency, and eventu-
variations in the grid. Detecting selfish renew- of Electrical and Computer Engineering, University of
Waterloo. He is a research assistant with the Broadband ally improve smart
able power sources is a unique problem in smart Communications Research (BBCR) Group, University of
grid, and warrants deep investigation. One possi- grid reliability.
Waterloo. His research interests include security and priva-
ble solution is to apply trust management for cy for e-healthcare systems and mobile social networks.
those devices, with respect to their power gener-
RONGXING LU [S’09, M’11] (rxlu@bbcr.uwaterloo.ca) received
ation capabilities and constraints as well as their a Ph.D. degree in computer science from Shanghai Jiao
actual behaviors, and avoid using the devices Tong University, Shanghai, China, in 2006 and a Ph.D.
with low trust ratings. degree in electrical and computer engineering from the
University of Waterloo in 2012. He is currently a postdoc-
ACKNOWLEDGMENTS toral fellow with the Broadband Communications Research
(BBCR) Group, University of Waterloo. His research interests
This research was partially supported by Nation- include wireless network security, applied cryptography,
al Natural Science Foundation of China (Grant and trusted computing.
No. 61003218, 70971086.)
XIAODONG LIN [S’07, M’09, SM’12] (xiaodong.lin@uoit.ca)
received a Ph.D. degree in information engineering from
REFERENCES Beijing University of Posts and Telecommunications, China,
[1] H. Khurana et al., “Smart-Grid Security Issues,” IEEE in 1998 and a Ph.D. degree in electrical and computer
Security & Privacy, vol. 8, no. 1, 2010, pp. 81–85. engineering from the University of Waterloo in 2008. He is
[2] Y. Zhang et al., “Distributed Intrusion Detection System currently an assistant professor of information security
in A Multi-Layer Network Architecture of Smart Grids,” with the Faculty of Business and Information Technology,
IEEE Trans. Smart Grid, vol. 2, no. 4, 2011, pp. University of Ontario Institute of Technology, Canada. His
796–808. research interests include wireless network security, applied
[3] Z. M. Fadlullah et al., “An Early Warning System against cryptography, computer forensics, and software security.
Malicious Activities for Smart Grid Communications,”
IEEE Network, vol. 25, no. 5, 2011, pp. 50–55. HAOJIN ZHU [M’09] (zhu-hj@sjtu.edu.cn) received his B.Sc.
[4] Y.-J. Kim et al., “A Secure Decentralized Data-Centric degree (2002) from Wuhan University, China, his M.Sc.
Information Infrastructure for Smart Grid,” IEEE Com- degree (2005) from Shanghai Jiao Tong University, China,
mun. Mag., vol. 48, no. 11, 2010, pp. 58–65. both in computer science, and his Ph.D. in electrical and
[5] X. Li et al., “Smart Community: An Internet of Things computer engineering from the University of Waterloo in
Application,” IEEE Commun. Mag., vol. 49, no. 11, 2009. He is currently an associate professor with the
2011, pp. 68–75. Department of Computer Science and Engineering, Shang-
[6] A.-H. Mohsenian-Rad and A. Leon-Garcia, “Distributed hai Jiao Tong University, China. His current research inter-
Internet-Based Load Altering Attacks Against Smart ests include wireless network security and distributed
Power Grids,” IEEE Trans. Smart Grid, vol. 2, no. 4, system security. He received the SMC-Young Research
2011, pp. 667–74. Award (Rank B), Shanghai Jiao Tong University, November
[7] F.G. Marmol et al., “Do Not Snoop My Habits: Preserv- 2011. He was a co-recipient of best paper awards of IEEE
ing Privacy in the Smart Grid,” IEEE Commun. Mag., ICC 2007 — Computer and Communications Security Sym-
vol. 50, no. 5, 2012, pp. 166–72. posium and Chinacom 2008 — Wireless Communication
[8] H. Cheung et al., “Role-based Model Security Access Symposium. He serves on the technical program commit-
Control for Smart Power-Grids Computer Networks,” tees for many international conferences such as INFOCOM,
Proc. IEEE PESGM, 2008, pp. 1–7. ICCCN, GLOBECOM, ICC, and WCNC.
[9] M. Fouda et al., “A Light-Weight Message Authentica-
tion Scheme for Smart Grid Communications,” IEEE X U E M I N (S H E R M A N ) S H E N [M’97, SM’02, F’09]
Trans. Smart Grid, vol. 2, no. 4, 2011, pp. 675–85. (xshen@bbcr.uwaterloo.ca) received a B.Sc. (1982) degree
[10] Q. Li and G. Cao, “Multicast Authentication in the from Dalian Maritime University, China, and M.Sc. (1987)
Smart Grid With One-Time Signature,” IEEE Trans. and Ph.D. degrees (1990) from Rutgers University, New Jer-
Smart Grid, vol. 2, no. 4, 2011, pp. 686–96. sey, all in electrical engineering. He is a professor and Uni-
[11] L. Reyzin and N. Reyzin, “Better Than BiBa: Short One- versity Research Chair, Department of Electrical and
Time Signatures with Fast Signing and Verifying,” Proc. Computer Engineering, University of Waterloo. His research
ACISP, 2002, pp. 144–53. focuses on mobility and resource management, UWB wire-
[12] C. Efthymiou and G. Kalogridis, “Smart Grid Privacy via less networks, wireless network security, and vehicular ad
Anonymization of Smart Metering Data,” Proc. Smart- hoc and sensor networks. He is currently serving as an Edi-
GridComm, 2010, pp. 238–43. tor-in-Chief for IEEE Network, Peer-to-Peer Networks and
[13] R. Lu et al., “EPPA: An Efficient and Privacy-Preserving Applications, and IET Communications. He is a Fellow of
Aggregation Scheme for Secure Smart Grid Communi- Engineering Institute of Canada, a registered Professional
cations,” IEEE Trans. Parallel and Distributed Systems, Engineer of Ontario, Canada, and a Distinguished Lecturer
to appear. of the IEEE Communications Society.