Mohammad Ashiqur Rahman

A Noninvasive Threat Analyzer for Advanced Metering Infrastructure in Smart Grid

Advanced Metering Infrastructure (AMI) is the core component in a smart grid that exhibits a highly complex network configuration. AMI comprises heterogeneous cyber-physical components, which are interconnected through different communication media, protocols, and security measures. They are operated using different data delivery modes and security policies. The inherent complexity and heterogeneity in AMI significantly increases the potential of security threats due to misconfiguration or absence of defense, which may cause devastating damage to AMI. Therefore, there is a need for creating a formal model that can represent the global behavior of AMI configuration in order to verify the potential threats. In this paper, we present SmartAnalyzer, a security analysis tool, which offers manifold contributions: (i) formal modeling of AMI configuration that includes device configurations, topology, communication properties, interactions among the devices, data flows, and security properties; (ii) formal modeling of AMI invariants and user-driven constraints based on the interdependencies among AMI device configurations, security properties, and security control guidelines; (iii) verifying the AMI configurations compliance with security constraints using a Satisfiability Modulo Theory (SMT) solver; (iv) reporting of potential security threats based on constraint violations, (v) analyzing the impact of potential threats on the system; and (vi) systematic diagnosing of SMT unsatisfiable traces and providing necessary remediation plans. The accuracy and scalability of the tool are evaluated on an AMI testbed and various synthetic test networks.

SmartAnalyzer: A noninvasive security threat analyzer for AMI smart grid

The Advanced Metering Infrastructure (AMI) is the core component in smart grid that exhibits highly complex network configurations comprising of heterogeneous cyber-physical components. These components are interconnected through different communication media, protocols, and secure tunnels, and they are operated using different data delivery modes and security policies. The inherent complexity and heterogeneity in AMI significantly increase the potential of security threats due to misconfiguration or absence of defense, which may cause devastating damage to AMI. Therefore, there is a need of creating a formal model that can represent the global behavior of AMI configuration in order to verify the potential threats. In this paper, we present SmartAnalyzer, a formal security analysis tool, which offers manifold contributions: (i) formal modeling of AMI configuration including device configurations, topology, communication properties, interactions between the devices, data flows, and security properties; (ii) formal modeling of AMI invariant and user-driven constraints based on the interdependencies between AMI device configurations, security properties, and security control guidelines; (iii) verifying the AMI configurations compliances with security constraints using Satisfiability Modulo Theory (SMT) solver; (iv) generating a comprehensive security threat report with possible remediation plan based on the verification results. The accuracy, scalability, and usability of the tool are evaluated on real smart grid environment and synthetic test networks.

Impact Analysis of Topology Poisoning Attacks on Economic Operation of the Smart Power Grid

The Optimal Power Flow (OPF) routine used in energy control centers allocates individual generator outputs by minimizing the overall cost of generation subject to system level operating constraints. The OPF relies on the outputs of two other modules, namely topology processor and state estimator. The topology processor maps the grid topology based on statuses received from the switches and circuit breakers across the system. The state estimator computes the system state, i.e., voltage magnitudes with phase angles, transmission line flows, and system loads based on real-time meter measurements. However, topology statuses and meter measurements are vulnerable to false data injection attacks. Recent research has shown that such cyber attacks can be launched against state estimation where adversaries can corrupt the states but still remain undetected. In this paper, we show how the stealthy topology poisoning attacks can compromise the integrity of OPF, and thus undermine economic operation. We describe a formal verification based framework to systematically analyze the impact of such attacks on OPF. The proposed framework is illustrated with an example. We also evaluate the scalability of the framework with respect to time and memory requirements.

A Formal Model for Verifying the Impact of Stealthy Attacks on Optimal Power Flow in Power Grids

In modern energy control centers, the Optimal Power Flow (OPF) routine is used to determine individual generator outputs that minimize the overall cost of generation while meeting transmission, generation, and system level operating constraints. OPF relies on the output of another module, namely the state estimator, which computes all the system variables, principally the voltage magnitudes with phase angles, transmission line flows, and the bus (and total system) loads. However, recent works have shown that the widely used weighted least square based state estimation is vulnerable to stealthy attacks wherein an adversary can alter certain measurements to corrupt the estimators solution, yet remain undetected by the estimators bad data detection algorithm. Here, we show that an attack on state estimation can compromise the integrity of OPF and undermine the economic and secure system operation. We present a formal verification based framework to systematically investigate the feasibility of such stealthy attacks and their influence on OPF. The proposed approach is described with an illustrative example. We also develop a mechanism to increase the efficiency of executing our model, which is evaluated by running experiments on different IEEE test cases.

Moving Target Defense for Hardening the Security of the Power System State Estimation

State estimation plays a critically important role in ensuring the secure and reliable operation of the electric grid. Recent works have shown that the state estimation process is vulnerable to stealthy attacks where an adversary can alter certain measurements to corrupt the solution of the process, but evade the existing bad data detection algorithms and remain invisible to the system operator. Since the state estimation result is used to compute optimal power flow and perform contingency analysis, incorrect estimation can undermine economic and secure system operation. However, an adversary needs sufficient resources as well as necessary knowledge to achieve a desired attack outcome. The knowledge that is required to launch an attack mainly includes the measurements considered in state estimation, the connectivity among the buses, and the power line admittances. Uncertainty in information limits the potential attack space for an attacker. This advantage of uncertainty enables us to apply moving target defense (MTD) strategies for developing a proactive defense mechanism for state estimation. In this paper, we propose an MTD mechanism for securing state estimation, which has several characteristics: (i) increase the knowledge uncertainty for attackers, (ii) reduce the window of attack opportunity, and (iii) increase the attack cost. In this mechanism, we apply controlled randomization on the power grid system properties, mainly on the set of measurements that are considered in state estimation, and the topology, especially the line admittances. We thoroughly analyze the performance of the proposed mechanism on the standard IEEE 14- and 30-bus test systems.

Data-driven analytics for cyber-threat intelligence and information sharing

Efficient analysis of shared Cyber Threat Intelligence (CTI) information is crucial for network risk assessment and security hardening. There is a growing interest in implementing a proactive line of defense through threat profiling. However, determining the resiliency of a particular network with respect to relevant threats reported in CTI shared data remains a challenge, largely due to the lack of semantics and contextual information present in textual representations of the threat knowledge. To overcome the limitations of existing CTI frameworks, we devise a threat analytics framework based on Web Ontology Language (OWL) for formal specification, semantic reasoning, and contextual analysis, allowing the derivation of network associated threats from large volumes of shared threat feeds. Our ontology represents constructs of Structured Threat Information eXpression (STIX) with the additional concepts of Cyber Observable eXpression (CybOX), network configurations, and Common Vulnerabilities and Exposure (CVE) for risk analysis and threat actor profiling. The framework provides an automated mechanism to investigate cyber threats targeting the network under question by classifying the threat relevance, determining threat likelihood, identifying the affected and exposed assets through formulated rules and inferences. We perform a comprehensive structural and conceptual evaluation of critical advanced persistent threats (APTs) collected from credible sources and determine their relevance and risk posed to realistic network case studies. Finally we show that the proposed framework is novel in the type of analytics it provides and outperforms other competing approaches in terms of efficiency and effectiveness.

Energy efficient navigation management for hybrid electric vehicles on highways

Plug-in Hybrid Electric Vehicles (PHEVs) are gaining popularity due to their economical efficiency as well as their contribution to environmental preservation. PHEVs allow the driver to use exclusively electric power for 30-50 miles of driving, and switch to gasoline for longer trips. The more gasoline a vehicle uses, the higher cost is required for the trip. However, a PHEV cannot go long with its stored electricity without being recharged. Thus, it needs frequent recharging as compared to traditional engine vehicles powered by gasoline. Moreover, the battery recharging time is usually long, which leads to longer delays on a trip. Therefore, for the deployment of the PHEV technology it is necessary to provide a flexible navigation management scheme considering an efficient recharging scheduling, which allows choosing an optimal route based on the fuel-cost and time-to-destination constraints. In this paper, we show that this PHEV navigation management problem is NP-Complete and present a formal model to solve the problem using Satisfiability Modulo Theories (SMT) that provides a vehicle driver a routing plan, as well as the potential charging points that satisfy the requirements (e.g., the maximum fuel cost and the maximum waiting time). We also present a price-based navigation control technique to achieve better load balance for the system. Our evaluations show that the formalization can be efficiently solved even with large sizes of highway topologies and large number of charging stations.

A game-theoretic approach for deceiving Remote Operating System Fingerprinting

Remote Operating System (OS) Fingerprinting is a precursory step for launching attacks on the Internet. As a precaution against potential attacks, a remote machine can take a proactive counter-strategy to deceive fingerprinters. This is done by normalizing or mystifying the distinguishing behaviors in the packets. However, the unified modification causes significant performance degradation to benign clients. Using a game-theoretic approach, we propose a selective and dynamic mechanism for counter-fingerprinting. We first model and analyze the interaction between a fingerprinter and a target as a signaling game. We derive the Nash equilibrium strategy profiles based on the information gain analysis. Based on our game results, we design DeceiveGame, a mechanism to prevent or to significantly slow down fingerprinting attacks. Our game-theoretic approach appropriately distinguishes a fingerprinter from a benign client and mystifies packets to confuse the fingerprinter, while minimizing the side effects on benign clients. Our performance analysis shows that DeceiveGame can reduce the probability of success of the fingerprinter significantly, without deteriorating the overall performance of other clients.

Secure Distributed Solution for Optimal Energy Consumption Scheduling in Smart Grid

The demand-side energy management is crucial to optimize the energy usage with its production cost, so that the price paid by the users is minimized, while it also satisfies the demand. The recent proposed solutions leverage the two- way communication infrastructure provided by modern smart- meters. The demand management problem assumes that users can shift their energy usage from peak hours to off-peak hours with the goal of balancing the energy usage. The scheduling of the energy consumption is often formulated as a game- theoretic problem, where the players are the users and their strategies are the load schedules of their household appliances. The Nash equilibrium of the formulated game provides the global optimal performance (i.e., the minimum energy costs). To provide a distributed solution the users require to share their usage information with the other users to converge to the Nash equilibrium. Hence, this open sharing among users introduces potential privacy and security issues. In addition, the existing solutions assume that all the users are rational and truthful. In this paper, we first highlight the privacy and security issues involved in the distributed demand management protocols. Secondly, we propose an efficient clustering based multi-party computation (MPC) distributed protocol that enables users to share their usage schedules and at the same time preserve their privacy and confidentiality. To identify untruthful users, we propose a mechanism based on a third party verifier. Through simulation experiments we have demonstrated the scalability and efficiency of our proposed solution.

A declarative approach for global network security configuration verification and evaluation

With the increasing number of security devices and rules in the network, the complexity of detecting and tracing network security configuration errors become a very challenging task. This in turn increases the potential of security breaches due to rule conflicts, requirement violations or lack of security hardening. Most of the existing tools are either limited in scope as they do not offer a global analysis of different network devices or hard to comprehensively use because these tools are not declarative. Declarative logic programming can readily express network configurations and security requirements for verification analysis. In this paper, we use Prolog to model the entire network security configurations including topology, routing, firewall and IPSec. This is implemented in a tool called ConfigAnalyzer, which was also evaluated with large network and policy sizes. The tool allows for verifying reachability and security properties in flexible and expressive manner. It also allows for evaluating security configurations in terms of accessibilities credentials and rules.