Ognjen Vuković

Network-Aware Mitigation of Data Integrity Attacks on Power System State Estimation

Critical power system applications like contingency analysis and optimal power flow calculation rely on the power system state estimator. Hence the security of the state estimator is essential for the proper operation of the power system. In the future more applications are expected to rely on it, so that its importance will increase. Based on realistic models of the communication infrastructure used to deliver measurement data from the substations to the state estimator, in this paper we investigate the vulnerability of the power system state estimator to attacks performed against the communication infrastructure. We define security metrics that quantify the importance of individual substations and the cost of attacking individual measurements. We propose approximations of these metrics, that are based on the communication network topology only, and we compare them to the exact metrics. We provide efficient algorithms to calculate the security metrics. We use the metrics to show how various network layer and application layer mitigation strategies, like single and multi-path routing and data authentication, can be used to decrease the vulnerability of the state estimator. We illustrate the efficiency of the algorithms on the IEEE 118 and 300 bus benchmark power systems.

Network-layer protection schemes against stealth attacks on state estimators in power systems

The power system state estimator is an important application used to calculate optimal power flows, to maintain the system in a secure state, and to detect faulty equipment. Its importance in the operation of the smart grid is expected to increase, and therefore its security is an important concern. Based on a realistic model of the communication infrastructure used to deliver measurement data from the substations to the state estimator, in this paper we investigate the vulnerability of the power system state estimator to attacks performed against the communication infrastructure. We define security metrics that quantify the importance of individual substations and the cost of attacking individual measurements. We provide efficient algorithms to calculate these metrics, and use the metrics to show how various network layer and application layer mitigation strategies can be used to decrease the vulnerability of the state estimator. We illustrate the efficiency of the algorithms on the IEEE 118 and 300 bus benchmark power systems.

On the security of distributed power system state estimation under targeted attacks

State estimation plays an essential role in the monitoring and control of power transmission systems. In modern, highly inter-connected power systems the state estimation should be performed in a distributed fashion and requires information exchange between the control centers of directly connected systems. Motivated by recent reports on trojans targeting industrial control systems, in this paper we investigate how a single compromised control center can affect the outcome of distributed state estimation. We describe five attack strategies, and evaluate their impact on the IEEE 118 benchmark power system. We show that that even if the state estimation converges despite the attack, the estimate can have up to 30% of error, and bad data detection cannot locate the attack. We also show that if powerful enough, the attack can impede the convergence of the state estimation, and thus it can blind the system operators. Our results show that it is important to provide confidentiality for the measurement data in order to prevent the most powerful attacks. Finally, we discuss a possible way to detect and to mitigate these attacks.

Confidentiality-preserving obfuscation for cloud-based power system contingency analysis

Power system operators are looking to adopt and migrate to cloud technologies and third-party cloud services for customer facing and enterprise IT applications. Security and reliability are major barriers for adopting cloud technologies and services for power system operational applications. In this work we focus on the use of cloud computing for Contingency Analysis and propose an approach to obfuscate information regarding power flows and the presence of a contingency violation while allowing the operator to analyze contingencies with the needed accuracy in the cloud. Our empirical evaluation shows, that the errors introduced into power flows due to the obfuscation approach are small, and that the RMS errors introduced grow linearly with the magnitude of obfuscation.

Peekaboo: A gray hole attack on encrypted SCADA communication using traffic analysis

We consider a potential gray hole attack against SCADA substation to control center communications using DNP3. We propose a support vector machine-based traffic analysis algorithm that relies on message direction and timing information only, and we use trace-based simulations to show that even if SCADA traffic is sent through an encrypted tunnel, as often done in practice, the gray hole attack can be effectively performed based on the timing and direction of three consecutive messages. Our results show that the attacker does not need accurate system information to be successful, and could affect monitoring accuracy by up to 20%. We discuss possible mitigation schemes at different layers of the communication protocol stack, and show that a minor modification of message timing could help mitigate the attack.

On the Trade-Off between Relationship Anonymity and Communication Overhead in Anonymity Networks

Motivated by applications in industrial communication networks, in this paper we consider the trade-off between relationship anonymity and communication overhead in anonymity networks. We consider two anonymity networks; Crowds that provides unbounded communication delay and Minstrels, proposed in this paper, that provides bounded communication delay. While Crowds hides the senders identity only, Minstrels aims to hide the receivers identity as well. However, to achieve bounded message delay it has to expose the senders identity to a greater extent than Crowds. We derive exact and approximate analytical expressions for the relationship anonymity for these systems. While Minstrels achieves close to optimal anonymity under certain conditions, our results show that, contrary to expectations, increased overhead does not always improve anonymity.