Paria Jokar

Efficient Authentication and Key Management Mechanisms for Smart Grid Communications

A smart grid (SG) consists of many subsystems and networks, all working together as a system of systems, many of which are vulnerable and can be attacked remotely. Therefore, security has been identified as one of the most challenging topics in SG development, and designing a mutual authentication scheme and a key management protocol is the first important step. This paper proposes an efficient scheme that mutually authenticates a smart meter of a home area network and an authentication server in SG by utilizing an initial password, by decreasing the number of steps in the secure remote password protocol from five to three and the number of exchanged packets from four to three. Furthermore, we propose an efficient key management protocol based on our enhanced identity-based cryptography for secure SG communications using the public key infrastructure. Our proposed mechanisms are capable of preventing various attacks while reducing the management overhead. The improved efficiency for key management is realized by periodically refreshing all public/private key pairs as well as any multicast keys in all the nodes using only one newly generated function broadcasted by the key generator entity. Security and performance analyses are presented to demonstrate these desirable attributes.

Specification-based Intrusion Detection for home area networks in smart grids

Achievement of the goals of smart grid such as resilience, high power quality, and consumer participation strongly depends on the security of this system. Along with the security measures that should be built into the smart grid from the beginning, appropriate Intrusion Detection Systems (IDSs) should also be designed. Home area network (HA#) is one of the most vulnerable subsystems within the smart grid, mostly because of its physically insecure environment. In this paper, we present a layered specification-based IDS for HA#. Considering that ZigBee is the dominant technology in future HA#, our IDS is designed to target ZigBee technology; specifically we address the physical and medium access control (MAC) layers. In our IDS the normal behavior of the network is defined through selected specifications that we extract from the IEEE 802.15.4 standard. Deviations from the defined normal behavior can be a sign of some malicious activities. We further investigate the physical and MAC layer attacks in ZigBee networks and evaluate the performance of our proposed IDS against them. Our IDS provides a good detection capability against known attacks, and since this is an IDS based on anomalous event detection, we expect the same for unknown attacks.

A survey on security issues in smart grids

A key feature of the smart grid is the introduction of two-way data communications into the power grid. This brings many security challenges, because of the large-scale, difficult-to-secure environment, complexity of smart grid systems, and resource limitations of the smart grid deployments. In this paper, we focus on security and privacy concerns in the context of the smart grid. Existing security mechanisms developed for traditional information technology systems can be used as a basis for designing security measures for the smart grid. However, new methods that meet the special requirements and characteristics of the smart grid are also required. In spite of the obstacles against developing detailed security solutions for the future smart grid, such as uncertainty of the architecture and lack of practical experiences with security attacks, some research has been performed in this area over the last few years. We survey the existing literature on different security aspects of the smart grid and provide directions for further research. Copyright

Intrusion detection in advanced metering infrastructure based on consumption pattern

In this paper, we present a novel approach for detecting intrusions in the advanced metering infrastructure (AMI). Unlike traditional intrusion detection systems that use the network features and system behavior for attack detection, we leverage the predictability property of the AMI data. Electricity usage reports and pricing information constitute the major parts of the data traffic in AMI. Considering that electricity consumption patterns of customers follow a statistical model, which is a function of time and price, we introduce long-term anomaly detection and instantaneous anomaly detection of consumption patterns to detect adversarial activities in AMI with long term and short term effects, respectively. The feasibility and efficiency of the proposed approach in detecting various types of adversarial activities against AMI is demonstrated through simulations.

Efficient authentication and key management for the Home Area Network

Due to the extensive use of wireless technologies, security is one of the most important and challenging issues in smart grid networks. To secure data communications, strong authentication and key management mechanisms are needed. In this paper, we propose a mutual authentication scheme and key management protocol tailored for Home Area Network (HAN) with low overhead and enhanced robustness. Using identity-based cryptography technique, the proposed scheme broadcasts only a small packet to all HAN nodes to refresh their keys, thus significantly improving key management overhead cost by reducing network bandwidth. Analysis shows that the proposed scheme delivers required security against well-known HAN attacks, and can be easily adopted based on existing technologies.

Spoofing detection in IEEE 802.15.4 networks based on received signal strength

The shared medium used in wireless networks makes them vulnerable to spoofing attacks, in which an adversary masquerades as one or more legitimate nodes to disturb normal operation of the network. In this paper we present a novel spoofing detection method for static IEEE 802.15.4 networks based on spatial correlation property of received signal strength (RSS). While most existing RSS based techniques directly process RSS values of the received frames and rely on multiple traffic air monitors (AMs) to provide an acceptable detection performance, we extract features of RSS streams to reduce data redundancy and provide a more distinguishable representation of the data. Our algorithm employs two features of RSS streams, summation of detailed coefficients (SDCs) in discrete Haar wavelet transform (DHWT) of the RSS streams and the ratio of out-of-bound frames. We show that in a typical scenario, a single AM with SDC as detection parameter, can theoretically outperform a system with 12 AMs which directly applies RSS values as detection parameter. Using ratio of out-of-bound frames facilitates detection of high rate attacks. In addition, we suggest adaptive learning of legitimate RSS values which enhances the robustness of the attack detector against environmental changes. Using both magnitude and frequency related features, we achieved high detection performance with a single AM; this enables development of preventive measures for spoofing attacks. The performance of our approach was evaluated through an IEEE 802.15.4 testbed in an office environment. Experimental results along with theoretical analysis show that the proposed method outperforms the existing RSS-based spoofing detection solutions. Using a single AM, we were able to attain 94.75% detection rate (DR) with 0.56% false positive rate (FPR). For 4 AMs, the results improved to 99% DR and 0% FPR.

Intrusion Detection and Prevention for ZigBee-Based Home Area Networks in Smart Grids

In this paper, we present a novel intrusion detection and prevention system for ZigBee-based home area networks in smart grids, HANIDPS. HANIDPS employs a model-based intrusion detection mechanism as well as a machine learning-based intrusion prevention system to protect the network against a wide range of attack types. The detection module extracts network features and analyzes them to decide whether the network is in a normal state. We use smart energy profile 2.0 specification as well as IEEE 802.15.4 standard to precisely characterize the expected normal behavior. A set of defensive actions are defined for the prevention system which are effective in stopping various attack types. HANIDPS uses Q-learning and through interactions with environment learns the best strategy against an attack. Use of model-based approach for intrusion detection and dynamic learning for intrusion prevention, as well as employment of effective mechanisms to stop the attacks, provide a high performance for HANIDPS without the need for prior knowledge of the attacks. Soundness of the proposed method is evaluated through extensive analysis and experiments.

Spoofing prevention using received signal strength for ZigBee-based home area networks

In this paper we present a novel spoofing prevention system (SPS) for ZigBee based home area networks (HANs) within smart grids. The proposed SPS uses the spatial correlation of received signal strength (RSS) in order to detect attacks and filter malicious frames. The SPS consists of a spoofing detection module which is installed on the security center in the HAN, as well as spoofing prevention agents installed on network nodes. Once an attack is detected, the agents differentiate and filter malicious frames by analyzing the RSS values of received frames. Two methods are introduced and investigated for attack prevention, static threshold and dynamic threshold. The former has very low computational requirements, yet due to high false positive rate introduces some network overhead during the attack. The latter needs more computations; however, it has a higher performance and a very low network overhead. The soundness of the proposed method is proved through both theoretical analysis, as well as experiments.

Enhanced detection and restoration of low-rate denial-of-service in wireless multi-hop networks

One of the main threats to wireless multi-hop networks is Denial-of-Service (DoS), which either aims to bring down network performance or tends to rapidly consume resources of a particular node. Different from traditional DoS which provokes sudden changes in network traffic, routing protocol misuse that exploits vulnerabilities of routing protocols would reduce the overall performance without triggering alarms from existing detection methods based on rapid changes in network traffic. In order to overcome the weakness of traffic burst based detection methods, this paper proposes an enhanced anomaly detection and restoration scheme to defeat low-rate DoS launched by rogue nodes. Meanwhile, an exponential backoff restoration (EBR) algorithm is proposed to reduce performance degradation. Simulation results validate that the proposed scheme is able to maintain the overall network performance under low-rate DoS.

Enhancing TCP performance in wireless mesh networks by cross layer design

Wireless mesh network (WMN) is an emerging technology for last-mile broadband Internet access. Despite extensive research on and even commercial implementations of WMNs, there are still some serious performance issues in the transport layer, where the performance of Transmission Control Protocol (TCP) degrades dramatically as the number of hops increases. Improving TCP performance over WMNs is a research area that has attracted a lot of attention in recent years and the focus of this paper. We take a cross-layer design approach to improve the performance of TCP for nodes farther from the Internet gateways by giving a higher priority to the packets that have traversed a larger number of hops over the WMN. The proposal changes the way that routing and scheduling algorithms work together and can be easily implemented in IEEE 802.16d WMNs. Extensive simulation results show that the proposed method successfully improve the TCP throughput by as much as three times over a small number of hops, whereas TCP generally performs poorly when the number of hops is large.