Manual Smart Grid: Man In the Middle

Free download. Book file PDF easily for everyone and every device. You can download and read online Smart Grid: Man In the Middle file PDF Book only if you are registered here. And also you can download or read online all Book PDF file that related with Smart Grid: Man In the Middle book. Happy reading Smart Grid: Man In the Middle Bookeveryone. Download file Free Book PDF Smart Grid: Man In the Middle at Complete PDF Library. This Book have some digital formats such us :paperbook, ebook, kindle, epub, fb2 and another formats. Here is The CompletePDF Book Library. It's free to register here to get Book file PDF Smart Grid: Man In the Middle Pocket Guide.
Smart Grid: Man In the Middle - Kindle edition by Barbara Boehm, Dale Boehm. Download it once and read it on your Kindle device, PC, phones or tablets.
Table of contents

The system communication model as shown in Figure 1 is based on the hierarchical communication architecture. CC: we assume CC is a highly trusted and powerful entity in charge of managing the whole system. Its duty is to initialize the system and to collect, process, analyze the real-time data, and provide power distribution according to the power level and real-time data. BC: we assume BC is a highly trusted gateway in charge of collecting, storing, aggregating, and distributing real-time data. BC can also store regional individual power requirements and aggregate regional power consumption and transmit it with regional requirement summation through the NAN to the CC and distribute individual power to every user according to the power ratio from the CC.

BC needs enough secure storage, which can be used to handle the long-term keys described above and protect their private reading; this can be achieved, for example, by TPM chips to store the specific power requirements of HSM. The duty of NGW is to relay and aggregate real-time data. The duty of aggregation is aggregate the regional consumption data from BC, whereas the duty of relay is to relay the regional requirement data from BC in a secure way. Although HSM is tamper-resistant and interfering with measurements is not trivial, it is not as powerful as the gateway e. Authorized limitation to access data and encryption is critical to protect personal privacy and information—in other words, only the granted entity can receive the individual user data or access the databases of the GWs, i.

Data integrity, authentication, and access control. Authentication and access control verify authorized communication entity and ensure access to the power information, which prevent an ungranted attacker from modifying and destructing the power data integrity and availability.

Forward secrecy. Forward secrecy is a property of secure communication protocols in which compromise of long-term keys does not compromise past session keys. To satisfy these secure goals, not only should every node be encrypted with cryptographic primitives but communication flows should be verified with an efficient and bidirectional authentication method. We assume smart meters e. Although HSM is assumed to be tamper-resistant, we do not rule out the possible of data pollution or DoS attack.

Customer Reviews

A data pollution attack is a kind of malicious participant attack where the attacker lies about their values, resulting in incorrect measurement results. It is not within the scope of this paper, but we would like to mention that one possible solution is interactive or non-interactive zero knowledgeproof. Internal Attack: Internal attackers are usually participants of the protocol e. Man in the middle attack: The attacker forges or alters the communication data once he is authorized by any communication party, so the authentication key between HSM and BC should be different from that between BC and NGW to prevent the authenticated attacker from altering the communication data between BC and NGW.

Replay Attack: Attacker tries to repeat or delay a valid data transmission while misleading the honest sender into thinking they have successfully finished the data transmission. In this section, we briefly provide some preliminaries for the security and authentication scheme used in EPPRD. Based on the CDH assumption, the lightweight message authentication scheme is described in detail in [ 19 ] and is not repeated here. The Paillier Cryptosystem was proposed in by Pascal Paillier and is one common homomorphic encryption that is widely used in privacy-preserving applications [ 28 ].

Smart Grid : Man in the Middle

Concretely, the Paillier Cryptosystem is comprised of three algorithms: key generation, encryption, and decryption. Semantic Security: With the additional properties of the Paillier cryptosystem, the attacker cannot distinguish the ciphertext of plaintexts even if the plaintexts are the same. For the given hierarchical communication system model in Figure 1 , the CC can bootstrap the whole system. The specific notations in our scheme are listed in Table 1. We encrypt each individual power requirement with public RSA encryption E r i p because the BC needs to store the encrypted individual requirement and decrypt it later to distribute power according to the power ratio at the power distribution phase.

Account Options

In addition, individual power consumption requires summation to act as a reference for power distribution during the next time slot. For this, we employ homomorphic encryption E u i H , which also prevents any intermediate nodes from leaking individual consumption. HSM i computes the individual upwardly transmitted messages, msg i , as follows:. The header includes two parts: ID i denotes the sender ID and Len denotes the length of the public encryption part, which separates the non-homomorphic part from the homomorphic part. As seen in Figure 2 , we define every BC as both regional aggregator and distributor.

They store encrypted individual power requirement, aggregate regional power consumption, and transmit it after regional requirement summation via NGW to the CC. They also distribute individual power to each user according to the power ratio from the CC.

In the Related Work Section 2 , we mentioned that the authentication scheme in [ 21 ] is not sufficiently stringent because the only authentication key may be leaked. Therefore, we adopt an authentication protocol based on the Diffie-Hellman key-establishment protocol proposed in [ 19 ] between HSM i and BC j.

The specific processes are depicted in Figure 3. The specific transmission process is depicted in Figure 3 and Figure 4. If it is not the same as the one attached, it requires the transmission to be resent.


  • Hide and Go To Sleep (Allistar Shadows Series Book 2);
  • Cyber and Critical Infrastructure Security (CyCIS) Lab - Neetesh Saxena.
  • BU Cyber Security Research Group.

Then it transmits the message to the corresponding NGW k. Finally, it transmits the aggregate message to the CC. Then, it transmits them to every HSM. HSM i decrypts the power distribution message using its private key and obtains its power distribution for the next time slot. In this section, through a security analysis, we show that the proposed EPPRD achieves all the security goals defined in Section 3. Thus, the scheme provides mutual authentication among GWs and the CC.

In [ 21 ], if the pre-sent shared key s is compromised by an attacker, that attacker may be authenticated by BC with s and launch a man-in-the-middle attack. In contrast, in our scheme, even if the shared key K ij is compromised, the attacker still cannot be authenticated by the BC or NGW and the secrecy of previous keys remains intact because our authentication scheme provides perfect forward secrecy.

The confidentiality of our scheme is based on the RSA and Paillier encryption algorithms. In upward transmission, the power consumption message is aggregated using Paillier encryption, and the requirement message is concatenated and encrypted with RSA encryption PK CC. Similarly, even if an attacker eavesdrops on the communication flow between BC j and the NGW, he cannot obtain the regional requirement and consumption sum other than the individual data, because the regional requirement and consumption sums E r j 2 p and E u j 2 H can only be decrypted using the private key of the CC.

In the first, messages are intentionally eavesdropped and stored by curious internal participants such as the NGW or another HSM. However, they cannot obtain the individual measurements because they lack the private keys of the BC and CC. The second communication flow may be intentionally eavesdropped on and stored by curious internal participants such as an HSM. However, using this approach, the attacker can only obtain the regional requirement sum and aggregated consumption. Even if he were to have access to the private key of CC, he would not be able to decipher the individual requirement and consumption values.

Therefore, the proposed scheme provides not only confidentiality but also integrity.

Cyber and Critical Infrastructure Security (CyCIS) Lab - Neetesh Saxena

Therefore, parties to the communication first verify the freshness of the time stamp and then verify that it is the same time stamp present in the encrypted message. EPPRD achieves security. To demonstrate that EPPRD can maintain the plaintext of requirement and consumption, we use the plaintext indistinguishability game described below. Setup: The challenger initializes the smart meters set to participant aggregation process. The challenger generates their keys including public and private keys during the secret key generation phase in Section 5. The challenger returns the private key and plaintext of compromised smart meters.

The challenger flips a random coin b. In what follows, we prove the advantage is zero. Similarly, Equation 4 can be written as.


  1. Held for Orders : Stories of Railroad Life.
  2. EPEC: an efficient privacy-preserving energy consumption scheme for smart grid communications.
  3. Navigation menu?

    4. So the security of HSM i can be guaranteed. A SG communication system has resource constraints and stringent security requirement that make it difficult to perform computation-intensive operations such as symmetric public cryptographic operations. Furthermore, limited communication bandwidth may lead to delays or latency. Therefore, we analyze our scheme in terms of the communication volume, computational overhead, and delay time.