EXECUTINGCYBERSECURITYATTACKSONASMARTGRIDTESTBED

by

OlaoluwaOlayokunBachelor,BellsUniversityofTechnology,2013

AProjectReportSubmittedinPartialFulfillmentoftheRequirementsfortheDegreeof

MASTEROFENGINEERING

intheDepartmentofElectrical&ComputerEngineering

©OlaoluwaOlayokun,2016UniversityofVictoria

Allrightsreserved.Thisprojectreportmaynotbereproducedinwholeorinpart,byphotocopy

orothermeans,withoutthepermissionoftheauthor.

2

SUPERVISORYCOMMITTEE

EXECUTINGCYBERSECURITYATTACKSONASMARTGRIDTESTBED

by

OlaoluwaOlayokunBachelor,BellsUniversityofTechnology,2013

SupervisoryCommittee

Dr.IssaTraore(DepartmentofElectrical&ComputerEngineering)SupervisorDr.AshokaBhat(DepartmentofElectrical&ComputerEngineering)DepartmentalMember

3

ABSTRACT

SupervisoryCommittee

DrIssaTraore(DepartmentofElectrical&ComputerEngineering)SupervisorDr.AshokaBhat(DepartmentofElectrical&ComputerEngineering)DepartmentalMember

Smart Grids have emerged as a very crucial platform for providing timely, efficient, anduninterrupted power supply to consumers. Communication networks in smart grid bringincreasedconnectivitywithincreasedseveresecurityvulnerabilitiesandchallenges.Smartgridcanbeaprimetargetforcyberattackbecauseofitscriticalnature.Asaresult,smartgridsecurityisalreadygettingalotofattentionfromgovernments,energyindustries,andconsumers.Thethreat of malicious attacks against the security of the Smart Grid infrastructure cannot beoverlooked. In this project we created a testbed to simulate attacks on a smart grid powerdistributionenvironment.Thisallowsstudyingtheimpactandextentofdamageanattackcancausetoagrid,andprovidesaplatformtoinvestigate,infutureresearch,adequateempiricalprotectionmodelsandtoolsforsmartgrid.

4

TABLEOFCONTENTS

SupervisoryCommittee…………………………………………………………………………………………………………….2Abstract………………………………………………..………………………………………………………………………………….3TableofContents………………………………………………………………………………..…………………………………..4ListofFigures……………………………………………………………………………………………………………………………5Acknowledgments………………………………………………..………………………………………………………………….6Dedication…………………………………………………………………………………………………………………………………71.Introduction………………………………………………………………………..…………………………………………….82.RelatedWorks…………………………………………………………………………………………………..……………..102.1 RealHardwareTestbedApproach………..……………………………………………………………….…….102.2 SoftwareSimulationApproach……………………………………………………………………………………103.SmartGridNetworkSecurityandSimulator..………………………………………………..………………..123.1 FeaturesofSmartGridNetworks………………………………………………………………………………..123.2 SmartGridNetworkSimulator:TheScoreApplication…………………………………….…………..123.3 SmartGridSecurityRequirementsandObjectives………………………………………………………163.4 SmartGridAttacks………………………………………………………………………………………………………194.SmartGridSecurityTestbed………..…………………….……………………………………………………………224.1 TestbedRequirements……..…………………………………………………………………………………………224.2 TestbedConfigurationandSetup………………………………………………………………………………..234.3 AttacksontheSmartGridTestbed………………………………………………………………………………275.Conclusion………………………………………………………………………………………………………………………..32Appendix…………………………………………………………………………………………………………………….……33Reference………………………………………………………………………………….……………………………………..35

5

LISTOFFIGURES

Figure1:SCOREArchitecture………………………………………………………………………………………………….14

Figure2:Evaluatingtherisksinsmartgridsystems……………………………………………………………….…17

Figure3:TheCIAtriadforsmartgridsecuritysystems………………………………………………………..…..17

Figure4:RunningSCORE…………………………………………………………………………………………………………23

Figure5:SmartGridPowerDistributionNetworkSet-UponTargetMachine…………………………24

Figure6:ScreenshotshowingtheThroughputoneachlinkwhenrunning..……………………………25

Figure7:Showingtheconnectivitytestbetweenallnodesinthesystem………………………………26

Figure8:FisheyeTopologyViewoftheSmartGridNetwork………………………………………………….27

Figure9:NmapOutput……………………………………………………………………………………………………………28

Figure10:DoScommandusinghping3……………………………………………………………………………………28

Figure11:ScreenshotoftheDoSattack………………………………………………………………………………….29

Figure12:ApingfromanodetothetargetduringtheDoSattack………………………………………….30

6

ACKNOWLEDGMENTS

IamreallythankfultoGodforgivingmethegracetocompletethisprojectwithinthetimeframeset.ThisProjectwouldnothavebeencompletedwithouttheguidanceofmysupervisor,Dr.IssaTraore.Iwouldalsolovetoacknowledgemyparents;OlanrewajuandOluwatoyinOlayokunfortheirphysical,financialandspiritualsupportduringmypostgraduatestudy.Lastly,Iwouldliketoappreciatemyfriendsandcolleaguesfortherecontinuoussupportduringthecourseofthisproject.

7

DEDICATION

Iwouldliketodedicatethisworktomysiblings;Dara,MoyoandOlamidefortheconstantsupportandlovetheyhaveforme.

8

CHAPTERONE

INTRODUCTION

By using the literal definition, a smart grid can be defined as the integration of InformationCommunication Technology into Power Network using both electrical and informationcommunication layer.Eventhoughtheuseofsmartgridhasbeen increasing, there isstillnoagreeduniquedefinition.However,wetakeintoconsiderationtwomaindifferentdefinitions,oneprovidedby theEuropeanTechnologyPlatform [1]and theotherone from theNationalInstituteofStandardsandTechnology(NIST)[2].TheEuropeandefinitionofsmartgridis:

“A smart grid is anelectricitynetwork that can intelligently integrate the actionsof all usersconnectedtoit-generators,consumersandthosethatdoboth-inordertoefficientlydeliversustainable,economicandsecureelectricityissues.”[3]

Thisdefinition ismoreorientedtowards theactors involved in thepowernetwork,while theAmericandefinitionismoreorientedtowardsthetechnicalspecificitiesofthesmartgrid:

“. . .advancedpowergrid for the21stcentury include theadditionand integrationofmanyvarieties of digital computing and communication technologies and services with the powerdelivery infrastructure.Bidirectionalflowsofenergyandtwo-waycommunicationandcontrolcapabilities will enable an array of new functionalities and applications that gowell beyond‘smart’metersforhomesandbusinesses.”[4]

Despite the littledifferences in the smart griddefinitions, bothparties agreeonmostof thebenefitinusingsmartgrid,whichinclude:

Ø Increasequalityandpowerreliability,whichaffectnotonlynormaloperation,butalsoallowrefiningthegridresiliencetodisruptioncausedbynaturaldisastersandattacks.

Ø Provide the users with energy usage information, allowing the implementation of anenergyawarenesssystem.

Ø Allow a more active role of the consumer, increasing their choices by enabling newproducts,services,andmarkets.

Ø IncreaseenvironmentalbenefitsandreducegreenhouseemissionsbyenablingEVandRESintegration.

Ø Preventivemaintenancethroughthecontinuouspowernetworkmonitoringsystem.

Asmartgridisacriticalinfrastructurenetworkwithverystringentdependabilityrequirements.Theresilienceofsuchnetworktodisasters,bothnaturalandman-madeiscrucial.Cybersecurityattacksareamongtheman-madedisastersfacingsmartgridnetwork.

9

Understandinghowsuchattacksoperateisanimportantstepindesigningadequateprotectionstrategies against the underlying threats. The purpose of this project is to set up an attackplatform,whichallowsresearcherstoexecuteandstudytheeffectofvariousattackscenariosagainstasmartgridsimulationplatform.

Therestofthereportisstructuredasfollows.Chapter2summarizesanddiscussesrelatedwork.Chapter 3 gives an overview of smart grid network security requirements and presents thesimulationplatformusedinthisproject.Chapter4presentsthesmartgridsecuritytestbedandattackstothetestbed.Chapter5makessomeconcludingremarks.

10

CHAPTERTWO

RELATEDWORKS

Creating testplatformforcyber-physicalanalysis inSmartGrid ischallengingand ithasbeenstudiedforyears.Theapproachestechnicallyusedtosolvethisissuegenerallybreaksdownintotwocategories:realhardwaretestbedandsoftwaresimulation.Theapproachusedinthisprojectissoftwaresimulation.

2.1 RealHardwareTestbedApproach

Realhardwaretestbedsarefurtherdividedintotwocategories:flat-outhardwareplatformsandhardwareintheloopplatforms.

2.1.1 Flat-OutHardwarePlatform

Flat-out hardware platforms are the ones consisting of total hardware devices. The KoreangovernmentselectedthewholeJejuIslandtobuildtheSmartGridtestbedtoallowthetestingofSmartGridtechnologiesandbusinessmodels[5].ARenewableEnergyLaboratoryinGreecewascreatedtosetupacentral-controlledmicrogridtestbedwhichhadPV-panels,batterybanksandinverterstoinvestigatetheproposedSmartGridtopologies[6].SensorwebReserachLaboratoryfromGeorgiaStateUniversitydesignedSmartGridLab testbed to test thedistributeddemandresponse algorithm. It includes intelligent power switch, power generator, renewable energysources,smartappliances,andpowermeter[7]

2.1.2 Hardware-In-The-LoopPlatform

Hardware-in-the-loopplatformaretheonesthathaveamixtureofbothhardwaredevicesandsoftwaresimulatorstoachievethecyberphysicalanalysisofSmartGrid.Hahnetal.in[8]employdevices like Programmable Logic Units (PLUs) and Intelligent Electronic Devices (IEDs) forcommunicationnetworksandReal-TimeDigitalSimulatorsforpowernetworksimulation.

2.2 SoftwareSimulationApproach

ThesoftwaresimulationapplicationsforSmartGridcyberphysicalanalysiscanbefurtherdividedintotwocategories:individualsimulationplatformsandco-simulationplatforms.

2.2.1 IndividualSimulationPlatforms

IndividualsimulationplatformsarethosewhichbringtogetherthesimulationfeaturesforSmartGridintooneentity.Thesetypesofsimulationsusuallyaimatandfocusononeparticularareaof interests for Smart Grid. In 2008, Guo et al. designed and created an energy demandmanagementsimulator(EDMS)tocalculatetheresponsefromdifferentdeploymentstrategiesofdistributeddomesticenergymanagement[9].

11

In2009,Molderinketal.createdfromscratchasimulationenvironmenttoanalyzeandcontrolalgorithmsforenergyefficiency[10].Inthesimulationcreated,microgenerators,energybuffersandapplianceswereallmodeledanddifferentenergystreamslikeheatandgaswerestudied.

In2012,Narayanetal.presentedGridSpice[11]acloudbasedsimulationpackageforSmartGrid.LeveragingthepowerfulcomponentofGridlab-DandMatpower,GridSpicewasdevelopedwiththe main purpose of modeling the interactions between all parts of the electrical network,includinggeneration, transmission,distribution, storageand loads.All the individual softwareplatformscancompleteaparticularsettaskontheirown,buttheyalljustconcentrateonthepowernetworksimulation.ButoneofthelimitationsofthesetypesofsimulationplatformsisthatthecommunicationnetworkwhichisacriticalcomponentofaSmartGridisnotconsideredintheseplatforms.Thisiswhyco-simulationplatformswereintroduced.

2.2.2 Co-SimulationPlatforms

Co-simulation also known as co-operative simulation is a simulation approach that allowsindividualcomponentstobesimulatedbydifferentsimulationtoolsrunningconcurrentlyandexchanginginformationinacombinedmanner.In[12]Godfreyetal.simulatedaSmartGridusingNS2andOpenDSSwhich is apowernetwork simulator. In [13],Mallouhietal.createda co-simulationtestbedjustforsecurityanalysisofSCADAsystembyutilizingPowerWorldsimulatorand OPNET. The co-operative approach typically needs simultaneously running separateelectricalandcommunicationnetworksimulationsatthesametime.Thecollaborationbetweencommunicationsandpowersystemmodelsisusuallylimitedtoafixedsynchronizationinterval.Reliability is an issue regarding systems like this because mismatches occurs between thesimulations.Animprovementaboutthisissueistointegrateonesimulationcomponentintotheother.In[14]electricnetworkismadeintoacomponentwithinOMNET++,anetworksimulator.

Fromtheabovediscussion,wecanseethepropertiesoftherealhardwaretestbedapproachandthesoftwaresimulationapproachforcyber-physicalanalysisinSmartGrid.

Therealhardwaretestbedapproachattainshighfidelitybyincludingdedicateddevicesaspartof the testbeds. The critical control programs, such as demand response algorithms, routingprotocolsetc.canbetestedinrealhardwaretestbedsandtheycouldbedirectlymigratedtotheactualSmartGridembeddeddevices.However, theproblemswiththerealhardwaretestbedapproachisthescalabilityandaccessibilityfactors.Thededicatedandspecializedhardwareareintegralpartsofthetestbedsthereforetheycannotbeeasilyaccessedandusedbythepublicresearchcommunityandtheybecomedifficulttoscalewhenthetestcasebecomesquitelarge.

The software simulation approach, on theotherhand, achievesbetter scalability and canbeeasilyaccessedanddistributed.Thesoftwaresimulationtoolscannotduplicatetheexecutionenvironmentwhichisimportant,itcanonlyduplicatebehaviorsoftheSmartGridsystembutnottheexecutionenvironment.Therefore,thecriticalcontrolprogramsofSmartGridapplicationseithercannotbetestedorcanbetestedbutcannotbemigratedtophysicalSmartGriddevicesdirectly.

12

CHAPTERTHREE

SmartGridNetworkSecurityandSimulator

3.1 FeaturesofSmartGridNetworksThesmartgridnetworkisexpectedtosharesimilararchitecturewiththealreadyexistingInternet.However,thereareimportantdifferencesbetweenthem:

1. Latencyrequirements:Theinternetiscreatedwiththepurposeofprovidingdataservices

totheuserslikesurfingordatasharingsupportedwithhighspeeddatarate.However,insmartgridthisisquitenotthecase.Smartgridnetworksareintendedforreliable,secureandreal-timecommunicationswhicharesupportedwithlowlatency.

2. Communicationmodel:Intraditionalpowergrids,thetypicalmodelforcommunicationisone-waywhereelectronicdevicesreporttheirreadingstothecontrolcenter.But insmartgrid,communicationisbi-directionalandreal-time.

3. Datasizeandflow: Internethasgenerallyburstytypecommunicationshoweversmartgridisexpectedtobebulky[15]andhasperiodicdatacommunicationsbecauseofthebigsizeofthenetworkandrealtimecommunicationandmonitoringrequirements[1].

3.2 SmartGridNetworkSimulator:TheScoreApplication

Inthisproject,weusedSCOREforoursimulations,anopenresearchemulationenvironmentforSmartGrid.SCOREisbuiltuponCORE[16],anopensourcecommunicationnetworkemulatorfrom theNavalResearch Laboratory. IntegratingCORE’s communication featureswithpowermodule,SCOREdifferentiatesitselffrommanyexistingapproachesbyenablinglargescaleSmartGrid applicationsusing general purposePCswhilewith little or no codemigrationproblems.SCOREdifferentiatesitselffromtherestwiththefollowingspecificfeatures[23]:

§ Firstly,softwareemulation inSCOREachieveshighfidelitybyreplicatingtheexecutionenvironment so that the programs running in the emulation platform can be directlyportedtotheembeddeddevicesasfirmware.

§ Secondly,SCOREenablesdistributedemulationfeatureinorderforverylargescaletestcasestobesupported.

13

§ Finally,SCOREsupportsdynamicconnectionanddisconnectionbetweenmultipleSmartGridemulationinstancesinrealtime.

Thesignificanceofthisfeatureiswhenusersfrommultiplepartiesindifferentlocationswanttoconduct the integration testing together, but want to preserve the privacy of power andcommunicationnetworksconfigurations,thisfeaturewouldmakeithappenwithoutrequiringexplicit synchronization from all parties. The design of SCORE takes advantage of CORE’sstructure.Figure1providesanabstractoverviewofSCORE’sarchitectureandthe integrationapproach.Asshown,SCOREconsistsofGUI,ServiceLayer,CommunicationModuleandPowerModule.

3.2.1 GraphicsUserInterface(GUI)

TheSCOREGUIisbuiltusingTcl/Tk.TheTktoolkitprovidesalmostsufficientwidgetsforalltheXwindowsysteminterfaceneeds.TheTcl/TkGUIprovidesaneasilydrag-and-drawcanvaswithvariousSmartGriddevices(Host,SolarPanel,WindTurbine,PowerPlantetc.),whichcanbeplacedandconnectedtoeachotherwithcommunication linksorpowerlines. Also, the communication interfaces, power interfaces and energy modelparametersofeachnodecanbeself-configured.

Duringtheexecution,aterminalispoppedoutwhendoubleclickinganyselectednode.Userscannavigatethe local filesystemorexecutebashscript throughthe interactiveshellwindow.Distributedemulationcanbeconductedbyassigningaselectionofnodesto another emulation server in GUI. The message broker in Service Layer is used toforwardmessagesfromtheGUItotheappropriateemulationserver.

14

Fig.1.SCOREArchitecture[23]

3.2.2 ServiceLayer

The Service Layer consists of python frameworks that are used for creating sessions,instantiating the virtual nodes, communication and power interfaces, communicationlinksandpowerlines,inregardstotheGUIinput.Thestart-updaemoninservicelayercooperateswithGUIusingaTCPsocket-basedAPIsuchthattheemulationcanrunonadifferentmachinewiththeGUIorevenwithoutaGUI.Pre-definedenergymodelsandcommunicationprotocols,whichareusuallydaemonizedintheLinuxoperatingsystemof the emulation server, are all wrapped as Smart Grid services in this layer. ThesecommunicationandenergyservicescanallbeemployedtodevelopvariousSmartGridApplications.UsersarealsoallowedtoaddtheirowncustomizedservicestoSCOREbyprovidingtheirownimplementations.

15

3.2.3 LightWeightedVirtualizationTheemulationfeaturesofSCOREareexecutedusingaLinuxnamespacetechnique,whichisthelightweightedparavirtualizationtechniquesupportedbymainstreamLinuxkernel.ItisdifferentfromthenormalvirtualmachinestechniqueslikeVMwareorVirtualBox.Each emulated virtual node in SCORE has its separated copy of network interface,protocolstackandprocesscontrolgroup.Allotherresourcesliketheoperatingsystemandlocalfilesystemareallsharedbythevirtualnodes.Thelight-weightedvirtualizationfeatureisthebasisofSCOREscalabilityability.Furthermore,fromtheevaluationofthecodesrunninginsidethevirtualnode,eachemulateddeviceisgiventheimpressionofjustanotherpieceofhardwareplatformcontrolledbytheLinuxOS.ThisequipsSCOREwith thepropertyofportability inorder for theemulatednode tobeable toexecuteunmodified Smart Grid application codes running inside a real physical Linux-runninghardwaredevices,andviceversa.

3.2.4 CommunicationModule

ThecommunicationmoduleinSCOREleveragestheacross-the-boardsupportofvariouswired and wireless communication network models and protocols from CORE. EachemulateddevicehasitsowninstanceofoperatingsystemimplementedTCP/IPstackfromtheperspectiveofOpenSystemsInterconnection(OSI)model.ThismakesSCOREhavethehighfidelityemulationofnetworklayerandabove.Statisticalnetworkeffectssuchasbandwidth,biterrorrate,lossrate,etc.canalsobeconfiguredandapplied.Inaddition,thevirtualizedEthernetinterfacecanbeeasilymappedtoaphysicalEthernetinterfaceon the emulation host so that all traffic going through the physical port would betransmitted to the emulation environment. Thus, allowing real time communicationbetweentheexternalphysicalnetworksandthevirtualnodesinsidearunningemulation.

Byusingthevirtualizedinterfacesoneachemulatedhost,thecommunicationnetworkthatisemulatedondifferenthostscanthenbedirectlyconnectedwitheachotherinruntime,whichenablesthedynamicemulationofthecommunicationnetworks.Thisfeatureis used to enable the interactions and synchronization between the communicationmoduleandthepowermodule.Theconceptisthatthepowermoduleisrunningonahostphysicallyinthesamenetworkwiththecommunicationemulationhostsothatthepowermodulecanobtainandreacttothequeued-upmessagessentbyalltheemulatedvirtualnodeinrealtime.

16

3.2.5 PowerModule

ThepowermoduleinSCOREemulatesthepowerflowsanalysiswithinSmartGridandalsogivesimplementationsofpre-definedenergymodels.Thepowermodulegathersinitialpowernetworktopology,energymodelconfiguration informationandthedynamicconnection/disconnectionrequestfromservicelayertocreatethepowernetworkmodel.ThepowernetworkmoduleofSCOREisunderlinedbythefollowingqualities:

• SCORE accepts incremental model updating in computation to respond more

efficientlytothesystemstatuschanges.

• Assizeofpowernetworkincreases,distributedcomputationforpowernetworkbecomesarequirementforanefficientSmartGridemulation.Therefore,SCOREhighlightsitselfinscalabilitybyenablingtheusertoconducttheemulationinadistributedwaywhenasinglePCcannotprovideenoughcomputationcapabilities.Thepowernetworkmodelissplitintoseveralsubdomainsandeachsubdomainsiscomputedandupdatedseparatelyinparallel.Withappropriatesynchronizingamongthedifferentcomputingandupdatingprocesses,themergedresultofthepowerflowinSmartGridiscompactwithoutanylossofprecisionwhencomparedwithcentralizedcomputation.

• SCORE allows dynamic connections and disconnections ofmultiple Smart Gridinstancesrunningondifferenthostsbyonlyusingthe interfacesbetweeneachpowernetwork. The importanceofdoing this is in the casewheneachuser isunwillingtorevealtheirownSmartGridtopologydetailstoanotheruser,theycanstillconductthecombinedemulationwitheachothertoseetheimpactofexternalnetworksontheirownnetwork.

3.3 SmartGridSecurityRequirementsandObjectives

Therearedifferentfactorstoconsiderwhendiscussingcyberattacksinsmartgridsystems.Thesefactors include integrationofbi-directional communicationnetworks, incentives to attackers,socioeconomic impactoftheblackouts,etc.Basically,theattackrisk inthesmartgridsystemreliesonthreefactorsasshowninFig.2.

Formally,theriskcanbedefinedas[17]:

Risk=Assets×Vulnerabilities×Threats,

17

Fig.2.Evaluatingtherisksinsmartgridsystems[17].

Assetsarethesmartgriddevices(suchassmartmeters,renewableenergydevices,data,networkdevices,etc.).Vulnerabilitiesallowanattackertoreduceasystem’sinformationassurance,andThreatsmayleadtopotentialattackscomingfromoutsideorinsideofthesmartgridsystemswhichareassociatedwiththeexploitationofavulnerability.Therisk is theprobability thatathreatagentwillexploitavulnerabilityandtheimpactifthethreatiscarriedout.The‘Risk’intheaboveequationcanbeminimizedormadezeroifoneofthequantitiesontherightsideisminimizedormadezero.Itisthereforeimportanttonotethatassetsinsmartgridsystemscannotbezeroandalsothreatscannotbemadezerobecausetheyareoriginatingfromunknownplacesorattackers.Thus,themainaimandfocuswillbetominimizethevulnerabilitiesinthesmartgridtominimizetheoverall‘Risk’.SmartgridsecurityobjectivesshouldbetocomplywithpolicieswhileensuringinformationConfidentiality,IntegrityandAvailability,alsoknownastheCIAtriad.TheCIAtriad[18]whichisthefundamentalprincipleofsecurity isamodeldesignedtoguidepoliciesforinformationsecurityinsmartgridsystems.ItisshowninFig.3.

Fig.3.TheCIAtriadforsmartgridsecuritysystems[18].

Vulnerabilities

ThreatsSmartGridAssets

Risk

Availability

SmartGridSystems,Assets,andOperation

18

Confidentiality inthesmartgridsystemsisneededtomakesurethataccesstoinformationisrestricted to only authorized people and it is designed to prevent unauthorized access.Confidentialityisoneofthekeycomponentsofprivacy.Insmartgridsystems,privacyisoneofthemostimportantconcernstocustomers.Thisisbecauseofthevarioushomeapplianceswhichareconnectedtopowergridsforreal-timebi-directionaldatacommunicationandelectricityflowandifthisinformationfallsintothewronghands,theycanbeusedtokeeptrackofthelifestyleof thepeople,whatappliancestheyuse,whetherthepeoplearecurrentlyathome,etc.andmisusethisinformation.

Integrityofinformationinsmartgridisneededtoensuretheaccuracyandreliabilityofdata.Theinformationshouldnotbealteredinanyformorundetectedmanner.Thisfeaturesupportsthesmartgridinprovidingstrongreal-timemonitoringcapabilities.

Availabilityinthesmartgridsimplymeansthattheinformationmustbeavailabletoauthorizedparties at all times when it is needed and where ever it is needed without any securitycompromise.Powersystemsaretobeavailable100%ofthetime,thereforepreventingattackerfromimplementingablackoutusingdenial-of-service iscrucial.Additionally,Authenticityalsoplays a very important part in a smart grid systembecause it is essential tomake sure thatidentitiesofbothpartiesinvolvedincommunicationaregenuine.

InadditiontotheCIAtriad,otherspecificsecurityrequirementsforthesmartgridrecommendedbyNISTareoutlinedbelow[17],[18]:

1) Self-healing and Resilience Operations in the Smart Grid: In smart grid systems, thecommunication network is open as smart grid assets are distributed over largegeographicalarea.Therefore,itisdifficulttoensurethateverysingledeviceinthesmartgridisinvulnerabletocyber-attacks.Becauseofthese,itisadvisableforthesmartgridnetwork to have some self-healing capability against cyber attacks. A networkadministratormustcontinuallyperformsomesortofprofilingandestimatingtomonitorthedataflowandperformpowerflowstatustodetectanyabnormalincidentsthatwillbeaproductofcyberattacks.Havingresilientdatacommunicationisveryimportanttoachieveavailabilityofdatacommunicationforpowersystemoperations.

2) Authentication and Access Control: Because we have millions of home appliancesconnectedinasmartgrid,weneedtheauthenticationprocesstoverifytheidentityofeachdeviceoruser inorder toprotect smart grid systems fromunauthorizedaccess.Likewise, access control is used in smart grid to ensure that resources in the grid areaccessedonlybytheauthorizedusers.

19

3) Communication Efficiency and Security: In order to support real timemonitoring, thesmartgridcommunicationneedstobeefficientandhighlysecuretogetherwiththeabilitytouseselfhealingcyberdefensesolutionstoprotectfromanysecurityattacks.Trade-offsbetweenthesetwoparametersshouldbeconsideredinsmartgrids.

3.4 SmartGridAttacks

TheThreecategoriesofsmartgridcyber-attacksthatwewilldiscussinthisprojectarelistedasfollows:

1. PhysicalLayerAttacks,2. DataInjectionandReplayAttacks,and3. Network-basedAttacks.

3.4.1 PhysicalLayerAttacks.

Thereareseveralformsofphysicallayerattacksandadetailedanalysisofsomeoftheattacksandtheircountermeasuresaregivenbelow[19]:

A.Eavesdropping

Wireless signals are transmitted in the airwhich is an open space and it is thereforesusceptible to eavesdropping by an attacker. Sensitive information from a smartappliance can easily be observed, and compromised through such an attack.Eavesdroppersarereadilyavailableandaffordableintoday’smarketwhichencouragessuchattacks.Onewaytoprotectagainstsuchattackistousedataencryptionsoastoprotectsomesensitiveinformationfromfallingintothehandsofanenemy.However,ifa certain pattern is illustrated by the transmitted data, a smart hackermay use thispatterntocreateawaytodecipherthemessagestransferred.Forexample,ifeveryoneinaparticularhouseisoutforvacation,theelectricityusagewilldrop.Ifthesmartmeterisinstructedtocommunicatewiththedataconcentratorunitifthelengthofthemessageto be transmitted is directly proportional to energy consumption, then a pattern ofactivityofthehousecanbegeneratedbyanattacker.

B.Jamming

Themainaimofthistypeofattackistodisturbthewirelessmediumbyjammingitwithnoisesignalssothatthesmartmeterscan’tcommunicatewiththeutilityprovider.Suchattackscanbeeitherproactivejammingorreactivejamming.

20

Theformeriswhenthejammeremitsnoisesignalscontinuouslytocompletelyblockthewirelesschannel,whilethelatteristhecasewherethejammerfirsteavesdropsontheradiochannelandlaunchestheattackonlywhensignalsaresensedonthechannel.Thisattackgivesabadresultandaffectswhenalegitimatesmartmetertriestoinitiatearealconnection.Thechannelmaybetaggedbusyforanycarriersensingdonebythelegitimatesmartmeteroritmayevenpreventitfromreceivingpacketsingeneral.Itisquitedifficultto differentiate between reactive jammer attacks that may be result from routinecommunicationsignalsandfromadversary-initiatedsignals.

C.InjectingRequests

Themaingoalofthisattackistodisrupttheregularoperationsatthehardwarelevelofdevicesinthesmartgrid.Theattackercausespacketcollisionanditissimilartoreactivejammingbecause it alsoblocks the communication channel. In injecting requests, theattacker sets the system in such a way that the channel prioritizes the attacker’scommunicationrequestwhiledenyingaccesstolegitimatedevicesinthesmartgrid.

D.InjectionAttacks

Thisattackinsertsformattedmessagesintothewirelessnetworkunliketheearliertwoattacksthatdependonfalsesignals.Thistypeofattackinvolvesanattackermimickingeitheralegitimatesenderorareceivertogetunauthorizedaccesstoawirelessnetwork.ThisattackisalsoverysimilartotheTCP-SYNflooding(denialofservice)attackwherein,thetarget'sresourcesareoverwhelmedthroughprocessingoffalsemessagesreceived.Suchanattack canbeavoided throughproviding the suitable securitymechanisms toensuremessageauthentication.

3.4.2 DataInjectionandReplayAttacks

Anotherclassofmaliciousattacksinthesmartgridisthedatainjectionandreplayattack.Falsedatainjectionattacksoccurwhenfalsifieddataisinjectedintotheneighborhoodareaobservedby thenetworkoperator.Theattacksusually target thesmartgrid infrastructure,particularlymeasurementandmonitoringsub-systemswiththeaimofmanipulatingmetersoastodeceivetheoperationandcontroloftheutilityprovider.

Messagereplayattackshappenwhenanattackergainselevatedprivilegetosmartmetersandas a result can then inject control signals into the system. For this attack to take place, theattackerneeds to firstcaptureandanalyze thedata that is transmittedbetweendevicesandsmartmeterstogainthetargetscharacteristicsofpowerusage,andthentrytofabricateand

21

injectfalsecontrolsignalsintothesystem.Themainpurposeofthereplayattackistocontrolenergybydirectingpowertoanotherlocation,andanotheraimistocausephysicaldamagetothesystem.Awell-knownexampleofsuchanattackisStuxnet.

In [20] a scheme is proposed for detecting message replay attacks in the smart grid. Thehouseholddevicesinthesmartgridaretreatedaslineartimeinvariantsystems,withthesmartmeterassignedtheroleofobservingthehouseholddevices.Thereplayattackisdefinedsimplyasamodificationtothecontrolsignalwhichiscommunicatedbyaconsumerdevicetothesmartmeter.

3.4.3 Network-BasedAttacks

Theman-in-the-middleattackisaverycommonexampleoftopologyattacksofaSmartGrid.Thisattackhappenswhenthehackercapturesnetworkdataandmeterdatafromremoteterminalunits,andthentweakpartoftheseinothertoformatandforwardthealteredversiontothecontrolcenter. Ifthesmartgrid ismissingdataalerts,theattackercansuccessfullyalterbothnetworkandmeterdataefficientlysuchthattheyareconsistentwiththe“target”topology.

Afusion-baseddefensetechniquewasproposedin[21]foridentifyingattacksinthesmartgridbasedonfeedbackreceivedfromindividualnodesinthenetwork.Throughthesupportofthenecessarycommunicationprotocol,eachnode is required tocommunicatewithacentralizedfusion center to convey their individual observations. It is highlighted in the paper, thatintentional attacksmaybe targeted toonlya specific subsetofnodesof the smartgrid, andtherefore feedback fromallnodes isessential foraccuratelydetecting theseattacks.Agametheoreticanalysisissubsequentlyprovided,wherein,theattackeristreatedasoneplayerandthedefenderasanother.Basedonthenotionthattheattackerwillintendtocompromisethemostcriticalnodes,thedefensestrategyistoensurethattimelylocalobservationbyindividualcritical nodes, and subsequent communicationof findings to the centralized fusion center, isessential.

In[22],theeffectsofDenialofService(DoS)attacksagainsttheloadfrequenciesofsmartgridswas studied. Smart grid datameasured by remote terminalswas sent to centralized controlcenters. If the communication channel between these sensors and the control center iscompromisedfromdeliveringmessagestothedestination,theDoSattackcansignificantlyaffectthesmartgridoperations.Theattackercanthenlaunchsuchanattackonthecommunicationchannelbyjammingthechannelthroughinjectingalargenumbersofpackets.

22

CHAPTERFOUR

SMARTGRIDSECURITYTESTBED

4.1 TestbedRequirements

The following requirements are necessary when configuring a testbed and they wereimplementedinoursystem:

R1 ModelingofSmartAppliance:Thisisconsideredtobeafunctionalrequirement.Forthehomeareanetworkemulation,thetestbedshouldimplementapplianceemulation.Thereisaneedformodellingsmartappliancestobeabletotestthefunctionality of such devices, not only for technical reasons such as securityassessment purposes, but also for operational reasons, such as to ensure thatsmartappliancesareabletorespondtopriceanddemandsignalstoensurethatsmartgridobjectivesandcharacteristicsarefulfilled.Oursystemmodelsdifferentappliancesinthegrid.

R2 Hardware Integration: The test bed is expected to enable actual hardwareintegration or at least provide an interface to be able to integratewith actualhardware.Thisrequirement isconsidered importantas itwillprovidearealisticimplementationofthetestbed.Usingphysicalhardwarewithinthetestbedwillenable theevaluationand testingof real timecharacteristics. This alsoenableshardware testingwithout theneed to setupandmanageahardware testbedenvironment.

R3 IP-basedcommunication: Toenabledistributeduseandremoteaccess,IPbasedcommunicationshouldbeusedbetweenallmajornodesofthetestbed.Thisisanessentialrequirementnotonlyforcorrectemulationofthecurrentgenerationofsmartgridnetworkbutalsotoenabledistributedemulation,i.e.componentsofthe test bed may be implemented and shared from geographically diversenetworkstoenablebetterutilizationofresources.Thiswouldenablenotonlyacollaborativetestbeddevelopmentandutilizationbutalsofoster innovation. IPbasedcommunicationisinherentinsmartgridtestbed,asamajorityofnetworkcommunicationpathsinactualsmartgridsarebasedonIPnetworks.Thussmartgrid networks are given greater flexibility, but also introduced to highervulnerabilitiesthatexistinIPbasednetworks.UsingIPbasedcommunicationsinsmartgridtestbedswouldalsoenabletherapidprototypingandassessmentofIPbasedattacksandvulnerabilities.

R4 GraphicalUser Interface:Agraphicaluser interface isanotherrequirementthatmaybeusefulforanimplementedtestbed.AGUIwillenablegreatereaseofuseof the testbed.Thiswill encouragegreaterparticipation,aswell asprovideaneffectivemeans to interactwith the testbed for thedesign,development, andexecutionoftestscenarios.

23

4.2 TestbedConfigurationandSetup

The testbed for simulating the cyber securityattackwas implementedona Linux-basedhostrunning a virtual machine using Oracle VirtualBox. The installation details for the OracleVirtualBoxareavailableintheAppendix.Oneoftheprimaryareasoffocusduringthesetupofourtestbedwastoemployopensourceandfreelyavailablesoftwaretools.

ThetestbedconsistsoftwoLinux-basedvirtualmachines,oneisdedicatedtotheattackerwhilethesecondsystemservesasthetargetmachine.TheattackersystemrunstheKaliLinuxwhichisaDebian-derivedLinuxdistributiondesignedfordigital forensicsandpenetrationtesting.TheTargetmachineontheotherhandrunstheUbuntuLinuxwhichisaDebian-basedLinuxoperatingsystemforpersonalcomputers,smartphonesandnetworkservers.TheInstallationstepsforbothLinuxmachinescanbefoundintheAppendixsection.

Onthetargetmachine,wecreatedaSmartGridPowerDistributionnetworkusingScore.Scorewas installed in the Ubuntu-based target machine to also show the result of distributedemulationanddynamicconnection/disconnection involved inasmartgrid.Thetargetsystemnamed “target@ubuntutarget”was given amemory of 1.2GB, using processor Intel Core i5-4200UCPU@1.60GHzandhasa64-bitOSArchitecturerunningontheUbuntu15.10version.

We generated a smart grid networkwith one power plant and three houses. Each house isconnectedwith thepowernetwork throughan intelligentpower switch,which servesas theenergycontrolcenterforthehouse.Eachpowerswitchwithineachhouseisconnectedtofourdifferenttypesofnodes:

§ Loads(representedbywasher)§ PowerStorage(representedbybattery)§ Renewableresources(representedbywindturbineandsolarpanel)

Fig.4RunningScore

24

Inordertobeginsettingupthesmartgridnetworkonthetargetmachine,wehavetostarttheSCORE services. This automatically runs the score-daemon program and starts the service.Afterwards,wegointothedirectorywherescoreisinstalledandlaunchtheSCOREGUI.AllthesestepscanbeseeninFig.4above.

The smart grid network was initially set up with 16 nodes. Each node’s new interfaces areautomaticallyassignedIPaddresseswithintherange10.0.0.0/8andalsosupportIPv6address.Virtual networks generally require some form of routing in order to work, for example topopulate routing packets from one subnet to another. Therefore, Score builds OSPF routingprotocolconfigurationsbydefault.TheOSPFprotocolismadeavailablefromtheQuaggaopensourceroutingsuite.

Fig.5SmartGridPowerDistributionNetworkset-uponTargetMachine

25

Figure5aboveshowsallthenodesinthesmartgridnetwork.Eachnodeisconnectedthroughawirednetwork,whichiscreatedusingtheLinkTool,whichallowsdrawinglinksbetweennodes.ThisautomaticallydrawsagreenlinerepresentinganEthernetlinkandcreatesnewinterfacesonnetwork-layernodes.DoubleclickingoneachlinkwillinvokethelinkconfigurationdialogboxwherewecanchangetheBandwidth,Delay,Lossandduplicaterateparametersforthatlink.Thefollowing services zebra,OSPFv2,OSPFv3, vtysh, and IPForward for IGP link-state routingarerunningonallnodes.

Fig.6.ScreenshotshowingtheThroughputoneachlinkwhenrunning.

The rateofall successfulmessagesdeliveredover thecommunication linkalsoknownas thethroughput can be displayed on each link as seen in Fig.6. TheWidget Throughput in scoredisplaysthethroughputmeasureinkilobit-per-secondoneachlink.

26

Totestandverifythecommunicationbetweenallnodesinthesmartgrid,weusetheping–Rcommand.Weissuethecommandfromnode4whichisapowerswitchinoneofthehousestocontactnode-20whichisthepowerplantsupplyingenergytothegrid.Thepowerswitchhastheaddress10.0.15.2andthenode-4addressis10.0.1.1.WeDoubleclickonanodetopopoutaLinuxterminalwindow,justlikeaccessingarealLinuxdevice.Fig.7showstheresultoftheroutecommandfromtheterminalofthepowerswitchinthehouseandalsotheresultoftheping–Rcommand.

Fig.7Showingtheconnectivitytestbetweenallnodesinthesystem

27

4.3 AttacksontheSmartGridTestbed

ThemainaimofthisprojectistoenablethesimulationofattacksfromtheKaliLinuxplatformtothetargetUbuntusystemwhich is runningthesmartgridpowerdistributionnetwork.AGREtunnelwascreatedtoenabletheconnectionbetweentheattackersystemandthetargetsystem.Thetunnelwasonarouterconnectedtonode-3inthesmartgridonthetargetsystem.ThisGREtunnel connection enables the outside network connection of the attacker to have fullconnectivitytoallthecomponentsinthesmartgrid.

Fig.8FisheyeTopologyViewoftheSmartGridNetwork

Beforewestartwiththeattack,weuseanetworkdiscoverytoolcalledNmap toexplorethenetworkweareabouttotarget.ThistoolispreinstalledonKali-LinuxandisusefulingatheringimportantinformationaboutanetworklikeIPaddresses,hostdetails,services,portdetailsandmuch more. This tool will enable us to map out the network and understand the networktopology.Fig.8showsaviewofthetopologyofthetargetsystemusingthefisheyeviewinNmap.

28

HereistheendoftheNmapoutputinFig.9.Itshowsthetotalnumberofhostsup,theservicesrunningoneachdeviceandalotofotherusefulinformation.

Fig.9NmapOutput

Asdiscussedearlier,therearemanyattacksthatcanaffectthesmartgridsystem.Asanexampleandcasestudy,inthisprojectwearegoingtolaunchadenialofservice(DoS)attackagainstthepowergrid.OneoftheworstattacksagainstasmartgridistheDoSattack,asasuccessfulattackcanseverelylimitorpreventaccesstoimportantdevicesorservices.WelaunchtheDoSonthepowerplantwhichsuppliesenergytothegrid.Bydoingthis,thesmartgridiscompromisedbyeventuallyshuttingdownthelinkthatprovidestheenergyandbroadcaststherealtimeenergypricestoalltheintelligentpowerswitchesinthegrid.

Fig.10DoScommandusinghping3

29

OurDoSattackwasperformedusingafreepacketgeneratorandanalyzertoolfortheTCP/IPprotocolcalledhping3tool.Fig.10showsthelineofcommandusedtoperformtheDoSattack.Thehping3toolispre-installedonKaliLinuxlikemanyothertools.Thesyntaxofthecommandisexplainedasfollows:

§ -c100000=Numberofpacketstosend.§ -d120=Sizeofeachpacketthatwassenttotargetmachine.§ -S=SendSYNpacketsonly.§ -w64=TCPwindowsize.§ -p2601=Destinationport(2601beingtheTCPportanalyzedfromNmap).§ --flood=Sendpacketsasfastaspossible,withouttakingcaretoshowincomingreplies.

Floodmode.

Fig.11ScreenshotoftheDoSattack

30

Following the DoS attack initiated from the attacker’s Kali Linux box, we can see from thescreenshot in Fig. 11 theeffectof theattackoneach link leading to the targetwith address10.0.15.2.TheThroughputontheselinksjumpedfrom8.7kpbsinFig.6toabout8700kbpsduringtheattack.ASYNFloodtypeofDoSwasusedinthisattack.TCPSYNfloodalsoknownasSynfloodisatypeofDoSattackthatexploitspartofthenormalTCPthree-wayhandshaketoconsumeresources on the targeted system and render it unresponsive. In this case it renders thepowerplantunresponsive.ThenormalTCPthree-wayhandshakefollowsthisstep:

1. ClientrequestsconnectionbysendingSYN(synchronize)messagetotheserver.2. ServeracknowledgesbysendingSYN-ACK (synchronize-acknowledge)messageback to

theclient.3. ClientrespondswithanACK(acknowledge)message,andtheconnectionisestablished.

IntheSYNfloodattack,theattackersystemsendsrepeatedSYNpacketsusinghping3toknownport2601onthetargetsystem.Thetarget,unawareoftheattack,receivesmultiple,apparentlylegitimate requests toestablish communication. It responds toeachattemptwithaSYN-ACKpacketfromtheopenport.

Fig.12.ApingfromanodetothetargetduringtheDoSattack

31

TheattackerdoesnotsendtheexpectedACKwhilethepowerplantunderattackstillwaitsforacknowledgementofitsSYN-ACKpacketforsometime.Duringthistime,thepowerplantcannotclosedowntheconnectionbysendinganRSTpacket,andtheconnectionstaysopen.Beforetheconnection can time out, another SYN packet will arrive from the attacker. This leaves anincreasingly large number of connections half-open. Eventually, as the target’s connectionoverflow tables fill, service to legitimate nodes in the smart grid distributionwill be denied,leadingtothetargetbecomingunreachable.Averificationofoursuccessfulattackcanbeseenin Fig.12. Herewe launch aping fromnode-4 with address10.0.1.2 to the powerplantwithaddress10.0.1.15rightbeforeandaftertheDoSattack.

32

CHAPTERFIVE

CONCLUSION

Inthisreport,wediscussedaboutsmartgridandvariousattacksaffectingit.Wealsodesigned,implementedandattackedasimulatedsmartgridpowersystemusingaformofDenialofService.A smart grid infrastructure attack does not affect the consumers alone, rather, the utilityproviders'businessaswell.

Extensiveresearchworkisstillneededtoensurethatthesmartgridishighlysecureagainsttheadversarialthreat,withoutaffectingtheconsumerconfidenceintheutilityprovider,andwithoutsignificantlyinconveniencingtheconsumersthroughdeploymentofstrongsecuritycontrols.

Thetestbedwillprovideaplatformforresearcherstoexecutevariousattackscenariosandstudytheirimpactonsmartgridnetworks.Thiswouldallowdesigningadequateprotectionforsmartgridinfrastructurenetworks.

OnefuturedirectionwouldbeintegratingSCOREwithrealhardwaretestbedtocreateauniformcyber-physicalanalysisplatform.

33

APPENDIXA

INSTRUCTIONS

Theinstructionsprovideastep–by–stepguidetowhatcommandswhereexecuted.Thisincludesinstructions for the installation, configuration and execution of components of the test bedimplementation.

A.1SCORE

SCORE isbuiltbasedonCORE,anopensourcecommunicationnetworkemulator fromNavalResearch Laboratory. TCL/TKGUIand the communicationnetwork componentareoriginatedfrom IMUNES project from theUniversity of Zagreb. The Linux virtualization and the pythonframeworks for Linux namespace and communication network have developed by BoeingResearchandTechnology’sNetworkTechnologyresearchgroupsince2004.

A.1.1

1. tarxvzfSCORE1.0.tar.gz2. cdSCORE1.03. make4. sudomakeinstall

A.2OracleVirtualbox

VirtualBox is a cross-platform virtualization application. It is deceptively simple yet also verypowerful.Itcanruneverywherefromsmallembeddedsystemsordesktopclassmachinesallthewayup todatacenterdeploymentsandevenCloudenvironments.Youcan install and runasmanyvirtualmachinesasyoulike–theonlypracticallimitsarediskspaceandmemory.

A.2.1

1. sudoapt-getinstalldkms2. sudodpkg-ivirtualbox-5.0_5.0.16_Ubuntu_raring_i386.deb3. sudo./VirtualBox.runinstall4. ./VirtualBox.run--keep–noexec5. sudomkdir/opt/VirtualBox6. sudotarjxf./install/VirtualBox.tar.bz2-C/opt/VirtualBox7. make

34

8. sudomakeinstall9. makeinstall10. cp/opt/VirtualBox/vboxdrv.sh/sbin/rcvboxdrv11. mkdir/etc/vbox12. echoINSTALL_DIR=/opt/VirtualBox>/etc/vbox/vbox.cfgand,forconvenience,createthe

followingsymboliclinks:13. ln-sf/opt/VirtualBox/VBox.sh/usr/bin/VirtualBox14. ln-sf/opt/VirtualBox/VBox.sh/usr/bin/VBoxManage15. ln-sf/opt/VirtualBox/VBox.sh/usr/bin/VBoxHeadless16. ln-sf/opt/VirtualBox/VBox.sh/usr/bin/VBoxSDL

A.3KALILINUX

KaliLinux isaDebian-derivedLinuxdistributiondesignedfordigital forensicsandpenetrationtesting.KaliLinuxispreinstalledwithover300penetration-testingprograms.KaliLinuxcanrunnativelywheninstalledonacomputer'sharddisk,canbebootedfromaliveCDorliveUSB,oritcanrunwithinavirtualmachine.ItisasupportedplatformoftheMetasploitProject'sMetasploitFramework,atoolfordevelopingandexecutingsecurityexploits.

A3.1

1. DownloadKaliLinux(https://www.kali.org/downloads/)2. BurnTheKaliLinuxISOtoDVDorImageKaliLinuxLivetoUSB.3. EnsurethatyourcomputerissettobootfromCD/USBinyourBIOS.4. Boot your system with your chosen installation medium and follow on screen

instructions.

A.4UBUNTULINUXUbuntuisaDebian-basedLinuxoperatingsystemanddistributionforpersonalcomputers,smartphonesandnetworkservers.ItusesUnityasitsdefaultuserinterface.ItisbasedonfreesoftwareandnamedaftertheSouthernAfricanphilosophyofubuntu(literally,"human-ness"),whichoftenistranslatedas"humanitytowardsothers".A4.1

1. DownloadUbuntufromtheofficialdownloadpage(http://www.ubuntu.com/download)2. BurnUbuntuLInuxISOtoDVDorImageUbuntuLinuxLivetoUSB.3. EnsurethatyourcomputerissettobootfromCD/USBinyourBIOS.4. Boot your system with your chosen installation medium and follow on screen

instructions.

35

REFERENCES

[1] SmartGrids,E.T.P."StrategicDeploymentDocumentforEurope’sElectricityNetworksoftheFuture."EuropeanTechnologyPlatformSmartGrids.Brussels(2008).

[2] Framework, N. I. S. T. "Roadmap for smart grid interoperability standards."NationalInstituteofStandardsandTechnology(2010).

[3] SmartGrids, E. T. P. "SmartGrids SRA 2035 Strategic Research Agenda Update oftheSmartGridsSRA2007fortheneedsbytheyear2035."(2012).

[4] Framework,N.I.S.T."RoadmapforSmartGridInteroperabilityStandards.NISTRelease3.0."NISTSpecialPublication1108R3(2014).

[5] Korea'sJejuIslandSmartGridTest-bed.Available:http://www.smartgrid.or.kr/10eng31.php[6] Stimoniaris,Dimitrios,etal."Smartgridsimulationusingsmall-scalepilotinstallations.-

experimental investigation of a centrally-controlledmicrogrid." PowerTech, 2011 IEEETrondheim.IEEE,2011.

[7] Song,Wen-Zhan,etal."Awirelesssmartgridtestbedinlab."WirelessCommunications,IEEE19.3(2012):58-64.

[8] Hahn, Anna, et al. "Cyber-physical security testbeds: Architecture, application, andevaluationforsmartgrid."SmartGrid,IEEETransactionson4.2(2013):847-855.

[9] Guo, Ying, et al. "A simulator for self-adaptive energy demand management." Self-Adaptive and Self-Organizing Systems, 2008. SASO'08. Second IEEE InternationalConferenceon.IEEE,2008.

[10] Molderink, Albert, et al. "Simulating the effect on the energy efficiency of smart gridtechnologies."WinterSimulationConference.WinterSimulationConference,2009.

[11] Narayan,Amit."GridSpice-AVirtualTestBedforSmartGrid."(2012).[12] Godfrey,Tim,etal. "Modelingsmartgridapplicationswithco-simulation."SmartGrid

Communications (SmartGridComm), 2010 First IEEE International Conference on. IEEE,2010.

[13] Mallouhi, Malaz, et al. "A testbed for analyzing security of SCADA control systems(TASSCS)."InnovativeSmartGridTechnologies(ISGT),2011IEEEPES.IEEE,2011.

[14] Mets, Kevin, et al. "Integrated simulation of power and communication networks forsmartgridapplications."ComputerAidedModelingandDesignofCommunicationLinksandNetworks(CAMAD),2011IEEE16thInternationalWorkshopon.IEEE,2011.

[15] Kushner,David."Therealstoryofstuxnet."Spectrum,IEEE50.3(2013):48-53.[16] Ahrenholz, Jeff,etal."CORE:Areal-timenetworkemulator."MilitaryCommunications

Conference,2008.MILCOM2008.IEEE.IEEE,2008.[17] Framework,N.I.S.T."RoadmapforSmartGridInteroperabilityStandards,Release1.0,

OfficeoftheNationalCoordinatorforSmartGridInteroperability.http."(2010).[18] TheSmartGrid InteroperabilityPanel–CyberSecurityWorkingGroup,“Guidelinesfor

smartgridcybersecurity”,NISTIR7628(2010),pp1–597.[19] Wang,Xudong,andPingYi."Securityframeworkforwirelesscommunicationsinsmart

distributiongrid."SmartGrid,IEEETransactionson2.4(2011):809-818.[20] Tran,Thien-Toan,Oh-SoonShin,andJong-HoLee."Detectionofreplayattacksinsmart

grid systems."Computing,Management and Telecommunications (ComManTel), 2013InternationalConferenceon.IEEE,2013.

36

[21] Chen, Pin-Yu, Shin-Ming Cheng, and Kwang-Cheng Chen. "Smart attacks in smart gridcommunicationnetworks."CommunicationsMagazine,IEEE50.8(2012):24-29.

[22] Liu,Shichao,XiaopingP.Liu,andAbdulmotalebElSaddik."Denial-of-service(DoS)attacksonloadfrequencycontrolinsmartgrids."InnovativeSmartGridTechnologies(ISGT),2013IEEEPES.IEEE,2013.

[23] Tan, Song, et al. "Score: Smart-grid common open research emulator." Smart GridCommunications (SmartGridComm),2012 IEEEThird InternationalConferenceon. IEEE,2012.