Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
EXECUTINGCYBERSECURITYATTACKSONASMARTGRIDTESTBED
by
OlaoluwaOlayokunBachelor,BellsUniversityofTechnology,2013
AProjectReportSubmittedinPartialFulfillmentoftheRequirementsfortheDegreeof
MASTEROFENGINEERING
intheDepartmentofElectrical&ComputerEngineering
©OlaoluwaOlayokun,2016UniversityofVictoria
Allrightsreserved.Thisprojectreportmaynotbereproducedinwholeorinpart,byphotocopy
orothermeans,withoutthepermissionoftheauthor.
2
SUPERVISORYCOMMITTEE
EXECUTINGCYBERSECURITYATTACKSONASMARTGRIDTESTBED
by
OlaoluwaOlayokunBachelor,BellsUniversityofTechnology,2013
SupervisoryCommittee
Dr.IssaTraore(DepartmentofElectrical&ComputerEngineering)SupervisorDr.AshokaBhat(DepartmentofElectrical&ComputerEngineering)DepartmentalMember
3
ABSTRACT
SupervisoryCommittee
DrIssaTraore(DepartmentofElectrical&ComputerEngineering)SupervisorDr.AshokaBhat(DepartmentofElectrical&ComputerEngineering)DepartmentalMember
Smart Grids have emerged as a very crucial platform for providing timely, efficient, anduninterrupted power supply to consumers. Communication networks in smart grid bringincreasedconnectivitywithincreasedseveresecurityvulnerabilitiesandchallenges.Smartgridcanbeaprimetargetforcyberattackbecauseofitscriticalnature.Asaresult,smartgridsecurityisalreadygettingalotofattentionfromgovernments,energyindustries,andconsumers.Thethreat of malicious attacks against the security of the Smart Grid infrastructure cannot beoverlooked. In this project we created a testbed to simulate attacks on a smart grid powerdistributionenvironment.Thisallowsstudyingtheimpactandextentofdamageanattackcancausetoagrid,andprovidesaplatformtoinvestigate,infutureresearch,adequateempiricalprotectionmodelsandtoolsforsmartgrid.
4
TABLEOFCONTENTS
SupervisoryCommittee…………………………………………………………………………………………………………….2Abstract………………………………………………..………………………………………………………………………………….3TableofContents………………………………………………………………………………..…………………………………..4ListofFigures……………………………………………………………………………………………………………………………5Acknowledgments………………………………………………..………………………………………………………………….6Dedication…………………………………………………………………………………………………………………………………71.Introduction………………………………………………………………………..…………………………………………….82.RelatedWorks…………………………………………………………………………………………………..……………..102.1 RealHardwareTestbedApproach………..……………………………………………………………….…….102.2 SoftwareSimulationApproach……………………………………………………………………………………103.SmartGridNetworkSecurityandSimulator..………………………………………………..………………..123.1 FeaturesofSmartGridNetworks………………………………………………………………………………..123.2 SmartGridNetworkSimulator:TheScoreApplication…………………………………….…………..123.3 SmartGridSecurityRequirementsandObjectives………………………………………………………163.4 SmartGridAttacks………………………………………………………………………………………………………194.SmartGridSecurityTestbed………..…………………….……………………………………………………………224.1 TestbedRequirements……..…………………………………………………………………………………………224.2 TestbedConfigurationandSetup………………………………………………………………………………..234.3 AttacksontheSmartGridTestbed………………………………………………………………………………275.Conclusion………………………………………………………………………………………………………………………..32Appendix…………………………………………………………………………………………………………………….……33Reference………………………………………………………………………………….……………………………………..35
5
LISTOFFIGURES
Figure1:SCOREArchitecture………………………………………………………………………………………………….14
Figure2:Evaluatingtherisksinsmartgridsystems……………………………………………………………….…17
Figure3:TheCIAtriadforsmartgridsecuritysystems………………………………………………………..…..17
Figure4:RunningSCORE…………………………………………………………………………………………………………23
Figure5:SmartGridPowerDistributionNetworkSet-UponTargetMachine…………………………24
Figure6:ScreenshotshowingtheThroughputoneachlinkwhenrunning..……………………………25
Figure7:Showingtheconnectivitytestbetweenallnodesinthesystem………………………………26
Figure8:FisheyeTopologyViewoftheSmartGridNetwork………………………………………………….27
Figure9:NmapOutput……………………………………………………………………………………………………………28
Figure10:DoScommandusinghping3……………………………………………………………………………………28
Figure11:ScreenshotoftheDoSattack………………………………………………………………………………….29
Figure12:ApingfromanodetothetargetduringtheDoSattack………………………………………….30
6
ACKNOWLEDGMENTS
IamreallythankfultoGodforgivingmethegracetocompletethisprojectwithinthetimeframeset.ThisProjectwouldnothavebeencompletedwithouttheguidanceofmysupervisor,Dr.IssaTraore.Iwouldalsolovetoacknowledgemyparents;OlanrewajuandOluwatoyinOlayokunfortheirphysical,financialandspiritualsupportduringmypostgraduatestudy.Lastly,Iwouldliketoappreciatemyfriendsandcolleaguesfortherecontinuoussupportduringthecourseofthisproject.
7
DEDICATION
Iwouldliketodedicatethisworktomysiblings;Dara,MoyoandOlamidefortheconstantsupportandlovetheyhaveforme.
8
CHAPTERONE
INTRODUCTION
By using the literal definition, a smart grid can be defined as the integration of InformationCommunication Technology into Power Network using both electrical and informationcommunication layer.Eventhoughtheuseofsmartgridhasbeen increasing, there isstillnoagreeduniquedefinition.However,wetakeintoconsiderationtwomaindifferentdefinitions,oneprovidedby theEuropeanTechnologyPlatform [1]and theotherone from theNationalInstituteofStandardsandTechnology(NIST)[2].TheEuropeandefinitionofsmartgridis:
“A smart grid is anelectricitynetwork that can intelligently integrate the actionsof all usersconnectedtoit-generators,consumersandthosethatdoboth-inordertoefficientlydeliversustainable,economicandsecureelectricityissues.”[3]
Thisdefinition ismoreorientedtowards theactors involved in thepowernetwork,while theAmericandefinitionismoreorientedtowardsthetechnicalspecificitiesofthesmartgrid:
“. . .advancedpowergrid for the21stcentury include theadditionand integrationofmanyvarieties of digital computing and communication technologies and services with the powerdelivery infrastructure.Bidirectionalflowsofenergyandtwo-waycommunicationandcontrolcapabilities will enable an array of new functionalities and applications that gowell beyond‘smart’metersforhomesandbusinesses.”[4]
Despite the littledifferences in the smart griddefinitions, bothparties agreeonmostof thebenefitinusingsmartgrid,whichinclude:
Ø Increasequalityandpowerreliability,whichaffectnotonlynormaloperation,butalsoallowrefiningthegridresiliencetodisruptioncausedbynaturaldisastersandattacks.
Ø Provide the users with energy usage information, allowing the implementation of anenergyawarenesssystem.
Ø Allow a more active role of the consumer, increasing their choices by enabling newproducts,services,andmarkets.
Ø IncreaseenvironmentalbenefitsandreducegreenhouseemissionsbyenablingEVandRESintegration.
Ø Preventivemaintenancethroughthecontinuouspowernetworkmonitoringsystem.
Asmartgridisacriticalinfrastructurenetworkwithverystringentdependabilityrequirements.Theresilienceofsuchnetworktodisasters,bothnaturalandman-madeiscrucial.Cybersecurityattacksareamongtheman-madedisastersfacingsmartgridnetwork.
9
Understandinghowsuchattacksoperateisanimportantstepindesigningadequateprotectionstrategies against the underlying threats. The purpose of this project is to set up an attackplatform,whichallowsresearcherstoexecuteandstudytheeffectofvariousattackscenariosagainstasmartgridsimulationplatform.
Therestofthereportisstructuredasfollows.Chapter2summarizesanddiscussesrelatedwork.Chapter 3 gives an overview of smart grid network security requirements and presents thesimulationplatformusedinthisproject.Chapter4presentsthesmartgridsecuritytestbedandattackstothetestbed.Chapter5makessomeconcludingremarks.
10
CHAPTERTWO
RELATEDWORKS
Creating testplatformforcyber-physicalanalysis inSmartGrid ischallengingand ithasbeenstudiedforyears.Theapproachestechnicallyusedtosolvethisissuegenerallybreaksdownintotwocategories:realhardwaretestbedandsoftwaresimulation.Theapproachusedinthisprojectissoftwaresimulation.
2.1 RealHardwareTestbedApproach
Realhardwaretestbedsarefurtherdividedintotwocategories:flat-outhardwareplatformsandhardwareintheloopplatforms.
2.1.1 Flat-OutHardwarePlatform
Flat-out hardware platforms are the ones consisting of total hardware devices. The KoreangovernmentselectedthewholeJejuIslandtobuildtheSmartGridtestbedtoallowthetestingofSmartGridtechnologiesandbusinessmodels[5].ARenewableEnergyLaboratoryinGreecewascreatedtosetupacentral-controlledmicrogridtestbedwhichhadPV-panels,batterybanksandinverterstoinvestigatetheproposedSmartGridtopologies[6].SensorwebReserachLaboratoryfromGeorgiaStateUniversitydesignedSmartGridLab testbed to test thedistributeddemandresponse algorithm. It includes intelligent power switch, power generator, renewable energysources,smartappliances,andpowermeter[7]
2.1.2 Hardware-In-The-LoopPlatform
Hardware-in-the-loopplatformaretheonesthathaveamixtureofbothhardwaredevicesandsoftwaresimulatorstoachievethecyberphysicalanalysisofSmartGrid.Hahnetal.in[8]employdevices like Programmable Logic Units (PLUs) and Intelligent Electronic Devices (IEDs) forcommunicationnetworksandReal-TimeDigitalSimulatorsforpowernetworksimulation.
2.2 SoftwareSimulationApproach
ThesoftwaresimulationapplicationsforSmartGridcyberphysicalanalysiscanbefurtherdividedintotwocategories:individualsimulationplatformsandco-simulationplatforms.
2.2.1 IndividualSimulationPlatforms
IndividualsimulationplatformsarethosewhichbringtogetherthesimulationfeaturesforSmartGridintooneentity.Thesetypesofsimulationsusuallyaimatandfocusononeparticularareaof interests for Smart Grid. In 2008, Guo et al. designed and created an energy demandmanagementsimulator(EDMS)tocalculatetheresponsefromdifferentdeploymentstrategiesofdistributeddomesticenergymanagement[9].
11
In2009,Molderinketal.createdfromscratchasimulationenvironmenttoanalyzeandcontrolalgorithmsforenergyefficiency[10].Inthesimulationcreated,microgenerators,energybuffersandapplianceswereallmodeledanddifferentenergystreamslikeheatandgaswerestudied.
In2012,Narayanetal.presentedGridSpice[11]acloudbasedsimulationpackageforSmartGrid.LeveragingthepowerfulcomponentofGridlab-DandMatpower,GridSpicewasdevelopedwiththe main purpose of modeling the interactions between all parts of the electrical network,includinggeneration, transmission,distribution, storageand loads.All the individual softwareplatformscancompleteaparticularsettaskontheirown,buttheyalljustconcentrateonthepowernetworksimulation.ButoneofthelimitationsofthesetypesofsimulationplatformsisthatthecommunicationnetworkwhichisacriticalcomponentofaSmartGridisnotconsideredintheseplatforms.Thisiswhyco-simulationplatformswereintroduced.
2.2.2 Co-SimulationPlatforms
Co-simulation also known as co-operative simulation is a simulation approach that allowsindividualcomponentstobesimulatedbydifferentsimulationtoolsrunningconcurrentlyandexchanginginformationinacombinedmanner.In[12]Godfreyetal.simulatedaSmartGridusingNS2andOpenDSSwhich is apowernetwork simulator. In [13],Mallouhietal.createda co-simulationtestbedjustforsecurityanalysisofSCADAsystembyutilizingPowerWorldsimulatorand OPNET. The co-operative approach typically needs simultaneously running separateelectricalandcommunicationnetworksimulationsatthesametime.Thecollaborationbetweencommunicationsandpowersystemmodelsisusuallylimitedtoafixedsynchronizationinterval.Reliability is an issue regarding systems like this because mismatches occurs between thesimulations.Animprovementaboutthisissueistointegrateonesimulationcomponentintotheother.In[14]electricnetworkismadeintoacomponentwithinOMNET++,anetworksimulator.
Fromtheabovediscussion,wecanseethepropertiesoftherealhardwaretestbedapproachandthesoftwaresimulationapproachforcyber-physicalanalysisinSmartGrid.
Therealhardwaretestbedapproachattainshighfidelitybyincludingdedicateddevicesaspartof the testbeds. The critical control programs, such as demand response algorithms, routingprotocolsetc.canbetestedinrealhardwaretestbedsandtheycouldbedirectlymigratedtotheactualSmartGridembeddeddevices.However, theproblemswiththerealhardwaretestbedapproachisthescalabilityandaccessibilityfactors.Thededicatedandspecializedhardwareareintegralpartsofthetestbedsthereforetheycannotbeeasilyaccessedandusedbythepublicresearchcommunityandtheybecomedifficulttoscalewhenthetestcasebecomesquitelarge.
The software simulation approach, on theotherhand, achievesbetter scalability and canbeeasilyaccessedanddistributed.Thesoftwaresimulationtoolscannotduplicatetheexecutionenvironmentwhichisimportant,itcanonlyduplicatebehaviorsoftheSmartGridsystembutnottheexecutionenvironment.Therefore,thecriticalcontrolprogramsofSmartGridapplicationseithercannotbetestedorcanbetestedbutcannotbemigratedtophysicalSmartGriddevicesdirectly.
12
CHAPTERTHREE
SmartGridNetworkSecurityandSimulator
3.1 FeaturesofSmartGridNetworksThesmartgridnetworkisexpectedtosharesimilararchitecturewiththealreadyexistingInternet.However,thereareimportantdifferencesbetweenthem:
1. Latencyrequirements:Theinternetiscreatedwiththepurposeofprovidingdataservices
totheuserslikesurfingordatasharingsupportedwithhighspeeddatarate.However,insmartgridthisisquitenotthecase.Smartgridnetworksareintendedforreliable,secureandreal-timecommunicationswhicharesupportedwithlowlatency.
2. Communicationmodel:Intraditionalpowergrids,thetypicalmodelforcommunicationisone-waywhereelectronicdevicesreporttheirreadingstothecontrolcenter.But insmartgrid,communicationisbi-directionalandreal-time.
3. Datasizeandflow: Internethasgenerallyburstytypecommunicationshoweversmartgridisexpectedtobebulky[15]andhasperiodicdatacommunicationsbecauseofthebigsizeofthenetworkandrealtimecommunicationandmonitoringrequirements[1].
3.2 SmartGridNetworkSimulator:TheScoreApplication
Inthisproject,weusedSCOREforoursimulations,anopenresearchemulationenvironmentforSmartGrid.SCOREisbuiltuponCORE[16],anopensourcecommunicationnetworkemulatorfrom theNavalResearch Laboratory. IntegratingCORE’s communication featureswithpowermodule,SCOREdifferentiatesitselffrommanyexistingapproachesbyenablinglargescaleSmartGrid applicationsusing general purposePCswhilewith little or no codemigrationproblems.SCOREdifferentiatesitselffromtherestwiththefollowingspecificfeatures[23]:
§ Firstly,softwareemulation inSCOREachieveshighfidelitybyreplicatingtheexecutionenvironment so that the programs running in the emulation platform can be directlyportedtotheembeddeddevicesasfirmware.
§ Secondly,SCOREenablesdistributedemulationfeatureinorderforverylargescaletestcasestobesupported.
13
§ Finally,SCOREsupportsdynamicconnectionanddisconnectionbetweenmultipleSmartGridemulationinstancesinrealtime.
Thesignificanceofthisfeatureiswhenusersfrommultiplepartiesindifferentlocationswanttoconduct the integration testing together, but want to preserve the privacy of power andcommunicationnetworksconfigurations,thisfeaturewouldmakeithappenwithoutrequiringexplicit synchronization from all parties. The design of SCORE takes advantage of CORE’sstructure.Figure1providesanabstractoverviewofSCORE’sarchitectureandthe integrationapproach.Asshown,SCOREconsistsofGUI,ServiceLayer,CommunicationModuleandPowerModule.
3.2.1 GraphicsUserInterface(GUI)
TheSCOREGUIisbuiltusingTcl/Tk.TheTktoolkitprovidesalmostsufficientwidgetsforalltheXwindowsysteminterfaceneeds.TheTcl/TkGUIprovidesaneasilydrag-and-drawcanvaswithvariousSmartGriddevices(Host,SolarPanel,WindTurbine,PowerPlantetc.),whichcanbeplacedandconnectedtoeachotherwithcommunication linksorpowerlines. Also, the communication interfaces, power interfaces and energy modelparametersofeachnodecanbeself-configured.
Duringtheexecution,aterminalispoppedoutwhendoubleclickinganyselectednode.Userscannavigatethe local filesystemorexecutebashscript throughthe interactiveshellwindow.Distributedemulationcanbeconductedbyassigningaselectionofnodesto another emulation server in GUI. The message broker in Service Layer is used toforwardmessagesfromtheGUItotheappropriateemulationserver.
14
Fig.1.SCOREArchitecture[23]
3.2.2 ServiceLayer
The Service Layer consists of python frameworks that are used for creating sessions,instantiating the virtual nodes, communication and power interfaces, communicationlinksandpowerlines,inregardstotheGUIinput.Thestart-updaemoninservicelayercooperateswithGUIusingaTCPsocket-basedAPIsuchthattheemulationcanrunonadifferentmachinewiththeGUIorevenwithoutaGUI.Pre-definedenergymodelsandcommunicationprotocols,whichareusuallydaemonizedintheLinuxoperatingsystemof the emulation server, are all wrapped as Smart Grid services in this layer. ThesecommunicationandenergyservicescanallbeemployedtodevelopvariousSmartGridApplications.UsersarealsoallowedtoaddtheirowncustomizedservicestoSCOREbyprovidingtheirownimplementations.
15
3.2.3 LightWeightedVirtualizationTheemulationfeaturesofSCOREareexecutedusingaLinuxnamespacetechnique,whichisthelightweightedparavirtualizationtechniquesupportedbymainstreamLinuxkernel.ItisdifferentfromthenormalvirtualmachinestechniqueslikeVMwareorVirtualBox.Each emulated virtual node in SCORE has its separated copy of network interface,protocolstackandprocesscontrolgroup.Allotherresourcesliketheoperatingsystemandlocalfilesystemareallsharedbythevirtualnodes.Thelight-weightedvirtualizationfeatureisthebasisofSCOREscalabilityability.Furthermore,fromtheevaluationofthecodesrunninginsidethevirtualnode,eachemulateddeviceisgiventheimpressionofjustanotherpieceofhardwareplatformcontrolledbytheLinuxOS.ThisequipsSCOREwith thepropertyofportability inorder for theemulatednode tobeable toexecuteunmodified Smart Grid application codes running inside a real physical Linux-runninghardwaredevices,andviceversa.
3.2.4 CommunicationModule
ThecommunicationmoduleinSCOREleveragestheacross-the-boardsupportofvariouswired and wireless communication network models and protocols from CORE. EachemulateddevicehasitsowninstanceofoperatingsystemimplementedTCP/IPstackfromtheperspectiveofOpenSystemsInterconnection(OSI)model.ThismakesSCOREhavethehighfidelityemulationofnetworklayerandabove.Statisticalnetworkeffectssuchasbandwidth,biterrorrate,lossrate,etc.canalsobeconfiguredandapplied.Inaddition,thevirtualizedEthernetinterfacecanbeeasilymappedtoaphysicalEthernetinterfaceon the emulation host so that all traffic going through the physical port would betransmitted to the emulation environment. Thus, allowing real time communicationbetweentheexternalphysicalnetworksandthevirtualnodesinsidearunningemulation.
Byusingthevirtualizedinterfacesoneachemulatedhost,thecommunicationnetworkthatisemulatedondifferenthostscanthenbedirectlyconnectedwitheachotherinruntime,whichenablesthedynamicemulationofthecommunicationnetworks.Thisfeatureis used to enable the interactions and synchronization between the communicationmoduleandthepowermodule.Theconceptisthatthepowermoduleisrunningonahostphysicallyinthesamenetworkwiththecommunicationemulationhostsothatthepowermodulecanobtainandreacttothequeued-upmessagessentbyalltheemulatedvirtualnodeinrealtime.
16
3.2.5 PowerModule
ThepowermoduleinSCOREemulatesthepowerflowsanalysiswithinSmartGridandalsogivesimplementationsofpre-definedenergymodels.Thepowermodulegathersinitialpowernetworktopology,energymodelconfiguration informationandthedynamicconnection/disconnectionrequestfromservicelayertocreatethepowernetworkmodel.ThepowernetworkmoduleofSCOREisunderlinedbythefollowingqualities:
• SCORE accepts incremental model updating in computation to respond more
efficientlytothesystemstatuschanges.
• Assizeofpowernetworkincreases,distributedcomputationforpowernetworkbecomesarequirementforanefficientSmartGridemulation.Therefore,SCOREhighlightsitselfinscalabilitybyenablingtheusertoconducttheemulationinadistributedwaywhenasinglePCcannotprovideenoughcomputationcapabilities.Thepowernetworkmodelissplitintoseveralsubdomainsandeachsubdomainsiscomputedandupdatedseparatelyinparallel.Withappropriatesynchronizingamongthedifferentcomputingandupdatingprocesses,themergedresultofthepowerflowinSmartGridiscompactwithoutanylossofprecisionwhencomparedwithcentralizedcomputation.
• SCORE allows dynamic connections and disconnections ofmultiple Smart Gridinstancesrunningondifferenthostsbyonlyusingthe interfacesbetweeneachpowernetwork. The importanceofdoing this is in the casewheneachuser isunwillingtorevealtheirownSmartGridtopologydetailstoanotheruser,theycanstillconductthecombinedemulationwitheachothertoseetheimpactofexternalnetworksontheirownnetwork.
3.3 SmartGridSecurityRequirementsandObjectives
Therearedifferentfactorstoconsiderwhendiscussingcyberattacksinsmartgridsystems.Thesefactors include integrationofbi-directional communicationnetworks, incentives to attackers,socioeconomic impactoftheblackouts,etc.Basically,theattackrisk inthesmartgridsystemreliesonthreefactorsasshowninFig.2.
Formally,theriskcanbedefinedas[17]:
Risk=Assets×Vulnerabilities×Threats,
17
Fig.2.Evaluatingtherisksinsmartgridsystems[17].
Assetsarethesmartgriddevices(suchassmartmeters,renewableenergydevices,data,networkdevices,etc.).Vulnerabilitiesallowanattackertoreduceasystem’sinformationassurance,andThreatsmayleadtopotentialattackscomingfromoutsideorinsideofthesmartgridsystemswhichareassociatedwiththeexploitationofavulnerability.Therisk is theprobability thatathreatagentwillexploitavulnerabilityandtheimpactifthethreatiscarriedout.The‘Risk’intheaboveequationcanbeminimizedormadezeroifoneofthequantitiesontherightsideisminimizedormadezero.Itisthereforeimportanttonotethatassetsinsmartgridsystemscannotbezeroandalsothreatscannotbemadezerobecausetheyareoriginatingfromunknownplacesorattackers.Thus,themainaimandfocuswillbetominimizethevulnerabilitiesinthesmartgridtominimizetheoverall‘Risk’.SmartgridsecurityobjectivesshouldbetocomplywithpolicieswhileensuringinformationConfidentiality,IntegrityandAvailability,alsoknownastheCIAtriad.TheCIAtriad[18]whichisthefundamentalprincipleofsecurity isamodeldesignedtoguidepoliciesforinformationsecurityinsmartgridsystems.ItisshowninFig.3.
Fig.3.TheCIAtriadforsmartgridsecuritysystems[18].
Vulnerabilities
ThreatsSmartGridAssets
Risk
Availability
SmartGridSystems,Assets,andOperation
18
Confidentiality inthesmartgridsystemsisneededtomakesurethataccesstoinformationisrestricted to only authorized people and it is designed to prevent unauthorized access.Confidentialityisoneofthekeycomponentsofprivacy.Insmartgridsystems,privacyisoneofthemostimportantconcernstocustomers.Thisisbecauseofthevarioushomeapplianceswhichareconnectedtopowergridsforreal-timebi-directionaldatacommunicationandelectricityflowandifthisinformationfallsintothewronghands,theycanbeusedtokeeptrackofthelifestyleof thepeople,whatappliancestheyuse,whetherthepeoplearecurrentlyathome,etc.andmisusethisinformation.
Integrityofinformationinsmartgridisneededtoensuretheaccuracyandreliabilityofdata.Theinformationshouldnotbealteredinanyformorundetectedmanner.Thisfeaturesupportsthesmartgridinprovidingstrongreal-timemonitoringcapabilities.
Availabilityinthesmartgridsimplymeansthattheinformationmustbeavailabletoauthorizedparties at all times when it is needed and where ever it is needed without any securitycompromise.Powersystemsaretobeavailable100%ofthetime,thereforepreventingattackerfromimplementingablackoutusingdenial-of-service iscrucial.Additionally,Authenticityalsoplays a very important part in a smart grid systembecause it is essential tomake sure thatidentitiesofbothpartiesinvolvedincommunicationaregenuine.
InadditiontotheCIAtriad,otherspecificsecurityrequirementsforthesmartgridrecommendedbyNISTareoutlinedbelow[17],[18]:
1) Self-healing and Resilience Operations in the Smart Grid: In smart grid systems, thecommunication network is open as smart grid assets are distributed over largegeographicalarea.Therefore,itisdifficulttoensurethateverysingledeviceinthesmartgridisinvulnerabletocyber-attacks.Becauseofthese,itisadvisableforthesmartgridnetwork to have some self-healing capability against cyber attacks. A networkadministratormustcontinuallyperformsomesortofprofilingandestimatingtomonitorthedataflowandperformpowerflowstatustodetectanyabnormalincidentsthatwillbeaproductofcyberattacks.Havingresilientdatacommunicationisveryimportanttoachieveavailabilityofdatacommunicationforpowersystemoperations.
2) Authentication and Access Control: Because we have millions of home appliancesconnectedinasmartgrid,weneedtheauthenticationprocesstoverifytheidentityofeachdeviceoruser inorder toprotect smart grid systems fromunauthorizedaccess.Likewise, access control is used in smart grid to ensure that resources in the grid areaccessedonlybytheauthorizedusers.
19
3) Communication Efficiency and Security: In order to support real timemonitoring, thesmartgridcommunicationneedstobeefficientandhighlysecuretogetherwiththeabilitytouseselfhealingcyberdefensesolutionstoprotectfromanysecurityattacks.Trade-offsbetweenthesetwoparametersshouldbeconsideredinsmartgrids.
3.4 SmartGridAttacks
TheThreecategoriesofsmartgridcyber-attacksthatwewilldiscussinthisprojectarelistedasfollows:
1. PhysicalLayerAttacks,2. DataInjectionandReplayAttacks,and3. Network-basedAttacks.
3.4.1 PhysicalLayerAttacks.
Thereareseveralformsofphysicallayerattacksandadetailedanalysisofsomeoftheattacksandtheircountermeasuresaregivenbelow[19]:
A.Eavesdropping
Wireless signals are transmitted in the airwhich is an open space and it is thereforesusceptible to eavesdropping by an attacker. Sensitive information from a smartappliance can easily be observed, and compromised through such an attack.Eavesdroppersarereadilyavailableandaffordableintoday’smarketwhichencouragessuchattacks.Onewaytoprotectagainstsuchattackistousedataencryptionsoastoprotectsomesensitiveinformationfromfallingintothehandsofanenemy.However,ifa certain pattern is illustrated by the transmitted data, a smart hackermay use thispatterntocreateawaytodecipherthemessagestransferred.Forexample,ifeveryoneinaparticularhouseisoutforvacation,theelectricityusagewilldrop.Ifthesmartmeterisinstructedtocommunicatewiththedataconcentratorunitifthelengthofthemessageto be transmitted is directly proportional to energy consumption, then a pattern ofactivityofthehousecanbegeneratedbyanattacker.
B.Jamming
Themainaimofthistypeofattackistodisturbthewirelessmediumbyjammingitwithnoisesignalssothatthesmartmeterscan’tcommunicatewiththeutilityprovider.Suchattackscanbeeitherproactivejammingorreactivejamming.
20
Theformeriswhenthejammeremitsnoisesignalscontinuouslytocompletelyblockthewirelesschannel,whilethelatteristhecasewherethejammerfirsteavesdropsontheradiochannelandlaunchestheattackonlywhensignalsaresensedonthechannel.Thisattackgivesabadresultandaffectswhenalegitimatesmartmetertriestoinitiatearealconnection.Thechannelmaybetaggedbusyforanycarriersensingdonebythelegitimatesmartmeteroritmayevenpreventitfromreceivingpacketsingeneral.Itisquitedifficultto differentiate between reactive jammer attacks that may be result from routinecommunicationsignalsandfromadversary-initiatedsignals.
C.InjectingRequests
Themaingoalofthisattackistodisrupttheregularoperationsatthehardwarelevelofdevicesinthesmartgrid.Theattackercausespacketcollisionanditissimilartoreactivejammingbecause it alsoblocks the communication channel. In injecting requests, theattacker sets the system in such a way that the channel prioritizes the attacker’scommunicationrequestwhiledenyingaccesstolegitimatedevicesinthesmartgrid.
D.InjectionAttacks
Thisattackinsertsformattedmessagesintothewirelessnetworkunliketheearliertwoattacksthatdependonfalsesignals.Thistypeofattackinvolvesanattackermimickingeitheralegitimatesenderorareceivertogetunauthorizedaccesstoawirelessnetwork.ThisattackisalsoverysimilartotheTCP-SYNflooding(denialofservice)attackwherein,thetarget'sresourcesareoverwhelmedthroughprocessingoffalsemessagesreceived.Suchanattack canbeavoided throughproviding the suitable securitymechanisms toensuremessageauthentication.
3.4.2 DataInjectionandReplayAttacks
Anotherclassofmaliciousattacksinthesmartgridisthedatainjectionandreplayattack.Falsedatainjectionattacksoccurwhenfalsifieddataisinjectedintotheneighborhoodareaobservedby thenetworkoperator.Theattacksusually target thesmartgrid infrastructure,particularlymeasurementandmonitoringsub-systemswiththeaimofmanipulatingmetersoastodeceivetheoperationandcontroloftheutilityprovider.
Messagereplayattackshappenwhenanattackergainselevatedprivilegetosmartmetersandas a result can then inject control signals into the system. For this attack to take place, theattackerneeds to firstcaptureandanalyze thedata that is transmittedbetweendevicesandsmartmeterstogainthetargetscharacteristicsofpowerusage,andthentrytofabricateand
21
injectfalsecontrolsignalsintothesystem.Themainpurposeofthereplayattackistocontrolenergybydirectingpowertoanotherlocation,andanotheraimistocausephysicaldamagetothesystem.Awell-knownexampleofsuchanattackisStuxnet.
In [20] a scheme is proposed for detecting message replay attacks in the smart grid. Thehouseholddevicesinthesmartgridaretreatedaslineartimeinvariantsystems,withthesmartmeterassignedtheroleofobservingthehouseholddevices.Thereplayattackisdefinedsimplyasamodificationtothecontrolsignalwhichiscommunicatedbyaconsumerdevicetothesmartmeter.
3.4.3 Network-BasedAttacks
Theman-in-the-middleattackisaverycommonexampleoftopologyattacksofaSmartGrid.Thisattackhappenswhenthehackercapturesnetworkdataandmeterdatafromremoteterminalunits,andthentweakpartoftheseinothertoformatandforwardthealteredversiontothecontrolcenter. Ifthesmartgrid ismissingdataalerts,theattackercansuccessfullyalterbothnetworkandmeterdataefficientlysuchthattheyareconsistentwiththe“target”topology.
Afusion-baseddefensetechniquewasproposedin[21]foridentifyingattacksinthesmartgridbasedonfeedbackreceivedfromindividualnodesinthenetwork.Throughthesupportofthenecessarycommunicationprotocol,eachnode is required tocommunicatewithacentralizedfusion center to convey their individual observations. It is highlighted in the paper, thatintentional attacksmaybe targeted toonlya specific subsetofnodesof the smartgrid, andtherefore feedback fromallnodes isessential foraccuratelydetecting theseattacks.Agametheoreticanalysisissubsequentlyprovided,wherein,theattackeristreatedasoneplayerandthedefenderasanother.Basedonthenotionthattheattackerwillintendtocompromisethemostcriticalnodes,thedefensestrategyistoensurethattimelylocalobservationbyindividualcritical nodes, and subsequent communicationof findings to the centralized fusion center, isessential.
In[22],theeffectsofDenialofService(DoS)attacksagainsttheloadfrequenciesofsmartgridswas studied. Smart grid datameasured by remote terminalswas sent to centralized controlcenters. If the communication channel between these sensors and the control center iscompromisedfromdeliveringmessagestothedestination,theDoSattackcansignificantlyaffectthesmartgridoperations.Theattackercanthenlaunchsuchanattackonthecommunicationchannelbyjammingthechannelthroughinjectingalargenumbersofpackets.
22
CHAPTERFOUR
SMARTGRIDSECURITYTESTBED
4.1 TestbedRequirements
The following requirements are necessary when configuring a testbed and they wereimplementedinoursystem:
R1 ModelingofSmartAppliance:Thisisconsideredtobeafunctionalrequirement.Forthehomeareanetworkemulation,thetestbedshouldimplementapplianceemulation.Thereisaneedformodellingsmartappliancestobeabletotestthefunctionality of such devices, not only for technical reasons such as securityassessment purposes, but also for operational reasons, such as to ensure thatsmartappliancesareabletorespondtopriceanddemandsignalstoensurethatsmartgridobjectivesandcharacteristicsarefulfilled.Oursystemmodelsdifferentappliancesinthegrid.
R2 Hardware Integration: The test bed is expected to enable actual hardwareintegration or at least provide an interface to be able to integratewith actualhardware.Thisrequirement isconsidered importantas itwillprovidearealisticimplementationofthetestbed.Usingphysicalhardwarewithinthetestbedwillenable theevaluationand testingof real timecharacteristics. This alsoenableshardware testingwithout theneed to setupandmanageahardware testbedenvironment.
R3 IP-basedcommunication: Toenabledistributeduseandremoteaccess,IPbasedcommunicationshouldbeusedbetweenallmajornodesofthetestbed.Thisisanessentialrequirementnotonlyforcorrectemulationofthecurrentgenerationofsmartgridnetworkbutalsotoenabledistributedemulation,i.e.componentsofthe test bed may be implemented and shared from geographically diversenetworkstoenablebetterutilizationofresources.Thiswouldenablenotonlyacollaborativetestbeddevelopmentandutilizationbutalsofoster innovation. IPbasedcommunicationisinherentinsmartgridtestbed,asamajorityofnetworkcommunicationpathsinactualsmartgridsarebasedonIPnetworks.Thussmartgrid networks are given greater flexibility, but also introduced to highervulnerabilitiesthatexistinIPbasednetworks.UsingIPbasedcommunicationsinsmartgridtestbedswouldalsoenabletherapidprototypingandassessmentofIPbasedattacksandvulnerabilities.
R4 GraphicalUser Interface:Agraphicaluser interface isanotherrequirementthatmaybeusefulforanimplementedtestbed.AGUIwillenablegreatereaseofuseof the testbed.Thiswill encouragegreaterparticipation,aswell asprovideaneffectivemeans to interactwith the testbed for thedesign,development, andexecutionoftestscenarios.
23
4.2 TestbedConfigurationandSetup
The testbed for simulating the cyber securityattackwas implementedona Linux-basedhostrunning a virtual machine using Oracle VirtualBox. The installation details for the OracleVirtualBoxareavailableintheAppendix.Oneoftheprimaryareasoffocusduringthesetupofourtestbedwastoemployopensourceandfreelyavailablesoftwaretools.
ThetestbedconsistsoftwoLinux-basedvirtualmachines,oneisdedicatedtotheattackerwhilethesecondsystemservesasthetargetmachine.TheattackersystemrunstheKaliLinuxwhichisaDebian-derivedLinuxdistributiondesignedfordigital forensicsandpenetrationtesting.TheTargetmachineontheotherhandrunstheUbuntuLinuxwhichisaDebian-basedLinuxoperatingsystemforpersonalcomputers,smartphonesandnetworkservers.TheInstallationstepsforbothLinuxmachinescanbefoundintheAppendixsection.
Onthetargetmachine,wecreatedaSmartGridPowerDistributionnetworkusingScore.Scorewas installed in the Ubuntu-based target machine to also show the result of distributedemulationanddynamicconnection/disconnection involved inasmartgrid.Thetargetsystemnamed “target@ubuntutarget”was given amemory of 1.2GB, using processor Intel Core i5-4200UCPU@1.60GHzandhasa64-bitOSArchitecturerunningontheUbuntu15.10version.
We generated a smart grid networkwith one power plant and three houses. Each house isconnectedwith thepowernetwork throughan intelligentpower switch,which servesas theenergycontrolcenterforthehouse.Eachpowerswitchwithineachhouseisconnectedtofourdifferenttypesofnodes:
§ Loads(representedbywasher)§ PowerStorage(representedbybattery)§ Renewableresources(representedbywindturbineandsolarpanel)
Fig.4RunningScore
24
Inordertobeginsettingupthesmartgridnetworkonthetargetmachine,wehavetostarttheSCORE services. This automatically runs the score-daemon program and starts the service.Afterwards,wegointothedirectorywherescoreisinstalledandlaunchtheSCOREGUI.AllthesestepscanbeseeninFig.4above.
The smart grid network was initially set up with 16 nodes. Each node’s new interfaces areautomaticallyassignedIPaddresseswithintherange10.0.0.0/8andalsosupportIPv6address.Virtual networks generally require some form of routing in order to work, for example topopulate routing packets from one subnet to another. Therefore, Score builds OSPF routingprotocolconfigurationsbydefault.TheOSPFprotocolismadeavailablefromtheQuaggaopensourceroutingsuite.
Fig.5SmartGridPowerDistributionNetworkset-uponTargetMachine
25
Figure5aboveshowsallthenodesinthesmartgridnetwork.Eachnodeisconnectedthroughawirednetwork,whichiscreatedusingtheLinkTool,whichallowsdrawinglinksbetweennodes.ThisautomaticallydrawsagreenlinerepresentinganEthernetlinkandcreatesnewinterfacesonnetwork-layernodes.DoubleclickingoneachlinkwillinvokethelinkconfigurationdialogboxwherewecanchangetheBandwidth,Delay,Lossandduplicaterateparametersforthatlink.Thefollowing services zebra,OSPFv2,OSPFv3, vtysh, and IPForward for IGP link-state routingarerunningonallnodes.
Fig.6.ScreenshotshowingtheThroughputoneachlinkwhenrunning.
The rateofall successfulmessagesdeliveredover thecommunication linkalsoknownas thethroughput can be displayed on each link as seen in Fig.6. TheWidget Throughput in scoredisplaysthethroughputmeasureinkilobit-per-secondoneachlink.
26
Totestandverifythecommunicationbetweenallnodesinthesmartgrid,weusetheping–Rcommand.Weissuethecommandfromnode4whichisapowerswitchinoneofthehousestocontactnode-20whichisthepowerplantsupplyingenergytothegrid.Thepowerswitchhastheaddress10.0.15.2andthenode-4addressis10.0.1.1.WeDoubleclickonanodetopopoutaLinuxterminalwindow,justlikeaccessingarealLinuxdevice.Fig.7showstheresultoftheroutecommandfromtheterminalofthepowerswitchinthehouseandalsotheresultoftheping–Rcommand.
Fig.7Showingtheconnectivitytestbetweenallnodesinthesystem
27
4.3 AttacksontheSmartGridTestbed
ThemainaimofthisprojectistoenablethesimulationofattacksfromtheKaliLinuxplatformtothetargetUbuntusystemwhich is runningthesmartgridpowerdistributionnetwork.AGREtunnelwascreatedtoenabletheconnectionbetweentheattackersystemandthetargetsystem.Thetunnelwasonarouterconnectedtonode-3inthesmartgridonthetargetsystem.ThisGREtunnel connection enables the outside network connection of the attacker to have fullconnectivitytoallthecomponentsinthesmartgrid.
Fig.8FisheyeTopologyViewoftheSmartGridNetwork
Beforewestartwiththeattack,weuseanetworkdiscoverytoolcalledNmap toexplorethenetworkweareabouttotarget.ThistoolispreinstalledonKali-LinuxandisusefulingatheringimportantinformationaboutanetworklikeIPaddresses,hostdetails,services,portdetailsandmuch more. This tool will enable us to map out the network and understand the networktopology.Fig.8showsaviewofthetopologyofthetargetsystemusingthefisheyeviewinNmap.
28
HereistheendoftheNmapoutputinFig.9.Itshowsthetotalnumberofhostsup,theservicesrunningoneachdeviceandalotofotherusefulinformation.
Fig.9NmapOutput
Asdiscussedearlier,therearemanyattacksthatcanaffectthesmartgridsystem.Asanexampleandcasestudy,inthisprojectwearegoingtolaunchadenialofservice(DoS)attackagainstthepowergrid.OneoftheworstattacksagainstasmartgridistheDoSattack,asasuccessfulattackcanseverelylimitorpreventaccesstoimportantdevicesorservices.WelaunchtheDoSonthepowerplantwhichsuppliesenergytothegrid.Bydoingthis,thesmartgridiscompromisedbyeventuallyshuttingdownthelinkthatprovidestheenergyandbroadcaststherealtimeenergypricestoalltheintelligentpowerswitchesinthegrid.
Fig.10DoScommandusinghping3
29
OurDoSattackwasperformedusingafreepacketgeneratorandanalyzertoolfortheTCP/IPprotocolcalledhping3tool.Fig.10showsthelineofcommandusedtoperformtheDoSattack.Thehping3toolispre-installedonKaliLinuxlikemanyothertools.Thesyntaxofthecommandisexplainedasfollows:
§ -c100000=Numberofpacketstosend.§ -d120=Sizeofeachpacketthatwassenttotargetmachine.§ -S=SendSYNpacketsonly.§ -w64=TCPwindowsize.§ -p2601=Destinationport(2601beingtheTCPportanalyzedfromNmap).§ --flood=Sendpacketsasfastaspossible,withouttakingcaretoshowincomingreplies.
Floodmode.
Fig.11ScreenshotoftheDoSattack
30
Following the DoS attack initiated from the attacker’s Kali Linux box, we can see from thescreenshot in Fig. 11 theeffectof theattackoneach link leading to the targetwith address10.0.15.2.TheThroughputontheselinksjumpedfrom8.7kpbsinFig.6toabout8700kbpsduringtheattack.ASYNFloodtypeofDoSwasusedinthisattack.TCPSYNfloodalsoknownasSynfloodisatypeofDoSattackthatexploitspartofthenormalTCPthree-wayhandshaketoconsumeresources on the targeted system and render it unresponsive. In this case it renders thepowerplantunresponsive.ThenormalTCPthree-wayhandshakefollowsthisstep:
1. ClientrequestsconnectionbysendingSYN(synchronize)messagetotheserver.2. ServeracknowledgesbysendingSYN-ACK (synchronize-acknowledge)messageback to
theclient.3. ClientrespondswithanACK(acknowledge)message,andtheconnectionisestablished.
IntheSYNfloodattack,theattackersystemsendsrepeatedSYNpacketsusinghping3toknownport2601onthetargetsystem.Thetarget,unawareoftheattack,receivesmultiple,apparentlylegitimate requests toestablish communication. It responds toeachattemptwithaSYN-ACKpacketfromtheopenport.
Fig.12.ApingfromanodetothetargetduringtheDoSattack
31
TheattackerdoesnotsendtheexpectedACKwhilethepowerplantunderattackstillwaitsforacknowledgementofitsSYN-ACKpacketforsometime.Duringthistime,thepowerplantcannotclosedowntheconnectionbysendinganRSTpacket,andtheconnectionstaysopen.Beforetheconnection can time out, another SYN packet will arrive from the attacker. This leaves anincreasingly large number of connections half-open. Eventually, as the target’s connectionoverflow tables fill, service to legitimate nodes in the smart grid distributionwill be denied,leadingtothetargetbecomingunreachable.Averificationofoursuccessfulattackcanbeseenin Fig.12. Herewe launch aping fromnode-4 with address10.0.1.2 to the powerplantwithaddress10.0.1.15rightbeforeandaftertheDoSattack.
32
CHAPTERFIVE
CONCLUSION
Inthisreport,wediscussedaboutsmartgridandvariousattacksaffectingit.Wealsodesigned,implementedandattackedasimulatedsmartgridpowersystemusingaformofDenialofService.A smart grid infrastructure attack does not affect the consumers alone, rather, the utilityproviders'businessaswell.
Extensiveresearchworkisstillneededtoensurethatthesmartgridishighlysecureagainsttheadversarialthreat,withoutaffectingtheconsumerconfidenceintheutilityprovider,andwithoutsignificantlyinconveniencingtheconsumersthroughdeploymentofstrongsecuritycontrols.
Thetestbedwillprovideaplatformforresearcherstoexecutevariousattackscenariosandstudytheirimpactonsmartgridnetworks.Thiswouldallowdesigningadequateprotectionforsmartgridinfrastructurenetworks.
OnefuturedirectionwouldbeintegratingSCOREwithrealhardwaretestbedtocreateauniformcyber-physicalanalysisplatform.
33
APPENDIXA
INSTRUCTIONS
Theinstructionsprovideastep–by–stepguidetowhatcommandswhereexecuted.Thisincludesinstructions for the installation, configuration and execution of components of the test bedimplementation.
A.1SCORE
SCORE isbuiltbasedonCORE,anopensourcecommunicationnetworkemulator fromNavalResearch Laboratory. TCL/TKGUIand the communicationnetwork componentareoriginatedfrom IMUNES project from theUniversity of Zagreb. The Linux virtualization and the pythonframeworks for Linux namespace and communication network have developed by BoeingResearchandTechnology’sNetworkTechnologyresearchgroupsince2004.
A.1.1
1. tarxvzfSCORE1.0.tar.gz2. cdSCORE1.03. make4. sudomakeinstall
A.2OracleVirtualbox
VirtualBox is a cross-platform virtualization application. It is deceptively simple yet also verypowerful.Itcanruneverywherefromsmallembeddedsystemsordesktopclassmachinesallthewayup todatacenterdeploymentsandevenCloudenvironments.Youcan install and runasmanyvirtualmachinesasyoulike–theonlypracticallimitsarediskspaceandmemory.
A.2.1
1. sudoapt-getinstalldkms2. sudodpkg-ivirtualbox-5.0_5.0.16_Ubuntu_raring_i386.deb3. sudo./VirtualBox.runinstall4. ./VirtualBox.run--keep–noexec5. sudomkdir/opt/VirtualBox6. sudotarjxf./install/VirtualBox.tar.bz2-C/opt/VirtualBox7. make
34
8. sudomakeinstall9. makeinstall10. cp/opt/VirtualBox/vboxdrv.sh/sbin/rcvboxdrv11. mkdir/etc/vbox12. echoINSTALL_DIR=/opt/VirtualBox>/etc/vbox/vbox.cfgand,forconvenience,createthe
followingsymboliclinks:13. ln-sf/opt/VirtualBox/VBox.sh/usr/bin/VirtualBox14. ln-sf/opt/VirtualBox/VBox.sh/usr/bin/VBoxManage15. ln-sf/opt/VirtualBox/VBox.sh/usr/bin/VBoxHeadless16. ln-sf/opt/VirtualBox/VBox.sh/usr/bin/VBoxSDL
A.3KALILINUX
KaliLinux isaDebian-derivedLinuxdistributiondesignedfordigital forensicsandpenetrationtesting.KaliLinuxispreinstalledwithover300penetration-testingprograms.KaliLinuxcanrunnativelywheninstalledonacomputer'sharddisk,canbebootedfromaliveCDorliveUSB,oritcanrunwithinavirtualmachine.ItisasupportedplatformoftheMetasploitProject'sMetasploitFramework,atoolfordevelopingandexecutingsecurityexploits.
A3.1
1. DownloadKaliLinux(https://www.kali.org/downloads/)2. BurnTheKaliLinuxISOtoDVDorImageKaliLinuxLivetoUSB.3. EnsurethatyourcomputerissettobootfromCD/USBinyourBIOS.4. Boot your system with your chosen installation medium and follow on screen
instructions.
A.4UBUNTULINUXUbuntuisaDebian-basedLinuxoperatingsystemanddistributionforpersonalcomputers,smartphonesandnetworkservers.ItusesUnityasitsdefaultuserinterface.ItisbasedonfreesoftwareandnamedaftertheSouthernAfricanphilosophyofubuntu(literally,"human-ness"),whichoftenistranslatedas"humanitytowardsothers".A4.1
1. DownloadUbuntufromtheofficialdownloadpage(http://www.ubuntu.com/download)2. BurnUbuntuLInuxISOtoDVDorImageUbuntuLinuxLivetoUSB.3. EnsurethatyourcomputerissettobootfromCD/USBinyourBIOS.4. Boot your system with your chosen installation medium and follow on screen
instructions.
35
REFERENCES
[1] SmartGrids,E.T.P."StrategicDeploymentDocumentforEurope’sElectricityNetworksoftheFuture."EuropeanTechnologyPlatformSmartGrids.Brussels(2008).
[2] Framework, N. I. S. T. "Roadmap for smart grid interoperability standards."NationalInstituteofStandardsandTechnology(2010).
[3] SmartGrids, E. T. P. "SmartGrids SRA 2035 Strategic Research Agenda Update oftheSmartGridsSRA2007fortheneedsbytheyear2035."(2012).
[4] Framework,N.I.S.T."RoadmapforSmartGridInteroperabilityStandards.NISTRelease3.0."NISTSpecialPublication1108R3(2014).
[5] Korea'sJejuIslandSmartGridTest-bed.Available:http://www.smartgrid.or.kr/10eng31.php[6] Stimoniaris,Dimitrios,etal."Smartgridsimulationusingsmall-scalepilotinstallations.-
experimental investigation of a centrally-controlledmicrogrid." PowerTech, 2011 IEEETrondheim.IEEE,2011.
[7] Song,Wen-Zhan,etal."Awirelesssmartgridtestbedinlab."WirelessCommunications,IEEE19.3(2012):58-64.
[8] Hahn, Anna, et al. "Cyber-physical security testbeds: Architecture, application, andevaluationforsmartgrid."SmartGrid,IEEETransactionson4.2(2013):847-855.
[9] Guo, Ying, et al. "A simulator for self-adaptive energy demand management." Self-Adaptive and Self-Organizing Systems, 2008. SASO'08. Second IEEE InternationalConferenceon.IEEE,2008.
[10] Molderink, Albert, et al. "Simulating the effect on the energy efficiency of smart gridtechnologies."WinterSimulationConference.WinterSimulationConference,2009.
[11] Narayan,Amit."GridSpice-AVirtualTestBedforSmartGrid."(2012).[12] Godfrey,Tim,etal. "Modelingsmartgridapplicationswithco-simulation."SmartGrid
Communications (SmartGridComm), 2010 First IEEE International Conference on. IEEE,2010.
[13] Mallouhi, Malaz, et al. "A testbed for analyzing security of SCADA control systems(TASSCS)."InnovativeSmartGridTechnologies(ISGT),2011IEEEPES.IEEE,2011.
[14] Mets, Kevin, et al. "Integrated simulation of power and communication networks forsmartgridapplications."ComputerAidedModelingandDesignofCommunicationLinksandNetworks(CAMAD),2011IEEE16thInternationalWorkshopon.IEEE,2011.
[15] Kushner,David."Therealstoryofstuxnet."Spectrum,IEEE50.3(2013):48-53.[16] Ahrenholz, Jeff,etal."CORE:Areal-timenetworkemulator."MilitaryCommunications
Conference,2008.MILCOM2008.IEEE.IEEE,2008.[17] Framework,N.I.S.T."RoadmapforSmartGridInteroperabilityStandards,Release1.0,
OfficeoftheNationalCoordinatorforSmartGridInteroperability.http."(2010).[18] TheSmartGrid InteroperabilityPanel–CyberSecurityWorkingGroup,“Guidelinesfor
smartgridcybersecurity”,NISTIR7628(2010),pp1–597.[19] Wang,Xudong,andPingYi."Securityframeworkforwirelesscommunicationsinsmart
distributiongrid."SmartGrid,IEEETransactionson2.4(2011):809-818.[20] Tran,Thien-Toan,Oh-SoonShin,andJong-HoLee."Detectionofreplayattacksinsmart
grid systems."Computing,Management and Telecommunications (ComManTel), 2013InternationalConferenceon.IEEE,2013.
36
[21] Chen, Pin-Yu, Shin-Ming Cheng, and Kwang-Cheng Chen. "Smart attacks in smart gridcommunicationnetworks."CommunicationsMagazine,IEEE50.8(2012):24-29.
[22] Liu,Shichao,XiaopingP.Liu,andAbdulmotalebElSaddik."Denial-of-service(DoS)attacksonloadfrequencycontrolinsmartgrids."InnovativeSmartGridTechnologies(ISGT),2013IEEEPES.IEEE,2013.
[23] Tan, Song, et al. "Score: Smart-grid common open research emulator." Smart GridCommunications (SmartGridComm),2012 IEEEThird InternationalConferenceon. IEEE,2012.