research-article

Security issues of a phasor data concentrator for smart grid infrastructure

Authors:

Salvatore D'Antonio,

Luigi Coppolino,

Ivano Alessandro Elia,

Valerio FormicolaAuthors Info & Claims

EWDC '11: Proceedings of the 13th European Workshop on Dependable Computing

Pages 3 - 8

https://doi.org/10.1145/1978582.1978584

Published: 11 May 2011 Publication History

Abstract

The use of PMUs (Phasor Measurement Units) for measurement and control of the power grids over wide areas is becoming fundamental to improve power system reliability. Synchrophasors, that enable a synchronized evaluation of the phasor through GPS radio clock, are being extensively deployed together with network-based PDC (Phasor Data Concentrator) applications for providing a precise and comprehensive view of the status of the entire grid. The objective of this paper is to raise the awareness about the security issues related to the adoption of such technologies in power grids. In particular, we address two main vulnerabilities of the synchrophasor networks: (i) the protocols used to exchange data between the PMU and the PDC are usually not encrypted, and (ii) PDCs do not automatically sanitize the data received from the PMU. These vulnerabilities tremendously increase the exposure of a power distribution infrastructure to threats of cyber-attacks. In the paper we present an application scenario where such vulnerabilities are exploited by performing a SQL-injection attack that compromises the database used to store PMUs data.

References

[1]

1344 IEEE Standard for Syncrophasors for Power Systems, IEEE, 1995.

[2]

C37.118-2005 IEEE Standard for Syncrophasors for Power Systems, IEEE, 2006.

[3]

openPDC, http://openpdc.codeplex.com/

[4]

Khurana, H., Hadley, M., Lu, N., and Frincke, D. A. 2010. Smart-grid security issues. IEEE Security and Privacy, vol. 8, 81--85, 2010.

Digital Library

[5]

Kehe, W., Tong Z., and Wei L., Research and design of security defense model in power grid enterprise information system. In Proceedings of International Conference on Multimedia Technology (Ningbo, China, October 2010), 1--4.

[6]

Liu, Y., Reiter, M. K., and Ning P. 2009. False data injection attacks against state estimation in electric power grids. In Proceedings of the 16th ACM conference on Computer and communications security. ACM, New York, NY, USA, 21--32.

Digital Library

[7]

Kosut, O., Jia, L., Thomas, R. J., and Tong, L. 2010. Malicious data attacks on smart grid state estimation: Attack strategies and countermeasures. In Proceedings of IEEE SmartGridComm.

[8]

Dan, G. and Sandberg, H. 2010. Stealth attacks and protection schemes for state estimators in power systems. In Proceedings of IEEE SmartGridComm (Gaithersburg, Maryland, USA, October 2010).

[9]

Phadke, A. G. 1993. Synchronized phasor measurements in power systems. In Computer Applications in Power, IEEE, 6 (2) 10--15, Apr 1993

[10]

Dagle, J. 2010. The north american synchrophasor initiative (naspi). In Power and Energy Society General Meeting, IEEE, 1--3.

[11]

The North American Electric Reliability Corporation's (NERC). http://www.nerc.com/

[12]

Hasan, R., Bobba, R., and Khurana, H. 2009. Analyzing naspinet data flows. In Power Systems Conference and Exposition, 2009. PSCE '09. IEEE/PES, 1--6.

[13]

Zhong, Z., Xu, C., Billian, B., Zhang, L., Tsai, S. J., Conners, R., Centeno, V., Phadke, A., and Liu, Y. 2005. Power system frequency monitoring network (fnet) implementation. In IEEE Transactions on Power Systems, 20 (4), 1914--1921.

[14]

Gardner, R. and Liu, Y. 2007. Fnet: A quickly deployable and economic system to monitor the electric grid. In IEEE Conference on Technologies for Homeland Security, 209--214.

[15]

Martin, K. 2005. Exploring the IEEE standard C37.118--2005. In Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, IEEE, 1--1.

[16]

Martin, K. 2010. Synchrophasors in the IEEE C37.118 and IEC 61850. In 5th International Conference on Critical Infrastructure (CRIS05), 1--8.

[17]

IBM Internet Security Systems X-Force, 2008 midyear trend statistics. IBM ISS X-Force. Technical Report. 2008.

[18]

Williams, J. and Wichers, D. 2010. OWASP top 10-2010. Technical Report. OWASP Foundation.

[19]

Annual study: Cost of a data breach. Ponemon Institute, 2009.

[20]

Fonseca, J., Vieira, M., and Madeira, H. 2010. The web attacker perspective - a field study. In International Symposium on Software Reliability Engineering, 299--308.

Digital Library

[21]

Tennessee Valley Authority (TVA), www.tva.gov

[22]

NASPInet, http://www.naspi.org/naspinet.stm

[23]

Rieback, M. R., Crispo B., and Tanenbaum A. S. 2006. Is Your Cat Infected with a Computer Virus?. In Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications. IEEE Computer Society, Washington, DC, USA, 169--179.

Digital Library

[24]

Howard, M. and Leblanc, D. E. 2002. Writing Secure Code, 2nd ed. Microsoft Press, Redmond, WA, USA, 2002.

Digital Library

Cited By

Li BLu RXiao GLi TChoo K(2022)Detection of False Data Injection Attacks on Smart Grids: A Resilience-Enhanced SchemeIEEE Transactions on Power Systems10.1109/TPWRS.2021.312735337:4(2679-2692)Online publication date: Jul-2022
https://doi.org/10.1109/TPWRS.2021.3127353
Stylianou LHadjidemetriou LAsprou MZacharia LMichael M(2021)A behavioral model to detect data manipulation attacks of synchrophasor measurements2021 IEEE PES Innovative Smart Grid Technologies Europe (ISGT Europe)10.1109/ISGTEurope52324.2021.9639905(1-6)Online publication date: 18-Oct-2021
https://doi.org/10.1109/ISGTEurope52324.2021.9639905
Marksteiner SVallant HNahrgang K(2019)Cyber security requirements engineering for low-voltage distribution smart grid architectures using threat modelingJournal of Information Security and Applications10.1016/j.jisa.2019.10238949:COnline publication date: 1-Dec-2019
https://dl.acm.org/doi/10.1016/j.jisa.2019.102389
Show More Cited By

Index Terms

Security issues of a phasor data concentrator for smart grid infrastructure

Recommendations

Security analysis of smart grid data collection technologies
SAFECOMP'11: Proceedings of the 30th international conference on Computer safety, reliability, and security

In the last few years we are witnessing a dramatic increase in cyber-attacks targeted against Critical Infrastructures. Attacks against Critical Infrastructures are especially dangerous because they are tailored to disrupt assets which are essential to ...
Threat analysis of BlackEnergy malware for synchrophasor based real-time control and monitoring in smart grid
ICS-CSR '16: Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016

The BlackEnergy malware targeting critical infrastructures has a long history. It evolved over time from a simple DDoS platform to a quite sophisticated plug-in based malware. The plug-in architecture has a persistent malware core with easily ...
Security vulnerabilities and mitigation techniques of web applications
SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

Web applications contain vulnerabilities, which may lead to serious security breaches such as stealing of confidential information. To protect against security breaches, it is necessary to understand the detailed steps of attacks and the pros and cons ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

EWDC '11: Proceedings of the 13th European Workshop on Dependable Computing

May 2011

106 pages

ISBN:9781450302845

DOI:10.1145/1978582

Conference Chair:
Felicita Di Giandomenico
ISTI-CNR, Istituto di Scienza e Tecnologie dell'Informazione

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 May 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Seventh Framework Programme

Conference

EWDC '11

EWDC '11: 13th European Workshop on Dependable Computing

May 11 - 12, 2011

Pisa, Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
503
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li BLu RXiao GLi TChoo K(2022)Detection of False Data Injection Attacks on Smart Grids: A Resilience-Enhanced SchemeIEEE Transactions on Power Systems10.1109/TPWRS.2021.312735337:4(2679-2692)Online publication date: Jul-2022
https://doi.org/10.1109/TPWRS.2021.3127353
Stylianou LHadjidemetriou LAsprou MZacharia LMichael M(2021)A behavioral model to detect data manipulation attacks of synchrophasor measurements2021 IEEE PES Innovative Smart Grid Technologies Europe (ISGT Europe)10.1109/ISGTEurope52324.2021.9639905(1-6)Online publication date: 18-Oct-2021
https://doi.org/10.1109/ISGTEurope52324.2021.9639905
Marksteiner SVallant HNahrgang K(2019)Cyber security requirements engineering for low-voltage distribution smart grid architectures using threat modelingJournal of Information Security and Applications10.1016/j.jisa.2019.10238949:COnline publication date: 1-Dec-2019
https://dl.acm.org/doi/10.1016/j.jisa.2019.102389
Farooq SHussain SKiran SUstun T(2018)Certificate Based Authentication Mechanism for PMU Communication Networks Based on IEC 61850-90-5Electronics10.3390/electronics71203707:12(370)Online publication date: 2-Dec-2018
https://doi.org/10.3390/electronics7120370
Bedi GVenayagamoorthy GSingh RBrooks RWang K(2018)Review of Internet of Things (IoT) in Electric Power and Energy SystemsIEEE Internet of Things Journal10.1109/JIOT.2018.28027045:2(847-870)Online publication date: Apr-2018
https://doi.org/10.1109/JIOT.2018.2802704
Sgaglione LMazzeo G(2018)A GDPR-Compliant Approach to Real-Time Processing of Sensitive DataIntelligent Interactive Multimedia Systems and Services10.1007/978-3-319-92231-7_5(43-52)Online publication date: 12-Jun-2018
https://doi.org/10.1007/978-3-319-92231-7_5
Deng RZhuang PLiang H(2017)CCPA: Coordinated Cyber-Physical Attacks and Countermeasures in Smart GridIEEE Transactions on Smart Grid10.1109/TSG.2017.27021258:5(2420-2430)Online publication date: Sep-2017
https://doi.org/10.1109/TSG.2017.2702125
Khan RAlbalushi AMcLaughlin KLaverty DSezer S(2017)Model based intrusion detection system for synchrophasor applications in smart grid2017 IEEE Power & Energy Society General Meeting10.1109/PESGM.2017.8274687(1-5)Online publication date: Jul-2017
https://doi.org/10.1109/PESGM.2017.8274687
Izadi MHosseini SFarajollahi MSafdarian A(2017)Bus measurements protection against bad data injection in electric power grids2017 Iranian Conference on Electrical Engineering (ICEE)10.1109/IranianCEE.2017.7985226(1210-1215)Online publication date: May-2017
https://doi.org/10.1109/IranianCEE.2017.7985226
Khan RMcLaughlin KLaverty DSezer S(2016)Analysis of IEEE C37.118 and IEC 61850-90-5 synchrophasor communication frameworks2016 IEEE Power and Energy Society General Meeting (PESGM)10.1109/PESGM.2016.7741343(1-5)Online publication date: Jul-2016
https://doi.org/10.1109/PESGM.2016.7741343
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents