Longda Huang,Weijin Zhuang,Mingyang Sun,Hong Zhang

DOI: https://doi.org/10.1109/itnec48623.2020.9084931

2020-01-01

Abstract:with the in-depth development of smart grid, the traditional grid scheduling control system based on SOA architecture can not meet the requirements of system reliability and performance. In order to enhance the load performance and stability of the system, the distributed architecture of the power grid dispatching control system is transformed by using the microservice technology architecture, and the system upgrading maintenance without perception is realized by using the logic decoupling design of microservice. Based on the analysis of the current situation of power grid control business and system, this paper puts forward the design scheme of system microservice architecture, expounds the key technologies of microservice, and verifies through experiments that the throughput, fault tolerance, maintainability and scalability of power grid dispatching control system can be greatly improved by adopting the proposed technical scheme.

Jing Zhou,Qian Wu,Jin Li,Jiaxin Li

DOI: https://doi.org/10.1007/978-3-031-06791-4_39

2022-01-01

Abstract:The power Internet of Things is the evolution direction of the power industry. While improving the convenience of power grid operations, it also brings emerging network security risks to traditional industries. The national secret algorithm can integrate the characteristics of the power Internet of things for deployment and application, and improve the industry security of the power Internet of things. Based on the characteristics of the power Internet of Things architecture, the security analysis of the interconnection of power grids is carried out, combined with the calculation points of the national secret algorithm, the business application scenarios of the national secret algorithm in the power industry are discussed, and a kind of electricity information encryption is proposed for the communication requirements of the power terminal and the grid platform. In the transmission scheme, SM2 is applied to the encrypted communication between the power terminal and the power grid platform server to solve the security issues such as identity authentication and encrypted transmission, and to improve the security efficiency of the power Internet of Things.

Ting Liu,Yang Liu,Yashan Mao,Yao Sun,Xiaohong Guan,Weibo Gong,Sheng Xiao

DOI: https://doi.org/10.1109/TSG.2013.2264537

2014-01-01

Abstract:Integrating information network into power system is the key for realizing the vision of smart grid, but also introduces many security problems. Wireless communication offers the benefits of low cost, rapid deployment, shared communication medium, and mobility; at the same time, it causes many security and privacy challenges. In this paper, the concept of dynamic secret is applied to design an encryption scheme for smart grid wireless communication. Between two parties of communication, the previous packets are coded as retransmission sequence, where retransmitted packet is marked as “1” and the other is marked as “0.” During the communication, the retransmission sequence is generated at both sides to update the dynamic encryption key. Any missing or misjudging in retransmission sequence would prevent the adversary from achieving the keys. In our experiments, a smart grid platform is built, employing the ZigBee protocol for wireless communication. And a dynamic secret-based encryption demo system is designed based on this platform. The experiment results show that the retransmission and packet loss in ZigBee communication are inevitable and unpredictable, and it is impossible for the adversary to track the updating of the dynamic encryption key.

Kehe Wu,Rui Cheng,Wenchao Cui,Wei Li

DOI: https://doi.org/10.1016/j.aej.2020.09.008

IF: 6.626

2021-02-01

Alexandria Engineering Journal

Abstract:With the increasing openness of smart grids, a large quantity of power terminals will be widely applied in systems of smart grids by various access modes (wired, wireless, satellite). In order to ensure the integrity and confidentiality of the data and the security of the communications between power terminals and the smart grid intranet, a lightweight security authentication and key agreement scheme is proposed in this article. The scheme provides mutual authentication based on the SM2 algorithm and key agreement which can prevent various attacks. Furthermore experimental evaluation and comparative analysis is conducted to indicate that the proposed scheme can resist many types of attacks with lower amounts of total computational resources and lower communications bandwidth. The analysis shows that the proposed scheme is suitable for smart grid.

engineering, multidisciplinary

Zhiyi Li,Mohammad Shahidehpour

DOI: https://doi.org/10.1109/pesgm.2017.8274119

2017-01-01

Abstract:The paper proposes a defense-in-depth framework for guarding microgrid operations against malicious cyberattacks, with the help of software-defined networking technologies. In order to fend off cyberattacks, the framework contains three lines of defense. Security measures act as the first line include application-based segmentation and real-time monitoring and verification; measures realizing moving-target defense and defensive deception are deployed on the second line; the third line comprises measures such as decentralized power control and self-healing communication networking. The role of the proposed framework in ensuring microgrid secure operations can be identified by cyber-power co-simulation.

Xinyu Yang,Xiaofei He,Jie Lin,Wei Yu,Qingyu Yang

DOI: https://doi.org/10.1109/snpd.2016.7515922

2016-01-01

Abstract:In the smart grid, as a large-scale distributed cyber-physical system, Demand Response (DR) plays an important role in the electricity market. Various demand response schemes have been developed to improve the efficiency and economy of power utilization. Nonetheless, most existing schemes, including both market-led and system-led schemes, do not carefully take the information security into account in the DR process so that the power grid could suffer from cyber attacks (data integrity attacks, etc.). To address this issue, in this paper we proposed a resilient demand response scheme based on microgrids, which can achieve both great effectiveness of energy use and security resilience against data integrity attacks. In our scheme, the DR process considers two power distribution stages. In the intra-microgrid stage, the DR providers generate the list of possible electricity prices and schedules for power delivery. In the inter-microgrid stage, utilities select the proper electricity price and the schedule for power delivery. In this way, the damage impact of attacks on the power grid can be limited only within isolated microgrids that are compromised, while other microgrids that are not compromised can operate effectively. Our experimental results show that our scheme can not only bring better benefits to all participants, but also achieve a greater security resilience in the DR process in comparison with existing schemes.

HAN Ya-Nan,LI Fa-Gen

DOI: https://doi.org/10.13868/j.cnki.jcr.000133

2016-01-01

Abstract:Smart grid is a new generation of the power system. It is an intelligent power system using the advanced equipment, sensing and measurement technology and information communication technology. Compared with the traditional power grid, a distinguished characteristic of the smart grid is that it can support two-way communication between the smart meters and the meter data management system. Smart grid can monitor the users’ electricity information in near real-time. So it can better maintain the stability of the power system. However, as more and more information needs to exchange in smart grid, it is more vulnerable against the attacks such as eavesdropping, modification and impersonation. In order to provide security protection in smart grid, this paper designs an efficient cryptographic communication protocol by using the combined public key cryptographic scheme. The main work of this paper includes the following two points: The first point is to design an identity-based combined public key cryptographic scheme and give the security proof in the random oracle model. The scheme can arrange the most complex operations to be done by a trusted server, and the smart grid only needs to implement some simple operations. The second point is to design a cryptographic protocol to ensure the security communication of the smart grid. The protocol uses the hop by hop routing to reduce the communication delay. So it can better guarantee the real-time characteristic of the smart grid. In addition, we present a concrete communication process of the protocol, and then give the analysis of security and performance of this protocol.

Ting Liu,Yuhong Gui,Yanan Sun,Yang Liu,Yao Sun,Feng Xiao

DOI: https://doi.org/10.1145/2554850.2555033

2014-01-01

Abstract:The vision of smart grid relies heavily on the communication technologies as they provide a desirable infrastructure for real-time measurement, transmission, decision and control. But various attacks such as eavesdropping, information tampering and malicious control command injection that are hampering the communication in Internet, would impose great threat on the security and stability of smart grids. In this paper, a State Estimation-based Dynamic Encryption (SEDE) scheme is proposed to secure the communication in smart grid. Several states of power system are employed as the common secrets to generate a symmetric key at both sides, which are measured on the terminals and calculated on the control center using state estimation. The advantages of SEDE are 1) the common secrets, used to generate symmetric key, are never exchanged in the network due to the state estimation, that observably improves the security of SEDE; 2) the measurement and state estimation are the essential functions on the terminals and control center in power system; 3) the functions, applied to encrypt and decrypt data, are simple and easy-implemented, such as XOR, Hash, rounding, etc. Thus, SEDE is considered as an inherent, light-weight and high-security encryption scheme for smart gird. In the experiments, SEDE is simulated on a 4-bus power system to demonstrate the process of state estimation, key generation and error correction.

Yixin Jiang,Yunan Zhang,Jinchao Xiao,Weihan Wang,Dongying Feng

DOI: https://doi.org/10.1117/12.2680492

2023-01-01

Abstract:Under the background of "carbon peak and carbon neutrality", the scale of the power grid is increasingly expanding, the intelligence level of the power grid is continually improving, and the dependence of the power system on the communication network is increasingly increasing. The existing power communication network has numerous problems, such as network architecture, upper business support, network operation and maintenance management. This paper first introduces the development status and conceptual principles of SDN (Software Defined Network), based on the advantages and disadvantages of SDN architecture, the common attack types and defense methods are introduced. By combining the advantages of SDN architecture and traditional power communication network, a new security defense framework of power communication network is designed. Finally, a new power communication scheme with open, numerical control separation and controller centralized management is constructed, and the new power communication scheme is summarized and prospected.

Jangirala Srinivas,Ashok Kumar Das,Xiong Li,Muhammad Khurram Khan,Minho Jo

DOI: https://doi.org/10.1109/tii.2020.3011849

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:Recent technological evolution in the Internet of Things (IoT) age supports better solutions to magnify the management of the power quality and reliability concerns, and imposes the measures of a smart grid. In smart grid environment, a smart meter needs to securely access the services from a service provider via insecure channel. However, since the communication is via public channel, it imposes various security threats by an adversary. To deal with this, in this article we design a new anonymous signature-based authenticated key exchange scheme for IoT-enabled smart grid environment, called AAS-IoTSG. The dynamic smart meter addition phase is also permissible in AAS-IoTSG after initial deployment. The security of AAS-IoTSG has been tested rigorously using formal security analysis under the real-or-random (ROR) model which is one of the broadly-accepted standard random oracle models, formal security verification under the broadly-used automated validation of Internet security protocols and applications (AVISPA) tool and also using informal security analysis. Finally, an exhaustive comparative study unveils that AAS-IoTSG supports better security and functionality features and requires less communication and computation overheads as compared to the existing state-of-art authentication mechanisms in smart grid systems.

Ting Liu,Jue Tian,Yuhong Gui,Yang Liu,Pengfei Liu

DOI: https://doi.org/10.1109/access.2017.2713440

IF: 3.9

2017-01-01

IEEE Access

Abstract:A state estimation-based dynamic encryption and authentication (SEDEA) approach is proposed to protect the communication between the control center (CC) and remote terminal units (RTUs) in the smart grid, including the measurements reported from RTUs and the commands sent from the CC. The measurements of power systems are selected to generate encryption keys, which are measured on the RTUs, and estimated on CC using state estimation. With the changes of the power system, each RTU updates its key regularly, and the CC estimates the new keys of all RTUs dynamically and synchronously. The pairs of keys between the CC and each RTU are applied to ensure the confidentiality and integrity of their communication. The advantages of SEDEA could be summarized as follows. First, high security-the keys are difficult to predict and steal, since the power measurements, used to generate the keys, are constantly changing and unpredictable, and would never be exchanged in the network. Second, easy implementation-all measuring equipment on RTU and state estimation on the CC are the legacy of the current power system. And the encryption functions applied in SEDEA are simple and low cost for current devices in the power system, such as XOR, hash, and rounding. Thus, SEDEA is considered as a high-security, inherent and light-weight scheme for Smart Grid. In the experiments, we conduct SEDEA on the four-bus system to show the whole process step by step, including state estimation, key generation, and error correction. And the simulations on the IEEE 39-bus system to analyze the computation cost, error correction, and security of SEDEA.

Cong Yu,Wensong Liu,Jun Yu,Wenpan Liu

DOI: https://doi.org/10.1109/icpeca53709.2022.9719073

2022-01-21

Abstract:This article studies the online simulation technology architecture of intelligent distribution network based on distributed component services and proposes a service-oriented basic computing framework, coordination mechanisms for various modules, and distributed deployment modes. We propose a smart grid management service system integration framework based on the Internet of Things service system, give its architecture and functional modules, and elaborate on the key technologies, methods and processes of each module. Finally, the simulated user applies for the user identification service for theft of electricity, which realizes the unified processing and security authentication of data packets in the entire platform, which can effectively solve the problems of massive data management and data integrity protection and reliability authentication, which is the ubiquitous big data technology. The application of microgrid provides technical support.

Zhengjun Cao

DOI: https://doi.org/10.1007/s11235-024-01127-4

2024-03-16

Telecommunication Systems

Abstract:We show that the scheme (Telecommun Syst 78:539–557, 2021) is flawed. It uses a symmetric key encryption to transfer data between vehicles and the grid. But the specified symmetric key is easily retrieved by an adversary, which results in the loss of data confidentiality, and makes it vulnerable to impersonation attack, man-in-the-middle attack, and replay attack. We also present a method to fix this flaw and remove some superfluous communications in its registration phase.

telecommunications

Longhua Guo,Mianxiong Dong,Kaoru Ota,Jun Wu,Jianhua Li

DOI: https://doi.org/10.1109/GLOCOM.2016.7841519

2016-01-01

Abstract:With the rapid growth of the Internet, the current TCP/IP based network cannot well satisfy the requirements such as scalable content distribution, mobility, security and so on. The new networking architectures which aren't based on TCP/IP have been a trade of next generation networking such as Information-Centric Networking (ICN). In smart grid, parts of communication protocol in IEC 61850 are also not based on TCP/IP architecture such as Sampled Value (SV) and Generic Object-Oriented Substation Event (GOOSE). IEC 61850 based smart substation employing wireless network has significantly improved the interoperability and interconnection of substation devices. However, with the amount and openness growth of Intelligent Electronic Devices (IED) nodes, these changes introduce new efficiency, reliability and security challenges especially in wireless network. The strict time requirement has limited the use of heavyweight security protocols to fight against cyber-attacks. To address these issues, a name-based security mechanism using ICN is proposed for the non TCP/IP based SV and GOOSE communication. Publish/subscribe (pub/sub) based access control and lightweight encryption algorithm are utilized to secure the decentralized large-scale smart grid data sharing. The results show the proposed mechanism is secure and efficient for IEC 61850 communication employing wireless network.

Daojing He,Chun Chen,Jiajun Bu,Sammy Chan,Yan Zhang,Mohsen Guizani

2012-01-01

Abstract:The smart grid provides a platform for thirdparty service providers to remotely monitor and manage energy usage for consumers. At the same time, the involvement of service providers brings a new set of security threats to the smart grid. In this article, we first identify the cyber security challenges on service provision in the smart grid. Then we present two main security issues related to service provision and provide potential solutions. The first one is to establish a secure communication procedure among the electric utility, consumers, and service providers. The second one is to provide a privacy-preserving yet accountable authentication framework among the smart grid entities without relying on any trusted third party. Finally, we suggest directions of future work on secure service provision by describing several open issues.

PI Jianyong,LIU Xinsong,LIAO Dongying,WU Ai

DOI: https://doi.org/10.3321/j.issn:1000-1026.2007.14.018

2007-01-01

Abstract:Based on an analysis of the current security scheme for public key infrastructure and certification authorities (PKI/CA) in the power dispatching data network and focusing on the contradiction between real time and security, a novel security scheme for identity authentication and key agreement is proposed. By improving the digital signature and key agreement algorithm based on discrete logarithm in a finite field, the identity authentication and key agreement are merged into one session, and the security scheme is made independent of the third party on-line certificate system. Meanwhile, the redundant functions of the current virtual private network (VPN) framework are cut down to replace the traditional PKI/CA system. The proposed security scheme for the power dispatching data network guarantees both security and real time.

Mansi Girdhar,Junho Hong,Wencong Su,Akila Herath,Chen-Ching Liu

2024-03-08

Abstract:In recent years, critical infrastructure and power grids have experienced a series of cyber-attacks, leading to temporary, widespread blackouts of considerable magnitude. Since most substations are unmanned and have limited physical security protection, cyber breaches into power grid substations present a risk. Nowadays, software-defined network (SDN), a popular virtual network technology based on the OpenFlow protocol is being widely used in the substation automation system. However, the susceptibility of SDN architecture to cyber-attacks has exhibited a notable increase in recent years, as indicated by research findings. This suggests a growing concern regarding the potential for cybersecurity breaches within the SDN framework. In this paper, we propose a hybrid intrusion detection system (IDS)-integrated SDN architecture for detecting and preventing the injection of malicious IEC 61850-based generic object-oriented substation event (GOOSE) messages in a digital substation. Additionally, this program locates the fault's location and, as a form of mitigation, disables a certain port. Furthermore, implementation examples are demonstrated and verified using a hardware-in-the-loop (HIL) testbed that mimics the functioning of a digital substation.

Cryptography and Security,Computers and Society

LIU Dong,WANG Shuang,ZHOU Jing,XU Manli,CHEN Wei,HAN Zhengfu

DOI: https://doi.org/10.13335/j.1000-3673.pst.2014.02.042

2014-01-01

Abstract:Based on the technology of virtual private networks (VPN), the symmetric cryptographic technique is utilized in the data network for power dispatching to ensure the security of communication data. However, there are potential insecurity factors in both distribution and usage of encryption keys. Thus a scheme to merge the quantum key distribution network with power grid dispatching data network is proposed to achieve secure key distribution by quantum key distribution (QKD) and make both sides of communication enable to share unconditional security keys. The merging of the two networks is implemented by using the quantum server and the VPN server, which can transmit the quantum key from the quantum network to power dispatching data network. Through the detailed analysis on secure sockets layer (SSL) protocol, the application forms of quantum key in three hierarchies, namely authentication key, master key and session key, is given. In the aspect of communication protocol, to decrease the modification of existing protocols the acquisition and replacement of keys are implemented by additional negotiation process to determine the application form of quantum keys. The proposed method reduces the complexity of the whole merging scheme and improves its usability.

Yanjie Zhang,Qiqi Shu,Yubo Wang,Yin Gao,Lei Zhang,Yan Li

DOI: https://doi.org/10.1109/EI2.2018.8582358

2018-01-01

Abstract:With the increasing mutual interaction between smart grid and users, intelligent acquisition terminals and mobile operation terminals are widely used and accessed. The types of data transmitted in the network are more complex, and the requirements for information security protection are higher. Currently, the general security protocols for power systems do not meet the new requirements. This paper studies ISO/IEC 9798 series of standards, combines key agreement, entity authentication and hybrid algorithm technology, designs a secure channel protocol for high-security data transmission, and analyzes its complexity and time performance. Finally, it is completed based on security chip. Data transmission test shows that it has the characteristics of high security and flexible protocol, and can effectively meet the security and real-time requirements of data communication.

Xueru Chu,Congying Wu,Tiecheng Li

DOI: https://doi.org/10.1109/ceect59667.2023.10420623

2023-01-01

Abstract:Currently, intelligent devices and monitoring data from substations have been integrated into the smart grid, forming an interconnected, digital operation and maintenance platform. The smart grid substation operation protection comparison platform, hosted on cloud servers, faces threats to the information security of the smart grid, thereby affecting the data privacy and operation safety of the substations. Therefore, this paper analyzes the current security requirements of the smart grid and common solutions, combined with the operation safety requirements of the smart grid substation. By using basic cryptographic techniques, it addresses network and information security threats in the smart grid, ensuring the operation safety of the substation. This paper restricts the login permissions of the smart grid substation operation protection platform; uses the RSA asymmetric encryption algorithm to encrypt the plaintext of the historical operation information stored on the server side; uses the AES advanced encryption algorithm and RSA algorithm to encrypt the communication process between the client and server side; encrypts the blueprint itself; and verifies the integrity of the blueprint connection relationship comparison file. This achieves the operation safety of the smart grid substation.